Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

KnowBe4

1 in 8 Email Threats Now Make It Past Email Security Solutions

Phishing attacks that can evade detection by email scanners are improving their chances of reaching the inbox, thanks to an increase in the use of one specific attachment type. According to new data found in HP Wolf Security’s latest Security Threat Insights Report for Q4 of 2022, 13% of all email threats being sent make their way past layered email security defenses to reach the user’s inbox. This, up from the previously published finding of 11.7% of threats doing so by Acronis.

Recently Exposed North Korean Threat Actor APT43 Targeting Organizations With Spear Phishing

Google’s Threat Analysis Group (TAG) has published a report describing the activities of “ARCHIPELAGO,” a subset of the North Korean state-sponsored threat actor APT43. ARCHIPELAGO’s operators frequently impersonate real journalists or experts in order to make initial contact with their targets.

New Emotet Phishing Campaign Pretends to be the IRS Delivering W-9 Forms

A newly documented phishing campaign demonstrates how timely themes can be impactful in creating a successful attack that gets the recipient to engage with malicious content. As we approach this year’s deadline for filing taxes in the U.S. for 2022, security researchers from Malwarebytes have provided details of an IRS-themed phishing email received by their very own Senior Director of Threat Intelligence.

FBI: Business Email Compromise Attacks Are Being Used to Make Bulk Goods Purchases from Vendors

A new public service announcement focuses on a specific form of BEC attack using little more than a spoofed domain and common vendor payment practices to steal hardware, supplies and more. When I talk about BEC attacks, it’s usually a digital fraud type of attack where legitimate funds being paid to a vendor are diverted to an attacker-controlled bank account by means of the attacker using a spoofed domain or via email compromise.

Featured Post

Malware Targeting Password Managers

Not surprisingly, malware is starting to target password managers more often. What does it mean for password manager users? Should they still use password managers even though they represent a critical single-point-of-failure, where one compromise and every stored password is likely to be compromised? Yes, and here's why.

That's Not Actually Mr. Musk, That's a Scam

A school principal in Volusia County, Florida has resigned after sending $100,000 to a scammer posing as Elon Musk, WESH 2 News reports. Dr. Jan McGee from the Burns Science and Technology Charter School had been in communication with the individual for four months, even though her colleagues warned her that it was a scam. “McGee told a packed audience she was taken in by a fake Elon Musk, someone posing online as the space pioneer,” WESH 2 says.

FBI: 870 Critical Infrastructure Organizations Were the Victim of Ransomware in 2022

The FBI’s newly-released report shows just how ransomware continues to plague critical infrastructure sectors, despite the U.S. government’s recent efforts to stop these attacks. You’ll probably recall the news about ransomware attacking the Colonial Pipeline and other U.S. critical infrastructure (CI) to the point that the government was stepping up their efforts to stop these attacks and even conducting congressional hearings on what to do about the problem.

"We are hurtling toward a glitchy, spammy, scammy, AI-powered internet."

This MIT Technology Review headline caught my eye, and I think you understand why. They described a new type of exploit called prompt injection. Melissa Heikkilä wrote: "I just published a story that sets out some of the ways AI language models can be misused. I have some bad news: It’s stupidly easy, it requires no programming skills, and there are no known fixes.

Find Out What Users Think About KnowBe4

TrustRadius collected live user reviews from Black Hat 2022 on their experience with the KnowBe4 security awareness training and simulated phishing platform. In this short video, users talk through how they use KnowBe4, what the best features are, the return on investment they've had and rate how likely they are to recommend KnowBe4. A de minimus incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement.