Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How KnowBe4 Uses AI Efficiently to Get the Best Results

Using the right tool for the job is always better. Anyone who does DIY projects around the home knows how using the right tool can dramatically make the job you are doing far easier. Use the wrong tool, and that task suddenly becomes a burdensome nightmare. And after over 38 years in cybersecurity, I know that applies to cyber defense strategies, but I add one more axiom: Use the dumber, faster thing first for best results. Dumber things are usually faster at blocking a large number of things.

Warning: New Phishing Kit Targets Italian Entities

A new phishing kit is impersonating the Italian IT and web services provider Aruba, according to researchers at Group-IB. The kit is designed to trick users into entering their Aruba credentials, granting attackers access to sensitive accounts. “Such a target offers significant payoff: compromising a single account can expose critical business assets, from hosted websites to domain controls and email environments,” Group-IB says.

New Android Malware Platform Targets Bank Accounts

Researchers at Zimperium are tracking a new malware-as-a-service platform designed to target Android phones with banking Trojans. The platform, dubbed “Fantasy Hub,” allows unskilled threat actors to launch sophisticated malware campaigns that trick victims into granting access to their bank accounts.

Warning: ClickFix Attacks are Growing More Sophisticated

Researchers at Push Security warn of an extremely convincing ClickFix attack posing as a Cloudflare verification check. ClickFix is a social engineering technique that tricks the victim into copying and pasting a malicious command, then running it on their computer. In the instance observed by Push Security, the phishing page has a pop-up box that appears to be from Cloudflare, instructing the user to press the keyboard shortcuts necessary to open a terminal and run a command.

Quantum Route Redirect: Anonymous Tool Streamlining Global Phishing Attack

KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. The attackers are wielding a powerful new tool that’s completely changing the game for cybercriminals—turning what used to be complex, technical phishing setups into simple one-click launches that can bypass certain technical controls. Welcome to the era of “Quantum Route Redirect.".

Phishing Emails Use Invisible Hyphens to Avoid Detection

A phishing campaign is using invisible characters to evade security filters, according to Jan Kopriva at the SANS Internet Storm Center. The emails use soft hyphens to break up the subject line “Your Password is About to Expire” so the messages aren’t flagged as malicious. The email client doesn’t render the hyphens, however, so the user sees a normal sentence.

LastPass Phishing Campaign Informs Users of Phony Death Notifications

A phishing campaign is targeting LastPass users with phony notifications informing users that someone has notified the company of the user’s death and is trying to gain access to their account. The emails have the subject line, “Legacy Request Opened (URGENT IF YOU ARE NOT DECEASED).” LastPass describes the following attack flow: Notably, the attackers are also calling recipients of the emails and posing as LastPass representatives, adding another layer of legitimacy to the campaign.

Microsoft Help Desk Phishing Attempt

I received this email the other day to my personal email account. It is a “Security Alert” from “Microsoft Helpdesk.” Oh, my! Not only is Microsoft holding five emails headed to me, but my “subscription” is expiring on the same day. The “Unsubscribe” link was just a graphic, no URL. The URL to the main button, “Review All Held Messages results” was linked to the following path (shown below): That is clearly not Microsoft or microsoft.com.