Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the bustling world of 1960s Madison Avenue, a young advertising executive named Lester Wunderman was about to revolutionize the industry. Wunderman, often called the father of direct marketing, had a simple yet profound insight: personalization was the key to capturing attention and driving action. Wunderman's breakthrough came when he created the Columbia Record Club, a mail-order service that tailored its offerings based on each member's past purchases and preferences. The results were staggering.

The rise of agentic AI tools will transform the cybercrime landscape, according to a new report from Malwarebytes. Agentic AI—which is still under development—is a step above the generative AI tools that are currently available to the public, and will likely be widely released in 2025. While these tools will have many legitimate uses, they’ll also enable cybercriminals to scale their attacks.

A KnowBe4 Threat Lab publication Authors: Daniel Netto, Jeewan Singh Jalal, Anand Bodke, and Martin Kraemer Executive Summary Attackers exploit redirects that lack safeguarding mechanisms to borrow the domain reputation of the redirect service, obfuscate the actual destination and exploit trust in known sources. Whitelisting URLs, only allowing a predefined set of URLs to be rewritten, is an effective countermeasures against the vulnerability on the server side.

Nearly half (46%) of businesses observed an increase in deepfakes and generative AI-related fraud last year, a new report from AuthenticID has found. Additionally, phishing attempts increased by 76% in 2024, and more than 90% of cyberthreats were driven by social engineering. The report also noted a rise in workplace-related fraud, including employee impersonation and account takeover.

Recently, I started working with my children's school to enhance their online safety measures and develop a digital mindfulness course in collaboration with their digital literacy lead. This experience highlighted the fact that our schools are not only expected to provide safe places of learning but also extend that safety into the digital spaces.

Researchers at Cisco Talos warn that a new phishing campaign is targeting users in Germany and Poland in an attempt to deliver several strains of malware, including a new backdoor dubbed “TorNet.” The phishing emails purport to be fake money transfer confirmations from financial institutions or phony order receipts from manufacturing and logistics companies.

Our recent Africa Cybersecurity Awareness survey has revealed a startling surge in cybersecurity concerns among African users, with 58% of respondents expressing high levels of worry about cybercrime - a figure that has nearly doubled from 29% in 2023. The fear is not unfounded. As highlighted by Interpol's African Cyberthreat Report 2024, the continent has witnessed a significant uptick in cybercrime, along with its financial and social repercussions.

Researchers at Zimperium warn that a large phishing campaign is impersonating the US Postal Service (USPS) to target mobile devices with malicious PDF files. The goal of the campaign is to direct users to a spoofed USPS website designed to harvest personal information. “The investigation into this campaign uncovered over 20 malicious PDF files and 630 phishing pages, indicating a large-scale operation,” the researchers write.

A KnowBe4 Threat Lab Publication Authors: Jeewan Singh Jalal, Anand Bodke, and Martin Kraemer Executive Summary The KnowBe4 Threat Lab analyzed a sophisticated phishing campaign targeting multiple organizations to harvest Microsoft credentials. Threat actors utilized a compromised domain, its subdomains, bulk email services, and open redirect vulnerability to evade detection and increase click success rates.

Microsoft, Apple, and Google were the most commonly impersonated brands in phishing attacks last quarter, according to researchers at Check Point. “Microsoft retained its dominance as the most imitated brand in phishing schemes, accounting for a staggering 32% of all attempts,” Check Point says. “Apple followed with 12%, while Google ranked third. Notably, LinkedIn reentered the list at fourth place, emphasizing the persistent targeting of technology and Social Network brands.