Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

The Bookmark Trap: How Discord Admins Fell Prey to Social Engineering

Brian Krebs wrote: "A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. "According to interviews with victims, several of the attacks began with an interview request from someone posing as a reporter for a crypto-focused news outlet online.

AI Voice-Based Scams Rise as One-Third of Victims Can't Tell if the Voice is Real or Not

As audio deepfake technology continues to go mainstream as part of the evolution in AI-based tools, new data shows there are plenty of victims and they aren’t prepared for such an attack. Imagine you get a call from your child or grandchild telling you they’re in some kind of trouble, an accident, etc. and need money. And it really does sound like them. Would you help? Scammers who are making use of AI to synthesize sound-alike voices as part of vishing scam calls are hoping you will.

Russian Ransomware Cybercriminal Behind $200 Million in Damages is Sanctioned by the U.S. Government

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has identified and designated Mikhail Matveev for his role in ransomware attacks back 2021. When the U.S. sanctions a country, a business, or a group, the intent is to A) confiscate any and all property owned by the designee within the U.S. or in the possession of a U.S. person, and B) add the designee to the Specially Designated Nationals and Blocked Persons (SDN) List.

"Magic Link" Phishing Attacks Scamming Users With Fake McAfee Renewals

Threat actors are using encoded phishing links to evade security filters, according to Jeremy Fuchs at Avanan. The phishing emails purport to be notifications from McAfee informing the user that they need to renew their subscription. “This is a fairly standard McAfee subscription scam,” Fuchs says. “We see these all the time and they’ve been floating around the Internet for some time. But that’s not what makes this attack unique.

[Mastering Minds] China's Cognitive Warfare Ambitions Are Social Engineering At Scale

As the world continues to evolve, so does the nature of warfare. China's People's Liberation Army (PLA) is increasingly focused on "Cognitive Warfare," a term referring to artificial intelligence (AI)-enabled military systems and operational concepts. The PLA's exploration into this new domain of warfare could potentially change the dynamics of global conflict.

[SEG Headache] More Than Half of Cybersecurity Leaders Say That Too Many Phishing Attacks Get Through

Egress, a cybersecurity company that provides intelligent email security, recently released their Email Security Risk Report 2023. It's solid research that shows 99% of cybersecurity leaders are stressed about their email security with good reason. The numbers are scary. We mentioned their report a few weeks ago, but there are many important findings there.

Verizon Sends New Smishing Warning

Verizon has renewed its warnings to customers about the threat of smishing, a social engineering approach that relies upon texts as opposed to other communication channels like the email used in phishing. The smishing problem may be smaller than the phishing problem, or the robocall nuisance, but it represents a comparable threat that organizations should address in their risk management process.

More Than Half of all Email-Based Cyberattacks Bypass Legacy Security Filters

New data shows that changes in cybercriminals’ phishing techniques are improving their game, making it easier to make their way into a potential victim user’s inbox. I recently wrote about how 12% of all email threats were getting all the way to the inbox. But new data from cybersecurity vendor Armorblox’s 2023 Email Security Threat Report shows that the number is much higher, depending on the security solutions in place.

BatLoader Malware is Now Distributed in Drive-By Attacks

Malign persuasion can take many forms. We tend to hear the most about phishing (malicious emails) or smishing (malicious texts). Other threats are also worth some attention, like the risk of drive-by attacks. One current drive-by campaign is being run by the operators of BatLoader, a malware strain that establishes initial entry and persistence, and then can be used to distribute a range of other malicious code that loots affected systems and networks of valuable data, including funds.

Financial Fraud Phishing Attacks Increase 72% In One Year; Financial Industry Takes the Brunt

With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all. When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack?