Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Law firms are being targeted by a large number of social engineering attacks involving the Gootloader malware delivery tool, according to researchers at Trustwave. “Recently, we’ve seen a noticeable surge in malware cases linked to a malicious payload delivery system known as Gootloader,” the researchers write. “The group behind this malware is believed to operate a malware-as-a-service operation, exclusively providing a malware delivery service for other threat actors.

For the fourth consecutive year, we received a Tech Cares Award from TrustRadius! This fourth annual award celebrates companies that have gone above and beyond to provide strong Corporate Social Responsibility (CSR).

We previously reported independently on PDF-based phishing attacks skyrocketing and the rise of SEO attacks. A recent research study found that the combination of both is quite common. Most worryingly, PDF-based SEO attacks are poorly detected by common defense mechanisms such as blocklists, ad blockers or even crowdsourced antivirus services VirusTotal. PDF-based attacks can be anything from a website embedded in a PDF file to an email.

The latest data from Comcast Business’ analysis of over 23.5 billion cyber attacks on their business customers shows the importance and role of phishing in attacks. Over the years there has been a consistent mantra, where everyone agrees that “90-something” percent of cyber attacks start with phishing. There have been plenty of sources that corroborate this using percentages in the 90th percentile, but the overall message is phishing is your greatest Initial Access tactic.

Most social engineering scams search out their potential victims, often sending emails to known email addresses, sending chat messages to them or calling known phone numbers. The attackers take an active role in seeking out and making contact with their victims.

The second quarter of this year has become the focus of some new firsts in ransomware attacks, according to new data from cybersecurity vendor Reliaquest. None of us want to see ransomware continue “up and to the right” on a chart. But it appears that this is the case, according to Reliaquest’s Ransomware Report: Q2 2023.

At Black Hat USA 2023, a session led by a team of security researchers, including Fredrik Heiding, Bruce Schneier, Arun Vishwanath, and Jeremy Bernstein, unveiled an intriguing experiment. They tested large language models (LLMs) to see how they performed in both writing convincing phishing emails and detecting them. This is the PDF technical paper.