New data on how the threat of AI in cyber crime is being seen as a growing risk provides insight into how organizations are shifting from reaction to prevention. According to endpoint security vendor Deep Instinct’s Voice of SecOps report, 97% of organizations are concerned they will suffer a security incident as a result of adversarial AI. The advent of new malicious LLM-based AI platforms are allowing cybercriminals to get their hands on sophisticated tech and create convincing deepfakes.

Organizations are falling victim to ransomware attacks where data is stolen, but the victim isn’t being told about it. I have a theory as to why this is happening. Many assume data is being exfiltrated as part of a ransomware attack and it’s going to be used as part of the extortion component of the attack. But according to Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, that doesn’t seem to be the case.

Organizations need to be aware of the threat posed by QR code phishing (quishing), according to researchers at Trend Micro. “Phishing emails continue to be the number one attack vector for organizations,” the researchers write. “A QR code phishing, or quishing attack, is a modern social engineering cyber attack technique manipulating users into giving away personal and financial information or downloading malware.

The Internet of Things (IoT) has slowly but surely weaved its way into our homes and places of work. From smart homes to industrial control systems, IoT has brought convenience and efficiency to our lives. However, with this increased connectivity we have increased our risk. The IoT Attack Surface IoT devices are often designed with functionality in mind, rather than security. This means that many devices have weak or default passwords, unpatched vulnerabilities, and insecure communication protocols.

As expected, threat actors are taking advantage of the global IT outage caused by a faulty CrowdStrike update last Friday, SC Media reports. We've been covering this story and it looks like the campaigns have only continued.

A new phishing scam is leveraging trusted aspects of ecommerce to make their scams look legitimate. Perception Point has spotted a new level of credibility used by phishing scammers in which fake payment pages include the use of legitimate support chat. Spoofed payment pages resembling marketplace, like Etsy and Upwork, ask business owners to “claim” payments for products or services sold.

According to security researchers at Cisco Talos, emails impersonating legitimate officers at the Cyprus Securities and Exchange Commission are being sent to prior Opteck customers that offer victim's with investment advice.

Protecting your financial information has never been more crucial. With the rise of sophisticated scams, it's becoming increasingly difficult to distinguish between legitimate bank communications and fraudulent attempts to access your accounts. So, how can you be sure it's really your bank contacting you? The Vulnerability of Personal Information First, it's important to understand that our personal details are more accessible than we might think.

Several threat actors are abusing legitimate cloud services to launch phishing attacks against users in Latin America, according to Google’s latest Threat Horizons Report. One threat actor, tracked as “PINEAPPLE,” impersonated Brazil’s revenue service, Receita Federal do Brasil, to deliver the Astaroth infostealer.