Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

KnowBe4

Top Tax Scams of 2024 Your Organization Should Watch Out For

As the April 15, 2024 filing deadline approaches, tax scammers are working overtime to take advantage of rushed or stressed taxpayers. This tax season, scammers have adopted more sophisticated techniques - particularly leveraging artificial intelligence (AI) to disguise their schemes. However, remaining vigilant and taking some simple precautions can help you avoid becoming a victim.

New Phishing-as-a-Service (PhaaS) platform, 'Tycoon 2FA', Targets Microsoft 365 and Gmail Accounts

A new PhaaS service brings the power of bypassing multi-factor authentication (MFA) to the world’s most-used email platforms. At its core, Tycoon 2FA isn’t doing anything new. It uses a reverse proxy server to host a phishing web page that impersonates the legitimate email platform in question. Then it intercepts the victim's input and relays them to the legitimate service. But it’s how this platform does it that is sophisticated.

Critical Improvements To The Seven Most Common Pieces of Cybersecurity Advice

I have been in the cybersecurity industry for over 35 years and I am the author of 14 books and over 1,400 articles on cybersecurity. I regularly speak with thousands of cybersecurity practitioners each year. Nearly every day, I see (good) cybersecurity advice, but some of it is just a bit shy of what is needed…such as “Use MFA!”. That is good advice, but is not specific enough. It does not give enough detail. There is a slight adjustment needed to get the most benefit.

The Cyber Achilles' Heel: Why World Leaders and High-Profile Individuals Must Prioritise Cybersecurity

Social media has become an indispensable tool for communication, outreach, and engagement. From world leaders to high-profile individuals, these platforms offer an unparalleled opportunity to connect with the masses. However, as recent incidents have shown, the very same platforms can also be a double-edged sword, exposing vulnerabilities and putting sensitive information at risk.

Large-Scale StrelaStealer Campaign Impacts Over 100 Organizations Within the E.U. and U.S.

A new campaign of StrelaStealer attacks identified by security analysts at Unit42 has been spotted targeting E.U. and U.S. organizations. This somewhat new infostealer has evolved to be even better at evading detection in a new string of campaigns aimed at stealing email credentials from well-known email clients.

Australian Government Commits to Become a World-Leader in Cybersecurity by 2030

The Australian Government has leveraged insight from cybersecurity experts to create a new six-part plan to combat cybersecurity over the coming decade. The cybercrime economy is booming and growing every year. What’s needed is a bold vision to not just respond to the current state of threats, but to jump years ahead of it. And that’s what we find in the Australian Government’s 2023-2030 Australian Cybe rsecurity Strategy.

Apple Users Become the Latest Targets of MFA Attacks

A new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more. A recent post on Twitter/X from entrepreneur Parth Patel outlines his experience when his phone became inundated with requests to reset his Apple ID password – to the tune of over 100.

IT Leaders Can't Stop AI and Deepfake Scams as They Top the List of Most Frequent Attacks

New data shows that the attacks IT feels most inadequate to stop are the ones they’re experiencing the most. According to Keeper Security’s latest report, The Future of Defense: IT Leaders Brace for Unprecedented Cyber Threats, the most serious emerging types of technologies being used in modern cyber attacks lead with AI-powered attacks and deepfake technology. By itself, this information wouldn’t be that damning.

New Report Shows Phishing Links and Malicious Attachments Are The Top Entry Points of Cyber Attacks

New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk. In cybersecurity vendor ReliaQuest’s Annual Cyber-Threat Report: 2024, there is a ton of great detail mapped to the MITRE ATT&CK Framework outlining which threat actions are used and how organizations are most effectively fighting back and stopping attacks.

Malicious App Impersonates McAfee to Distribute Malware Via Text and Phone Calls

A trojanized version of the McAfee Security app is installing the Android banking Trojan “Vultur,” according to researchers at Fox-IT. The attackers are spreading links to the malicious app via text messages and phone calls. “In order to deceive unsuspecting individuals into installing malware, the threat actors employ a hybrid attack using two SMS messages and a phone call,” the researchers write.