A phishing campaign is targeting Chinese users in an attempt to distribute malicious apps, according to researchers at Palo Alto Networks’s Unit 42. "The threat actor masquerades as a law enforcement official and says the target's phone number or bank account is suspected of being involved in financial fraud,” the researchers write. “They then guide the person to download an app that will allow the attacker to investigate their bank transactions.
Mandiant has published a report on “CLINKSINK,” a cryptocurrency Drainer-as-a-Service (DaaS) that’s targeting users of the Solana currency. Mandiant’s own X (formerly Twitter) account was hacked earlier this month and used to distribute a link to the drainer. Threat actors using CLINKSINK have stolen at least $900,000 worth of cryptocurrency in recent weeks.
A new article explains how business professionals are beginning to be not-so-professional and seeking to make personal connections. It’s only a matter of time before cybercriminals jump in. I came across a recent Business Insider article entitled, “The hottest new dating site: LinkedIn.” The title made me laugh… and then when I put my cybersecurity hat back on, the laughing stopped.
Regardless of whether your environment remains on-premise, resides in the cloud, or is a hybrid configuration, new data makes it clear that your biggest risk is phishing attacks. According to Netwrix’s 2023 Hybrid Security Trends Report, released late last month, 73% of organizations have some form of hybrid environment, with slightly less than half of all workloads (44%) residing in the cloud.
The Canada-based Women CyberSecurity Society (WCS2) has warned that its leadership, members, and volunteers are being targeted by an SMS phishing (smishing) campaign, IT World Canada reports. “A volunteer recently reported receiving a text message claiming to be from founder Lisa Kearney citing an urgent need for help,” WCS2 says.
It’s no longer theoretical; phishing attacks and email scams are leveraging AI-generated content based on testing with anti-AI content solutions. I’ve been telling you since the advent of ChatGPT’s public availability that we’d see AI’s misuse to craft compelling and business-level email content.
We are excited to announce that KnowBe4 has been named a leader in the Winter 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the eleventh consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence.
The latest consumer alert posted by the federal trade commission (FTC) signals that the upticks in QR code-based scams are being seen by cybersecurity vendors are indeed a valid growing problem. You won’t need to go very far before you find a QR code. Restaurants commonly use QR codes to point you to a menu, parking lots use them to point you to a website to pay for parking, and according to the FTC, scammers use them to engage you in scams.
Microsoft was the most impersonated brand last quarter, accounting for a third (33%) of all brand phishing attempts in October, November, and December 2023, according to Check Point’s Brand Phishing Report for Q4 2023. Check Point notes, “The technology sector stood out as the most targeted industry overall, with Amazon securing second place with 9% and Google in third at 8%.
