Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new BazarCall phishing campaign is using Google Forms to send phony invoices, according to researchers at Abnormal Security. “BazarCall/BazaCall attacks typically start with a phishing email designed to appear as a payment notification or subscription confirmation from a known brand,” Abnormal explains. “Within the email, recipients can find the amount to be charged—generally between $49.99 to $500 or more, depending on the subscription or service being impersonated.

Security awareness training (SAT) works! A well-designed security awareness training campaign will significantly reduce cybersecurity risk. We can safely state that from over 13 years of experience with tens of thousands of customer organizations and hundreds of millions of customer interactions. We have the data to prove it. The average new customer comes to us with about a third of their workforce proven to click on any phishing email.

CISA sent out a warning about a Russian advanced persistent threat (APT) called Star Blizzard warning about their long-game social engineering tactics. They create fake email and social media accounts, contact their potential victims, talk about a non-threatening subject to gain the victim’s confidence, and wait to launch their malicious attack. I call this long-game social engineering.

Researchers at Nisos warn that North Korean threat actors are impersonating skilled job seekers in order to obtain remote employment at US companies. “The identified personas claim to have highly sought-after technical skills and experience and often represent themselves as U.S.-based teleworkers, but Nisos investigators found indications that they are based abroad,” the researchers write.

Analysis of nearly a year’s worth of emails brings insight into exactly what kinds of malicious content are being used, who’s being impersonated, and who’s being targeted. I love data built on statistically relevant data samples, as the larger the data set, the more relevant and representative of an entire industry, country, or world it is. One such report is Hornetsecurity’s just released Cyber Security Report 2024.

As the holiday season approaches, so does the annual surge in online shopping and holiday package tracking. Unfortunately, this joyous time has also become a prime hunting ground for cybercriminals. In a concerning development, cybersecurity experts are sounding the alarm about a new weapon in the phishing attackers' arsenal: generative artificial intelligence (AI).

First ever insight into those annoying spam calls provides enlightening detail into how many calls are there, where are they coming from, and how much time is wasted dealing with them. It’s sort of the new normal - never answer your phone if you don’t know the caller and let it go to voicemail. Why? Because of the proliferation of spam calls that nobody wants to receive. But just how bad is it? Global communications provider, Truecaller, released its’ first Monthly U.S.

December 7, 2023 - The Wall Street Journal has an interesting perspective on K-12 Public schools suffering ransomware attacks. The number doubles between 2021 and 2022 to almost 2,000 a year. Here are a few paragraphs with a link to the full article: "Hacks are on the rise across all industries, but the public sector’s weak protections make it an increasingly attractive target for cybercriminals.

Security analysts at identity vendor Sumsub are seeing a massive rise in the use of deepfake fraud in their Identity Fraud Report 2023. And one country may be to blame. While Sumsub’s focus is more around all forms of identity security, it's witnessing a significant increase in deepfakes, as deepfakes are a form of identity fraud. According to Sumsub, the top three fraud trends identified were: The approximate overall growth rate worldwide for the use of deepfakes is 10x.