[HEADS UP] Allowing Site Notifications Can be Very Costly
Krebs on Security reported that there have been an increasing number of websites asking visitors to approve ‘notifications’. In most cases these notifications are not malicious, but several firms are paying site owners to install notification scripts to sell to scammers. Normally, a website will ask permission to send notifications (as long as you approve […]
Posted: February 4, 2021 | View More »New “Back to Work” HR-Themed Phishing Scam Works to Steal Internal User Credentials
Using a fake internal memo from HR, per-user custom-named email attachments, SharePoint Online, and a realistic-looking HR form, this phishing attack has all the ingredients to trick your users. This far into the pandemic, there are groups of users within your organization begging to come back to the office, as well as those that never […]
Posted: February 4, 2021 | View More »BEC Incidents Intent on Invoice or Payment Fraud Increase 155% Across All Industries
Business Email Compromise appears to be back in the saddle again, as attackers use simple social engineering and domain impersonation to trick victims into paying up. In the midst of adjusting to working-while-COVID, ransomware seemed to be at the forefront of attacks. But new data from Abnormal Security’s Q3 Quarterly BEC Report shows that business email compromise has recently grown in interest […]
Posted: December 3, 2020 | View More »Thinking Skeptically About Smishing
Organizations need to train their employees to be on the lookout for SMS phishing (smishing), according to Jennifer Bosavage at Dark Reading. Bosavage explains that attackers exploit normal human behavior to gain access or information from employees. “Cyberattackers leverage the way people typically respond to certain social situations to trick them into disclosing sensitive information about themselves, […]
Posted: December 3, 2020 | View More »20 Ways to Build Your Security Fortress From Anywhere
At Home Have separate devices for work and personal use Connect to Ethernet (wired) or at least WPA2 (Wi-Fi Protected Access 2) for a secure wireless connection Use a VPN (Virtual Private Network) whenever possible to access employer systems/data Keep router and modem firmware up-to-date Secure IoT devices (smart speakers, appliances, etc.) – use strong, […]
Posted: November 2, 2020 | View More »National Security Awareness Podcasts
Tune into our podcasts each week! Week 1: October 9Introduction to IT360 & Cybersecurity in 2020 Week 2: October 16Cybersecurity Training for Employees Week 3: October 23Cyber Insurance Week 4: October 30Remote Working
Posted: October 8, 2020 | View More »[Heads Up] DarkSide: Sophisticated New Customized Ransomware Strain Demands Millions Of Dollars
Breaking News: A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. But here is the clincher: When performing attacks, DarkSide will create a customized ransomware executable for the specific company they are attacking. Our friends at Bleepingcomputer said: “Starting around August 10th, […]
Posted: October 8, 2020 | View More »Australian Financial Services Company is Sued for Repeatedly Being Hacked… and Doing Zero About It
The Australian Securities and Investments Commission (ASIC) is suing RI Advice Group for being hacked multiple times over a year’s time that includes 155 hours of undetected hacker activity. If you are the victim of ransomware once, it’s probably inevitable. But if you’re a ransomware victim again, and then hacked on a third occasion, you’re probably not […]
Posted: October 8, 2020 | View More »‘New VPN Configuration’ Email Tricks Microsoft 365 Users Out of Credentials
Scammers are taking advantage of the prominent use of VPNs by remote workforces to send out this very topically relevant phishing email that just wants to steal your credentials. Nearly one-third of users utilize a VPN to access work-related sites and services. From a cybercriminal’s perspective, that’s a significant chunk of people they can target. The shift to remote […]
Posted: August 6, 2020 | View More »BEC Isn’t Back; It Never Left
Business email compromise (BEC) attacks aren’t new, but they’re growing increasingly effective, according to Zeljka Zorz at Help Net Security. Zorz cites an article from BakerHostetler, in which two attorneys describe how BEC attacks work and why they’re so effective. The lawyers explain that BEC attacks involve targeted phishing attempts coming from spoofed or compromised email […]
Posted: August 6, 2020 | View More »