Blog, Education, Phishing and Technology

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

The Last Watchdog

SEPTEMBER 21, 2022

Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Cybersecurity experts are discussing a new trend in the cybercrime community called phishing-as-a-service. Phishing-as-a-Service (PhaaS). Ready-to-use phishing kits with all necessary attack items are available on the web.

Phishing

Phishing Artificial Intelligence Cybercrime Social Engineering

DMARC and the prevention of World Health Organization phishing scams

CyberSecurity Insiders

NOVEMBER 22, 2021

This blog was written by an independent guest blogger. The combination of these factors created an environment in which phishing attempts were easily successful, targeting the population by utilizing the World Health Organization’s (WHO) name as a cover.

Phishing

Phishing Scams Data breaches Education

Artificial Intelligence: The Evolution of Social Engineering

Security Through Education

FEBRUARY 20, 2024

In the ever-evolving landscape of cybersecurity, social engineering has undergone significant transformations over the years, propelled by advancements in technology. This article delves into the historical shifts in social engineering tactics and explores how adversaries embrace new technologies to achieve their objectives.

Social Engineering

Social Engineering Artificial Intelligence Engineering Phishing

Intro to Phishing: How Dangerous Is Phishing in 2023?

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 What is phishing? This is part of what makes phishing attacks so dangerous.

Phishing

Phishing Social Engineering Authentication Engineering

GUEST ESSAY: Leveraging DevSecOps to quell cyber risks in a teeming threat landscape

The Last Watchdog

JANUARY 2, 2024

Related: How AI is transforming DevOps The constant evolution of technology, increased connectivity, and sophisticated cyber threats pose significant challenges to organizations of all sizes and industries. Lack of security awareness and education. Often, employees within organizations lack sufficient security awareness and education.

Cyber Risk

Cyber Risk Risk Education Security Awareness

New spear phishing campaign targets Russian dissidents

Malwarebytes

MARCH 29, 2022

This blog post was authored by Hossein Jazi. The spear phishing emails are warning people that use websites, social networks, instant messengers and VPN services that have been banned by the Russian Government and that criminal charges will be laid. Spear phishing as the main initial infection vector. Victimology.

Phishing

Phishing Education Telecommunications Technology

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

SC Magazine

JANUARY 26, 2021

companies as a primary target of a new phishing scheme. Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. The company could not be certain, however, if the V4 phishing kit was involved.

Phishing

Phishing Passwords Security Awareness Social Engineering

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

SEPTEMBER 25, 2023

Taking an active role Your cybersecurity policy should address your employees and technology systems. According to Verizon’s 2023 Data Breach Investigations Report, 74% of breaches were caused by human error, with phishing and text message phishing scams being some of the leading causes. Stay educated. Stay proactive.

Small Business

Small Business Cybersecurity Technology Accountability

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

The report points out that Stark Industries continues to host a Russian disinformation news outlet called “Recent Reliable News” (RRN) that was sanctioned by the European Union in 2023 for spreading links to propaganda blogs and fake European media and government websites. Stark recently announced the address range 213.159.64.0/20

DDOS

DDOS Internet Internet Government

The Digital Trust Factor. Have We Got It All Wrong?

Jane Frankland

APRIL 17, 2024

As technology weaves deeper into our lives, the swift exchange of information has become our reality. I invite you to join me on a journey to understand the intricacies of secure transactions in our digitised world, where trust and technological innovation converge for a safer, more resilient digital future.

Identity Theft

Identity Theft Digital transformation Technology Risk

Humans are Bad at URLs and Fonts Don’t Matter

Troy Hunt

OCTOBER 28, 2020

Everything becomes clear(er) if I manually change the font in the browser dev tools to a serif version: The victim I was referring to in the opening of this blog post? Obviously, the image is resized to the width of paragraphs on this blog, give it a click if you want to check it out at 1:1 size. Poor Googie! More on that soon.

Phishing

Phishing Password Management Passwords Internet

Cisco Security Heroes: The power of partnerships, employee education, and zero trust policies

Cisco Security

NOVEMBER 29, 2021

But to expand on the conversation and share more of his experiences and expertise, Enric has kindly returned to the hotseat for our latest blog. . The following is a guest blog authored by Enric Cuixeres Saez, Head of IT at Leng-d’Or. Seamless integration across security technologies. So, why take a chance?

Education

Education Data breaches Cybersecurity Risk

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

Why Schools are Low-Hanging Fruit for Cybercriminals

IT Security Guru

JULY 4, 2023

Hackers are increasingly targeting schools as technology is being integrated more deeply into teaching. Educational institutions own many sensitive data, such as personnel and financial information, as well as intellectual property. Cybercriminals use these weaknesses to break into school networks and compromise critical data.

Education

Education Passwords Backups IoT

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. “These senseless acts of targeting those who are unable to respond are the motivation for this research, analysis, tools, and blog post. .

Ransomware

Ransomware Encryption Backups Manufacturing

GUEST ESSAY: A full checklist on how to spot pharming attacks — and avoid becoming a victim

The Last Watchdog

JUNE 1, 2021

It is an online scam attack quite similar to Phishing. The term Pharming is a combination of two words Phishing and Farming. Pharming vs phishing. Though Pharming and Phishing share almost similar goals, the approach to conduct Pharming is entirely different from Phishing. Related: Credential stuffing explained.

DNS

DNS Phishing Social Engineering Cyber Attacks

Threat Trends: DNS Security, Part 2

Cisco Security

MARCH 23, 2021

In our Threat Trends blog series , we attempt to provide insight into the prevalent trends on the threat landscape. So, without further ado, and in no particular order, here are the industry trends: Technology. Unsurprisingly, the Technology sector saw far more cryptomining traffic than any other industry. Financial Services.

DNS

DNS Financial Services Manufacturing Healthcare

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

While you might think that these actors are interested in government and defense information, their operations prove they are interested in much more – including software development and information technology, data analytics, and logistics. Educate your employees on threats and risks such as phishing and malware.

Cybersecurity

Cybersecurity Cybercrime Education Government

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

The Last Watchdog

OCTOBER 5, 2023

Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.) For the first expert interview on our blog, we welcomed Pulitzer-winning investigative reporter Byron V. Byron: I was initially drawn to cybersecurity as a USA TODAY technology reporter assigned to cover Microsoft.

Cyber threats

Cyber threats Cyber Insurance Cybersecurity Threat Detection

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. In addition, educating employees about cybersecurity issues can help to reinforce the security-minded culture of the organization and change employee behaviour.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

CIO in the Age of AI: A Title Under Threat?

SecureWorld News

NOVEMBER 30, 2023

The role of the Chief Information Officer has undergone significant transformations over the past few decades, driven by the rapid advancements in technology. I think we need a C-Level leader over all technology with subordinate leaders that address key expertise in sub-areas like data, applications, etc."

CISO

CISO Artificial Intelligence Phishing Cybersecurity

Group-IB Thwarts Chinese Tonto Team Cyberattack

SecureWorld News

FEBRUARY 14, 2023

According to a blog post by Group-IB , the company detected and blocked malicious phishing emails originating from Tonto Team that were targeting its employees. The threat actor has been targeting government, military, energy, financial, educational, healthcare, and technology sector companies since 2009.

Phishing

Phishing Cybersecurity Healthcare Threat Detection

BazarBackdoor phishing campaign eschews links and files to avoid raising red flags

SC Magazine

MAY 5, 2021

A pair of related phishing campaigns this year took the unusual step of intentionally avoiding malicious links or attachments in its emails – a sign that threat actors may recognize the need to come up with new tactics. Here, workers prepare a presentation the day before the CeBIT 2012 technology trade fair.

Phishing

Phishing Scams Malware Social Engineering

The Implications of the Uber Breach

Security Boulevard

SEPTEMBER 17, 2022

It's a frustrating reality for CIOs because these types of breaches are preventable as long as their companies implement the right technologies, policies, and procedures and educate their employees on how to be extra vigilant in the digital world. Continuously educating your workforce. Continuously Educate Your Workforce.

Social Engineering

Social Engineering Education Technology Engineering

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

The technology industry has met the dramatic rise in ransomware and other cyber attacks with an impressive set of tools to help companies mitigate the risks. Likewise, lookalike and spoofed web domains and well-crafted phishing emails now easily trick employees into thinking they’re dealing with trustworthy sources. A typical attack.

Ransomware

Ransomware Education Financial Services Phishing

Experts warn of an emerging Python-based credential harvester named Legion

Security Affairs

APRIL 17, 2023

Typically, this type of tool would be used to hijack said services and use the infrastructure for mass spamming or opportunistic phishing campaigns.” These include credentials for email providers, cloud service providers (AWS), server management systems, databases and payment systems – such as Stripe and PayPal.

Mobile

Mobile Hacking Malware Accountability

Why the Language of Cybersecurity Awareness Needs to be More Accessible

BH Consulting

OCTOBER 2, 2023

In a lecture this year for Gresham College, she pointed out similarities between the language used by politicians and law enforcement, the security industry’s marketing teams, and even cybercriminals who use phishing and scams. On her excellent ‘Beyond the phish’ Substack, she made a plea to stop inventing new terms for scams.

Cybersecurity

Cybersecurity Scams Cyber threats Security Awareness

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com. 2019 that wasn’t discovered until April 2020. . ” In the early morning hours of Nov.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

Attackers could have used the information about the website’s structure to identify the technologies employed in its development and streamline a lengthy list of techniques to potentially compromise the website. How to protect your data?

Retail

Retail Manufacturing Passwords Phishing

3 reasons even Chromebook™ devices benefit from added security

Webroot

OCTOBER 25, 2021

Google Chromebook devices could rightly be called a game-changer for education. According to Google, 40 million students and educators were using Chromebook computers for learning as of last year. The respected technology blog TechRadar has even referred to 2021 as “the year of the Chromebook.”.

Identity Theft

Identity Theft Spyware Phishing Antivirus

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

The Last Watchdog

SEPTEMBER 27, 2021

Assessing the risks involved in using the latest technology is something our culture had to adopt in the early days of the computer. New technologies come with risks — there’s no denying that. In 1971, researcher Bob Thomas and his team at BBN Technologies created a virus that was later coined the “Creeper” worm.

Cybersecurity

Cybersecurity Hacking Identity Theft Technology

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

AUGUST 23, 2021

Slow communication can also leave workers vulnerable to phishing attacks, where cybercriminals pose as legitimate authorities. Since phishing makes up 30% of all attacks against small businesses, this is a pressing concern. Look to see if any of these risks apply to your remote workers so you can take action and protect them.

Internet

Internet Internet Government Risk

Navigating the Web of Romance Scams: A Guide for Businesses and Consumers

Webroot

FEBRUARY 13, 2024

This trend underscores the evolving threat landscape and the importance of continuous awareness and education on cybersecurity threats, including those that initially appear to be personal in nature. Protecting Yourself and Your Business Educate and Train Employees : Awareness is the first step in prevention.

Scams

Scams Cryptocurrency Media Education

Personal Cybersecurity Concerns for 2023

Security Through Education

JANUARY 18, 2023

The truth is technology has grown at an exponential rate and so has cybercrime. More than 90% of successful cyber-attacks start with a phishing email. Stay educated, implement security recommendations, stay safe. At Social-Engineer LLC, our purpose is to bring education and awareness to all users of technology.

Cybersecurity

Cybersecurity Social Engineering Scams IoT

5 Must-Read Cybersecurity Websites

SiteLock

AUGUST 27, 2021

Government Technology. Government Technology, also known as GovTech, covers a wide range of technology topics for the public government sector, on both state and local levels. Topics include phishing, malware, fraud and network security.

Cybersecurity

Cybersecurity Data breaches Government Technology

GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints

The Last Watchdog

JULY 1, 2022

These include lurking devices (think home automation tools and other smart devices lying around in the same room your employee works or attends confidential meetings from) to sophisticated email phishing attacks using pseudo names of the CXOs (since, well everything is virtual). Managing endpoints securely . Tools and best practices.

Mobile

Mobile Education Phishing Technology

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. The attacks against the Canadian healthcare organizations were discovered between March 24 and March 26, they started with coronavirus -themed phishing campaigns that were carried out in the last months.

Healthcare

Healthcare Ransomware Phishing Government

Lessons from a Scam Artist

Security Through Education

MARCH 22, 2023

Thanks to technology and social media, impersonation scams have grown exponentially. Impersonation is often used in phishing , SMiShing , and vishing. They use technology to change the phone number that appears on your caller ID. This enabled him to cash nearly $2.5 million worth of checks. Facebook alone removed nearly 1.8

Scams

Scams Social Engineering Engineering Media

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. .” ” reads the joint report. ” reads the joint report. ” continues the report.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Hacker Personas Explained: Know Your Enemy and Protect Your Business

Webroot

FEBRUARY 11, 2021

Cybercriminals are masters at using technology and psychology to exploit basic human trust and compromise businesses of all sizes. While cybersecurity advice is often focused on technology like endpoint protection, firewalls and anti-virus, it’s important to remember that behind every breach is a human.

Scams

Scams Phishing Firewall Social Engineering

How To Protect Businesses from Social Engineering Attacks this Cybersecurity Awareness Month and Beyond

NetSpi Executives

OCTOBER 24, 2023

Technology has a significant impact on addressing cybersecurity challenges. Security education and awareness have come a long way since the first Cybersecurity Awareness Month 20 years ago. Some of the most common types of social engineering include vishing (phone), phishing (email), and smishing (text).

Social Engineering

Social Engineering Engineering Cybersecurity Passwords

Proactive Intelligence: A Paradigm Shift In Cyber Defense

Security Boulevard

MARCH 6, 2024

That's where technologies like protective DNS come in. Protective DNS acts as a first line of defense against malware, supply-chain attacks, breaches, and phishing by blocking access to the infrastructure that commands & controls these attacks and is known to host malicious content. million — 15% more than it was in 2020.

DNS

DNS Phishing Data breaches Cyber threats

LinkedIn introduces new security features to combat fake accounts

Malwarebytes

NOVEMBER 1, 2022

For years, it has been aware of spam, fake job offers, phishing, fraudulent investments, and (at times) malware, and has been trying to combat those issues. Profiles with inconsistencies in their work history and education. LinkedIn knows it has a problem with bots and fake accounts, and has acknowledged this on more than one occasion.

Accountability

Accountability Cryptocurrency Education Technology

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Let’s walk through some practical steps organizations can take today, implementing zero trust and remote access strategies to help reduce ransomware risks: •Obvious, but difficult – get end users to stop clicking unknown links and visiting random websites that they know little about, an educational challenge. Let’s talk VPNs.

Ransomware

Ransomware Risk Internet Internet

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

DMARC and the prevention of World Health Organization phishing scams

Trending Sources

Artificial Intelligence: The Evolution of Social Engineering

Intro to Phishing: How Dangerous Is Phishing in 2023?

GUEST ESSAY: Leveraging DevSecOps to quell cyber risks in a teeming threat landscape

New spear phishing campaign targets Russian dissidents

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

Stark Industries Solutions: An Iron Hammer in the Cloud

The Digital Trust Factor. Have We Got It All Wrong?

Humans are Bad at URLs and Fonts Don’t Matter

Cisco Security Heroes: The power of partnerships, employee education, and zero trust policies

Google TAG warns of Russia-linked APT groups targeting Ukraine

Why Schools are Low-Hanging Fruit for Cybercriminals

Researchers Quietly Cracked Zeppelin Ransomware Keys

GUEST ESSAY: A full checklist on how to spot pharming attacks — and avoid becoming a victim

Threat Trends: DNS Security, Part 2

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

CIO in the Age of AI: A Title Under Threat?

Group-IB Thwarts Chinese Tonto Team Cyberattack

BazarBackdoor phishing campaign eschews links and files to avoid raising red flags

The Implications of the Uber Breach

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Experts warn of an emerging Python-based credential harvester named Legion

Why the Language of Cybersecurity Awareness Needs to be More Accessible

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Volvo retailer leaks sensitive files

3 reasons even Chromebook™ devices benefit from added security

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

Navigating the Web of Romance Scams: A Guide for Businesses and Consumers

Personal Cybersecurity Concerns for 2023

5 Must-Read Cybersecurity Websites

GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Lessons from a Scam Artist

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Hacker Personas Explained: Know Your Enemy and Protect Your Business

How To Protect Businesses from Social Engineering Attacks this Cybersecurity Awareness Month and Beyond

Proactive Intelligence: A Paradigm Shift In Cyber Defense

LinkedIn introduces new security features to combat fake accounts

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Stay Connected