Posts

Showing posts from March, 2022

Threat Post - A Blockchain Primer and a Bored Ape Headscratcher – Podcast

Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe. from Threatpost https://threatpost.com/a-blockchain-primer-and-a-bored-ape-headscratcher-podcast/179179/

KnowBe4 - FBI Warns of Phishing Attacks Targeting Election Officials

Image
The FBI has issued a Private Industry Notification warning of phishing emails designed to steal login credentials from election officials. The Bureau believes these attacks will increase ahead of the 2022 midterm elections; the officials who need to be alert are at the state, local, territorial, and tribal levels. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/fbi-warning-phishing-targets-election-officials

Dark Reading - Nation-State Hackers Ramp Up Ukraine War-Themed Attacks

Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team. from Dark Reading https://www.darkreading.com/attacks-breaches/nation-state-backed-actors-ramp-up-ukraine-war-themed-attacks

Dark Reading - How to Prevent the Next Log4j-Style Zero-Day Vulnerability

An interactive static analyzer gives developers information on potential risks arising from user inputs while they code. This could be a game-changer. from Dark Reading https://www.darkreading.com/dr-tech/how-to-prevent-the-next-log4j-style-zero-day-vulnerability

Schneier - Chrome Zero-Day from North Korea

North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users. Details : The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users. The attackers placed links to the exploit kit within hidden iframes, which they embedded on both websites they owned as well as some websites they compromised. The kit initially serves some heavily obfuscated javascript used to fingerprint the target system. This script collected all available client information such as

KnowBe4 - Mobile Device Usage Have Led to Security Incidents in Nearly Half of Organizations

Image
The shift in devices used by today’s workforce has resulted in increases in cybersecurity concerns and incidents, despite a majority of orgs with defined BYOD programs in place. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/mobile-device-usage-have-led-to-security-incidents-in-nearly-half-of-organizations

Schneier - Stalking with an Apple Watch

The malicious uses of these technologies are scary : Police reportedly arrived on the scene last week and found the man crouched beside the woman’s passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the woman’s passenger side front car wheel and then used the Watch to track her movements. When police eventually confronted him, he admitted the Watch was his. Now, he’s reportedly being charged with attaching an electronic tracking device to the woman’s vehicle. from Schneier on Security https://www.schneier.com/blog/archives/2022/03/stalking-with-an-apple-watch.html

Dark Reading - Precursor Malware is a Early Warning Sign for Ransomware

Ransomware typically rely on malware downloaders and other delivery mechanisms. Detecting and removing precursor malware improves the odds that a ransomware attack has been blocked. from Dark Reading https://www.darkreading.com/edge-threat-monitor/precursor-malware-is-a-early-warning-sign-for-ransomware

KnowBe4 - CyberheistNews Vol 12 #13 [Heads Up] Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online

Image
[Heads Up] Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online   Email not displaying? | View Knowbe4 Blog   CyberheistNews Vol 12 #13  |   Mar. 29th., 2022 [Heads Up] Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online The video uploaded to a hacked Ukrainian news website shows how far the technology has come, how it can be used in social engineering, and how the tech still needs to improve. While much of the headlines today around the Russian invasion of Ukraine focus on the war on the ground and in the air, a cyberwar is being waged behind the scenes. It began with wiper ransomware attacks on Ukrainian businesses and government agencies and has culminated so far with a newly released deepfake video of Ukrainian president Zelenskyy asking his troops to lay down their weapons and surrender. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-12-13-heads-up-published-zelenskyy-deepfake-vide

KnowBe4 - Email Conversation Hacking to Distribute Malware

Image
Researchers at Intezer warn that attackers are hijacking email conversations to distribute the IcedID banking Trojan. This technique makes the phishing emails appear more legitimate and helps them bypass security filters. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/email-conversation-hacking-to-distribute-malware

SBS CyberSecurity - In The Wild 268

Image
     In The Wild - CyberSecurity Newsletter Welcome to the 268 th     issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!            Hacker Hour: Top 5 IT Exam Recommendations Date:  March 30, 2022  |   Time:  2:00-3:00 pm CT SBS Educational Resources IT audits or exams are a vital measurement for an organizat