Be careful of emails, SMS messages, or calls claiming to be from your bank about your card being used fraudulently. If this ever happens, call the phone number on the back of your card. This is a very common sort of social engineering fraud. Do not get scammed like TV host Andy Cohen did.

A flaw found by security researchers in the encryption software allows victim organizations to use “Black Basta Buster” to recover some of their data – but there’s a catch. We’ve all heard – for as long as ransomware attacks have been happening, you either need to pay the ransom or recover from backups. But a third option has now sprouted up on GitHub.

With over half of organizations being the victim of password-based attacks in the last year, new data sheds light on the risk of phishing attacks and the use of password-based credentials. If you don’t think credentials are a key element in cyber attacks, I refer you back to an article of mine from the middle of last year where 15 billion (with a ‘b’) credentials are on sale on the dark web.

Resecurity is tracking a cybercriminal gang called “GXC Team” that develops and sells tools to facilitate online banking theft and social engineering attacks. In November, the gang began selling a tool that uses artificial intelligence to craft fraudulent invoices for use in business email compromise (BEC) attacks. The invoices can hijack business transactions by replacing banking information contained in legitimate invoices.

Researchers at Scam Sniffers have found that phishing attacks stole nearly $295 million worth of cryptocurrency from 324,000 victims in 2023, CryptoSlate reports. The cryptocurrency is stolen by malware delivered via phishing sites. “Wallet Drainers, a type of malware related to cryptocurrency, has achieved significant success over the past year,” the researchers write.

Hitting three hospitals within a Germany-based hospital network, the extent of the damage in this confirmed ransomware attack remains undetermined but has stopped parts of operations. It appears that affiliates of ransomware gangs have forgotten the golden rule – you don’t hit hospitals. It’s one thing to disrupt operations at a regular brick and mortar business. But hitting a business where someone’s life could be literally placed in jeopardy because a system is unavailable?

Every person and organization is different and requires slightly different methods and ways of learning. But every person and organization can benefit by more frequent security awareness training (SAT). Most organizations do not do enough. Training and testing once a year certainly is not that helpful. How often should you do SAT to get the biggest decrease in cybersecurity risk? At least once a month, if not more. But a sophisticated SAT program includes a combination of methods and tools.

Fascinating article at TechXplore, December 28, 2023.

The year 2024 is shaping up to be a pivotal moment in the evolution of artificial intelligence (AI), particularly in the realm of social engineering. As AI capabilities grow exponentially, so too do the opportunities for bad actors to harness these advancements for more sophisticated and potentially damaging social engineering attacks. Let's explore the top 10 expected AI developments of 2024 and their implications for cybersecurity.

A newly-discovered technique misusing SMTP commands allows cybercriminals to pass SPF, DKIM and DMARC checks, empowering impersonated emails to reach their intended victim. Earlier this month, Timo Longin, security researcher with cybersecurity consulting firm SEC Consult published details on what is now referred to as SMTP Smuggling.