A new survey of hackers shows that AI is not only empowering hackers to be more effective, but that AI itself is “ripe for exploitation.” Rarely do we get to ask a hacker “what do you think” when it comes to cyber attacks, cybersecurity efforts, and what they think the future will hold. But Bugcrowd’s 2024 Inside the Mind of a Hacker Report (which surveyed 1300 hackers) hosts a treasure trove of data around how hackers see AI and the value it brings.

Analysis of a new phishing attack highlight just how easy it can be to spot these kinds of attacks if recipients were properly educated. Action Fraud, the U.K.’s national fraud & cyber reporting center, recently warned U.K. residents of a scam impersonating Starbucks.

A phishing campaign is impersonating HR to target employees who are making annual insurance changes during the open enrollment period, according to researchers at Abnormal Security. The attackers are using legitimate notifications from Dropbox to send phishing messages, asking recipients to view a document on Dropbox regarding annual salary increases and open enrollment elections.

The threat group FIN7 is using the lure of generating nude images of favorite celebrities to get victims to download their NetSupport RAT. In any social engineering scam, there’s always the need to create some sense of urgency to act in order to make the potential victim take an action that enables the attack. In the case of a new attack by threat group FIN7, the urgency appears to be the desire to see deepfake nude images.

The Association of Certified Fraud Examiners (ACFE) recently released a report Occupational Fraud 2024: A Report to the Nations, where they estimated that most organizations lose about 5% of their revenue each year due to fraud. We have joined in our support of International Fraud Awareness Week and applaud the ACFE and their efforts to help raise awareness and reduce fraud that hurts all of us, whether we work for these organizations or are consumers of the goods and services they provide.

A new and concerning cybersecurity trend has emerged. According to the latest Q3 2024 Cato CTRL SASE Threat Report from Cato Networks, ransomware gangs are now actively recruiting penetration testers to enhance the effectiveness of their attacks. This development signals a significant shift in the tactics employed by cybercriminals and underscores the need for organizations to remain vigilant in their defense strategies.

The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access. I’ve stood on the “phishing is a problem” soapbox for many years, attempting to focus the attention of cybersecurity teams on the single largest problem within the organization: the employees that fall for social engineering tactics time and time again.

About five years ago, I was having trouble with an expensive brand-name refrigerator that my wife and I had bought. It was a great refrigerator feature-wise. My wife and I initially loved it. But it kept breaking. And each break, even though it was covered by the warranty, took weeks and weeks to repair.

The Swiss National Cyber Security Centre (NCSC) has warned of a QR code phishing (quishing) campaign that’s targeting people in Switzerland via physical letters sent through the mail, Malwarebytes reports. The letters purport to come from the Swiss Federal Office of Meteorology and Climatology (MeteoSwiss), asking recipients to scan a QR code to install a new app for severe weather warnings.

As the holiday shopping season kicks into high gear, cybercriminals are gearing up too. This year, alongside the usual suspects, we're seeing some crafty new scams, so let’s take a look at some of the ones you should be most careful of during Black Friday, Cyber Monday and Giving Tuesday. AI-Generated Fake Reviews AI has allowed scammers to flood product pages with well-written and convincing fake reviews of products.