Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

KnowBe4

Warning: Sharing Data with ChatGPT Can Be Misused Outside Your Organization

A new study found that ChatGPT can accurately recall any sensitive information fed to it as part of a query at a later date without controls in place to protect who can retrieve it. The frenzy to take advantage of ChatGPT and other AI platforms like it has likely caused some to feed it plenty of corporate data in an effort to have the AI process and provide insightful output based on the queries received.

Protecting Patient Data: The Importance of Cybersecurity in Healthcare

As digital transformation continues to shape the healthcare industry, it is crucial for healthcare organizations to prioritize cybersecurity. These organizations are entrusted with sensitive personal information from patients, making them a prime target for cybercriminals who steal, exploit or sell the data they acquire. As evidenced by a recent breach at MCNA dental which impacted 8.9 million patients.

7 Critical Considerations A Security Awareness Training Vendor Should Provide

A security awareness training vendor should provide the necessary tools to turn your users into a human firewall while serving as a foundation for improved security culture and human risk management. Here's what you need to know before you evaluate security awareness training programs.

The Bookmark Trap: How Discord Admins Fell Prey to Social Engineering

Brian Krebs wrote: "A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. "According to interviews with victims, several of the attacks began with an interview request from someone posing as a reporter for a crypto-focused news outlet online.

AI Voice-Based Scams Rise as One-Third of Victims Can't Tell if the Voice is Real or Not

As audio deepfake technology continues to go mainstream as part of the evolution in AI-based tools, new data shows there are plenty of victims and they aren’t prepared for such an attack. Imagine you get a call from your child or grandchild telling you they’re in some kind of trouble, an accident, etc. and need money. And it really does sound like them. Would you help? Scammers who are making use of AI to synthesize sound-alike voices as part of vishing scam calls are hoping you will.

Russian Ransomware Cybercriminal Behind $200 Million in Damages is Sanctioned by the U.S. Government

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has identified and designated Mikhail Matveev for his role in ransomware attacks back 2021. When the U.S. sanctions a country, a business, or a group, the intent is to A) confiscate any and all property owned by the designee within the U.S. or in the possession of a U.S. person, and B) add the designee to the Specially Designated Nationals and Blocked Persons (SDN) List.

"Magic Link" Phishing Attacks Scamming Users With Fake McAfee Renewals

Threat actors are using encoded phishing links to evade security filters, according to Jeremy Fuchs at Avanan. The phishing emails purport to be notifications from McAfee informing the user that they need to renew their subscription. “This is a fairly standard McAfee subscription scam,” Fuchs says. “We see these all the time and they’ve been floating around the Internet for some time. But that’s not what makes this attack unique.

[Mastering Minds] China's Cognitive Warfare Ambitions Are Social Engineering At Scale

As the world continues to evolve, so does the nature of warfare. China's People's Liberation Army (PLA) is increasingly focused on "Cognitive Warfare," a term referring to artificial intelligence (AI)-enabled military systems and operational concepts. The PLA's exploration into this new domain of warfare could potentially change the dynamics of global conflict.

[SEG Headache] More Than Half of Cybersecurity Leaders Say That Too Many Phishing Attacks Get Through

Egress, a cybersecurity company that provides intelligent email security, recently released their Email Security Risk Report 2023. It's solid research that shows 99% of cybersecurity leaders are stressed about their email security with good reason. The numbers are scary. We mentioned their report a few weeks ago, but there are many important findings there.

Verizon Sends New Smishing Warning

Verizon has renewed its warnings to customers about the threat of smishing, a social engineering approach that relies upon texts as opposed to other communication channels like the email used in phishing. The smishing problem may be smaller than the phishing problem, or the robocall nuisance, but it represents a comparable threat that organizations should address in their risk management process.