FBI: COVID-19-Themed Phishing Spreads Netwalker Ransomware

Data Breach Today

Attacks Target Government Agencies and a Variety of Others The FBI is warning that attacks using a ransomware variant called Netwalker have increased since June, targeting government organizations, educational entities, healthcare firms and private companies in the U.S.

Salesforce Email Service Used for Phishing Campaign

eSecurity Planet

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

National Cyber Security Centre (NCSC) has issued an alert about a surge in ransomware attacks targeting education institutions. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware attacks against education institutions. The U.K.

Fighting Against Phishing

Data Breach Today

Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site).

U.S. Universities Hit With ‘Adult Dating’ Spear-Phishing Attack

Threatpost

Malware Vulnerabilities Web Security adult dating lure advanced persistent threat apt education cyberattack Hupigon RAT remote access Trojan Spear Phishing university phishing

Should Failing Phish Tests Be a Fireable Offense?

Krebs on Security

Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this particular teaching approach). Does your employer do phishing awareness training and testing?

Online education site EduCBA discloses data breach and reset customers? pwds

Security Affairs

The online education portal EduCBA discloses a data breach and is resetting customers’ passwords in response to the incident. Online education website EduCBA discloses a data breach, it has started notifying customers that in response to the incident it is resetting their passwords.

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

The Last Watchdog

And yet, for all of its sophistication, Nobelium also engages in routine phishing campaigns to get a foothold in targeted organizations. To help protect against these types of attacks, organizations should enable multi-factor authentication (MFA) on login accounts when available, monitor for brute force attempts and educate users on the importance of password hygiene, such as using unique and strong passwords, in the battle against cyber crime.”.

Beyond Phishing: The New Face of Cybersecurity Awareness

Data Breach Today

Terranova's Lise Lapointe on How Cybersecurity Awareness Must Evolve As CEO of Terranova Security, an awareness training provider, Lise Lapointe sees an evolution of education programs that used to be merely phishing simulation tests. What are the most effective forms of training

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom.

Protecting End Users from Phishing Attacks

Adapture

Protecting End Users from Phishing Attacks. Last time, we introduced you to phishing attacks and explained why it’s something you need to be concerned about, especially in light of its recent resurgence. Educate your end users. Be up-to-date with the latest phishing campaigns.

The effects of phishing awareness training wear off over time

IT Governance

Employees forget the guidance given on phishing training courses within six months, new research has revealed. The researchers studied hundreds of employees , splitting them into groups and providing them with phishing awareness training at various intervals. Phishing

Phishing attacks: 6 reasons why we keep taking the bait

IT Governance

Phishing attacks are a persistent threat to businesses. A staggering 90% of breaches involve phishing, according to Verizon’s Data Breach Digest. And these attacks are on the rise – Proofpoint’s 2019 State of the Phish Report reveals that 83% of survey respondents experienced phishing attacks in 2018. But what makes phishing attacks so successful? Phishing tools are low-cost and widespread . Protect your organisation against phishing.

Feds: K-12 Cyberattacks Dramatically on the Rise

Threatpost

Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said.

Why has there been increase in cyber risks for the education sector?

IT Governance

The coronavirus pandemic has arguably affected the education sector more than any other, with schools, colleges and universities around the globe having been forced to close their doors and deliver classes remotely. The post Why has there been increase in cyber risks for the education sector?

Helping defend against increases in phishing attacks related to COVID-19 scams

CGI

Helping defend against increases in phishing attacks related to COVID-19 scams. In the new normal, education is key to helping people understand emerging cyber threats. While they juggle work and life at home, we need to support individuals by providing the best possible environment.

Ransomware And Zoom-Bombing: Cyberattacks Disrupt Back-to-School Plans

Threatpost

Critical Infrastructure Featured Government Hacks Malware Vulnerabilities Web Security back to school clark county coronavirus COVID-19 cyberattack delay education first day of school hartford hrtford Las Vegas Phishing Public Schools ransomware remote learning school system zoom Zoom-bombing

Combat the increasing ransomware threat by educating employees

IT Governance

Although this creates an opportunity for cybercriminals, it can be addressed through education.”. The survey recommends educating end users, as this will enable them to identify attacks. Our Phishing and Ransomware – Human patch e-learning course explains the threats that ransomware presents to organisations, and gives details of the resources available to help you understand and combat those threats. This ten-minute course provides an introduction to phishing and ransomware.

Think you’re not susceptible to phishing? Think again

IT Governance

Phishing is big business for cyber criminals. According to PhishMe’s Enterprise Phishing Resiliency and Defense Report 2017 , phishing attacks rose by 65% last year, with the average attack costing mid-sized companies $1.6 Experts say that phishing attacks are most successful when they create a sense of urgency, fear or curiosity, but these were near the bottom of a list of self-reported motivations: Entertainment: 19.5%. Help your staff avoid phishing attacks.

Watch out for phishing scams this Christmas

IT Governance

Some phishing scams contain links to websites that replicate a real site with the intention of nabbing your login details, whereas others contain attachments loaded with malware. See also: Phishing scams for December 2019. Phishing scams for November 2019. Lack of education.

GUEST ESSAY: 5 anti-phishing training tools that can reduce employees’ susceptibility to scams

The Last Watchdog

This tool, from Cofense, proactively engages employees via simulated attacks based on real-time threats for various phishing tactics. PhishMe’s online forum provides a series of scenarios, landing pages, attachments and educational pages. This methodology is distributed over a period of a year giving employees time to understand various phishing strategies. Its cloud-based service helps its’ clients to schedule automated training campaigns and simulated phishing attacks.

How regular phishing drills keep providers’ data safe

Information Management Resources

Healthcare organizations should look for incremental reduction of risks by making use of phishing education campaigns, says Kate Borten. Data security Cyber security Phishing HIPAA regulations Risk Risk management Risk tolerance

When Bank Communication is Indistinguishable from Phishing Attacks

Troy Hunt

You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? Ok, that final one might be a bit of a stretch , but the fact remains that people have high expectations of how banks should communicate to ensure that they themselves don't come across as phishers: Just a good old phish. banks will never do things that look like a phish?

75% of organisations have been hit by spear phishing

IT Governance

Phishing scams aren’t as compelling as some of the more sophisticated attacks that you read about. After all, every unusual email you receive could be a phishing scam, whether it’s an account reset message from Amazon or a work request from your boss. For example, Proofpoint’s Understanding Email Fraud Survey has found that 75% of organisations had been hit by at least one spear phishing email in 2018. Sustained threat of spear phishing. Phishing is a top concern.

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

Social engineering, especially phishing, continues to trigger the vast majority of breach attempts. In 2015, penetration tester Oliver Münchow was asked by a Swiss bank to come up with a better way to test and educate bank employees so that passwords never left the network perimeter. Lucy’s’s software allows companies to easily set-up customizable mock attacks to test employees’ readiness to avoid phishing, ransomware and other attacks with a social engineering component.

75% of organisations have been hit by spear phishing

IT Governance

Phishing scams are relatively mundane compared to the sophisticated attacks that you read about in the news, but it’s important to remember that sometimes the biggest threats are right at your doorstep. Fortunately, two recent reports have indicated that most organisations are well aware of the threat of phishing. Phishing is a top concern. Clearswift’s Cyber Threatscape report also highlighted the threat of phishing.

Anatomy of a spear phishing attack – with example scam

IT Governance

But those measures aren’t much help when criminals use phishing scams to bypass organisations’ defences and hit them where they’re most vulnerable: their employees. Fraudsters have countless tricks up their sleeve when targeting people for attacks, but perhaps the most dangerous is spear phishing. What is spear phishing? Spear phishing is a form of email attack in which fraudsters tailor their message to a specific person. See also: What is angler phishing?

Nigerian National Convicted for Phishing US Universities

Dark Reading

Olayinka Olaniyi and his co-conspirator targeted the University of Virginia, Georgia Tech, and other educational institutions

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

Focus on Phishing: Diving Deep into A Persistent Threat

MediaPro

As part of this research, we asked a variety of questions to test respondents’ knowledge of phishing emails. To call further attention to this threat, and to recognize National Cybersecurity Awareness Month (NCSAM), we’re presenting the phishing-awareness-specific findings from the report. The dangers of phishing attacks are difficult to overstate. Our Phishing Findings. 14% of employees failed to identify true phishing emails. Phishing Knowledge Check.

Phishing emails and malicious attachments responsible for 34% of cyber attacks

IT Governance

A recent F-Secure report has found that phishing emails (16%) and malicious attachments (18%) together accounted for 34% of cyber attacks. Email is used organisation-wide and, with targeted attacks a growing concern, it is essential that organisations build awareness and educate their employees. If employees aren’t fully educated on phishing, they are liable to underestimate the threat. Find out more about phishing >> Cyber Security Staff Awareness phishing

Cyber attacks hit a fifth of schools and colleges

IT Governance

One in five schools and colleges have fallen victim to cyber crime, according to research from the specialist insurer Ecclesiastical, yet the majority (74%) of educational establishments claim to be “fully prepared” to deal with such attacks. . According to Ecclesiastical’s research, of those that suffered a cyber attack, 71% downloaded malware and 50% experienced phishing attacks. Phishing and ransomware e-learning course . Explain what phishing is. .

Back-to-School Scams Target Students with Library-Themed Emails

Threatpost

Students should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online student resources laced with malware, researchers warn. Web Security back to school credential harvesting education cyberattack fake login pages library portals malware MediaGet torrent application downloader Phishing scam Scams student students university portals Win32.Agent.ifdx malware downloader WinLNK.Agent.gen downloader

A Spate of University Breaches Highlight Email Threats in Higher Ed

Threatpost

Breach Web Security data breach Email Attacks graceland higher education oregon state Phishing southern missouri state UniversityStudents at Oregon State University, Graceland University and Southern Missouri State have all been impacted by email attacks against school employees.

Why Cybersecurity's Silence Matters to Black Lives

Dark Reading

The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

Some services also target other popular social media platforms or financial services, providing email phishing and SIM swapping capabilities.”. Phishing, Social Engineering are Still Problems. Without employee education, issues like this will continue to impact businesses.”

New Phishing Scam Goes After Office 365 Users: Cybersecurity Trends

eDiscovery Daily

According to a recent blog post, there’s a new phishing campaign where the scammers are taking advantage of a small, but serious oversight in Microsoft’s Office 365 suite of online services to serve phishing emails that are visually indistinguishable from work-related emails and appear completely safe. These phishing kits are usually stored on legitimate-but-compromised websites and are linked to in generic communication.

More than half of schools not compliant with the GDPR

IT Governance

Careless staff can be just as big a threat as a malicious insider – awareness and training play a key role in protecting the sensitive data educational institutions hold. Losing data or sending it to the wrong people top the list of data breach causes across all sectors , and cyber criminals see busy staff as easy targets for scams like phishing. Our e-learning modules cover the GDPR, cyber security, appropriate use of Cc and Bcc in emails and how to spot phishing scams.

GDPR 54

Lack of education is the leading cause of successful ransomware attacks

IT Governance

Its Global State of the Channel Ransomware Report 2018 found that the most common way criminals infect organisations is by planting ransomware in phishing emails. Poorly educated employees fall for the criminals’ scam, opening the attachment contained in the email only to unleash ransomware on their systems. If you want to prevent that from happening, you must commit to a culture of cyber security staff awareness and educate your employees on the threats they face.