Social Engineering Comes to Wikipedia 2019-02-06 -   Attackers are selectively editing Wikipedia articles to lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the SpyEye... More detail
The Massive Marriott Data Breach: Some Practical Advice For Business Travelers 2018-12-03 -  The Massive Marriott Data Breach: Some Practical Advice For Business Travelers If you have stayed in one or the following hotels in the last 4 years, it's very likely that your personal data—and... More detail
Police Dept Loses 10 Months of Work to Ransomware. Gets Infected a Second Time! 2018-06-20 - Bleepingcomputer reported: "Ransomware has infected the servers of the Riverside Fire and Police department for the second time in a month. The first ransomware infection took place on April 23, last... More detail
[Heads-up] New Attack Blindsides Microsoft Office 365 Anti-Phishing Filter And Blacklists 2018-06-20 - Phishers have found a way of moving the malicious URLs in their emails past Office 365's protections. The security company Avanan says they've observed criminals using a <base> tag in the HTML... More detail
[Breaking] New BitKangoroo Ransomware Deletes Your Files If You Do not Pay 2018-06-13 - Our friend Larry Abrams at Bleepingcomputer said: "I am trying something new where I will post in brief articles about new ransomware as they are released. Many of these ransomware infections... More detail
[Heads-up] New Exploit Hacks LinkedIn 2-factor Auth. See This Kevin Mitnick VIDEO 2018-06-13 - OK, here is something really scary. KnowBe4's Chief Hacking Officer Kevin Mitnick now and then calls me with some chilling news. This time, Kuba Gretzky, a white hat hacker friend of Kevin developed... More detail
Equifax: "Oh, minor detail, we also lost 17.6 Million driver's licenses in that data breach"... 2018-06-06 - On May 7, executives of Equifax submitted a "statement for the record" to the Securities and Exchange Commission detailing the extent of the consumer data breach the company first reported... More detail
Does Gmail's New 'Confidential Mode' Make Phishing Easier? 2018-06-06 - Gmail's new confidential mode lets its users create "expiration dates" for emails, or require recipients to provide an SMS passcode. (And Google also claims they've removed the option to forward,... More detail
Phishing and pretexting represent 93% of social attack-based breaches 2018-05-30 -   A good article in Forbes that takes another dive into the new 2018 Verizon Data Breach Investigations Report. Verizon finds there has been over 53,000 incidents and 2,216 confirmed data breaches... More detail
Gone Phishing: Travelers Claims Plan Doesn’t Cover Cyber Losses 2018-05-23 - Daniel R. Stoller at Bloomberg Law had an excellent observation about the risks of phishing related to general crime policies. Here is a short excerpt and the whole article is warmly recommended: "The... More detail
PDF Files Can Be Abused to Steal Windows Credentials 2018-05-23 - PDF files can be weaponized by malicious actors to steal Windows credentials (NTLM hashes) without any user interaction, and only by opening a file, according to Assaf Baharav, a security researcher... More detail
Q1 2018 Top Clicked Phishing Email Subjects 2018-05-16 - This is the second year we've published quarterly results of the most-clicked phishing email subjects across a few categories. We separate the data into subjects related to social media and general... More detail
Massachusetts School District Pays $10K to Ransomware Attackers 2018-05-16 -   "A school district located in Massachusetts paid attackers $10,000 after they infected its computer network with crypto-ransomware.  Officials at Leominster Public Schools decided to meet... More detail
Why human vulnerabilities are a higher cyber security risk than software flaws 2018-05-09 - Jonathan Greig at TechRepublic wrote an article based on recent Proofpoint research: "According to cybersecurity firm Proofpoint, the 'vast majority' of digital attacks aimed to exploit the "human factor"... More detail
Ransomware, Phishing, and Pretexting in the Annual Verizon Databreach Report 2018-05-09 - Did you know, 43% of breaches result from social engineering attacks? What's more, according to a recent Verizon investigation, phishing emails account for 98% of all social engineering related incidents... More detail
86% Of Passwords Are Terrible And Reuse Abounds 2018-05-02 - Troy Hunt, the founder of Haveibeenpwned came out with some brand new numbers that show there's bad news and there's more bad news. A few months ago he launched V2 of his Pwned Passwords list (half a... More detail