It may be easier than one thinks to register a dot-gov domain, according to KrebsOnSecurity. People have tended to regard urls with the top-level domain dot gov as generally reliable, but this may need to change.KrebsOnSecurity says it “received an email from a researcher who said he got a .gov domain simply by filling out […]
Google Sent 12K Nation-State Phishing Warnings In Three Months
Google’s Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish gmail users over just a three-month period earlier this year, they reported.TAG director Shane Huntley revealed that from July to September 2019 his team sent 12,000 warnings to users in 149 countries. From a heat map attached to the blog post, […]
Waterloo Brewing loses $2.1 million in social engineering cyberattack
Waterloo Brewing Ltd. says it has lost $2.1 million in what it calls a social engineering cyberattack. The Ontario brewery says the incident occurred in early November and involved the impersonation of a creditor employee and fraudulent wire transfer requests.Waterloo Brewing says it initiated an analysis of all other transaction activity across all of its […]
The Stock Market Doesn’t React Well to Data Breaches
The latest data from UK-based research firm, Comparitech, shows that organizations who suffer a data breach continue to suffer in the stock market well after.After a data breach, there are many costs incurred by organizations attempting to clean up the mess. Investigations, communications, public relations, legal fees, and customer notifications are just some of the […]
Cybersecurity Remains a Top Priority During M&A Diligence
M&A is no longer just about revenue, assets, and intellectual property; many organizations are increasingly worried about cybersecurity posture and risk, requiring appropriate diligence.When organizations merge with or acquire another company, it’s also taking on the cybersecurity posture (good or bad) of that company. In some cases, organizations within an industry filled with regulations and […]
Homeland Security Warning About Phishing As A Threat to 2020 Elections
The US Department of Homeland Security is warning state election officials that phishing attacks are one of the greatest threats to watch out for as the 2020 elections approach.Fifth Domain reports that Geoff Hale, director of the DHS’ Election Security Initiative, told a gathering of secretaries of state last week that phishing is what was […]
Automated Tailored EBAY Spam Campaign Leads to Risky Sites
Automated spam on eBay is spreading tailored phishing messages offering to promote users’ products, and the links the spammers share can lead to dangerous websites, according to Paul Ducklin at Naked Security.The messages themselves contain text customized to a product the target has just posted, and they include an image of a shortened, easy-to-read URL […]
Chinese Hackers Infiltrate Global Telecom Networks With Spear Phishing
The WSJ revealed a brazen hack by Chinese state-sponsored bad actors who totally owned more than 10 global telecom networks, and had full admin access to their networks. They were able to swipe users’ whereabouts, text-messaging records and call logs.They reported: “The multiyear campaign, which is continuing, targeted 20 military officials, dissidents, spies and law […]
New KnowBe4 Benchmarking Report Unveils That Untrained Users Pose The Greatest Risk To Your Organization
KnowBe4, has released the new Phishing by Industry Benchmarking Report to measure an organization’s average Phish-prone percentage, which indicates how many of their employees are likely to fall for a phishing or social engineering scam.The 2019 study analyzed a data set of nearly nine million users across 18,000 organizations with over 20 million simulated phishing […]
Phishing Campaign Impersonates Email Alerts From DHS
An ongoing email-based phishing scam is attempting to fool recipients into opening malicious attachments disguised as notifications from the U.S. Department of Homeland Security (DHS), according to the Cybersecurity and Infrastructure Security Agency, in a warning posted on the official US-CERT web site this past Tuesday.“The email campaign uses a spoofed email address to appear […]