In an analysis of web pages identified as admin portals, some incredibly weak passwords were identified – and some of them are going to really surprise you. We all know the general drill with admin passwords – make them complex and long. Simple right? But a new analysis of admin passwords shows that IT admins seem to not be vigilant around good password hygiene.
The never-ending deluge of phishing emails, malware and ransomware threats can leave incident response and security operation teams (SOC) looking for faster ways to analyze user-reported malicious emails without risking their environments. Manually-triaging every email and being forced to switch between security applications/interfaces only slows response times, increases the chances for human error and means valuable threat intel can be missed.
As large organizations realize the likelihood of cyber attacks and improve their cyber readiness, small businesses are seeing increases not experienced by their larger counterparts. If I was to tell you that cyber attacks typically focus on larger businesses, you’d likely agree. After all, it just makes sense that the smaller the business, the likelihood that a cybercriminal’s earnings would be smaller. But, according to U.K.
Cybersecurity experts expect to see threat actors increasingly make use of AI tools to craft convincing social engineering attacks, according to Eric Geller at the Messenger. “One of AI’s biggest advantages is that it can write complete and coherent English sentences,” Geller writes. “Most hackers aren’t native English speakers, so their messages often contain awkward phrasing, grammatical errors and strange punctuation.
Microsoft is tracking a cybercriminal group called “Octo Tempest” that uses threats of violence as part of its social engineering and data theft extortion campaigns. “Octo Tempest is a financially motivated collective of native English-speaking threat actors known for launching wide-ranging campaigns that prominently feature adversary-in-the-middle (AiTM) techniques, social engineering, and SIM swapping capabilities,” the researchers write.
Continued analysis of ransomware attacks shows an upward trend in the number of attacks, with September resulting in the highest number of assaults so far this year. IT security vendor NCC Group’s Cyber Threat Intelligence Report for September 2023 shows some startling revelations about why ransomware attacks are spiking.
Researchers at INKY warn that a phishing campaign is attempting to distribute malware by impersonating PepsiCo. “As usual, it all starts with a phishing email,” the researchers write. “In this case, the phishers are impersonating the PepsiCo brand, pretending to be potential clients. They are claiming to need what the recipient sells and they’re asking them to submit a quote for PepsiCo to review.
Let me give you a quick introduction. My name is Stu Sjouwerman. I’m the Founder and CEO of KnowBe4, my 5th startup. I have been in IT for 40+ years, the last 25 of those in information security. In my last company we built an antivirus engine from scratch and combined it with intrusion detection, prevention and a firewall. And we ran into a persistent problem nobody seemed to be able to address; end-users being manipulated by bad actors to let them in.
Several months ago, Netskope Threat Labs uncovered a surge in PDF phishing attachments infiltrating Microsoft Live Outlook. These attacks were part of a larger series of phishing campaigns aimed to trick unsuspecting users. Upon closer examination, it's now apparent that the majority of these campaigns centered around Amazon-themed scams, with occasional diversions into Apple and IRS-themed phishing attempts.
Red teamers at IBM X-Force warn that AI-generated phishing emails are nearly as convincing as human-crafted ones, and can be created in a fraction of the time. The researchers tricked ChatGPT into quickly crafting a phishing lure, then tested the lure against real employees.
