BazarBackdoor phishing campaign eschews links and files to avoid raising red flags
SEGs and sandbox rules are designed to spot them, and employees are trained to distrust them, so attackers are taking an alternate approach.
About SC Media
Phishing
Choose Your Own Adventure game animates security awareness training
Interactive modules educate employees on phishing, social engineering, securely working from home, and more. And it all comes with a dose of nostalgia.
Scammers imitate Windows logo with HTML tables to slip through email gateways
Email security solutions featuring machine learning or computer vision should be able to identify the fake logo and sniff out the attack.
Click Studios says stop tweeting: Phishers track breach notification info to craft new lures
Companies are often pilloried in the wake of data breaches for lacking transparency or leaving their users in the dark about potential impact. This incident demonstrates the flip side of that coin, how information or communications from a company following a breach can be weaponized by bad actors.
KnowBe4 CEO Stu Sjouwerman talks IPO, and ‘strengthening that human firewall’
On the day that KnowBe4 shares began trading on Wall Street, SC Media caught up with CEO and founder Stu Sjouwerman on the company’s plans to expand international sales and leverage automation and machine learning to further explore the human layer of cybersecurity.
No more snack attacks? Mondelez hopes new security training will prevent the next ‘NotPetya’
Sure, APT attacks can be destructive and even deadly, but denying the world their Oreo cookies is just plain cruel. Indeed, Nikolay Betov, information security officer at Mondelez, told SC media that the event “changed everything.”
61 percent of employees fail basic cybersecurity quiz
Nearly 70% of employees polled in a new survey said they recently received cybersecurity training from their employers, yet 61% nevertheless failed when asked to take a basic quiz on the topic. This was one of the leading findings of a research study – conducted by TalentLMS on behalf of Kenna Security – that sought…
LinkedIn confirms leak of 500 million profiles online, maintains incident was not a breach
LinkedIn has become one of the most impersonated brands when it comes to phishing, and having access to such a treasure trove of information can help facilitate convincing social engineering attacks.
Array of recent phishing schemes use personalized job lures, voice manipulation
The Golden Chickens gang is using a backdoor trojan to gain access to target’s cloud infrastructure, while MoleRats actors use audio tool to sound like women in vishing messages, and hackers target universities in latest IRS-themed phish.
Protecting employees from job offer scams can lead to awkward but important conversations
Employees who are successfully phished with a job offer likely won’t report the incident to their employer, expert says.
Want to read more?
Next post in Featured
