Bookmarked links
Your data, your compensation: LifeLabs data breach victims eye $150 relief
LifeLabs data breach class action settlement explained in this article. Keep reading and learn everything you need to know about it!
2023 August 11
MSN
Microsoft is using malware-like pop-ups in Windows 11 to get people to ditch Google
More Canadian firms doing penetration tests: Survey | IT World Canada News
More Canadian organizations than ever are using penetration testing to improve their security posture. According to a recent survey by IT solutions provider CDW Canada, 56 per cent of responding firms said they have performed a penetration test in the last 12 months. That’s a 40 percent increase com…
Canada’s big banks, insurers to face tougher cyber tests | IT World Canada News
Canada’s financial regulator is urging the country’s biggest banks and insurance companies to perform a new controlled threat assessment of their cyber resilience every three years with independent penetration testers. The recommendation for the assessment, called Intelligence-Led Cyber Resilience T…
Canada’s big banks, insurers to face tougher cyber tests
Our cyberspace invaders: Why nobody can seem to solve Canada’s massive hacking problem
Hackers today are one step ahead of everyone else – large firms with big budgets, the brightest minds in cybersecurity, government bodies and police. Fighting back is one thing, but do we even know who these criminals are, or how they operate?
This article has data and charts - it's very long - can break it up into multiple posts.
https://twitter.com/ElectoralCommUK/status/1688871274859073536?s=20
Global Crypto Users To Explode to 1,200,000,000, Predicts Former Goldman Sachs Executive – Here’s His Timeline - The Daily Hodl
Ex-Goldman Sachs executive Raoul Pal says that the number of crypto users is on course to explode above one billion across the globe.
Google Cloud Study: Big Risk in Proliferating Credentials, Keys
Google Cloud saw credential issues as a key driver in Google Cloud incidents, accounting for over 60% of compromise factors.
Cybersecurity Awareness Month 2023 Resource Kit | KnowBe4
Get these free resources you can use throughout the entire month of October to help your users keep up their cybersecurity defenses.
[Cybersecurity Awareness Month] Password Security: Do Not Get Bit by Count Hackula
Count Hackula could be waiting in the shadows to bite on your weak or reused password.
SIM swapping crypto crook jailed, ordered to pay $945,833
Not old enough to legally buy a beer, old enough for a 30-month term
SIM swapping
SIM swapping crypto crook jailed, ordered to pay $945,833
Not old enough to legally buy a beer, old enough for a 30-month term
https://www.arrow.com/globalecs/na/arrow-channel-advisor/ai-and-security-whats-the-tradeoff/
Five scenarios that waste your cybersecurity training budget - N2K
Not all approaches to cybersecurity training yield the same outcomes, and some may be costing you more than you realize.
https://www.arrow.com/globalecs/na/arrow-channel-advisor/ai-and-security-whats-the-tradeoff/
Five scenarios that waste your cybersecurity training budget - N2K
Not all approaches to cybersecurity training yield the same outcomes, and some may be costing you more than you realize.
What is diversity, equity, and inclusion?
In this McKinsey Explainer, we explore what diversity, equity, and inclusion is and why successful organizations are actively embracing DE&I.
Technology Leaders Club
QR Code Phishing on the Rise: The Alarming Findings From the Hoxhunt Challenge
The Hoxhunt Challenge has uncovered a disconcerting trend in the world of QR code phishing attacks, showing a 22% increase in the use of QR codes…
* QR Codes
KnowBe4
Passwords - video
KnowBe4
Security Culture - video
Cybersecurity Awareness Month 2023 Resources | KnowBe4
Get the latest phishing and security awareness resources to keep your network secure this October and beyond, no matter where your users are working from.
Oct Kit - Passwords, Security Culture, lots of resources
New Research: Phishing Remains the Most Popular Technique for Bad Actors
A report from Trustwave notes that phishing remains one of the most popular and effective techniques for attackers to gain access to organizations…
Cyber Insurance Claims Increased by 12% in First Half of 2023, Attacks More Frequent and Severe Than Ever
The latest cyber claims report from Coalition, a digital risk insurance provider, finds a 12% increase in cyber insurance claims in the first half of 2023.
Generative AI and the Automation of Social Engineering Increasingly Used By Threat Actors
Threat actors continue to use generative AI tools to craft convincing social engineering attacks, according to Glory Kaburu at Cryptopolitan…
Rishi Sunak warns of AI threats and announces world’s first AI Safety Institute in the UK
AI could help terrorists build chemical and biological weapons, says PM in major speech
This Privacy Setting Helps Keep Instagram and Facebook From Tracking You
You can make sure Facebook and Instagram aren’t tracking you across the web. We’ll tell you how.
This Privacy Setting Helps Keep Instagram and Facebook From Tracking You
You can make sure Facebook and Instagram aren’t tracking you across the web. We’ll tell you how.
Sophos: Over 75% of Cyber Incidents Target Small Businesses
New analysis of incident data shows how threat actors are evolving their attack techniques when specifically targeting the small business, and some…
Despite Feeling Prepared for Image-Based Attacks, Most Organizations Have Been Compromised by Them
With QR-code phishing attacks on the rise, new data sheds light on just how unprepared organizations actually are in stopping and detecting these device…
New Research: BEC Attacks Rose 246% in 2023
Business email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest. The researchers believe the increase is due…
Generative AI Results In 1760% Increase in BEC Attacks
As cybercriminals leverage tools like generative AI, making attacks continually easier to execute and with a higher degree of success, phishing attacks…
FBI’s 2023 Internet Crime Report Highlights Alarming Trends on Ransomware
The specter of cybercrime continues to grow, with losses soaring to $12.5 billion in 2023, according to the recently released Internet Crime Report…
Phishers Abusing Legitimate but Neglected Domains To Pass DMARC Checks
A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC…
Cybercriminals Sent 1.76 Billion Social Media Phishing Emails in 2023
As social media phishing reaches new heights, new data reviewing 2023 shows a massive effort by cybercriminals to leverage impersonation of social media…
Phishing Kit Targets the FCC and Crypto Exchanges
Researchers at Lookout have discovered a sophisticated phishing kit that’s targeting employees at the US Federal Communications Commission (FCC)…
When Threat Actors Don’t Have a Viable Email Platform to Phish From, They Just Steal Yours
New analysis of a phishing campaign shows how cybercriminals use brand impersonation of the platforms they need to compromise accounts and takeover…
75% of Organizations Believe They Are at Risk of Careless or Negligent Employees
New data shows organization are well aware that their users are one of their greatest cybersecurity risks today, and yet aren’t taking the right steps…
New Malware Loader Delivers Agent Tesla Remote Access Trojan Via Phishing
A new malware loader is delivering the Agent Tesla remote access Trojan (RAT), according to researchers at Trustwave SpiderLabs. The malware is…
[New Feature] Start Coaching Your Users in Real Time With the New Google Chat Integration for KnowBe4’s SecurityCoach
Now you can use Google Chat messages to offer immediate security advice the moment a user demonstrates risky behavior through KnowBe4’s SecurityCoach.
A Simple ‘Payment is Underway’ Phishing Email Downloads RATs from AWS, GitHub
Analysis of a new initial access malware attack shows how very simple these attacks can be while also shedding light on the fact that malware can reside…
It’s Official: Cyber Insurance is No Longer Seen as a ‘Safety Net’
A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy…
New Phishing-as-a-Service Kit Attempts to Bypass MFA
A phishing-as-a-service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia…
CyberheistNews Vol 14 #13 If Social Engineering Accounts for Up to 90% of Attacks, Why Is It Ignored?
If Social Engineering Accounts for Up to 90% of Attacks, Why Is It Ignored?
The Average Malicious Website Exists for Less Than 10 Minutes
A new Chrome update brings to light Google findings about malicious websites that has serious implications on detecting malicious links, spoofed brands…
Cloud-Conscious Cyber Attacks Spike 110% as Threat Groups Sharpen their Attack Skills
Cybercriminals are catching up to all the digital transformation done over the last decade, as new data shows increased expertise in leveraging and…
FBI: Losses Due to Cybercrime Jump to $12.5 Billion as Phishing Continues to Dominate
The FBI’s Internet Crime Complaint Center’s newly-released Internet Crimes Report provides an unbiased big picture of the cybercrimes that were the most…
Social Engineering The #1 Root Cause Behind Most Cyber Crimes In FBI Report
Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close…
Ransomware Group “RA World” Changes Its’ Name and Begins Targeting Countries Around the Globe
Now known as “RA World”, the threat group has shifted from attacks targeting two countries to include specific industries globally, adding a new - not…
[Heads-Up] Phishing Campaign Delivers VCURMS RAT
Researchers at Fortinet are tracking a phishing campaign that’s distributing a new version of the VCURMS remote access Trojan (RAT)…
If Social Engineering Accounts for up to 90% of Attacks, Why Is It Ignored?
Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close…
The Number of New Pieces of Malware Per Minute Has Quadrupled in Just One Year
The threat of novel malware is growing exponentially, potentially making it more difficult for security solutions to identify attachments and linked to…
A Simple ‘Payment is Underway’ Phishing Email Downloads RATs from AWS, GitHub
Analysis of a new initial access malware attack shows how very simple these attacks can be while also shedding light on the fact that malware can reside…
Planning with Purpose: 10 Tips to Develop Your Year-Long Security and Compliance Training Program
Our team at KnowBe4 recently got together to talk about planning for annual security and compliance training.
Chicago Man Sentenced to Eight Years in Prison for Phishing Scheme
A 30-year-old man from Chicago, Joseph Alexander Valdez, has been sentenced to eight years in prison for conducting a Snapchat phishing scheme that…
Phishers Abusing Legitimate but Neglected Domains To Pass DMARC Checks
A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC…
Microsoft and OpenAI Team Up to Block Threat Actor Access to AI
Research on analysis of emerging threats in the age of AI has been released giving insight into exactly how these gangs are leveraging AI to advance…
The 10 Best AI Courses That Are Worth Taking in 2024
Today’s options for best AI courses offer a wide variety of hands-on experience with generative AI, machine learning and AI algorithms.
AI Courses
10 Free AI & ML Programs for High School Students — Veritas AI
Participating in an artificial intelligence or machine learning program can offer valuable exposure in a way that sets you up for success, both in college and for future employment, bridging the gap between the classroom and real-world experience. Below are 10 programs to consider, some of which a
AI Courses
An intro to AI, made for students
A new lesson from Google teaches students how artificial intelligence works, and where you see it show up in your every day life.
AI Courses
Top 10 AI Summer Programs for High School Students
We’ve curated a list of the top 10 AI summer programs for you to consider!
AI Courses
Inspirit AI: AI Taught by Stanford/MIT Alum for High School
Inpsirit AI Scholars is an artificial intelligence program for high school students, developed and taught by Stanford and MIT alumni and graduate students.
AI Courses
Microsoft alerts customers to Russian hackers accessing emails - Techerati
Microsoft have notified users that their emails with the tech giant were accessed in a data breach also impacting US Government agencies.
Microsoft alerts customers to Russian hackers accessing emails - Techerati
Microsoft have notified users that their emails with the tech giant were accessed in a data breach also impacting US Government agencies.
Google reports 48% rise in emissions due to AI demand - Techerati
Google reported a 48% increase in greenhouse gas emissions in 2023 compared to 2019, citing growing AI demand as a primary cause.
Major OpenSSH vulnerability opens up 14 million servers to cyber risk - Techerati
Researchers at the have found a security vulnerability in an OpenSSH server affecting over 14 million glibc-based Linux systems
United States - Healthcare - Episode 32: Let’s Talk Compliance: What The FTC’s Ban On Non-Competes Means For The Health Care Industry (Podcast)
In this episode, Benjamin Dryden, vice chair of Foley’s Antitrust & Competition Practice Group and David McMillan…
United States - Healthcare - Episode 32: Let’s Talk Compliance: What The FTC’s Ban On Non-Competes Means For The Health Care Industry (Podcast)
In this episode, Benjamin Dryden, vice chair of Foley’s Antitrust & Competition Practice Group and David McMillan…
South Africa - Work Visas - Digital Nomad Visa Regulations Promulgated – What This Means For The Employment Law Space
The global shift towards remote working arrangements has given rise to what Statistics South Africa has termed “a new generation of digital nomads” who travel from country to country to work.
Ireland - Environmental Law - Greenwashing: Corporate Practices Under Scrutiny – Part 1
Greenwashing is a practice that can include overstating a company’s environmental record, misrepresenting the sustainability of its corporate practices or claiming a product as environmentally friendly…
Canada - Fund Finance - Client Guide To Trust Accounts
When you retain a lawyer, you will often hear the terms “Trust Account” or “In Trust”, but what exactly does that mean?
Cayman Islands - Fund Management/ REITs - Registration And Continuing Obligations Of Private Funds In The Cayman Islands
This Guidance Note sets out the registration and continuing obligations of a private fund registered with the Cayman Islands…
Canada - Fund Finance - Client Guide To Trust Accounts
When you retain a lawyer, you will often hear the terms “Trust Account” or “In Trust”, but what exactly does that mean?
Cayman Islands - Fund Management/ REITs - Registration And Continuing Obligations Of Private Funds In The Cayman Islands
This Guidance Note sets out the registration and continuing obligations of a private fund registered with the Cayman Islands…
United States - Constitutional & Administrative Law - Earth-Shattering’ Supreme Court Decision Limits SEC Administrative Law Judge Powers
The Supreme Court issued a landmark ruling on June 27, 2024 that significantly curtails the powers of the Securities and Exchange Commission (“SEC”) and has far-reaching implications for administrative law judges (“ALJs”) across the federal government.
United States - Constitutional & Administrative Law - Supreme Court Guts USDA’s Power To Assess Civil Penalties Under The Animal Welfare Act
Jarkesy arose out of penalties assessed in an administrative proceeding before the SEC that were based on the antifraud provisions of the federal securities laws.
‘Hard to argue against’: mandatory speed limiters come to the EU and NI
All new cars must have the devices from 7 July, adding fuel economy as well as safety. Will mpg become the new mph?
https://readthepeak.com/stories/07-24-lifelabs-sold-to-u-s-company-for-1-35-billion?
https://www.404media.co/researchers-prove-rabbit-ai-breach-by-sending-email-to-us-as-admin/?
Google: AI Potentially Breaking Reality Is a Feature Not a Bug
“While these uses of GenAI are often neither overtly malicious nor explicitly violate these tools’ content policies or terms of services, their potential for harm is significant.”
Poll
United States bans Kaspersky antivirus software over security concerns
The Department of Commerce’s Bureau of Industry and Security (BIS) announced a Final Determination prohibiting Kaspersky Lab, Inc., the U.
Vulnerability in Cisco Smart Software Manager lets attackers change any user password
Yep, passwords for administrators can be changed, too.
https://www.linkedin.com/in/veronicarauch/
newsletter
Verónica Rauch on LinkedIn: OT SCADA Kits for your home battle station.
OT SCADA Kits for your home battle station.
newsletter
Vin Vashishta on LinkedIn: #data #artificialintelligence | 34 comments
Companies that can't even deliver simple models with their data think the solution to their problems lies in trying to deliver complex AI. Maturity models are… | 34 comments on LinkedIn
Charles Durant on LinkedIn: NSA's China specialist: US at a loss to deter Chinese hackers - Breaking… | 10 comments
'Officials from the National Security Agency and the State Department said they’re still struggling to come up with a way to deter a powerful hacking group… | 10 comments on LinkedIn
cyber crime organized crime at DuckDuckGo
DuckDuckGo. Privacy, Simplified.
cybercrime organized crime cybercrime unicorns
3rd party threat
5 cyberattack links besides main story
PermissionSlip app - free tool from Consumer Reports
https://www.tandfonline.com/doi/abs/10.1080/23738871.2024.2400022
Senators Believe AI Summaries May Be an Antitrust Violation
The lawmakers say summaries further entrench the monopolies that companies like Google hold over online search, by lifting content from publishers without permission and then directing traffic and profits away from those publishers.
Phishing Attacks Increased by Nearly 200% in H2 2024
Phishing and malicious emails remained the primary vectors of infection during the second half of 2024, according to a new report from Acronis…
Feb 21 2025 Phishing Attacks Increased by Nearly 200% in H2 2024
Phishing Attack Leads to Lateral Movement in Just 48 Minutes
Researchers at ReliaQuest have published a report on a phishing breach in the manufacturing sector that went from initial access to lateral movement in just 48 minutes…
Phishing Attacks Increased by Nearly 200% in H2 2024
Phishing and malicious emails remained the primary vectors of infection during the second half of 2024, according to a new report from Acronis…
Phishing Kit Abuses Open Graph to Target Social Media Users
Researchers at Cyble warn that a phishing kit is abusing the Open Graph (OG) protocol to target social media users…
New Research: Ransomware Data Extortion Skyrocketing
Data theft extortion attacks increased by 46% in the fourth quarter of 2024, according to a new report from Nuspire…
CyberheistNews Vol 15 #08 Protect Your Data: Russian Spear-Phishing Targets Microsoft 365 Accounts
CyberheistNews Vol 15 #08 Protect Your Data: Russian Spear-Phishing Targets Microsoft 365 Accounts
Chinese Hackers Target Hospitals by Spoofing Medical Software
A Chinese government-backed hacking group is using fake medical software to compromise hospital patients’ computers, infecting them with backdoors, keyloggers, and cryptominers…
Protect Yourself from Job Termination Scams
ESET warns of a wave of phishing attacks informing employees that they’ve been fired or let go. The emails are designed to make the user panic and act…
AI Literacy: A New Mandate Under the EU AI Act - What Your Organization Needs to Know
The European Union’s AI Act is ushering in a new era of workplace requirements, with AI literacy taking center stage. Under Article 4, organizations must…
Primary Refresh Tokens Aren’t Your Parent’s Browser Token
If you haven’t been paying attention closely enough, a new type of access control token, like a super browser token on steroids, is becoming hackers’…
Protect Your Devices: Mobile Phishing Attacks Bypass Desktop Security Measures
Zimperium warns of a surge in phishing attacks specifically tailored for mobile devices. These attacks are designed to evade desktop…
Viral but Vulnerable: The Hidden Risks of Cybersecurity Misinformation on Social Media
It’s no surprise that 18–29-year-olds are turning to social media for cybersecurity information. As digital natives, this age group naturally gravitates…
Data at Risk: 96% of Ransomware Attacks Involve Data Theft
A new report from Arctic Wolf has found that 96% of ransomware attacks now involve data theft as criminals seek to force victims to pay up…
Your KnowBe4 Fresh Content Updates from February 2025
Check out the 58 new pieces of training content added in February, alongside the always fresh content update highlights, new features and events.
Protect Your Data: Russian Spear-Phishing Targets Microsoft 365 Accounts
Several Russian threat actors, including the SVR’s Cozy Bear, are launching highly targeted spear phishing attacks against Microsoft 365 accounts, according to researchers at Volexity…
Warning: Ransomware Threats Increased Fourfold in 2024
Researchers at Barracuda observed a fourfold increase in ransomware threats last year, driven by increasingly sophisticated ransomware-as-a-service…
Redirecting
Microsoft is stuffing pop-up ads into Google Chrome on Windows again
The pop-ups are back after a brief pause.
Patch Tuesday: Microsoft Fixes 57 Security Flaws
Microsoft’s March 2025 Patch Tuesday includes six actively exploited zero-day vulnerabilities. Learn about the critical vulnerabilities and why immediate updates are essential.
Billions of Devices at Risk of Hacking Due to Hidden Commands
Researchers warn these commands could be exploited to manipulate memory, impersonate devices, and bypass security controls.
https://www.techrepublic.com/resource-library/it-policy/onedrive-cloud-usage/?
AI and AI-agents: A Game-Changer for Both Cybersecurity and Cybercrime
Artificial Intelligence (AI) is no longer just a tool—it is a game changer in our lives, our work as well as in both cybersecurity and cybercrime…
Beware: Malvertising Campaign Hits Nearly a Million Devices
Microsoft warns that a widespread malvertising campaign hit nearly one million devices around the world…
Still Not Backing Up Microsoft 365 Data? Here’s Why That’s a Risky Move
Many organizations still fail to back up their Microsoft 365 (M365) data because they believe the cloud is inherently secure. However, data loss from cyber threats or even accidental deletions remain a significant risk that can’t be ignored. This article explores why these misconceptions persist, the challenges of protecting M365 data, and why businesses are increasingly turning to backup-as-a-service (BaaS) solutions like Veeam Data Cloud for Microsoft 365 backup.
Make Your Real Emails Less Phishy
I infrequently get emails from customers who are frustrated because their employer sent out some legitimate mass email to all employees that unfortunately…
Protect Yourself: Social Engineering Fuels SIM Swapping Attacks
Group-IB has published a report on SIM swapping attacks, finding that attackers continue to use social engineering to bypass technical security measures…
Amazon’s Controversial Change to Echo’s Privacy Settings Takes Effect Soon
Amazon is mandating cloud-based processing for Echo voice commands, removing local storage and disabling Alexa’s voice ID to expand its generative AI capabilities.
Medusa Ransomware: FBI & CISA Urge Immediate Action
Medusa ransomware now operates as a RaaS model, recruiting affiliates from criminal forums to launch attacks, encrypt data, and extort victims worldwide.
Is Microsoft in Hot Water With The FTC Over AI Operations Antitrust Issues?
FTC launches an extensive antitrust probe into Microsoft’s AI operations, scrutinizing data practices and training costs. The investigation spans nearly a decade, signaling increased regulatory scrutiny in the AI sector.
CyberheistNews Vol 15 #11 [Heads Up] 245% Increase in SVG Files Used to Obfuscate Phishing Payloads
CyberheistNews Vol 15 #11 [Heads Up] 245% Increase in SVG Files Used to Obfuscate Phishing Payloads
iPhone-Android: A Major Privacy Upgrade is Coming Soon
This breakthrough will finally allow secure, encrypted messaging between different mobile platforms.
Is Microsoft in Hot Water With The FTC Over AI Operations Antitrust Issues?
FTC launches an extensive antitrust probe into Microsoft’s AI operations, scrutinizing data practices and training costs. The investigation spans nearly a decade, signaling increased regulatory scrutiny in the AI sector.
UK Watchdog Slams Apple & Google for Stifling Mobile Browser Innovation
If Apple and Google don’t make it easier for users to discover third-party browsers, the companies will not have as much of a competitive need to improve Safari and Chrome.
The Case of the Vanishing Copilot: Is Microsoft’s Update a Feature or a Bug?
Microsoft’s latest Windows update comes with an unexpected surprise: accidentally uninstalling the Copilot app from some devices. As users scramble to reinstall, Microsoft scrambles for a fix. Here’s what happened and how to restore Copilot on Windows 11.
ClickFix: The rising threat of social engineering through fake fixes
Field Effect security intelligence observes threat actors using the ClickFix social engineering tactic to compromise victims and install backdoors.
Microsoft reluctant to patch Windows zero-day exploited by nation-state hackers
At least 11 state-sponsored hacking groups have been exploiting a Windows zero-day vulnerability, tracked as ZDI-CAN-25373.
New ‘StilachiRAT’ found scurrying in crypto wallets
Microsoft identifies new, sophisticated remote access trojan (RAT) dubbed StilachiRAT.
Why Password Security Matters: The Danish and Swedish Password Problem
In today’s world, cybersecurity is more critical than ever. Organizations and individuals alike face a constant barrage of cyber threats, and often…
Hundreds of Malicious Android Apps Received 60 Million Downloads
Bitdefender warns that a major ad fraud campaign in the Google Play Store resulted in more than 60 million downloads of malicious apps…
What Is the Meaning of Clickbait and Is It Dangerous?
How does clickbait work and what are the dangers? Discover how to identify a clickbait website and see examples in our guide.
Apple Passwords App Vulnerability Exposed Users for Months
Apple’s Passwords app had a security flaw that exposed users to phishing attacks for months. Learn what happened and how to stay protected.
Apple’s Next Big Thing is AI on Smart Watches
As reported by Bloomberg, translation and other tools are enabled by letting AI “see.” Meanwhile, Apple has made promises about AI that don’t pan out.