Bookmarked links

More Canadian organizations than ever are using penetration testing to improve their security posture. According to a recent survey by IT solutions provider CDW Canada, 56 per cent of responding firms said they have performed a penetration test in the last 12 months. That’s a 40 percent increase com…

Canada’s financial regulator is urging the country’s biggest banks and insurance companies to perform a new controlled threat assessment of their cyber resilience every three years with independent penetration testers. The recommendation for the assessment, called Intelligence-Led Cyber Resilience T…

Hackers today are one step ahead of everyone else – large firms with big budgets, the brightest minds in cybersecurity, government bodies and police. Fighting back is one thing, but do we even know who these criminals are, or how they operate?

Ex-Goldman Sachs executive Raoul Pal says that the number of crypto users is on course to explode above one billion across the globe.

Google Cloud saw credential issues as a key driver in Google Cloud incidents, accounting for over 60% of compromise factors.

Get these free resources you can use throughout the entire month of October to help your users keep up their cybersecurity defenses.

Count Hackula could be waiting in the shadows to bite on your weak or reused password.

Not old enough to legally buy a beer, old enough for a 30-month term

Not old enough to legally buy a beer, old enough for a 30-month term

Not all approaches to cybersecurity training yield the same outcomes, and some may be costing you more than you realize.

In this McKinsey Explainer, we explore what diversity, equity, and inclusion is and why successful organizations are actively embracing DE&I.

The Hoxhunt Challenge has uncovered a disconcerting trend in the world of QR code phishing attacks, showing a 22% increase in the use of QR codes…

Get the latest phishing and security awareness resources to keep your network secure this October and beyond, no matter where your users are working from.

A report from Trustwave notes that phishing remains one of the most popular and effective techniques for attackers to gain access to organizations…

The latest cyber claims report from Coalition, a digital risk insurance provider, finds a 12% increase in cyber insurance claims in the first half of 2023.

Threat actors continue to use generative AI tools to craft convincing social engineering attacks, according to Glory Kaburu at Cryptopolitan…

AI could help terrorists build chemical and biological weapons, says PM in major speech

You can make sure Facebook and Instagram aren’t tracking you across the web. We’ll tell you how.

New analysis of incident data shows how threat actors are evolving their attack techniques when specifically targeting the small business, and some…

With QR-code phishing attacks on the rise, new data sheds light on just how unprepared organizations actually are in stopping and detecting these device…

Business email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest. The researchers believe the increase is due…

As cybercriminals leverage tools like generative AI, making attacks continually easier to execute and with a higher degree of success, phishing attacks…

The specter of cybercrime continues to grow, with losses soaring to $12.5 billion in 2023, according to the recently released Internet Crime Report…

A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC…

As social media phishing reaches new heights, new data reviewing 2023 shows a massive effort by cybercriminals to leverage impersonation of social media…

Researchers at Lookout have discovered a sophisticated phishing kit that’s targeting employees at the US Federal Communications Commission (FCC)…

New analysis of a phishing campaign shows how cybercriminals use brand impersonation of the platforms they need to compromise accounts and takeover…

New data shows organization are well aware that their users are one of their greatest cybersecurity risks today, and yet aren’t taking the right steps…

A new malware loader is delivering the Agent Tesla remote access Trojan (RAT), according to researchers at Trustwave SpiderLabs. The malware is…

Now you can use Google Chat messages to offer immediate security advice the moment a user demonstrates risky behavior through KnowBe4’s SecurityCoach.

Analysis of a new initial access malware attack shows how very simple these attacks can be while also shedding light on the fact that malware can reside…

A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy…

A phishing-as-a-service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia…

If Social Engineering Accounts for Up to 90% of Attacks, Why Is It Ignored?

A new Chrome update brings to light Google findings about malicious websites that has serious implications on detecting malicious links, spoofed brands…

Cybercriminals are catching up to all the digital transformation done over the last decade, as new data shows increased expertise in leveraging and…

The FBI’s Internet Crime Complaint Center’s newly-released Internet Crimes Report provides an unbiased big picture of the cybercrimes that were the most…

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close…

Now known as “RA World”, the threat group has shifted from attacks targeting two countries to include specific industries globally, adding a new - not…

Researchers at Fortinet are tracking a phishing campaign that’s distributing a new version of the VCURMS remote access Trojan (RAT)…

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close…

The threat of novel malware is growing exponentially, potentially making it more difficult for security solutions to identify attachments and linked to…

Analysis of a new initial access malware attack shows how very simple these attacks can be while also shedding light on the fact that malware can reside…

Our team at KnowBe4 recently got together to talk about planning for annual security and compliance training.

A 30-year-old man from Chicago, Joseph Alexander Valdez, has been sentenced to eight years in prison for conducting a Snapchat phishing scheme that…

A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC…

Research on analysis of emerging threats in the age of AI has been released giving insight into exactly how these gangs are leveraging AI to advance…

Today’s options for best AI courses offer a wide variety of hands-on experience with generative AI, machine learning and AI algorithms.

Participating in an artificial intelligence or machine learning program can offer valuable exposure in a way that sets you up for success, both in college and for future employment, bridging the gap between the classroom and real-world experience. Below are 10 programs to consider, some of which a

A new lesson from Google teaches students how artificial intelligence works, and where you see it show up in your every day life.

We’ve curated a list of the top 10 AI summer programs for you to consider!

Inpsirit AI Scholars is an artificial intelligence program for high school students, developed and taught by Stanford and MIT alumni and graduate students.

Microsoft have notified users that their emails with the tech giant were accessed in a data breach also impacting US Government agencies.

Google reported a 48% increase in greenhouse gas emissions in 2023 compared to 2019, citing growing AI demand as a primary cause.

Researchers at the have found a security vulnerability in an OpenSSH server affecting over 14 million glibc-based Linux systems

In this episode, Benjamin Dryden, vice chair of Foley’s Antitrust & Competition Practice Group and David McMillan…

In this episode, Benjamin Dryden, vice chair of Foley’s Antitrust & Competition Practice Group and David McMillan…

Greenwashing is a practice that can include overstating a company’s environmental record, misrepresenting the sustainability of its corporate practices or claiming a product as environmentally friendly…

When you retain a lawyer, you will often hear the terms “Trust Account” or “In Trust”, but what exactly does that mean?

This Guidance Note sets out the registration and continuing obligations of a private fund registered with the Cayman Islands…

When you retain a lawyer, you will often hear the terms “Trust Account” or “In Trust”, but what exactly does that mean?

This Guidance Note sets out the registration and continuing obligations of a private fund registered with the Cayman Islands…

The Supreme Court issued a landmark ruling on June 27, 2024 that significantly curtails the powers of the Securities and Exchange Commission (“SEC”) and has far-reaching implications for administrative law judges (“ALJs”) across the federal government.

Jarkesy arose out of penalties assessed in an administrative proceeding before the SEC that were based on the antifraud provisions of the federal securities laws.

All new cars must have the devices from 7 July, adding fuel economy as well as safety. Will mpg become the new mph?

“While these uses of GenAI are often neither overtly malicious nor explicitly violate these tools’ content policies or terms of services, their potential for harm is significant.”

The Department of Commerce’s Bureau of Industry and Security (BIS) announced a Final Determination prohibiting Kaspersky Lab, Inc., the U.

Yep, passwords for administrators can be changed, too.

OT SCADA Kits for your home battle station.

Companies that can't even deliver simple models with their data think the solution to their problems lies in trying to deliver complex AI. Maturity models are… | 34 comments on LinkedIn

'Officials from the National Security Agency and the State Department said they’re still struggling to come up with a way to deter a powerful hacking group… | 10 comments on LinkedIn

DuckDuckGo. Privacy, Simplified.

The lawmakers say summaries further entrench the monopolies that companies like Google hold over online search, by lifting content from publishers without permission and then directing traffic and profits away from those publishers.

Phishing and malicious emails remained the primary vectors of infection during the second half of 2024, according to a new report from Acronis…

Researchers at ReliaQuest have published a report on a phishing breach in the manufacturing sector that went from initial access to lateral movement in just 48 minutes…

Researchers at Cyble warn that a phishing kit is abusing the Open Graph (OG) protocol to target social media users…

Data theft extortion attacks increased by 46% in the fourth quarter of 2024, according to a new report from Nuspire…

CyberheistNews Vol 15 #08 Protect Your Data: Russian Spear-Phishing Targets Microsoft 365 Accounts

A Chinese government-backed hacking group is using fake medical software to compromise hospital patients’ computers, infecting them with backdoors, keyloggers, and cryptominers…

ESET warns of a wave of phishing attacks informing employees that they’ve been fired or let go. The emails are designed to make the user panic and act…

The European Union’s AI Act is ushering in a new era of workplace requirements, with AI literacy taking center stage. Under Article 4, organizations must…

If you haven’t been paying attention closely enough, a new type of access control token, like a super browser token on steroids, is becoming hackers’…

Zimperium warns of a surge in phishing attacks specifically tailored for mobile devices. These attacks are designed to evade desktop…

It’s no surprise that 18–29-year-olds are turning to social media for cybersecurity information. As digital natives, this age group naturally gravitates…

A new report from Arctic Wolf has found that 96% of ransomware attacks now involve data theft as criminals seek to force victims to pay up…

Check out the 58 new pieces of training content added in February, alongside the always fresh content update highlights, new features and events.

Several Russian threat actors, including the SVR’s Cozy Bear, are launching highly targeted spear phishing attacks against Microsoft 365 accounts, according to researchers at Volexity…

Researchers at Barracuda observed a fourfold increase in ransomware threats last year, driven by increasingly sophisticated ransomware-as-a-service…

The pop-ups are back after a brief pause.

Microsoft’s March 2025 Patch Tuesday includes six actively exploited zero-day vulnerabilities. Learn about the critical vulnerabilities and why immediate updates are essential.

Researchers warn these commands could be exploited to manipulate memory, impersonate devices, and bypass security controls.

Artificial Intelligence (AI) is no longer just a tool—it is a game changer in our lives, our work as well as in both cybersecurity and cybercrime…

Microsoft warns that a widespread malvertising campaign hit nearly one million devices around the world…

Many organizations still fail to back up their Microsoft 365 (M365) data because they believe the cloud is inherently secure. However, data loss from cyber threats or even accidental deletions remain a significant risk that can’t be ignored. This article explores why these misconceptions persist, the challenges of protecting M365 data, and why businesses are increasingly turning to backup-as-a-service (BaaS) solutions like Veeam Data Cloud for Microsoft 365 backup.

I infrequently get emails from customers who are frustrated because their employer sent out some legitimate mass email to all employees that unfortunately…

Group-IB has published a report on SIM swapping attacks, finding that attackers continue to use social engineering to bypass technical security measures…

Amazon is mandating cloud-based processing for Echo voice commands, removing local storage and disabling Alexa’s voice ID to expand its generative AI capabilities.

Medusa ransomware now operates as a RaaS model, recruiting affiliates from criminal forums to launch attacks, encrypt data, and extort victims worldwide.

FTC launches an extensive antitrust probe into Microsoft’s AI operations, scrutinizing data practices and training costs. The investigation spans nearly a decade, signaling increased regulatory scrutiny in the AI sector.

CyberheistNews Vol 15 #11 [Heads Up] 245% Increase in SVG Files Used to Obfuscate Phishing Payloads

This breakthrough will finally allow secure, encrypted messaging between different mobile platforms.

If Apple and Google don’t make it easier for users to discover third-party browsers, the companies will not have as much of a competitive need to improve Safari and Chrome.

Microsoft’s latest Windows update comes with an unexpected surprise: accidentally uninstalling the Copilot app from some devices. As users scramble to reinstall, Microsoft scrambles for a fix. Here’s what happened and how to restore Copilot on Windows 11.

Field Effect security intelligence observes threat actors using the ClickFix social engineering tactic to compromise victims and install backdoors.

At least 11 state-sponsored hacking groups have been exploiting a Windows zero-day vulnerability, tracked as ZDI-CAN-25373.

Microsoft identifies new, sophisticated remote access trojan (RAT) dubbed StilachiRAT.

In today’s world, cybersecurity is more critical than ever. Organizations and individuals alike face a constant barrage of cyber threats, and often…

Bitdefender warns that a major ad fraud campaign in the Google Play Store resulted in more than 60 million downloads of malicious apps…

How does clickbait work and what are the dangers? Discover how to identify a clickbait website and see examples in our guide.

Apple’s Passwords app had a security flaw that exposed users to phishing attacks for months. Learn what happened and how to stay protected.

As reported by Bloomberg, translation and other tools are enabled by letting AI “see.” Meanwhile, Apple has made promises about AI that don’t pan out.