Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • APT Group Targeting FinTech Sector Changes Method of Attack

    • APT group Evilnum, known for its targeting of financial technology companies via fake know your customer (KYC) documents, has undergone a significant change in tactics and armory recently that the FinTech sector must be made aware of...
    • Instead of delivering four different LNK files in a zip archive that will be replaced by a JPG file, only one LNK is archived, which masquerades as a PDF containing several documents such as utility bills and credit card photos.
    • When the LNK file is executed, a JavaScript file is written to disk and executed, replacing the LNK file with a PDF.
    • This version of the JavaScript is the first stage of the infection chain, which leads to the delivery of a new Python Rat developed by Evilnum, which has been dubbed PyVil RAT.
    - James Coker | September 4, 2020
    hak-iq.us20.list-manage.comSeptember 4, 2020

  • Organizations facing nearly 1,200 phishing attacks each month

    • IT professionals are dealing with roughly 1,185 phishing attacks per month, which breaks down to about 40 attacks each day.
    • Although just 6% of all phishing attacks result in a breach, many of the respondents determined that the employees at their organizations would not be able to spot and properly mitigate a phishing attack in real-time.
    • 38% of those surveyed also stated that last year, someone within their organization was tricked by a phishing attack.
    OODA Loop | September 3, 2020
    hak-iq.us20.list-manage.comSeptember 3, 2020

  • How to keep your hybrid workforce safe in three easy steps

    • With many companies structuring their workforce around a model that accommodates around 30% remote workers, few were prepared for the jump to 100%.
    • While this transition brings a wave of opportunity for organizations and employees, it also opens new doors for bad actors to capitalize on strained IT departments who have taken on additional responsibility to ensure sensitive data remains secure, whether on or off the corporate network.
    - Mark Bowen | September 2, 2020
    hak-iq.us20.list-manage.comSeptember 2, 2020

  • Phishing alert: See a tricky password-stealing scam in action

    • Phishing scams usually try to get you to their malicious payload as quickly as possible, so when security researchers discovered a new type of campaign featuring multiple steps and downloads, they knew they had to dive deeper.
    • As it turns out, this new campaign is just as dangerous as classic phishing schemes — and might even have an easier time making it to your inbox.
    • With phishing campaigns, you’re only as vulnerable as you are naive. If you’re wise to the tricks and skeptical about anything coming into your inbox, you won’t fall victim to one of these scams.
    - James Gelinas | September 2, 2020
    hak-iq.us20.list-manage.comSeptember 2, 2020

  • China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks

    • A China-based APT has been sending organizations spear-phishing emails that distribute a never-before-seen intelligence-collecting RAT dubbed Sepulcher.
    • Researchers discovered the new malware being distributed over the past six months through two separate campaigns.
    • The first, in March, targeted European diplomatic and legislative bodies, non-profit policy research organizations and global organizations dealing with economic affairs.
    • The second, in July, targeted Tibetan dissidents. They tied the campaigns to APT group TA413, which researchers say has been associated with Chinese state interests and is known for targeting the Tibetan community.
    - Lindsey O'Donnell | September 2, 2020
    hak-iq.us20.list-manage.comSeptember 2, 2020

  • How cyber criminals are targeting banks with multi-stage phishing attacks

    • Because banks represent such a hardened yet lucrative target, they are often on the receiving end of the very latest, and more sophisticated, attack strategies.
    • One of the most recent techniques we have seen deployed against banks involves a multi-level phishing attack that exploits the increasing use of cloud-based solutions.
    • As with most cyber attacks, this new multi-level technique begins with a fairly standard phishing email.
    • Attackers will either impersonate a senior executive at the target bank, or a known or trusted partner or supplier.
    GLOBAL BANKING & Finance review | Derek Taylor | September 1, 2020
    hak-iq.us20.list-manage.comSeptember 1, 2020

  • Securing Healthcare Data in a COVID World

    • Healthcare data is some of the most personal information any of us have. In the midst of the global pandemic, many people whose information would not have entered medical systems normally are being hospitalized and data about them is being collected.
    • One of the easiest changes that many healthcare organizations are already adopting is to update credential management policies.
    • Data should be encrypted on the hard drive, requiring authorized access to view readable data, and should also be encrypted in transit. Some of the best options available for data encryption on the storage device are blockchain solutions. Blockchain is especially important for healthcare data due to the personal and sensitive nature of the data.
    • We should be taking every measure possible to ensure this data does not fall into the wrong hands.
    SECURITY BOULEVARD - Topher Tebow | September 1, 2020
    hak-iq.us20.list-manage.comSeptember 1, 2020

  • COVID-19 scammers are using data-breach fears to get information from Canadians

    • Scott Jones, the head of the Canadian Centre for Cyber Security, said criminals are using “far more effective” lures to convince Canadians to hand over personal and sensitive information, like banking credentials.
    • Jones told the Star that while early in the pandemic scammers were targeting Canadians with offers of supplies like masks and hand sanitizer, they’re now capitalizing on some high-profile data breaches and suggesting to their marks their information has already been compromised.
    NIAGARA FALLS REVIEW - Alex Boutilier | September 1, 2020
    hak-iq.us20.list-manage.comSeptember 1, 2020

  • Charming Kitten Returns with WhatsApp, LinkedIn Effort

    • The Iran-affiliated APT known as Charming Kitten is back with a new approach, impersonating Persian-speaking journalists via WhatsApp and LinkedIn, in order to con victims into opening malicious links.
    • The attackers attempt to get a conversation going in order to establish trust. For instance, in the case of the Jewish Journal webinar, the attackers tried to entice the victim with nominating them as its main speaker, “chosen from more than a hundred participants.”
    - Tara Seals | August 31, 2020
    hak-iq.us20.list-manage.comAugust 31, 2020

  • Three Predictions For The Future Of DNS Security

    • As you and your business likely transition to more and more remote access for employees, DNS security could become more important than ever.
    • The overall market for DNS security software will expand.
    • The commonly accessed scope of DNS will grow.
    • Consumer use of DNS security will grow.
    - Francis Dinha | August 31, 2020
    hak-iq.us20.list-manage.comAugust 31, 2020

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence