MOVEit Hack Impacts Delta Dental of California and Pan-American Life Insurance Group

MOVEit Hack Impacts 7 Million People from Delta Dental of California Delta Dental of California reported that it suffered from a mass exploitation conducted by the Clop hacking group of a zero-day vulnerability identified in the MOVEit Transfer solution by Progress Software. Delta Dental of California, a member of the Delta Dental Plans Association, is … Read more

Unauthorized Use of Software and Cloud Services is a Major Security Risk

Many businesses concentrate on technical measures to protect them against cyberattacks. They invest in firewalls, multifactor authentication, advanced email security solutions, and web filters to block attacks at source, yet often neglect the human factor and do not provide adequate security awareness training to their employees. According to the Verizon Data Breach Investigations report, the … Read more

Malvertising Campaign Leads to Cactus Ransomware Attack

There are many ways that cybercriminals gain access to business networks, including phishing attacks and exploiting unpatched vulnerabilities. Many businesses now provide security awareness training to employees to improve phishing awareness, but it is also important to teach the workforce about attacks via the Internet from general web browsing, such as malvertising. Malvertising is the … Read more

Facebook Messenger Used in Large-Scale Phishing Campaign Targeting Businesses

Now that Microsoft has improved protection against malicious macros by blocking them in Internet-delivered files by default, cybercriminals have had to explore other methods of distributing links to malicious websites hosting malware. There has been an increase in the use of malvertising to target web users and trick them into downloading malicious files, and SMS … Read more

Cybercriminals Targeting Consumers with Fake Blockbuster Movie Downloads

Cybercriminals are targeting consumers looking to watch some of the big summer blockbusters such as Barbie, Oppenheimer, Super Mario Bros, and Guardians of the Galaxy: Vol. 3 and have been distributing links to download sites on social media networks such as Twitter. These links are not what they seem, however. Rather than getting an illegal copy … Read more

Search Engine Ads Abused to Gain Initial Access to Business Networks

Employees are being targeted in a new malvertising campaign that uses Google and Bing Ads offering a variety of trojanized installers for software solutions such as AnyDesk, Cisco AnyConnect VPN, and WinSCP. These campaigns deliver malware that establishes initial access in enterprise networks, allowing other malicious payloads to be delivered, including ransomware. The ‘Nitrogen’ campaign … Read more

Advice on Cybersecurity Awareness Training for Staff

Cybersecurity awareness training for staff is a vital component of any cybersecurity strategy. Businesses should not totally rely on technical defenses to protect against cyberattacks, as sooner or later a threat will successfully bypass those defenses and reach an employee. Employees need to be made aware of cyber threats, be taught how to recognize them, … Read more

Phishing Simulations: Why You Should Be Testing Your Workforce!

Phishing is the most common vector used by cybercriminals to attack businesses and attacks have grown in sophistication to the point where no single cybersecurity solution is now effective at blocking all of these threats. Cybercriminals are constantly changing their tactics, techniques, and procedures to bypass cybersecurity solutions and fool end users and businesses now … Read more

Effective Healthcare Cybersecurity Awareness Training

Healthcare cybersecurity awareness training is an essential part of HIPAA compliance. The HIPAA Security Rule calls for all HIPAA-regulated entities to “Implement a security awareness and training program for all members of its workforce (including management).” The HIPAA Security Rule implies that security awareness training should be ongoing, and the HHS’ Office for Civil Rights … Read more

Major Phishing Campaign Targets Facebook Credentials

While many phishing scams target Microsoft 365 credentials due to the usefulness of the accounts and the data they hold, social media credentials are also highly prized. If a phisher is able to steal Facebook credentials, they can gain access to valuable personal information and the accounts can be used for conducting further scams. Accounts … Read more

Increase in Adversary-in-the-Middle Phishing Attacks That Allow MFA to be Bypassed

Security experts have long recommended that multi-factor authentication be implemented to protect against phishing attacks and for good reason. Single-factor authentication – a password – provides a degree of protection against unauthorized account access; however, with modern GPUs, it is possible to automate brute force attempts to guess passwords and many passwords can be cracked … Read more

6 Tips to Help You Set Up an Effective Employee Security Awareness Training Program

[et_pb_section][et_pb_row][et_pb_column type=”4_4″][et_pb_text] Security awareness training will help to make employees aware of the importance of security and cybersecurity, teach security best practices, and train employees how to identify, avoid, and report threats that they encounter; however, to get the best return on investment and make significant improvements to your organization’s security posture, there are important … Read more

Cyren Alternative for Email and Web Security

Are you looking for a Cyren alternative for email and web security? TitanHQ can offer solutions for both to ensure your business is fully protected from email and web-based threats. TitanHQ can also provide a comprehensive security awareness training platform to help you eradicate risky practices and teach employees how to identify the full range … Read more

Cybercriminals Turn to Malvertising for Malware Distribution Now Microsoft Blocks Macros

Now that Microsoft has started blocking macros in Office documents delivered via the Internet, distributing malware via email has become more difficult and hackers have been forced to change their tactics, techniques, and procedures. This has been seen in phishing attempts that use a broader range of file types, and malware is increasingly being delivered … Read more

Popular Password Manager Targeted in Phishing Campaign

Password managers are used by individuals and businesses to improve password security. They help individuals create complex passwords, eliminate the need to remember passwords, and provide a degree of protection against phishing attacks, but their very nature makes them a target for cybercriminals. A password manager is used to store an individual’s entire collection of … Read more

AI-Generated Phishing Investigations Show Importance of Security Awareness Training

AI-generated phishing emails could change the phishing landscape. Investigations of AI-based text-generating interfaces have shown the threat is real and demonstrate the value in security awareness training. There has been a huge buzz in recent weeks around a new chatbot developed by OpenAI. Chat Generative Pre-Trained Transformer – or ChatGPT as it is better known … Read more

2022 Phishing Trends and the Outlook for 2023

Several new phishing trends were evident in 2022 as cybercriminals changed their tactics for stealing credentials and distributing malware. The same tried and tested techniques were used in many phishing campaigns, including delivery failure notifications, fictitious charges to accounts, security alerts about suspicious account activity, and requests for collaboration on documents, but there have been … Read more

Beware of Malicious Adverts in Search Engine Listings

Phishing is one of the main ways that malicious actors distribute and install malware. Phishing emails are sent to users with attachments containing malicious code or hyperlinks are included in the emails that direct users to a website where malware is downloaded. Businesses should ensure they implement layered defenses to combat phishing, which should include … Read more

7 Tips for Improving the Effectiveness of Security Awareness Training

Businesses can significantly improve their security posture by investing in people and providing security awareness training. Many cyberattacks target employees, as they can be tricked into disclosing sensitive information or installing malware. Through training, you can eliminate risky security practices that open the door to hackers and can show employees how to recognize cyber threats … Read more

Vishing and Smishing Attacks are Increasing: Are Your Employees Able to Identify These Scams?

Email may be the most common vector used in phishing attacks, but there has been a marked rise in other forms of phishing in 2022, such as voice phishing (vishing) and SMS phishing (smishing). Vishing Voice phishing or vishing attacks are conducted over the telephone and use similar social engineering techniques to email phishing. The … Read more

Phishing Simulation Mistakes to Avoid

Phishing simulations are an invaluable training tool and have been proven to help reduce the susceptibility of the workforce to phishing attacks. Phishing simulations are more than just a tool for testing whether employees have understood their training. Quizzes at the end of training sessions are good for that, but phishing simulations test whether the … Read more

Why You Should Protect Browsers Against Malvertising

It is important for businesses to take steps to improve web security and block the web-based component of phishing attacks and drive-by malware downloads, and one of most important steps to take is to protect browsers against malvertising. What is Malvertising Malvertising is the term given to the use of malicious online adverts for downloading … Read more

Matanbuchus Loader Being Distributed in Phishing Emails using Excel and ZIP Attachments

Phishing emails are commonly used to distribute malware and in recent years malware loaders have been a common payload. Malware loaders include the likes of BazarLoader and Bumblebee, which are used to infect devices with the goal of delivering the malware and ransomware payloads of other threat groups. Security researchers have identified a relatively new … Read more

To Defend Against Advanced Phishing Attacks You Need to Develop a Human Firewall

Businesses need to invest in an advanced email security solution to block email-based cyberattacks and nuisance emails. SpamTitan, for instance, will block 99.99% of spam emails and 100% of known malware. SpamTitan includes advanced threat protection mechanisms and machine learning technology that can predict new attacks, along with sandboxing to identify zero-day malware threats. The … Read more

Businesses Urged to Take Steps to Reduce Legal Risk as Crackdown on Illegal Downloads Continues

Employees not wishing to get into legal trouble may choose to access questionable or illegal Internet content at work. Employers can protect against liability from such actions by their employees by implementing a solution to block this activity, and it is becoming increasingly important to do so as intellectual property owners are taking action against … Read more

2021 Ransomware Trends and Steps to Take to Improve Your Defenses Against Attacks

Information about the 2021 ransomware trends identified by U.S. and European cybersecurity agencies and simple steps you can take to improve your security posture and prevent ransomware attacks. 2021 Ransomware Trends Cybersecurity agencies identified several 2021 ransomware trends that look set to continue throughout 2022. There was an increase in ransomware attacks in 2021 with … Read more

Fake Windows 11 Installers Used to Deliver Malware

A campaign has been identified that uses the offer of a free Windows 11 upgrade as a lure to trick people into installing Redline Stealer malware. The Redline Stealer is offered for sale on hacking forums for between $150 and $200 under the malware-as-a-service model. The malware is a popular choice with cybercriminals due to … Read more

Why Your Business Should Be Encrypting Emails

Sensitive information is often exposed in email incidents. To avoid reputation damage and financial loss, your business should be encrypting emails. The Case for Encrypting Emails Email is extensively used in business and a great deal of sensitive information is sent via email. If that information is exposed it can be a source of embarrassment, … Read more

BHUNT Stealer Targets Cryptocurrency Wallets and Browser Passwords

Bitdefender has identified a new stealer malware called BHUNT that allows the attackers to access cryptocurrency wallets and irreversibly transfer funds to wallets under their control. The continued rise in the value of cryptocurrencies has made cyberattacks on cryptocurrency wallets highly lucrative. Large organizations often use cryptocurrencies to improve business reach, reduce transaction costs, prevent … Read more

Tardigrade Malware Used in Targeted Attacks on Vaccine Manufacturers and Biomedical Firms

Biomedical firms and their partners are being targeted by an Advanced Persistent Threat (APT) actor in a campaign that delivers Tardigrade malware. Initial analyses of Tardigrade malware suggest it is a sophisticated threat from the SmokeLoader malware family. SmokeLoader is a generic backdoor that provides threat actors with persistent access to victims’ networks and gives … Read more

SharkBot: A Dangerous New Android Banking Trojan Targeting European and US Banks

A new Android banking Trojan named SharkBot has been identified that has capabilities that go beyond most mobile banking Trojans. This new Android malware stands out due to its use of an Automatic Transfer System (ATS) technique that allows it to bypass multi-factor authentication controls and automate the process of stealing funds from victims’ accounts. … Read more

New Phishing Tactic Identified in Campaign Spoofing Well Known Brands

Phishers are constantly changing their tactics, techniques, and procedures to evade security solutions and fool end users into disclosing sensitive information or installing malware. One of the most commonly used tactics is to impersonate trusted companies, with emails often including corporate logos, footers, and even correct contact information to make the messages look like genuine … Read more

How to Block Drive-By Malware Downloads

In addition to installing a spam filter to block malware delivery via email, it is important to implement a solution to block drive-by malware downloads. A drive-by malware download is a web-based attack where malware is installed onto a victim’s device Drive-by malware download attacks are those where malicious programs are downloaded and installed on … Read more

Remote Working and the Dangers of Public Wi-Fi

The dangers of public Wi-Fi are well documented, but the increase in remote working means the threat has grown. During the pandemic, many businesses had little option other than to allow their employees to work remotely. Remote working during the pandemic meant employees working from home, but now that COVID-19 restrictions are easing the dangers … Read more

Two New Ransomware-as-a-Service Operations Emerge: BlackMatter and Haron

Following the ransomware attacks on critical infrastructure in the United States, several ransomware-as-a-service operations went quiet. The attacks attracted a lot of heat for ransomware gangs and several groups responded by either implementing new restrictions on the types of entities that their affiliates could attack, shutting down entirely and releasing the keys to allow victims … Read more

Ransomware Mitigations to Protect Your Business

It has been a particularly bad year for ransomware attacks on businesses. Many of the attacked businesses have been unprepared for a ransomware attack and did not implement sufficient ransomware mitigations. Had proactive steps been taken, many of the attacks could have been prevented. Recently, the DarkSide ransomware operation attacked a critical infrastructure firm and … Read more

Telegram Platform Being Abused and Used to Distribute and Communicate with Malware

Telegram is a popular messaging app that has seen user numbers soar in recent months, with many users of WhatsApp making the change to Telegram after recent changes to the WhatsApp privacy and data management policies. Telegram has also proven popular with cybercriminals who are using the app for distributing and communicating with malware. Recently, … Read more