Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they use, and incorporating QR codes, which is becoming a new favorite way to deliver malicious content. This article describes some of the recently observed threat actor tactics as well as some tips for staying safe.
Read more…
Source: Water ISAC
Related:
- N.B. Liquor stopped attempted cyber attack, CEO says
January 23, 2025
N.B. Liquor CEO Lori Stickles says the company’s security systems worked as intended during an attempted cyber attack this month. “We got the alert, we were able to basically put a choke hold on it by shutting our system down proactively,” Stickles said in an interview Thursday. Stickles was unable to provide details on how the ...
- Trump administration fires members of cybersecurity review board in ‘horribly shortsighted’ decision
January 22, 2025
On Tuesday, a day after Donald Trump’s inauguration as the new U.S. president, the Department of Homeland Security told members of several advisory committees that they were effectively fired. Among the committees impacted is the Cyber Safety Review Board, or CSRB, according to sources familiar with the board who spoke to TechCrunch, as well as reporting ...
- Hit by wave of cyber attacks, Japan shifts to ‘active cyber defence’
January 20, 2025
apan aims to take a more proactive approach to cyber defence by allowing hackers working for the authorities to “attack” pre-emptively to prevent or stop sabotage attempts. Under a new strategy of “active cyber defence”, Japan plans to allow hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers to neutralise the source ...
- UAE Cyber Security Council calls for stronger vigilance amid growing AI-driven cyber attacks
January 18, 2025
The Cyber Security Council of the UAE Government has announced that the nation’s cybersecurity systems have successfully countered malicious ransomware attacks targeting several strategic sectors, including government and private entities. The Council revealed that the country’s emergency cyber-response systems, in collaboration with relevant authorities, have proactively and professionally intercepted and neutralised approximately 200,000 cyber attacks daily ...
- Proof-of-Concept Exploit Released for CVE-2024-53691 in QNAP QTS and QuTS NAS
January 17, 2025
QNAP has released a security advisory addressing three vulnerabilities in the QTS and QuTS products. QTS and QuTS are the operating system for QNAP Network-attached storage (NAS) appliances. CVE-2023-39298 is a ‘Missing authorisation’ vulnerability with a CVSSv3 score of 7.8. If exploited, a local attacker with low privileges could access data or perform actions without proper ...
- Product Security Bad Practices
January 17, 2025
As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle. This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for ...