AI

A top Defense Advanced Research Projects Agency (DARPA) official said this week that generative AI – like ChatGPT – will alter the threat landscape by making it easier for adversaries to produce high-quality phishing capabilities and ransomware campaigns. […]

military healthcare, veterans healthcare

County-level election workers in at least two battleground states saw a surge in attempted phishing exploits in the runup to the 2022 midterm election primary contests, according to a new report from cybersecurity firm Trellix. […]

The volume of phishing-based cyberattacks rose by 29 percent in 2021 over prior-year levels and was driven in part by an increase in phishing-as-a-service schemes, according to new research from cloud security services provider Zscaler and its ThreatLabz research operation. […]

NIST

Federal agencies are significantly better than private sector organizations at enforcing domain-based message authentication, reporting, and conformance (DMARC) standards to combat email domain spoofing, according to a new report from anti-phishing company Valimail. […]

The Tennessee Valley Authority’s (TVA) phishing prevention training is ineffective and lacks formalized procedures, according to a Feb. 21 report from the Office of the Inspector General (OIG). […]

A FISMA audit found problems with both phishing and data exfiltration at the Social Security Administration (SSA), according to two report summaries released December 4 by the agency’s inspector general. […]

While figures vary across industry and government as to the size of the “phishing-prone” population in any organization, both sides agree that sustained internal employee training efforts are necessary to cut the success rate of spear-phishing exploits down to more manageable levels. […]

cybersecurity chip AI

Cyber tech provider Proofpoint said a recent security awareness audit of employees that undertake security training concludes that people are only hitting on the right answers 78 percent of the time. […]

The Cybersecurity and Infrastructure Agency (CISA) sent out an alert warning of an email phishing scam that is attempting to trick users into opening attachments that are designed to look like Department of Homeland Security notifications. […]

email security DMARC

The U.S. has dropped down the list of international phishing targets, falling from the second most targeted country to the fourth, according to cybersecurity firm RSA’s Quarterly Fraud Report for the fourth quarter of 2018. […]

Hurricane Florence

The Department of Homeland Security’s National Cybersecurity & Communications Integration Center (NCCIC) is warning users “to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence.” Alongside these recommendations, the Multi-State Information Sharing & Analysis Center (MS-ISAC) released a cyber intel advisory on Sept. 14, which notes an uptick in internet activity related to Florence. […]

The Federal Trade Commission issued a warning on Sept. 14 to consumers to be on the alert for phishing scams related to the Equifax breach. The FTC said people might call asking to verify consumers’ account information due to the Equifax hack. “Stop. Don’t tell them anything,” the FTC said in a statement. […]

Categories