Scammers fleeced a Chinese venture capital firm out of a $1 million payment meant for a startup by using malicious emails to steal the cash, according to new findings from Check Point Technologies. Read More
Digest Article
Topic: Phishing
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
The CSIAC has compiled many resources on the topic of Phishing. Please browse the resources below.
Digest Article
Specially Crafted ZIP Files Used to Bypass Secure Email Gateways
Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing campaign that utilized a specially crafted ZIP file that was designed to bypass secure email gateways to distribute the NanoCore RAT. Read More
Digest Article
FBI Issues Warning on ‘Secure’ Websites Used For Phishing
The U.S. Federal Bureau of Investigation (FBI) issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns. Read More
Digest Article
Supply-Chain Attacks Rose 78% Last Year, Cyber Researchers Found
Hackers are shifting their tactics away from traditional phishing and ransomware attacks, and moving toward stealthier intrusions via websites and the software supply chain, according to a recent report. Read More
Event
CSIAC Webinars – Phishing for Solutions: Are Cybersecurity Compliance Based Programs Working?
Phishing and spear phishing, i.e. social engineering, have rendered today’s users defenseless against increasingly sophisticated cyber-attacks. In 2016, the Director of National Intelligence (DNI) reported that 91% of all successful cyber-attacks against the Federal Government in 2015 were enabled by social engineering. In short, 91% of successful Read More
CSIAC Webinar
Phishing for Solutions: Are Cybersecurity Compliance Based Programs Working?
Phishing and spear phishing, i.e. social engineering, have rendered today’s users defenseless against increasingly sophisticated cyber-attacks. In 2016, the Director of National Intelligence (DNI) reported that 91% of all successful cyber-attacks against the Federal Government in 2015 were enabled by social engineering. In short, 91% of successful Read More
Author / Presenter
Dr. Terry R. Merz, CISSP, CISM
Dr. Merz is a Senior Research Scientist at the Pacific Northwest National Laboratory (PNNL). She holds a Doctorate and Masters in Computer Science, with a concentration in Information Assurance from Colorado Technical University, and a Bachelor of Science in Information Management from the University of Maryland. Dr. Merz has 17+ years of cybersecurity Read More
Podcast
Phishing
Scamming users into giving up their information is not a new concept. However, for users to avoid modern phishing attempts, we need to understand the basics of everyday internet infrastructures such as URL links, web domain structure, and common attack techniques. This video discusses how attackers use phishing techniques to gain unauthorized access to a Read More
Podcast
CS Digest Roundtable #3: Tricking Neural Networks, CIA Impersonation, International Data Privacy, and Encrypted Malware Detection
In today's episode the CSIAC takes the most important articles in a past CS Digest and discusses the articles' importance in the world of technology and cyber security. Read More
Digest Article
Analysis of 3,200 Phishing Kits Sheds Light on Attacker Tools and Techniques
Phishing kits are used extensively by cybercriminals to increase the efficiency of stealing user credentials. The basic kit comprises an accurate clone of the target medium's login-in page (Gmail, Facebook, Office 365, targeted banks, etc), and a pre-written php script to steal the credentials -- both bundled and distributed as a zip file. Successfully Read More
Air Force Research Laboratory (AFRL)
Apple
Artificial Intelligence (AI)
Autonomy and Autonomous Systems
Biometrics
Cloud Computing
Critical Infrastructure Protection (CIP)
Cryptocurrency
Cryptography
cyberattack
Cyber Legislation
Cyber Physical Systems (CPSs)
Cybersecurity Training
Cyberwarfare
Cyber Workforce
Data Breach
Data Privacy
Data Security
Defense Technical Information Center (DTIC)
DoD Acquisition Lifecycle
Encryption
Industrial Control Systems (ICS)
Insider Threat
Internet of Things (IoT)
Intrusion Detection
Linux
Machine Learning (ML)
Malware
Microsoft
Mobile Security
National Cyber Security Awareness Month (NCSAM)
National Institute of Standards and Technology (NIST)
Network Security
Open Source Software
Operational Technology (OT)
Password Security
Phishing
Protecting Controlled Unclassified Information (CUI)
Quantum Computing
Ransomware
Risk Management Framework (RMF)
Secure Software
Software Assurance
Vulnerability
Workplace Security
