CyberheistNews Vol 14 #47 Step-by-Step To Creating Your First Reasonable Deepfake Video in a Few Minutes


CyberheistNews Vol 14 #47  |   November nineteenth, 2024


Step-by-Step To Creating Your First Reasonable Deepfake Video in a Few MinutesStu Sjouwerman SACP

By Roger Grimes

Learn to create your first real looking deepfake video step-by-step in only a few minutes. There comes a cut-off date when each IT safety individual wants or desires to create their first deepfake video. They not solely wish to create their first deepfake video however make it pretty plausible, and if they’re fortunate, scare themselves, their pals, co-workers and executives. I get it. It’s enjoyable.

If you happen to comply with these directions, it can take you longer to create the free accounts you want (a minute or two) than it does to create your first realistic-looking deepfake video.

There are actually a whole bunch of deepfake audio-, image- and video-making websites and providers, and extra seem every day. Every of the prevailing ones will get simpler and extra feature-rich day by day. You should utilize any of those websites to create your first deepfake video.

[CONTINUED] on the KnowBe4 Weblog, with hyperlinks, screenshots and detailed directions:
https://weblog.knowbe4.com/step-by-step-to-creating-realistic-deepfake-video-in-minutes

Rip, Flip, and Revolutionize Your Phishing Defenses with PhishER Plus

Human error contributes to 68% of information breaches, in accordance with Verizon’s 2024 Knowledge Breach Investigations Report.

It is time to flip that statistic on its head and remodel your customers from vulnerabilities to cybersecurity belongings.

Meet KnowBe4’s PhishER Plus: The one SOAR electronic mail safety providing that mixes AI-driven safety with crowdsourced intelligence for unmatched electronic mail safety and incident administration.

On this demo, PhishER Plus can assist you:

  • Slash incident response instances by 90%+ by automating message prioritization
  • Customise workflows and machine studying to your protocols
  • Use crowdsourced intelligence from greater than 13 million customers to dam identified threats
  • Conducts real-world phishing simulations that maintain safety top-of-mind for customers

Be part of us for a stay 30-minute demo of PhishER Plus, the #1 Chief within the G2 Grid Report for SOAR Software program, to see it in motion.

Date/Time: TOMORROW, Wednesday, November 20, @ 2:00 PM (ET)

Save My Spot:
https://data.knowbe4.com/phisher-demo-2?partnerref=CHN2

[World Premiere] KnowBe4 Debuts New Season 6 of Netflix-Fashion Safety Consciousness Video Collection – “The Inside Man”

We’re thrilled to announce the long-awaited sixth season of the award-winning KnowBe4 Unique Collection — “The Inside Man” is now accessible within the KnowBe4 ModStore!

This network-quality video coaching collection educates and entertains with episodes that tie safety consciousness rules to key cybersecurity greatest practices.

From social engineering, CEO fraud and bodily safety, to social media threats, phishing and password theft, “The Inside Man” Season 6 teaches your customers real-world eventualities that empowers customers to make smarter safety selections which can be partaking and enjoyable.

We developed “The Inside Man” to tie genuine hacking and social engineering eventualities with fringe of the seat, emotionally partaking drama. The aim: encourage your customers to take duty for safeguarding your group from social engineering assaults by safety consciousness rules which can be seamlessly embedded inside a compelling storyline.

From social engineering, CEO fraud and bodily safety, to social media threats, phishing and password theft, “The Inside Man” reveals how simple it may be for dangerous actors to trick customers like yours and wreak havoc in your group.

Season 6 is out there within the KnowBe4 ModStore for all prospects with a Diamond degree subscription.

Weblog publish with hyperlinks, episode descriptions, and the OFFICIAL TRAILER!
https://weblog.knowbe4.com/world-premiere-knowbe4-debuts-new-season-6-inside-man

Nation-State Menace Actors Depend on Social Engineering First

A brand new report from ESET has discovered that almost all nation-state menace actors depend on spear phishing as a major preliminary entry method.

Within the second and third quarters of 2024, state-sponsored APTs from China, Russia, Iran and North Korea used social engineering assaults to compromise their targets.

Iranian menace actors continued conducting cyber espionage in opposition to international locations throughout the Center East, Europe and the U.S. In addition they expanded their concentrating on to hit monetary firms in Africa.

“We observed indications that Iran-aligned groups might be leveraging their cyber capabilities to support diplomatic espionage and, potentially, kinetic operations,” ESET says.

“These teams compromised a number of monetary providers companies in Africa – a continent geopolitically necessary to Iran; performed cyber espionage in opposition to Iraq and Azerbaijan, neighboring international locations with which Iran has complicated relationships; and elevated their curiosity within the transportation sector in Israel.

“Despite this seemingly narrow geographical targeting, Iran-aligned groups maintained a global focus, also pursuing diplomatic envoys in France and educational organizations in the United States.”

The Russian menace actor Sednit (often known as “APT28” or “Fancy Bear”) launched phishing assaults designed to compromise Roundcube servers in a wide range of sectors.

“We discovered new Sednit spear phishing waves, which are part of the already known Operation RoundPress campaign directed against Roundcube webmail servers,” the researchers write.

“In the past several months, we observed such spear phishing waves against governmental, academic, and defense-related entities in Cameroon, Cyprus, Ecuador, Indonesia, Romania, and Ukraine. Sednit used a wide range of lures, from legitimate news articles to a commercial brochure for thermal optics.”

The researchers word that North Korean menace actors usually set up belief with their victims utilizing phony employment gives earlier than tricking them into putting in malware.

“Another distinctive feature of many attacks that we attribute to North Korea-aligned groups is the gradual building up of the relationship with the victim,” ESET says. “Both Lazarus and Kimsuky used fake job offers to approach the targeted individuals. Only after the victim responds and a relationship is established, is a malicious package sent to the victim.”

KnowBe4 empowers your workforce to make smarter safety selections day by day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

Weblog publish with hyperlinks:
https://weblog.knowbe4.com/nation-state-threat-actors-rely-on-social-engineering

How Susceptible is Your Community Towards Ransomware and Cryptomining Assaults?

Dangerous actors are always popping out with new variations of ransomware strains to evade detection. Is your community efficient in blocking ransomware when staff fall for social engineering assaults?

KnowBe4’s Ransomware Simulator “RanSim” offers you a fast have a look at the effectiveness of your current community safety. RanSim will simulate 24 ransomware an infection eventualities and 1 cryptomining an infection state of affairs to indicate you if a workstation is susceptible.

Here is how RanSim works:

  • 100% innocent simulation of actual ransomware and cryptomining infections
  • Doesn’t use any of your individual recordsdata
  • Checks 25 kinds of an infection eventualities
  • Simply obtain the installer and run it
  • Leads to a couple of minutes!

That is complimentary and can take you 5 minutes max. RanSim might offer you some insights about your endpoint safety you by no means anticipated!

Get RanSim Now!
https://data.knowbe4.com/ransomware-simulator-tool-1chn

Let’s keep protected on the market.

Heat regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [FREE RESOURCE KIT] Keep Cyber Protected this Vacation Season with Our Free 2024 Useful resource Equipment!:
https://weblog.knowbe4.com/free-resource-kit-stay-cyber-safe-this-holiday-season-with-our-free-2024-resource-kit

Quotes of the Week  

“The most important thing is to try and inspire people so that they can be great in whatever they want to do.”
– Kobe Bryant – Basketball Participant (born 1978)


“I think the greatest thing we give each other is encouragement…knowing that I’m talking to someone who wants me to grow and fulfill my potential.”
– Fred Rogers, Tv Persona (1928–2003)


Thanks for studying CyberheistNews

You possibly can learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-14-47-step-by-step-to-creating-your-first-realistic-deepfake-video-in-a-few-minutes

Safety Information

Prison Menace Actor Makes use of Stolen Invoices to Distribute Malware

Researchers at IBM X-Pressure are monitoring a phishing marketing campaign by the felony menace actor “Hive0145” that is utilizing stolen bill notifications to trick customers into putting in malware.

Hive0145 acts as an preliminary entry dealer, promoting entry to compromised organizations to different menace actors who then perform further cyberattacks.

“Over the past year, Hive0145 has demonstrated proficiency in evolving tactics, techniques, and procedures (TTPs) to target victims across Europe,” the researchers clarify. “Italian, Spanish, German, and Ukrainian victims proceed to obtain weaponized attachments that entice the sufferer to open the file.

“The actor’s campaigns present the victim with fake invoices or receipts and often a short, generic message of urgency for victims to address. Upon loading the attached file, the victim unwittingly executes the infection chain leading to Strela Stealer malware.”

Notably, the menace actor has begun utilizing actual, stolen bill notifications so as to add legitimacy to its phishing operations.

“In July 2024, X-Force observed a mid-campaign change in the emails being distributed by Hive0145, with the short and generic messages being replaced with what appeared to be legitimate stolen emails,” the researchers write. “The phishing emails precisely matched official bill communication emails and, in some circumstances, nonetheless straight addressed the unique recipients by identify.

“X-Force was able to verify that the emails were in fact authentic invoice notifications from a variety of entities across financial, technology, manufacturing, media, e-commerce and other industries. It is likely that the group sourced the emails through previously exfiltrated credentials from their prior campaigns.”

Strela Stealer is a pressure of malware designed to exfiltrate electronic mail credentials. X-Pressure notes that these credentials can be utilized to launch enterprise electronic mail compromise (BEC) assaults throughout the focused organizations.

“Hive0145’s use of stolen emails for attachment hijacking is an indicator that a portion of stolen email credentials may be used to harvest legitimate emails for further distribution,” the researchers write.

“Both stolen and actor-created emails used by Hive0145 predominantly feature invoices as themes, which points towards potential financial motivation. It is possible that Hive0145 may sell stolen emails to affiliate partners for the purposes of further business email compromise.”

Weblog publish with hyperlinks:
https://weblog.knowbe4.com/criminal-threat-actor-uses-stolen-invoices-to-distribute-malware

Ransomware Surges within the Development Sector

Ransomware assaults in opposition to building firms elevated by 41% over the previous 12 months, in accordance with a brand new report from ReliaQuest.

“This is likely driven by the vast amounts of sensitive data that organizations hold and their critical need to maintain operational continuity,” the researchers write. “These factors, exacerbated by inherent weaknesses such as inadequate government regulations and underinvestment in cybersecurity, make the sector particularly vulnerable to ransomware attacks.”

In the meantime, spear phishing remained the commonest preliminary entry method. Phishing and different social engineering techniques usually precede ransomware assaults and enterprise electronic mail compromise (BEC) scams.

“The construction sector is no stranger to phishing attacks, which topped the list of initial access techniques between October 1, 2023, and September 30, 2024,” the researchers write. “The sector’s reliance on third events and contractors, mixed with high-pressure mission timelines, makes it significantly susceptible to phishing assaults, together with spearphishing.

“Phishing is favored by threat actors for its simplicity and effectiveness. And for construction organizations, the operational and financial consequences of a phishing attack can be severe.”

ReliaQuest believes the development sector will see a rise in phishing, cloud assaults, and infostealer malware over the subsequent 12 months:

  • “Phishing: We anticipate phishing assaults on the development {industry} to proceed rising, largely because of the sector’s heavy reliance on third events and contractors. These exterior companions usually lack important safety coaching and acceptable use insurance policies, rising their—and consequently the development firms’—vulnerability to phishing assaults.
  • Cloud Exploitation: We count on this to develop within the subsequent 12 months as elevated cloud utilization opens alternatives for assaults. Cloud adoption is on the rise within the sector, however defending the cloud may be difficult on account of restricted instruments and experience. Attackers exploit this vulnerability to evade detection and preserve community entry.
  • Infostealers: We additionally count on an increase in infostealer assaults over the approaching 12 months. This sort of malware is designed to compromise consumer credentials, that are then bought on dark-web boards. Armed with these credentials, attackers can acquire entry to delicate building knowledge, equivalent to engineering blueprints, or deploy further malware inside programs to escalate their assaults.”

KnowBe4 empowers your workforce to make smarter safety selections day by day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

ReliaQuest has the story:
https://www.reliaquest.com/weblog/report-shows-ransomware-has-grown-41-for-construction-industry/

What KnowBe4 Prospects Say

“Hi Stu, Thank you for your email. We are very pleased with KnowBe4’s products. Both our management team and staff members have provided positive feedback. We are considering scheduling another security awareness training session early next year.”

– Y.H., Senior IT Infrastructure and Community Officer


“Hey Stu, admire you checking in! I am happy to say we have been getting on properly with KnowBe4 and the coaching it is offering for our customers. We’re now into our second 12 months and over the course of operating KnowBe4, to this point we have run a coaching marketing campaign and 5 phishing campaigns to check customers. We have already received our sixth phishing marketing campaign deliberate and will likely be operating that subsequent month.

Many thanks! Wishing you an amazing weekend!”

– L.N., IT Supervisor

The ten Attention-grabbing Information Gadgets This Week

Cyberheist ‘Fave’ Hyperlinks

This Week’s Hyperlinks We Like, Suggestions, Hints and Enjoyable Stuff

Recent articles

What’s CRM? A Complete Information for Companies

Buyer relationship administration software program is a gross sales...

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Discovered Stealing Consumer Information

KEY SUMMARY POINTs from the article   Malicious Packages Recognized: Zebo-0.1.0...

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

î ‚Dec 24, 2024î „Ravie LakshmananMalware / Information Exfiltration Cybersecurity researchers have...