CyberheistNews Vol 14 #47 Step-by-Step To Creating Your First Life like Deepfake Video in a Few Minutes

Step-by-Step To Creating Your First Life like Deepfake Video in a Few Minutes

By Roger Grimes

Discover ways to create your first lifelike deepfake video step-by-step in only a few minutes. There comes a time limit when each IT safety particular person wants or needs to create their first deepfake video. They not solely need to create their first deepfake video however make it pretty plausible, and if they’re fortunate, scare themselves, their buddies, co-workers and executives. I get it. It’s enjoyable.

In case you comply with these directions, it is going to take you longer to create the free accounts you want (a minute or two) than it does to create your first realistic-looking deepfake video.

There are actually a whole bunch of deepfake audio-, image- and video-making websites and providers, and extra seem every day. Every of the present ones will get simpler and extra feature-rich day-after-day. You should use any of those websites to create your first deepfake video.

[CONTINUED] on the KnowBe4 Weblog, with hyperlinks, screenshots and detailed directions:
https://weblog.knowbe4.com/step-by-step-to-creating-realistic-deepfake-video-in-minutes

Rip, Flip, and Revolutionize Your Phishing Defenses with PhishER Plus

Human error contributes to 68% of information breaches, in response to Verizon’s 2024 Knowledge Breach Investigations Report.

It is time to flip that statistic on its head and rework your customers from vulnerabilities to cybersecurity belongings.

Meet KnowBe4’s PhishER Plus: The one SOAR e-mail safety providing that mixes AI-driven safety with crowdsourced intelligence for unmatched e-mail safety and incident administration.

On this demo, PhishER Plus might help you:

• Slash incident response occasions by 90%+ by automating message prioritization
• Customise workflows and machine studying to your protocols
• Use crowdsourced intelligence from greater than 13 million customers to dam identified threats
• Conducts real-world phishing simulations that preserve safety top-of-mind for customers

Be part of us for a stay 30-minute demo of PhishER Plus, the #1 Chief within the G2 Grid Report for SOAR Software program, to see it in motion.

Date/Time: TOMORROW, Wednesday, November 20, @ 2:00 PM (ET)

Save My Spot:
https://information.knowbe4.com/phisher-demo-2?partnerref=CHN2

[World Premiere] KnowBe4 Debuts New Season 6 of Netflix-Fashion Safety Consciousness Video Collection – “The Inside Man”

We’re thrilled to announce the long-awaited sixth season of the award-winning KnowBe4 Unique Collection — “The Inside Man” is now out there within the KnowBe4 ModStore!

This network-quality video coaching sequence educates and entertains with episodes that tie safety consciousness rules to key cybersecurity finest practices.

From social engineering, CEO fraud and bodily safety, to social media threats, phishing and password theft, “The Inside Man” Season 6 teaches your customers real-world eventualities that empowers customers to make smarter safety choices which might be participating and enjoyable.

We developed “The Inside Man” to tie genuine hacking and social engineering eventualities with fringe of the seat, emotionally participating drama. The aim: encourage your customers to take accountability for safeguarding your group from social engineering assaults by means of safety consciousness rules which might be seamlessly embedded inside a compelling storyline.

From social engineering, CEO fraud and bodily safety, to social media threats, phishing and password theft, “The Inside Man” reveals how simple it may be for unhealthy actors to trick customers like yours and wreak havoc in your group.

Season 6 is out there within the KnowBe4 ModStore for all prospects with a Diamond degree subscription.

Weblog publish with hyperlinks, episode descriptions, and the OFFICIAL TRAILER!
https://weblog.knowbe4.com/world-premiere-knowbe4-debuts-new-season-6-inside-man

Nation-State Risk Actors Depend on Social Engineering First

A brand new report from ESET has discovered that the majority nation-state risk actors depend on spear phishing as a main preliminary entry method.

Within the second and third quarters of 2024, state-sponsored APTs from China, Russia, Iran and North Korea used social engineering assaults to compromise their targets.

Iranian risk actors continued conducting cyber espionage in opposition to international locations throughout the Center East, Europe and the U.S. In addition they expanded their concentrating on to hit monetary corporations in Africa.

“We noticed indications that Iran-aligned teams could be leveraging their cyber capabilities to assist diplomatic espionage and, probably, kinetic operations,” ESET says.

“These teams compromised a number of monetary providers companies in Africa – a continent geopolitically necessary to Iran; performed cyber espionage in opposition to Iraq and Azerbaijan, neighboring international locations with which Iran has complicated relationships; and elevated their curiosity within the transportation sector in Israel.

“Regardless of this seemingly slim geographical concentrating on, Iran-aligned teams maintained a worldwide focus, additionally pursuing diplomatic envoys in France and academic organizations in america.”

The Russian risk actor Sednit (also referred to as “APT28” or “Fancy Bear”) launched phishing assaults designed to compromise Roundcube servers in quite a lot of sectors.

“We found new Sednit spear phishing waves, that are a part of the already identified Operation RoundPress marketing campaign directed in opposition to Roundcube webmail servers,” the researchers write.

“Up to now a number of months, we noticed such spear phishing waves in opposition to governmental, educational, and defense-related entities in Cameroon, Cyprus, Ecuador, Indonesia, Romania, and Ukraine. Sednit used a variety of lures, from reliable information articles to a business brochure for thermal optics.”

The researchers notice that North Korean risk actors usually set up belief with their victims utilizing phony employment affords earlier than tricking them into putting in malware.

“One other distinctive characteristic of many assaults that we attribute to North Korea-aligned teams is the gradual build up of the connection with the sufferer,” ESET says. “Each Lazarus and Kimsuky used pretend job affords to strategy the focused people. Solely after the sufferer responds and a relationship is established, is a malicious package deal despatched to the sufferer.”

KnowBe4 empowers your workforce to make smarter safety choices day-after-day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.

Weblog publish with hyperlinks:
https://weblog.knowbe4.com/nation-state-threat-actors-rely-on-social-engineering

How Susceptible is Your Community Towards Ransomware and Cryptomining Assaults?

Dangerous actors are continually popping out with new variations of ransomware strains to evade detection. Is your community efficient in blocking ransomware when staff fall for social engineering assaults?

KnowBe4’s Ransomware Simulator “RanSim” offers you a fast have a look at the effectiveness of your current community safety. RanSim will simulate 24 ransomware an infection eventualities and 1 cryptomining an infection situation to indicate you if a workstation is susceptible.

This is how RanSim works:

• 100% innocent simulation of actual ransomware and cryptomining infections
• Doesn’t use any of your personal information
• Checks 25 forms of an infection eventualities
• Simply obtain the installer and run it
• Ends in a couple of minutes!

That is complimentary and can take you 5 minutes max. RanSim could offer you some insights about your endpoint safety you by no means anticipated!

Get RanSim Now!
https://information.knowbe4.com/ransomware-simulator-tool-1chn

Let’s keep secure on the market.

Heat regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [FREE RESOURCE KIT] Keep Cyber Protected this Vacation Season with Our Free 2024 Useful resource Package!:
https://weblog.knowbe4.com/free-resource-kit-stay-cyber-safe-this-holiday-season-with-our-free-2024-resource-kit

You may learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-14-47-step-by-step-to-creating-your-first-realistic-deepfake-video-in-a-few-minutes

Prison Risk Actor Makes use of Stolen Invoices to Distribute Malware

Researchers at IBM X-Pressure are monitoring a phishing marketing campaign by the felony risk actor “Hive0145” that is utilizing stolen bill notifications to trick customers into putting in malware.

Hive0145 acts as an preliminary entry dealer, promoting entry to compromised organizations to different risk actors who then perform further cyberattacks.

“Over the previous 12 months, Hive0145 has demonstrated proficiency in evolving techniques, methods, and procedures (TTPs) to focus on victims throughout Europe,” the researchers clarify. “Italian, Spanish, German, and Ukrainian victims proceed to obtain weaponized attachments that entice the sufferer to open the file.

“The actor’s campaigns current the sufferer with pretend invoices or receipts and infrequently a brief, generic message of urgency for victims to deal with. Upon loading the hooked up file, the sufferer unwittingly executes the an infection chain resulting in Strela Stealer malware.”

Notably, the risk actor has begun utilizing actual, stolen bill notifications so as to add legitimacy to its phishing operations.

“In July 2024, X-Pressure noticed a mid-campaign change within the emails being distributed by Hive0145, with the quick and generic messages being changed with what gave the impression to be reliable stolen emails,” the researchers write. “The phishing emails precisely matched official bill communication emails and, in some circumstances, nonetheless instantly addressed the unique recipients by title.

“X-Pressure was in a position to confirm that the emails had been in truth genuine bill notifications from quite a lot of entities throughout monetary, expertise, manufacturing, media, e-commerce and different industries. It’s probably that the group sourced the emails by means of beforehand exfiltrated credentials from their prior campaigns.”

Strela Stealer is a pressure of malware designed to exfiltrate e-mail credentials. X-Pressure notes that these credentials can be utilized to launch enterprise e-mail compromise (BEC) assaults inside the focused organizations.

“Hive0145’s use of stolen emails for attachment hijacking is an indicator {that a} portion of stolen e-mail credentials could also be used to reap reliable emails for additional distribution,” the researchers write.

“Each stolen and actor-created emails utilized by Hive0145 predominantly characteristic invoices as themes, which factors in direction of potential monetary motivation. It’s doable that Hive0145 could promote stolen emails to affiliate companions for the needs of additional enterprise e-mail compromise.”

Weblog publish with hyperlinks:
https://weblog.knowbe4.com/criminal-threat-actor-uses-stolen-invoices-to-distribute-malware

Ransomware Surges within the Building Sector

Ransomware assaults in opposition to building corporations elevated by 41% over the previous 12 months, in response to a brand new report from ReliaQuest.

“That is probably pushed by the huge quantities of delicate information that organizations maintain and their important want to keep up operational continuity,” the researchers write. “These elements, exacerbated by inherent weaknesses equivalent to insufficient authorities rules and underinvestment in cybersecurity, make the sector significantly susceptible to ransomware assaults.”

In the meantime, spear phishing remained the commonest preliminary entry method. Phishing and different social engineering techniques usually precede ransomware assaults and enterprise e-mail compromise (BEC) scams.

“The development sector is not any stranger to phishing assaults, which topped the listing of preliminary entry methods between October 1, 2023, and September 30, 2024,” the researchers write. “The sector’s reliance on third events and contractors, mixed with high-pressure venture timelines, makes it significantly susceptible to phishing assaults, together with spearphishing.

“Phishing is favored by risk actors for its simplicity and effectiveness. And for building organizations, the operational and monetary penalties of a phishing assault might be extreme.”

ReliaQuest believes the development sector will see a rise in phishing, cloud assaults, and infostealer malware over the subsequent 12 months:

• “Phishing: We anticipate phishing assaults on the development {industry} to proceed rising, largely because of the sector’s heavy reliance on third events and contractors. These exterior companions usually lack important safety coaching and acceptable use insurance policies, growing their—and consequently the development corporations’—vulnerability to phishing assaults.
• Cloud Exploitation: We count on this to develop within the subsequent 12 months as elevated cloud utilization opens alternatives for assaults. Cloud adoption is on the rise within the sector, however defending the cloud might be difficult because of restricted instruments and experience. Attackers exploit this vulnerability to evade detection and keep community entry.
• Infostealers: We additionally count on an increase in infostealer assaults over the approaching 12 months. This sort of malware is designed to compromise consumer credentials, that are then bought on dark-web boards. Armed with these credentials, attackers can acquire entry to delicate building information, equivalent to engineering blueprints, or deploy further malware inside methods to escalate their assaults.”

KnowBe4 empowers your workforce to make smarter safety choices day-after-day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.

ReliaQuest has the story:
https://www.reliaquest.com/weblog/report-shows-ransomware-has-grown-41-for-construction-industry/

What KnowBe4 Clients Say

“Hello Stu, Thanks to your e-mail. We’re very happy with KnowBe4’s merchandise. Each our administration staff and employees members have supplied constructive suggestions. We’re contemplating scheduling one other safety consciousness coaching session early subsequent 12 months.”

– Y.H., Senior IT Infrastructure and Community Officer

“Hey Stu, admire you checking in! I am happy to say we have been getting on properly with KnowBe4 and the coaching it is offering for our customers. We’re now into our second 12 months and over the course of operating KnowBe4, to date we have run a coaching marketing campaign and 5 phishing campaigns to check customers. We have already bought our sixth phishing marketing campaign deliberate and will likely be operating that subsequent month.

Many thanks! Wishing you a terrific weekend!”

– L.N., IT Supervisor