CyberheistNews Vol 14 #47 Step-by-Step To Creating Your First Sensible Deepfake Video in a Few Minutes

Step-by-Step To Creating Your First Sensible Deepfake Video in a Few Minutes

By Roger Grimes

Discover ways to create your first practical deepfake video step-by-step in only a few minutes. There comes a time limit when each IT safety individual wants or desires to create their first deepfake video. They not solely need to create their first deepfake video however make it pretty plausible, and if they’re fortunate, scare themselves, their pals, co-workers and executives. I get it. It’s enjoyable.

When you observe these directions, it is going to take you longer to create the free accounts you want (a minute or two) than it does to create your first realistic-looking deepfake video.

There are actually a whole lot of deepfake audio-, image- and video-making websites and providers, and extra seem every day. Every of the prevailing ones will get simpler and extra feature-rich on daily basis. You need to use any of those websites to create your first deepfake video.

[CONTINUED] on the KnowBe4 Weblog, with hyperlinks, screenshots and detailed directions:
https://weblog.knowbe4.com/step-by-step-to-creating-realistic-deepfake-video-in-minutes

Rip, Flip, and Revolutionize Your Phishing Defenses with PhishER Plus

Human error contributes to 68% of information breaches, based on Verizon’s 2024 Information Breach Investigations Report.

It is time to flip that statistic on its head and remodel your customers from vulnerabilities to cybersecurity property.

Meet KnowBe4’s PhishER Plus: The one SOAR e-mail safety providing that mixes AI-driven safety with crowdsourced intelligence for unmatched e-mail safety and incident administration.

On this demo, PhishER Plus can assist you:

• Slash incident response instances by 90%+ by automating message prioritization
• Customise workflows and machine studying to your protocols
• Use crowdsourced intelligence from greater than 13 million customers to dam recognized threats
• Conducts real-world phishing simulations that maintain safety top-of-mind for customers

Be a part of us for a dwell 30-minute demo of PhishER Plus, the #1 Chief within the G2 Grid Report for SOAR Software program, to see it in motion.

Date/Time: TOMORROW, Wednesday, November 20, @ 2:00 PM (ET)

Save My Spot:
https://data.knowbe4.com/phisher-demo-2?partnerref=CHN2

[World Premiere] KnowBe4 Debuts New Season 6 of Netflix-Fashion Safety Consciousness Video Collection – “The Inside Man”

We’re thrilled to announce the long-awaited sixth season of the award-winning KnowBe4 Unique Collection — “The Inside Man” is now obtainable within the KnowBe4 ModStore!

This network-quality video coaching sequence educates and entertains with episodes that tie safety consciousness rules to key cybersecurity finest practices.

From social engineering, CEO fraud and bodily safety, to social media threats, phishing and password theft, “The Inside Man” Season 6 teaches your customers real-world eventualities that empowers customers to make smarter safety choices which might be partaking and enjoyable.

We developed “The Inside Man” to tie genuine hacking and social engineering eventualities with fringe of the seat, emotionally partaking drama. The objective: encourage your customers to take accountability for shielding your group from social engineering assaults by way of safety consciousness rules which might be seamlessly embedded inside a compelling storyline.

From social engineering, CEO fraud and bodily safety, to social media threats, phishing and password theft, “The Inside Man” reveals how simple it may be for dangerous actors to trick customers like yours and wreak havoc in your group.

Season 6 is on the market within the KnowBe4 ModStore for all clients with a Diamond stage subscription.

Weblog submit with hyperlinks, episode descriptions, and the OFFICIAL TRAILER!
https://weblog.knowbe4.com/world-premiere-knowbe4-debuts-new-season-6-inside-man

Nation-State Menace Actors Depend on Social Engineering First

A brand new report from ESET has discovered that the majority nation-state risk actors depend on spear phishing as a major preliminary entry approach.

Within the second and third quarters of 2024, state-sponsored APTs from China, Russia, Iran and North Korea used social engineering assaults to compromise their targets.

Iranian risk actors continued conducting cyber espionage in opposition to nations throughout the Center East, Europe and the U.S. In addition they expanded their concentrating on to hit monetary corporations in Africa.

“We noticed indications that Iran-aligned teams could be leveraging their cyber capabilities to help diplomatic espionage and, doubtlessly, kinetic operations,” ESET says.

“These teams compromised a number of monetary providers corporations in Africa – a continent geopolitically essential to Iran; performed cyber espionage in opposition to Iraq and Azerbaijan, neighboring nations with which Iran has complicated relationships; and elevated their curiosity within the transportation sector in Israel.

“Regardless of this seemingly slender geographical concentrating on, Iran-aligned teams maintained a worldwide focus, additionally pursuing diplomatic envoys in France and academic organizations in the US.”

The Russian risk actor Sednit (often known as “APT28” or “Fancy Bear”) launched phishing assaults designed to compromise Roundcube servers in a wide range of sectors.

“We found new Sednit spear phishing waves, that are a part of the already recognized Operation RoundPress marketing campaign directed in opposition to Roundcube webmail servers,” the researchers write.

“Previously a number of months, we noticed such spear phishing waves in opposition to governmental, tutorial, and defense-related entities in Cameroon, Cyprus, Ecuador, Indonesia, Romania, and Ukraine. Sednit used a variety of lures, from professional information articles to a industrial brochure for thermal optics.”

The researchers word that North Korean risk actors usually set up belief with their victims utilizing phony employment gives earlier than tricking them into putting in malware.

“One other distinctive characteristic of many assaults that we attribute to North Korea-aligned teams is the gradual increase of the connection with the sufferer,” ESET says. “Each Lazarus and Kimsuky used pretend job gives to strategy the focused people. Solely after the sufferer responds and a relationship is established, is a malicious bundle despatched to the sufferer.”

KnowBe4 empowers your workforce to make smarter safety choices on daily basis. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/nation-state-threat-actors-rely-on-social-engineering

How Weak is Your Community In opposition to Ransomware and Cryptomining Assaults?

Unhealthy actors are consistently popping out with new variations of ransomware strains to evade detection. Is your community efficient in blocking ransomware when staff fall for social engineering assaults?

KnowBe4’s Ransomware Simulator “RanSim” offers you a fast take a look at the effectiveness of your present community safety. RanSim will simulate 24 ransomware an infection eventualities and 1 cryptomining an infection state of affairs to indicate you if a workstation is susceptible.

Here is how RanSim works:

• 100% innocent simulation of actual ransomware and cryptomining infections
• Doesn’t use any of your personal information
• Exams 25 forms of an infection eventualities
• Simply obtain the installer and run it
• Ends in a couple of minutes!

That is complimentary and can take you 5 minutes max. RanSim could offer you some insights about your endpoint safety you by no means anticipated!

Get RanSim Now!
https://data.knowbe4.com/ransomware-simulator-tool-1chn

Let’s keep secure on the market.

Heat regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [FREE RESOURCE KIT] Keep Cyber Secure this Vacation Season with Our Free 2024 Useful resource Package!:
https://weblog.knowbe4.com/free-resource-kit-stay-cyber-safe-this-holiday-season-with-our-free-2024-resource-kit

You possibly can learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-14-47-step-by-step-to-creating-your-first-realistic-deepfake-video-in-a-few-minutes

Felony Menace Actor Makes use of Stolen Invoices to Distribute Malware

Researchers at IBM X-Drive are monitoring a phishing marketing campaign by the prison risk actor “Hive0145” that is utilizing stolen bill notifications to trick customers into putting in malware.

Hive0145 acts as an preliminary entry dealer, promoting entry to compromised organizations to different risk actors who then perform further cyberattacks.

“Over the previous yr, Hive0145 has demonstrated proficiency in evolving ways, strategies, and procedures (TTPs) to focus on victims throughout Europe,” the researchers clarify. “Italian, Spanish, German, and Ukrainian victims proceed to obtain weaponized attachments that entice the sufferer to open the file.

“The actor’s campaigns current the sufferer with pretend invoices or receipts and sometimes a brief, generic message of urgency for victims to deal with. Upon loading the connected file, the sufferer unwittingly executes the an infection chain resulting in Strela Stealer malware.”

Notably, the risk actor has begun utilizing actual, stolen bill notifications so as to add legitimacy to its phishing operations.

“In July 2024, X-Drive noticed a mid-campaign change within the emails being distributed by Hive0145, with the brief and generic messages being changed with what gave the impression to be professional stolen emails,” the researchers write. “The phishing emails precisely matched official bill communication emails and, in some instances, nonetheless straight addressed the unique recipients by title.

“X-Drive was capable of confirm that the emails have been in truth genuine bill notifications from a wide range of entities throughout monetary, expertise, manufacturing, media, e-commerce and different industries. It’s probably that the group sourced the emails by way of beforehand exfiltrated credentials from their prior campaigns.”

Strela Stealer is a pressure of malware designed to exfiltrate e-mail credentials. X-Drive notes that these credentials can be utilized to launch enterprise e-mail compromise (BEC) assaults throughout the focused organizations.

“Hive0145’s use of stolen emails for attachment hijacking is an indicator {that a} portion of stolen e-mail credentials could also be used to reap professional emails for additional distribution,” the researchers write.

“Each stolen and actor-created emails utilized by Hive0145 predominantly characteristic invoices as themes, which factors in the direction of potential monetary motivation. It’s attainable that Hive0145 could promote stolen emails to affiliate companions for the needs of additional enterprise e-mail compromise.”

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/criminal-threat-actor-uses-stolen-invoices-to-distribute-malware

Ransomware Surges within the Building Sector

Ransomware assaults in opposition to building corporations elevated by 41% over the previous yr, based on a brand new report from ReliaQuest.

“That is probably pushed by the huge quantities of delicate knowledge that organizations maintain and their essential want to keep up operational continuity,” the researchers write. “These elements, exacerbated by inherent weaknesses similar to insufficient authorities rules and underinvestment in cybersecurity, make the sector notably susceptible to ransomware assaults.”

In the meantime, spear phishing remained the most typical preliminary entry approach. Phishing and different social engineering ways usually precede ransomware assaults and enterprise e-mail compromise (BEC) scams.

“The development sector isn’t any stranger to phishing assaults, which topped the listing of preliminary entry strategies between October 1, 2023, and September 30, 2024,” the researchers write. “The sector’s reliance on third events and contractors, mixed with high-pressure undertaking timelines, makes it notably susceptible to phishing assaults, together with spearphishing.

“Phishing is favored by risk actors for its simplicity and effectiveness. And for building organizations, the operational and monetary penalties of a phishing assault will be extreme.”

ReliaQuest believes the development sector will see a rise in phishing, cloud assaults, and infostealer malware over the subsequent yr:

• “Phishing: We anticipate phishing assaults on the development {industry} to proceed rising, largely because of the sector’s heavy reliance on third events and contractors. These exterior companions usually lack important safety coaching and acceptable use insurance policies, rising their—and consequently the development corporations’—vulnerability to phishing assaults.
• Cloud Exploitation: We anticipate this to develop within the subsequent yr as elevated cloud utilization opens alternatives for assaults. Cloud adoption is on the rise within the sector, however defending the cloud will be difficult as a result of restricted instruments and experience. Attackers exploit this vulnerability to evade detection and keep community entry.
• Infostealers: We additionally anticipate an increase in infostealer assaults over the approaching yr. This kind of malware is designed to compromise consumer credentials, that are then bought on dark-web boards. Armed with these credentials, attackers can achieve entry to delicate building knowledge, similar to engineering blueprints, or deploy further malware inside methods to escalate their assaults.”

KnowBe4 empowers your workforce to make smarter safety choices on daily basis. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.

ReliaQuest has the story:
https://www.reliaquest.com/weblog/report-shows-ransomware-has-grown-41-for-construction-industry/

What KnowBe4 Clients Say

“Hello Stu, Thanks to your e-mail. We’re more than happy with KnowBe4’s merchandise. Each our administration crew and workers members have supplied optimistic suggestions. We’re contemplating scheduling one other safety consciousness coaching session early subsequent yr.”

– Y.H., Senior IT Infrastructure and Community Officer

“Hey Stu, respect you checking in! I am happy to say we have been getting on effectively with KnowBe4 and the coaching it is offering for our customers. We’re now into our second yr and over the course of operating KnowBe4, to date we have run a coaching marketing campaign and 5 phishing campaigns to check customers. We have already received our sixth phishing marketing campaign deliberate and shall be operating that subsequent month.

Many thanks! Wishing you an important weekend!”

– L.N., IT Supervisor