Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

[New Feature] Start Coaching Your Users in Real Time With the New Google Chat Integration for KnowBe4's SecurityCoach

Attention Google Workspace users! You’ve asked, and we’ve delivered, integrating KnowBe4's SecurityCoach with Google Chat.
Continue Reading

The Number of New Pieces of Malware Per Minute Has Quadrupled in Just One Year

The threat of novel malware is growing exponentially, making it more difficult for security solutions to identify attachments and links to files as being malware.
Continue Reading

A Simple 'Payment is Underway' Phishing Email Downloads RATs from AWS, GitHub

Analysis of a new initial access malware attack shows how simple these attacks can be while also proving that malware can reside on legitimate repositories.
Continue Reading

[SCARY] Research Shows Weaponized GenAI Worm That Gets Distributed Via A Zero Click Phishing Email

Israeli researchers came out with a hell of a thing just now. Here is a bit of the abstract and a video. YIKES.
Continue Reading

It’s Official: Cyber Insurance is No Longer Seen as a 'Safety Net'

A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy toward being cyber resilient.
Continue Reading

New Phishing-as-a-Service Kit Attempts to Bypass MFA

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its ...
Continue Reading

[New Research] KnowBe4's Report is a Call to Action for Global Organizations to Improve Their Security Culture

We’re thrilled to announce the release of the 2024 Security Culture Report, which dives deep into how security measures affect organizations and the way employees act and feel at work.
Continue Reading

The Average Malicious Website Exists for Less Than 10 Minutes

A new Chrome update brings to light Google findings about malicious websites that have serious implications on detecting malicious links, spoofed brands and the use of legitimate web ...
Continue Reading

There Is Only So Much Lipstick You Can Put on a Cybercriminal Troll

The one thing I love about our annual conference in Orlando, KB4-CON, is its thought-provoking nature. Year after year, the events team manages to keep a fine balance between product ...
Continue Reading

Cloud-Conscious Cyber Attacks Spike 110% as Threat Groups Sharpen their Attack Skills

New data shows increased expertise in leveraging and exploiting cloud environments.
Continue Reading

FBI: Losses Due to Cybercrime Jump to $12.5 Billion as Phishing Continues to Dominate

The FBI’s Internet Crime Complaint Center (IC3) newly-released Internet Crimes Report provides an unbiased big picture of the cyber crimes that were the most used and most successful.
Continue Reading

Social Engineering The #1 Root Cause Behind Most Cyber Crimes In FBI Report

The following paragraphs were cited directly from my recent article highlighting social engineering. "Social engineering and phishing are involved in 70% to 90% of all successful ...
Continue Reading

Ransomware Group “RA World” Changes Its’ Name and Begins Targeting Countries Around the Globe

The threat group "RA World" (formerly RA Group) has shifted from country-specific ransomware attacks to include specific industries via a new - not previously seen - method of extortion.
Continue Reading

[Heads-Up] Phishing Campaign Delivers VCURMS RAT

Researchers at Fortinet are tracking a phishing campaign that’s distributing a new version of the VCURMS remote access Trojan (RAT).
Continue Reading

CISA Recommends Continuous Cybersecurity Training

In an age when 70% - 90% of successful data breaches involve social engineering (which gets past all other defenses), sufficient training is needed to best reduce human-side cybersecurity ...
Continue Reading

[Heads Up] Reinforce Your Defenses Against Rising Supply-Chain Cyber Threats

James Rundle at The Wall Street Journal today reported that in response to escalating supply-chain cyberattacks, companies are intensifying their scrutiny over suppliers to protect ...
Continue Reading

AI and the Boardroom: Bridging Innovation and Security

Today, artificial intelligence (AI) is no longer a futuristic concept but a tool that is driving operational efficiency, customer experience, and decision-making processes. Organizations ...
Continue Reading

Phishing Tops 2023’s Most Common Cyber Attack Initial Access Method

New analysis shows that the combination of phishing, email, remote access, and compromised accounts are the focus for most threat actors.
Continue Reading

State-Sponsored Russian Phishing Campaigns Target a Variety of Industries

Researchers at IBM X-Force are monitoring several ongoing phishing campaigns by the Russian state-sponsored threat actor ITG05 (also known as “APT28” or “Fancy Bear”). APT28 has been tied ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews