Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Phishing Emails Use SVG Files to Avoid Detection

Phishing emails are increasingly using Scalable Vector Graphics (SVG) attachments to display malicious forms or deliver malware, BleepingComputer reports.
Continue Reading

Threat Group Use AI Adult-Based “Deepnude” Image Generator Honeypots to Infect Victims

The threat group FIN7 is using the lure of generating nude images of favorite celebrities to get victims to download their NetSupport RAT.
Continue Reading

Phishing Attacks Exploits the Open Enrollment Period

A phishing campaign is impersonating HR to target employees who are making annual insurance changes during the open enrollment period, according to researchers at Abnormal Security.
Continue Reading

Fraud Awareness Week

The Association of Certified Fraud Examiners (ACFE) recently released a report Occupational Fraud 2024: A Report to the Nations, where they estimated that most organizations lose about 5% ...
Continue Reading

Ransomware Gangs Evolve: They're Now Recruiting Penetration Testers

A new and concerning cybersecurity trend has emerged. According to the latest Q3 2024 Cato CTRL SASE Threat Report from Cato Networks, ransomware gangs are now actively recruiting ...
Continue Reading

Out of 29 Billion Cybersecurity Events, Phishing was the Primary Method of Initial Attack

The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access.
Continue Reading

Beware of Fake Tech Support Scams

About five years ago, I was having trouble with an expensive brand-name refrigerator that my wife and I had bought. It was a great refrigerator feature-wise. My wife and I initially loved ...
Continue Reading

Dark Side of Deals: Emerging Scams for Black Friday, Cyber Monday and Giving Tuesday

As the holiday shopping season kicks into high gear, cybercriminals are gearing up too. This year, alongside the usual suspects, we're seeing some crafty new scams, so let’s take a look ...
Continue Reading

Threat Actors are Sending Malicious QR Codes Via Snail Mail

The Swiss National Cyber Security Centre (NCSC) has warned of a QR code phishing (quishing) campaign that’s targeting people in Switzerland via physical letters sent through the mail, ...
Continue Reading

A New Era In Human Risk Management:Introducing KnowBe4 HRM+

Cybersecurity threats grow more sophisticated by the day. Amid this constant change, one truth remains: people are simultaneously our greatest security vulnerability and our strongest ...
Continue Reading

Purina’s Champions Program Is the Best I Have Seen

In my most recent book, Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing, I highlight the use of “champions," which are co-workers in your organization ...
Continue Reading

The World Premiere of The Inside Man - Season 6 in St. Petersburg, Florida

KnowBe4, the leading platform for security awareness training, is excited to bring the award-winning original series, "The Inside Man,” back to your screens with more excitement, drama, ...
Continue Reading

Phishing Attacks Exploit Microsoft Visio Files and SharePoint

Threat actors are exploiting Microsoft Visio files and SharePoint to launch two-step phishing attacks, according to researchers at Perception Point.
Continue Reading

Half of all Ransomware Attacks This Year Targeted Small Businesses

New data shows just how crippling ransomware has been on small businesses that have fallen victim to an attack and needed to pay the ransom.
Continue Reading

[World Premiere] KnowBe4 Debuts New Season 6 of Netflix-Style Security Awareness Video Series - “The Inside Man”

We’re thrilled to announce the long-awaited sixth season of the award-winning KnowBe4 Original Series - “The Inside Man” is now available in the KnowBe4 ModStore!
Continue Reading

Fortifying Defenses Against AI-Powered OSINT Cyber Attacks

In the ever-evolving landscape of cybersecurity, the convergence of Artificial Intelligence (AI) and Open-Source Intelligence (OSINT) has created new opportunities for risk.
Continue Reading

Criminal Threat Actor Uses Stolen Invoices to Distribute Malware

Researchers at IBM X-Force are tracking a phishing campaign by the criminal threat actor “Hive0145” that’s using stolen invoice notifications to trick users into installing malware.
Continue Reading

Nation-State Threat Actors Rely on Social Engineering First

A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique.
Continue Reading

Step-by-Step To Creating Your First Realistic Deepfake Video in a Few Minutes

Learn how to step-by-step create your first realistic deepfake video in a few minutes.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews