Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

ALERT: New Ransomware Spearphish Uses One-Click Dropbox Attack

The cyber-mafia is stepping up the pressure. As you know, there are several competing gangs that are furiously innovating in an attempt to grab as much money as possible. Call it a ...
Continue Reading

NEW: This Week's Five Most Popular HackBusters Posts

There is an enormous amount of noise in the security space, so how do you know what people really talk about and think is the most important topic? Well, we created the Hackbusters site ...
Continue Reading

Scam Of The Week: 911 Phone Threat

Residents in Ohio are being "beta tested" by cybercrime for a scam that will inevitably also hit all other states. Here is your Scam Of The Week heads-up. This particular scam will also ...
Continue Reading

35 percent of Kansas City Employees Turn Out Phish-prone

From the Kansas City Star: Would-be hackers duped 35% of Kansas City employees into opening the door to municipal computer systems sometime in the last six months, a city audit report ...
Continue Reading

RANT: Renewing Office 365 Online D(H)ell

OK, buying a new Dell machine 12 months ago I decided to get a subscription to Office 365. For about a year everything ran fine, but then I started to get warning messages in the apps ...
Continue Reading

Experts: Social Engineering Attacks Harder To Stop

Michael Heller at TechTarget wrote a good longish article where he concluded: "As more personal and corporate information is shared on the Web, social engineering techniques and attacks ...
Continue Reading

CyberheistNews Vol 5 #12 Why Your Brain Shuts Down When You See A Security Alert

"ALERT: New Ransomware Spear Phish Uses One-Click Dropbox Attack The cyber-mafia is stepping up the pressure. As you know, there are several competing gangs that are furiously innovating ...
Continue Reading

How to get your Phish-prone percentage up. Up? Yes, Up.

Something surprising happened last week. A few of our customers reported that their phish-prone percentage was going up. Up? Yes, up. Not something you normally would expect or ...
Continue Reading

Premera And Anthem Both Hacked Using Shrewd Social Engineering

Health records are the new credit cards. They have a longer shelf life and are often easier to get. There are more opportunities for fraud. No wonder that bad guys are after them with a ...
Continue Reading

Why your brain shuts down when you see a security alert

Been mystified why end-users do not seem to get it? Their eyes glazing over when a security alert pops up on their screen? Brand new neuroscience research using MRI shows a dramatic drop ...
Continue Reading

China Finally Admits It Has A Hacker Army

China finally admits it has special cyber warfare units — and a lot of them. This is the "advanced persistent threat" cyber security experts have been pointing to.
Continue Reading

Despite Mobile App Risks Enterprise Does Not Have Mobile Security Policy

Here is the disconnect: 82 percent of IT pros think that BYOD in the workplace has “very significantly” or “significantly” increased IT security risks, less than half of organizations ...
Continue Reading

Banking Regulator Issues New Phishing Alert

The National Credit Union Administration, (NCUA) warns netizens about phishing emails containing links to a fraudulent website that resembles the NCUA are being pushed to consumers.
Continue Reading

Security experts say law firms are perfect targets for hackers

Susan Hansen at Bloomberg business reported that cyber attacks upend the attorney-client privilege.
Continue Reading

Ransomware: Pay Up Or Fight. What Would You Do?

Ask security experts what to do when hit with ransomware -- the sophisticated malware that infects a device or network, uses military-grade encryption to restrict access, and demands ...
Continue Reading

CyberheistNews Vol 5 #11 Ransomware: Pay Up Or Fight. What Would You Do?

Ransomware: Pay Up Or Fight. What Would You Do? Ask security experts what to do when hit with ransomware -- the sophisticated malware that infects a device or network, uses military-grade ...
Continue Reading

Report: 71 percent successfully spear-phished in 2014

Adam Greenberg at SC Magazine reported on something interesting:
Continue Reading

Spear Phishing Attack Nearly Costs FL City $500K

A spear-phishing last month at Orange Park City Hall almost got away with $500,000 from the city's bank account. Fortunately it was caught in time so that a wire transfer that already had ...
Continue Reading

Scam Of The Week: Phishing For Apple Watch

This week, Apple had their big Apple Watch release event, and the press is full of news about the models and pricing. Pundits are sprinkling their predictions about features and future ...
Continue Reading

CEO Fraud Social Engineering Scam On The Rise

Known variously as the “CEO fraud,” or the “business email compromise,” highly sophisticated cyber criminals try to social engineer businesses that work with foreign suppliers. This ...
Continue Reading

CyberheistNews Vol 5 #10 New CryptoWall Attack Wave Using Help Files / Scam Of The Week

New CryptoWall Attack Wave Using Help Files / Scam Of The Week A new CryptoWall attack wave has hit end-users with malicious .chm attachments that infect networks with the latest and most ...
Continue Reading

New Ransomware CryptoFortress Encrypts Unmapped Network Shares

Used to be that ransomware only looked at hard drive C:, and then any other mapped drives like D:, E:, F: etc., but now a whole new malicious strain that has stolen the same look & ...
Continue Reading

New CryptoWall Attack Uses Malicious Help File Attachments

A new CryptoWall attack wave has hit end-users with phishing emails containing malicious .chm attachments that infect networks with the latest and most sophisticated file-encrypting ...
Continue Reading

Anatomy of a ransomware attack [Infographic]

How does ransomware actually work? Ransomware attacks cause downtime, data loss, possible intellectual property theft, and in certain industries a ransomware attack is considered a data ...
Continue Reading

CyberheistNews Vol 5 #9 Mar 3, 2015 How To Get The OK To Phish Your Own Employees

CyberheistNews Vol 5 #9 Mar 3, 2015 How To Get The OK To Phish Your Own Employees IT people responsible for network security talk to us all the time. Almost all of them agree that ...
Continue Reading

Russia tops list of nation-state cyber threats against U.S.

I have been talking about cyber war / cyber threats from Russia on this blog for about two years now, and it looks like I was on the mark.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews