Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Are there free ransomware decryption tools?

JP Buntix wrote: "Two types of ransomware making headlines all across the world in recent months are called CryptoLocker and CoinVault. Both types of ransomware operate in the same way, ...
Continue Reading

Some Interesting Security Awareness Computer-Based Training Numbers

You may know Gartner, the 800-pound gorilla in the IT Analyst space. When a market is mature enough they create their so-called Magic Quadrant (MQ) with the leading vendors in that ...
Continue Reading

It's heeere! Criminal Ransomware as a Service

As we predicted in our whitepaper "Your Money or Your Life/Files", there is now shake-and-bake criminal ransomware that aspiring Internet criminals can put together in a few minutes. Meet ...
Continue Reading

The Information Security Policy Trap

InfoSec genius Ben Tomhave wrote: "It's that time of year again: time to update the policies! This annual exercise is always a source of great enjoyment for me (no, not really). After ...
Continue Reading

Is Your Network Infected With Sleeper Ransomware?

This is a concerning new "sleeper" ransomware twist.
Continue Reading

Will Your Contractors Take Down Your Business?

Will Your Contractors Take Down Your Business? Do you know how well your vendors, business associates, contracted third parties (who I will collectively call “contractors”) are protecting ...
Continue Reading

CyberheistNews Vol 5 #20 Adult Friend Finder Hack Is Nightmare Phishing Problem

Adult Friend Finder Hack Is Nightmare Phishing Problem Guys, we have a real phishing problem with this Adult Friend Finder (AFF) hack. This particular adult site is one of the most ...
Continue Reading

Adult Friend Finder Hack Is Nightmare Phishing Problem

Guys, we have a real phishing problem with this Adult Friend Finder (AFF) hack. This particular adult site is one of the most heavily-trafficked websites in the U.S. and has 40 million ...
Continue Reading

Researchers Observe SVG Files Being Used To Distribute Ransomware

Researchers with AppRiver have observed attackers sending out phishing emails with SVG files attached – these files, when downloaded and executed, open up websites that download what ...
Continue Reading

CyberheistNews Vol 5 #19 Scam Of The Week: Red Bull Money Mule Victims

Scam Of The Week: Red Bull Money Mule Victims Warn your employees, friends and family about a cunning money laundering scam that is currently back on the rise. This lure was first used ...
Continue Reading

This Week's Five Most Popular HackBusters Posts 5/17/2015

What are IT security people talking about? Here are this week's five most popular hackbusters posts: 1) Feds Say That Banned Researcher Commandeered a Plane: ...
Continue Reading

Starbucks Hack: A Great Example Why You Should Not Reuse Passwords

Use this story and send it to your employees as a cautionary tale to make it real to them they should not reuse passwords in general, but especially not for any online payment accounts! ...
Continue Reading

Heads-up: 'Breaking Bad' Ransomware Beta Tested Down Under

You can expect ransomware in America in the next few weeks which has a Breaking Bad theme. Take this a bit further and we can expect ransomware with Halloween themes later this year. ...
Continue Reading

Scam Of The Week: Red Bull Money Mule Victims

Warn your employees, friends and family about a cunning money laundering scam that is currently back on the rise. This lure was used during spring break in 2014 and apparently successful ...
Continue Reading

Has Anyone Used KnowBe4?

May 14, 2014 7:45 AM BruceyBonus asked the following question at the SpiceWorks Security Forum: "Hi All, been in contact with a company called Knowbe4, they offer a simulated phishing ...
Continue Reading

Get Real About User Security Training

Do you despair that users will never learn to avoid stupid security mistakes that compromise your organization? Maybe you're not spending enough time and effort on training. Roger Grimes ...
Continue Reading

CyberheistNews Vol 5 #18 May 12, 2015 How New Phishing Malware Rombertik Kills Your Hard Drives

CyberheistNews Vol 5 #18 May 12, 2015 How New Phishing Malware Rombertik Kills Your Hard Drives InfoSec researchers at Cisco's TALOS group discovered a strain of malware that spreads ...
Continue Reading

Phishing in the C-Suite: 96% of Executives Vulnerable to Attacks

According to a recent survey, 96% of executives failed to tell the difference between a real email and a phishing email 100% of the time.
Continue Reading

Credit Union Times: Ransomware, WordPress Threats Grow

At 27%, banks and credit unions are the largest segment of KnowBe4's customers, obviously because they are the bad guys' #1 target. Thing is, banks and credit unions found us, we did not ...
Continue Reading

How Phishing Malware Rombertik Kills Your Hard Drives

InfoSec researchers at Cisco's TALOS group discovered a strain of malware that spreads through phishing. Attackers use social engineering tactics to entice users to download, unzip, and ...
Continue Reading

What our customers are saying about our security awareness training

One of our customers sent us this today: "I wanted to give you an update on our security awareness training. When we did the baseline phishing campaign for 85 employees and we had a click ...
Continue Reading

CyberheistNews Vol 5 #18 May 5, 2015 Your Antivirus Enduser Is Exposed To Phishing Attacks For 17.5 Hours

CyberheistNews Vol 5 #18 May 5, 2015 Your Antivirus Enduser Is Exposed To Phishing Attacks For 17.5 Hours The 2015 Websense threat report is abundantly clear about it. "Websense detected ...
Continue Reading

Your Antivirus Enduser Is Exposed To Phishing Attacks For 17.5 Hours

The 2015 Websense threat report is abundantly clear about it. "Websense detected 28 percent of malicious email messages before an antivirus signature became available, presenting AV users ...
Continue Reading

NEW: This Week's Five Most Popular HackBusters Posts 2015-5-2

NEW: This Week's Five Most Popular HackBusters Posts What are IT security people talking about? Here are this week's five most popular hackbusters posts: 1) The Untold Story Of Silk Road ...
Continue Reading

10 Lessons Learned From Painful Ryanair $5M Cyberheist

Low-cost airline Ryanair shamefacedly came clean last week that they fell victim to a cyberheist which stole almost 5 million dollars out of its fuel bank account. The money was siphoned ...
Continue Reading

Social Engineering Exploit Fools HR with Infected IT Resumes

Proofpoint threat researchers recently detected a clever email-based attack that combines phishing and social engineering techniques in order to trick users into opening a malicious ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews