InfoArmor: The Yahoo Hackers Were Not State-sponsored

Sep 29, 2016 3:54:11 PM By Stu Sjouwerman

Eastern European organized crime, not state-sponsored hackers, were behind the record breaking 2014 Yahoo data breach that exposed information about hundreds of millions of Yahoo user ...

Brazen: Phishing Attacks The Bad Guys Send When No One's Looking

Sep 28, 2016 4:21:56 PM By Stu Sjouwerman

When we talk with folks outside the security industry about what we see from the bad guys on a daily basis, we often get the response, "Wow! That's really sneaky." And it's true. The bad ...

Ransomware Is Now Officially Extortion Under California Law

Sep 28, 2016 4:03:48 PM By Stu Sjouwerman

Of course everyone knows that hacking into a computer is a federal crime, and infecting a system with ransomware already falls into that bucket. However, California’s SB-1137, signed into ...

CyberheistNews Vol 6 #39 Scam Of The Week: Apple Store Phishing Attack Goes For Whole Enchilada

Sep 26, 2016 9:58:44 AM By Stu Sjouwerman

Gang Uses Social Engineering To Steal 147 Million Dollars

Sep 26, 2016 7:19:41 AM By Stu Sjouwerman

Police have arrested a 147 million international fraud and money laundering ring, and jailed nine fraudsters jailed for over 27 years The gang targeted thousands of Lloyds and RBS ...

What is the Necurs Botnet And How Does It Spread Locky Ransomware?

Sep 25, 2016 7:30:57 AM By Stu Sjouwerman

In Short: The Necurs botnet is one of the world's largest botnets with more than 6 million zombie machines tied into it. It's run by Russian organized cybercrime and responsible for ...

Don't Make These Two Major Multi-Factor Security Mistakes

Sep 24, 2016 2:13:54 PM By Stu Sjouwerman

An employee sent this recent horror story to me (thanks Rachel). Remember there are three ways of learning. :-D Read it in a book, blog (or training session) understand it and apply it ...

Price Discrimination: The Fantom Menace of Ransomware

Sep 24, 2016 9:50:14 AM By Stu Sjouwerman

By Eric Howes, KnowBe4 Principal Lab Researcher. Over the past few months we've discussed the rising use of price discrimination among purveyors of ransomware to maximize their returns on ...

New KnowBe4 Phishing Campaign Creation Screen

Sep 23, 2016 3:42:50 PM By Stu Sjouwerman

You asked and we listened! We’ve enhanced our Phishing Campaign creation options to give you more flexibility and customization when phishing your users! You can now: Phish your users ...

These 500 Million Hacked Yahoo Accounts Are A Phishing Paradise. Warn Your Users!

Sep 23, 2016 7:55:54 AM By Stu Sjouwerman

It's all over the press. Here is a quote from Reuters: "Yahoo Inc said on Thursday information associated with at least 500 million user accounts was stolen from its network in 2014 by ...

New Version of iSpy Trojan Steals Your Software Licenses

Sep 22, 2016 3:59:43 PM By Stu Sjouwerman

Earlier this year we posted about Jsocket, a highly malicious Trojan that we spotted being delivered through phishing emails shared with us via the Phish Alert Button (PAB). Although ...

Scam Of The Week: Apple Store Phishing Attack Goes For Whole Enchilada

Sep 21, 2016 4:49:55 PM By Stu Sjouwerman

Phishing attacks using false Apple Store email messages, fake landing pages and sometimes fake login pages are still a very popular attack vector. They still make it through all the ...

Bad Guy FAIL! or, When a Simple Credentials Phish Goes Horribly Wrong

Sep 21, 2016 1:49:22 PM By Stu Sjouwerman

By Eric Howes, KnowBe4 Principal Lab Researcher. Anyone who works a job in the computer security industry inevitably develops a kind of dark appreciation for the mad skills so often ...

As Neutrino takes a hit, RIG Exploit Kit jumps at the opportunity and spreads ransomware

Sep 21, 2016 8:05:28 AM By Stu Sjouwerman

Andra Zaharia (the picture is really her) from the Danish Heimdal Security wrote something interesting this morning that I thought you'd like to know:

Reported Phishes of the Week

Sep 20, 2016 3:58:20 PM By Stu Sjouwerman

KnowBe4's Templates Mistress Katie has been busy again adding a new batch of phishing templates to the collection of "System Templates" available to active subscribers.

A new "long con" Scam Of The Week: Binary Options

Sep 20, 2016 7:54:59 AM By Stu Sjouwerman

Most scams on the internet are "short con" scams, compare them to hit & run. However, "long con" scams have started to show up that can take a few months to finally steal the money. ...

Investment fund loses $6 million in CEO Fraud and shuts down

Sep 19, 2016 12:59:43 PM By Stu Sjouwerman

CNBC reported some pretty stunning breaking news. I cannot come up with a better case for new-school security awareness training for employees in accounting and HR. A lawsuit filed on ...

CyberheistNews Vol 6 #38 [ALERT] FBI Warns Ransomware Attacks Are Getting More Dangerous And Expensive

Sep 19, 2016 9:50:09 AM By Stu Sjouwerman

*|CyberHeistNews|* CyberheistNews Vol 6 #38 [ALERT] The FBI Warns That Ransomware Attacks Are Getting More Dangerous And Expensive In an alert published this week, the U.S. Federal Bureau ...

McAfee: Ransomware Has Grown 128 Percent Over 2015

Sep 17, 2016 5:01:49 PM By Stu Sjouwerman

Intel Security's McAfee Labs Threat Report for September 2016 provides insight into the latest security statistics and trends, ranging from botnets to ransomware to malware "zoos." Large ...

Meet Mamba: New Full Disk Encryption Ransomware

Sep 17, 2016 8:06:13 AM By Stu Sjouwerman

SecurityAffairs just published a new discovery that you need to know about. A Brazilian Infosec research group, Morphus Labs, just discovered a new Full Disk Encryption (FDE) ransomware ...

[ALERT] FBI Warns Ransomware Attacks Get More Targeted And Expensive

Sep 16, 2016 4:13:34 PM By Stu Sjouwerman

In an alert published today, the U.S. Federal Bureau of Investigation (FBI) warned that recent ransomware variants have targeted and compromised vulnerable business servers (rather than ...

New Vicious And Highly Targeted Ransomware Attacks Made Public

Sep 16, 2016 10:36:57 AM By Stu Sjouwerman

Here’s an example of a highly targeted ransomware attack, with bad guys using a phony Bank of Montreal (BMO) template to social engineer possible victims into clicking on a malicious ...

A Single Ransomware Gang Made $121M In 2016

Sep 14, 2016 11:31:44 AM By Stu Sjouwerman

Intel Security today released its McAfee Labs Threats Report: September 2016, which assesses the growing ransomware threat; surveys the “who and how” of data loss; explains the practical ...

Targeted Lawsuit Phishing Attack With Sophisticated Payload

Sep 13, 2016 4:11:55 PM By Stu Sjouwerman

We are seeing a big phishing wave with a social engineering attack that threatens with a personalized lawsuit using the domain name of the targeted victim. This is an interesting payload ...

Adding Insult To Injury: The Ginsu Knives Approach To Ransomware

Sep 12, 2016 5:27:54 PM By Stu Sjouwerman

Kaspersky has a fascinating blog post on a new strain of ransomware called RAA that is not only fairly sophisticated, but incredibly abusive:

CyberheistNews Vol #6 #37 Scam Of The Week: A New Type Of Tech Support Fraud

Sep 12, 2016 9:42:39 AM By Stu Sjouwerman

Seagate Sued By Own Employees For CEO Fraud Attack

Sep 12, 2016 7:48:16 AM By Stu Sjouwerman

Hard drive manufacturer Seagate was sued by its own employees as the result of a successful CEO fraud attack where all the personal information of 10,000 existing and former employees ...

Philadelphia Ransomware Strain Offers "Mercy" Button

Sep 12, 2016 7:22:41 AM By Stu Sjouwerman

Larry Abrams at Bleepingcomputer reported on a new strain that raises some eyebrows. "A new version of the Stampado ransomware called Philadelphia has started being sold for $400 USD by a ...

Scam Of The Week: A New Type Of Tech Support Fraud

Sep 11, 2016 10:17:41 AM By Stu Sjouwerman

We spotted an unusual phishing email which revealed a new scam your users will soon find in their inbox. Time to inoculate them before it becomes a problem! Many online service providers ...

Having some Phun With Phishers - CEO Fraud Blow-By-Blow

Sep 10, 2016 11:01:39 AM By Stu Sjouwerman

For the last 9 years I have been a board member of the public/private Clearwater Downtown Partnership. And as many public organizations, all the board member information is freely ...

"But, But, But... I Didn't Click!" False Positives In Phishing Tests

Sep 10, 2016 9:55:51 AM By Stu Sjouwerman

The following question was posted in the SANS Securing The Human forum. I thought it was a very good point and asked our VP Product Greg Kras for his perspective. First the question:

Funny Phishing Story: Your Online Order Receipt

Sep 10, 2016 9:21:34 AM By Stu Sjouwerman

A customer sent us this: Hi, I wanted to share with you a funny story…. My boss calls me into her office, very serious like. She sits me down and asks “Did you use the company credit card ...

KnowBe4 Is Hiring: QA Engineer and Sr Ruby Developer

Sep 9, 2016 11:49:56 AM By Stu Sjouwerman

Hi All, KnowBe4 is looking for a few good people. Specifically we are hiring a QA Engineer and a Senior Ruby Developer. Know anyone? Send them to our Jobs page on the website. KnowBe4 is ...

Coming Soon to an Inbox Near You: A New Type Of Tech Support Scam

Sep 9, 2016 7:29:48 AM By Stu Sjouwerman

By Eric Howes, KnowBe4 Principal Lab Researcher. Yesterday we spotted an unusual phishing email that we'd like to share with readers. If nothing else, it tells us that the increased ...

Tampa FBI: Your business is going to get hacked (or get infected with ransomware)

Sep 7, 2016 8:55:53 AM By Stu Sjouwerman

The Tampa Bay Business Journal published an interview with FBI Special Agent Lawrence Wolfenden. Wolfenden is a 25-year veteran of the FBI, the lead agency for investigating cyber attacks ...

Phishing Attack With Malicious Word Doc Changes Proxy Settings

Sep 6, 2016 3:20:31 PM By Stu Sjouwerman

Microsoft recently came across a threat that uses social engineering but delivers a different payload than the usual Office document with macros. Its primary purpose is to change a user’s ...

CyberheistNews Vol 6 #36 [ALERT] A New Criminal Phishing-As-A-Service Steals 688K Credentials

Sep 6, 2016 9:45:14 AM By Stu Sjouwerman

New Cry Ransomware Strain Has Unusual Advanced Features

Sep 6, 2016 7:14:33 AM By Stu Sjouwerman

Larry Abrams at Bleepingcomputer reported on a new strain with a few unusual features: "A new ransomware that pretends to be from a fake organization called the Central Security Treatment ...

Evidence Hillary Was Speared In Phishing Attack

Sep 4, 2016 10:54:54 AM By Stu Sjouwerman

The Smoking Gun reported: "SEPTEMBER 2--The FBI’s Hillary Clinton investigation turned up evidence that her e-mail accounts were targeted in multiple “spear phishing” attacks, one of ...

Criminal Phishing-as-a-Service Platform Steals Credentials

Sep 1, 2016 5:15:25 PM By Stu Sjouwerman

Want someone's credentials? Just social engineer them. Phishing is still responsible for 91% of data breaches and has been for the last few years. A Russian cyber mafia has created a ...

I have an invitation to join a new exciting online community: Hackbusters!

Sep 1, 2016 4:07:39 PM By Stu Sjouwerman

KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! You ...

Cyberheist Nets 44 Million In Single CEO Fraud Attack

Sep 1, 2016 8:02:02 AM By Stu Sjouwerman

Earlier in August, one of the world's largest cable manufacturers Leoni AG publicly confessed that it had fallen victim to a classic CEO Fraud attack that has cost the company a whopping ...

Security Awareness Training Blog

View Topics

Search Our Blog

Subscribe To Our Blog

Posts By Topic

Get the latest about social engineering

Subscribe to CyberheistNews

Get the latest about social engineering

Subscribe to CyberheistNews