Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

Chinese Antivirus Vendor Tied to Part of a Decade-Long Hacking Spree

Members of the hacking group “Apt41” were charged by the U.S. Department of Justice for hacking more than 100 victims globally with one of its members running AV vendor Anvisoft.
Continue Reading

Cyberattacks Targeting State and Local Government Increase by 50%

State, local, tribal, and territorial government agencies and municipalities are under attack. Observations and data from security vendor BlueVoyant highlight the attacks and the results.
Continue Reading

60% of the US Workforce Will Be Working Remotely by 2024 (and That’s a Problem)

The latest data from analyst firm IDC shows massive growth in the remote workforce in the coming years – something that puts organizations at greater risk for a cyberattack.
Continue Reading

Tribune Publishing apologizes for fake bonus offer in phishing-simulation email

Yesterday at the end of the day, I was called by our PR team who got alerted by tech support about a Twitter post that was going viral. Turns out a custom phishing test created by one of ...
Continue Reading

Abusing App Engine to Automate Phishing

Attackers can abuse a feature in Google App Engine to generate unlimited phishing URLs, BleepingComputer reports. Security researcher Marcel Afrahim found that App Engine URLs that ...
Continue Reading

Which Users in Your Organization Put You at Risk?

October is National Cybersecurity Awareness Month, so it's a perfect time to fortify your human firewall. Start by identifying which users may be putting your organization at risk before ...
Continue Reading

KnowBe4 Receives a 2020 Tech Cares Award

Sticking to our values continues to pay off, as we have recently received a Tech Cares award from TrustRadius. This is a brand-new award crafted to celebrate organizations that have ...
Continue Reading

Five Alarming Approaches to Extortion

People should familiarize themselves with common forms of extortion in order to avoid falling victim to these attacks, according to Amer Owaida at ESET. Ransomware might be the most ...
Continue Reading

Credential Stuffing to Stuff the Ballot Box

Advanced nation-state actors and petty criminals are both leveraging credential-stuffing attacks to hack into victims’ accounts, according to Byron Acohido, writing for Avast. Rather than ...
Continue Reading

The Critical Need to Improve Your Compliance Processes

You know that compliance is an important requirement but can also be time-consuming and fraught with risk. Still, most organizations have not implemented the processes and tools necessary ...
Continue Reading

Credential Stuffing Used Against Financial Services

A security alert from the FBI warns that hackers are launching credential-stuffing attacks against organizations in the financial sector, ZDNet reports.
Continue Reading

Your Organization Through the Eyes of an Attacker

The bad guys are out there, watching and waiting for an opportunity to strike. They are gathering information about your organization and users, devising the perfect plan to infiltrate ...
Continue Reading

[Announcement] KnowBe4 ModStore: New Series "Security Snapshots" from Twist & Shout

They've made you laugh. They've made you cry. You know and love them! Twist & Shout are here once again with a series of 12 stand-alone security micro-dramas! These Security Snapshots are ...
Continue Reading

Bitcoin Millionaire Loses $16 Million to a Compromised Wallet and Simple Social Engineering

This brief tale of misfortune shows how unpatched software and letting your guard down – especially when $16 million is on the line – can be all that’s needed for a successful scam.
Continue Reading

Joint Cybersecurity Advisory Outlines Approaches to Discovering and Remediating Attacks

This newly-released report is the result of a collaborative effort by cybersecurity authorities in Australia, Canada, New Zealand, the United Kingdom, and the United States.
Continue Reading

Crowdstrike: "More Cyberattacks in the First Half of 2020 Than in All of 2019"

According to a recent study conducted by cybersecurity firm CrowdStrike, recent threat activity throughout its customers’ networks has shown more intrusion attempts within the first half ...
Continue Reading

When Phishing And Disinformation Meet

The Insider reported that QAnon is co-opting a USPS phishing scam, and claim the Vishing text messages are linked to human trafficking. "A viral [text] phishing scheme is targeting people ...
Continue Reading

How to Become a Harder Target From Malicious Threat Actors

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding threat actors associated with China’s Ministry of State ...
Continue Reading

[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster With PhishRIP

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews