Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

New Phishing Campaign is Impersonating Zoom to Steal Credentials

A phishing campaign is impersonating Zoom in order to steal users’ Microsoft credentials, according to Lauryn Cash at Armorblox. The emails landed in about 10,000 inboxes, and targeted “a ...
Continue Reading

CyberheistNews Vol 12 #05 [Heads Up] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential

  CyberheistNews Vol 12 #05  |   Feb. 1st., 2022 [Heads Up] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential CNN just reported on a Jan 23 Intelligence Bulletin ...
Continue Reading

Increased “Shipping Delays” Now Served as Phishbait

Attackers are exploiting pandemic-related supply-chain disruptions to launch phishing campaigns, according to Troy Gill, senior manager of threat intelligence at Zix. In an article for ...
Continue Reading

KnowBe4 Continues to be One of Okta's Most Popular Apps in the 2021 Businesses at Work Report

We're pleased to announce that we have been featured in Okta's eighth edition of the "Business at Work" report. This report is an in-depth look into how organizations and people work ...
Continue Reading

[On-Demand Webinar] A Data-Driven Approach for Your Third-Party Risk Management Processes

As organizations have increased their scope of vendors and partners, they have also increased their digital risk surface and are facing new challenges regarding vendor risk management. By ...
Continue Reading

Microsoft Warns of Latest “Consent Phishing” Attack Intent on Reading Your Email

Rather than steal your user’s credentials, this latest attack takes the OAuth route to gain access to the victim’s mailbox. This gives cybercriminals continual access, regardless of ...
Continue Reading

Dark Web Service Sells Access to Compromised Accounts and Browser Sessions

When we hear about compromised credentials, there’s always the question of “How are they used post-compromise?” In one case, they are fully on display for sale to the highest bidder.
Continue Reading

Malicious Office Documents Jump to 37% of All Malware Downloads at the End of 2021

With the ubiquitous use of Microsoft Office today, it should come as no surprise that malicious macro-laden documents continue to reign, with PPT files delivering AgentTesla taking the ...
Continue Reading

[Heads Up!] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential

CNN just reported on a Jan 23 Intelligence Bulletin from the US Department of Homeland Security (DHS) that warned state and local governments and critical infrastructure operators about ...
Continue Reading

Ransomware Operators Try to Recruit Insiders

Sixty-five percent of organizations report that their employees have been contacted by ransomware attackers in an attempt to recruit insider threats, according to researchers at Pulse and ...
Continue Reading

Irish Teaching Council Fined €60,000 for Phishing-Induced Breach

Ireland’s Teaching Council has been fined €60,000 by the country’s Data Protection Commission (DPC) over a breach of nearly ten thousand teachers’ data, the Irish Examiner reports. An ...
Continue Reading

[New Benchmarking Feature] Compare Your Organization’s Security Culture with Other Organizations in Your Industry

We are excited to announce that the KnowBe4 Industry Benchmarking feature has been expanded to now include industry benchmark comparison data for KnowBe4’s Security Culture Survey (SCS).
Continue Reading

A Generational Divide Among Social Engineering Victims

Younger and older people differ in their susceptibility to different types of social engineering attacks, according to researchers at Avast. Younger people tend to fall for scams ...
Continue Reading

FBI: US Defense Industry Organizations Targeted with USB-Based Ransomware Attacks

Using mailed out “BadUSB” drives as the initial attack vector, cybercriminals are attempting to infiltrate sensitive networks and infect them with BlackMatter or REvil ransomware strains.
Continue Reading

New U.K. Vishing Scam Offers Significant Phone Plan Discounts in Exchange for your Phone Provider's One-Time Security Code

Scammers targeting customers of mobile carrier O2 are enticing victim engagement by offering discounts on their mobile plan as much as 40%.
Continue Reading

DHL is Now the Most Spoofed Brand in Phishing

International shipping company DHL was the most impersonated brand in phishing attacks during the fourth quarter of 2022, researchers at Check Point have found.
Continue Reading

Ransomware Attacks are Growing in Number, But Not in Sophistication

As organizations work to protect against the relentless series of ransomware attacks that have plagued businesses large and small, the methods of attack seem to be leveling out.
Continue Reading

Google Docs Comment Feature is the Key to a New Wave of Phishing Campaigns

Hackers take advantage of legitimate comment functionality as a way to look legitimate, reach the Inbox, and avoid detection, despite using malicious links for phishing attacks.
Continue Reading

Half of All Organizations Hit by Ransomware Experience Productivity Loss

According to new data, ransomware is expected to be a larger and more likely threat in the next year, making the impacts felt today very relevant as the impetus for improved cybersecurity.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews