Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

Wedbush Analyst: "Cybersecurity spending will increase 20% in 2021 Due To SolarWinds."

Wedbush senior tech analyst Dan Ives says cybersecurity spending will increase by 20% in 2021 as more companies ramp up protection following the SolarWinds hack that compromised state ...
Continue Reading

[HACK ALERT] Here Is A Whole New Way Cyber Criminals Empty Out Your Bank Account

Researchers at IBM discovered a brand new type of massive banking fraud campaign that raked in millions of dollars over the course of a few days before it was put to a stop.
Continue Reading

Eye-Opening Password Predictions: Remote Work Will Increase Risk for Data Breaches

Ponemon's State of Password and Authentication Security Behaviors Report analyzes password and security behaviors over time with similar trends. We wanted to deep dive into the reports of ...
Continue Reading

No, it's not You in the Facebook Video... it's a Phishing Link

Scammers are using compromised Facebook accounts to circulate phishing attack to the hacked accounts’ friends, according to Paul Ducklin at Naked Security. The links are sent via Facebook ...
Continue Reading

KnowBe4 is not a SolarWinds Orion Customer

More and more companies are putting out press releases that they have found malware in their networks because of the recent SolarWinds supply chain attack.  Just today Microsoft admitted ...
Continue Reading

MountLocker Ransomware Provides a Glimpse into What’s Next in Ransomware-as-a-Service

This family of ransomware is growing in popularity with affiliates, providing them with two attack variants and appears to be establishing a new “as-a-service” business model.
Continue Reading

Beware! The Holidays Bring the Worst Out in Cyber Scammers

With emotions running high, time running out to get that last needed gift, and a returned focus on family and what’s truly important, scammers are taking advantage at every turn.
Continue Reading

New Office 365 Credential Scam Uses a Received Fax to Trick Victims

A clever mix of brand impersonation, a supposedly received message, a thumbnail preview, and new spoofed Office 365 logon pages are all that’s needed to trick victims into giving up ...
Continue Reading

The Cost of Ransoms Demanded and Paid Double in 2020!

According to new data from UK cyber insurer Beazley shows ransomware claims have increased materially and calls for organizations to employ a layered cyber defense.
Continue Reading

Over Half of Users Admit to Reusing the Same Password on Multiple Accounts

New data reported earlier this year by Security Magazine shared a report from Secure OAuth that 53% of users reuse the same passwords on multiple accounts. Among those 44% admit to using ...
Continue Reading

A Christmas poem to remind everyone to stay safe for the Holidays!

KnowBe4 customer , Eric McManis from Armellini Logistics Corporation sent us a Christmas poem that he sent out to his organization to remind everyone to stay safe for the Holidays!  I ...
Continue Reading

[NEW PhishER Feature] Use Security Roles to Create a Multi-Tiered Incident Response System in PhishER

You asked, we listened! We're excited to introduce the new Security Roles feature within your PhishER platform! You now have the ability to create different user roles for your security ...
Continue Reading

[INFOGRAPHIC] 2020 Holiday Phishing Red Flags

Phishing attacks are definitely not slowing down this holiday season.  According to Check Point, the first half of November showed an 80% increase in phishing campaigns relating to sales ...
Continue Reading

Learning More on Social Engineering Tactics are the Key to Preventing Phishing Expeditions

Understanding social engineering attacks is the key to thwarting them, according to Juan Badell and Russell Petrich, content designers for Sophos’s phishing simulation service. Badell and ...
Continue Reading

University-themed Phishbait Angles for Students

Researchers at Zix have observed phishing emails sent from legitimate but compromised university email accounts, impersonating the university’s IT department. The emails notified users ...
Continue Reading

Facebook Describes APT32 Social Engineering Campaign

Facebook’s security team has taken action against a phishing operation run by APT32 (also known as OceanLotus), a threat actor associated with the Vietnamese government. Facebook says the ...
Continue Reading

New Security Doc For Your End-users: "The Iceberg"

Did you see our new "tip of the iceberg" security doc? Send this Public Service Announcement to your end-users. It is a great piece that was created based on the focus group feedback - ...
Continue Reading

[HEADS UP] New York DMV Warns of Phishing Attack

According to the Press Republican, the New York State Department of Motor Vehicles warned New Yorkers last Friday of ongoing SMS phishing (aka smishing) attack.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews