Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

Phishing Attacks Significantly Increase in Singapore During COVID-19 Pandemic

The number of phishing attacks in Singapore to give up personal information has almost tripled in the last year and doubled during the COVID-19 pandemic, according to the Cybersecurity ...
Continue Reading

Work From Home in America Sets Major Target for Russian Hackers

A Russian ransomware group named "Evil Corp" who was indicted by the Justice Department in December is now targeting employees working from home during the COVID-19 pandemic and ...
Continue Reading

[Heads Up] A New Devilish Malware Worm Called Lucifer Is Targeting Your Windows Workstations

Palo Alto Networks’ Unit 42 Security experts have identified a malware worm called Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service (DDoS) ...
Continue Reading

New Training Modules Added on Data-Driven Defense

We have exciting news to share! Two new modules have been released about data-driven defense, both featuring Data-Driven Evangelist Roger Grimes.
Continue Reading

Survey Says...You've Been Pwned

Surveys are enticing, and so are survey scams. But they’re easy to recognize if you know what to look for, according to Paul Ducklin at Naked Security. Ducklin describes a typical survey ...
Continue Reading

‘New VPN Configuration’ Email Tricks Microsoft 365 Users Out of Credentials

Scammers are taking advantage of the prominent use of VPNs by remote workforces to send out this very topically relevant phishing email that just wants to steal your credentials.
Continue Reading

20% of Organizations Provided No Cybersecurity Guidance to Users Making the Shift to Working from Home

At a time when cyber risk is at its highest levels, new data shows how little organizations have done to ensure employees are prepared for cyber attack while working from home.
Continue Reading

Enterprises Experience Nearly Five Times as Many Mobile Phishing Attacks as Last Year

With every organization looking at protecting their corporate devices, the bad guys are increasingly setting their focus on one of the softest targets: the mobile device.
Continue Reading

New Ransomware Strain CryCryptor Targets Canada on COVID-19 Tracing App

There is a new ransomware strain that has been targeting specifically Android users in Canada, ESET reports. CryCryptor has distributed on two websites disguised as an official COVID-19 ...
Continue Reading

Phishing and Redirection

Researchers at Check Point have observed a phishing campaign that, to avoid detection, abused servers belonging to Adobe, Samsung, and the University of Oxford. The attackers used several ...
Continue Reading

[HEADS UP] Sodinokibi Ransomware Strain Learns New Trick

Already one of the most dangerous forms of ransomware, now Sodinokibi looks like it could also be attempting to make money from stolen payment information too.
Continue Reading

Slack Phishing

People need to be able to use their instincts in order to spot new phishing techniques, according to Ashley Graves, a Cloud Security Researcher at AT&T Alien Labs. On the CyberWire’s ...
Continue Reading

How to Combat the Fake News and Disinformation Being Used to Attack Your Organization

A global cold war is being fought in cyberspace, and IT pros like you are finding themselves in the trenches. With all of this going on, how can you equip your employees and protect your ...
Continue Reading

Pyongyang's Phishing with Job Offers

An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, ...
Continue Reading

Microsoft 365 to Provide Detonation Details About Malicious Email Content

In a step towards educating customers on why attachments and URLs are deemed “malicious”, Microsoft’s is set to augment its Advanced Threat Protection product in July.
Continue Reading

Microsoft Warns of New Java-Based “PonyFinal” Ransomware Used as Part of Human-Operated Attacks

Microsoft’s recent posts detailing a new Java attack that uses PowerShell and other legitimate tools to infect victims with ransomware sheds light on human-operated attacks.
Continue Reading

WARNING: The List of Ransomware-Turned-Data Breach Operators is Getting Long

Seeing a better opportunity to generate more “revenue” from their victims, the idea of ransomware also exfiltrating data to be used to extort the payment is gaining steam.
Continue Reading

[Heads Up] North Korean State Hackers Plan a June 21 COVID-19 Phishing Attack That Targets 5 Million in Six Nations

ZDNet reported: "Singapore, Japan, and the US are amongst six nations targeted in a COVID-19 themed phishing campaign that is reportedly scheduled for June 21, during which 8,000 ...
Continue Reading

[Heads Up] Australian Government and businesses hit by massive cyber attack from ‘sophisticated, state-based actor’

News.com.au reported that Australian Prime Minister Scott Morrison has "announced in an urgent press conference called this morning in Canberra, Mr Morrison said the ongoing, ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews