Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

New Phishing Method Uses VNC to Bypass MFA Measures and Gives Cybercriminals Needed Access

Despite cloud vendors like Google detecting reverse proxies or man-in-the-middle (MiTM) attacks and halting logons to thwart malicious actions, a new method easily gains access.
Continue Reading

[Eye Opener] Ukraine Is Now Being Hit With 4 Different Strains Of Wiper Malware

Newly discovered data-destroying malware was found this week in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. "This new malware ...
Continue Reading

We Are In The First Open Source Intelligence War

I am a member of OODA loop. They are a great team that keeps me up to date about InfoSec issues. Their site always has interesting articles and this one certainly got my attention. The ...
Continue Reading

CyberheistNews Vol 12 #11 [Heads Up] FBI: Ransomware Gang Breached 52 U.S. Critical Infrastructure Orgs

[Heads Up] FBI: Ransomware Gang Breached 52 US Critical Infrastructure Orgs   Email not displaying? | View Knowbe4 Blog   CyberheistNews Vol 12 #11 |   Mar. 15th., 2022 [Heads Up] FBI: ...
Continue Reading

Shipping Fraud Rises Nearly 800% in 2021

Shipping fraud had a global increase of nearly 800% over the course of 2021, according to TransUnion’s 2022 Global Digital Fraud Trends Report. 
Continue Reading

Cybercrime-as-a-Service: Its Evolution and What You Can Do to Fight Back

The cybercrime market has skyrocketed in a frightening way. With threats such as ransomware to Business Email Compromise (BEC), the stakes are higher than ever for organizations across ...
Continue Reading

Social Engineering through Contact Form

Email is the familiar form of phishing, but there’s an ongoing criminal campaign that follows a different, arguably subtler avenue of approach: the corporate contact form. Abnormal ...
Continue Reading

Email-Based Vishing Attacks Skyrocket 554% as Phishing, Social Media, and Malware Attacks Are All on the Rise

A new analysis of attacks in 2021 shows massive increases across the board, painting a very concerning picture for 2022 cyberattacks of all types.
Continue Reading

“Warm Greetings” (or not) : Saudi Aramco Impersonation

Researchers at Malwarebytes warn of a phishing campaign that’s targeting the oil and gas industry by impersonating Saudi Aramco.
Continue Reading

Phishing and Scam Pages Increase by 153% as Cybercriminals Seek to Establish Credibility

As part of either impersonating known brands or simply leveraging credible cloud services, the use of a web page as part of an attack has become a staple for threat actors.
Continue Reading

Passwords are Reused 64% of the Time as the Number of Passwords to Remember Reaches Over 100

New data focusing on user cyber hygiene around password use shows users are repeatedly reusing passwords across multiple applications and environments, despite the rise in breaches.
Continue Reading

KnowBe4's Position On Recent Russian Aggression

The unprovoked attack on the Ukrainian people, and subsequent humanitarian crisis it has caused, is an unacceptable act of aggression by the Russian state.  While we do not currently ...
Continue Reading

Up and To the Right: Ransomware Attacks Grow by 105% in 2021

New data from Sonicwall shows the numbers of nearly every type of attack growing in 2021, with concerns by organizations about attacks and their aftermath at an all-time high.
Continue Reading

83% of all Successful Ransomware Attacks Featured Double and Triple Extortion

With 2021 being the “testing ground” for ransomware extortion, 2022 is showing signs of ransomware gangs settling in on proven extortion tactics to ensure payment.
Continue Reading

Social Engineering a Major Factor in Cyberattack on Camera Maker Axis Communications

As details of the February attack continue to be divulged, it becomes evident that cybercriminals were able to get past both users and security controls.
Continue Reading

Domains Associated with Phishing Directed Against Ukraine

Researchers from Secureworks’ Counter Threat Unit (CTU) are tracking phishing domains used by the “MOONSCAPE” threat actor to target users in Ukraine. The researchers note that Ukraine’s ...
Continue Reading

Phishing Impersonation and Attack Trends in 2021

Facebook overtook Microsoft as the most impersonated brand in phishing attacks last year, according to a new report from Vade Secure.
Continue Reading

CyberheistNews Vol 12 #10 [Heads Up] A New Phishing Attack Warns About A Suspicious Russian Login

[Heads Up] A New Phishing Attack Warns About A Suspicious Russian Login   Email not displaying? | View Knowbe4 Blog   CyberheistNews Vol 12 #10  |   Mar. 8th., 2022 [Heads Up] A New ...
Continue Reading

[World Premiere] KnowBe4’s New Season 4 of Netflix-Style Security Awareness Video Series - ‘The Inside Man’

We’re thrilled to announce the long-awaited fourth season of the award-winning KnowBe4 Original Series - ‘The Inside Man’ is now available in the KnowBe4 ModStore!
Continue Reading

FBI: Ransomware gang breached 52 US critical infrastructure orgs

The US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews