Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    CyberheistNews Vol 4, # 03

    CyberheistNews Vol 4, # 03
    KnowBe4
    Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
    Facebook LinkedIn Blog Twitter YouTube YouTube
     

    CyberheistNews Vol 4, 03

    Editor's Corner

    KnowBe4

    Scam Of The Week: "Free Credit Monitoring Service"

    Ever heard the word "chutzpah?" It means shameless audacity or impudence.

    First hackers break into Target, Neiman Marcus, and some other major brand retailers still to be revealed. Then during the holiday season, using specialized point-of-sale malware, they steal the credit card data of more than 100 million people in the U.S.

    Now, to add insult to injury, they send phishing attacks leveraging these data breaches as social engineering to make employees worried and click on malicious links. One of the standard responses of retailers after a data breach is that they provide everyone with free credit monitoring service. And you guessed it. There are now (and will be during the next few months) phishing scams that claim an employee's credit card was compromised, that they now run the risk of unauthorized charges and identity theft, and that they need to subscribe to their free credit monitoring service by clicking on "this link".

    Please warn your employees that any email about recent credit card data breaches containing any link or attachment is highly likely a scam, to "Think Before You Click", and delete those emails.

    PCI DSS v3.0 – What’s New? An Infographic…

    Last month, the PCI Security Standards Council (PCI SSC) officially released the v3.0 compliance standards, but it will take some time before everyone involved (merchants, service providers and auditors) will have figured out how the new mandates will impact their organization.

    The effective date of the v3.0 standard was January 1, 2014, but if you are compliant with v2.0, you will have a year to move to the new v3.0, and some of the changes will be a "best practice" for 6 more months until they become requirements June 1, 2015.

    What gives PCI DSS more impact than most other regulations is that it concerns almost everyone. The levels of compliance vary based on the scope and size of each merchant. So what is new in v3.0 of PCI DSS? Read the rest of this article at the KnowBe4 Blog, where you will also find the Infographic:
    http://blog.knowbe4.com/bid/370130/PCI-DSS-3-0-What-s-New-An-Infographic

    Quotes of the Week

    "It’s your place in the world; it’s your life. Go on and do all you can with it, and make it the life you want to live." - Mae Jemison - Physician and Astronaut

    "I feel that there is nothing more truly artistic than to love people." - Vincent Van Gogh

    Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
    you can do that right here
    Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
    Facebook LinkedIn Blog Twitter YouTube YouTube
    KnowBe4

    Are Your Email Addresses On A Russian Phishing Site?

    We are finding many U.S. commercial email addresses at a Russian phishing website. It is really a 'staging' area for emails to be posted by the criminal underground. Sadly, Google indexes this site and it makes for easy searching. Unfortunately there is nothing you can do to get emails taken down from this site, but you should be aware of what is out there.

    The (free) KnowBe4 Email Exposure Check (EEC) helps to give you a better understanding of your security posture in regards to exposed email addresses on the Internet. Call it your 'email attack surface'. The emails on this Russian site are more commonly spear-phished. You can use the EEC report to flag these email addresses so that you can better tune your spam traps and to monitor for email based attacks. And obviously you specifically need to give security awareness training to the employees with those exposed email addresses.

    Sign up for a one-time free Email Exposure Check here: http://info.knowbe4.com/free-email-exposure-check-14-01-21

    KnowBe4

    Who's To Blame For Security Problems? Surveys Say, EVERYONE

    Last week a cluster of surveys were released, showing some contrasting views of the main sources of IT security risk, and some revealing overlaps. The studies all asked professional IT workers what their main worry points were, and who they thought were the main causes of security incidents in their organizations.

    Here is a short summary of the data, and a link to the Sophos Blog with more information and links to the surveys.

    The biggest study was conducted by forensics and risk management firm Stroz Friedberg. They covered businesses across the US, and found that most were pretty worried about cyber dangers. Their main highlight was the risky behavior of senior management.

    Stroz Friedberg research:
    - 87% of top management send work files to personal email or cloud accounts so they can work on them from home or the road
    - 58% have sent sensitive data to the wrong person
    - 50% admit taking company files or data with them when leaving a post
    - 60% gave their firm a "C" grade or worse when asked how well they were prepared to combat cyber threats.

    Osterman Research:
    - 74% said their company networks had been penetrated by malware introduced via surfing
    - 64% said their company networks had been penetrated by malware introduced via email

    SecureData research:
    - 60% of those questioned thought the biggest risk to their firm's security was simple employee carelessness
    - 44% saying the main responsibility for security decision-making rested on the shoulders of junior IT managers

    Full blog post at:
    http://nakedsecurity.sophos.com/2014/01/15/whos-to-blame-for-security-problems-surveys-say-everyone/

    KnowBe4

    Evolution of Cyber Attacks Infographic

    Found something interesting at Venafi's blog. They looked at hacking from the angle of attacks on keys and certificates, and they certainly have a good point.

    "16 years: from viruses, worms, DDoS, advanced persistent threats, to key and certificate-based attacks. It used to be that programmers created and launched annoying but mild virus and spam malware to show the world just how brilliant they were and to gain notoriety. Today, we live in a very different world where cyber threats and attacks are recognized as significant global, political and commercial challenges with serious financial and reputational consequences. Check out the full report, A Historical Overview of the Evolving Cyberattack Landscape to see how cyberwarfare and new attacks on trust have escalated over the last 16 years":
    http://www.venafi.com/blog/post/evolution-of-cyber-attacks-infographic

    KnowBe4

    Cyberheist 'FAVE' LINKS:

    * This Week's Links We Like. Tips, Hints And Fun Stuff.

    Samantha West, the robot telemarketer voice. This is fascinating:
    http://newsfeed.time.com/2013/12/17/robot-telemarketer-samantha-west/

    When a woman falls in love with her operating system, she thinks she's found the man of her dreams. But things turn out differently ...
    http://www.flixxy.com/him-short-film.htm

    While telling a story about his grandmother in a cafe, Criss continues to astound us with his amazing magic:
    http://www.flixxy.com/amazing-magic-trick-with-coffee-mug-criss-angel.htm?

    Honda's 'Hands' highlights all facets of Honda's universe from passenger cars to racecars, the HondaJet to leaf blowers, motorcycles, ATVs and even Asimo:
    http://www.flixxy.com/honda-hands-lets-see-what-curiosity-can-do.htm

    In a world filled with war, the greatest weapon is love:
    http://www.flixxy.com/make-love-not-war.htm?

    The coming of age of the 'Internet Of Things' is a world in which everything from household gadgets to cars, clothes and pets are connected wirelessly to the web, and are chockful of vulnerabilities:
    http://www.flixxy.com/circle-story-the-internet-of-things-cisco.htm?

    An amazing relationship between polar bears and Eskimo dogs. One of the best animal video clips:
    http://www.flixxy.com/polar-bears-eskimo-dogs.htm

    The Best PCs You Can Build for $300, $600, and $1200. I really like this:
    http://lifehacker.com/5840963/the-best-pcs-you-can-build-for-600-and-1200

    French filmmaker Claude Friese-Greene traveled throughout Great Britain and London in 1923 with his new color camera. In 2013 Simon Smith followed on his footsteps filming the scenery from the same vantage point to show how much (or how little) London has changed:
    http://www.flixxy.com/london-1927-vs-2013.htm

    Who wouldn't want to slip into Iron Man's armor or try out the gigantic Jaegers that saved the world in the movie Pacific Rim?: Here's a start:
    http://www.gizmag.com/prosthesis-human-piloted-racing-robot/30501/

    		  
    KnowBe4
    Facebook LinkedIn Blog Twitter YouTube YouTube

     

    Return To KnowBe4 Security Blog
    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews