Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Students Phished with Bogus Job Offers

A phishing campaign is targeting college students with phony part-time job opportunities, according to Jeremy Fuchs at Avanan. The emails purport to come from the colleges’ job placement ...
Continue Reading

Your KnowBe4 Fresh Content Updates from January 2023

Check out the 39 new pieces of training content added in January, alongside the always fresh content update highlights, events and new features.
Continue Reading

Yahoo Suddenly Rises in Popularity in Q4 to Become the Most Impersonated Brand in Phishing Attacks

Completely absent from the top 10 brands for more than two years, Yahoo’s impersonation may indicate that scammers are looking for new attack angles using lesser-used brands.
Continue Reading

Initial Access Brokers Leverage Legitimate Google Ads to Gain Malicious Access

A threat actor tracked as DEV-0569 appears to be using a combination of Google Ads and impersonated websites to compromise credentials and distribute malware to gain network access.
Continue Reading

BEC Group Launches Hundreds of Campaigns

A business email compromise (BEC) gang has launched more than 350 attacks against organizations in the US, according to researchers at Abnormal Security. The threat actor, which Abnormal ...
Continue Reading

KnowBe4 Wins Winter 2023 "Best of" Awards From TrustRadius in Multiple Categories

KnowBe4 is proud to be recognized by TrustRadius in the “Best Of” Awards for overall, best feature set, best relationship, and best value for price in the Security Awareness Training ...
Continue Reading

Artificial Intelligence, ChatGPT and Cybersecurity: A Match Made in Heaven or a Hack Waiting to Happen?

Artificial intelligence (AI) is no longer science fiction.
Continue Reading

Scammers Impersonate Financial Advisors Through Social Media Platforms

A large scam campaign is targeting users on LinkedIn and other social media platforms posing as financial advisors, according to researchers at DomainTools. The researchers explain that ...
Continue Reading

Travel-Themed Phishing Attacks Lure Victims with Promises of Free Tickets, Points, and Exclusive Deals

New analysis of December and January emails shows massive spikes in attacks aimed at stealing personal information and credit cards under the guise of once-in-a-lifetime travel deals.
Continue Reading

OneNote Attachments Used as Phish Hooks

Threat actors are using malicious attachments in OneNote in order to distribute malware, BleepingComputer reports. The attackers attach VBS files that instruct the user to double-click on ...
Continue Reading

Ransomware Targets are Getting Larger and Paying More as Fewer Victims Are Paying the Ransom

New data showcasing the state of ransomware shows that while organizations are likely getting better at recovery (and not paying the ransom), cybercriminals are shifting focus to ensure ...
Continue Reading

Microsoft OneNote Attachments Become the Latest Method to Spread Malware

With Microsoft disabling macros by default on Office documents, cybercriminals are left needing another means to launch malware that’s victim-supported by default.
Continue Reading

Russian and Iranian Spear Phishing Campaigns are Running Rampant in the UK

The UK’s National Cyber Security Centre (NCSC) has described two separate spear phishing campaigns launched by Russia’s SEABORGIUM threat actor and Iran’s TA453 (also known as Charming ...
Continue Reading

Alert: Refund Scam Targeting Federal Agencies via RMM Software

At least two federal civilian agencies were the unfortunate victims of a refund scam campaign, perpetrated through the use of remote monitoring and management (RMM) software. CISA, the ...
Continue Reading

Hacker's Movie Guide: The Complete List of Hacker and Cybersecurity Movies

Is alert fatigue getting to you? I found a guide that allows you some well-deserved personal downtime, and still has something to do with work so that you can justify getting away with ...
Continue Reading

Stu's Law: "You get the future you ignore"

I have read a lot of Sci-fi. Thousands of books actually. You can't help but start recognizing patterns of how the future might look like. Many Sci-fi books were made into movies. One of ...
Continue Reading

What is a Good Completion Percentage for Security and Compliance Training?

Completion percentages on compliance and security training campaigns have become a popular topic of discussion.
Continue Reading

How Does Quantum Impact Passwords?

Yeah, quantum computers are likely to be able to crack passwords from every angle.
Continue Reading

Do Not Get Fooled Twice: Mailchimp's Latest Breach Raises Alarm Bells – Protect Yourself Now!

For the second time in less than a year, Mailchimp has found itself in a precarious situation, having to admit that it has been breached. It appears that a social engineering attack ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews