Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

SEC Fines Publicly Traded Company $2.125 Million For Negligence Before, During, and After a Ransomware Attack

According to the filing, the organization in question failed to devise controls to adequately detect, respond to, and disclose an attack that included data exfiltration and service ...
Continue Reading

Espionage-Intent Threat Groups Are Now Using Ransomware as a Diversion Tactic in Cyberattacks

A new report focused on cyber espionage actors targeting government and critical infrastructure sectors highlights the strategic use of ransomware for distraction or misattribution.
Continue Reading

IRS Warns of Phishing Attacks Targeting Car Dealerships

The US Internal Revenue Service (IRS) has issued an advisory warning of phishing campaigns targeting car dealerships. The IRS says car dealers should be on the lookout for targeted ...
Continue Reading

From Reactive to Proactive: Cyber Insurance is Driving Optimal Security Investments for Organizations

New data shows that only 3 percent of organizations are solely relying on their current cyber defenses when adding on cyber insurance, indicating that organizations are beginning to ...
Continue Reading

Phishing Continues to Be the Primary Entry to Ransomware Attacks

Phishing remains a top initial access vector for ransomware actors, according to researchers at Cisco Talos. The threat actors often use phishing to steal legitimate credentials so they ...
Continue Reading

Crack the Code on Ransomware: Empowering Your Last Line of Defense

Cybercriminals are maximizing the potential damage to your organization to boost their profits. A staggering 91% of reported ransomware attacks included a data exfiltration effort. Now is ...
Continue Reading

[Warn Your Users] High Scam Risk After Failed Trump Assassination

Pictures of Donald Trump rushed from a campaign stage, his cheek brushed with blood from an assassination attempt, are an unsettling shock.
Continue Reading

Phishing Attacks Against State and Local Governments Are Surging

Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year.
Continue Reading

Ransomware Attacks on Healthcare Is Costing Lives

Ransomware is more prolific and expensive than ever. Depending on the source you read, the average or median ransomware payment was at least several hundred thousand dollars to well over ...
Continue Reading

Russian Spear Phishing Campaigns Target NATO Entities

Researchers at Mandiant (part of Google Cloud) warn that Russian government threat actors continue to target NATO member countries with spear phishing attacks. APT29 in particular has ...
Continue Reading

From Policy to Practice in Security Culture: What Security Frameworks Recommend

Recently I had to prepare for a governance, risk and compliance conference. I promptly realized that although I used to be quite immersed in this field as an ISO 27k implementation ...
Continue Reading

Dodgy New Phishing Platform Targets Microsoft 365 Accounts at Financial Firms

Analysis of the latest phishing-as-a-service (PhaaS) platform ONNX Store highlights just how successful these platforms can be.
Continue Reading

Amazon-Related Scams Spike Ahead of Prime Day

Researchers at Check Point observed more than a thousand newly registered malicious or suspicious web domains related to Amazon last month. The criminals are likely gearing up to target ...
Continue Reading

Phishing Attacks Target High Profile YouTube Accounts

Researchers at ESET warn of phishing attacks that are attempting to hack high-profile YouTube channels in order to spread scams or malware.
Continue Reading

The Importance of Security Culture: When Telecom Giants Resort to Malware

I recently read a story about a South Korean telecom company that pushed out malware to over 600,000 of its customers who were using torrents to share files, in a bid to limit their ...
Continue Reading

Travelers Beware: Booking.com Warns of Increases in AI-Enabled Travel Scams

In an interview at the Collision technology conference in Toronto, Booking.com’s CISO sounds the alarm on what she calls “supercharged artificial intelligence (AI) scams.”
Continue Reading

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Continue Reading

State-Sponsored Phishing Campaigns Target 40,000 VIP Individuals

Researchers at Menlo Security discovered three state-sponsored phishing campaigns that have targeted 40,000 important individuals over the past three months. “In a recent 90-day period, ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews