Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Interested in cybersecurity law and policy?

Check out “Caveat,” the CyberWire's newest weekly podcast addressing cybersecurity law and policy, with a particular focus on surveillance and digital privacy. This podcast is hosted by ...
Continue Reading

Half of M&A Cyber Audits Uncover Undisclosed Breaches That Derail Deals

Cybersecurity diligence performed prior to a merger or acquisition often uncovers weaknesses in an organization’s security stance, which can spell doom for the company being purchased and ...
Continue Reading

SIM Card Attack May Affect Over 1 Billion Mobile Phones Worldwide

Using SMS messaging, attackers can use phishing tactics to hijack mobile devices using a legacy piece of SIM code, called the S@T Browser, to execute commands as part of a more ...
Continue Reading

The Bad Guys Have a New Favorite Online Service to Exploit (And It May Be One You Never Heard Of)

Over the past few years malicious actors have apparently decided that the future of phishing lies in exploiting trusted online services. Your users have undoubtedly seen the upshot of ...
Continue Reading

Don't Leave Your Users At Risk For Holiday Scams. Get Your Free Resource Kit From KnowBe4!

With users focused on holiday activities, cybercriminals take advantage of lowered defenses and holiday distractions to scam users into becoming victims. Phishing emails about shipping ...
Continue Reading

PayPal Becomes the Most Popular Phishbait

Vade Secure has found that PayPal is now the most impersonated brand in phishing attacks, surpassing Microsoft for the first time, Help Net Security reports. Vade detected 16,547 unique ...
Continue Reading

Your CEO's Email May Be Hacked And You Don't Even Know It

Hackers focused on CEO fraud (or Business Email Compromise - BEC) attacks often go to great lengths to hide the fact they have access to your CEO’s mailbox as part of a larger scam.
Continue Reading

Instagram Copyright Infringement is the Latest Phishing Scam Targeting Social Media

Focused on compromising social media credentials, scammers trick Instagram users into giving up credentials and other personally identifiable information with convincing phishing emails.
Continue Reading

Bogus eCommerce Sites Spinning Up for Holidays

The number of potential e-commerce phishing domains registered in the first nine months of 2019 is more than six times the amount registered during the same period in 2016, a report from ...
Continue Reading

Reuters: "Hackers hit UK political parties with back-to-back cyberattacks"

LONDON (Reuters) - Hackers hit Britain’s two main political parties with back-to-back cyberattacks on Tuesday, sources told Reuters, attempting to force political websites offline with a ...
Continue Reading

Mexican Oil Company Pemex Dodges $5M Ransomware Bullet

Mexican state-owned oil company Petróleos Mexicanos (Pemex) on Sunday suffered a ransomware attack that took down parts of its network.
Continue Reading

[Heads Up] This New, Unusual Ransomware Strain Goes Exclusively After Servers

Danny Palmer at ZDnet alerted on the following: "An unconventional form of ransomware is being deployed in targeted attacks against enterprise servers – and it appears to have links to ...
Continue Reading

Third Party Phishing: The New Spear-Phishing Attacks That Traditional Defenses Just Don't Stop

Joe in accounting is pretty cyber-savvy. He doesn’t fall for basic phishing emails with masked URLs or phony password reset requests. But what happens when Joe gets an email from a ...
Continue Reading

LIVE DEMO: Identify & Respond to Email Threats Faster with PhishER

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!
Continue Reading

TrickBot Malware Uses Highly Personalized Fake Sexual Harassment Complaints as Phishing Bait

Fake sexual harassment complaints appearing to come from the U.S. Equal Employment Opportunity Commission (EEOC) are the latest baits used by attackers to disseminate TrickBot banking ...
Continue Reading

People Need to Work Together to Spot Con Artists

It might not be possible to resist a good con artist, according to award-winning author, journalist, and champion poker player Maria Konnikova. On the CyberWire’s Hacking Humans podcast, ...
Continue Reading

Phishing Resistance for Charities

81% of charities say they’ve been targeted by a phishing attack this year, according to Ed Macnair, writing for UK Fundraising. Meanwhile, only 37% of charities think their IT and ...
Continue Reading

Mac users warned that disabling all Office macros doesn’t actually disable all Office macros

Graham Cluley warned: "It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in ...
Continue Reading

Lower Your Business Risk with Best Practice Data Privacy Impact Assessments (DPIA's)

Whether you're creating a new product, going through a merger & acquisitions, or significantly changing a process in your organization, new processing activities can present high risk to ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews