Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Business Email Compromise Attack Leads to Millions in Non-Profit Loss

A business email compromise attack at Illinois’s Office of the Special Deputy Receiver led to a loss of $6.85 million, Ray Long at the Chicago Tribune reports. Long describes the Office ...
Continue Reading

Ransomware Attacks Could Result in Higher Cybersecurity Stocks

Ransomware attacks have been dominant for hackers. And according to Investor's recent article, this means good news for cybersecurity stocks.
Continue Reading

Your KnowBe4 Fresh Content Updates from December 2021

Check out the 38 new pieces of training content added in December, alongside the always fresh content update highlights and new features.
Continue Reading

Hive Ransomware-as-a-Service Races to the Top as Affiliates Breach 350 Organizations in Just 4 Months

A mere blip on the ransomware radar a quarter ago, the massive onslaught of attacks using Hive Ransomware demonstrates how dangerous the “as-a-Service” model really is.
Continue Reading

Over 1200 Man-in-the-Middle Phishing Toolkits Designed to Intercept 2FA Found in the Wild

An academic partnership between Stony Brook University and Palo Alto Networks uncovered a massive use of tools that will steal authentication cookies mid-stream instead of credentials.
Continue Reading

121 Brands Impersonated in Massive 91-Country Survey-Turned-Fraud Scam

With an estimated take of over $80 million a month, this scam uses new evasive tactics designed to make detection and investigation of these attacks difficult at best.
Continue Reading

Obvious, but Probably Effective: Konni RAT Screensaver

A North Korean threat actor is targeting users in Russia with a New Year’s Eve-themed phony screensaver file, the Record reports. Researchers at Cluster25 spotted the activity, and say ...
Continue Reading

New York State Warns of Credential Stuffing

New York Attorney General Letitia James has released a guide to help businesses defend themselves against credential stuffing attacks. Credential stuffing is a type of brute-force attack ...
Continue Reading

Cryptocurrency Scam Profits Jump 81% in 2021 to $7.7 Billion

Despite a drop in crypto scams in 2020 due to the pandemic, a new report highlights the massive growth in crypto scams… and the profitable results they’re yielding.
Continue Reading

Reducing Stress with CBD Is the Latest Theming for Phishing Attacks

Spanning three languages and at least 15,000 unique phishing emails, this latest phishing campaign targets stressed out workers in the U.S. and France, avoiding detection and promising to ...
Continue Reading

Copyright Infringement Notice to Instagram Users Serves as Newest Phishbait

Scammers are sending phony accusations of copyright infringement to Instagram users in a new phishing attack, Paul Ducklin writes at Naked Security. The scammers are taking advantage of ...
Continue Reading

Shoulder Surfing is Still a Thing for Successful Social Engineering Attacks

Social engineering isn’t concerned with either novelty or elegance. All that matters is whether it works. ESET’s Jake Moore described a case in point for We Live Security: all someone ...
Continue Reading

2023 Resolution: "I'll Be A Certified Security Awareness and Culture Professional (SACP)™"

Your organization's cyber threat landscape is changing lightning fast. So, your security awareness skills need to stay razor sharp, and are increasingly viewed as critical to protect your ...
Continue Reading

Amazon Token Crypto “Presale” Scam Takes Advantage of News Hype and Steals Your Real Cryptocurrency

The growing interest in new cryptocurrencies and the potential to get in early on Amazon’s supposedly forthcoming crypto has scammers taking victims for thousands of dollars.
Continue Reading

New “Karakurt” Threat Group is Gaining Attention Through Multiple and Frequent Extortion Attacks

A new warning from Accenture Security highlights this new cybercriminal group making waves that focuses on a "data breach and extortion” MO rather than relying on ransomware.
Continue Reading

Omicron-Themed Phishing Campaign is Running Rampant

A mean-spirited phishing campaign is mocking victims after infecting their devices with Dridex malware, according to Lawrence Abrams at BleepingComputer.
Continue Reading

Organizations Worldwide Experience Over 722 Million Attacks in the Last 30 Days!

Analysis of data collected by Internet and security services vendor Akamai shows an unimaginable number of cyberattacks, demonstrating how frequently these attacks are happening.
Continue Reading

5 Notable Obscure Phishing Scams

I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews