Abusing App Engine to Automate Phishing

Sep 24, 2020 8:30:09 AM By Stu Sjouwerman

Attackers can abuse a feature in Google App Engine to generate unlimited phishing URLs, BleepingComputer reports. Security researcher Marcel Afrahim found that App Engine URLs that ...

Which Users in Your Organization Put You at Risk?

Sep 24, 2020 7:00:00 AM By Stu Sjouwerman

October is National Cybersecurity Awareness Month, so it's a perfect time to fortify your human firewall. Start by identifying which users may be putting your organization at risk before ...

KnowBe4 Receives a 2020 Tech Cares Award

Sep 23, 2020 11:24:32 AM By Stu Sjouwerman

Sticking to our values continues to pay off, as we have recently received a Tech Cares award from TrustRadius. This is a brand-new award crafted to celebrate organizations that have ...

Five Alarming Approaches to Extortion

Sep 23, 2020 8:30:10 AM By Stu Sjouwerman

People should familiarize themselves with common forms of extortion in order to avoid falling victim to these attacks, according to Amer Owaida at ESET. Ransomware might be the most ...

Credential Stuffing to Stuff the Ballot Box

Sep 22, 2020 10:20:17 AM By Stu Sjouwerman

Advanced nation-state actors and petty criminals are both leveraging credential-stuffing attacks to hack into victims’ accounts, according to Byron Acohido, writing for Avast. Rather than ...

CyberheistNews Vol 10 #39 CrowdStrike: "More Cyberattacks in the First Half of 2020 Than in All of 2019"

Sep 22, 2020 9:29:36 AM By Stu Sjouwerman

Credential Stuffing Used Against Financial Services

Sep 21, 2020 8:27:15 AM By Stu Sjouwerman

A security alert from the FBI warns that hackers are launching credential-stuffing attacks against organizations in the financial sector, ZDNet reports.

[On-Demand] Your Organization Through the Eyes of an Attacker

Sep 21, 2020 7:00:00 AM By Stu Sjouwerman

The bad guys are out there, watching and waiting for an opportunity to strike. They are gathering information about your organization and users, devising the perfect plan to infiltrate ...

[Announcement] KnowBe4 ModStore: New Series "Security Snapshots" from Twist & Shout

Sep 19, 2020 9:58:36 AM By Stu Sjouwerman

They've made you laugh. They've made you cry. You know and love them! Twist & Shout are here once again with a series of 12 stand-alone security micro-dramas! These Security Snapshots ...

Bitcoin Millionaire Loses $16 Million to a Compromised Wallet and Simple Social Engineering

Sep 18, 2020 7:01:00 AM By Stu Sjouwerman

This brief tale of misfortune shows how unpatched software and letting your guard down – especially when $16 million is on the line – can be all that’s needed for a successful scam.

Joint Cybersecurity Advisory Outlines Approaches to Discovering and Remediating Attacks

Sep 18, 2020 7:00:00 AM By Stu Sjouwerman

This newly-released report is the result of a collaborative effort by cybersecurity authorities in Australia, Canada, New Zealand, the United Kingdom, and the United States.

Beware of Fake Forwarded Phishes

Sep 17, 2020 3:29:13 PM By Roger Grimes

There are many specific, heightened challenges of spear phishing emails coming from compromised, trusted third parties. Trusted third-party phishing emails usually come from the ...

Crowdstrike: "More Cyberattacks in the First Half of 2020 Than in All of 2019"

Sep 16, 2020 10:26:18 AM By Stu Sjouwerman

According to a recent study conducted by cybersecurity firm CrowdStrike, recent threat activity throughout its customers’ networks has shown more intrusion attempts within the first half ...

When Phishing And Disinformation Meet

Sep 16, 2020 8:49:42 AM By Stu Sjouwerman

The Insider reported that QAnon is co-opting a USPS phishing scam, and claim the Vishing text messages are linked to human trafficking. "A viral [text] phishing scheme is targeting people ...

How to Become a Harder Target From Malicious Threat Actors

Sep 16, 2020 8:30:35 AM By Stu Sjouwerman

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding threat actors associated with China’s Ministry of State ...

CyberheistNews Vol 10 #38 [Heads Up] My Name Is Being Used in Criminal Identity Theft Attacks at the Moment

Sep 15, 2020 9:29:26 AM By Stu Sjouwerman

Security Awareness Advocate Kai Roer Discusses the 2020 Security Culture Report

Sep 15, 2020 8:53:38 AM By Stu Sjouwerman

Our security awareness advocate Kai Roer recently did an interview with Cybercrime Magazine. Kai discusses the history of CLTRe (now KnowBe4 Research) and his background on security ...

High-Profile Caper Spawns Phishing Campaign

Sep 15, 2020 8:31:04 AM By Stu Sjouwerman

A phishing campaign is using the recent Twitter hack as phishbait, HackRead reports. In mid-July, hackers used social engineering against Twitter employees to gain access to more than a ...

Funds Transfer Fraud Has Increased 35% Since the Onset of COVID-19

Sep 14, 2020 10:49:30 AM By Stu Sjouwerman

With reported losses from thousands of dollars to well over $1 million, funds transfer fraud represents 27% of cyber insurance claims in 2020.

Business Email Compromise attacks increase 67% Leading to Fraud, Ransomware, and Data Breaches

Sep 14, 2020 10:34:13 AM By Stu Sjouwerman

Involved in 60% of cybersecurity insurance claims, Business Email Compromise (BEC) is growing in interest by cybercriminals as the initial malicious action as part of a larger attack.

Security Awareness Training Blog

View Topics