Like Twitter, MFA Will Not Save You!

Jul 16, 2020 1:24:50 PM By Roger Grimes

I’m sure we are all interested in the latest Twitter hack. As the author of the soon to be released Wiley book called Hacking Multifactor Authentication, I have to laugh at the “experts” ...

Microsoft Warns of Application-based Phishing

Jul 16, 2020 8:38:51 AM By Stu Sjouwerman

Microsoft has issued an advisory warning about “consent phishing,” or application-based phishing attacks that rely on users granting permissions to malicious apps. These attacks aren’t as ...

[Heads Up] Twitter Employees Fall For Social Engineering Attack And The Bad Guys Get "God Mode"

Jul 16, 2020 8:00:27 AM By Stu Sjouwerman

A number of high-profile Twitter accounts were hacked including those of Elon Musk, Bill Gates, Kanye West, Joe Biden and Barack Obama. This is clearly the worst hacking incident in ...

SEC Issues Warning on Increased Ransomware Attacks

Jul 15, 2020 2:28:04 PM By Stu Sjouwerman

The Securities and Exchange Commission, through its Office of Compliance Inspections and Examinations (OCIE), issued a warning to advisors and broker-dealers to “immediately” review their ...

KnowBe4 Finds Coronavirus-Themed Phishing Spiked in Q2 2020 [INFOGRAPHIC]

Jul 15, 2020 12:35:08 PM By Stu Sjouwerman

The latest results of KnowBe4's quarterly top-clicked phishing email subjects are in. We report on three different categories: social media related subjects, general subjects, and 'in the ...

[ALERT] More Than 10% of Ransomware Attacks Now Involve Data Theft / Data Breach

Jul 15, 2020 11:04:52 AM By Stu Sjouwerman

Research into recent ransomware submissions from TripWire revealed that more than a tenth of crypto-malware infections now involve some element of data theft.

Scammers Impersonate Hospital Personnel

Jul 15, 2020 8:24:41 AM By Stu Sjouwerman

Scammers are seeking to obtain personal information by impersonating Canadian hospital staff over the phone, NEWS 1130 reports. Vancouver Coastal Health issued an alert in which the ...

The Bad News: Only 5% of Your Users Can Effectively Spot a Phishing Attack

Jul 14, 2020 5:02:14 PM By Stu Sjouwerman

A recent phishing quiz promoted to U.K. users to see if they could identify the phish revealed dismal results where nearly all users couldn’t tell the difference 100% of the time.

[Heads Up] Scam of The Week: Watch Out For This COVID Class Action Workplace Lawsuit

Jul 14, 2020 12:44:52 PM By Stu Sjouwerman

Major Law Firm Fisher Philips warned that COVID-19 workplace lawsuits are increasing exponentially. Of the 283 recent COVID-19 workplace lawsuits tracked, 122 of them, or 43%, were filed ...

CyberheistNews Vol 10 #29 [Heads Up] Microsoft Stops an O365 Phishing Campaign That Attacked CEOs in 60+ Countries

Jul 14, 2020 9:35:59 AM By Stu Sjouwerman

DMs Promise Enhanced Pictures, but Deliver Malicious Links

Jul 14, 2020 8:21:53 AM By Stu Sjouwerman

Scammers are sending phishing messages on Instagram telling users to check out some edited versions of their photos, according to John Finn at Screen Rant. Finn explains that the scammers ...

It’s Worse Than You Thought: Remote Employees Interaction with Unsafe Websites is Up 50%

Jul 13, 2020 2:08:55 PM By Stu Sjouwerman

New data shows just how frequently remote users are accessing risky web content that would normally be blocked by firewalls and other network monitoring solutions.

Monkeying Around for Office 365 Credentials

Jul 13, 2020 10:40:38 AM By Stu Sjouwerman

Criminals are abusing SurveyMonkey to host redirect links to an Office 365 phishing page, researchers at Abnormal Security have found. The emails contain links to a real SurveyMonkey ...

6000% Increase in Phishing Attacks Leveraging COVID-19, Healthcare Industry Often The Target

Jul 13, 2020 10:12:40 AM By Stu Sjouwerman

On July 3rd just before the holiday weekend, Mount Auburn Hospital's IT team identified suspicious activity. Alarmed, they quickly took steps to disconnect the Cambridge hospital's ...

Ragnar Locker Ransomware Attacks Energy Company, Potentially Stealing 10TB in Data

Jul 13, 2020 7:03:00 AM By Stu Sjouwerman

In a letter to customers, EDP Renewables North America CEO acknowledges the attack occurred back in April of this year, but claims “no evidence” of data theft exists.

Thanos Ransomware Attacks Now Disable Backups, Avoid Detection, and Impersonate the OS

Jul 13, 2020 7:02:00 AM By Stu Sjouwerman

Recent updates to the well-known Ransomware-as-a-Service – including the addition of RIPlace – make Thanos a formidable challenge for even well-secured organizations.

Vishing Attacks Yield Phone Fraud Take of Over $100 Million

Jul 13, 2020 7:01:00 AM By Stu Sjouwerman

While not a new tactic, vishing presents cybercriminals with an attack method that’s perfectly aligned with the pandemic shifts to remote workforces.

Ransomware Attacks on Manufacturing Yield an Average Payout of $271K

Jul 13, 2020 7:00:00 AM By Stu Sjouwerman

New data shows just how much major industries are paying out to remediate successful ransomware attacks, despite guidance to never pay the ransom.

[HEADS UP] Office 365 Phishing Attacks Now Use Fake Zoom Suspension Alerts

Jul 9, 2020 1:33:56 PM By Stu Sjouwerman

Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been ...

Back-to-School: a Buzzkill in More Ways than One

Jul 9, 2020 9:01:39 AM By Stu Sjouwerman

40% of the top twenty universities in the US aren’t using DMARC to mitigate phishing attacks that impersonate the universities’ domains, according to researchers at Tessian. Additionally, ...

Security Awareness Training Blog

View Topics