Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks..

A Majority of Cyberattacks Use Lateral Movement and “Living Off the Land”

The latest from Carbon Black’s 2019 Global Threat Report shows cybercriminals are intent to move from endpoint to endpoint and avoid detection using built-in tools.
Continue Reading

A Hacker’s Dream: Half of IT Admins Reuse Passwords Across Multiple Accounts

The most recent report from Ponemon shows how IT’s lack of password management is wildly misaligned with the organizations supposed concern for protecting data.
Continue Reading

Social Engineering Comes to Wikipedia

Attackers are selectively editing Wikipedia articles to lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the ...
Continue Reading

New Report Outlines “Bashe” Ransomware Global Infection Scenario Outcomes, including up to $193 Billion in Damages

With the potential for a single coordinated cyberattack aimed at holding the world hostage and putting losses on a global scale, a new report models what it would look like.
Continue Reading

Organizations Routinely Phish Their Own Employees to Test Their Systems for Human Vulnerability

As compliance mandates and consumer privacy laws get tougher, businesses are taking matters into their own hands, launching internal phishing attacks to identify at-risk users. 
Continue Reading

Here is the Phish-prone percentage that a customer sent us today

"We’ve had great success with the KnowBe4 solution.  I think the key differentiator for KnowBe4 is the integration of the simulated phishing and analytics in conjunction with the ...
Continue Reading

Today I was attacked through an existing vendor using a real email thread

We have been dealing with a vendor of ours for on-hold messages for many years. I send them a Word file with the hold messages, their studio records them, and they send us a wave file ...
Continue Reading

Sextortion Phishing Scam Exploits Recent Breach Fears

Sextortion scam emails are circulating which claim that a popular adult site has been hacked, allowing an attacker to record videos of users through their webcams, according to Lawrence ...
Continue Reading

Voicemail Phishing Email Scams are Targeting User Passwords

A devilishly ingenious scam plays on your user’s familiarity with business voicemail, seeking to compromise online credentials without raising concerns.
Continue Reading

Ransomware Attacks Cost Organizations an Average of $55K in Q4 2018

The latest report from Ransomware response vendor Coveware shows a shift towards larger organizations, bigger ransoms, and a focus on disabling recovery.
Continue Reading

This password-stealing phishing attack comes disguised as a fake meeting request from the boss

Danny Palmer at ZDNet reported: "A widespread phishing campaign is targeting executives across a number of industries with messages asking to reschedule a board meeting in an effort to ...
Continue Reading

KnowBe4 Fresh Content & Feature Updates - January 2019

Here's a few important updates to share with you for the month of January!
Continue Reading

[New Phishing Template] See The Big Game SnoozeFest Highlights In 5 Minutes

Here is a template that you can use to test your users and see if they will click on a Big Game related phishing attack. There are bad guys out there trying several scams to entice ...
Continue Reading

WorldWide Threat Assessments of the US Intelligence Community: CYBER

Daniel R. Coats, Director of National Intelligence reported on Threats to US national security on January 29, 2019. He gave big picture, geo-politics data and had a few paragraphs ...
Continue Reading

[Brilliant New Social Engineering Phish] "Please Docusign: Funding For Your Business"

A friend was sent this email and he forwarded it to me. It's a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection ...
Continue Reading

"Hacking Humans" Is The No. 1 Podcast Covering Social Engineering!

Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on ...
Continue Reading

KnowBe4 ModStore Release Announcement: 8 new courses from Syntrio

We are pleased to announce the latest ModStore publisher, Syntrio with 8 new modules live already and 17 more to come in the coming weeks. 
Continue Reading

Scam Of The Week: CEO Fraud bad guys are now bribing your users

Today saw the arrival of yet another interesting variant of the gift card phishing campaigns that have grown into a deluge over the past few months (see below). Today's email demonstrates ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews