Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

[HEADS UP] 2021 Tokyo Olympics Mean Olympic-Themed Phishing Attacks

Last year, we reported that authorities warned of the Tokyo Olympics phishing attacks. Then the global pandemic occurred, and the games were postponed. Well, now the games have ...
Continue Reading

Mint Mobile, Porting Numbers, and Identity Theft

US telecommunications company Mint Mobile warned some users that their phone numbers had temporarily been ported to another carrier by an unauthorized individual, which allowed the ...
Continue Reading

Microsoft Continues to be the Top Impersonated Brand in Phishing Attacks

New data from CheckPoint identifies those brands being used by threat actors to trick victims into opening attachments, clicking links, providing credentials, and giving up personal ...
Continue Reading

The Cost and Impact of Cybercrime Can Now Be Measured in a Single Minute

With the number of threat actors growing rapidly, along with an increased frequency of attacks, RiskIQ has put together a sobering perspective of how cybercrime impacts us in just 60 ...
Continue Reading

[INFOGRAPHIC] New Report Shows Users Are Falling for Security and HR-Related Phishing Attacks

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...
Continue Reading

New LuminousMoth APT Takes a Double-Infection Vector Approach to Attacks

Spotted by security researchers at Kaspersky Labs, this large-scale yet extremely targeted campaign of attacks focuses on government organizations within Southeast Asia.
Continue Reading

Nearly Every Organization Has Had an Insider-Caused Data Breach in the Last Year

Whether it’s from an accidental leak of data or falling victim to a phishing attack, new data from email security vendor Egress puts the insider’s role in breaches into critical ...
Continue Reading

Facebook Disrupts Iranian Social Engineering Operation

Facebook has taken down an operation by Iranian hackers targeting military, defense, and aerospace entities, particularly focused on the US.
Continue Reading

[On-Demand Webinar] 2021 Phishing By Industry Benchmarking Report

As a security leader, you have a lot on your plate. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up. IT security seems to ...
Continue Reading

KnowBe4 Receives Four ISO Certifications From ISOQAR, A Certifying Organization

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, announced that it has received four certifications – ISO 27001:2013, ISO ...
Continue Reading

84% of Organizations Experienced Ransomware and Phishing-Related Security Events in the Last 12 Months

New research from Trend Micro and Osterman Research highlights where organizations are strongest and weakest at stopping phishing attacks resulting in ransomware.
Continue Reading

CISA Publishes Darkside Malware Analysis Report and Updated Best Practice Guidance Against Ransomware

New details provide valuable insight into exactly how Darkside works to compromise and encrypt systems, with valuable guidance to avoid becoming a victim of ransomware.
Continue Reading

Cryptocurrencies and Email Extortion Trends

Researchers at GreatHorn have found that 98.7% of extortion emails ask for payment in Bitcoin. Most of these emails aren’t targeted, but enough people will likely fall for them that the ...
Continue Reading

Phishing Campaign Uses Novel Technique to Deliver Malware

Researchers at McAfee warn that a phishing campaign is delivering malware via Word documents that don’t contain any malicious code. When a user opens the document and enables content, the ...
Continue Reading

New York Department of Financial Services Issues New Guidance to Financial Services Orgs to Counter Ransomware

NYDFS offers up sound best practices in addition to their recently released Cyber Insurance Risk Framework based on recent attack investigations, finding repeated use of “the same handful ...
Continue Reading

Year-Long Phishing Campaign Targets Energy, Oil & Gas Companies Using Spoofed B2B Correspondence

Uncovered by the research team at cloud protection vendor Intezer, this new phishing campaign seeks to steal information and position each victim as the foothold to spear phish additional ...
Continue Reading

Spear Phishing Campaign Targets Energy Companies

Researchers at Intezer have spotted a phishing campaign that’s targeting energy companies in South Korea, the United States, the United Arab Emirates, and Germany. Most of the targets are ...
Continue Reading

Ransomware Attacks Put Singapore Organizations at Risk of Violation of the Personal Data Protection Act

A new court decision sets precedence for all Singapore organizations where ransomware attacks – even without data exfiltration – may be subject to financial noncompliance penalties.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews