Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

Retail is Unprepared for Social Engineering

Oct 4, 2018 6:50:15 AM By Stu Sjouwerman
The latest data from SecurityScorecard shows the retail industry’s security stance is at an all-time low, and is particularly susceptible to social engineering attacks. The retail ...
Continue Reading

Bleeding Edge Phishing Attack Uses Decoy PDF with Microsoft-issued SSL Cert

Oct 3, 2018 2:21:01 PM By Stu Sjouwerman
TL,DR: A recent phishing attack posing as a PDF decoy from a Denver law firm was stealing clients' Office 365 credentials. The phishing bait was hosted in Azure blob storage and contained ...
Continue Reading

Hackers: Social Engineering is Easier

Oct 2, 2018 5:15:41 PM By Stu Sjouwerman
Despite the presence of application and OS vulnerabilities – both new and old – hackers prefer to leverage social engineering as their preferred attack method.
Continue Reading

Worry About Phishing, Not Malware!

Oct 2, 2018 5:10:25 PM By Stu Sjouwerman
With so many security strategies revolving around the detection of malware, organizations forget the primary source of all their worries – phishing.
Continue Reading

CyberheistNews Vol 8 #39 [Heads-Up] Now in the Wild: New Super Evil Rootkit Survives Even "Nuke From Orbit" and HD Swap

Oct 1, 2018 9:57:27 AM By Stu Sjouwerman
Continue Reading

[Heads-up] Now In The Wild: New Super Evil Rootkit Survives Even "Nuke From Orbit" And HD Swap

Sep 30, 2018 7:56:38 AM By Stu Sjouwerman
This thing is a nightmare that escaped into daylight. The Russian GRU—aka Fancy Bear—probably was riveted reading the Wikileaks CIA Vault 7 UEFI Rootkit docs (PDF) and built one of these ...
Continue Reading

Kevin Mitnick weighs in on Facebook's big security breach

Sep 29, 2018 9:58:59 AM By Stu Sjouwerman
It was all over the news, and CNBC interviewed KnowBe4's very own Chief Hacking Officer Kevin Mitnick (note the StreetCred box on the right).
Continue Reading

[InfoGraphic] 20 Ways to Block Mobile Attacks

Sep 28, 2018 5:14:43 PM By Stu Sjouwerman
To start your National Cyber Security Awareness Month (NCSAM) here is a goodie for your users to kick things off.
Continue Reading

Targeted Attacks Replace Spam Campaigns

Sep 28, 2018 12:37:50 PM By Stu Sjouwerman
Spam campaigns are all but dead. But lucrative targeted low-risk, high-yield cyber-attacks have risen to take their place, according to the European Union law enforcement agency Europol.
Continue Reading

The Cybercrime Economy Makes It Impossible to Stop

Sep 28, 2018 12:33:29 PM By Stu Sjouwerman
The operation run by botnet author Peter Levashov demonstrates how easy it is for would-be criminals to get into the business.
Continue Reading

The Human Element is Essential to Safe Social Networking

Sep 28, 2018 10:04:10 AM By Stu Sjouwerman
This is common wisdom, but it bears repeating, because common wisdom is easily overlooked. People are often called an organization's greatest asset. They're also its greatest ...
Continue Reading

Holiday Threat No. 1: Evil Twin Domains With A "Trusted" SSL/TSL Certificate

Sep 27, 2018 11:38:19 AM By Stu Sjouwerman
As the holiday season approaches, cybercriminals are set to scam your users out of their personal money but also your organizational budget.
Continue Reading

Brand-New Tool: Domain Doppelgänger Identifies Evil Twin Domains

Sep 27, 2018 10:56:40 AM By Stu Sjouwerman
I gave you a heads-up a few days ago, and now I'm excited to announce the actual release of a new tool to help protect your organization from cybercriminals.
Continue Reading

The Lowly USB Drive Remains A Critical Cyberthreat

Sep 27, 2018 6:27:30 AM By Stu Sjouwerman
Curtin Franklin at Darkreading correctly observed: "USB thumb drives may be used less frequently than before, but they are still commonly used as infection vectors for a wide variety of ...
Continue Reading

Phone Scam Impersonates Sheriff’s Office Using Judge’s Name

Sep 26, 2018 5:42:04 PM By Stu Sjouwerman
The US Marshals Service has stated that a new phone scam is targeting residents of Marshall, Texas. The scammer claims to be from the local sheriff’s office and tells residents that the ...
Continue Reading

Ewww. Password managers can be tricked into believing that malicious Android apps are legitimate

Sep 26, 2018 1:56:02 PM By Stu Sjouwerman
Ewww. Something else to watch out for. Will it ever stop?. Ummm, no.
Continue Reading

Highly Targeted Email Attacks Are on the Rise!

Sep 26, 2018 11:36:52 AM By Stu Sjouwerman
New data shows a surge in attacks, what industries are targets, which users are at risk, and what you can expect to see in the future.
Continue Reading

As Predicted, Hurricane Florence Phishing Scams are Circulating

Sep 25, 2018 1:11:26 PM By Stu Sjouwerman
We’ve noted in other posts that events like natural disasters are inevitably used as phishbait by scammers. The Atlantic hurricane season, which breeds storms like the recent and very ...
Continue Reading

Adwind Trojan Uses Phishing To Circumvent Antivirus And Infect Workstations

Sep 25, 2018 7:25:20 AM By Stu Sjouwerman
Charlie Osborne reported at ZDNet that Adwind, a Remote Access Trojan (RAT) previously connected to attacks against industries worldwide, is back with a new toolkit designed to trick ...
Continue Reading

I Got Vished (and So Can Your Users)

Sep 25, 2018 7:01:18 AM By Stu Sjouwerman
Written by Guest Blogger Nick Cavalancia, Microsoft MVP Hear one cybersecurity expert’s experience of missing the signs and getting duped over the phone. If it can happen to him, it can ...
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews