Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

[dot]US Domain Exploited for Phishing

Sep 8, 2023 8:14:23 AM By Stu Sjouwerman
The Interisle Consulting Group has published a paper looking at the phishing landscape in 2023, KrebsOnSecurity reports. Notably, Interisle found that the .us top-level domain is being ...
Continue Reading

Organizations Tie Executive Pay to Cybersecurity Performance Hoping To Enhance Protection Against Hackers

Sep 8, 2023 8:13:59 AM By Stu Sjouwerman
Organizations have started to recognize the importance of tying executive pay to cybersecurity metrics. This practice is gaining traction among the largest U.S. companies, with nine ...
Continue Reading

New Telekopye Phishing Toolkit Uses Telegram-Based Bots To Turn Novice Scammers into Experts

Sep 8, 2023 8:13:13 AM By Stu Sjouwerman
The Telekopye toolkit allows scammers to create phishing websites, send fraudulent SMS messages and emails, and target popular Russian and non-Russian online marketplaces.
Continue Reading

Brand Impersonation Hits a New High with as Many as 73 Lookalike Domains Per Brand

Sep 8, 2023 8:12:44 AM By Stu Sjouwerman
The use of lookalike domains has reached critical mass with not just one counterfeit website, but many.
Continue Reading

Ransomware Attacks Speed up 44% Leaving Less Time for Detection and Response

Sep 8, 2023 8:12:00 AM By Stu Sjouwerman
New data suggests that the gangs and toolkits behind current ransomware attacks are materially improving their abilities, resulting in a speeding up of attacks before defenses kick in.
Continue Reading

Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods

Sep 8, 2023 8:00:00 AM By Stu Sjouwerman
Inadequate authentication measures leave your digital identity vulnerable to cybercriminals. Tools like multi-factor authentication, biometrics, passwords, PINs and tokens are more ...
Continue Reading

Scary New IT Admin Attack Exposes Your MFA Weakness

Sep 7, 2023 8:44:27 AM By Stu Sjouwerman
Identity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within ...
Continue Reading

CISA Says to Exercise Caution For Disaster-Related Malicious Scams

Sep 6, 2023 9:45:36 AM By Stu Sjouwerman
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are exploiting the recent hurricanes that have hit the US. Criminals frequently impersonate ...
Continue Reading

CyberheistNews Vol 13 #36 [Must Know] Top 10 Trends in Business Email Compromise for 2023

Sep 6, 2023 9:00:00 AM By Stu Sjouwerman
Continue Reading

How Secure Is Your Authentication Method?

Sep 6, 2023 8:53:21 AM By Roger Grimes
I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles ...
Continue Reading

Nearly One-Quarter of Financial-Themed Spam Emails are Phishing Attacks

Sep 1, 2023 10:23:14 AM By Stu Sjouwerman
While spam tends to be dismissed as being more of an annoyance, new research shows that there is a very real and ever-present threat in emails that are marked as “spam”.
Continue Reading

Cyberattacks Targeting Government Agencies and Institutions Increases in Q2 by 40%

Sep 1, 2023 10:22:53 AM By Stu Sjouwerman
New data shows a massive uptick in attacks across all industries, but a particularly worrisome growth in interest in targeting the public sector – and the indicators of who’s responsible ...
Continue Reading

New “Early Warning” System in the U.K. Tips Off Ransomware Targets

Sep 1, 2023 10:21:59 AM By Stu Sjouwerman
British Intelligence has come up with a potentially very effective means to disrupt ransomware attacks, but there seems to still be a few kinks in the system.
Continue Reading

New Adversary in the Middle Platform Circumvents MFA Protections “At Scale”

Sep 1, 2023 10:21:34 AM By Stu Sjouwerman
As Phishing as a Service (PhaaS) kits continue to evolve, news like recent attacks using the Greatness toolkit demonstrate how easy it is for novice attackers to access accounts despite ...
Continue Reading

You Asked and Here It Is! KnowBe4's New Content Manager Feature is Unveiled

Sep 1, 2023 8:00:00 AM By Stu Sjouwerman
We heard you, and we're thrilled to tell you about the all-new Content Manager feature for KMSAT!
Continue Reading

Labor Day Alert: Mobile Phishing Attacks on the Rise for Remote Employees

Aug 31, 2023 1:59:58 PM By Stu Sjouwerman
A recent survey by Lookout, Inc. warns for a specific attack vector as Labor Day approaches. The study shows that 85% of enterprise employees capable of remote work plan to do so on ...
Continue Reading

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Aug 31, 2023 12:18:44 PM By Stu Sjouwerman
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Continue Reading

Customers of Cryptocurrency FTX are Target of  Phishing Emails

Aug 31, 2023 11:06:04 AM By Stu Sjouwerman
Customers of the bankrupt cryptocurrency exchange FTX are already receiving phishing emails following a breach of personal data held by several crypto companies, CoinDesk reports.
Continue Reading

Open Redirect Flaws: The Newest Phishing Trick

Aug 30, 2023 3:45:49 PM By Stu Sjouwerman
No surprise: phishing attacks are on the rise, and an old technique is now--again--getting increasingly popular: open redirect flaws. These flaws allow attackers to redirect victims to ...
Continue Reading

Asking Claude AI For a Little Encryption Help... :-(

Aug 30, 2023 10:06:44 AM By Stu Sjouwerman
A friend sent me this:
Continue Reading
Subscribe

Search Our Blog


Cybersecurity Awareness Month Free Resource Kit

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews