Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Contact Tracing: Real and Bogus

Scammers are posing as COVID-19 contact tracers and attempting to trick people into handing over their payment information, NPR reports. The scammers are using phone calls, texts, and ...
Continue Reading

New Phishing Attack Uses a Compromised Vendor Account and Box to Elude Detection

Using legitimate email accounts is a great way for phishing emails to avoid being identified. Hosting malicious files on Box is another. Put them together and this attack reaches your ...
Continue Reading

[On-Demand] Stump the Shark: Ask Roger Grimes Your Most Burning IT Security Questions!

Have you ever wanted to pick the brain of one of the most prolific IT security experts? Now is your chance! In our “Ask Me Anything” session with Roger Grimes, Data-Driven Defense ...
Continue Reading

Check Your Email Rules for Maliciousness

Email rules have been used maliciously for decades. Learn about email rules and what you need to do to defend your organization against their malicious misuse.
Continue Reading

New Botnet Promising Free Shoes as Phishbait

Researchers at WhiteOps warn that a family of malicious Android apps are spreading a new ad-fraud botnet by promising free shoes and other products to users who install the apps. The ...
Continue Reading

Organizations Aren’t Prepared to Recover from Cyberattacks on Active Directory

Cybercriminals are increasingly leveraging Active Directory to spread malware and even hold the organization for ransom. New data suggests you’re nowhere near ready for it.
Continue Reading

Threat Group DeathStalker Uses PowerShell-based Implant Powersing to Hack into Financial Services Firms

Apparently focused on more intelligence gathering than taking direct malicious action against the organizations they compromise, this attack is filled with ingenuity.
Continue Reading

August Fresh Content Updates from KnowBe4: Including New Disinformation Training Content for Your Users

Here are a few important feature and fresh content updates to share with you for the month of August.
Continue Reading

CEO Fraud Wire Transfer Losses Soar 48% in Q2 2020

Business email compromise attacks—aka CEO Fraud— have taken shape this year, and according to Agari wire transfer losses have significantly increased by 48% in Q2 2020. The average losses ...
Continue Reading

CyberheistNews Vol 10 #36 [FUN] What (Really) Happens When You Type in a URL in an Address Bar in a Browser?

  CyberheistNews Vol 10 #36 [FUN] What (Really) Happens When You Type in a URL in an Address Bar in a Browser? I saw this post on Twitter with a fun and educational infographic that shows ...
Continue Reading

The Heart has Its Reasons, but Those Shouldn't Become an Enterprise Risk

The FBI has warned that victims of romance scams lost $475 million in 2019, BleepingComputer reports. In Idaho alone, nearly one hundred of these victims lost more than $1 million each. ...
Continue Reading

See How You Can Get Audits Done in Half the Time at Half the Cost

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
Continue Reading

How to Defend Against Phishes Coming from Trusted Partners

One of the most frequent concerns I hear from IT security practitioners and CISOs is the rise of phishing attacks coming from compromised trusted partners and contractors. The attackers ...
Continue Reading

Phishing with Slack-Files.com: Bad Guys Find Yet Another Free Host for Malicious Files

Slack, the ubiquitous communication and collaboration platform, has been getting more and more attention over the past few months as a potential phishing platform and target for malicious ...
Continue Reading

QBot is Back With New Phishing Tricks

Researchers at Check Point warn that the QBot banking Trojan now has the ability to hijack email threads on infected devices and send malicious emails to the victim’s contacts. The ...
Continue Reading

See Ridiculously Easy Security Awareness Training and Phishing

Join us for a live demo on Security Awareness Training and phishing in action!
Continue Reading

The U.K. is Under Massive Cyberattack and They Are Nowhere Near Prepared

New insights into the cybersecurity readiness of U.K. organizations shows cyberattacks are plentiful and costly, and there aren’t enough cybersecurity pros to help.
Continue Reading

Funding for startup U.K. Cybersecurity Firms has Increased by 940% Since Lockdown

Yes, 940%. The demand for cybersecurity has risen so much since COVID, that the U.K. is seeing a new cybersecurity business registered every week and massive job vacancies.
Continue Reading

Australian Financial Services Company is Sued for Repeatedly Being Hacked… and Doing Zero About It

The Australian Securities and Investments Commission (ASIC) is suing RI Advice Group for being hacked multiple times over a year’s time that includes 155 hours of undetected hacker ...
Continue Reading

One-Fifth of Organizations Have Experienced a Security Breach Due to Their Remote Workforce

Having a remote workforce has been keeping organizations running, but new data puts a spotlight on the realities of what preparations were taken and whether organizations are truly secure.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews