Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

Smishing and Deepfakes Top the List of Cyber Attack Methods Expected in 2020

Jan 7, 2020 8:54:30 AM By Stu Sjouwerman
You want to know what to expect from data breaches, phishing attacks, and other calculated methods in 2020? There’s no better source than Experian’s seventh-annual Data Breach Industry ...
Continue Reading

Business Email Compromise Attack Uses a “Man-in-the-Middle” Email Attack to Steal $1M

Jan 7, 2020 8:49:03 AM By Stu Sjouwerman
Dubbed the “ultimate” Man-in-the-Middle attack by security researchers at Checkpoint, this CEO fraud attack shows how brazen cybercriminals can be – and how organizations need to be ...
Continue Reading

Ransomware Attacks Step Up their Game and Now Look for NAS Devices

Jan 7, 2020 8:42:09 AM By Stu Sjouwerman
It used to be that ransomware just looked for office files. Then backups became a secondary victim. New data from Kaspersky shows NAS devices are being added as targets.
Continue Reading

New TrickBot Malware Attack Leverages Google Drive to Deliver Its Payload and Ensure Infection

Jan 7, 2020 8:37:59 AM By Stu Sjouwerman
New details from Palo Alto Network’s Unit 42 research team show TrickBot rearing its ugly head once again, using legitimate cloud services – and employee greed – as its path to success. ...
Continue Reading

Penn State Warns of Spear Phishing Attacks

Jan 7, 2020 8:30:37 AM By Stu Sjouwerman
Penn State is warning its community about a recent spike in phishing attacks targeting the university’s employees. Attackers are sending emails posing as real Penn State employees and ...
Continue Reading

[FUN DEPT] So, How Do You Say Congrats In A *Really* Big Way?

Jan 6, 2020 4:45:53 PM By Stu Sjouwerman
I was scratching my head. How do you say Congrats to your team when they have done a truly AWESOME job in 2019, and totally knocked it out of the park in the last quarter?
Continue Reading

CyberheistNews Vol 10 #2 [Heads-Up] The U.S. Government Issues a Warning About a Possible New Wave of Iranian Cyber Attacks

Jan 6, 2020 10:42:25 AM By Stu Sjouwerman
CyberheistNews Vol 10 #02 [Heads-Up] The U.S. Government Issues a Warning About a Possible New Wave of Iranian Cyber Attacks Christopher C. Krebs, Director of America's CISA, the new ...
Continue Reading

Business Email Compromise During Tax Season: Spotting and Defending Against Common BEC Tax Scams

Jan 6, 2020 9:44:01 AM By Stu Sjouwerman
Tax season is upon us, which makes this prime time for hackers to target your unsuspecting users with the latest Business Email Compromise (BEC) scams. From evolved W2 fraud to ...
Continue Reading

Security Generation Gaps

Jan 6, 2020 8:48:51 AM By Stu Sjouwerman
People from different generations tend to approach cybersecurity differently. Organizations should tailor their security programs and phishing tests with this in mind. According to Azeem ...
Continue Reading

Announcing A New 8-Minute Training Module - Social Media: Staying Secure in a Connected World

Jan 6, 2020 7:00:00 AM By Stu Sjouwerman
As you probably know, social media is the number one place that attackers can get intel about your organization to make their "hacking of your humans" more effective. We have been hearing ...
Continue Reading

U.S. Government Issues Warning About Possible Iranian Cyberattacks

Jan 3, 2020 2:27:46 PM By Stu Sjouwerman
Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency issued a warning about a potential new wave of Iranian cyber-attacks targeting U.S. assets after Maj. ...
Continue Reading

Seven Kinds of Malware, and all Arrive by Social Engineering

Jan 3, 2020 9:25:59 AM By Stu Sjouwerman
Naked Security outlines seven different categories of malware and describes how each of them through social engineering techniques can affect your organization. Some or all of these ...
Continue Reading

Global Climate Change Phishbait

Jan 3, 2020 8:54:43 AM By Stu Sjouwerman
A number of phishing campaigns have been using Christmas-themed emails encouraging recipients to support climate activist Greta Thunberg, according to Paul Ducklin at Naked Security. ...
Continue Reading

Wawa Data Breach Class Action Filed

Jan 3, 2020 8:48:38 AM By Stu Sjouwerman
There was a massive data breach suffered by Wawa, a convenience store chain of more than 850 stores around the country. Wawa had recently disclosed that it had suffered a data breach that ...
Continue Reading

75% of European Enterprises Cite a Lack of Awareness Training a Challenge to Establish a Proper Cybersecurity Stance

Jan 3, 2020 7:00:00 AM By Stu Sjouwerman
The latest data from VMware and Forbes Insights shows organizations across EMEA are deficient in a number of fundamental cybersecurity needs.
Continue Reading

More Fake Windows 10 Updates Spell Hefty Ransoms for Victims

Jan 3, 2020 7:00:00 AM By Stu Sjouwerman
With Windows 7 ending support this month, organizations moving to or already on Windows 10 need to be wary of “update” phishing scams intent on installing ransomware.
Continue Reading

New Report Shows the Success of Business Email Compromise Come from a Calculated Attack Approach

Jan 3, 2020 7:00:00 AM By Stu Sjouwerman
The newest data from security vendor Barracuda provides insight into exactly how attackers execute BEC attacks and what makes them so successful.
Continue Reading

[Heads-up] Sextortion Crime Gang Now Uses New Tactics To Bypass Your Spam Filters

Jan 3, 2020 7:00:00 AM By Stu Sjouwerman
In a business environment, employees use Google Translate on a regular basis to get access to documents they need to work with, or websites that are in another language.
Continue Reading

Cities and Governments are the Latest Target in a New “Leakware” Attack

Jan 3, 2020 7:00:00 AM By Stu Sjouwerman
This new type of attack focuses on threatening to steal and publish data on the web, asking for a ransom to be paid to keep the attackers from doing so.
Continue Reading

Online Credential Scam Becomes a Phone Port Attack and then Turns into a Sextortion Scam

Jan 3, 2020 7:00:00 AM By Stu Sjouwerman
If experiencing a single cyberattack isn’t enough, this complex attack that shifted mid-stream demonstrates how attackers take advantage of victim details as an attack unfolds.
Continue Reading
Subscribe

Search Our Blog


Weak Password Test Contest

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews