Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

From Boredom to Engagement: Gamification in Cybersecurity Awareness

As someone who can barely keep up when my 10-year-old shows me around his Minecraft worlds, I was a bit apprehensive about writing a review of our gamified cybersecurity awareness module. ...
Continue Reading

UK Cybersecurity Org Offers Advice for Thwarting BEC Attacks

The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organizations defend themselves against business email compromise (BEC) attacks, especially those ...
Continue Reading

Don't Let Criminals Steal Your Summer Fun

Summer has finally arrived in certain parts of the world, and with it come many exciting events — from the grandeur of the Olympics to the grass courts of Wimbledon, from the electrifying ...
Continue Reading

Malicious Use of Generative AI Large Language Models Now Comes in Multiple Flavors

Analysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams.
Continue Reading

Announcing KnowBe4 Student Edition: Cybersecurity Education Tailored for the Next Generation

I recently heard another heartbreaking story of students who were scammed out of financial aid by a phishing attack. We have also heard stories of employment scams and social media based ...
Continue Reading

The Shadow War: Cognitive Warfare and the Politics of Disinformation

For better or for worse, we live in a world that is an anarchy of nations. Over the last few decades, warfare has transcended traditional battlefields. We may already be experiencing a ...
Continue Reading

Newly Updated Grandoreiro Banking Trojan Distributed Via Phishing Campaigns

Researchers at IBM X-Force are tracking several large phishing campaigns spreading an updated version of the Grandoreiro banking trojan.
Continue Reading

Cyber Insurance Claims Rise Due To Phishing and Social Engineering Cyber Attacks

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem.
Continue Reading

New Threat Report Finds Nearly 90% of Cyber Threats Involve Social Engineering

Analysis of over 3.5 billion attacks provides insight into where threat actors are placing their efforts and where you should focus your cyber defenses.
Continue Reading

Verizon: The Human Element is Behind Two-Thirds of Data Breaches

Despite growing security investments in prevention, detection and response to threats, users are still making uninformed mistakes and causing breaches.
Continue Reading

8 out of 10 Organizations Experience a Cyber Attack and Attribute Users as the Problem

Regardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it.
Continue Reading

Scam Service Attempts to Bypass Multi-factor Authentication

A scam operation called “Estate” has attempted to trick nearly a hundred thousand people into handing over multi-factor authentication codes over the past year, according to Zack ...
Continue Reading

Black Basta Ransomware Uses Phishing Flood to Compromise Orgs

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack.
Continue Reading

Phishing and Pretexting Dominate Social Engineering-Related Data Breaches

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data.
Continue Reading

FBI Warns of AI-Assisted Phishing Campaigns

The US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks.
Continue Reading

How Come Unknown Attack Vectors are Surging in Ransomware Infections?

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I understand why.
Continue Reading

Attackers Leveraging XSS To Make Phishing Emails Increasingly Evasive

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links ...
Continue Reading

Alert: Nova Scotians Hit by Surge of Sophisticated Spear Phishing Scams

The Royal Canadian Mounted Police (RCMP) in Nova Scotia is warning of spear phishing attacks that impersonate company managers. The scammers text company employees requesting a payment to ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews