Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Researchers Warn of EtterSilent Facilitating Risky Malware Delivery

Cybercriminals are using a new malicious document builder dubbed “EtterSilent,” according to researchers at Intel 471. The builder is used to craft Microsoft Office documents with macros ...
Continue Reading

Lazarus Group Uses New Technique to Avoid Detection

North Korea’s Lazarus group is using an interesting method to evade security measures, according to researchers at Malwarebytes. The threat actor is sending phishing emails with malicious ...
Continue Reading

Evil Corp Tries to Work Around U.S. Treasury Sanctions Using Hades Ransomware

The cybercriminal group linked to over $100 Million in financial damages has pivoted their execution strategy to bypass sanctions that prevent U.S. companies from paying them ransom.
Continue Reading

New Ransomware Task Force Shares Actions To Disrupt Ransomware Cyber Crime

The Ransomware Task Force, a public-party coalition of more than 50 experts, has shared a framework of actions to disrupt the ransomware business model.
Continue Reading

Phishing Campaign Abuses Contact Forms

Attackers are abusing websites’ contact forms to send malicious emails to the websites’ owners, according to researchers at Microsoft. The emails contain bogus copyright claims with a ...
Continue Reading

Mobile is a Problem: 97% of Organizations Experienced Mobile Attacks in 2020

Everything from applications, social apps, OS vulnerabilities and even mobile device management acted as initial attack vectors troubling nearly every single organization globally.
Continue Reading

Cybercriminals Use Job-Specific Social Media Platforms to Target UK Citizens With Fake Accounts

At least 10,000 UK citizens have been targeted by nation-state actors via fake LinkedIn accounts over the past five years, the BBC reports. Ken McCallum, Director-General of MI5, said ...
Continue Reading

Phishing Tactics Help Legitimate Pension Fund to Secure Meetings with Prospective Customers

Security researchers uncover a marketing campaign that takes a page from the cybercriminal phishing handbook to “trick” pensioners to have an introductory call with their fund expert.
Continue Reading

The Darkside Ransomware Group Is the Dangerous Poster Child for Today’s Ransomware-as-a-Service

Looking beyond the “older” RaaS threat groups like Ryuk, DoppelPaymer, and Revil, today’s modern ransomware-as-a-service operator is far more business-like and specific in execution.
Continue Reading

A Legitimate Charity Prompts Scam Imitators

Scammers are impersonating philanthropist Mackenzie Scott, the billionaire ex-wife of Jeff Bezos, the New York Times reports. Scott prefers to give money directly and contacts charities ...
Continue Reading

FBI Obtains Authorization to Access US Servers to Remove Webshells Due to Exchange Vulnerability

Your server could have been compromised and the FBI was trying to mitigate the issue without you even knowing it yet.
Continue Reading

Forrester TEI Study Shows KnowBe4 Can Deliver a Customer ROI of 276% with a Less Than 3-Month Payback

KnowBe4 commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study, examining the potential Return on Investment (ROI) enterprises might realize by implementing the ...
Continue Reading

Eavesdrop on the Back-and-Forth of Negotiating with a Criminal Ransomware Organization

Details around the recent successful ransomware attack on fashion retailer FatFace provide some insight into what you should expect when you become a victim.
Continue Reading

Currently Popular Social Engineering Tactics

Criminals are exploiting new technology to launch updated versions of old attacks, according to Derek Slater at CSO. George Gerchow, CSO at Sumo Logic, told Slater that threat actors are ...
Continue Reading

COVID-Related Phishing Attacks Return to Mid-Pandemic Heights

New data from Palo Alto Network’s Unit42 provides a wealth of insight into specifically how cybercriminals have leveraged COVID-related theming to ensure a successful phishing attack.
Continue Reading

[INFOGRAPHIC] Q1 2021 Report Shows Users are More Savvy to COVID-19 Phishing Scams

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...
Continue Reading

[New Benchmarking Feature] Compare Your Organization’s Security Awareness Proficiency with Other Companies in Your Industry

We are excited to announce that the KnowBe4 Industry Benchmarking feature has been expanded to now include industry benchmark comparison data for Security Awareness Proficiency Assessment ...
Continue Reading

2021 Phishing Trends Face Alarming Predictions and Will Likely Include Automated Attacks

Researchers at INKY warn that targeted phishing attacks will continue throughout 2021, as some employees return to the office and others continue working from home. They predict that ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews