Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

[INFOGRAPHIC] PhishER by the Numbers

Jan 16, 2023 9:22:16 AM By Stu Sjouwerman
PhishER, KnowBe4’s industry-leading Security Orchestration, Automation and Response (SOAR) platform, takes an otherwise complicated and inefficient threat management workflow and allows ...
Continue Reading

[New Feature] Continuously Monitor for Any Detected Password Vulnerabilities Within Your User Base with PasswordIQ

Jan 16, 2023 9:21:53 AM By Stu Sjouwerman
We’re thrilled to announce that the power of KnowBe4’s most popular free password security tool has been brought to your KnowBe4 console as a new feature!
Continue Reading

Check Point Software: "2022 Saw A Huge Rise In Cyberattacks"

Jan 16, 2023 8:42:12 AM By Stu Sjouwerman
Techradar reported that cyberattacks saw a significant rise in 2022, mostly due to the increase in organizations going virtual to combat the effects of the Covid-19 pandemic, and the rise ...
Continue Reading

[Ache In the Head] The Problems With Your Not-So-Secure Email Gateway

Jan 14, 2023 9:59:24 AM By Stu Sjouwerman
I have been doing some research on Secure Email Gateways. The picture is not that pretty.  Below I will summarize what I found.
Continue Reading

[Heads Up] Phishing Attacks Are Now The Top Vector For Ransomware Delivery

Jan 13, 2023 6:57:21 AM By Stu Sjouwerman
Phishing attacks are now the top vector for ransomware delivery, according to researchers at Digital Defense. Phishing emails can be highly tailored to specific employees in order to ...
Continue Reading

Government Workers as Phishing Targets

Jan 12, 2023 8:56:34 AM By Stu Sjouwerman
Government workers are prime targets for social engineering attacks, according to Kaitlyn Levinson at GCN. Attackers use different tactics to target government employees in specific ...
Continue Reading

21% of federal agency passwords cracked in their security audit

Jan 11, 2023 10:38:29 AM By Stu Sjouwerman
Some excellent work here. An internal US Government agency audit showed that a fifth of passwords were easy to crack. Their recently published study showed that hashes for well over ...
Continue Reading

Italian Cybercriminal Pleads Guilty to Phishing for Book Manuscripts

Jan 11, 2023 9:28:06 AM By Stu Sjouwerman
An Italian citizen named Filippo Bernardini has pleaded guilty in New York to stealing more than a thousand unpublished book manuscripts from various well-known authors. The targeted ...
Continue Reading

Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use Them

Jan 10, 2023 4:43:49 PM By Roger Grimes
The recent hack (at least 7th) of the LastPass password manager has lots of people wondering if they should use a password manager.
Continue Reading

CyberheistNews Vol 13 #02 [Bad Taste] There Is a New Trend in Social Engineering With a Disgusting Name; 'Pig-butchering'

Jan 10, 2023 9:00:00 AM By Stu Sjouwerman
Continue Reading

The Good, the Bad and the Truth About Password Managers

Jan 9, 2023 10:36:23 AM By Stu Sjouwerman
We strongly recommend that you use a password manager to reduce password reuse and improve complexity, but you may be wondering if it’s really worth the risk. Is it safe to store all of ...
Continue Reading

Phishing in the Service of Espionage

Jan 9, 2023 9:14:12 AM By Stu Sjouwerman
Reuters describes a cyberespionage campaign carried out by the hitherto little-known threat group researchers track as "Cold River." The group is circumstantially but convincingly linked ...
Continue Reading

A Look Back at Mobile Government Cyberattacks Shows Increased Attacks and Weaker Security

Jan 6, 2023 2:43:01 PM By Stu Sjouwerman
A rise in the reliance on unmanaged mobile devices, matched with a lack of patching and increased attacks seeking solely to steal credentials was a perfect storm for government.
Continue Reading

Ransomware and Fraudulent Funds Transfer are the Two Main Drivers of Cyber Loss

Jan 6, 2023 8:51:44 AM By Stu Sjouwerman
Representing more than half of all cyber loss, new data shows these attacks all begin with employees falling for social engineering, phishing, and business email compromise.
Continue Reading

New Crypto Scam Targets Flipper Zero Buyers Impersonating Legitimate Shops

Jan 5, 2023 1:40:59 PM By Stu Sjouwerman
Interest in the handheld open-source multi-function cybersecurity tool by techies has risen to a new campaign seeking to steal crypto funds through illegitimate “sales” of the device.
Continue Reading

Phishing Campaigns Impersonate the UK Government

Jan 5, 2023 8:34:42 AM By Stu Sjouwerman
The UK’s National Cyber Security Centre (NCSC) has outlined the top six most impersonated UK government agencies in 2022. The most impersonated entity was the National Health Service ...
Continue Reading

These grim figures show that the ransomware problem isn't going away

Jan 5, 2023 8:32:40 AM By Stu Sjouwerman
ZDNet summarized the problem as follows: "Up to 1,981 schools, 290 hospitals, 105 local governments and 44 universities and colleges were hit with ransomware in the US alone during 2022, ...
Continue Reading

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Jan 4, 2023 12:48:31 PM By Stu Sjouwerman
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Continue Reading

CyberheistNews Vol 13 #01 [Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks

Jan 4, 2023 9:30:00 AM By Stu Sjouwerman
Continue Reading

Using AI Large Language Models to Craft Phishing Campaigns

Jan 4, 2023 8:41:49 AM By Stu Sjouwerman
Researchers at Check Point have shown that Large Language Models (LLMs) like OpenAI’s ChatGPT can be used to generate entire infection chains, beginning with a spear phishing email. The ...
Continue Reading
Subscribe

Search Our Blog


Ransomware Hostage Rescue Manual

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews