KnowBe4

Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Adwind Trojan Uses Phishing To Circumvent Antivirus And Infect Workstations

Charlie Osborne reported at ZDNet that Adwind, a Remote Access Trojan (RAT) previously connected to attacks against industries worldwide, is back with a new toolkit designed to trick ...
Continue Reading

I Got Vished (and So Can Your Users)

Written by Guest Blogger Nick Cavalancia, Microsoft MVP Hear one cybersecurity expert’s experience of missing the signs and getting duped over the phone. If it can happen to him, it can ...
Continue Reading

Reminder: In Spite of Windows Flaws, Hackers Prefer Social Engineering

Nearly half of hackers surveyed at the recent Black Hat conference in Las Vegas admitted easily compromising both Windows 8 and 10 in the past year.
Continue Reading

Phishing Attack On Office 365 Account Leads To 3 Million CEO Fraud

A phishing attack on an Office 365-account enabled a 3 Mil CEO Fraud Scam at an investment firm.  Finnish antivirus company F-Secure reported on their blog. One of the employees at the ...
Continue Reading

[Heads-up] Two Interesting Things You Want To Know About Right Away

This is the very first time I am giving you a heads-up about a new, complimentary tool that you really should run ASAP. It's called Domain Doppelgänger and will be released Thursday ...
Continue Reading

Looking at Cyber Attacks From the Inside Out, It’s All About Social Engineering

Frances Zelazny, Vice President of BioCatch, gave a recent Tech Republic interview to share some insight into how hackers can access your passwords. It's familiar but worth reviewing, ...
Continue Reading

Don’t Pay Hackers Ransom: It Only Encourages Them

S mall and medium business owners often a ssume they're not a likely target of cybercrime. This is a dangerous mistake for to make. Cyber attacks on smaller organizations can be ...
Continue Reading

The Need for Security Champions as Part of Your Security Culture

Security cultures don’t exist within organizations because IT wills them to. With the increase in attacks, organizations need internal advocates for the necessary shift in corporate ...
Continue Reading

It Only Takes One Phish to Spoil Your IPO

The recent data breach of pre-IPO biotech firm Guardant Health shows how much impact a single successful phishing attack can have on an organization.
Continue Reading

Microsoft Office Macros Remain Top Choice for Malware Delivery

Microsoft Office documents containing malicious macros accounted for 45 percent of malware loaders in August 2018, according to a blog post by Cofense. These macros were used to deliver a ...
Continue Reading

Social Engineering, Just a Call Away

An email arrives, and you think it’s from your boss. Because it has your boss’s name on it, there's a huge psychological response, and you tend do what is requested. After a cordial ...
Continue Reading

WSJ: "Forget Passwords. It’s Time for Passphrases."

Mr. Henry Williams is a deputy editor for The Wall Street Journal in New York, and he reported on something we just also recommended. Here is an excerpt with a link to the full article at ...
Continue Reading

Cryptojacking 101: A First Look at Cryptomining Attacks

Your organization might just be making someone else money by allowing them to mine for cryptocurrency on your computers… and not even know it.
Continue Reading

When Does Effective Persuasion Become Manipulation and Social Engineering?

There’s a fine but clear line between ethical and unethical persuasion, says Joe Gray, a security consultant from the “Advanced Persistent Security” blog and podcast. Gray recently ...
Continue Reading

Brand-New Ransomware Simulator Tool Now with Cryptomining Scenario

Bad guys are constantly coming out with new malware versions to evade detection. That’s why we’ve updated our Ransomware Simulated tool “RanSim” to include a new cryptomining scenario! ...
Continue Reading

The Evolution Of "Friendly Name" Spoofing During Phishing Attacks

Our friends at Bleepingcomputer had a great article written by Ionut Ilascu I think you will like: "While phishing continues to be the prevalent threat in malware-less email-based ...
Continue Reading

WATCH IT - Current Events Will Be Misused for Phishing...AGAIN

Here are the latest Current Events phishes from the KnowBe4 team over the past few days, some prompted by warnings from US-CERT.
Continue Reading

Sixth Circuit Says Policyholder's Social Engineering Loss Covered By Computer Fraud Policy

Note: We blogged about a very similar 2nd  Circuit case earlier this year in CyberheistNews, the first paragraph below refers to that case.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews