Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

WARNING: The List of Ransomware-Turned-Data Breach Operators is Getting Long

Jun 19, 2020 4:21:06 PM By Stu Sjouwerman
Seeing a better opportunity to generate more “revenue” from their victims, the idea of ransomware also exfiltrating data to be used to extort the payment is gaining steam.
Continue Reading

Top 12 Most Common Rogue URL Tricks

Jun 19, 2020 3:18:27 PM By Roger Grimes
It’s nearly impossible to find an Internet scam or phishing email that doesn’t involve a malicious Uniform Resource Locator (URL) link of some type. The link either directs the user to a ...
Continue Reading

[Heads Up] North Korean State Hackers Plan a June 21 COVID-19 Phishing Attack That Targets 5 Million in Six Nations

Jun 19, 2020 10:00:17 AM By Stu Sjouwerman
ZDNet reported: "Singapore, Japan, and the US are amongst six nations targeted in a COVID-19 themed phishing campaign that is reportedly scheduled for June 21, during which 8,000 ...
Continue Reading

[Heads Up] Australian Government and businesses hit by massive cyber attack from ‘sophisticated, state-based actor’

Jun 18, 2020 10:02:25 PM By Stu Sjouwerman
News.com.au reported that Australian Prime Minister Scott Morrison has "announced in an urgent press conference called this morning in Canberra, Mr Morrison said the ongoing, ...
Continue Reading

How to Keep SOX on Track During a Pandemic

Jun 18, 2020 1:39:14 PM By Stu Sjouwerman
It’s been several weeks since COVID-19 entered our vocabulary and made working from home the new normal, according to Accounting Today. Professionals over the last month are adapting to ...
Continue Reading

Find Out How to Use Your Organization's Data to Become a Risk Management Expert

Jun 18, 2020 11:13:37 AM By Stu Sjouwerman
Risk management is about recognizing the right risks, assigning the right likelihood, and assessing potential damage. Yet, most risk managers are doing it wrong, driven by decades of ...
Continue Reading

Microsoft on COVID-19 Themed Cyberattacks

Jun 18, 2020 9:33:19 AM By Stu Sjouwerman
Microsoft’s Threat Protection Intelligence Team has published a report providing a detailed look into the proliferation of COVID-19-themed phishing over the past several months. The ...
Continue Reading

[MSP News] Manage Your KnowBe4 Accounts Faster With NEW Managed Phishing Functionality

Jun 18, 2020 8:00:00 AM By Stu Sjouwerman
You have been asking for a better way to manage your multiple KnowBe4 accounts, and we heard you! We've made enhancements to the KnowBe4 phishing platform and added the NEW Managed ...
Continue Reading

The Face of APT Actors

Jun 18, 2020 7:00:00 AM By Javvad Malik
If I were to ask you to picture in your mind a shady criminal organisation consisting of cyber mercenaries, ones that took money from clients, asked no questions, and over the period of ...
Continue Reading

Researchers Uncover Six Years of Russian Attempts to Mold International Politics

Jun 17, 2020 4:06:43 PM By Stu Sjouwerman
Researchers uncover six-years-worth of Russian attempts to mold international politics using fake news and forged documents. Social media research group Graphika published today a ...
Continue Reading

Phony Data Theft, Like Phony Sextortion

Jun 17, 2020 9:55:30 AM By Stu Sjouwerman
Extortionists are sending phony threats to website owners informing them that their sites’ databases will be leaked unless they pay a ransom of between $1,500 and $3,000, BleepingComputer ...
Continue Reading

Increase in BLM Domain Names Forecasts BLM Phishing Attacks

Jun 16, 2020 3:26:04 PM By Roger Grimes
There has been a significant increase in DNS domain names containing blacklivesmatter or George Floyd’s name and there’s a good chance some of those are owned by people with malicious ...
Continue Reading

Twitter Takes Down Over 32,000  Nation State Accounts Involved in Disinformation Campaigns

Jun 16, 2020 3:14:08 PM By Stu Sjouwerman
Manipulation/disinformation campaigns are running rampant on social media and Twitter just took action -- again. "Disinformation" is a form of propaganda honed into an art form by Russia. ...
Continue Reading

CyberheistNews Vol 10 #25 [Eye Opener] "For a long time I've had a gap in my O365 security. PhishRIP is amazing and solves the problem."

Jun 16, 2020 10:17:38 AM By Stu Sjouwerman
Continue Reading

BEC Isn't Back; It Never Left

Jun 16, 2020 8:27:32 AM By Stu Sjouwerman
Business email compromise (BEC) attacks aren’t new, but they’re growing increasingly effective, according to Zeljka Zorz at Help Net Security. Zorz cites an article from BakerHostetler, ...
Continue Reading

Another Bitcoin Scam, with Bogus SpaceX on the Side

Jun 15, 2020 8:24:13 AM By Stu Sjouwerman
Scammers took over three popular YouTube channels and used them to impersonate the official SpaceX channel to generate cryptocurrency, according to Lisa Vaas at Naked Security. The ...
Continue Reading

Fraudsters Are Exploiting Newborns and Recently Deceased People

Jun 12, 2020 9:21:12 AM By Stu Sjouwerman
Criminals are crafting detailed fake identities using data belonging to newly born and recently deceased people, according to Sanjay Gupta, Vice President, Global Head of Products and ...
Continue Reading

Australian Beverage Manufacturer Shutdown IT Systems After Cyberattack

Jun 12, 2020 8:50:29 AM By Stu Sjouwerman
A cyberattack forced Australian beverage manufacturer Lion to shut down its IT system, interrupting manufacturing and orders, the company disclosed on June 9.
Continue Reading

Japan CERT: 75% of BEC Email Scams Involve the Forgery of an Invoice from a Business Partner

Jun 11, 2020 4:59:28 PM By Stu Sjouwerman
New research from the Japan Computer Emergency Response Team provides needed insight into what tactics and methods are used as part of Business Email Compromise scams.
Continue Reading

Multifactor Authentication Versus Credential Stuffing?

Jun 11, 2020 12:51:34 PM By Stu Sjouwerman
You shouldn’t assume multi-factor authentication will protect your accounts from credential stuffing attacks, according to Gerhard Giese at Akamai. Credential stuffing is a type of ...
Continue Reading
Subscribe

Search Our Blog


Ransomware Has Gone Nuclear Webinar

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews