KnowBe4 Blog

The Good, the Bad, and the Ugly About MFA

I have been in computer security for over 34 years now. Yeah, even I cannot believe how long it has been. I have been a penetration tester over 20 of those years and worked on dozens of ...

CyberheistNews Vol 11 #10 [Heads Up] The Bad Guys Now Likely Own Your Exchange OWA Server

The Different Scenarios How Backups are Vulnerable to Ransomware Attacks

Organizations need to ensure that their data backups aren’t tampered with by attackers, according to security firm Datto. In an article for Channel Futures, Datto explained that backups ...

WSJ: Russian Disinformation Campaign Aims to Undermine Confidence in Covid-19 Vaccines

The Wall Street Journal reports: " Russian intelligence agencies have mounted a campaign to undermine confidence in Pfizer Inc.’s and other Western vaccines, using online publications ...

[Heads Up] The Bad Guys Have Likely Hacked Your Exchange Email Server

What if Chinese state-sponsored hackers have owned your OWA using several brand-new zero-day vulns? Or Eastern Europe ransomware gangs? On March 2, Microsoft released emergency security ...

Think Your Cyber Insurance is Going to Cover that $6 Million in Cyber Fraud? Think Again.

The latest tale of an organization falling victim to a business email compromise attack on their credit card processor highlights how very specific the scenario needs to be to see a ...

1 in 4 Business Email Compromise Attacks Use Lookalike Domains to Trick Victims

The latest Data on BEC scams shows how the bad guys are using a mix of gmail accounts, increases in stolen wire transfers, and a shift to payroll diversions to trick you out of your money.

Phishing Attacks Continue to Impersonate Trusted Brands to Deceive Potential Victims

The use of impersonation in phishing attacks helps to establish credibility and a sense of ease. New data shows exactly how the bad guys are using this tactic to their advantage.

Vendor Email Compromise is Officially A Big (Seven-Figure) Problem

While the Solarwinds “sunburst” attack brought to light the compromising of a vendor, VEC has been around for some time and now seems to be going mainstream.

Phishing Scammers Send a Fake “Private Shared Document” as the Initial Attack Vector for Stealing LinkedIn Credentials

A new social engineering scam demonstrates how cybercriminals are both evolving their tactics while still using tried and true methods that just work to attain their goals.