Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Roblox Game 'Hack-A-Cat' Now Part of the Free KnowBe4 Children’s Interactive Cybersecurity Activity Kit

If you haven’t heard of Roblox, you probably don’t have kids like me. Roblox is an online virtual world/metaverse that has been around since 2006 that allows people to play with others ...
Continue Reading

Use of Generative AI Apps Jumps 400% in 2023, Signaling the Potential for More AI-Themed Attacks

As the use of Cloud SaaS platforms of generative AI solutions increases, the likelihood of more “GPT” attacks used to gather credentials, payment info and corporate data also increases.
Continue Reading

North Korean Threat Actor Targeting Cybersecurity Researchers With Spear Phishing Attacks

A suspected North Korean state-sponsored threat actor called “ScarCruft” is launching spear phishing attacks against cybersecurity professionals, according to researchers at SentinelOne.
Continue Reading

Myth of Massive Data Breach Busted: Big Headlines Mask a Minor Threat

Ok, I'll admit it, I was swept up in the moment last week and wrote a short blog post that more or less summarized the tsunami of news about that huge data breach initially reported by ...
Continue Reading

Facebook Phishing Scams Target Concerned Friends and Family

BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles ...
Continue Reading

AI Does Not Scare Me, But It Will Make The Problem Of Social Engineering Much Worse

I am not scared of AI. What I mean is that I do not think AI is going to kill humanity Terminator-style. I think AI is going to be responsible for more cybercrime and more realistic ...
Continue Reading

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

The Russian state-sponsored threat actor “COLDRIVER” is launching phishing campaigns against “high profile individuals in NGOs, former intelligence and military officers, and NATO ...
Continue Reading

Russian Hackers Win Big: Microsoft's Senior Exec Team Emails Breached

In a Friday regulatory filing, Microsoft has reported that its corporate email accounts were compromised by a Russian state-sponsored hacking group known as Midnight Blizzard, also ...
Continue Reading

Facebook Work-From-Home “Job” Posting Scam Goes the Extra Mile to Trick Victims

A new job posting scam found by IT security company Qualysys is focused on capturing victim’s identity details, accessing victim’s Facebook accounts, and committing fraud. In this new ...
Continue Reading

More Than Half of Data Breaches in the U.K.’s Legal Sector are Due to Insider Error

A new analysis of data breaches in the United Kingdom's legal sector shows that organizations need to be looking inward more and look for ways to elevate the security awareness of ...
Continue Reading

Scammers Target Owners of Missing Pets

Some particularly cold-hearted scammers are targeting users of lost pet forums with phony ransom demands, the BBC reports.
Continue Reading

‘Swatting’ Becomes the Latest Extortion Tactic in Ransomware Attacks

Rather than stick to traditional ransomware extortion methods that revolve around the attack itself, a new form of extortion known as Swatting puts the focus on the victim organization’s ...
Continue Reading

Ninety-Four Percent of Organizations Sustained Phishing Attacks Last Year

A survey by Egress has found that 94% of organizations were hit by phishing attacks in 2023, Infosecurity Magazine reports. Additionally, 91% of firms experienced data loss and ...
Continue Reading

Malicious APKs Drain Bank Accounts

A phishing campaign is targeting Chinese users in an attempt to distribute malicious apps, according to researchers at Palo Alto Networks’s Unit 42.
Continue Reading

Cryptocurrency Drainer Distributed Through Phishing

Mandiant has published a report on “CLINKSINK,” a cryptocurrency Drainer-as-a-Service (DaaS) that’s targeting users of the Solana currency.
Continue Reading

LinkedIn is Being Used for *Dating* – It’s a Recipe for Disaster

A new article explains how business professionals are beginning to be not-so-professional and seeking to make personal connections. It’s only a matter of time before cybercriminals jump ...
Continue Reading

Analysis of Phishing Emails Shows High Likelihood They Were Written By AI

It’s no longer theoretical; phishing attacks and email scams are leveraging AI-generated content based on testing with anti-AI content solutions.
Continue Reading

Women CyberSecurity Society Targeted by Smishing Campaign

The Canada-based Women CyberSecurity Society (WCS2) has warned that its leadership, members, and volunteers are being targeted by an SMS phishing (smishing) campaign, IT World Canada ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews