Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

[Whoa] Ransomware Strains Almost Double in Six Months from 5,400 to 10,666

Aug 19, 2022 8:57:35 AM By Stu Sjouwerman
A recent report from FortiGuard Labs saw ransomware strains double in total so far compared to 2021, and the year is not over yet.
Continue Reading

Piggybacking: Social Engineering for Physical Access

Aug 18, 2022 11:37:37 AM By Stu Sjouwerman
Tailgating or piggybacking is an old but effective social engineering technique to gain physical access to restricted areas, according to Rahul Awati at TechTarget. Tailgating is when a ...
Continue Reading

One-Third of Organizations Experience Ransomware Attacks At Least Weekly

Aug 18, 2022 8:17:10 AM By Stu Sjouwerman
New data shows attempted ransomware attacks are occurring far more frequently while a lack of confidence is found in security measures and solutions to stop ransomware attacks.
Continue Reading

Impersonation Phishing Attacks Increase as Credentials Take the Lead as the Primary Target

Aug 18, 2022 8:16:56 AM By Stu Sjouwerman
New data shows an upswell of email-based cyberattacks, with over 256 brands being impersonated, as social media, Microsoft, shipping, and ecommerce brands top the list.
Continue Reading

Hybrid Vishing Attacks Increase 625% in Q2

Aug 18, 2022 8:16:42 AM By Stu Sjouwerman
Reaching a six-quarter high in Q2, hybrid vishing attacks have increased six times that of the hybrid-vishing attacks experienced in Q1 2021.
Continue Reading

Organizations Holding Cyber Insurance Policies May Get Stuck with the Bill in a Phishing Loss

Aug 18, 2022 8:16:28 AM By Stu Sjouwerman
Plenty of new anecdotal and legal case-based stories are demonstrating that just because your organization has a policy doesn’t mean it’s actually going to pay out after an attack.
Continue Reading

Social Engineering for Espionage and Influence

Aug 17, 2022 9:20:19 AM By Stu Sjouwerman
Microsoft has disrupted operations carried out by a Russian government-aligned threat actor tracked as “SEABORGIUM.” The threat actor uses phishing and credential harvesting to conduct ...
Continue Reading

More Super Targeted Spear Phishing Ahead

Aug 16, 2022 3:42:05 PM By Roger Grimes
Hardly a day goes by without a news alert about the latest HUGE data breach. It’s so commonplace today that it rarely rates showing at the top of the news. In a newspaper, the ...
Continue Reading

Children of Conti go Phishing

Aug 16, 2022 11:57:46 AM By Stu Sjouwerman
Researchers at AdvIntel warn that three more ransomware groups have begun using the BazarCall spear phishing technique invented by the Ryuk gang (a threat group that subsequently ...
Continue Reading

CyberheistNews Vol 12 #33 [Eye Opener] Recent Cisco Hack by Ransomware Group Started Because of a Phishing Attack

Aug 16, 2022 9:34:25 AM By Stu Sjouwerman
Continue Reading

Initial Access Broker Phishing

Aug 15, 2022 9:07:30 AM By Stu Sjouwerman
Cisco has disclosed a security incident that occurred as a result of sophisticated voice phishing attacks that targeted employees, according to researchers at Cisco Talos. The researchers ...
Continue Reading

U.S. Government Warns of Increased Texting Scams as Mobile Attacks are Up 100%

Aug 12, 2022 8:47:48 AM By Stu Sjouwerman
Cyberattacks via SMS messaging are on the rise, and are having such an impact, the Federal Communications Commission has released an advisory on Robotext phishing attacks (or smishing).
Continue Reading

Massive Network of Over 10,000 Fake Investment Sites Targets Europe

Aug 12, 2022 8:47:44 AM By Stu Sjouwerman
Using a mix of compromised social media accounts, social engineering, call center agents, and some convincing websites, this latest scam seeks to get victims to repeatedly “invest”.
Continue Reading

Phishing-as-a-Service Platform “Robin Banks” Helps Cybercriminals Target Customers of Financial Institutions

Aug 11, 2022 9:29:14 AM By Stu Sjouwerman
Initial Access Brokers (IABs) are one of the new breeds of cybercrime services. But this newest PhaaS platform makes it easy for anyone to target banks for as little as $50 monthly.
Continue Reading

92% of Organizations Have Experienced a Security Incident as a Result of an Email-Borne Threat

Aug 11, 2022 9:29:08 AM By Stu Sjouwerman
New data shows that not only are email-borne threats increasing, but that current integrated cloud email security solutions do little to detect and stop advanced email-based threats.
Continue Reading

New Paypal Phishing Scam Uses “Legitimate” Invoices to Reach Victim Inboxes

Aug 11, 2022 9:29:02 AM By Stu Sjouwerman
Newer phishing scams are looking for ways to make legitimate websites do the work of delivering malicious messages to unsuspecting victims – this new scam achieves it perfectly.
Continue Reading

SolidBit Ransomware Targets League of Legends Players

Aug 11, 2022 9:28:56 AM By Stu Sjouwerman
Researchers at Trend Micro warn that a SolidBit ransomware variant is being distributed via fraudulent software targeting video game players and social media users. The malware is being ...
Continue Reading

Recent Cisco Hack by Ransomware Group Started Because of a Phishing Attack

Aug 11, 2022 8:59:06 AM By Stu Sjouwerman
In a recent article by Forbes, Cisco confirmed that they were hacked by a ransomware group as the group of cybercriminals published a partial list of files that were claimed to be ...
Continue Reading

The Top 8 Most Common Types of DNS Records

Aug 10, 2022 9:46:07 AM By Stu Sjouwerman
This article is a good technical overview of DNS that can help you prevent spoofing. This is a cross-post from the EasyDMARC blog, a new KnowBe4 Ventures portfolio company. 
Continue Reading

DPRK Operators Impersonate CoinBase

Aug 10, 2022 8:44:55 AM By Stu Sjouwerman
North Korea’s Lazarus Group is running a new phishing campaign targeting Coinbase accounts, BleepingComputer reports. The threat actors are posing as Coinbase and targeting people with ...
Continue Reading
Subscribe

Search Our Blog


Cybersecurity Awareness Month 2022 Free Resource Kit

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews