Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

New Lazarus Spearphishing Attack on Crypto Organizations Uses a LinkedIn Job Posting as its Front

What better way to gain complete control over a crypto organization’s network that to target their sysadmin with a Job Posting and then spear phish them?
Continue Reading

Tesla and the FBI just prevented a $1 million ransomware hack at the Nevada Gigafactory

Fred Lambert at Electrek just reported on a story we published Aug 26th, and he reveals who was targeted: "Tesla and the FBI worked together to prevent a group of ransomware hackers from ...
Continue Reading

The Bureau Explains How Tech Support Scams Work

Tech support scams function like organized businesses and consist of various criminals fulfilling different roles, according to court documents obtained by ZDNet. The documents contain ...
Continue Reading

Russian Charged With Trying to Recruit Employee to Plant Ransomware in US Company

Michael Kan at PC Mag reported: "According to the FBI, Egor Igorevich Kriuchkov promised to pay as much as $1 million to the employee to help his shadowy group steal data from a ...
Continue Reading

Recent Phishing Scam Sends Uncertain Employment and Bogus Layoff Notices

Scammers have been exploiting people’s fears by posing as HR employees and sending emails informing recipients that they’ve been laid off, according to Kaspersky’s spam and phishing ...
Continue Reading

What happens when you type in a URL in an address bar in a browser?

I saw this post on twitter with a fun and educational infographic that shows it's quite a complicated affair where lots of things can go wrong.  Here is the infographic, and if you click ...
Continue Reading

Watch Out! Cybersecurity and Infrastructure Security Agency Warn of New VBA Attack Designed to Deploy KONNI Remote Administration Tool

A new alert from CISA outlines just how dangerous and intrusive the KONNI malware is in organizations that fall for phishing attacks using Word attachments with malicious VBA code.
Continue Reading

[Heads Up] Weaponized Disinformation Campaigns Skyrocket; KnowBe4 Releases New Spot & Stop DisInfo Training Module

Disinformation is a potent weapon in the current cold cyberwar arsenal. DisInfo attacks are skyrocketing and the number of countries using organized social media manipulation is going up ...
Continue Reading

New Vishing Attacks Pretend to Be Internal IT to Scam Users from Financial Firms Out of Their Credentials

Dozens of banks, cryptocurrency exchanges, and web hosting firms have experienced vishing attacks aimed at eventually stealing cryptocurrency from high net-worth customers.
Continue Reading

[HEADS UP] There's No Beta for Cyberpunk 2077

Scammers are sending phishing emails purporting to offer beta access to the highly anticipated video game Cyberpunk 2077, Eurogamer reports. These scams have been occurring for at least a ...
Continue Reading

Phishing Summit - Mitigation, Forensics and Eye-opening Phishing Research

Looks like things are getting crazier by the month, right? The recent Twitter attack shows that all organizations are susceptible to social engineering attacks. Unfortunately, very few ...
Continue Reading

An Embarrassment of Riches: Malicious Actors Target AWS Accounts

Amazon is an obvious target for malicious actors looking to leverage the trust and authority enjoyed by a widely known online service or brand in malicious emails and social engineering ...
Continue Reading

Conversations with a Phisher

Phishing campaigns display varying levels of sophistication depending on how much time and effort the attackers are willing to invest in a particular target, according to Steven Murdoch, ...
Continue Reading

[Heads Up] DarkSide: Sophisticated New Customized Ransomware Strain Demands Millions Of Dollars

Breaking News: A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. But ...
Continue Reading

Ukrainian Gang Responsible for Laundering More Than $42 Million Arrested as Part of Operation “Bulletproof Exchanger”

A group of cybercriminals responsible for helping ransomware gangs convert their cryptocurrency into cash were arrested in June, according to new details released this week.
Continue Reading

New Vishing Scam Targets Diners at London’s Prestigious Ritz Hotel

Aimed at stealing credit card details from restaurant patrons, this new scam feels like it’s something we’re going to hear about a lot more.
Continue Reading

The Seven Dimensions of Security Culture: Attitudes

KnowBe4’s Security Culture Report is the result of data collected from 120,000 global employees in the following industries: Banking, Financial Services, Insurance, Consulting, Business ...
Continue Reading

The Most Effective Attacks Are Often the Simplest

The recent Twitter hack shows that devastating security breaches don’t always involve sophisticated actors or methods, according to Rachel Tobac, CEO of SocialProof Security. On the ...
Continue Reading

Watch Out for OAuth Phishing Attacks and How You Can Stay Safe

A steadily growing phishing trend involves phishing emails which attempt to modify your OAuth permissions. Simply clicking on one Allow button or hitting ENTER by mistake can ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews