Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

There is a New Trend in Social Engineering with a Disgusting Name; "Pig-butchering"

The technique began in the Chinese underworld, and it amounts to an unusually protracted form of social engineering. The analogy is with fattening up a pig, then butchering it for all ...
Continue Reading

Finance and Insurance Is the Sector Most Impacted by Data Breaches In 2022

Analysis of the year’s breaches shows Finance and Insurance businesses are the most targeted and have lost a material count of records as a result.
Continue Reading

One Out of 10 Threats Still Make It All the Way to the Endpoint

Despite good intentions, layered security measures, and efficacy claims by security solution vendors, new data shows that email-based threats are still getting all the way to the Inbox.
Continue Reading

Your KnowBe4 Fresh Content Updates from December 2022

Check out the 36 new pieces of training content added in December, alongside the always fresh content update highlights and new features.
Continue Reading

Phishing Activity Rose 130% in the Second Half of 2022, Representing Three-Quarters of All Email-Based Attacks

New data focused on cyberattacks in the second half of the year-to-date shows phishing taking the overwhelming lead as the initial attack vector of choice.
Continue Reading

[Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks

By Roger A. Grimes. KnowBe4 recommends that everyone use a password manager to create and use strong passwords as a part of their password policy ...
Continue Reading

[Eye Opener] Insurance policy doesn’t cover ransomware attack, Ohio Supreme Court says

Dec. 27, 2022, The Ohio Supreme Court ruled in favor of an insurance company, determining that its contract to cover any direct physical loss or damage to property did not encompass ...
Continue Reading

Attackers Pose as Facebook Support Using Legitimate Facebook Posts to Bypass Security Solutions

Impersonating Facebook using its own platform against them, a new phishing attack takes advantage of victim’s inability to distinguish legitimate from illegitimate.
Continue Reading

QBot Malware Attacks Use SVG files to Perform HTML Smuggling

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.
Continue Reading

Microsoft Warns of Signed Drivers Being Used to Terminate AV and EDR Processes

The malicious abuse of several developer program accounts in Microsoft’s Windows Hardware Developer Program allowed threat actors to have malware evade detection.
Continue Reading

The Number of Phishing Attacks Grows 15% in One Quarter, Reaching an All-Time High

New data shows that while ransomware remains somewhat flat, massive increases in business email compromise and response-based email attacks were seen last quarter.
Continue Reading

New Polymorphic Wiper Malware Leaves Attacked Environments “Unrecoverable”

As an apparent method of political commentary on the war in Ukraine, the new Azov wiper uses a mix of intermittent overwriting and trojanizing Windows binaries to annihilate its’ victims.
Continue Reading

Spear Phishing Campaign Targets Japanese Political Organizations

Researchers at ESET warn that a Chinese-speaking threat actor dubbed “MirrorFace” targeted Japanese political organizations with spear phishing emails in the run-up to the Japanese House ...
Continue Reading

"How I lost my dog and almost my Google credentials..."

A well-trained Knowster posted: "I lost my dog this weekend and my mother in law was trying to be helpful and put my real phone number on a few social media posts she made. Now im getting ...
Continue Reading

KnowBe4 Named a Leader in the Winter 2023 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR)

We are excited to announce that KnowBe4 has been named a leader in the Winter 2023 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for ...
Continue Reading

KnowBe4 Named a Leader in the Winter 2023 G2 Grid Report for Security Awareness Training

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares Security Awareness Training (SAT) vendors based on user reviews, customer ...
Continue Reading

Ivanti Report Shows Cybersecurity Practitioners Concentrating on Right Threats

A recent Ivanti report shows cybersecurity practitioners getting more focused on the threat landscape, but defenders may need to hone their attention to focus on the right threats. 
Continue Reading

’Tis the season for Scam-Folly Fa La La La La

The festive season is my favorite time of the year. It is a time to celebrate and reconnect with our family, friends and community and the one time in the year where the whole country ...
Continue Reading

XLL Files Used to Deliver Malware

Attackers are using XLL files to embed malicious code in Office documents, according to researchers at Cisco Talos. Microsoft is phasing out the ability to execute VBA macros in Office ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews