Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

BEC Incidents Intent on Invoice or Payment Fraud Increase 155% Across All Industries

Business Email Compromise appears to be back in the saddle again, as attackers use simple social engineering and domain impersonation to trick victims into paying up.
Continue Reading

Ryuk Ransomware Takes a Single Victim for $34 Million in Ransom

A new report from Security Researcher Vitali Kremez puts the spotlight on exactly how the group behind Ryuk ransomware is successful in infecting and obtaining payment from its victims.
Continue Reading

Threat Actors Use Fake Sites for Espionage

Researchers at Volexity report that the Vietnamese threat actor OceanLotus has been using phony news and bogus activist websites to track users, or to trick them into downloading malware. ...
Continue Reading

Fake Microsoft Teams Updates to Infect Systems

According to Bleeping Computer, ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems. The infection would deploy Cobalt Strike to compromise the ...
Continue Reading

The Most Common Password Frustrations

We all know the well-worn adage to make our passwords long and complex. Sometimes trying to do so can be completely frustrating.
Continue Reading

Cyber Security Awareness Month is Over... Now What?

October was Cyber Security Awareness Month, the month during which many organisations and individuals contributed their ideas, shared content and helped educate each other on the ...
Continue Reading

Malicious Macros Remain Highly Effective

Microsoft Office documents with malicious macros are still one of the top choices for attackers of all skill levels, according to Craig Williams from Cisco Talos. On the CyberWire’s ...
Continue Reading

Brand-New Ransomware Simulator Now With 21 Latest Infection Scenarios

As ransomware techniques continue to evolve, a newer ‘name-and-shame’ tactic is responsible for a significant increase in ransomware attacks this year. The bad guys continue to demand ...
Continue Reading

Cybercriminals Target Brazilian Government in a Ransomware Attack

The bad guys managed to fully encrypt Brazil's Superior Court of Justice (SCJ), Ministry of Health, and Government of the DF this week. Technicians from SCJ discovered that there was a ...
Continue Reading

6 Lessons I Learned from Hacking 130 MFA Solutions

I was fortunate enough to write Wiley’s Hacking Multifactor Authentication. It’s nearly 600-pages dedicated to showing attacks against various multi-factor authentication (MFA) solutions ...
Continue Reading

Unfortunate Learning Lessons from Clicking on a Suspicious Phishing Email

Israeli news source YNet released a story about a woman who clicked on a suspicious phishing link, was fired from her job, and was accused of fraud with a criminal indictment.
Continue Reading

Phishing Links Sent Via Legitimate Google Drive Notifications

Scammers are abusing a Google Drive feature to send phishing links in automated email notifications from Google, WIRED reports. By mentioning a Google user in a Drive document, the ...
Continue Reading

Cannabis Company GrowDiaries Suffers Data Breach of 3.4 Million Users

A recent report from SiliconANGLE released information that cannabis company GrowDiaries suffered a data breach with details of 3.4 million users being exposed online. 
Continue Reading

Thinking Skeptically About Smishing

Organizations need to train their employees to be on the lookout for SMS phishing (smishing), according to Jennifer Bosavage at Dark Reading. Bosavage explains that attackers exploit ...
Continue Reading

[On-Demand Webinar] Top 5 IT Security Myths Your CISO Believes Are True… BUSTED!

Facts are facts, but what happens when IT security pros take myths at face value?
Continue Reading

Organizational Security Posture Effectiveness Declines by 38% Due to COVID

Remote workforces, insecure devices, a lack of multi-factor authentication, and a lack of user education all add up to a security nightmare for the average organization today.
Continue Reading

WARNING: Americans’ Password Habits are Horrible, Putting Organizations at Risk

New data shows the average American uses short, uncomplicated, and often predictable passwords, practices which only increase the insecurity of corporate user accounts.
Continue Reading

Cyber Insurers Expect to Raise Ransomware Policy Premiums as Much as 25%

The increase in the frequency of ransomware attacks, as well as the rise in the demanded ransom amounts is causing cyber insurers to change tactics to limit their risk.
Continue Reading

Manipulation by Disinformation: How Elections are Swayed

Security Serious Week 2020 focused on disinformation, and there were many talks, tweetchats, presentations, panel discussions, and blogs.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews