Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

BEC Incidents Intent on Invoice or Payment Fraud Increase 155% Across All Industries

Nov 10, 2020 8:29:59 AM By Stu Sjouwerman
Business Email Compromise appears to be back in the saddle again, as attackers use simple social engineering and domain impersonation to trick victims into paying up.
Continue Reading

Ryuk Ransomware Takes a Single Victim for $34 Million in Ransom

Nov 10, 2020 8:25:48 AM By Stu Sjouwerman
A new report from Security Researcher Vitali Kremez puts the spotlight on exactly how the group behind Ryuk ransomware is successful in infecting and obtaining payment from its victims.
Continue Reading

Threat Actors Use Fake Sites for Espionage

Nov 10, 2020 8:21:20 AM By Stu Sjouwerman
Researchers at Volexity report that the Vietnamese threat actor OceanLotus has been using phony news and bogus activist websites to track users, or to trick them into downloading malware. ...
Continue Reading

Fake Microsoft Teams Updates to Infect Systems

Nov 9, 2020 5:46:07 PM By Stu Sjouwerman
According to Bleeping Computer, ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems. The infection would deploy Cobalt Strike to compromise the ...
Continue Reading

The Most Common Password Frustrations

Nov 9, 2020 5:01:48 PM By Roger Grimes
We all know the well-worn adage to make our passwords long and complex. Sometimes trying to do so can be completely frustrating.
Continue Reading

Cyber Security Awareness Month is Over... Now What?

Nov 9, 2020 2:52:31 PM By Javvad Malik
October was Cyber Security Awareness Month, the month during which many organisations and individuals contributed their ideas, shared content and helped educate each other on the ...
Continue Reading

Malicious Macros Remain Highly Effective

Nov 9, 2020 8:25:12 AM By Stu Sjouwerman
Microsoft Office documents with malicious macros are still one of the top choices for attackers of all skill levels, according to Craig Williams from Cisco Talos. On the CyberWire’s ...
Continue Reading

Brand-New Ransomware Simulator Now With 21 Latest Infection Scenarios

Nov 9, 2020 8:00:00 AM By Stu Sjouwerman
As ransomware techniques continue to evolve, a newer ‘name-and-shame’ tactic is responsible for a significant increase in ransomware attacks this year. The bad guys continue to demand ...
Continue Reading

Cybercriminals Target Brazilian Government in a Ransomware Attack

Nov 5, 2020 4:02:07 PM By Stu Sjouwerman
The bad guys managed to fully encrypt Brazil's Superior Court of Justice (SCJ), Ministry of Health, and Government of the DF this week. Technicians from SCJ discovered that there was a ...
Continue Reading

6 Lessons I Learned from Hacking 130 MFA Solutions

Nov 5, 2020 2:16:43 PM By Roger Grimes
I was fortunate enough to write Wiley’s Hacking Multifactor Authentication. It’s nearly 600-pages dedicated to showing attacks against various multi-factor authentication (MFA) solutions ...
Continue Reading

Unfortunate Learning Lessons from Clicking on a Suspicious Phishing Email

Nov 5, 2020 11:19:02 AM By Stu Sjouwerman
Israeli news source YNet released a story about a woman who clicked on a suspicious phishing link, was fired from her job, and was accused of fraud with a criminal indictment.
Continue Reading

Phishing Links Sent Via Legitimate Google Drive Notifications

Nov 5, 2020 8:24:27 AM By Stu Sjouwerman
Scammers are abusing a Google Drive feature to send phishing links in automated email notifications from Google, WIRED reports. By mentioning a Google user in a Drive document, the ...
Continue Reading

Cannabis Company GrowDiaries Suffers Data Breach of 3.4 Million Users

Nov 4, 2020 9:52:36 AM By Stu Sjouwerman
A recent report from SiliconANGLE released information that cannabis company GrowDiaries suffered a data breach with details of 3.4 million users being exposed online. 
Continue Reading

Thinking Skeptically About Smishing

Nov 4, 2020 8:55:48 AM By Stu Sjouwerman
Organizations need to train their employees to be on the lookout for SMS phishing (smishing), according to Jennifer Bosavage at Dark Reading. Bosavage explains that attackers exploit ...
Continue Reading

[On-Demand Webinar] Top 5 IT Security Myths Your CISO Believes Are True… BUSTED!

Nov 4, 2020 8:00:00 AM By Stu Sjouwerman
Facts are facts, but what happens when IT security pros take myths at face value?
Continue Reading

Organizational Security Posture Effectiveness Declines by 38% Due to COVID

Nov 4, 2020 7:02:00 AM By Stu Sjouwerman
Remote workforces, insecure devices, a lack of multi-factor authentication, and a lack of user education all add up to a security nightmare for the average organization today.
Continue Reading

WARNING: Americans’ Password Habits are Horrible, Putting Organizations at Risk

Nov 4, 2020 7:01:00 AM By Stu Sjouwerman
New data shows the average American uses short, uncomplicated, and often predictable passwords, practices which only increase the insecurity of corporate user accounts.
Continue Reading

Cyber Insurers Expect to Raise Ransomware Policy Premiums as Much as 25%

Nov 4, 2020 7:00:00 AM By Stu Sjouwerman
The increase in the frequency of ransomware attacks, as well as the rise in the demanded ransom amounts is causing cyber insurers to change tactics to limit their risk.
Continue Reading

Manipulation by Disinformation: How Elections are Swayed

Nov 3, 2020 10:25:40 AM By Javvad Malik
Security Serious Week 2020 focused on disinformation, and there were many talks, tweetchats, presentations, panel discussions, and blogs.
Continue Reading

CyberheistNews Vol 10 #45 [Heads Up] Here Are Some Truly Scary Social Media Stats

Nov 3, 2020 10:08:18 AM By Stu Sjouwerman
Continue Reading
Subscribe

Search Our Blog


Ransomware Hostage Rescue Manual

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews