Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

It Was Only a Matter of Time: Sodinokibi Hold Dark Web Hacking Competition

Feeling like a page taken out of the SpaceX competitions, the latest shock comes from news of an underworld hacking competition intent on sharing cutting edge malicious code.
Continue Reading

Your Cyber Insurance Policy Just Became Outdated

Just when we think we have a handle on our cyber insurance, the ransomware attackers have come and stirred things up again. I’m talking about the new trend in ransomware that you may not ...
Continue Reading

Intelligence Services Get Phishing Licenses

New York Times journalist Ben Hubbard was targeted by a spear phishing attack designed to deliver NSO Group’s Pegasus spyware, researchers at the University of Toronto’s Citizen Lab have ...
Continue Reading

[Heads-up] We Give Notice About The New Criminal Age 'Ransomware 2.0': Extremely Damaging, Dangerous And Plain Evil

Take a look at that screen. Let it sink in a moment. Imagine if it were your company.
Continue Reading

U.S. 2020 Election-Themed Ransomware Attacks Are on Their Way – And Local Govt's Aren’t Prepared

New research shows local governments practice a distinct lack of cybersecurity preparedness. And with local, state, and national elections coming up this year, cyberattacks are a concern.
Continue Reading

[Heads-up] Scam Of The Week: Coronavirus Phishing Attacks In The Wild

Yup, you can count on it, when there is a worldwide health scare, the bad guys are on it like flies on $#!+. We are seeing a new malicious phishing campaign that is based on the fear of ...
Continue Reading

Are You Expecting a Special Invitation?

According to MailGuard, a few days ago an email from our Prime Minister Scott Morrison started to do the rounds.
Continue Reading

[Heads-up] It's OK To Just Say No To Phone Scams

Earlier this week a credit union located in the Midwest United States alerted its members via email to a pair of phone-and-text-based scams designed to trick unwitting users into coughing ...
Continue Reading

UN Offices Hacked By SharePoint Vulnerability Says Newly Leaked Report

A newly released report said dozens of United Nations servers were compromised by a remote code execution Microsoft SharePoint vulnerability in July of 2019. The offices targeted were ...
Continue Reading

9-Month Compromise of Wawa Results in Data Breach of More Than 30 Million Credit Cards

The breach, discovered in December of last year, is suspected to have led to the theft of and subsequent and sale of one of the largest takes of customer credit card data on the dark web.
Continue Reading

Phishing Attacks Target Telecom Companies and their Tools to Facilitate SIM Swapping Attacks

Hackers are phishing telecom workers and “authorized retailers” to steal credentials and gain access to internal company tools. The end game is to modify SIM settings to help with a ...
Continue Reading

Judge Orders Insurer to Pay on Small Business Ransomware Claim

Despite attempting to deny the claim revolving around a 2016 ransomware attack, a recent court ruling has caused an Ohio insurer to help cover the losses.
Continue Reading

It's the Access, Not the Technology

Exercising a suitable level of operational security is the key to protecting yourself from the consequences of sophisticated cyber attacks, according to Lionel Laurent at Bloomberg. ...
Continue Reading

Phishing Telcos for SIM-Swapping

Motherboard reports that SIM swappers are launching phishing attacks against employees at Verizon, T-Mobile, and Sprint in order to hijack customer service tools. Once they have access to ...
Continue Reading

‘Ryuk Stealer’ Searches for and Steals Confidential Files from Government, Military, and Law Enforcement

The newest strain of Ryuk ransomware has added new keywords and filetypes to expand its ability to find files with content that can be turned into money through sale, extortion, or ransom.
Continue Reading

Latest Ryuk Ransomware Attacks on Oil and Gas Companies Includes Compromising Active Directory

Ransomware has definitely grown up from its infant stages where it simply infected one computer. From spreading through lateral movement, to the use of a victim's email to spread the ...
Continue Reading

CyberheistNews Vol 10 #5

 
Continue Reading

A Look Inside the Phishing Tackle Shop

The sophisticated 16Shop phishing kit can now target PayPal and American Express users, according to researchers from ZeroFOX. The researchers came across a new version of 16Shop that ...
Continue Reading

Is There Still Hope for Privacy?

January 28 is Data Privacy Day. In honor of that, I’d like to share some random thoughts on privacy that I put together for a recent webcast with StaySafeOnline.org. And when I say, ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews