Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

KnowBe4 Earns 2020 Top Rated Award from TrustRadius

We are proud to announce that TrustRadius has recognized KnowBe4 with a 2020 Top Rated Award.
Continue Reading

Phishing Campaign Goes After AT&T Employees’ MFA Codes

A phishing campaign is targeting AT&T employees and contractors with a well-crafted fake login page, according to Luke Leal at Sucuri. The phishing page is a near-exact replica of AT&T ...
Continue Reading

Organizations Working From Home Opens Wider Target for Cybercriminals

With so many people working from home, more attackers are adapting their strategies to focus on employees as a way to bypass organizations’ defenses, FCW reports. During a webcast hosted ...
Continue Reading

Chinese Antivirus Vendor Tied to Part of a Decade-Long Hacking Spree

Members of the hacking group “Apt41” were charged by the U.S. Department of Justice for hacking more than 100 victims globally with one of its members running AV vendor Anvisoft.
Continue Reading

Cyberattacks Targeting State and Local Government Increase by 50%

State, local, tribal, and territorial government agencies and municipalities are under attack. Observations and data from security vendor BlueVoyant highlight the attacks and the results.
Continue Reading

60% of the US Workforce Will Be Working Remotely by 2024 (and That’s a Problem)

The latest data from analyst firm IDC shows massive growth in the remote workforce in the coming years – something that puts organizations at greater risk for a cyberattack.
Continue Reading

Tribune Publishing apologizes for fake bonus offer in phishing-simulation email

Yesterday at the end of the day, I was called by our PR team who got alerted by tech support about a Twitter post that was going viral. Turns out a custom phishing test created by one of ...
Continue Reading

Abusing App Engine to Automate Phishing

Attackers can abuse a feature in Google App Engine to generate unlimited phishing URLs, BleepingComputer reports. Security researcher Marcel Afrahim found that App Engine URLs that ...
Continue Reading

Which Users in Your Organization Put You at Risk?

October is National Cybersecurity Awareness Month, so it's a perfect time to fortify your human firewall. Start by identifying which users may be putting your organization at risk before ...
Continue Reading

KnowBe4 Receives a 2020 Tech Cares Award

Sticking to our values continues to pay off, as we have recently received a Tech Cares award from TrustRadius. This is a brand-new award crafted to celebrate organizations that have ...
Continue Reading

Five Alarming Approaches to Extortion

People should familiarize themselves with common forms of extortion in order to avoid falling victim to these attacks, according to Amer Owaida at ESET. Ransomware might be the most ...
Continue Reading

Credential Stuffing to Stuff the Ballot Box

Advanced nation-state actors and petty criminals are both leveraging credential-stuffing attacks to hack into victims’ accounts, according to Byron Acohido, writing for Avast. Rather than ...
Continue Reading

[On-Demand] The Critical Need to Improve Your Compliance Processes

You know that compliance is an important requirement but can also be time-consuming and fraught with risk. Still, most organizations have not implemented the processes and tools necessary ...
Continue Reading

Credential Stuffing Used Against Financial Services

A security alert from the FBI warns that hackers are launching credential-stuffing attacks against organizations in the financial sector, ZDNet reports.
Continue Reading

[On-Demand] Your Organization Through the Eyes of an Attacker

The bad guys are out there, watching and waiting for an opportunity to strike. They are gathering information about your organization and users, devising the perfect plan to infiltrate ...
Continue Reading

[Announcement] KnowBe4 ModStore: New Series "Security Snapshots" from Twist & Shout

They've made you laugh. They've made you cry. You know and love them! Twist & Shout are here once again with a series of 12 stand-alone security micro-dramas! These Security Snapshots are ...
Continue Reading

Bitcoin Millionaire Loses $16 Million to a Compromised Wallet and Simple Social Engineering

This brief tale of misfortune shows how unpatched software and letting your guard down – especially when $16 million is on the line – can be all that’s needed for a successful scam.
Continue Reading

Joint Cybersecurity Advisory Outlines Approaches to Discovering and Remediating Attacks

This newly-released report is the result of a collaborative effort by cybersecurity authorities in Australia, Canada, New Zealand, the United Kingdom, and the United States.
Continue Reading

Beware of Fake Forwarded Phishes

There are many specific, heightened challenges of spear phishing emails coming from compromised, trusted third parties. Trusted third-party phishing emails usually come from the ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews