Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Credential Harvesting Attacks Targeting the U.S. Federal Government Nearly Double as Malware Declines

Shifts to a remote workforce in 2020 gave cybercriminals an opportunity to change tactics, focusing on credentialed access to systems accessed from outside government networks.
Continue Reading

FINRA Warns of Phishing Attacks

The Financial Industry Regulatory Authority (FINRA) has warned of a phishing campaign that’s trying to trick users into responding to a phony regulatory non-compliance issue. The emails ...
Continue Reading

See what happened when we "Zoom bombed" a customer with the cast of The Inside Man

Yes, this actually happened.  The employees at Tennessee Aquarium were massive fans of The Inside Man, were not aware of this gag, and you can see their reactions when they see who the ...
Continue Reading

Video Verification and Deepfakes

Technology has introduced greater convenience for consumers around the world. With each new technological advancement, we have benefited from better, faster, and more accurate ...
Continue Reading

[Heads Up] Has Your Exchange Been Hacked And Is Now A Ticking Time Bomb?

Brian Krebs wrote: "Globally, hundreds of thousand of organizations running Exchange email servers from Microsoft just got mass-hacked, including at least 30,000 victims in the United ...
Continue Reading

Fake reCAPTCHA Found in Phishbait

Researchers at Zscaler warn of an ongoing phishing campaign targeting executives with fake voicemail notifications. More than half of the phishing emails have targeted organizations’ vice ...
Continue Reading

Recognizing Elder Scams

People need to ensure that their elderly relatives are aware of scams that target older people, according to Emma McGowan at Avast. McGowan says it’s best to avoid being condescending, ...
Continue Reading

The Good, the Bad, and the Ugly About MFA

I have been in computer security for over 34 years now. Yeah, even I cannot believe how long it has been. I have been a penetration tester over 20 of those years and worked on dozens of ...
Continue Reading

The Different Scenarios How Backups are Vulnerable to Ransomware Attacks

Organizations need to ensure that their data backups aren’t tampered with by attackers, according to security firm Datto. In an article for Channel Futures, Datto explained that backups ...
Continue Reading

WSJ: Russian Disinformation Campaign Aims to Undermine Confidence in Covid-19 Vaccines

The Wall Street Journal reports: " Russian intelligence agencies have mounted a campaign to undermine confidence in Pfizer Inc.’s and other Western vaccines, using online publications ...
Continue Reading

[Heads Up] The Bad Guys Have Likely Hacked Your Exchange Email Server

What if Chinese state-sponsored hackers have owned your OWA using several brand-new zero-day vulns? Or Eastern Europe ransomware gangs?  On March 2, Microsoft released emergency security ...
Continue Reading

Think Your Cyber Insurance is Going to Cover that $6 Million in Cyber Fraud? Think Again.

The latest tale of an organization falling victim to a business email compromise attack on their credit card processor highlights how very specific the scenario needs to be to see a ...
Continue Reading

1 in 4 Business Email Compromise Attacks Use Lookalike Domains to Trick Victims

The latest Data on BEC scams shows how the bad guys are using a mix of gmail accounts, increases in stolen wire transfers, and a shift to payroll diversions to trick you out of your money.
Continue Reading

Phishing Attacks Continue to Impersonate Trusted Brands to Deceive Potential Victims

The use of impersonation in phishing attacks helps to establish credibility and a sense of ease. New data shows exactly how the bad guys are using this tactic to their advantage.
Continue Reading

Vendor Email Compromise is Officially A Big (Seven-Figure) Problem

While the Solarwinds “sunburst” attack brought to light the compromising of a vendor, VEC has been around for some time and now seems to be going mainstream.
Continue Reading

Phishing Scammers Send a Fake “Private Shared Document” as the Initial Attack Vector for Stealing LinkedIn Credentials

A new social engineering scam demonstrates how cybercriminals are both evolving their tactics while still using tried and true methods that just work to attain their goals.
Continue Reading

Someone Hacked The Four Top Russian Cybercrime Forums In One Month

Intrepid investigative cyber security reporter Brian Krebs has some interesting news. He said: "Over the past few weeks, three of the longest running and most venerated Russian-language ...
Continue Reading

KnowBe4 Fresh Content Updates from February: Including New Season 3 of 'The Inside Man' Now Available

Here are important fresh content updates and new features to share with you that happened in the month of February.
Continue Reading

[ALERT] New Stanford Research: 88% Of Data Breaches Are Caused By Human Error

A recent 2020 report we just discovered confirms what we have been saying for many years now. About 9 out 10 data breaches are caused by your users. We are pleased that the somewhat older ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews