Unleashing the Power of Incident Reporting: Strengthening Security and Compliance

Jun 27, 2023 8:00:00 AM By John Just

Whether it is reporting a phishing email or something that might be illegal that a coworker is doing, your employees should be a strong last line of defense for security and compliance.

New Cryptocurrency Coinbase Phishing Campaign Uses Social Engineering

Jun 26, 2023 9:12:26 AM By Stu Sjouwerman

A phishing campaign is impersonating cryptocurrency trading platform Coinbase, Tech.co reports. Crypto trader Jacob Canfield described the campaign in a Twitter thread, stating that the ...

SolarWinds' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack. CISO Gets Wells Notice

Jun 24, 2023 10:43:00 AM By Stu Sjouwerman

According to an internal email obtained by CNN, the CEO of SolarWinds informed employees on Friday that the company plans to vigorously defend itself against potential legal action from ...

Want To Stop All Scams? Here Is How!

Jun 23, 2023 2:25:52 PM By Roger Grimes

There are many ways to be socially engineered and phished, including email, websites, social media, SMS texts, chat services, phone calls and in-person. These days, it is hard to sell ...

“Picture in Picture” Phishing Attack Technique Is So Simple, It Works

Jun 23, 2023 11:35:38 AM By Stu Sjouwerman

Using credibility-building imagery and creating a need for the user to click what may or may not be perceived as an image is apparently all it takes to engage potential phishing victims.

Banking and Retail Top the List of Industries Targeted by Social Media Phishing Attacks

Jun 23, 2023 11:35:31 AM By Stu Sjouwerman

Using an external platform trusted by potential victims is proving to be a vital tool in the cybercriminal’s arsenal. New data shows the state of the threat and who’s at risk.

Half of Business Leaders Believe Users Aren’t Security Aware, Despite Most Having a Program in Place

Jun 23, 2023 11:35:18 AM By Stu Sjouwerman

New data shows that even with the majority of organizations experiencing cyber attacks, three hours of security awareness training simply isn’t enough.

Extremely Persistent Threat Group Demonstrates a Strong Understanding of the Modern Incident Response Frameworks

Jun 22, 2023 9:44:42 AM By Stu Sjouwerman

A threat actor tracked as “Muddled Libra” is using the 0ktapus phishing kit to gain initial access to organizations in the software automation, business process outsourcing, ...

Is AI-Generated Disinformation on Steroids About To Become a Real Threat for Organizations?

Jun 21, 2023 9:49:39 AM By Martin Kraemer

A researcher was alerted to a fake website containing fake quotes that appeared to be written by himself. The age of generative artificial intelligence (AI) toying with our public ...

[Eyes Open] The FTC Reveals The Latest Top Five Text Message Scams

Jun 21, 2023 8:53:16 AM By Stu Sjouwerman

The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text ...

KnowBe4’s 2023 Phishing By Industry Benchmarking Report Reveals that 33.2% of Untrained End Users Will Fail a Phishing Test

Jun 20, 2023 9:07:42 AM By Joanna Huisman

Cybercriminals still know that the easiest way to successfully infiltrate an organization is through its people.

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

Jun 20, 2023 9:00:00 AM By Stu Sjouwerman

CyberheistNews Vol 13 #25 | June 20th, 2023 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches Verizon's DBIR always has a lot of information to unpack, ...

New Social Engineering Tactic Uses PDFs in Business Email Compromise Attacks

Jun 20, 2023 8:46:31 AM By Stu Sjouwerman

Legitimate services can be exploited in social engineering, including business email compromise (BEC) attacks.  Researchers at Check Point describe one current BEC campaign that’s using ...

Breakdown of an Impersonation Attack: Using IPFS and Personalization to Improve Attack Success

Jun 15, 2023 3:20:18 PM By Stu Sjouwerman

Details from a simple impersonation phishing attack show how well thought out these attacks really are in order to heighten their ability to fool victims and harvest credentials.

UK Attacker Responsible for a Literal “Man-in-the-Middle” Ransomware Attack is Finally Brought to Justice

Jun 15, 2023 3:20:15 PM By Stu Sjouwerman

The recent conviction of a U.K. man for cyber crimes committed in 2018 brings to light a cyber attack where this attacker manually performed the “in-the-middle” part of an attack.

New Survey Shows 40% of People Searching for a Job Encountered a Scam

Jun 15, 2023 8:47:35 AM By Stu Sjouwerman

A survey by PasswordManager.com has found that one in three job seekers has fallen for, and responded to, fake job scams over the past two years.

[INFOGRAPHIC] KnowBe4’s SecurityCoach: Top 10 Risky Behaviors

Jun 14, 2023 4:08:25 PM By Stu Sjouwerman

Real-time security coaching helps improve your organization’s security culture by enabling real-time coaching of your users in response to risky security behaviors.

Takeaways From a Threat Intelligence Specialist on Artificial Intelligence Being a 'Double-Edged Sword'

Jun 14, 2023 2:23:46 PM By Stu Sjouwerman

While artificial intelligence (AI) has been the hot topic of this year, a theme that I continue to see is that AI is being used for good and evil.

France Accuses Russia of Spoofing Foreign Ministry Website in ‘Typosquatting’ Campaign

Jun 14, 2023 2:10:17 PM By Stu Sjouwerman

The French government is taking a stand against the increasing threat of digital warfare. Publicly accusing Russia of conducting an extensive online manipulation campaign, France is ...

Cybercriminals Spoof German Media Anga Com Conference in New Phishing Campaign

Jun 14, 2023 8:46:15 AM By Stu Sjouwerman

A phishing campaign is spoofing the major German media conference Anga Com, according to Jeremy Fuchs at Avanan.

Security Awareness Training Blog

View Topics