Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Attackers Abuse URL Rewriting to Evade Security Filters

Attackers continue to exploit URL rewriting to hide their phishing links from email security filters, according to researchers at Abnormal Security.
Continue Reading

[Cybersecurity Awareness Month] Keeping Your Mobile Devices Secure from the ‘Inside’ Out

As remote work and connecting while traveling has become the norm, mobile device security responsibilities have also increased.
Continue Reading

Free Phishing Platform Has Created More than 140,000 Spoofed Websites

A free phishing-as-a-service (PhaaS) platform named Sniper Dz has assisted in the creation of more than 140,000 phishing sites over the past year, according to researchers at Palo Alto ...
Continue Reading

What Bletchley Park Can Teach Us About Building a Strong Security Culture

During World War II, a group of brilliant minds led by Alan Turing gathered at Bletchley Park in England to crack the German Enigma code. This wasn't just a technological challenge, it ...
Continue Reading

North Korea's Secret IT Army and How to Combat It

Organizations around the world are unknowingly recruiting and hiring fake employees and contractors from North Korea. These sophisticated operatives aim to earn high salaries while ...
Continue Reading

Financial Services Industry Experiences a Massive Increase in Brand Abuse

Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate.
Continue Reading

Infostealer Threat Group “Marko Polo” Evolving Into an “Empire”

New research by Recorded Future provides insight into how advanced and sophisticated the threat group Marko Polo has become since launching in 2022.
Continue Reading

Cybercriminal Gang Targeting SMBs Using Business Email Compromise

Researchers at Todyl have published a report on a major cybercriminal group that’s conducting business email compromise (BEC) attacks against small and medium-sized businesses. Todyl ...
Continue Reading

Don’t Put Real Answers Into Your Password Reset Questions

This recent article on how a hacker used genealogy websites to help better guess victims' password reset answers made it a great time to share a suggestion: Don’t answer password reset ...
Continue Reading

New VPN Credential Attack Goes to Great Lengths to Obtain Access

A new “so-phish-ticated” attack uses phone calls, social engineering, lookalike domains, and impersonated company VPN sites to gain initial access to a victim network.
Continue Reading

The U.K.'s NCSC and U.S. FBI Warn of Iranian Spear-Phishing Attacks

The U.K.’s National Cyber Security Centre (NCSC) and the U.S. FBI have released an advisory warning of Iranian state-sponsored spear-phishing attacks targeting “individuals with a nexus ...
Continue Reading

Dick’s Sporting Goods Cyber Attack Underscores Importance of Email Security and Internal Controls

The recent cyber attack on Dick's Sporting Goods makes it clear that email played a critical role and emphasizes the need for better security controls.
Continue Reading

From Desire Paths to Security Highways: Lessons from Disney's Approach to User-Centric Design

When Walt Disney first unveiled the Magic Kingdom, he made a decision that would revolutionize theme park design - and inadvertently offer a valuable lesson for cybersecurity ...
Continue Reading

[Wake-Up Call] Senator Falls Victim to Deepfake Scam—Are Your Users Next?

When technology blurs the lines between reality and fiction, a recent incident involving U.S. Senator Ben Cardin serves as a stark reminder of the growing threat posed by deepfake scams.
Continue Reading

Threat Actors Behind MFA Bypass Service ‘OTP Agency’ Plead Guilty to Fraud

The criminal prosecution of the threat actors behind the "OTP Agency" has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication.
Continue Reading

New Survey Shows 40% of Respondents Never Received Cybersecurity Training From Their Employer

Yubico has published a survey of 20,000 people from 10 countries around the world, finding that 40% of respondents have never received cybersecurity training from their employer.
Continue Reading

[Cybersecurity Awareness Month] Responding to Cyber Incidents the ‘Inside Man’ Way: Fiona's Approach

In a world where cybersecurity incidents are no longer a matter of if they will happen, but when, having a solid incident response plan is a critical component of cyber resilience and ...
Continue Reading

The Number of Ransomware Attacks Around the World Increased by 73% in 2023

The number of ransomware attacks around the world increased by 73% in 2023, according to a new report by the Institute for Security and Technology’s Ransomware Task Force (RTF). These ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews