Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

[New Feature] Continuously Monitor for Any Detected Password Vulnerabilities Within Your User Base with PasswordIQ

We’re thrilled to announce that the power of KnowBe4’s most popular free password security tool has been brought to your KnowBe4 console as a new feature!
Continue Reading

Check Point Software: "2022 Saw A Huge Rise In Cyberattacks"

Techradar reported that cyberattacks saw a significant rise in 2022, mostly due to the increase in organizations going virtual to combat the effects of the Covid-19 pandemic, and the rise ...
Continue Reading

[Ache In the Head] The Problems With Your Not-So-Secure Email Gateway

I have been doing some research on Secure Email Gateways. The picture is not that pretty. Below I will summarize what I found.
Continue Reading

[Heads Up] Phishing Attacks Are Now The Top Vector For Ransomware Delivery

Phishing attacks are now the top vector for ransomware delivery, according to researchers at Digital Defense. Phishing emails can be highly tailored to specific employees in order to ...
Continue Reading

Government Workers as Phishing Targets

Government workers are prime targets for social engineering attacks, according to Kaitlyn Levinson at GCN. Attackers use different tactics to target government employees in specific ...
Continue Reading

21% of federal agency passwords cracked in their security audit

Some excellent work here. An internal US Government agency audit showed that a fifth of passwords were easy to crack. Their recently published study showed that hashes for well over ...
Continue Reading

Italian Cybercriminal Pleads Guilty to Phishing for Book Manuscripts

An Italian citizen named Filippo Bernardini has pleaded guilty in New York to stealing more than a thousand unpublished book manuscripts from various well-known authors. The targeted ...
Continue Reading

Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use Them

The recent hack (at least 7th) of the LastPass password manager has lots of people wondering if they should use a password manager.
Continue Reading

The Good, the Bad and the Truth About Password Managers

We strongly recommend that you use a password manager to reduce password reuse and improve complexity, but you may be wondering if it’s really worth the risk. Is it safe to store all of ...
Continue Reading

Phishing in the Service of Espionage

Reuters describes a cyberespionage campaign carried out by the hitherto little-known threat group researchers track as "Cold River." The group is circumstantially but convincingly linked ...
Continue Reading

A Look Back at Mobile Government Cyberattacks Shows Increased Attacks and Weaker Security

A rise in the reliance on unmanaged mobile devices, matched with a lack of patching and increased attacks seeking solely to steal credentials was a perfect storm for government.
Continue Reading

Ransomware and Fraudulent Funds Transfer are the Two Main Drivers of Cyber Loss

Representing more than half of all cyber loss, new data shows these attacks all begin with employees falling for social engineering, phishing, and business email compromise.
Continue Reading

New Crypto Scam Targets Flipper Zero Buyers Impersonating Legitimate Shops

Interest in the handheld open-source multi-function cybersecurity tool by techies has risen to a new campaign seeking to steal crypto funds through illegitimate “sales” of the device.
Continue Reading

Phishing Campaigns Impersonate the UK Government

The UK’s National Cyber Security Centre (NCSC) has outlined the top six most impersonated UK government agencies in 2022. The most impersonated entity was the National Health Service ...
Continue Reading

These grim figures show that the ransomware problem isn't going away

ZDNet summarized the problem as follows: "Up to 1,981 schools, 290 hospitals, 105 local governments and 44 universities and colleges were hit with ransomware in the US alone during 2022, ...
Continue Reading

Using AI Large Language Models to Craft Phishing Campaigns

Researchers at Check Point have shown that Large Language Models (LLMs) like OpenAI’s ChatGPT can be used to generate entire infection chains, beginning with a spear phishing email. The ...
Continue Reading

There is a New Trend in Social Engineering with a Disgusting Name; "Pig-butchering"

The technique began in the Chinese underworld, and it amounts to an unusually protracted form of social engineering. The analogy is with fattening up a pig, then butchering it for all ...
Continue Reading

Finance and Insurance Is the Sector Most Impacted by Data Breaches In 2022

Analysis of the year’s breaches shows Finance and Insurance businesses are the most targeted and have lost a material count of records as a result.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews