DHL Tops the List of Most Impersonated Brand in Phishing Attacks

Nov 4, 2022 2:36:21 PM By Stu Sjouwerman

As scammers shift their campaigns and learn from their successes, new data shows that the global delivery service is the current brand of choice, with equally familiar brands trailing ...

New LinkedIn-Impersonated Phishing Attack Uses Bad Sign-In Attempts to Harvest Credentials

Nov 4, 2022 2:36:05 PM By Stu Sjouwerman

With compromised LinkedIn credentials providing cybercriminals with ample means to socially engineer business contacts, this campaign is a stark warning for organizations.

Number Matching Push-Based MFA Is Only Half the Solution

Nov 4, 2022 10:14:34 AM By Roger Grimes

When push-based multifactor authentication (MFA) first came out, I was a big fan. I promoted it as a strong and safe MFA option in my book, Hacking Multifactor Authentication. That was ...

KnowBe4 Wins 2022 "Best Software" Awards From TrustRadius in Multiple Categories

Nov 4, 2022 10:00:00 AM By Stu Sjouwerman

KnowBe4 is proud to be recognized by TrustRadius in the first-ever “Best Software” Awards for overall, mid-size, and enterprise in the Security Awareness Training software category.

Phishing for Feds: Credential-Harvesting Attacks Found in New Study

Nov 3, 2022 1:47:30 PM By Stu Sjouwerman

A study by researchers at Lookout has found that credential-harvesting phishing attacks against US government employees rose by 30% last year. The researchers also found that nearly 50% ...

FBI: Watch Out for Student Loan Forgiveness Scams!

Nov 3, 2022 1:14:46 PM By Stu Sjouwerman

Scammers are taking advantage of the victims desire to take advantage of debt cancellation up to $20,000 – with the only one cashing in being the scammer!

CheckPoint Warns of Black Basta Ransomware as the Number of Victim Organizations Increases by 59%

Nov 3, 2022 1:14:42 PM By Stu Sjouwerman

This latest “new kid on the block” is gaining momentum and – according to CheckPoint – seeing successes with their attacks globally, calling their organizational structure “impressive.”

CISA Warns of Daxin Team Ransomware Group Targeting the Healthcare and Public Health Sector via VPNs

Nov 3, 2022 1:14:37 PM By Stu Sjouwerman

This new group makes the case that – as with any market – cybercriminals will focus on a niche sector they are experts on in order to improve their chances of success.

[On-Demand Webinar] Hacking Biometrics: If You Thought Your Fingerprints Were Safe, Think Again!

Nov 3, 2022 8:50:06 AM By Stu Sjouwerman

When you think of using biometric technology as part of your multi-factor authentication process, you assume these attributes are safe. Cybercriminals can’t hack your fingerprints, can ...

Phishing Resistant MFA Does Not Mean Un-Phishable

Nov 2, 2022 3:16:23 PM By Stu Sjouwerman

Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it ...

[Scam of The Week] New Phishing Email Exploits Twitter’s Plan to Charge for Blue Checkmark

Nov 1, 2022 2:48:13 PM By Stu Sjouwerman

Michael Kan at PCMag had the scoop: A hacker is already circulating one phishing email, warning users they'll need to submit some personal information to keep the blue verified checkmark ...

CyberheistNews Vol 12 #44 [INFOGRAPHIC] KnowBe4 Top-Clicked Phishing Email Subjects for Q3 2022

Nov 1, 2022 9:30:00 AM By Stu Sjouwerman

What Happens to an Organisation When It Has No Security Culture?

Oct 31, 2022 3:44:21 PM By Jacqueline Jayne

Let’s begin by looking at what culture is and why it matters. Culture is tacit and elusive in its very nature. It is often unspoken, based on behaviours, hidden in the thoughts and minds ...

Australia's Lacking Cybersecurity Workforce Results to a Influx in Attacks

Oct 31, 2022 10:48:40 AM By Stu Sjouwerman

Australia has now become the newest target for attacks in part due to an overworked cybersecurity workforce that is not able to stop these bad actors.

[WARNING] Micro Transactions Lead to a Drained Bank Account

Oct 31, 2022 10:48:31 AM By Stu Sjouwerman

Our friend R. Friederich at Marshalsec sent us this warning...

LinkedIn Phishing Attack Bypassed Email Filters Because it Passed Both SPF and DMARC Auth

Oct 31, 2022 10:43:11 AM By Stu Sjouwerman

Researchers at Armorblox have observed a phishing campaign impersonating LinkedIn. The emails inform the user that their LinkedIn account has been suspended due to suspicious activity.

[EYE OPENER] Phishing Attacks 61% Up Over 2021. A Whopping 255 Million Attacks This Year So Far

Oct 30, 2022 1:17:04 PM By Stu Sjouwerman

Security Magazine wrote this week about the recent eye opening SlashNext State of Phishing report. "SlashNext analyzed billions of link-based URLs, attachments and natural language ...

The Number of Vulnerabilities Associated with Ransomware Grows 426% Over Three Years

Oct 28, 2022 2:30:00 PM By Stu Sjouwerman

With only 57 vulnerabilities tied to ransomware back in 2019, the most recent data from security vendor Ivanti shows that number predicted to be over 300 by the end of 2022.

Ransomware Attacks Via RDP Drop Significantly as Phishing Continues to Dominate

Oct 28, 2022 2:13:03 PM By Stu Sjouwerman

Since 2018, remote desktop compromise (RDP) and phishing have battled for dominance as the primary initial attack vector in ransomware attacks. The latest data shows that RDP is no longer ...

Over Two-Thirds of Organizations Have No Ransomware-Specific Incident Response Playbook

Oct 28, 2022 10:16:34 AM By Stu Sjouwerman

A newly released report on ransomware preparedness shows organizations are improving their security stance in comparison to last year, but overall still aren’t doing enough.

Security Awareness Training Blog

View Topics