KnowBe4 Blog

Keeping you informed. Keeping you aware.
Stay on top of the latest in human and agent security including social and prompt engineering, ransomware and phishing attacks.

[Cybersecurity Awareness Month] Keeping Your Mobile Devices Secure from the ‘Inside’ Out

As remote work and connecting while traveling has become the norm, mobile device security responsibilities have also increased.

Free Phishing Platform Has Created More than 140,000 Spoofed Websites

A free phishing-as-a-service (PhaaS) platform named Sniper Dz has assisted in the creation of more than 140,000 phishing sites over the past year, according to researchers at Palo Alto ...

What Bletchley Park Can Teach Us About Building a Strong Security Culture

During World War II, a group of brilliant minds led by Alan Turing gathered at Bletchley Park in England to crack the German Enigma code. This wasn't just a technological challenge, it ...

North Korea's Secret IT Army and How to Combat It

Organizations around the world are unknowingly recruiting and hiring fake employees and contractors from North Korea. These sophisticated operatives aim to earn high salaries while ...

Financial Services Industry Experiences a Massive Increase in Brand Abuse

Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate.

Infostealer Threat Group “Marko Polo” Evolving Into an “Empire”

New research by Recorded Future provides insight into how advanced and sophisticated the threat group Marko Polo has become since launching in 2022.

Cybercriminal Gang Targeting SMBs Using Business Email Compromise

Researchers at Todyl have published a report on a major cybercriminal group that’s conducting business email compromise (BEC) attacks against small and medium-sized businesses. Todyl ...

Don’t Put Real Answers Into Your Password Reset Questions

This recent article on how a hacker used genealogy websites to help better guess victims' password reset answers made it a great time to share a suggestion: Don’t answer password reset ...

New VPN Credential Attack Goes to Great Lengths to Obtain Access

A new “so-phish-ticated” attack uses phone calls, social engineering, lookalike domains, and impersonated company VPN sites to gain initial access to a victim network.