Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

Old Dog, New Trick: Hackers Use Logons in URLs to Bypass Email Scanners

Jun 7, 2022 7:17:26 PM By Stu Sjouwerman
A new phishing method uses a decades-old special URL format to take advantage of how security solutions and email clients interpret URLs, tricking victims into clicking.
Continue Reading

“Five Eyes” Nations Cybersecurity Authorities Issue Warning to MSPs of Stepped-Up Cyberattacks

Jun 7, 2022 7:17:12 PM By Stu Sjouwerman
The world’s five leading cybersecurity authorities have again issued a joint report about an increase in malicious cyber activity targeting managed service providers they expect to ...
Continue Reading

The Good, the Bad, and the Necessary State of Cyber Insurance

Jun 7, 2022 7:16:59 PM By Stu Sjouwerman
New data from security vendor Sophos shows that while the presence of cyber insurance coverage has increased, it’s the experiencing of attacks that’s driving the need.
Continue Reading

Phishing Attacks Reach an All-Time High, More Than Tripling Attacks in Early 2022

Jun 7, 2022 7:16:28 PM By Stu Sjouwerman
Reaching more than 1 million attacks in a single quarter for the first time, new data on phishing attacks in Q1 of 2022 show an emphasis on impersonation and credential theft.
Continue Reading

CyberheistNews Vol 12 #23 [Heads Up] Our Global Ransomware Damage Will Be More Than 265 Billion by 2031

Jun 7, 2022 9:11:51 AM By Stu Sjouwerman
Continue Reading

FTC Warns that Scammers are Turning to Cryptocurrencies

Jun 7, 2022 8:44:38 AM By Stu Sjouwerman
The US Federal Trade Commission (FTC) has warned that people have reported losing over $1 billion in crypto to scams since the beginning of 2021. The vast majority of these losses were ...
Continue Reading

What is a Security Tech Stack?

Jun 7, 2022 8:27:31 AM By Stu Sjouwerman
What is a security tech stack? This is a bare-bones quick overview.
Continue Reading

Homographic Domain Name Phishing Tactics

Jun 6, 2022 1:00:22 PM By Stu Sjouwerman
Bitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Affected applications include Outlook, Word, Excel, ...
Continue Reading

[On-Demand Webinar] Understanding the Threat of NFT and Cryptocurrency Cyber Attacks and How to Defend Against Them

Jun 6, 2022 11:39:00 AM By Stu Sjouwerman
A growing number of organizations worldwide are utilizing cryptocurrency for a host of investment, operational, and transactional purposes. Seemingly overnight, technologies like ...
Continue Reading

Why We Recommend Your Passwords Be Over 20-Characters Long

Jun 3, 2022 8:13:08 AM By Roger Grimes
KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it ...
Continue Reading

Introducing KnowBe4’s Password Policy E-Book

Jun 3, 2022 8:11:54 AM By Roger Grimes
KnowBe4 just released its first e-book covering password attacks, defenses and what your password policy should be. Here is a summary of its recommendations:
Continue Reading

Your KnowBe4 Fresh Content Updates from May 2022

Jun 3, 2022 8:09:30 AM By Stu Sjouwerman
Check out the 26 new pieces of training content added in April, alongside the always fresh content update highlights and new features.
Continue Reading

Smishing and Home Delivery

Jun 2, 2022 9:10:57 AM By Stu Sjouwerman
A smishing campaign is impersonating the UK-based delivery company Evri with text messages informing recipients that their package couldn’t be delivered, according to Paul Ducklin at ...
Continue Reading

SideWinder Targets Pakistani Entities With Phishing Attacks

Jun 2, 2022 9:09:56 AM By Stu Sjouwerman
The India-aligned APT SideWinder is using a variety of social engineering techniques to target Pakistani government and military entities, according to researchers at Group-IB. The threat ...
Continue Reading

U.K.’s National Health Service Becomes the Latest Victim of a Credential Harvesting Phishing Operation

Jun 1, 2022 6:09:40 PM By Stu Sjouwerman
Part of a six-month attack, email accounts on the NHS’ Microsoft 365 instance were compromised, resulting in over 1,100 targeted email attacks used to obtain more credentials.
Continue Reading

Phishing Attacks Rise 54% as the Initial Attack Vector Across All Threat Incidents

Jun 1, 2022 6:09:19 PM By Stu Sjouwerman
As cybercriminal groups hone their craft, one analysis shows them shying away from zero-day exploits, use of valid accounts, and third-party vulnerabilities to gain initial access during ...
Continue Reading

The Business (and Success) of Ransomware Explained as a Simple Funnel

Jun 1, 2022 6:08:53 PM By Stu Sjouwerman
The rise of Ransomware-as-a-Service has given rise to a number of more successful groups who have their “business” down to a simple exercise of playing the numbers.
Continue Reading

CyberheistNews Vol 12 #22 [Heads Up] The New Verizon 2022 Data Breach Investigation Report Shows Sharp Rise in Ransomware

Jun 1, 2022 8:59:33 AM By Stu Sjouwerman
Continue Reading

Phishing Campaign Targets QuickBooks Users

Jun 1, 2022 8:23:44 AM By Stu Sjouwerman
Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit’s QuickBooks product, ...
Continue Reading

We Do Not Talk Enough About Social Engineering and It’s Hurting Us

May 27, 2022 8:04:40 AM By Roger Grimes
One of the most important things I have tried to communicate to audiences since at least the 1990s is how prevalent a role social engineering plays in cybersecurity attacks. I have ...
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews