Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

KnowBe4 and Okta Update

To start off, we do not use Okta in any of our products.
Continue Reading

Making Better Push-Based MFA

I used to be a huge fan of Push-Based Multifactor Authentication (MFA), but real-world use has shown that most of today’s most popular implementations are not sufficiently protective ...
Continue Reading

Buy Now, Pay Later Scams

Fraudsters are taking advantage of the buy-now, pay-later (BNPL) payment model, according to Jim Ducharme, COO of Outseer. On the CyberWire’s Hacking Humans podcast, Ducharme explained ...
Continue Reading

WIRED: "A Mysterious Satellite Hack Has Victims Far Beyond Ukraine"

WIRED wrote: "More than 22,000 miles above Earth, the KA-SAT is locked in orbit. Traveling at 7,000 miles per hour, in sync with the planet’s rotation, the satellite beams high-speed ...
Continue Reading

Fidelity: "Why cybersecurity is material to all industries"

Fidelity just published an article titled "Cybersecurity: A growing risk". They note that the threat of Russian cyberattacks highlights vulnerabilities across industries. I'm quoting a ...
Continue Reading

Repertoire of Ukraine Charity Phishing Scams

Scammers continue to exploit the crisis in Ukraine, according to researchers at Bitdefender. Over the past week, the researchers believe the fraudsters have adjusted their tactics in ...
Continue Reading

Initial Access Broker Group Relies on Social Engineering

Google’s Threat Analysis Group (TAG) describes a cybercriminal group it calls “EXOTIC LILY” that acts as an initial access broker for numerous financially motivated threat actors, ...
Continue Reading

Number of Phishing Attacks Hits an All-Time High in 2021, Tripling That of Early 2020

New data from the Anti-Phishing Working Group shows cybercriminals are stepping on the gas, focusing phishing attacks on credential theft and response-based scams.
Continue Reading

Phishing Attack-Turned-Wire Fraud Case Sees a Win for the Policyholder

In an unusual turn of events, a recent court decision sided with the policyholder, despite specific policy language that probably should have favored the insurer.
Continue Reading

QakBot Banking Trojan Evolves and Now Takes Over Email Conversations to Spread Malware

As if stealing all your credentials, cookies, and email wasn’t bad enough, this new version of QakBot inserts itself into your emails, impersonating you to gain access to more victims.
Continue Reading

Phishing Scam with Fraudulent Invoice Costs City of Fresno Over $600,000

This simple invoice scam appears to be a part of a much broader campaign targeting municipalities, posing as existing subcontractors.
Continue Reading

Exploiting Trust in reCAPTCHA

Researchers at Avanan warn that attackers are using reCAPTCHAs on their phishing sites to avoid detection by security scanners.
Continue Reading

Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online

The video uploaded to a hacked Ukrainian news website shows how far the technology has come, how it can be used in social engineering, as well as how the tech still needs to improve.
Continue Reading

SMBs Are 350% More Likely to Experience Social Engineering Attacks Via Phishing

New data shows phishing, social engineering, and impersonation dominate as cybercriminals are becoming more frequent and successful with their attacks.
Continue Reading

CyberheistNews Vol 12 #12 [New White House Alert] Train Your Users Against Threat of Russian Cyberattacks

[New White House Alert] Train Your Users Against Threat of Russian Cyberattacks Email not displaying? | View Knowbe4 Blog CyberheistNews Vol 12 #12 | Mar. 22nd., 2022 [New White House ...
Continue Reading

[BREAKING] White House warns Russia is prepping possible cyberattacks against US

With the recent cyber-attacks between Russia and Ukraine and the current intelligence coming from the US Government, organizations want to shore up their defenses to reduce the risk of a ...
Continue Reading

Chameleons Phish, Too

One of the challenges cyber criminals face is that their scams often have a relatively short shelf-life. Once they’ve been used, the gaff is quickly blown, and the scammers hope to ...
Continue Reading

[Heads Up] New Evil Ransomware Feature: Disk Wiper if You Don't Pay

There is a new ransomware-as-a-service (RaaS) strain called LokiLocker, researchers at Blackberry warn. The malware uses rare code obfuscation and includes a file wiper component that ...
Continue Reading

KnowBe4 Named a Leader in The Forrester Wave for Security Awareness and Training Solutions

We’re thrilled to announce that KnowBe4 has been named a Leader in The Forrester WaveTM : Security Awareness and Training Solutions, Q1 2022 report based on our current offering, strategy ...
Continue Reading

Ransomware-Related Data Leaks Increase 82% as the Number of Cybercriminal Groups Nearly Triples

New insight into the state of the attacks and threats paints a picture where the cybercriminals are growing in number, sophistication and successes, while victims just sit back seemingly ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews