Security Awareness Training Blog

Cybersecurity Blog

Get the latest news in cybersecurity with in-depth coverage and analysis of current statiistics, developments and how to stay ahead of current threats.

View Topics

What Do the Latest SEC Charges Against Solarwinds’ CISO Mean for CISOs Everywhere?

Nov 10, 2023 9:46:25 AM By Brian Jack
In this blog, we'll take a look at the well-known Sunburst attack of 2018 and how the specific charges stemming from this attack will impact Chief Information Security Officers (CISOs) ...
Continue Reading

Get Ready: International Fraud Awareness Week

Nov 7, 2023 10:00:00 AM By John Just
November 12-18, 2023 is International Fraud Awareness Week and I know what you are thinking: “Didn’t we just have an entire month dedicated to cyber fraud and cybersecurity in general?” ...
Continue Reading

74% of CEOs Concerned About Their Organization's Ability to Protect Against Cyber Attacks, Despite Seeing Cybersecurity as Critical

Oct 10, 2023 8:22:31 AM By Stu Sjouwerman
According to the recent The Cyber-Resilient CEO report released by IT services and consulting agency Accenture, a staggering 74% of CEOs have expressed concerns about their organizations' ...
Continue Reading

New Gartner Forecast Shows Global Security and Risk Management Spending to Increase by 14% in 2024

Oct 5, 2023 3:26:29 PM By Stu Sjouwerman
Gartner issued a press release that forecasted global security and risk management end-user spending to reach $188.1 billion, along with worldwide end-user spending on security and risk ...
Continue Reading

Generative AI and the Automation of Social Engineering Increasingly Used By Threat Actors

Oct 3, 2023 10:43:44 AM By Stu Sjouwerman
Threat actors continue to use generative AI tools to craft convincing social engineering attacks, according to Glory Kaburu at Cryptopolitan.
Continue Reading

Lazarus Attack on Spanish Aerospace Company Started with Messages from Phony Meta Recruiters

Oct 2, 2023 12:29:11 PM By Stu Sjouwerman
A recent attack on an undisclosed Spanish aerospace company all started with messages to the company's employees that appeared to be coming from Meta recruiters, via LinkedIn Messaging. ...
Continue Reading

Security Awareness Is Dead. Long Live Security Awareness

Sep 29, 2023 4:47:31 PM By Martin Kraemer
Our actions determine outcomes, not our thoughts, our knowledge, or our intentions.
Continue Reading

Threat Group UNC3944 Continues to See Success Using Text-Based Social Engineering

Sep 28, 2023 4:19:51 PM By Stu Sjouwerman
A new update on UNC3944 group's activities shows how they are evolving their focus squarely on SMiShing credential harvesting attacks that result in data theft/extortion attacks.
Continue Reading

Facebook Messenger Becomes the Delivery Mechanism for Infostealer Malware Attack

Sep 28, 2023 4:19:23 PM By Stu Sjouwerman
Millions of business accounts on Facebook are the target of a new malware attack, which is seeing a success rate of 1 out of 70, causing concern for the security of corporate credentials.
Continue Reading

New Threat Actor Impersonates the Red Cross to Deliver Malware

Sep 28, 2023 9:17:22 AM By Stu Sjouwerman
Researchers at NSFOCUS are tracking a phishing campaign by a new threat actor called “AtlasCross” that’s impersonating the Red Cross in order to deliver malware.
Continue Reading

Exploring the DORA: Key Takeaways from the New EU Financial Sector Risk Regulation

Sep 28, 2023 8:00:00 AM By Stu Sjouwerman
When asked why he robbed banks, Willie Sutton, one of the first fugitives named to the U.S. FBI’s most wanted list, reportedly replied, “Because that’s where the money is.” As any infosec ...
Continue Reading

Practical Insights To Improve Security Awareness in Higher Education

Sep 26, 2023 9:40:31 AM By Martin Kraemer
I am a strong believer that understanding cybersecurity as part of an organization-wide process is of the utmost importance.
Continue Reading

Deepfakes: The Threat to Reality and How To Defend Against It

Sep 26, 2023 9:40:12 AM By Javvad Malik
Deepfakes have emerged as a serious concern in the digital landscape, presenting a significant threat to truth and trust.
Continue Reading

Tools From Cybercrime Software Vendor W3LL Found to be Behind the Compromise of 56K Microsoft 365 Accounts

Sep 25, 2023 8:00:00 AM By Stu Sjouwerman
A new report uncovers the scope and sophistication found in just one cybercrime vendor’s business that has aided credential harvesting and impersonation attacks for the last 6 years.
Continue Reading

MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings

Sep 25, 2023 8:00:00 AM By Stu Sjouwerman
ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.
Continue Reading

Tighter Policies Mixed with Higher Costs Are Creating a Cyber Insurance Gap

Sep 20, 2023 4:40:42 PM By Stu Sjouwerman
New data on the state of cyber insurance shows that it’s becoming more difficult to get a policy, and the organizations obtaining one share that circumstances could cause denial of claims.
Continue Reading

TikTok Impersonations of Elon Musk Scam Victims of Their Bitcoin

Sep 20, 2023 9:07:37 AM By Stu Sjouwerman
There’s been a surge of Elon Musk-themed cryptocurrency scams on TikTok, BleepingComputer reports. The scammers inform the victims that they can claim their reward after spending a small ...
Continue Reading

Data Breach Costs Rise, But Cybersecurity Pros Still Take Risks

Sep 20, 2023 8:10:03 AM By Stu Sjouwerman
The latest data from IBM shows that the average cost of a data breach has gone up by 2% to a whopping $4.45 million. You would think that in the cybersecurity industry, people would be ...
Continue Reading

The International Joint Commission Falls Victim to Ransomware Attack; 80GB Of Data Stolen

Sep 18, 2023 12:04:34 PM By Stu Sjouwerman
The International Joint Commission (ICJ), an organization that handles water issues along the Canada–United States border, was hit by a ransomware attack, the Register reports.
Continue Reading

New Scam Impersonates QuickBooks to Steal Credentials, Extract Money

Sep 15, 2023 10:20:14 AM By Stu Sjouwerman
Establishing urgency through a false need to “upgrade” or lose services, this new attack takes advantage of the widespread use of the popular accounting app to attract victims.
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews