Security Awareness Training Blog

IT Security Blog

Get the most current news about the IT Security industry, what the latest threats are and what that means to security professionals.

2024 IT Spending Surge: Surprising Insights from Piper Sandler's CIO Survey

Industry analysts Piper Sandler do a yearly 'Industry Note' where they survey CIOs about their next year budget expectations. For 2024 there is a noticeable improvement regarding ...
Continue Reading

Blocking Social Engineering by Foreign Bad Actors: The Role of the New Foreign Malign Influence Center

The U.S. government created a new office to block disinformation. The new Foreign Malign Influence Center (FMIC) oversees efforts that span U.S. military, law enforcement, intelligence, ...
Continue Reading

What is a Security Tech Stack?

What is a security tech stack? This is a bare-bones quick overview.
Continue Reading

Microsoft Exchange Server Flaws Now Exploited for BEC Attacks

Threat actors are using a couple of dangerous, new tactics to exploit the so-called ProxyShell set of vulnerabilities in on-premises Exchange Servers that Microsoft patched earlier this ...
Continue Reading

WHAT IS XDR (EXTENDED DETECTION AND RESPONSE)?

ReliaQuest published a good article a little while back that quickly defines XDR and what it can do for you. This may save you some time and gets you up to speed on the latest security ...
Continue Reading

[THIS IS UGLY] A Hacker Got All My Texts for $16

VICE just revealed a 2FA hole you can drive a truck through. A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages. This ...
Continue Reading

[Heads Up] Has Your Exchange Been Hacked And Is Now A Ticking Time Bomb?

Brian Krebs wrote: "Globally, hundreds of thousand of organizations running Exchange email servers from Microsoft just got mass-hacked, including at least 30,000 victims in the United ...
Continue Reading

Dutch Intelligence Agencies Warn About Chinese and Russian Cyber Espionage

Chinese and Russian state hackers threaten the Dutch economy. Three Dutch intelligence agencies jointly sound the alarm about digital espionage in financial newspaper Het Financieele ...
Continue Reading

[Heads-Up] A Hacker Is Selling Access To The Email Accounts Of Hundreds Of C-Level Executives

ZDNet's Zero Day column just reported one of the best reasons why you should step your users through new-school security awareness training yet:
Continue Reading

[On-Demand Webinar] Top 5 IT Security Myths Your CISO Believes Are True… BUSTED!

Facts are facts, but what happens when IT security pros take myths at face value?
Continue Reading

[CRITICAL] 250,000 Microsoft Exchange Servers are Unpatched and Vulnerable to Remote Code Execution Attacks!

With an estimated 61% of Exchange servers in the wild still operating unpatched, this security flaw allows attackers to take over a vulnerable server using any set of valid email ...
Continue Reading

[Heads Up] The First-Ever Russian BEC Gang, Cosmic Lynx, Was Uncovered. They Spear Phish Multinational & Fortune 500 Senior Executives

“This is a historic shift to the global email threat landscape and portends new and sophisticated social engineering attacks that CISOs around the world must brace for now,” according to ...
Continue Reading

The Top 5 Eyeopener Strategies To Improve Your IT Defenses And Keep Bad Guys Out Of Your Network

Last year, in 2019 according to CVEdetails, there were 12,174 new, publicly announced vulnerabilities. If that sounds like a high number, it’s a lot less than the previous two years. We ...
Continue Reading

Half of M&A Cyber Audits Uncover Undisclosed Breaches That Derail Deals

Cybersecurity diligence performed prior to a merger or acquisition often uncovers weaknesses in an organization’s security stance, which can spell doom for the company being purchased and ...
Continue Reading

SIM Card Attack May Affect Over 1 Billion Mobile Phones Worldwide

Using SMS messaging, attackers can use phishing tactics to hijack mobile devices using a legacy piece of SIM code, called the S@T Browser, to execute commands as part of a more ...
Continue Reading

What Reese’s Peanut Butter Cups Can Teach Us About Phishing

One of the greatest inventions in modern history is the Reese’s Peanut Butter Cup. I feel sorry for any human who existed before the “age of the cup” because they never got to know the ...
Continue Reading

A Former CIA Officer Shows You How to Make Your Organization a Hard Target

Having spent over a decade as part of the CIA’s Center for Cyber Intelligence and the Counterterrorism Mission Center, Rosa Smothers knows the ins and outs of leading cyber operations ...
Continue Reading

I Can Phish Anyone

I’m a bit surprised by some aggressive corporate anti-phishing policies which say they will fire anyone for one accidental phishing offense. Send me the names and email addresses of the ...
Continue Reading

Brand-New: Multi-Factor Authentication Security Assessment Tool Helps Assess Your Organization's MFA Vulnerabilities

You already know that using multi-factor authentication (MFA) can decrease your cybersecurity risk, and certainly is a much stronger defense compared to using traditional passwords alone. ...
Continue Reading

Here Are Some Interesting Headlines I Found During Black Hat

Black Hat 2019 - The Craziest, Most Terrifying Things We Saw: I ran into Neil Rubenking when I went to the Qualys party which was in the Foundation Room all the way on top of the ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews