Security Awareness Training Blog

KnowBe4 Blog

Read the latest news about KnowBe4, company announcements, new product releases and updates, awards and recognitions.

Introduction To KnowBe4's Services

KnowBe4 helps organizations to educate and train their employees against social engineering attacks, and carry out other required compliance training. KnowBe4 offers over 1,000 different ...
Continue Reading

Happy 21st Annual SysAdmins Day!

Today is SysAdmins Day, and if you have ever seen an episode of the awesome show “Dirty Jobs”, you might think you have seen the worst jobs out there. I mean crawling through sewer pipes, ...
Continue Reading

1 in 3 Employees Rarely or Never Think About Cybersecurity

Eye-opening data around the impact of human error demonstrates how simple user mistakes can compromise your organization’s cybersecurity posture.
Continue Reading

Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource

A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code.
Continue Reading

New CONTI Ransomware Family Touts Faster Encryption, Better Obfuscation, More Control

Just when you thought ransomware couldn’t sport something new, the latest family discovered by VMware’s Threat Analysis Unit shows significant advances in capabilities and execution.
Continue Reading

[HEADS UP] Cyber Attack at University of York Steals Personal Information from Staff and Students

In a recent report by the York Press, University of York has launched an investigation after personal information of students and staff was obtained by the bad guys.
Continue Reading

Does Your Domain Have an Evil Twin? Find Out For a Chance to Win Beats Headphones

Discover dangerous look-alike domains that could be used against you!
Continue Reading

Brand-New Tool: Browser Password Inspector Helps Find Risky Passwords Your Users Save in the Browser

Cybercriminals are always looking for easy ways to hack into your network and steal your users’ credentials. 
Continue Reading

New “servicedesk.com” Phishing Attack Uses Microsoft, IBM Cloud Services to Add Legitimacy

Focused on stealing victim credentials, this new attack uses a number of tactics to establish credibility, avoid raising red flags, and ensure they get the victim’s real credentials.
Continue Reading

Phishing Attack in Finland Uncovers Sophisticated Smishing Scheme

The Helinski Police Department is investigating a sophisticated smishing scheme in which attackers were able to steal more than 200,000 euros (US$228,736), Yle reports. The scammers sent ...
Continue Reading

Expect to See Data Theft as Part of More Ransomware Attacks in the Future

With data theft currently experienced in 10% of ransomware attacks, experts predict this trend to increase as cyber criminals look for ways to ensure ransom payment.
Continue Reading

Impermissible: Be Suspicious of Permission Requests

Users need to be wary of requests for information or permissions, even if they appear to come from legitimate sources, according to Don MacLennan, Senior Vice President of Engineering and ...
Continue Reading

Like Twitter, MFA Will Not Save You!

I’m sure we are all interested in the latest Twitter hack. As the author of the soon to be released Wiley book called Hacking Multifactor Authentication, I have to laugh at the “experts” ...
Continue Reading

SEC Issues Warning on Increased Ransomware Attacks

The Securities and Exchange Commission, through its Office of Compliance Inspections and Examinations (OCIE), issued a warning to advisors and broker-dealers to “immediately” review their ...
Continue Reading

KnowBe4 Finds Coronavirus-Themed Phishing Spiked in Q2 2020 [INFOGRAPHIC]

The latest results of KnowBe4's quarterly top-clicked phishing email subjects are in. We report on three different categories: social media related subjects, general subjects, and 'in the ...
Continue Reading

Ragnar Locker Ransomware Attacks Energy Company, Potentially Stealing 10TB in Data

In a letter to customers, EDP Renewables North America CEO acknowledges the attack occurred back in April of this year, but claims “no evidence” of data theft exists.
Continue Reading

Ransomware Attacks on Manufacturing Yield an Average Payout of $271K

New data shows just how much major industries are paying out to remediate successful ransomware attacks, despite guidance to never pay the ransom.
Continue Reading

Back-to-School: a Buzzkill in More Ways than One

40% of the top twenty universities in the US aren’t using DMARC to mitigate phishing attacks that impersonate the universities’ domains, according to researchers at Tessian. Additionally, ...
Continue Reading

[On-Demand Webinar] Hackers Exposed: Kevin Mitnick Shares His Tradecraft and Tools to Help You Hack Proof Your Network

Months of quarantine, transitioning to work from home, economic uncertainty, social and political turmoil… it’s easy to see why your employees are amped up, tense and distracted. And the ...
Continue Reading

More Than 15 Billion Credentials Are For Sale in Criminal Markets

Researchers at Digital Shadows warn that there are more than 15 billion leaked login credentials for sale in online criminal marketplaces. This number is up 300% since 2018, and the ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews