Purina’s Champions Program Is the Best I Have Seen

Nov 19, 2024 9:02:42 AM By Roger Grimes

In my most recent book, Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing, I highlight the use of “champions," which are co-workers in your organization ...

Criminals Use Search Engine Poisoning to Boost Phishing Pages

Nov 11, 2024 4:46:36 PM By Stu Sjouwerman

Researchers at Malwarebytes warn that cybercriminals are using search engine poisoning to boost phishing pages to the top of Bing’s search results.

Every Cybersecurity List Should Be a Risk-Ranked List

Nov 1, 2024 2:34:28 PM By Roger Grimes

Cybersecurity is all about risk management and reduction. You cannot get rid of all risk. Well, I guess you could, but you (and everyone else) would probably not want to work in a true ...

QR Code Phishing is Growing More Sophisticated

Oct 30, 2024 1:31:53 PM By Stu Sjouwerman

Sophos describes a QR code phishing (quishing) campaign that targeted its own employees in an attempt to steal information.

Threat Actors Compromise Valid Accounts Via Social Engineering

Oct 28, 2024 4:38:14 PM By Stu Sjouwerman

Phishing remains a top initial access vector for cyberattacks, according to researchers at Cisco Talos.

The £3 Million Daily Heist

Oct 28, 2024 9:15:03 AM By Javvad Malik

A recent report from UK Finance covered by the BBC paints a concerning picture of the evolving landscape of financial fraud. With a 16% rise in fraud cases and criminals stealing over £3 ...

Nearly Two-Thirds of IT Leaders Have Fallen For Phishing Attacks

Oct 22, 2024 2:56:53 PM By Stu Sjouwerman

Sixty-four percent of IT leaders have clicked on phishing links, a new survey by Arctic Wolf has found. Despite this, 80% of these same professionals are confident their organization ...

Threat Actors Behind MFA Bypass Service ‘OTP Agency’ Plead Guilty to Fraud

Oct 1, 2024 1:56:11 PM By Stu Sjouwerman

The criminal prosecution of the threat actors behind the "OTP Agency" has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication.

SANS Releases Guide to Address Rise in Attacks on Manufacturing and Industrial Control Systems

Sep 18, 2024 7:59:23 AM By Stu Sjouwerman

Increased ransomware attacks on industrial control systems (ICS), mixed with general ICS insecurity found across the manufacturing sector, has given rise to a guide specifically ...

New Ransomware Threat Group, RansomHub, is so Effective, the NSA is Already Warning You About Them

Sep 16, 2024 3:43:10 PM By Stu Sjouwerman

The latest evolution of the ransomware service model, RansomHub, has only been around since February of this year, but its affiliates are already successfully exfiltrating data.

Email Compromise Remains Top Threat Incident Type for the Third Quarter in a Row

Aug 28, 2024 8:26:11 AM By Stu Sjouwerman

New analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves.

Ransomware Recovery Costs Have Doubled for State and Local Governments

Aug 27, 2024 7:30:00 AM By Stu Sjouwerman

Thirty-four percent of state and local government entities were hit by ransomware in 2024, a new report from Sophos has found. While this is a decrease compared to the attack rate in ...

The Long Road to Recovery Following a Ransomware Attack

Aug 19, 2024 1:58:51 PM By Javvad Malik

When it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly because there’s no single source which ...

Hacker Stories: A Facebook Physical Threat

Aug 12, 2024 5:15:08 PM By Erich Kron

Most people take a lot of measures to secure their online bank accounts, credit card accounts, retirement accounts and other financial accounts. This often means enabling some form of ...

New Malvertising Campaign Impersonates Google Authenticator

Aug 6, 2024 2:04:46 PM By Stu Sjouwerman

Researchers at Malwarebytes spotted a malvertising campaign that abused Google Ads to target people searching for Google Authenticator.

Phishing Attacks Target High Profile YouTube Accounts

Jul 9, 2024 8:32:05 AM By Stu Sjouwerman

Researchers at ESET warn of phishing attacks that are attempting to hack high-profile YouTube channels in order to spread scams or malware.

FBI Warns of Phishing Campaign Targeting the Healthcare Industry

Jun 27, 2024 1:46:27 PM By Stu Sjouwerman

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry.

The Overlooked Truth: User Experience in Cybersecurity

Jun 18, 2024 1:58:36 PM By Javvad Malik

We live in a world where the term "cybersecurity" tends to make folks either shiver with anxiety or yawn with boredom. The narrative has always been about hacking, phishing, and all sorts ...

Russia’s Military Intelligence Service Launches Spear Phishing Attacks

Jun 3, 2024 1:39:24 PM By Stu Sjouwerman

Researchers at Recorded Future warn that BlueDelta, a threat actor tied to Russia’s GRU, is launching spear phishing attacks against European defense and transportation entities.

Scam Service Attempts to Bypass Multi-factor Authentication

May 16, 2024 12:54:05 PM By Stu Sjouwerman

A scam operation called “Estate” has attempted to trick nearly a hundred thousand people into handing over multi-factor authentication codes over the past year, according to Zack ...

Security Awareness Training Blog

View Topics