Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Act Now: Phishing-as-a-Service Attacks are on the Rise

Mar 24, 2025 3:05:34 PM By Stu Sjouwerman
Phishing-as-a-service (PhaaS) platforms drove a surge in phishing attacks in the first two months of 2025, according to researchers at Barracuda.
Continue Reading

Why Password Security Matters: The Danish and Swedish Password Problem

Mar 21, 2025 10:46:44 AM By Martin Kraemer
In today’s world, cybersecurity is more critical than ever. Organizations and individuals alike face a constant barrage of cyber threats, and often, the weakest link in our defenses is ...
Continue Reading

Beware: Malvertising Campaign Hits Nearly a Million Devices

Mar 12, 2025 9:09:33 AM By Stu Sjouwerman
Microsoft warns that a widespread malvertising campaign hit nearly one million devices around the world. The campaign, which began on illegal streaming sites, impacted both consumer and ...
Continue Reading

Warning: Ransomware Threats Increased Fourfold in 2024

Mar 7, 2025 9:14:54 AM By Stu Sjouwerman
Researchers at Barracuda observed a fourfold increase in ransomware threats last year, driven by increasingly sophisticated ransomware-as-a-service (RaaS) operations.
Continue Reading

Primary Refresh Tokens Aren’t Your Parent’s Browser Token

Mar 4, 2025 9:40:59 AM By Roger Grimes
If you haven’t been paying attention closely enough, a new type of access control token, like a super browser token on steroids, is becoming hackers' theft target of choice.
Continue Reading

Protect Your Devices: Mobile Phishing Attacks Bypass Desktop Security Measures

Feb 28, 2025 9:13:19 AM By Stu Sjouwerman
Zimperium warns of a surge in phishing attacks specifically tailored for mobile devices. These attacks are designed to evade desktop security measures in order to breach organizations ...
Continue Reading

Microsoft is Still the Most Commonly Impersonated Brand in Phishing Attacks

Jan 28, 2025 4:05:32 PM By Stu Sjouwerman
Microsoft, Apple, and Google were the most commonly impersonated brands in phishing attacks last quarter, according to researchers at Check Point.
Continue Reading

Beware of Toll Scam Texts: How Cybercriminals are Targeting U.S. Drivers

Jan 27, 2025 3:59:53 PM By Stu Sjouwerman
Drivers across the U.S. are being bombarded with fraudulent text messages claiming to come from toll operators like E-ZPass.
Continue Reading

"Get Beyond Security Awareness Training" Does Not Mean Forgetting About It

Dec 23, 2024 5:13:52 PM By Roger Grimes
KnowBe4 is a big believer in focusing on decreasing human risk as the best way to decrease cybersecurity risk in most environments.
Continue Reading

Mobile Phishing Attacks Use New Tactic to Bypass Security Measures

Dec 20, 2024 3:49:33 PM By Stu Sjouwerman
ESET has published its threat report for the second half of 2024, outlining a new social engineering tactic targeting mobile banking users.
Continue Reading

CISA Strongly Recommends Phishing-Resistant MFA

Nov 27, 2024 10:16:09 AM By Roger Grimes
We are excited to see the Cybersecurity Infrastructure Security Agency (CISA) and outgoing Director Jen Easterly strongly recommend PHISHING-RESISTANT multi-factor authentication (MFA).
Continue Reading

Purina’s Champions Program Is the Best I Have Seen

Nov 19, 2024 9:02:42 AM By Roger Grimes
In my most recent book, Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing, I highlight the use of “champions," which are co-workers in your organization ...
Continue Reading

Criminals Use Search Engine Poisoning to Boost Phishing Pages

Nov 11, 2024 4:46:36 PM By Stu Sjouwerman
Researchers at Malwarebytes warn that cybercriminals are using search engine poisoning to boost phishing pages to the top of Bing’s search results.
Continue Reading

Every Cybersecurity List Should Be a Risk-Ranked List

Nov 1, 2024 2:34:28 PM By Roger Grimes
Cybersecurity is all about risk management and reduction. You cannot get rid of all risk. Well, I guess you could, but you (and everyone else) would probably not want to work in a true ...
Continue Reading

QR Code Phishing is Growing More Sophisticated

Oct 30, 2024 1:31:53 PM By Stu Sjouwerman
Sophos describes a QR code phishing (quishing) campaign that targeted its own employees in an attempt to steal information.
Continue Reading

Threat Actors Compromise Valid Accounts Via Social Engineering

Oct 28, 2024 4:38:14 PM By Stu Sjouwerman
Phishing remains a top initial access vector for cyberattacks, according to researchers at Cisco Talos.
Continue Reading

The £3 Million Daily Heist

Oct 28, 2024 9:15:03 AM By Javvad Malik
A recent report from UK Finance covered by the BBC paints a concerning picture of the evolving landscape of financial fraud. With a 16% rise in fraud cases and criminals stealing over £3 ...
Continue Reading

Nearly Two-Thirds of IT Leaders Have Fallen For Phishing Attacks

Oct 22, 2024 2:56:53 PM By Stu Sjouwerman
Sixty-four percent of IT leaders have clicked on phishing links, a new survey by Arctic Wolf has found. Despite this, 80% of these same professionals are confident their organization ...
Continue Reading

Threat Actors Behind MFA Bypass Service ‘OTP Agency’ Plead Guilty to Fraud

Oct 1, 2024 1:56:11 PM By Stu Sjouwerman
The criminal prosecution of the threat actors behind the "OTP Agency" has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication.
Continue Reading

SANS Releases Guide to Address Rise in Attacks on Manufacturing and Industrial Control Systems

Sep 18, 2024 7:59:23 AM By Stu Sjouwerman
Increased ransomware attacks on industrial control systems (ICS), mixed with general ICS insecurity found across the manufacturing sector, has given rise to a guide specifically ...
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews