"Get Beyond Security Awareness Training" Does Not Mean Forgetting About It

KnowBe4 is a big believer in focusing on decreasing human risk as the best way to decrease cybersecurity risk in most environments.
Continue Reading

Mobile Phishing Attacks Use New Tactic to Bypass Security Measures

ESET has published its threat report for the second half of 2024, outlining a new social engineering tactic targeting mobile banking users.
Continue Reading

CISA Strongly Recommends Phishing-Resistant MFA

We are excited to see the Cybersecurity Infrastructure Security Agency (CISA) and outgoing Director Jen Easterly strongly recommend PHISHING-RESISTANT multi-factor authentication (MFA).
Continue Reading

Purina’s Champions Program Is the Best I Have Seen

In my most recent book, Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing, I highlight the use of “champions," which are co-workers in your organization ...
Continue Reading

Criminals Use Search Engine Poisoning to Boost Phishing Pages

Researchers at Malwarebytes warn that cybercriminals are using search engine poisoning to boost phishing pages to the top of Bing’s search results.
Continue Reading

Every Cybersecurity List Should Be a Risk-Ranked List

Cybersecurity is all about risk management and reduction. You cannot get rid of all risk. Well, I guess you could, but you (and everyone else) would probably not want to work in a true ...
Continue Reading

QR Code Phishing is Growing More Sophisticated

Sophos describes a QR code phishing (quishing) campaign that targeted its own employees in an attempt to steal information.
Continue Reading

Threat Actors Compromise Valid Accounts Via Social Engineering

Phishing remains a top initial access vector for cyberattacks, according to researchers at Cisco Talos.
Continue Reading

The £3 Million Daily Heist

A recent report from UK Finance covered by the BBC paints a concerning picture of the evolving landscape of financial fraud. With a 16% rise in fraud cases and criminals stealing over £3 ...
Continue Reading

Nearly Two-Thirds of IT Leaders Have Fallen For Phishing Attacks

Sixty-four percent of IT leaders have clicked on phishing links, a new survey by Arctic Wolf has found. Despite this, 80% of these same professionals are confident their organization ...
Continue Reading

Threat Actors Behind MFA Bypass Service ‘OTP Agency’ Plead Guilty to Fraud

The criminal prosecution of the threat actors behind the "OTP Agency" has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication.
Continue Reading

SANS Releases Guide to Address Rise in Attacks on Manufacturing and Industrial Control Systems

Increased ransomware attacks on industrial control systems (ICS), mixed with general ICS insecurity found across the manufacturing sector, has given rise to a guide specifically ...
Continue Reading

New Ransomware Threat Group, RansomHub, is so Effective, the NSA is Already Warning You About Them

The latest evolution of the ransomware service model, RansomHub, has only been around since February of this year, but its affiliates are already successfully exfiltrating data.
Continue Reading

Email Compromise Remains Top Threat Incident Type for the Third Quarter in a Row

New analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves.
Continue Reading

Ransomware Recovery Costs Have Doubled for State and Local Governments

Thirty-four percent of state and local government entities were hit by ransomware in 2024, a new report from Sophos has found. While this is a decrease compared to the attack rate in ...
Continue Reading

The Long Road to Recovery Following a Ransomware Attack

When it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly because there’s no single source which ...
Continue Reading

Hacker Stories: A Facebook Physical Threat

Most people take a lot of measures to secure their online bank accounts, credit card accounts, retirement accounts and other financial accounts. This often means enabling some form of ...
Continue Reading

New Malvertising Campaign Impersonates Google Authenticator

Researchers at Malwarebytes spotted a malvertising campaign that abused Google Ads to target people searching for Google Authenticator.
Continue Reading

Phishing Attacks Target High Profile YouTube Accounts

Researchers at ESET warn of phishing attacks that are attempting to hack high-profile YouTube channels in order to spread scams or malware.
Continue Reading

FBI Warns of Phishing Campaign Targeting the Healthcare Industry

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews