Phishing Campaign Goes After AT&T Employees’ MFA Codes

A phishing campaign is targeting AT&T employees and contractors with a well-crafted fake login page, according to Luke Leal at Sucuri. The phishing page is a near-exact replica of ...
Continue Reading

Credential Stuffing to Stuff the Ballot Box

Advanced nation-state actors and petty criminals are both leveraging credential-stuffing attacks to hack into victims’ accounts, according to Byron Acohido, writing for Avast. Rather than ...
Continue Reading

Credential Stuffing Used Against Financial Services

A security alert from the FBI warns that hackers are launching credential-stuffing attacks against organizations in the financial sector, ZDNet reports.
Continue Reading

CISA’s Advice on Countering Phishing

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on best practices to thwart email-based phishing attacks. The ...
Continue Reading

Are Account Takeovers Driving Towards a Passwordless Future?

The bad guys will try to take over accounts all the time. Logging onto someone's account with their credentials is usually a whole lot easier than trying to compromise the website ...
Continue Reading

Like Twitter, MFA Will Not Save You!

I’m sure we are all interested in the latest Twitter hack. As the author of the soon to be released Wiley book called Hacking Multifactor Authentication, I have to laugh at the “experts” ...
Continue Reading

More Than 15 Billion Credentials Are For Sale in Criminal Markets

Researchers at Digital Shadows warn that there are more than 15 billion leaked login credentials for sale in online criminal marketplaces. This number is up 300% since 2018, and the ...
Continue Reading

Multifactor Authentication Versus Credential Stuffing?

You shouldn’t assume multi-factor authentication will protect your accounts from credential stuffing attacks, according to Gerhard Giese at Akamai. Credential stuffing is a type of ...
Continue Reading

Remote Work Isn’t Good for Corporate Security (Part 1): 6 in 10 Employee’s Online Accounts Have Been Compromised Since Working Remotely

Working from home has its advantages. But, according to new data, one of them isn’t keeping the organization secure.
Continue Reading

Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

I get asked a lot about password policy during my travels around the globe giving presentations and from people who email after webinars. Many of the questions are the same and I’ve ...
Continue Reading

How Sharing Personal Information Helps Scam Artists

The FBI's Charlotte office released an alert describing how scammers can use personal information on social media to break into online accounts, BleepingComputer reports. As people are ...
Continue Reading

KnowBe4 Content Updates and New Resources - November 2019

We've got a few important updates to share with you for the month of November!
Continue Reading

What Reese’s Peanut Butter Cups Can Teach Us About Phishing

One of the greatest inventions in modern history is the Reese’s Peanut Butter Cup. I feel sorry for any human who existed before the “age of the cup” because they never got to know the ...
Continue Reading

[INFOGRAPHIC] Cost of Ransomware Related Downtime Increased More Than 200 Percent, an Amount 23 Times Greater Than the Ransom Request

Datto, a leading global provider of IT solutions delivered through managed service providers (MSPs), announced its fourth annual Global State of the Channel Ransomware Report. The survey ...
Continue Reading

[Heads up] FBI Warns About Attacks That Bypass Your Multi-factor Authentication (MFA)

Last month, the FBI sent a special alert called a Private Industry Notification (PIN) to industry partners about the rising threat of attacks that bypass their multi-factor authentication ...
Continue Reading

On Average, How Many Passwords do Employees Manage?

According to the Last Pass Password Exposé report, an employee manages of about 200 passwords. Other industry reports often estimate the number of credentials used and put the figure ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews