Over 1200 Man-in-the-Middle Phishing Toolkits Designed to Intercept 2FA Found in the Wild

Jan 6, 2022 2:19:54 PM By Stu Sjouwerman

An academic partnership between Stony Brook University and Palo Alto Networks uncovered a massive use of tools that will steal authentication cookies mid-stream instead of credentials.

New York State Warns of Credential Stuffing

Jan 6, 2022 1:17:59 PM By Stu Sjouwerman

New York Attorney General Letitia James has released a guide to help businesses defend themselves against credential stuffing attacks. Credential stuffing is a type of brute-force attack ...

Victims: After a Data Breach, Changing Passwords and Good Password Hygiene Remain Unimportant

Dec 7, 2021 10:53:12 AM By Stu Sjouwerman

New shocking data shows how unconcerned victim users are after being notified of a data breach involving their credentials, personal information, and even social media accounts.

Russian SolarWinds Hackers Newly Attack Supply Chain With Password-Spraying and Phishing

Oct 26, 2021 9:38:10 AM By Stu Sjouwerman

Researchers at Microsoft have observed an attack phishing campaign by Russia’s SVR that’s targeting resellers and managed service providers. Microsoft tracks this threat actor as ...

When It Comes to Password Hygiene, Users Say One Thing, But Do Another

Oct 8, 2021 9:09:51 AM By Stu Sjouwerman

With credentials being at the forefront of most cyberattacks, the need for strong, unique passwords is at an all-time high. But new data shows users know what to do, but don’t do it.

Social Media Quizzes May Be Data Scrapers Building Victim Profiles

Sep 21, 2021 3:58:01 PM By Stu Sjouwerman

The seemingly benign quizzes asking personal details take advantage of individuals’ willingness to share and could be used to establish passwords, password hints, and more.

Brute Force Attacks are on the Rise as June sees a 671% increase

Sep 16, 2021 8:55:00 AM By Stu Sjouwerman

With nearly one-third of all organizations targeted in a single week and just above one-quarter on the average, attempts to access externally facing resources is growing in popularity and ...

3 Ways To Protect Your Identity Online

Apr 13, 2021 8:00:00 AM By James McQuiggan

Within security awareness training programs, cybersecurity experts promote various tactics and best practices to implement within personal and work environments to protect your identities ...

The Three Best Things You Can Do To Improve Your Computer Security

Feb 9, 2021 7:48:35 AM By Roger Grimes

The three best things you can do to improve your computer security, bar anything, have been the same three things you should have already been doing for the entirety of computers. The top ...

Thousands of Stolen Credentials Accessible via Google Search as Cybercriminals Accidentally Make Them Public

Jan 22, 2021 11:39:25 AM By Stu Sjouwerman

A publishing goof by cybercriminals on a WordPress site made files containing stolen passwords indexable by Google and were subsequently publicly available via search.

Eye-Opening Password Predictions: Remote Work Will Increase Risk for Data Breaches

Dec 21, 2020 2:12:55 PM By Stu Sjouwerman

Ponemon's State of Password and Authentication Security Behaviors Report analyzes password and security behaviors over time with similar trends. We wanted to deep dive into the reports of ...

Over Half of Users Admit to Reusing the Same Password on Multiple Accounts

Dec 17, 2020 3:50:39 PM By Stu Sjouwerman

New data reported earlier this year by Security Magazine shared a report from Secure OAuth that 53% of users reuse the same passwords on multiple accounts. Among those 44% admit to using ...

The Most Common Password Frustrations

Nov 9, 2020 5:01:48 PM By Roger Grimes

We all know the well-worn adage to make our passwords long and complex. Sometimes trying to do so can be completely frustrating.

6 Lessons I Learned from Hacking 130 MFA Solutions

Nov 5, 2020 2:16:43 PM By Roger Grimes

I was fortunate enough to write Wiley’s Hacking Multifactor Authentication. It’s nearly 600-pages dedicated to showing attacks against various multi-factor authentication (MFA) solutions ...

WARNING: Americans’ Password Habits are Horrible, Putting Organizations at Risk

Nov 4, 2020 7:01:00 AM By Stu Sjouwerman

New data shows the average American uses short, uncomplicated, and often predictable passwords, practices which only increase the insecurity of corporate user accounts.

Researchers Discover Most Microsoft 365 Admins Don't Enable Multi-Factor Authentication

Oct 27, 2020 12:31:02 PM By Stu Sjouwerman

Researchers from CoreView recently discovered that 97% of all total Microsoft 365 users do not utilize multi-factor authentication (MFA). A staggering 78% of Microsoft 365 admins do not ...

[NEW BOOK] Hacking Multi-Factor Authentication

Oct 27, 2020 8:58:07 AM By Roger Grimes

I’m excited to announce the release of my 12th book, Hacking Multifactor Authentication.

Cybersecurity Awareness Month Weekly Tip: Password Security

Oct 13, 2020 7:00:00 AM By Stu Sjouwerman

Each week during Cybersecurity Awareness Month, we’re going to be sharing in-depth weekly cybersecurity tips from our evangelists to help your users make smarter security decisions and ...

The Pesky Password Problem: Policies That Help You Gain the Upper Hand on the Bad Guys

Oct 7, 2020 7:00:00 AM By Stu Sjouwerman

What really makes a “strong” password? And why are your end-users tortured with them in the first place? How do hackers crack your passwords with ease? And what can/should you do about ...

[Heads Up] This Ingenious Worm Phishing Campaign Is A Game-Changer In Password Theft And Account Takeovers

Sep 30, 2020 9:52:30 AM By Stu Sjouwerman

A few days ago in a Medium blog post, Craig Hays, a cybersecurity architect and bug bounty hunter described a recent phishing new type of attempt which turned out to become "the greatest ...

Security Awareness Training Blog

View Topics

Over 1200 Man-in-the-Middle Phishing Toolkits Designed to Intercept 2FA Found in the Wild

New York State Warns of Credential Stuffing

Victims: After a Data Breach, Changing Passwords and Good Password Hygiene Remain Unimportant

Russian SolarWinds Hackers Newly Attack Supply Chain With Password-Spraying and Phishing

When It Comes to Password Hygiene, Users Say One Thing, But Do Another

Social Media Quizzes May Be Data Scrapers Building Victim Profiles

Brute Force Attacks are on the Rise as June sees a 671% increase

3 Ways To Protect Your Identity Online

The Three Best Things You Can Do To Improve Your Computer Security

Thousands of Stolen Credentials Accessible via Google Search as Cybercriminals Accidentally Make Them Public

Eye-Opening Password Predictions: Remote Work Will Increase Risk for Data Breaches

Over Half of Users Admit to Reusing the Same Password on Multiple Accounts

The Most Common Password Frustrations

6 Lessons I Learned from Hacking 130 MFA Solutions

WARNING: Americans’ Password Habits are Horrible, Putting Organizations at Risk

Researchers Discover Most Microsoft 365 Admins Don't Enable Multi-Factor Authentication

[NEW BOOK] Hacking Multi-Factor Authentication

Cybersecurity Awareness Month Weekly Tip: Password Security

The Pesky Password Problem: Policies That Help You Gain the Upper Hand on the Bad Guys

[Heads Up] This Ingenious Worm Phishing Campaign Is A Game-Changer In Password Theft And Account Takeovers

Search Our Blog

Subscribe To Our Blog

Posts By Topic

Get the latest about social engineering

Subscribe to CyberheistNews

Get the latest about social engineering

Subscribe to CyberheistNews

Products & Services

About Us

Free Tools

Contact Us

Contact Support

Search