Underground Cyber Crime Marketplaces are Now Showing Up on the Open Web

Dec 21, 2023 1:00:00 PM By Stu Sjouwerman

Marketplaces such as OLVX are shifting from the dark web to the open web to take advantage of traditional web services to assist in marketing to and providing access to new customers.

Interest in AI-Generated ‘Undressing’ Increases 2000% as it Becomes a Mainstream Online Business

Dec 21, 2023 12:30:00 PM By Stu Sjouwerman

The advent of non-consensual intimate imagery (NCII) as a monetized business on the Internet has shifted pornography into the realm of undressing anyone you like.

Cancer Center Patients Become Attempted Victims of Data Extortion

Dec 21, 2023 11:44:36 AM By Stu Sjouwerman

Cybercriminals of the lowest kind breached as many as 800,000 patients and then sent emails threatening to sell their data if they didn’t pay a fee to block it from selling.

“Mr. Anon” Infostealer Attacks Start with a Fake Hotel Booking Query Email

Dec 20, 2023 11:52:39 AM By Stu Sjouwerman

This new attack is pretty simple to spot on the front, but should it be successful in launching its’ malicious code, it’s going to take its victims for everything of value they have on ...

Holiday Scams Include Thousands of Impersonation Phishing Domains per Brand

Dec 19, 2023 11:23:04 AM By Stu Sjouwerman

Midstride in this year’s holiday shopping, it’s important to realize just how many websites exist that impersonate legitimate online retailers. More importantly, your users need to know ...

Unique Malware Used in Cyber Attacks Increases by 70% in Just One Quarter

Dec 18, 2023 11:56:48 AM By Stu Sjouwerman

As more cybercriminal gangs continue to enter the game, the massive increase in unique types of malware means it will become increasingly difficult to identify and stop attacks.

Why Security Awareness Training Is Effective in Reducing Cybersecurity Risk

Dec 14, 2023 1:14:38 PM By Roger Grimes

Security awareness training (SAT) works! A well-designed security awareness training campaign will significantly reduce cybersecurity risk.

Brand New BazarCall Phishing Campaign Abuses Google Forms

Dec 14, 2023 1:14:18 PM By Stu Sjouwerman

A new BazarCall phishing campaign is using Google Forms to send phony invoices, according to researchers at Abnormal Security.

As the Holiday Season Ramps Up, So Do Scams Impersonating the U.S. Postal Service

Dec 14, 2023 1:14:04 PM By Stu Sjouwerman

Taking traditional “delayed package” scams up a notch, new phishing and smishing attack campaigns are leveraging freemium DNS services to avoid detection by security solutions.

Phishing Is Still the No. 1 Attack Vector, With Huge 144% Malicious URL Spike

Dec 13, 2023 12:26:16 PM By Stu Sjouwerman

Analysis of nearly a year’s worth of emails brings insight into exactly what kinds of malicious content are being used, who’s being impersonated, and who’s being targeted.

How To Fight Long-Game Social Engineering

Dec 13, 2023 8:08:40 AM By Roger Grimes

CISA sent out a warning about a Russian advanced persistent threat (APT) called Star Blizzard warning about their long-game social engineering tactics.

Russia Weaponizes Israel-Hamas Conflict in Targeted Phishing Attack

Dec 12, 2023 12:18:27 PM By Stu Sjouwerman

Researchers at IBM X-Force are tracking a phishing campaign that’s using themes related to the Israel-Hamas war to deliver Headlace, a backdoor exclusively used by the suspected Russian ...

Russian Hackers Indicted for Phishing Attacks Against U.S. and Allies

Dec 11, 2023 10:34:40 AM By Stu Sjouwerman

The US Justice Department has indicted two individuals for launching spear phishing attacks against the US, the UK, Ukraine and various NATO member countries on behalf of the Russian ...

Phishing Defense: Train Often to Avoid the Bait

Dec 8, 2023 3:40:51 PM By Roger Grimes

Surveys, unfortunately, show that the vast majority of organizations do little to no security awareness training. The average organization, if it does security awareness training, does it ...

Nearly Every CIO Identifies at Least One Cyber Threat as a Risk to their Business

Dec 8, 2023 3:40:05 PM By Stu Sjouwerman

When 97% of CIOs all see things the same way, it’s probably a sign to take the risk of cyber threats seriously – a problem new data shows is only going to get worse in the next five years.

Phishing-Resistant MFA Will Not Stop Phishing Attacks

Dec 7, 2023 10:25:31 AM By Roger Grimes

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder.

Don't Be Fooled By This Sneaky Disney+ Phishing Scam

Dec 6, 2023 2:23:33 PM By Stu Sjouwerman

A callback phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations.

New York Unit of Worlds Largest Bank Becomes Ransomware Victim

Dec 6, 2023 2:23:26 PM By Stu Sjouwerman

The ransomware attack on ICBC Financial Services caused disruption of trading of U.S. Treasuries and marked a new level of breach that could have massive repercussions.

Financial Institutions are the Most Affected by Phishing Attacks and Scams

Dec 5, 2023 11:38:56 AM By Stu Sjouwerman

New data shows how the overwhelming majority of phishing attacks on financial institutions dwarf every other industry sector by as much as a factor of 30-to-1.

PDFs: Friend or Phishing Foe? Don't Get Caught by the Latest Scam Tactic

Dec 5, 2023 11:38:52 AM By Stu Sjouwerman

Researchers at McAfee warn that attackers are increasingly utilizing PDF attachments in email phishing campaigns.

Security Awareness Training Blog

Phishing Blog

View Topics