New HR-Themed Credential Harvesting Phishing Attack Uses Legitimate Signature Platform Yousign

Jun 11, 2024 8:00:00 AM By Stu Sjouwerman

A new phishing campaign is exploiting the eSignature platform Yousign.

Bruce Schneier: "AI Will Increase the Quantity—and Quality—of Phishing Scams"

Jun 11, 2024 6:49:00 AM By Stu Sjouwerman

Wow. It does not happen often that the godfather of infosec comes out this strong about phishing risks. He co-published new research in the Harvard Business Review May 30, 2024, which in ...

Nearly Three-Quarters of Organizations Were the Target of Attempted Business Email Compromise Attacks

Jun 7, 2024 2:20:40 PM By Stu Sjouwerman

New data highlights just how dangerous Business Email Compromise attacks are.

Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing

Jun 7, 2024 8:16:24 AM By Roger Grimes

I have created a comprehensive webinar, based on my recent book, “Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing”. It contains everything that KnowBe4 ...

Social Engineering Scams Can Come in the Mail, Too

Jun 6, 2024 8:27:18 AM By Roger Grimes

Social engineering scams can come through any communications channel (e.g., email, web, social media, SMS, phone call, etc.). They can even come in the mail as the Nextdoor warning below ...

“Operation Endgame” Ends with the Arrest of 4 Cybercriminal Suspects and 100 Servers

Jun 6, 2024 8:27:15 AM By Stu Sjouwerman

Coordinated efforts between law enforcement agencies across nine countries has resulted in a major disruption of a threat group’s malware and ransomware operations.

Email Compromise Continues to Dominate as Top Threat Incident Type as Tactics Evolve

Jun 4, 2024 1:14:16 PM By Stu Sjouwerman

As email compromise attacks increase, analysis of tactics provides context on how organizations need to evolve their defenses.

[NEW RESEARCH]: KnowBe4’s 2024 Phishing by Industry Benchmarking Report Reveals that 34.3% of Untrained End Users Will Fail a Phishing Test

Jun 4, 2024 8:00:00 AM By Joanna Huisman

The prevalence of cyber crime continues to soar, victimizing individuals in both their work and private lives. Cybercriminals are indiscriminate, targeting around the clock and across the ...

Russia’s Military Intelligence Service Launches Spear Phishing Attacks

Jun 3, 2024 1:39:24 PM By Stu Sjouwerman

Researchers at Recorded Future warn that BlueDelta, a threat actor tied to Russia’s GRU, is launching spear phishing attacks against European defense and transportation entities.

New Transparent Phishing Attacks Leverage Cloudflare Worker Serverless Computing

Jun 3, 2024 1:39:21 PM By Stu Sjouwerman

An increasing number of phishing campaigns from several threat groups are being tracked as they leverage legitimate Cloudflare services as part of account compromise attacks.

The Hard Evidence That Phishing Training and Testing Really Works Great

May 31, 2024 2:56:33 PM By Roger Grimes

Security awareness training (SAT) and simulated phishing works to significantly reduce cybersecurity risk. We have the data, customer testimonials and government recommendations to prove ...

Threat Actor Void Manticore Uses Cyber Weapon “Wipers” to Destroy Data and Systems

May 29, 2024 2:42:27 PM By Stu Sjouwerman

This Pro-Hamas hacktivist group has updated their payload arsenal to include updated versions of their BiBi Wiper malware, and two new wiper variants.

China Threat Actor Targeting African and Caribbean Entities With Spear Phishing Attacks

May 28, 2024 2:27:04 PM By Stu Sjouwerman

The China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point.

[FedRAMP Phishing Rule]: "Users are the last line of defense and should be tested."

May 28, 2024 8:00:00 AM By Stu Sjouwerman

If you want to sell cloud-based software to the U.S. Government, you need to be FedRAMP authorized. This is what they state in their Program Overview:

As Many as 1 in 7 Emails Make it Past Your Email Filters

May 24, 2024 3:42:17 PM By Stu Sjouwerman

Fluctuations in consecutive quarterly reports demonstrates that organizations should be worried that their cyber defenses may not be strong enough to stop phishing attacks.

New Research Finds Phishing Scams Targeting Popular PDF Viewer

May 23, 2024 2:40:28 PM By Stu Sjouwerman

Several phishing campaigns are targeting users of the Foxit PDF Reader, according to researchers at Check Point. Foxit is a popular alternative to Adobe Acrobat Reader for viewing PDF ...

UK Cybersecurity Org Offers Advice for Thwarting BEC Attacks

May 22, 2024 3:18:43 PM By Stu Sjouwerman

The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organizations defend themselves against business email compromise (BEC) attacks, especially those ...

Newly Updated Grandoreiro Banking Trojan Distributed Via Phishing Campaigns

May 21, 2024 3:33:47 PM By Stu Sjouwerman

Researchers at IBM X-Force are tracking several large phishing campaigns spreading an updated version of the Grandoreiro banking trojan.

Cyber Insurance Claims Rise Due To Phishing and Social Engineering Cyber Attacks

May 21, 2024 3:31:34 PM By Stu Sjouwerman

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem.

New Threat Report Finds Nearly 90% of Cyber Threats Involve Social Engineering

May 20, 2024 2:55:38 PM By Stu Sjouwerman

Analysis of over 3.5 billion attacks provides insight into where threat actors are placing their efforts and where you should focus your cyber defenses.

Security Awareness Training Blog

Phishing Blog

View Topics