Alexa and Google Home abused to eavesdrop and phish passwords

Oct 21, 2019 9:35:05 AM By Stu Sjouwerman

Ars Technica is on a roll lately with some very good articles! Here is another one that made me go "Yikes!"

Can An Employee's Bad Conscience Be A Vulnerability?

Oct 21, 2019 7:06:27 AM By Stu Sjouwerman

It can be useful to remember that social engineering succeeds much better when its marks are stressed or hurried. That appears to be the case with an ongoing scam campaign that lays its ...

KnowBe4 Wins ComputingSecurity Award: Education and Training Provider of the Year

Oct 18, 2019 9:43:51 AM By Stu Sjouwerman

We are extremely pleased to announce we won the ComputingSecurity Award for Education and Training Provider of the Year. Here is the team accepting the award.

Don’t Fall Victim to Breach Fatigue

Oct 18, 2019 7:04:45 AM By Stu Sjouwerman

People shouldn’t let news of data breaches dissuade them from trying to protect their information, according to security researcher Ray [REDACTED]. On the CyberWire’s Hacking Human ...

An Unusually Vile Bit of Social Engineering

Oct 18, 2019 6:59:20 AM By Stu Sjouwerman

A woman in Wales lost £1,000 to a scammer who posed as a police officer and threatened that she would lose her children if she didn’t pay the money within an hour, Wales Online reports. ...

Scam Of The Week: Bogus Performance Review as Phishbait

Oct 17, 2019 7:08:24 AM By Stu Sjouwerman

New phishing attacks are imitating performance appraisals in order to steal employees’ credentials, according to IBM SecurityIntelligence. The attackers are posing as HR employees and ...

A Lawyer's Look at "Big Game Phishing"

Oct 17, 2019 6:50:18 AM By Stu Sjouwerman

Ransomware attacks have increasingly been going after high-value data in order to extract larger ransoms from victims, according to the well-known law firm Cooley. This trend was ...

Security Awareness Training is a Key Part of an Effective Cyber Risk Resilience and Prevention Strategy

Oct 17, 2019 6:32:27 AM By Stu Sjouwerman

Organizations investing in cyber security technology and process are expressing risk in economical terms, helping to drive a cost-effective security stance – one that includes training.

Microsoft Recommends: "Top 6 Email Security Best Practices"... And One Of Them Is Phishing Simulations

Oct 17, 2019 6:11:20 AM By Stu Sjouwerman

Girish Chander, Microsoft's Group Program Manager of Office 365 Security wrote an excellent post on their blog titled "Top 6 email security best practices to protect against phishing ...

[INFOGRAPHIC] Cost of Ransomware Related Downtime Increased More Than 200 Percent, an Amount 23 Times Greater Than the Ransom Request

Oct 17, 2019 5:52:39 AM By Stu Sjouwerman

Datto, a leading global provider of IT solutions delivered through managed service providers (MSPs), announced its fourth annual Global State of the Channel Ransomware Report. The survey ...

North Korean Front Company Used to Compromise Mac Users

Oct 16, 2019 6:49:56 AM By Stu Sjouwerman

Suspected North Korean hackers used a front company to spread a malicious cryptocurrency app to both Windows and Mac users, BleepingComputer reports. The APT known as the Lazarus Group ...

A New Attack Category is Born: You Now Need to Also Worry About Evasive Spear Phishing

Oct 16, 2019 6:43:17 AM By Stu Sjouwerman

Researchers have combed through 25 million emails and found a new method of attack that blends two previously seen attack types combined into a single attack.

MSPs Should Offer Security Awareness Training as Part of a Complete Security Service Offering

Oct 16, 2019 6:33:24 AM By Stu Sjouwerman

The opportunity to both better secure customers while generating recurring revenue through customer end-user education is ripe for the taking for MSPs focusing on security services.

I Can Phish Anyone

Oct 15, 2019 7:30:00 AM By Roger Grimes

I’m a bit surprised by some aggressive corporate anti-phishing policies which say they will fire anyone for one accidental phishing offense. Send me the names and email addresses of the ...

CRN: "Kevin Mandia -- Detect Spear Phishing, Lock Down CEO Email To Stay Safe"

Oct 15, 2019 7:10:57 AM By Stu Sjouwerman

Michael Novinson at CRN had a great article that really explains the issues we are dealing with. He started out with: "Spear phishing remains the most common way for adversaries to ...

Simjacking is Still a Problem, British Food Writer Lost £5,000

Oct 15, 2019 6:50:20 AM By Stu Sjouwerman

British food writer Jack Monroe lost £5,000 due to a simjacking attack, the BBC reports. In a series of tweets, Monroe said someone had taken over her phone number and used the access to ...

It’s Baaaaaaaack! Emotet Trojan Rears Its Ugly Head Once Again After a 3-Month Vacation

Oct 15, 2019 6:42:38 AM By Stu Sjouwerman

One of the most dangerous pieces of malware to-date, this trojan-turned-botnet has come back after a brief hiatus and appears to be a part of a new spear phishing campaign targeting ...

Cyber Risk Remains a Top Concern for Organizations While Lacking Confidence in Addressing Cyber Threats

Oct 15, 2019 6:37:48 AM By Stu Sjouwerman

It appears priority and ability to execute are two very different things when it comes to dealing with cyber threats, according to the latest data from Marsh and Microsoft.

Extremely Embarrassing 250,000-record Data Breach At Hookers.nl

Oct 14, 2019 10:50:12 AM By Stu Sjouwerman

The data of 250,000 users of Hookers.nl, a forum where experiences with prostitutes and escorts are exchanged, have been stolen and offered for sale on the internet. It concerns e-mail ...

Why Hack When You Can Con?

Oct 14, 2019 9:42:25 AM By Stu Sjouwerman

Security Awareness Training Blog