Security Awareness Training Blog

Security Awareness Training Blog

Read the latest news about security awareness training, best practices, why you need it, and what happens when you don't have it in place.

Lateral Phishing Affects One in Seven Organizations

A survey by Barracuda found that one in seven organizations experienced lateral phishing attacks over the course of seven months, and that 42% of these attacks were not reported by ...
Continue Reading

Social Engineering Used To Establish Shady Bulletproof Hosting

Brian Krebs has reported that a dubious Internet provider, “Resnet,” was renting out tens of thousands of residential IP addresses to be used as proxies by fraudsters and spammers. ...
Continue Reading

Ransomware Hits Fortnite Players

DarkReading reports: "Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom." Similar to phishing attacks on ...
Continue Reading

Is The Ransomware Debate Over? To Pay Or Not To Pay, The Conference Of Mayors Made Up Their Mind

The long-standing argument over whether or not to pay may have come to an end, with a resolution from the U.S. Conference of Mayors calling on cities to not pay up. 
Continue Reading

Gift Cards Are Now the #1 Business Email Compromise Cash-Out Mechanism for Fraudsters

Overtaking wire transfers and payroll diversion, gift cards have taken a material lead as one of the easiest and least recoverable ways to cash out of a fraud scam. 
Continue Reading

U.S. Government Stresses the Need for Cybersecurity Awareness and Education in Light of Ransomware Attacks on Government Entities

In light of the recent string of attacks that seem to be targeting government agencies and municipalities, a new multi-agency press release provides guidance on how to be resilient.
Continue Reading

Game Phishing Scams Steal Steam Accounts

A phishing scam is stealing Steam accounts by promising free games to victims if they log in to a website with their Steam credentials, according to a recent post by BleepingComputer.
Continue Reading

KnowBe4 Applauds Proposed Legislation for Cybersecurity Training Requirement for U.S. House Members

On May 10, 2019, U.S. Representative Kathleen Rice (D-NY) introduced legislation that will require House Members to partake in annual cybersecurity training. At this time, elected ...
Continue Reading

Blank Emails Come Before BEC Fraud Attack

Business email compromise (or CEO fraud) has its reconnaissance phase, too. Researchers at Agari say they’ve found that blank, unsolicited emails are often an early sign that a BEC gang ...
Continue Reading

The Wall Street Journal Just Published An Interview with Kevin Mitnick, KnowBe4's Chief Hacking Officer

August 16, 2019 - Randy Maniloff wrote about Kevin in the WSJ "Weekend Interview". It's a great article that covers his start as a teenage hacker, how he wound up in jail, and how he ...
Continue Reading

Are Local Government and Municipalities Part of a Coordinated Attack on the U.S.?

There are too many ransomware attacks to ignore the similarities. It’s either government networks are easy prey, or someone is trying to cash out on the U.S., one attack at a time.
Continue Reading

Social Engineering Testing is Necessary to Fend off Phishing Attacks

The success of social engineering as part of phishing and spear phishing attacks has caused organizations to realize they need an effective tactic to make employees vigilant.
Continue Reading

The Unusual Activity Would be the Warning Itself

BleepingComputer has come across a phishing campaign that’s spoofing “Unusual sign-in” warnings from Microsoft to steal users’ credentials. The emails look nearly identical to Microsoft’s ...
Continue Reading

Even when your users don't click...

...they can still be helping the bad guys compromise your organization. Sad but true.
Continue Reading

Report: Data Breach in Biometric Security Platform Affecting Millions of Users

Led by internet privacy researchers Noam Rotem and Ran Locar, vpnMentor’s team recently discovered a huge data breach in biometrics security platform BioStar 2. Once stolen, fingerprint ...
Continue Reading

BYOD Really Means Bring Your Own Risk

A new survey by Nationwide Insurance found that while 83 percent of small businesses let their employees work from home when necessary, one-fifth of these companies don’t provide ...
Continue Reading

Still Dodging that Sextortion Bullet

It has long been true that sextortionists really had nothing on their intended victims. No video, no screen captures, nothing at all beyond shame and an uneasy conscience. Unfortunately ...
Continue Reading

Security warning for software developers: You are now prime targets for phishing attacks

Danny Palmer at ZDNet wrote: "Software developers are the people most targeted by hackers conducting cyberattacks against the technology industry, with the hackers taking advantage of the ...
Continue Reading

[August Live Demo] Simulated Phishing and Security Awareness Training

Old-school awareness training does not hack it anymore. Your email filters have an average 10-15% failure rate; you need a strong human firewall as your last line of defense. Join us ...
Continue Reading

Scam Of The Week: See Jeffrey Epstein Last Words On Video

This weekend, news broke that Jeffrey Epstein was found dead in his cell, apparently a suicide. This is a celebrity death that the bad  guys are going to be exploiting in a variety of ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews