Security Awareness Training Blog

Security Awareness Training Blog

Read the latest news about security awareness training, best practices, why you need it, and what happens when you don't have it in place.

[Policy Template] Should Failing Phishing Tests Be A Fireable Offense?

Firing employees for failing phishing tests can be extremely counterproductive and can damage an organization’s overall security posture. That, at any rate, is what two security experts ...
Continue Reading

"Delete" Notification as Office 365 Phishbait

Attackers are posing as Office 365 support in phishing emails that warn users about an “unusual volume of file deletion” on their accounts, BleepingComputer has found. The emails claim ...
Continue Reading

A Case of Password Spraying

Citrix last month confirmed the FBI’s suspicions that hackers had used a technique known as “password spraying” to compromise the company’s networks before stealing a massive amount of ...
Continue Reading

Impersonation Phishing Attacks Up 67% in Last 12 Months

Social engineering attacks using impersonation tactics increased by 67% over the past twelve months, according to Mimecast’s annual State of Email Security report. Mimecast surveyed more ...
Continue Reading

Why KnowBe4 Is The Only True Global Security Awareness Training Vendor

Security awareness, by its very nature, relies on communication. And that communication, in turn, relies on clarity so that it can be fully understood and applied by the learner. To be ...
Continue Reading

Red Flags Warn of Social Engineering

The easiest way to avoid falling for scams and other social engineering attacks is to have an understanding of the tactics employed by attackers, according to Roger A. Grimes, writing in ...
Continue Reading

Phishing Canadian Targets

We have recently blogged about KrebsOnSecurity's story on compromised Canadian business email addresses. Here is some updated background on threats to Canadian organizations.
Continue Reading

A Single Tweet Saw One Woman's Bank Account Entirely Wiped Out

Dean Dunham at The Mirror in the UK reported: "Social media is often disgruntled customers first port of call when they want to make a complaint about goods or services these days, but ...
Continue Reading

“Monster” Data Breaches Result in an Average Cost of $347 Million

Data breaches in the hundreds of millions of records have made the news over the last two years. The latest report from Bitglass covers the results and repercussions of the breaches.
Continue Reading

Over 10 Million People Hit In Single Australian Data Breach

The Office of the Australian Information Commissioner's (OAIC) quarterly data breach report also revealed private health was again the country's most affected sector.
Continue Reading

UK Says It Warned 16 Nato Allies Of Russian Hacking Activities

The UK has shared information on Russian hacking attacks with 16 NATO allies over the last 18 months, a British government official said today. "I can disclose that in the last 18 months, ...
Continue Reading

72 Percent Of Cyber Security Professionals Have Considered Quitting Over Lack Of Resources

Ian Barker at Betanews commented on something astounding.
Continue Reading

[Heads-up] Scary Phishing Attack Uses Legal Threats From Law Firm

Brian Krebs just posted the following alert: "Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the ...
Continue Reading

Employees Don’t Take USB Security Seriously, Putting Organizations at Risk

USB devices continue to be a necessity for employees, an entry point for attackers, and an insecure medium to connect the two, spelling trouble for organizations.
Continue Reading

U.S. Department of Homeland Security Issues List of Office 365 Security Vulnerabilities and Best Practices

The latest Analysis Report covers both areas of concern around Office 365 configurations that impact security, and offers up some simple recommendations to shore up vulnerabilities.
Continue Reading

KnowBe4 Acquires CLTRe; Shines Spotlight on Security Culture Measurement

I'm happy to announce our acquisition of CLTRe, which we feel demonstrates the importance of managing the human risk. We’re excited to welcome Kai and the CLTRe team to the KnowBe4 family ...
Continue Reading

[LIVE WEBINAR] Empowering Your Human Firewall: The Art & Science of Secure Behavior

You know that "security awareness" is key to a comprehensive security strategy. But just because someone is aware doesn't mean they care. So how can you design programs that work with, ...
Continue Reading

“Hack for Hire” Groups Offer Single Account Break-In Services For Just $750

  Along with everything else malicious that’s available “as-a-Service”, the latest addition takes the burden of trying to initially hack an organization off of the plate of would-be ...
Continue Reading

Global GozNym Takedown Shows The Anatomy Of A Modern Cybercrime Supply Chain

By Javvad Malik, our new Security Awareness Advocate for EMEA. A multi-national collaborative law enforcement effort has arrested individuals allegedly behind Nymaim and Gozi, also known ...
Continue Reading

Account Takeover Attacks Increase as Cybercriminals Fine-Tune Their Brand Impersonation, Social Engineering, and Phishing Skills

The latest Spear Phishing Report from Barracuda highlights how cybercriminals are systematically improving their game… and are becoming more successful for it. The capturing of user ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews