Security Awareness Training Blog

Security Awareness Training Blog

Read the latest news about security awareness training, best practices, why you need it, and what happens when you don't have it in place.

From Tetris to Minecraft: The Evolution of Security Awareness into Human Risk Management

Once upon a time, security awareness training resembled a never-ending game of Tetris. Threats cascaded down, demanding swift action and strategy, only to speed up until we inevitably ...
Continue Reading

Your KnowBe4 Fresh Content Updates from September 2024

Check out the 40 new pieces of training content added in September, alongside the always fresh content update highlights, events and new features.
Continue Reading

Election-Themed Scams Are on the Rise

Researchers at Malwarebytes warn of a surge in election-themed scams ahead of November’s presidential election in the US. These attacks can be expected to increase as the election grows ...
Continue Reading

Use of Malicious Links Surges by 133% in Q1, Setting the Tone for the First Half of 2024

Threat actors are opting for malicious links over attachments in email-based attacks because it gives them a critical advantage that many solutions can’t address.
Continue Reading

Threat Actors Increasingly Exploit Deepfakes for Social Engineering

The availability of deepfake technology has given threat actors a valuable tool for social engineering attacks, according to researchers at BlackBerry.
Continue Reading

[Security Masterminds Podcast] The Human Side of Cybersecurity: Bridging the Gap with Empathy and Strategy

In cybersecurity, technology often takes center stage. From the latest AI-driven defenses to sophisticated encryption techniques, it's easy to overlook the most crucial element: the human ...
Continue Reading

Organizations in the Middle East Targeted By Malware Impersonating Palo Alto GlobalProtect VPN

A social engineering campaign is targeting entities in the Middle East using malware that impersonates Palo Alto Networks’ GlobalProtect VPN, according to researchers at Trend Micro.
Continue Reading

Your KnowBe4 Compliance Plus Fresh Content Updates from August 2024

Check out the August updates in Compliance Plus so you can stay on top of featured compliance training content.
Continue Reading

Scammers Use Fake Funeral LiveStream Social Media Posts to Extort Victims

In a troubling new low, cybercriminals are targeting individuals grieving the loss of a loved one by charging their credit cards with excessive fees through a heartless scam. According to ...
Continue Reading

Your KnowBe4 Fresh Content Updates from August 2024

Check out the 29 new pieces of training content added in August, alongside the always fresh content update highlights, events and new features.
Continue Reading

More Carrots and Fewer Sticks

This blog was co-written by Perry Carpenter and Roger A. Grimes. As I sit in the 2024 Seattle Convene conference this week and listen to speaker after speaker talk about their successful ...
Continue Reading

Business Email Compromise Scams Rise 20%, Making up Nearly Half of all Spam Emails

New research on email threats points to AI-based tools to assist in generating BEC content. And the overwhelming targeted role may or may not surprise you.
Continue Reading

The Number of Email-Based Cyber Attacks Detected Surge 239% in 1H 2024

New data shows the most prevalent and obvious path into an organization – email – continues to be exploited by a growing number of cybercriminals.
Continue Reading

Malvertising Campaign Impersonates Dozens of Google Products

A malvertising campaign is abusing Google ads to impersonate Google’s entire product line, according to researchers at Malwarebytes. The malicious ads are designed to lure victims into a ...
Continue Reading

Phishing Scammers Leverage Microsoft Dynamics 365 to Target US Government Contractors

Analysis of a phishing campaign targeting thousands of government contractors, dubbed “Operation Uncle Sam,” takes advantage of some sophisticated steps to avoid detection.
Continue Reading

Ransomware Group Known as ‘Royal’ Rebrands as BlackSuit and Is Leveraging New Attack Methods

The ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI.
Continue Reading

Is Disabling Clickable URL Links Enough?

Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee ...
Continue Reading

Ransomware Payments Decline While Data Exfiltration Payments Are On The Rise

The latest data from Coveware shows a slowing of attack efficacy, a decrease in ransom payments being made, and a shift in initial access tactics.
Continue Reading

Summer Lovin' or Summer Scammin'?

Summer. The season of sun, sand, and romance scams. As the weather heats up, so does the activity of romance scammers, who prey on the vulnerabilities of those seeking love and ...
Continue Reading

62% of Phishing Emails Bypassed DMARC Checks in 1H of 2024

A report from Darktrace has found that 62% of phishing emails in the first half of 2024 were able to bypass DMARC verification checks in order to reach users’ inboxes.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews