Netflix Phishing Attack Hides Behind a Functional CAPTCHA Page to Avoid Detection

Aug 5, 2020 8:21:36 AM By Stu Sjouwerman

In an interesting twist, cybercriminals utilize a well-known technology to keep security solutions from identifying a “failed payment” email as being fraudulent.

Is it a Quiz Scam? Is it Bad? Is it Back With a Vengeance?

Aug 4, 2020 8:34:36 AM By Stu Sjouwerman

The answer to all three questions would seem to be, "yes." Quiz scams have become widespread over the past year, but they’ve gone largely unremarked, researchers at Akamai have found. ...

July Fresh Content Updates from KnowBe4: Including New Recommended Training Suggestions in the ModStore

Aug 4, 2020 8:00:00 AM By Stu Sjouwerman

Here are a few important fresh content and feature updates to share with you for the month of July.

[MOST WANTED] Criminal Hacker Of The Week: Maksim Viktorovich Yakubets

Jul 31, 2020 2:54:45 PM By Stu Sjouwerman

The FBI said: The United States Department of State’s Transnational Organized Crime Rewards Program is offering a reward of up to $5 million for information leading to the arrest and/or ...

Introduction To KnowBe4's Services

Jul 31, 2020 2:30:01 PM By Stu Sjouwerman

KnowBe4 helps organizations to educate and train their employees against social engineering attacks, and carry out other required compliance training. KnowBe4 offers over 1,000 different ...

The Recent Massive Twitter Social Engineering Hack Was Tried And True Pretexting

Jul 31, 2020 11:50:57 AM By Stu Sjouwerman

The verge reported: "Twitter provided an update about the unprecedented July 15th attack that allowed hackers to tweet from some of the most high-profile accounts on the service, in a ...

Wake-up Call: New Study from PWC Exposes Terrifying End-User Security Practices that will Keep Your CISO Up at Night

Jul 31, 2020 7:32:56 AM By Perry Carpenter

I just finished reading PwC’s latest Workforce Pulse Study – and you should be scared. This study of more than 1,100 American workers provides an in-depth look at the ...

[HEADS UP] North Korean Cybercriminals Use Fake Recruitment Emails in Phishing Scam

Jul 31, 2020 7:00:00 AM By Stu Sjouwerman

North Korean hackers have been following that bit of social engineering wisdom to a T. According to researching from McAfee, a months long phishing campaign against aerospace and defense ...

[HEADS UP] Coronavirus Scams in the U.K. You Should be Wary Of

Jul 29, 2020 1:06:20 PM By Stu Sjouwerman

According to a recent report from BBC News, the bad guys are using the coronavirus pandemic to use social engineering to trick people out of their cash.

1 in 3 Employees Rarely or Never Think About Cybersecurity

Jul 29, 2020 11:36:24 AM By Stu Sjouwerman

Eye-opening data around the impact of human error demonstrates how simple user mistakes can compromise your organization’s cybersecurity posture.

Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource

Jul 29, 2020 11:34:04 AM By Stu Sjouwerman

A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code.

New CONTI Ransomware Family Touts Faster Encryption, Better Obfuscation, More Control

Jul 29, 2020 11:29:52 AM By Stu Sjouwerman

Just when you thought ransomware couldn’t sport something new, the latest family discovered by VMware’s Threat Analysis Unit shows significant advances in capabilities and execution.

Social Engineering from an Actuarial Point of View

Jul 29, 2020 8:32:40 AM By Stu Sjouwerman

Employees need to maintain their security habits while working from home, emphasizes Scott Godes, a partner at Barnes & Thornburg. On the CyberWire’s Caveat podcast, Godes explained ...

REvil Criminal Ransomware Syndicate Attacks Spanish State-Owned Railway Operator Again!

Jul 28, 2020 3:43:13 PM By Stu Sjouwerman

As world-wide concern continues to grow over the threat of potential attacks on critical infrastructure, REvil goes after and bites a Railway Operator once again! The Daly Swig reports ...

NEW 2020 Security Culture Survey Now Available

Jul 28, 2020 11:15:00 AM By Stu Sjouwerman

Now live in the ModStore is the latest version of our assessment for evaluating your information security culture, the 2020 Security Culture Survey.

Vanity, Thy URL is Zoom

Jul 28, 2020 8:23:32 AM By Stu Sjouwerman

Zoom has fixed a security flaw that could have allowed attackers to launch hard-to-spot phishing attacks using the platform, according to researchers at Check Point who discovered and ...

Are Account Takeovers Driving Towards a Passwordless Future?

Jul 27, 2020 10:00:39 AM By Javvad Malik

The bad guys will try to take over accounts all the time. Logging onto someone's account with their credentials is usually a whole lot easier than trying to compromise the website ...

Voicemail-Themed Phishing Attacks on the Rise

Jul 27, 2020 8:21:37 AM By Stu Sjouwerman

Researchers at Zscaler warn of an increase in voicemail-themed phishing campaigns designed to steal credentials for enterprise applications. The emails purport to be automatically ...

[Heads up] CISA And NSA Urge “Immediate Action” To Secure National Critical Infrastructure

Jul 25, 2020 11:05:53 AM By Stu Sjouwerman

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued a joint advisory warning that foreign hackers are targeting systems that ...

BEC is the Largest Cyber Threat to UK Sports Entities

Jul 24, 2020 8:55:13 AM By Stu Sjouwerman

The UK’s National Cyber Security Centre (NCSC) released a new report revealing that sports organizations are more than twice as likely to suffer a cyberattack than organizations in other ...

Security Awareness Training Blog