Australia Spending Nearly $1 Billion on Cyberdefense as China Tensions Rise

Jun 30, 2020 10:09:06 AM By Stu Sjouwerman

The NY Times reported some surprising numbers: "Officials promised to recruit at least 500 cyberspies and build on the country’s offensive capabilities to take the online battle overseas. ...

Phishing in Irish Streams

Jun 30, 2020 8:24:18 AM By Stu Sjouwerman

Netflix is warning users in Ireland to be on the lookout for another phishing campaign that’s impersonating the streaming service, Extra.ie reports. The emails inform recipients that ...

60% of Organizations are Hit by Cyberattacks Spread by Their Own Employees

Jun 29, 2020 8:37:16 AM By Stu Sjouwerman

The unwitting participant appears to be alive and well, based on new data from security vendor Mimecast. With employees being the source of attack surface expansion, what’s an org to do?

New Sextortion Method Uses Social Engineering and Doxing To Identify and Target Victims

Jun 29, 2020 8:33:43 AM By Stu Sjouwerman

According to the SANS Internet Storm Center, cybercriminals are engaging their victims online, using social engineering tactics to collect needed details to extort money.

New Dropbox-Based Pandemic Relief Payment Scam Targets U.K. Microsoft 365 Users, Bypassing Email Security

Jun 29, 2020 8:30:45 AM By Stu Sjouwerman

Using a Dropbox Transfer page, this new scam presses all the urgency buttons while eluding detection as being malicious in an effort to steal the victim’s online credentials.

Hit Them When They're Down: Two Cyberattacks Leave Operations Halted with a Ransom to Pay

Jun 29, 2020 8:26:48 AM By Stu Sjouwerman

A recent cyberattack on Australian beverage manufacturer Lion demonstrates how even a modicum of precaution after an attack can spell doom for operations.

One Letter Away: Impersonation, Bitcoin, and Phishing Expeditions

Jun 29, 2020 8:21:19 AM By Stu Sjouwerman

KrebsOnSecurity reports that a phishing website has been impersonating the private messaging service Privnote.com in order to steal Bitcoin. The real Privnote is a free site that allows ...

Phishing Attacks Significantly Increase in Singapore During COVID-19 Pandemic

Jun 26, 2020 8:55:57 AM By Stu Sjouwerman

The number of phishing attacks in Singapore to give up personal information has almost tripled in the last year and doubled during the COVID-19 pandemic, according to the Cybersecurity ...

Work From Home in America Sets Major Target for Russian Hackers

Jun 26, 2020 8:55:36 AM By Stu Sjouwerman

A Russian ransomware group named "Evil Corp" who was indicted by the Justice Department in December is now targeting employees working from home during the COVID-19 pandemic and ...

New Training Modules Added on Data-Driven Defense

Jun 25, 2020 8:27:44 AM By Stu Sjouwerman

We have exciting news to share! Two new modules have been released about data-driven defense, both featuring Data-Driven Evangelist Roger Grimes.

Survey Says...You've Been Pwned

Jun 25, 2020 8:25:36 AM By Stu Sjouwerman

Surveys are enticing, and so are survey scams. But they’re easy to recognize if you know what to look for, according to Paul Ducklin at Naked Security. Ducklin describes a typical survey ...

‘New VPN Configuration’ Email Tricks Microsoft 365 Users Out of Credentials

Jun 24, 2020 4:17:48 PM By Stu Sjouwerman

Scammers are taking advantage of the prominent use of VPNs by remote workforces to send out this very topically relevant phishing email that just wants to steal your credentials.

20% of Organizations Provided No Cybersecurity Guidance to Users Making the Shift to Working from Home

Jun 24, 2020 4:13:06 PM By Stu Sjouwerman

At a time when cyber risk is at its highest levels, new data shows how little organizations have done to ensure employees are prepared for cyber attack while working from home.

Enterprises Experience Nearly Five Times as Many Mobile Phishing Attacks as Last Year

Jun 24, 2020 4:10:20 PM By Stu Sjouwerman

With every organization looking at protecting their corporate devices, the bad guys are increasingly setting their focus on one of the softest targets: the mobile device.

How To Improve Employee Engagement in Security Awareness Training

Jun 24, 2020 12:37:10 PM By Roger Grimes

One of the most common questions I get asked working for a security awareness training company is, how do I make employees more engaged with and care about the training? I get it. Who ...

Phishing and Redirection

Jun 24, 2020 8:40:11 AM By Stu Sjouwerman

Researchers at Check Point have observed a phishing campaign that, to avoid detection, abused servers belonging to Adobe, Samsung, and the University of Oxford. The attackers used several ...

[HEADS UP] Sodinokibi Ransomware Strain Learns New Trick

Jun 23, 2020 3:14:39 PM By Stu Sjouwerman

Already one of the most dangerous forms of ransomware, now Sodinokibi looks like it could also be attempting to make money from stolen payment information too.

Slack Phishing

Jun 23, 2020 8:27:33 AM By Stu Sjouwerman

People need to be able to use their instincts in order to spot new phishing techniques, according to Ashley Graves, a Cloud Security Researcher at AT&T Alien Labs. On the CyberWire’s ...

How to Combat the Fake News and Disinformation Being Used to Attack Your Organization

Jun 22, 2020 9:29:04 AM By Stu Sjouwerman

A global cold war is being fought in cyberspace, and IT pros like you are finding themselves in the trenches. With all of this going on, how can you equip your employees and protect your ...

Pyongyang's Phishing with Job Offers

Jun 22, 2020 8:27:28 AM By Stu Sjouwerman

An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, ...

Security Awareness Training Blog