Back-to-School: a Buzzkill in More Ways than One

Jul 9, 2020 9:01:39 AM By Stu Sjouwerman

40% of the top twenty universities in the US aren’t using DMARC to mitigate phishing attacks that impersonate the universities’ domains, according to researchers at Tessian. Additionally, ...

[On-Demand Webinar] Hackers Exposed: Kevin Mitnick Shares His Tradecraft and Tools to Help You Hack Proof Your Network

Jul 9, 2020 8:27:47 AM By Stu Sjouwerman

Months of quarantine, transitioning to work from home, economic uncertainty, social and political turmoil… it’s easy to see why your employees are amped up, tense and distracted. And the ...

More Than 15 Billion Credentials Are For Sale in Criminal Markets

Jul 8, 2020 3:50:09 PM By Stu Sjouwerman

Researchers at Digital Shadows warn that there are more than 15 billion leaked login credentials for sale in online criminal marketplaces. This number is up 300% since 2018, and the ...

Gartner: You Should Focus On These 7 Specific COVID-19 IT Security Areas

Jul 8, 2020 10:59:44 AM By Stu Sjouwerman

Gartner observed: "Rapid responses to the coronavirus pandemic leave organizations vulnerable to security breaches. Security and risk teams must remain vigilant and focus on strategic ...

Microsoft Seizes Six Domains Used in Sophisticated Phishing Scheme

Jul 8, 2020 8:24:34 AM By Stu Sjouwerman

Microsoft announced that the US District Court for the Eastern District of Virginia has ruled that the company can seize six domains that were being used in a widespread phishing ...

[Heads Up] The First-Ever Russian BEC Gang, Cosmic Lynx, Was Uncovered. They Spear Phish Multinational & Fortune 500 Senior Executives

Jul 7, 2020 10:13:48 AM By Stu Sjouwerman

“This is a historic shift to the global email threat landscape and portends new and sophisticated social engineering attacks that CISOs around the world must brace for now,” according to ...

FakeSpy Android Malware Distributed via Smishing

Jul 7, 2020 8:29:13 AM By Stu Sjouwerman

Researchers at Cybereason are tracking a sophisticated malware campaign targeting Android devices around the world. The campaign involves a new version of the FakeSpy information-stealing ...

New Calendar Invitations as Phishbait Attack Wave

Jul 6, 2020 3:19:48 PM By Stu Sjouwerman

BleepingComputer warns that cybercriminals are using calendar invites to send phishing links to Wells Fargo customers. Researchers at Abnormal Security discovered this phishing campaign ...

New Phishing Attack Targets 200M+ Microsoft 365 Accounts Via Malicious Excel .SLK Files to Bypass Security

Jul 6, 2020 3:10:03 PM By Stu Sjouwerman

Using an old (but supported) Excel filetype, attackers can bypass both Exchange Online Protection and Advanced Threat Protection to run malicious macros.

More Companies Start Reporting Their Ransomware Infections As The Expensive Data Breaches They Are

Jul 6, 2020 11:57:00 AM By Stu Sjouwerman

Larry Abrams at Bleepingcomputer correctly observed: "Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and ...

Microsoft 365 Phishing Attacks Masterfully Use Brand Name Sites to Establish Legitimacy

Jul 2, 2020 10:13:11 PM By Stu Sjouwerman

New voicemail phishing scam uses legitimate branded domains from companies like Samsung and Adobe to facilitate redirects to compromised websites intent on stealing credentials.

June Content Update: Including New Roger Grimes Video Series on Data-Driven Defense

Jul 2, 2020 3:41:59 PM By Stu Sjouwerman

Here are a few important content updates to share with you for the month of June.

Looking for Binge-Worthy Viewing Options This Summer?

Jul 2, 2020 1:03:12 PM By Stu Sjouwerman

Looking for some binge-worthy watching this summer? We've got just what you're looking for! Check out this innovative new security awareness video series called ‘The Inside Man’.

Elections In Russia Mean 16 More Years Of Job Security For InfoSec Pros

Jul 2, 2020 8:44:56 AM By Stu Sjouwerman

Russian voters have overwhelmingly backed a ploy by President Vladimir Putin to rule until 2036 in a referendum.

A "Secure DNS" Scam: an Upgrade that's a Downgrade

Jul 1, 2020 8:27:47 AM By Stu Sjouwerman

A phishing campaign is targeting website owners with convincing, personalized emails that purport to come from WordPress, Naked Security reports. The emails claim that WordPress is ...

COVID-19 Related Phishing Scams Target Passport Details

Jun 30, 2020 10:58:28 AM By Stu Sjouwerman

The Coronavirus phishing scams have only gotten more aggressive and targeted now than ever before, InfoSecurity Magazine reports. Now researchers at Griffin Law are tracking self-employed ...

Australia Spending Nearly $1 Billion on Cyberdefense as China Tensions Rise

Jun 30, 2020 10:09:06 AM By Stu Sjouwerman

The NY Times reported some surprising numbers: "Officials promised to recruit at least 500 cyberspies and build on the country’s offensive capabilities to take the online battle overseas. ...

Phishing in Irish Streams

Jun 30, 2020 8:24:18 AM By Stu Sjouwerman

Netflix is warning users in Ireland to be on the lookout for another phishing campaign that’s impersonating the streaming service, Extra.ie reports. The emails inform recipients that ...

60% of Organizations are Hit by Cyberattacks Spread by Their Own Employees

Jun 29, 2020 8:37:16 AM By Stu Sjouwerman

The unwitting participant appears to be alive and well, based on new data from security vendor Mimecast. With employees being the source of attack surface expansion, what’s an org to do?

New Sextortion Method Uses Social Engineering and Doxing To Identify and Target Victims

Jun 29, 2020 8:33:43 AM By Stu Sjouwerman

According to the SANS Internet Storm Center, cybercriminals are engaging their victims online, using social engineering tactics to collect needed details to extort money.

Security Awareness Training Blog