Read the latest news about security awareness training, best practices, why you need it, and what happens when you don't have it in place.
According to the SANS Internet Storm Center, cybercriminals are engaging their victims online, using social engineering tactics to collect needed details to extort money.
Using a Dropbox Transfer page, this new scam presses all the urgency buttons while eluding detection as being malicious in an effort to steal the victim’s online credentials.
A recent cyberattack on Australian beverage manufacturer Lion demonstrates how even a modicum of precaution after an attack can spell doom for operations.
KrebsOnSecurity reports that a phishing website has been impersonating the private messaging service Privnote.com in order to steal Bitcoin. The real Privnote is a free site that allows ...
The number of phishing attacks in Singapore to give up personal information has almost tripled in the last year and doubled during the COVID-19 pandemic, according to the Cybersecurity ...
A Russian ransomware group named "Evil Corp" who was indicted by the Justice Department in December is now targeting employees working from home during the COVID-19 pandemic and ...
We have exciting news to share! Two new modules have been released about data-driven defense, both featuring Data-Driven Evangelist Roger Grimes.
Surveys are enticing, and so are survey scams. But they’re easy to recognize if you know what to look for, according to Paul Ducklin at Naked Security. Ducklin describes a typical survey ...
Scammers are taking advantage of the prominent use of VPNs by remote workforces to send out this very topically relevant phishing email that just wants to steal your credentials.
At a time when cyber risk is at its highest levels, new data shows how little organizations have done to ensure employees are prepared for cyber attack while working from home.
With every organization looking at protecting their corporate devices, the bad guys are increasingly setting their focus on one of the softest targets: the mobile device.
One of the most common questions I get asked working for a security awareness training company is, how do I make employees more engaged with and care about the training? I get it. Who ...
Researchers at Check Point have observed a phishing campaign that, to avoid detection, abused servers belonging to Adobe, Samsung, and the University of Oxford. The attackers used several ...
Already one of the most dangerous forms of ransomware, now Sodinokibi looks like it could also be attempting to make money from stolen payment information too.
People need to be able to use their instincts in order to spot new phishing techniques, according to Ashley Graves, a Cloud Security Researcher at AT&T Alien Labs. On the CyberWire’s ...
A global cold war is being fought in cyberspace, and IT pros like you are finding themselves in the trenches. With all of this going on, how can you equip your employees and protect your ...
An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, ...
In a step towards educating customers on why attachments and URLs are deemed “malicious”, Microsoft’s is set to augment its Advanced Threat Protection product in July.
Microsoft’s recent posts detailing a new Java attack that uses PowerShell and other legitimate tools to infect victims with ransomware sheds light on human-operated attacks.
Seeing a better opportunity to generate more “revenue” from their victims, the idea of ransomware also exfiltrating data to be used to extort the payment is gaining steam.
