Security Awareness Training Blog

Security Awareness Training Blog

Read the latest news about security awareness training, best practices, why you need it, and what happens when you don't have it in place.

Six Security Questions You Should Keep in Mind for Third Parties

Organizations are beginning to understand the consequences of a data breach or a phishing attack and the negative impact they can really have. But what are the security risks for third ...
Continue Reading

Charities Need to Watch Out for Scammers

The UK’s National Council for Voluntary Organisations (NCVO) has warned charities to be wary of scammers, Charity Digital News reports. The NCVO’s Road Ahead 2020 report outlines trends ...
Continue Reading

Not the Antiques Roadshow

Scammers conned a Dutch museum into sending them £2.4 million (about $3.1 million) by posing as a real London-based art dealer who planned to sell the museum a John Constable painting, ...
Continue Reading

Law Firms Are the Latest Victims of Maze’s Ransomware and Extortion Attacks

With five law firms hit within just the last week, the Maze ransomware is making itself known and should be a warning to any and all legal firms that preventing an attack is paramount.
Continue Reading

Unusual New Botnet-driven Phishing Attack With Tricky Downloaders

A large phishing campaign is distributing malicious Excel documents and utilizing irritating pop-ups to trick users into enabling macros, researchers at Lastline have found. The campaign ...
Continue Reading

Your Cyber Insurance Policy Just Became Outdated

Just when we think we have a handle on our cyber insurance, the ransomware attackers have come and stirred things up again. I’m talking about the new trend in ransomware that you may not ...
Continue Reading

Intelligence Services Get Phishing Licenses

New York Times journalist Ben Hubbard was targeted by a spear phishing attack designed to deliver NSO Group’s Pegasus spyware, researchers at the University of Toronto’s Citizen Lab have ...
Continue Reading

[Heads-up] We Give Notice About The New Criminal Age 'Ransomware 2.0': Extremely Damaging, Dangerous And Plain Evil

Take a look at that screen. Let it sink in a moment. Imagine if it were your company.
Continue Reading

[Heads-up] Scam Of The Week: Coronavirus Phishing Attacks In The Wild

Yup, you can count on it, when there is a worldwide health scare, the bad guys are on it like flies on $#!+. We are seeing a new malicious phishing campaign that is based on the fear of ...
Continue Reading

Are You Expecting a Special Invitation?

According to MailGuard, a few days ago an email from our Prime Minister Scott Morrison started to do the rounds.
Continue Reading

[Heads-up] It's OK To Just Say No To Phone Scams

Earlier this week a credit union located in the Midwest United States alerted its members via email to a pair of phone-and-text-based scams designed to trick unwitting users into coughing ...
Continue Reading

9-Month Compromise of Wawa Results in Data Breach of More Than 30 Million Credit Cards

The breach, discovered in December of last year, is suspected to have led to the theft of and subsequent and sale of one of the largest takes of customer credit card data on the dark web.
Continue Reading

Phishing Attacks Target Telecom Companies and their Tools to Facilitate SIM Swapping Attacks

Hackers are phishing telecom workers and “authorized retailers” to steal credentials and gain access to internal company tools. The end game is to modify SIM settings to help with a ...
Continue Reading

It's the Access, Not the Technology

Exercising a suitable level of operational security is the key to protecting yourself from the consequences of sophisticated cyber attacks, according to Lionel Laurent at Bloomberg. ...
Continue Reading

Phishing Telcos for SIM-Swapping

Motherboard reports that SIM swappers are launching phishing attacks against employees at Verizon, T-Mobile, and Sprint in order to hijack customer service tools. Once they have access to ...
Continue Reading

‘Ryuk Stealer’ Searches for and Steals Confidential Files from Government, Military, and Law Enforcement

The newest strain of Ryuk ransomware has added new keywords and filetypes to expand its ability to find files with content that can be turned into money through sale, extortion, or ransom.
Continue Reading

Latest Ryuk Ransomware Attacks on Oil and Gas Companies Includes Compromising Active Directory

Ransomware has definitely grown up from its infant stages where it simply infected one computer. From spreading through lateral movement, to the use of a victim's email to spread the ...
Continue Reading

A Look Inside the Phishing Tackle Shop

The sophisticated 16Shop phishing kit can now target PayPal and American Express users, according to researchers from ZeroFOX. The researchers came across a new version of 16Shop that ...
Continue Reading

Is There Still Hope for Privacy?

January 28 is Data Privacy Day. In honor of that, I’d like to share some random thoughts on privacy that I put together for a recent webcast with StaySafeOnline.org. And when I say, ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews