New Ursnif Malware Attacks Use Phishing, Social Engineering and Microsoft Word

Sep 5, 2019 11:49:28 AM By Stu Sjouwerman

The decade-old malware traditionally used to capture banking details has been given new life and spotted in the wild, being distributed via malicious Word documents.

Phishing for Cloud Providers A New Supply Chain Threat

Sep 5, 2019 7:29:23 AM By Stu Sjouwerman

Attackers are going after cloud-based customer relationship management (CRM) providers in order to launch unusually convincing phishing campaigns, KrebsOnSecurity reports.

Watch Out For Hurricane Dorian Phishing Scams. We have Templates Ready For You.

Sep 4, 2019 11:53:31 AM By Stu Sjouwerman

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain vigilant for malicious cyber activity targeting Hurricane Dorian disaster victims and potential ...

Multistage Phishing Attacks Target Financial Information

Sep 4, 2019 7:12:21 AM By Stu Sjouwerman

Trend Micro researchers have published details about a sophisticated phishing campaign they’ve named “Heatstroke.” The attackers behind Heatstroke go after victims’ private email ...

Double the Phish, Double the Phun

Sep 3, 2019 7:00:00 AM By Stu Sjouwerman

By Eric Howes, KnowBe4 Principal Lab Researcher. Over the past week we spotted something new and interesting in the malicious emails being reported to us by customers using the Phish ...

Alert Your Users About Calendar Scams And What To Do About Them

Sep 3, 2019 6:47:50 AM By Stu Sjouwerman

We’ve noted this particular scam before, but it’s continued to make a pest of itself, and so we bring it to your attention again. Scammers are abusing Google Calendar invites to send out ...

Phishing Scheme Gains Entry To Oregon Judicial Department Emails

Aug 30, 2019 2:55:14 PM By Stu Sjouwerman

Aubrey Wieber at the DemocratHerald reported: "A phishing scheme succeeded in breaking into the email accounts of five Oregon Judicial Department employees, exposing personal information ...

New Course Available - California Consumer Privacy Act (CCPA)

Aug 30, 2019 2:26:25 PM By Stu Sjouwerman

Last year California passed a new law, similar to GDPR, called the California Consumer Privacy Act (CCPA) of 2018. This law is to be implemented on January 1, 2020. Any company doing ...

Financial Phishing Campaigns on the Rise

Aug 29, 2019 7:01:35 AM By Stu Sjouwerman

More than 1900 new potential bank phishing sites were registered in the first half of 2019, according to researchers at NormShield. Based on the increase in new suspicious domains ...

MegaCortex Ransomware goes Fully Automated, Putting Enterprises at Risk of Ransoms in the Millions

Aug 28, 2019 3:21:57 PM By Stu Sjouwerman

A new version of MegaCortex has been spotted, upgrading it from a manual, targeted form of ransomware, to one that can be spread and do damage enterprise-wide.

Microsoft, PayPal, and Facebook are the Top Three Impersonated Brands

Aug 28, 2019 6:50:57 AM By Stu Sjouwerman

Back in June, we discussed Vade Secure’s “Phisher’s Favorite” report for Q1 2019, which found that Microsoft had been the most impersonated brand used in phishing attacks for four ...

SANS: Security Awareness Training is On the Rise

Aug 26, 2019 8:08:26 AM By Stu Sjouwerman

Providing users with Security Awareness Training is a critical part of a security strategy. According to the latest data from SANS, more organizations are using awareness training in 2019.

Even ‘Unsubscribe’ Emails Can Put the Organization at Risk

Aug 26, 2019 8:05:24 AM By Stu Sjouwerman

Social Engineering tactics seek to use any means that’s familiar to the intended victim – and unsubscribing is perceived as being so benign, it may just be the perfect way to fool your ...

U.S. Utilities Face Phishing Attacks Intent on Gaining Remote Access

Aug 26, 2019 8:03:04 AM By Stu Sjouwerman

Last month saw a number of utility sector businesses targeted with spear phishing attacks that utilize a new remote access Trojan (RAT) that provides attackers with admin access.

Georgia Gov. Kemp Orders Cybersecurity Training For State Employees After Crippling Attacks

Aug 24, 2019 8:19:42 AM By Stu Sjouwerman

StateScoop reports: "Citing several recent ransomware attacks at the state and local levels, Georgia Gov. Brian Kemp this week issued an executive order instructing state employees to ...

A State-of-the-Art Spoof (or, Why Turning Your Users Into Grammar Nazis Won't Keep the Bad Guys Out)

Aug 24, 2019 6:59:38 AM By Stu Sjouwerman

By Eric Howes, KnowBe4 Principal Lab Researcher. Malicious actors are becoming very skilled at exploiting popular online services that enjoy the familiarity and trust of millions of ...

Lateral Phishing Affects One in Seven Organizations

Aug 22, 2019 6:58:11 AM By Stu Sjouwerman

A survey by Barracuda found that one in seven organizations experienced lateral phishing attacks over the course of seven months, and that 42% of these attacks were not reported by ...

Social Engineering Used To Establish Shady Bulletproof Hosting

Aug 22, 2019 6:49:31 AM By Stu Sjouwerman

Brian Krebs has reported that a dubious Internet provider, “Resnet,” was renting out tens of thousands of residential IP addresses to be used as proxies by fraudsters and spammers. ...

Ransomware Hits Fortnite Players

Aug 21, 2019 4:21:42 PM By Stu Sjouwerman

DarkReading reports: "Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom." Similar to phishing attacks on ...

Is The Ransomware Debate Over? To Pay Or Not To Pay, The Conference Of Mayors Made Up Their Mind

Aug 21, 2019 6:59:56 AM By Stu Sjouwerman

The long-standing argument over whether or not to pay may have come to an end, with a resolution from the U.S. Conference of Mayors calling on cities to not pay up.

Security Awareness Training Blog