Security Awareness Training Blog

Security Awareness Training Blog

Read the latest news about security awareness training, best practices, why you need it, and what happens when you don't have it in place.

Leaving Windows 7 in Production Puts You at High Risk of Ransomware Attack

Microsoft end-of-support for Windows 7 means systems will remain unpatched, creating an opportunity for future ransomware attacks to wreak havoc.
Continue Reading

Business Disruption is the Prominent Result for All Cyberattacks

New data from security vendor CrowdStrike shows that the bad guys are getting better at avoiding detection and are having a substantial financial impact on operations.
Continue Reading

Defending Against Ransomware is a Team Effort

Ransomware operators have grown very skilled in targeting exactly what will compel an organization to pay up, according to Andrew Brandt, principal researcher at Sophos. On the ...
Continue Reading

Nemty Ransomware Creators Plan to Post Stolen Data of Non-Payors to Blog

In a twist to the newest ransomware tactic where data is stolen and then encrypted, the folks behind Nemty are going to use a blog to publish victims data if they don’t pay.
Continue Reading

Kiwi Drivers Phished with Bogus License Renewals

The New Zealand Transport Agency (NZTA) has warned of an ongoing email phishing campaign using fake vehicle license renewal reminders, 1 News reports. The emails appear legitimate and ...
Continue Reading

TrickBot Hackers Have Created the Ultimate “On the Fly” Update Backdoor

The newly-created “PowerTrick” backdoor leaves malware ready to accept new commands and victim organizations perpetually in danger of the next thing the malware’s creators can think of.
Continue Reading

You Should Be Scared of the Latest Strains of Phobos Ransomware

In an unusual twist, it’s not actually the ransomware itself that makes the newer forms of Phobos so frightening; it’s the people behind the attacks that will have you worried.
Continue Reading

Happy Hotel With a Sad Ending

Tokyo, Japan-based Almex which operates the Japanese Happy Hotels announced it has been hacked and that customer data including email address, birth date, gender, phone number, log in, ...
Continue Reading

Nobel Laureates Get Scammed, Too

Nobel Prize-winning economist and New York Times Opinion columnist Paul Krugman appears to have been taken in by a phishing scam, Business Insider reports. In a tweet that’s since been ...
Continue Reading

Hackers Target the Special Olympics of New York and Use them to Launch Phishing Attacks

This latest attack demonstrates how cybercriminals can leverage one organization as merely a part of a larger phishing campaign to scam countless individuals out of credentials or money.
Continue Reading

Fast Work By Cops Recovers $710,000 After CEO Fraud Attack Hits Long Island County Government

Finally some good news. Newsday reports that in record time, Nassau County, New York, recovered $710,000 that was transferred to scammers who were impersonating an existing county vendor.
Continue Reading

Auto Dealership Becomes Latest Victim of Ransomware Attack Costing Up to $500,000

The opening of a seemingly benign email from a coworker by an unsuspecting employee set in motion an attack that brought operations to a halt and resulted in some costly remediation. The ...
Continue Reading

Microsoft Sues Hacker Group for Data Theft of Highly Sensitive Information

A new recently unsealed lawsuit against a North Korean hacker group shows how even the largest companies can be successfully attacked by phishing.
Continue Reading

An Overview of Phishing from the Accounting Sector

Employee training is an essential long-term defense against phishing attacks, according to David Barton and Kimberly Anderson at UHY Advisors. In an article for Accounting Today, Barton ...
Continue Reading

[Scam Of The Week] Don't Fall For This Tricky: “Start your 2020 with a gift from us”

Paul Ducklin at Naked Security warned us about a scam that just surfaced and promises a gift by courier from overseas where the other person hasn’t told you what they’re sending – the ...
Continue Reading

Cybercriminal Offers a “How To” Guide for Robbing Banks; Uses Cayman National Bank as the Example

This latest document from notorious hacker Phineas Phisher, along with a leaked report from PwC, shows how easy it is for a bank to be hacked and defrauded.
Continue Reading

The Top 5 Eyeopener Strategies To Improve Your IT Defenses And Keep Bad Guys Out Of Your Network

Last year, in 2019 according to CVEdetails, there were 12,174 new, publicly announced vulnerabilities. If that sounds like a high number, it’s a lot less than the previous two years. We ...
Continue Reading

New Office 365 Phishing Attack Targets OAuth Apps Instead of Credentials

Trying to steal your username and password is so “yesterday.” The 2020 Hacker is now leveraging Office 365 OAuth APIs to gain control over user mailboxes with phishing tactics.
Continue Reading

The Better the Phishing Protection Gets, the More Sophisticated Phishing Attacks Are Getting

Microsoft’s review of how phishing has evolved over the last year highlights some of the great lengths attackers will go to in order to avoid being detected as a phishing campaign.
Continue Reading

Scammer Who Tricked Facebook and Google Out of $120 Million Gets 5 Years in Jail

The Lithuanian hacker who ran the most notorious, simplest, and most lucrative email-based social engineering fraud scam has been brought to justice and will be serving time and paying ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews