Nearly All Ransomware Attacks Now Include Exfiltration of Data…But Not All Are Notified

Jul 29, 2024 8:19:31 AM By Stu Sjouwerman

Organizations are falling victim to ransomware attacks where data is stolen, but the victim isn’t being told about it. I have a theory as to why this is happening.

Roger’s Hacking Stories

Jul 29, 2024 8:17:49 AM By Roger Grimes

In this post, I'll share two fascinating hacking stories I've experienced: one involving a sophisticated scam that targeted a major U.S. Fortune 500 conglomerate, and another detailing ...

New Phishing Scam Leverages Chat To Add Credibility And Ensure Success

Jul 26, 2024 11:53:18 AM By Stu Sjouwerman

A new phishing scam is leveraging trusted aspects of ecommerce to make their scams look legitimate.

Phishing Campaigns Continue To Exploit CrowdStrike Outage

Jul 26, 2024 8:34:01 AM By Stu Sjouwerman

As expected, threat actors are taking advantage of the global IT outage caused by a faulty CrowdStrike update last Friday, SC Media reports.

Russian Super-Threat Group Fin7 Comes Back from the Dead

Jul 26, 2024 8:33:58 AM By Stu Sjouwerman

Declared “dead” by the U.S. Attorney’s Office in 2023, the Russian cyber crime group Fin7 is impersonating some of the top global brands.

Phishing Campaigns Abuse Cloud Platforms to Target Latin America

Jul 23, 2024 1:55:11 PM By Stu Sjouwerman

Several threat actors are abusing legitimate cloud services to launch phishing attacks against users in Latin America, according to Google’s latest Threat Horizons Report.

Is Your Bank Really Calling? How to Protect Yourself from Financial Impersonation Fraud

Jul 23, 2024 1:55:08 PM By Anna Collard

Protecting your financial information has never been more crucial. With the rise of sophisticated scams, it's becoming increasingly difficult to distinguish between legitimate bank ...

Crypto Data Breach Continues to Fuel Phishing Scams Years Later

Jul 23, 2024 1:55:04 PM By Stu Sjouwerman

According to security researchers at Cisco Talos, emails impersonating legitimate officers at the Cyprus Securities and Exchange Commission are being sent to prior Opteck customers that ...

Phishing Attacks Will Likely Follow Last Week’s Global IT Outage

Jul 22, 2024 2:36:16 PM By Stu Sjouwerman

Organizations should expect to see phishing attacks exploiting the global IT outage that occurred last Friday, the Business Post reports.

7 in 10 Organizations Experienced a Business Email Compromise Attack in the Last 12 Months

Jul 18, 2024 11:30:02 AM By Stu Sjouwerman

Despite ransomware getting the lion’s share of the tech pub headlines, business email compromise (BEC) attacks are alive and well… and having a material impact.

[NEW FREE TOOL]: Reveal Your Network's Hidden Weaknesses with KnowBe4's BreachSim Data Exfiltration Simulator

Jul 17, 2024 8:00:00 AM By Stu Sjouwerman

As cyber threats evolve, the target has become crystal clear: your data. A staggering 90% of ransomware attacks now include a data exfiltration component. With this in mind, KnowBe4 has ...

SEC Fines Publicly Traded Company $2.125 Million For Negligence Before, During, and After a Ransomware Attack

Jul 16, 2024 12:26:30 PM By Stu Sjouwerman

According to the filing, the organization in question failed to devise controls to adequately detect, respond to, and disclose an attack that included data exfiltration and service ...

From Reactive to Proactive: Cyber Insurance is Driving Optimal Security Investments for Organizations

Jul 15, 2024 10:54:48 AM By Stu Sjouwerman

New data shows that only 3 percent of organizations are solely relying on their current cyber defenses when adding on cyber insurance, indicating that organizations are beginning to ...

From Policy to Practice in Security Culture: What Security Frameworks Recommend

Jul 10, 2024 10:00:48 AM By Anna Collard

Recently I had to prepare for a governance, risk and compliance conference. I promptly realized that although I used to be quite immersed in this field as an ISO 27k implementation ...

Phishing Attacks Target High Profile YouTube Accounts

Jul 9, 2024 8:32:05 AM By Stu Sjouwerman

Researchers at ESET warn of phishing attacks that are attempting to hack high-profile YouTube channels in order to spread scams or malware.

The Importance of Security Culture: When Telecom Giants Resort to Malware

Jul 9, 2024 8:32:02 AM By Javvad Malik

I recently read a story about a South Korean telecom company that pushed out malware to over 600,000 of its customers who were using torrents to share files, in a bid to limit their ...

Travelers Beware: Booking.com Warns of Increases in AI-Enabled Travel Scams

Jul 9, 2024 8:31:58 AM By Stu Sjouwerman

In an interview at the Collision technology conference in Toronto, Booking.com’s CISO sounds the alarm on what she calls “supercharged artificial intelligence (AI) scams.”

New “Paste and Run” Phishing Technique Makes CTRL-V A Cyber Attack Accomplice

Jul 5, 2024 7:40:28 AM By Stu Sjouwerman

A new phishing campaign tries to trick email recipients into pasting and executing malicious commands on their system that installs DarkGate malware.

[Urgent Alert] 5 Critical Steps to Shield Your Teens from Rising Sextortion

Jul 2, 2024 1:55:47 PM By Anna Collard

A few weeks ago, I was privileged to visit the 8th grade of a high-school here in Cape Town and talk to the students about cybersecurity, social media, and emerging technology. It was a ...

Hacked Customer Support Portal Being Used to Send Phishing Emails

Jul 2, 2024 1:55:30 PM By Stu Sjouwerman

A hacked customer support portal belonging to router manufacturer Mercku is being used to respond to customer queries with phishing emails, BleepingComputer reports.

Security Awareness Training Blog

View Topics