Researchers Warn of EtterSilent Facilitating Risky Malware Delivery

Apr 29, 2021 10:25:23 AM By Stu Sjouwerman

Cybercriminals are using a new malicious document builder dubbed “EtterSilent,” according to researchers at Intel 471. The builder is used to craft Microsoft Office documents with macros ...

Phishing Campaign Abuses Contact Forms

Apr 29, 2021 10:00:00 AM By Stu Sjouwerman

Attackers are abusing websites’ contact forms to send malicious emails to the websites’ owners, according to researchers at Microsoft. The emails contain bogus copyright claims with a ...

Cybercriminals Use Job-Specific Social Media Platforms to Target UK Citizens With Fake Accounts

Apr 29, 2021 4:55:00 AM By Stu Sjouwerman

At least 10,000 UK citizens have been targeted by nation-state actors via fake LinkedIn accounts over the past five years, the BBC reports. Ken McCallum, Director-General of MI5, said ...

A Legitimate Charity Prompts Scam Imitators

Apr 28, 2021 8:00:00 AM By Stu Sjouwerman

Scammers are impersonating philanthropist Mackenzie Scott, the billionaire ex-wife of Jeff Bezos, the New York Times reports. Scott prefers to give money directly and contacts charities ...

Currently Popular Social Engineering Tactics

Apr 27, 2021 10:00:27 AM By Stu Sjouwerman

Criminals are exploiting new technology to launch updated versions of old attacks, according to Derek Slater at CSO. George Gerchow, CSO at Sumo Logic, told Slater that threat actors are ...

APT Group Use Voice-Changing Software to Impersonate Women as Part of Espionage Attacks

Apr 9, 2021 8:34:02 AM By Stu Sjouwerman

The middle eastern threat group known as APT-C-23 are targeting male soldiers in the Israel Defense Forces in an attempt to get their victims to download and install malware.

Office 365 Phishing Kits Are Being Used in a New Attack Targeting Execs and Finance

Apr 2, 2021 10:09:14 AM By Stu Sjouwerman

A new highly-targeted phishing campaign is seeking to compromise the online credentials of those with influence within an organization using an Office 365-themed update attack.

Cybercrime Skyrocketed in the US by 55%

Apr 1, 2021 8:58:39 AM By Stu Sjouwerman

According to data released by StockApps, the annual loss from any type of cybercrime in the US reached $4.2 billion in 2020. This turns into billions of dollars lost, and a 55% increase ...

Ubiquiti Cyber Attack Details Depict a Far More Disastrous Scenario Than Let On

Mar 30, 2021 3:49:36 PM By Stu Sjouwerman

New whistleblower details surrounding the December 2020 attack on the cloud-enabled IoT device manufacturer paints a far worse picture than what was disclosed.

Security Awareness is the Key to Cybersecurity Behavior Change

Mar 26, 2021 1:49:56 PM By Stu Sjouwerman

As organizations seek to find ways to increase the effectiveness of their security stance, many are realizing the value of a cybersecurity-aware employee helping to keep the organization ...

Forensically Investigating Phishing To Better Protect Your Organization

Mar 25, 2021 11:37:24 AM By Roger Grimes

The single best thing you can do to reduce cybersecurity risk in your environment is to prevent and mitigate social engineering – phishing in particular. The first and best thing any IT ...

Avoid Being Influenced by Instagram Scams

Mar 25, 2021 10:00:03 AM By Stu Sjouwerman

People need to be able to recognize common scams that will target them through Instagram and other social media sites, according to Harriet Stone at Naked Security. Stone points to ...

A Can of Phishbait: from Surveys to Rule Changes to Your Boss's Boss

Mar 24, 2021 8:28:28 AM By Stu Sjouwerman

Employees need to continue being wary of phishing scams as they begin to return to the office, according to Roger Kay at INKY. Kay describes several phishing templates that INKY has ...

Not Your Father's Tech Support Scam

Mar 22, 2021 10:43:45 AM By Eric Howes

Over the past month or so customers using the Phish Alert Button (PAB) have been reporting a curious wave of what initially appeared to be run-of-the-mill tech support scam emails. As it ...

Many Ways To Hack MFA

Mar 22, 2021 10:35:56 AM By Roger Grimes

I have spent a lot of time thinking about how to hack multifactor authentication (MFA) solutions. I have done so my whole career, deploying dozens, if not hundreds, of MFA projects. Also, ...

Mom Charged in Deepfake Cheerleading Plot

Mar 19, 2021 10:23:09 AM By Stu Sjouwerman

Raffaela Marie Spone, a 50-year-old mom from Pennsylvania, has been arrested after allegedly leveraging deepfake technology to target several of her daughter’s cheerleading rivals.

Researchers Have Their Eye on Malicious Clones of Android Apps That Put Devices at Risk

Mar 18, 2021 8:29:50 AM By Stu Sjouwerman

Researchers at Check Point have found malicious apps in the Google Play Store that will download Trojans to infected devices.

[EYE-OPENER] USA CISA Advisory on Trickbot Campaigns: Phishing Training For Employees

Mar 17, 2021 4:04:08 PM By Stu Sjouwerman

March 17, 2021 — The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spear phishing campaigns ...

Make No Mistake, This Changes Everything: Nation-State 2.0

Mar 17, 2021 8:00:00 AM By Roger Grimes

Every organization needs to figure out their increased cyber risk from nation-state warfare attacks and deploy mitigations.

Give Me £1,000 to Stop Calling You

Mar 17, 2021 7:14:28 AM By Stu Sjouwerman

Some scammers are taking a more direct approach to asking for money, according to BBC reporter Jane Wakefield. Wakefield received a call from a scammer who claimed to work for Microsoft, ...

Security Awareness Training Blog

Social Engineering Blog

View Topics