A Dream Team Security Awareness Training Program?

Jan 2, 2024 1:29:27 PM By Roger Grimes

Every person and organization is different and requires slightly different methods and ways of learning. But every person and organization can benefit by more frequent security awareness ...

Impersonation Attack Data Breaches Predicted to Increase in 2024

Dec 28, 2023 1:30:00 PM By Stu Sjouwerman

With so much of an attack riding on a cybercriminals ability to gain access to systems, applications and data, experts predict the trend of rising impersonation is only going to get worse.

U.K. Government 'Ill-Prepared' to Deal With High Risk of Catastrophic Ransomware Attacks

Dec 28, 2023 11:06:43 AM By Stu Sjouwerman

A new report from the U.K. government’s Joint Committee on the National Security Strategy (JCNSS) outlines both just how likely an attack on critical national infrastructure is and where ...

[Heads Up] SMTP Smuggling - How It Easily Circumvents Your Email Defenses

Dec 28, 2023 8:00:00 AM By Stu Sjouwerman

A newly-discovered technique misusing SMTP commands allows cybercriminals to pass SPF, DKIM and DMARC checks, allowing impersonated emails to reach their intended victim.

Ransomware Attacks Rise 85% Compared to the Previous Year

Dec 27, 2023 1:00:00 PM By Stu Sjouwerman

With November demonstrating multiple increases when compared to various previous time periods, new data signals that we may be in for a bumpy ride in 2024.

Cyber Scammers Beef Up the Number of Fake Delivery Websites Just in Time for Christmas

Dec 27, 2023 10:58:02 AM By Stu Sjouwerman

Cybersecurity researchers at Group-IB have identified a single scam campaign leveraging over 1500 websites impersonating postal carriers and shippers leading up to Christmas this year.

The AI Threat: How America's 2024 Election Could Be Compromised

Dec 26, 2023 2:03:41 PM By Stu Sjouwerman

I found an interesting article at THE HILL that discusses the rising concerns about how AI might influence the upcoming U.S. 2024 elections.

SC Mag: "Attacks on critical infrastructure are harbingers of war: Are we prepared?"

Dec 22, 2023 10:42:30 AM By Stu Sjouwerman

I just found a great post by Morgan Wright, chief security advisor of SentinelOne. Here is a quick summary and a link to the full article is at the bottom. The recent attacks on water ...

Underground Cyber Crime Marketplaces are Now Showing Up on the Open Web

Dec 21, 2023 1:00:00 PM By Stu Sjouwerman

Marketplaces such as OLVX are shifting from the dark web to the open web to take advantage of traditional web services to assist in marketing to and providing access to new customers.

Cancer Center Patients Become Attempted Victims of Data Extortion

Dec 21, 2023 11:44:36 AM By Stu Sjouwerman

Cybercriminals of the lowest kind breached as many as 800,000 patients and then sent emails threatening to sell their data if they didn’t pay a fee to block it from selling.

“Mr. Anon” Infostealer Attacks Start with a Fake Hotel Booking Query Email

Dec 20, 2023 11:52:39 AM By Stu Sjouwerman

This new attack is pretty simple to spot on the front, but should it be successful in launching its’ malicious code, it’s going to take its victims for everything of value they have on ...

Phishing Is Still the No. 1 Attack Vector, With Huge 144% Malicious URL Spike

Dec 13, 2023 12:26:16 PM By Stu Sjouwerman

Analysis of nearly a year’s worth of emails brings insight into exactly what kinds of malicious content are being used, who’s being impersonated, and who’s being targeted.

How To Fight Long-Game Social Engineering

Dec 13, 2023 8:08:40 AM By Roger Grimes

CISA sent out a warning about a Russian advanced persistent threat (APT) called Star Blizzard warning about their long-game social engineering tactics.

Phishing Defense: Train Often to Avoid the Bait

Dec 8, 2023 3:40:51 PM By Roger Grimes

Surveys, unfortunately, show that the vast majority of organizations do little to no security awareness training. The average organization, if it does security awareness training, does it ...

Nearly Every CIO Identifies at Least One Cyber Threat as a Risk to their Business

Dec 8, 2023 3:40:05 PM By Stu Sjouwerman

When 97% of CIOs all see things the same way, it’s probably a sign to take the risk of cyber threats seriously – a problem new data shows is only going to get worse in the next five years.

Phishing-Resistant MFA Will Not Stop Phishing Attacks

Dec 7, 2023 10:25:31 AM By Roger Grimes

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder.

PDFs: Friend or Phishing Foe? Don't Get Caught by the Latest Scam Tactic

Dec 5, 2023 11:38:52 AM By Stu Sjouwerman

Researchers at McAfee warn that attackers are increasingly utilizing PDF attachments in email phishing campaigns.

Vishing Gang Takes Victims for “Tens of Millions” Using Little More than Social Engineering

Dec 1, 2023 12:26:52 PM By Stu Sjouwerman

Czech and Ukrainian police have arrested six individuals responsible for a call center-based vishing scam designed to trick victims into thinking they were already victims of fraud.

The Israel-Hamas Conflict is the Latest Example of Phishing Attacks Taking Advantage of Current Events

Nov 30, 2023 11:12:12 AM By Stu Sjouwerman

Using something as simple as an attachment with an Israel/Hamas-related filename seems to be all it takes for new social engineering attacks disguised as donation confirmations.

No One Knows How Online Pharmacy Company was Hit with a Data Breach Impacting 2.3 Million Customers

Nov 29, 2023 10:56:21 AM By Stu Sjouwerman

This is a cautionary tale of both how your data can legally end up in the hands of an organization you never intended and how victims can be largely left in the dark post-breach.

Security Awareness Training Blog

Social Engineering Blog

View Topics