26% of Global Organizations Lack Security Training Programs

Jun 6, 2024 8:26:39 AM By Stu Sjouwerman

More than a quarter (26%) of organizations around the world provide no security awareness training for their employees, according to a survey by Hornetsecurity. The researchers found that ...

[NEW RESEARCH]: KnowBe4’s 2024 Phishing by Industry Benchmarking Report Reveals that 34.3% of Untrained End Users Will Fail a Phishing Test

Jun 4, 2024 8:00:00 AM By Joanna Huisman

The prevalence of cyber crime continues to soar, victimizing individuals in both their work and private lives. Cybercriminals are indiscriminate, targeting around the clock and across the ...

Criminals Abuse Cloud Storage Platforms to Host Phishing Sites

May 29, 2024 2:42:32 PM By Stu Sjouwerman

Threat actors are abusing cloud storage platforms to host phishing sites that can more easily evade detection by security scanners, according to researchers at Enea. Criminals are ...

Threat Actor Void Manticore Uses Cyber Weapon “Wipers” to Destroy Data and Systems

May 29, 2024 2:42:27 PM By Stu Sjouwerman

This Pro-Hamas hacktivist group has updated their payload arsenal to include updated versions of their BiBi Wiper malware, and two new wiper variants.

New Research Finds Phishing Scams Targeting Popular PDF Viewer

May 23, 2024 2:40:28 PM By Stu Sjouwerman

Several phishing campaigns are targeting users of the Foxit PDF Reader, according to researchers at Check Point. Foxit is a popular alternative to Adobe Acrobat Reader for viewing PDF ...

Don't Let Criminals Steal Your Summer Fun

May 22, 2024 3:18:33 PM By Javvad Malik

Summer has finally arrived in certain parts of the world, and with it come many exciting events — from the grandeur of the Olympics to the grass courts of Wimbledon, from the electrifying ...

Malicious Use of Generative AI Large Language Models Now Comes in Multiple Flavors

May 22, 2024 3:18:20 PM By Stu Sjouwerman

Analysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams.

Cyber Insurance Claims Rise Due To Phishing and Social Engineering Cyber Attacks

May 21, 2024 3:31:34 PM By Stu Sjouwerman

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem.

New Threat Report Finds Nearly 90% of Cyber Threats Involve Social Engineering

May 20, 2024 2:55:38 PM By Stu Sjouwerman

Analysis of over 3.5 billion attacks provides insight into where threat actors are placing their efforts and where you should focus your cyber defenses.

Black Basta Ransomware Uses Phishing Flood to Compromise Orgs

May 16, 2024 12:54:01 PM By Roger Grimes

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack.

Phishing and Pretexting Dominate Social Engineering-Related Data Breaches

May 15, 2024 11:15:31 AM By Stu Sjouwerman

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data.

FBI Warns of AI-Assisted Phishing Campaigns

May 15, 2024 11:15:28 AM By Stu Sjouwerman

The US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks.

Attackers Leveraging XSS To Make Phishing Emails Increasingly Evasive

May 14, 2024 2:30:02 PM By Stu Sjouwerman

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links ...

Alert: Nova Scotians Hit by Surge of Sophisticated Spear Phishing Scams

May 14, 2024 8:37:34 AM By Stu Sjouwerman

The Royal Canadian Mounted Police (RCMP) in Nova Scotia is warning of spear phishing attacks that impersonate company managers. The scammers text company employees requesting a payment to ...

Google’s Multi-Party Approval Process Is Great, but Not Unphishable

May 10, 2024 1:49:20 PM By Roger Grimes

Like most observers, I celebrated Google’s recent announcement on April 9th about new multi-party approvals for a handful or so of common actions accomplished by super admins in Google ...

Ransomware Detection Time Shortens by 44% as Organizations Attempt to Keep Up with Attackers

May 10, 2024 1:49:17 PM By Stu Sjouwerman

New data shows organizations are improving their ability to detect and respond to ransomware attacks, but is it fast enough to make a difference and stop attacks?

Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of Credentials

May 7, 2024 2:33:11 PM By Stu Sjouwerman

Innovative analysis of data breaches shows which attack vectors are being used and how they’re enabled, highlighting the roles phishing and credentials play.

The Education Sector Experienced the Highest Number of Data Breaches in 2023

May 7, 2024 8:00:00 AM By Stu Sjouwerman

New data from Verizon makes it clear that the Education sector is under attack, but also breaks down which threat actions and patterns are used most.

U.S. Government Warns of North Korean Spear-Phishing Campaigns

May 7, 2024 8:00:00 AM By Stu Sjouwerman

The North Korean state-sponsored threat actor Kimsuky is launching spear phishing attacks against individuals working at think tanks and academic institutions in the US, according to a ...

Protecting Your Digital Footprint: The Dangers of Sharing Too Much on Social Media

May 3, 2024 2:00:22 PM By James McQuiggan

For most folks, social media has become integral to their daily lives in today's hyperconnected world. They use platforms like Facebook, Twitter and Instagram to share their thoughts, ...

Security Awareness Training Blog

Social Engineering Blog

View Topics