Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Slideshow: The Worst Of The Worst Phishing Scams

www.CSOonline.com provides news, analysis and research on a broad range of security and risk management topics. Areas of focus include information security, physical security, business ...
Continue Reading

Data Breach at Health Insurer Anthem 80 million records

Last updated Feb 7, 2015 - Both the Wall Street Journal and cyber security blogger Brian Krebs reported that Anthem Inc., the nation’s second largest health insurer disclosed that hackers ...
Continue Reading

Graphics Make Phishing Attacks Work Better

A successful phishing attack has several elements that all together convince the victim that the email is legit and that they need to act on the message. One of these elements sems to be ...
Continue Reading

FBI Alert: Ransomware Infection Leads To Wire Transfer Fraud

OK, Heads-up! Here is the deal. The FBI and the Internet Crime Complaint Center (IC3) two days ago warned about a new version of a man-in-the-middle scam that targets your CEO, CTO, CFO, ...
Continue Reading

Defense In Depth: Your Answer To Social Engineering

Organizations defend their networks on each of the six levels in the green graph you see. End-user Internet Security Awareness Training resides in the outer layer: ‘Policies, Procedures, ...
Continue Reading

New ransomware called "extortionware" in 2015? Not so much...

TK Keanini, CTO, Lancope wrote a 2015 Predictions editorial over at SC Magazine. He said he expects more malware like CryptoLocker and CryptoWall over the next 12 months, but also ...
Continue Reading

A new strain of "ransomware" is striking

Mitch Lipka of CBS Moneywatch wrote:
Continue Reading

Scam of The Week: LinkedIn Greeting Cards Carrying Malware

System admins hold the keys to the kingdom. The NSA is actively hunting for system admin credentials. A popular way to get you to click on something that installs zero-day malware on your ...
Continue Reading

Malware Used To Wipe Sony's Drives Was Quick And Dirty

It's still not clear (and it may never be discovered) how the Democratic People's Republic of (North) Korea (DPRK) hackers came in, perhaps they used all available threat vectors since ...
Continue Reading

Hackers Spear-phish ICANN And Compromise DNS Zone System

It does not get any worse than this. Or better than this, if you are a criminal hacker. Domain-name management organization ICANN announced it has been hacked and its DNS zone ...
Continue Reading

New Ransomware called KEYHolder from CryptorBit Cybergang

Bleeping Computer had the scoop again: " A new ransomware has been released called KEYHolder that is from the same developers of CryptorBit . Like CryptorBit, this infection encrypts your ...
Continue Reading

Breaking News 2 New Ransomware Strains

#1 OphionLocker The first one is a new strain of ransomware named OphionLocker. It encrypts your data using strong open source Crypto++ Elliptical Curve Cryptography and then ransoms the ...
Continue Reading

Experts: The Human Factor Key Challenge To Information Security

The lack of awareness and understanding of risks is one of the biggest challenges to information security, according to a panel of experts. Research showed that 93% of data breaches ...
Continue Reading

Ransomware Beats APT In Terms Of Severe Impact

MalwareBytes Research showed that in the year 2014, 82% of companies were attacked online. Their research also showed that browser vulnerabilities will be the biggest challenge going ...
Continue Reading

Phishing Lessons Learned in 2014? Employee Training Matters

Our friends at Wombat created a good summary why security awareness training is a must these days. Why?
Continue Reading

Top 10 InfoSec Pain Points

Continue Reading

Savvy Hackers Use Spearphishing to steal Wall Street M&A info

What if you knew beforehand about mergers and acquisitions, and could trade with that inside information? Well that's been going on for more than a year.
Continue Reading

Homeland Security: Security Education Deterred Cybercrime

Homeland Security Today has a good article which explains that cybersecurity education, including employee training and awareness programs, is vital in deterring cybercrime. The ...
Continue Reading

Software Support Cybercrime Scam

This week the FTC shut down a $120M tech support scam that consumer software buyers should be aware of. Two telemarketing firms were at the center of this FTC investigation, but there are ...
Continue Reading

STATE DEPT COMPUTERS HACKED, EMAIL SHUT DOWN

Associated Press just reported that the State Department has taken the unprecedented step of shutting down its entire unclassified email system as technicians repair possible damage from ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews