Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

[Heads Up] Reinforce Your Defenses Against Rising Supply-Chain Cyber Threats

James Rundle at The Wall Street Journal today reported that in response to escalating supply-chain cyberattacks, companies are intensifying their scrutiny over suppliers to protect ...
Continue Reading

State-Sponsored Russian Phishing Campaigns Target a Variety of Industries

Researchers at IBM X-Force are monitoring several ongoing phishing campaigns by the Russian state-sponsored threat actor ITG05 (also known as “APT28” or “Fancy Bear”). APT28 has been tied ...
Continue Reading

CISA: Healthcare Organizations Should Be Wary of Increased Ransomware Attacks by ALPHV Blackcat

A joint cybersecurity advisory published last week discusses ransomware attack impacts on healthcare, along with ALPHV’s attack techniques, indicators of compromise (IoCs) and proper ...
Continue Reading

If Social Engineering Accounts for up to 90% of Attacks, Why Is It Ignored?

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close.
Continue Reading

Organizations Are Vulnerable to Image-based and QR Code Phishing

A majority of organizations have a false sense of security regarding their resistance to phishing attacks, according to a new report from researchers at IRONSCALES and Osterman Research.
Continue Reading

Despite Feeling Prepared for Image-Based Attacks, Most Organizations Have Been Compromised by Them

With QR-code phishing attacks on the rise, new data sheds light on just how unprepared organizations actually are in stopping and detecting these device-shifting attacks.
Continue Reading

New Research: BEC Attacks Rose 246% in 2023

Business email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest.The researchers believe the increase is due to widely available phishing kits that ...
Continue Reading

Compromised Credentials Postings on the Dark Web Increase 20% in Just One Year

Data trends show a clear upward momentum of posts from initial access brokers on the dark web, putting the spotlight on what may become cybersecurity’s greatest challenge.
Continue Reading

Dodging Digital Deception: How to Spot Fake Recruiters and Shield Your Career Search from Phishing Scams

Scammers are impersonating job-seeking platform Dice with phony employment opportunities designed to steal victims’ information.
Continue Reading

How Much Will AI Help Cybercriminals?

Do not forget, AI-enabled technologies, like KnowBe4’s Artificial Intelligence Defense Agents (AIDA), will make defenses increasingly better.
Continue Reading

Generative AI Results In 1760% Increase in BEC Attacks

As cybercriminals leverage tools like generative AI, making attacks easier to execute and with a higher degree of success, phishing attacks continues to increase in frequency.
Continue Reading

Three Essential Truths Every CISO Should Know To Guide Their Career

According to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities.
Continue Reading

European Diplomats Targeted With Phony Invitations to a Wine-Tasting Party

Researchers at Zscaler observed a cyberespionage campaign that targeted European diplomats with malicious PDFs disguised as invitations to a wine-tasting party hosted by the Ambassador of ...
Continue Reading

Chicago Man Sentenced to Eight Years in Prison for Phishing Scheme

A 30-year-old man from Chicago, Joseph Alexander Valdez, has been sentenced to eight years in prison for conducting a Snapchat phishing scheme that victimized more than 700 women, CBS ...
Continue Reading

Game-Changer: Biometric-Stealing Malware

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the ...
Continue Reading

Credential Theft Is Mostly Due To Phishing

According to IBM X-Force’s latest Threat Intelligence Index, 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid ...
Continue Reading

[SCARY] You knew about OSINT, but did you know about ADINT?

WIRED just published a scary (long) article. I am summarizing it here and highly recommend you read the whole thing.
Continue Reading

Face off: New Banking Trojan steals biometrics to access victims’ bank accounts

Venturebeat had the scoop on a fresh Group-IB report. They discovered the first banking trojan that steals people’s faces. Unsuspecting users are tricked into giving up personal IDs and ...
Continue Reading

Nearly One in Three Cyber Attacks In 2023 Involved The Abuse of Valid Accounts

Thirty percent of all cyber incidents in 2023 involved abuse of valid credentials, according to IBM X-Force’s latest Threat Intelligence Index. This represents a seventy-one percent ...
Continue Reading

[INFOGRAPHIC] KnowBe4’s Learner App by the Numbers

The KnowBe4 Learner App enables your users to complete their security awareness and compliance training conveniently from their smartphones and tablets.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews