|
By Stu Sjouwerman
Threat actors are abusing Google Translate’s redirect feature to craft phishing links that appear to belong to, according to researchers at Abnormal Security. Users are more likely to trust links that end in Google’s “.goog” domain, and security filters are less likely to flag these URLs as malicious. “When you enter a URL into Google Translate, it generates a new link, redirecting the user through its platform to the requested page,” the researchers explain.
|
By Javvad Malik
Interpol has recently recommended discontinuing the use of the term "Pig Butchering" in cybercrime discussions, expressing concern that such terminology may discourage victims from reporting incidents due to feelings of shame or embarrassment. While some may question whether Interpol is over analysing the situation, it is prudent to consider the implications carefully. Modifying established cybersecurity terminology could potentially lead to public confusion.
|
By Stu Sjouwerman
An SMS phishing (smishing) campaign is attempting to trick Apple device users into disabling measures designed to protect them against malicious links, BleepingComputer reports. “Apple iMessage automatically disables links in messages received from unknown senders, whether that be an email address or phone number,” BleepingComputer explains.
|
By Stu Sjouwerman
Ransomware groups claimed responsibility for 5,461 attacks in 2024, with 1,204 of these attacks being publicly confirmed by victim organizations, according to Comparitech’s latest Ransomware Roundup report. The average ransom demand was more than $3.5 million, and the average ransom paid was $9.5 million. Many of these attacks involved data theft extortion, leading to the breach of nearly 200 million records.
|
By Roger Grimes
Social engineering and phishing are involved in 70% - 90% of data breaches. No other root cause of malicious hacking (e.g., unpatched software and firmware, eavesdropping, cryptography attacks, physical theft, etc.) comes close. In fact, if you add up all other causes for successful cyberattacks together, they do not come close to equaling the damage done by social engineering and phishing alone.
|
By Stu Sjouwerman
In cybersecurity, email has always been a critical concern. However, we feel the new 2024 Gartner Magic Quadrant for Email Security Platforms has signaled a shift in how we approach email protection. We believe this new Magic Quadrant encompasses a broader spectrum of email security providers to reflect the evolving threat landscape and the need for more integrated products.
|
By Stu Sjouwerman
Japan’s National Police Agency (NPA) has attributed more than 200 cyber incidents over the past five years to the China-aligned threat actor “MirrorFace,” Infosecurity Magazine reports.
|
By Javvad Malik
The UK government decided to wage war on explicit deepfakes. About time, right? But before we start celebrating, let's take a closer look. The fact is that this isn’t about technology, it’s about human behaviour. The government is not trying to outright ban deepfakes, which would be impossible, to be honest. They're targeting the misuse of this tech for nefarious purposes.
|
By Stu Sjouwerman
Researchers at SlashNext warn that cybercriminals are using a WordPress plugin called “PhishWP” to spoof payment pages and steal financial information. The spoofed pages are designed to steal payment card numbers, expiration dates, CVVs, and billing addresses. The plugin can also intercept one-time passwords generated to secure the transactions. The stolen data is immediately sent to the crooks via Telegram as soon as the victim hits “enter” on the phishing page.
|
By Stu Sjouwerman
A phishing campaign is abusing Microsoft 365 test domains to send legitimate payment requests from PayPal, according to Fortinet’s CISO Dr. Carl Windsor. Windsor found that the threat actor registered a free MS365 test domain and used it to create a distribution list containing targets’ email addresses. The scammer then used this distribution list to send payment requests via PayPal’s web portal.
|
By KnowBe4
Introducing HRM+, KnowBe4’s groundbreaking human risk management platform. Built as a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, HRM+ creates an adaptive defense layer against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. HRM+ tackles the complex human-element cybersecurity challenges of the modern world.
|
By KnowBe4
Need holiday tips to keep your users cyber safe this holiday season? Not to fear, our KnowBe4 Security Awareness Advocates Erich Kron and Javvad are here to help! They share five helpful holiday cyber safety tips that you can share with your users.
|
By KnowBe4
In the final series of our blog series, KnowBe4's Security Awareness Advocate covers mobile device security measures that are relevant themes to The Inside Man Original Series.
|
By KnowBe4
In a world where cybersecurity incidents are no longer a matter of if they will happen, but when, having a solid incident response plan is a critical component of cyber resilience and business continuity. The National Institute of Standards and Technology (NIST) provides comprehensive guidelines on how to set up an executive incident response. For this blog, Anna Collard will be drawing inspiration from Fiona, the vibrant and friendly PA to the IT director in the first season of our security awareness series "The Inside Man," to illustrate how effective incident response should be managed.
|
By KnowBe4
AI and AI-generated deepfakes are proving to be the most intriguing, and in some ways troubling, recent advances in technology. No wonder one of my favorite characters from “The Inside Man” series, AJ, is so enthralled by them.AJ is a friendly, funny, unstoppable security dynamo with a deep love of all things tech. But as AJ learns through his journey in the events of “The Inside Man,” AI can have a dark side.
|
By KnowBe4
KnowBe4's Data-Driven Defense Evangelist Roger A. Grimes shares his hacking story on consulting for a large, U.S. multinational, multi business, conglomerate, Fortune 500 company. I had been brought in because they had been badly hacked for the third time.
|
By KnowBe4
As cyber threats evolve, the target has become crystal clear: your data. A staggering 90% of ransomware attacks now include a data exfiltration component. With this in mind, KnowBe4 has introduced a robust free tool, BreachSim, to identify your network's vulnerabilities and shore up your cyber defenses. Financial losses, reputation damage, intellectual property theft, regulatory repercussions and operational disruptions are just a few of the harsh consequences of data exfiltration assaults. KnowBe4 BreachSim can help you nip these risks in the bud.
|
By KnowBe4
Ever wondered what your social media posts reveal about you? Hear from James McQuiggan as he explores how open-source intelligence unveils personal details from TikTok and Instagram. Discover why oversharing online can pose serious risks.
|
By KnowBe4
What’s the worst that could happen? KnowBe4's Lead Security Awareness Advocate, Javvad Malik's, nightmare became a reality when he became a hacker for an online bank due to a simple mistake. Learn from his experience and ensure your team is properly trained in cybersecurity.
|
By KnowBe4
Join us for this new webinar hosted by Roger A. Grimes, author of the new book, “Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing”. He will speak to these growing threats and share a blueprint to fend them off.
|
By KnowBe4
Your employees are your largest attack surface. For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit. But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.
|
By KnowBe4
Want to read this bestseller? Register now for your free (instant 240-page PDF download) Cyberheist e-book and learn how to not be the next victim! Cyberheist was fully updated and written for the IT team and owners / management of Small and Medium Enterprise, which includes non-profits, local and state government, churches, and any other organization with more than a few thousand dollars in their bank operating account.
|
By KnowBe4
Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don't have an effective strategy to stop them. This enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Don't get caught in a phishing net! Learn how to avoid having your end users take the bait. Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.
|
By KnowBe4
Hackers have become increasingly savvy at launching specialized attacks that target your users by tapping into their fears, hopes, and biases to get access to their data. Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one. People, no matter their tech savviness, are often duped by social engineer scams, like CEO fraud, because of their familiarity and immediacy factors.
|
By KnowBe4
All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks.
|
By KnowBe4
Anything but 100% completion on your employee compliance training is often more than simply frustrating. Compliance audits and regulatory requirements can make anything less than 100% feel like a failure. But, getting compliance on your compliance training is possible! Organizations have struggled for years with getting everyone to complete their required compliance training. This puts organizations at risk of more incidents occurring, fines or reputational damage if an employee is non-compliant.
- January 2025 (13)
- December 2024 (21)
- November 2024 (29)
- October 2024 (37)
- September 2024 (27)
- August 2024 (33)
- July 2024 (41)
- June 2024 (32)
- May 2024 (38)
- April 2024 (34)
- March 2024 (38)
- February 2024 (42)
- January 2024 (46)
- December 2023 (41)
- November 2023 (33)
- October 2023 (45)
- September 2023 (49)
- August 2023 (49)
- July 2023 (42)
- June 2023 (45)
- May 2023 (48)
- April 2023 (44)
- March 2023 (14)
- February 2023 (3)
- January 2023 (4)
- December 2022 (3)
KnowBe4 is the provider of the world's largest integrated platform for security awareness training combined with simulated phishing attacks. Join our more than 56,000 customers to manage the continuing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive, and powerful. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design a full-featured, yet easy-to-use platform.
Find Out How Effective Our Security Awareness Training Is:
- Train Your Users: The world’s largest library of security awareness training content. Automated training campaigns with scheduled reminder emails.
- Phish Your Users: Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
- See The Results: Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
Human Error. Conquered.