|
By Stu Sjouwerman
New research by Recorded Future provides insight into how advanced and sophisticated the threat group Marko Polo has become since launching in 2022. Marko Polo is of particular interest due to their rapid progress in advancing their operations.
|
By Stu Sjouwerman
Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate. It’s one thing to see your industry at the top of some “state of” cybersecurity report, but it’s entirely different to learn that 68% of all phishing web pages identified in a single quarter are from your industry. That’s exactly what we find in Akamai’s latest analysis of websites across the Internet.
|
By Stu Sjouwerman
A new “so-phish-ticated” attack uses phone calls, social engineering, lookalike domains, and impersonated company VPN sites to gain initial access to a victim network. This is one of the most advanced initial access attacks I’ve seen. Security analysts at GuidePoint Security have published details on a new attack that tricks users into providing the attacker with credentialed access.
|
By Stu Sjouwerman
Researchers at Todyl have published a report on a major cybercriminal group that’s conducting business email compromise (BEC) attacks against small and medium-sized businesses. Todyl describes three separate BEC attacks launched by this threat actor. In one case, the attackers compromised a Microsoft 365 account belonging to an individual working at a small non-profit.
|
By Roger Grimes
This recent article on how a hacker used genealogy websites to help better guess victims' password reset answers made it a great time to share a suggestion: Don’t answer password reset questions with real answers! It’s not Jeopardy! You don’t have to answer the questions correctly. In fact, you’re putting yourself at increased risk if you do. Instead, give a false question to any required password reset answer.
|
By Javvad Malik
When Walt Disney first unveiled the Magic Kingdom, he made a decision that would revolutionize theme park design - and inadvertently offer a valuable lesson for cybersecurity professionals. Instead of pre-determining where visitors should walk, Disney let guests create their own paths. Only after observing these "desire paths" did Disney pave the official walkways. This approach, seemingly simple, carries profound implications for how we should approach security in our organizations.
|
By Stu Sjouwerman
The recent cyber attack on Dick's Sporting Goods makes it clear that email played a critical role and emphasizes the need for better security controls. Dick’s Sporting Goods is a $12 billion company with more than 800 stores across the United States. That measure of success made the retailer the target of a recent cyber attack. A filing with the U.S.
|
By Stu Sjouwerman
Yubico has published a survey of 20,000 people from 10 countries around the world, finding that 40% of respondents have never received cybersecurity training from their employer. Additionally, 70% of respondents said they’ve been exposed to cyber attacks in their personal lives within the past 12 months, and 50% faced cyber attacks at work.
|
By Stu Sjouwerman
The criminal prosecution of the threat actors behind the "OTP Agency" has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication. The OTP Agency launched back in November of 2019. Their service was simple: if you have a compromised credential, their service would call the credential owner and pose as the website the account was for citing fraudulent activity, and ask the owner to verify themselves by providing the one-time password (OTP) sent to them via SMS.
|
By Stu Sjouwerman
The number of ransomware attacks around the world increased by 73% in 2023, according to a new report by the Institute for Security and Technology’s Ransomware Task Force (RTF). These attacks opportunistically target organizations across all industries, but the hardest-hit sectors over the past two years have been construction, hospitals and health care, government, IT services and consulting, and financial services.
|
By KnowBe4
In a world where cybersecurity incidents are no longer a matter of if they will happen, but when, having a solid incident response plan is a critical component of cyber resilience and business continuity. The National Institute of Standards and Technology (NIST) provides comprehensive guidelines on how to set up an executive incident response. For this blog, Anna Collard will be drawing inspiration from Fiona, the vibrant and friendly PA to the IT director in the first season of our security awareness series "The Inside Man," to illustrate how effective incident response should be managed.
|
By KnowBe4
AI and AI-generated deepfakes are proving to be the most intriguing, and in some ways troubling, recent advances in technology. No wonder one of my favorite characters from “The Inside Man” series, AJ, is so enthralled by them.AJ is a friendly, funny, unstoppable security dynamo with a deep love of all things tech. But as AJ learns through his journey in the events of “The Inside Man,” AI can have a dark side.
|
By KnowBe4
KnowBe4's Data-Driven Defense Evangelist Roger A. Grimes shares his hacking story on consulting for a large, U.S. multinational, multi business, conglomerate, Fortune 500 company. I had been brought in because they had been badly hacked for the third time.
|
By KnowBe4
As cyber threats evolve, the target has become crystal clear: your data. A staggering 90% of ransomware attacks now include a data exfiltration component. With this in mind, KnowBe4 has introduced a robust free tool, BreachSim, to identify your network's vulnerabilities and shore up your cyber defenses. Financial losses, reputation damage, intellectual property theft, regulatory repercussions and operational disruptions are just a few of the harsh consequences of data exfiltration assaults. KnowBe4 BreachSim can help you nip these risks in the bud.
|
By KnowBe4
Ever wondered what your social media posts reveal about you? Hear from James McQuiggan as he explores how open-source intelligence unveils personal details from TikTok and Instagram. Discover why oversharing online can pose serious risks.
|
By KnowBe4
What’s the worst that could happen? KnowBe4's Lead Security Awareness Advocate, Javvad Malik's, nightmare became a reality when he became a hacker for an online bank due to a simple mistake. Learn from his experience and ensure your team is properly trained in cybersecurity.
|
By KnowBe4
Join us for this new webinar hosted by Roger A. Grimes, author of the new book, “Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing”. He will speak to these growing threats and share a blueprint to fend them off.
|
By KnowBe4
"Reality Hijacked" isn't just a title — it's a wake-up call. The advent and acceleration of GenAI is redefining our relationship with “reality” and challenging our grip on the truth. Our world is under attack by synthetic media. We’ve entered a new era of ease for digital deceptions: from scams to virtual kidnappings to mind-bending mass disinformation. Experience the unnerving power of AI that blurs the lines between truth and fiction.
|
By KnowBe4
Check out the blog post: https://blog.knowbe4.com/ai-does-not-scare-me
|
By KnowBe4
As an InfoSec professional, one of your important responsibilities is to minimize expensive downtime and prevent data breaches. Skyrocketing ransomware infections can shut down your network and exfiltrate data. Phishing is responsible for two‑thirds of ransomware infections. You know this and need help articulating the value of KnowBe4 to your CFO and leadership. This guide showcases real ROI experienced by KnowBe4 customers to help you present a strong business case for the investment.
|
By KnowBe4
Your employees are your largest attack surface. For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit. But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.
|
By KnowBe4
Want to read this bestseller? Register now for your free (instant 240-page PDF download) Cyberheist e-book and learn how to not be the next victim! Cyberheist was fully updated and written for the IT team and owners / management of Small and Medium Enterprise, which includes non-profits, local and state government, churches, and any other organization with more than a few thousand dollars in their bank operating account.
|
By KnowBe4
Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don't have an effective strategy to stop them. This enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Don't get caught in a phishing net! Learn how to avoid having your end users take the bait. Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.
|
By KnowBe4
Hackers have become increasingly savvy at launching specialized attacks that target your users by tapping into their fears, hopes, and biases to get access to their data. Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one. People, no matter their tech savviness, are often duped by social engineer scams, like CEO fraud, because of their familiarity and immediacy factors.
|
By KnowBe4
All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks.
|
By KnowBe4
Anything but 100% completion on your employee compliance training is often more than simply frustrating. Compliance audits and regulatory requirements can make anything less than 100% feel like a failure. But, getting compliance on your compliance training is possible! Organizations have struggled for years with getting everyone to complete their required compliance training. This puts organizations at risk of more incidents occurring, fines or reputational damage if an employee is non-compliant.
- October 2024 (10)
- September 2024 (27)
- August 2024 (33)
- July 2024 (41)
- June 2024 (32)
- May 2024 (38)
- April 2024 (34)
- March 2024 (38)
- February 2024 (42)
- January 2024 (46)
- December 2023 (41)
- November 2023 (33)
- October 2023 (45)
- September 2023 (49)
- August 2023 (49)
- July 2023 (42)
- June 2023 (45)
- May 2023 (48)
- April 2023 (44)
- March 2023 (14)
- February 2023 (3)
- January 2023 (4)
- December 2022 (3)
KnowBe4 is the provider of the world's largest integrated platform for security awareness training combined with simulated phishing attacks. Join our more than 56,000 customers to manage the continuing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive, and powerful. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design a full-featured, yet easy-to-use platform.
Find Out How Effective Our Security Awareness Training Is:
- Train Your Users: The world’s largest library of security awareness training content. Automated training campaigns with scheduled reminder emails.
- Phish Your Users: Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
- See The Results: Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
Human Error. Conquered.