|
By Stu Sjouwerman
New data shows phishing attacks are deviating from the traditional focus on technology and retail sectors and are opting for alternate brands with widespread appeal. I’ve covered plenty of reports about brand impersonation and it’s almost always Microsoft on top of the list. And with good reason: access to a Microsoft 365 account can give attackers a foothold and potential access to data, applications and more.
|
By Stu Sjouwerman
Global optics manufacturer Hoya had business operations at its headquarters and several business divisions impacted and is now facing a “No Negotiation / No Discount Policy” $10 million ransom decision to make.
|
By Stu Sjouwerman
A new survey of physicians details the devastating impact of the Change Healthcare cyber attack on the healthcare sector. In February, a cyber attack on Change Healthcare brought much of the U.S. healthcare system to a halt. The revenue and payment cycle management provider is central to connecting payers, providers and patients within the U.S. healthcare system to ensure payments are made.
|
By Stu Sjouwerman
The cybercriminal threat actor FIN7 is launching spear phishing attacks against the automotive industry in the United States, according to researchers at BlackBerry. The threat actor identifies IT employees at automotive companies and attempts to trick them into downloading a Trojanized version of a free IP scanning tool. FIN7 is a Russia-based financially motivated threat actor that carries out a variety of cybercrime activities, including ransomware attacks.
|
By Stu Sjouwerman
Analysis of cyber attacks targeting U.K. organizations highlights the effectiveness of social engineering attacks and the fact that businesses are missing the mark on how to stop it. The U.K. Government just released their Cyber Security Breaches Survey 2024 where they asked U.K. businesses and charities about their experiences with cyber attacks and breaches, their preparedness plans, response plans and the impacts of the attacks. According to the survey results, half (50%) of all U.K.
|
By Stu Sjouwerman
New advancements in generative AI voice cloning come at a time when banks are looking for additional ways to authenticate their customers – and they’re choosing your voice. Banks adopted the principles of multi-factor authentication years ago. But continued cyber attacks aimed at providing SIM swapping services have increased the risk of assuming the credential owner actually possesses the mobile device. So, where do they go next to prove you’re you? Voiceprint.
|
By Stu Sjouwerman
LastPass has warned that one of its employees was targeted by a social engineering attack that used an audio deepfake that impersonated the company’s CEO. Fortunately, the employee grew suspicious and avoided falling for the attack. Mike Kosak, Senior Principal Intelligence Analyst at LastPass, explained in a blog post, “In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp.
|
By Stu Sjouwerman
We are excited to announce that KnowBe4 has been named a leader in the Spring 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the 12th consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 278 G2 customer reviews, KnowBe4’s PhishER platform is the top ranked SOAR software.
|
By Stu Sjouwerman
We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. Have you ever wanted to peek behind the curtain of Security Awareness Training (SAT) platforms and see which one truly stands out? Well, you don't need to wonder anymore.
|
By Stu Sjouwerman
Microsoft and Google were the most frequently impersonated brands in phishing attacks during the first quarter of 2024, according to a report from Check Point. Microsoft-themed phishing attempts accounted for 38% of attacks in Q1 2024, while Google came in at a distant second with 11%. Notably, phishing attacks impersonating vacation rental company Airbnb have spiked over the past few weeks.
|
By KnowBe4
As an InfoSec professional, one of your important responsibilities is to minimize expensive downtime and prevent data breaches. Skyrocketing ransomware infections can shut down your network and exfiltrate data. Phishing is responsible for two‑thirds of ransomware infections. You know this and need help articulating the value of KnowBe4 to your CFO and leadership. This guide showcases real ROI experienced by KnowBe4 customers to help you present a strong business case for the investment.
|
By KnowBe4
Need holiday tips to keep your users cyber safe this holiday season? Not to fear, our KnowBe4 Security Awareness Advocates Erich Kron and Javvad are here to help! They share five helpful holiday cyber safety tips that you can share with your users.
|
By KnowBe4
PhishER Plus was developed to help you supercharge your organization’s email security defenses and is an additional final layer after your existing SEG and other cybersecurity layers fail. See what the Global Blocklist capability can do - Blocklist entries of validated threats crowdsourced from 10+ million trained users are leveraged to automatically block matching new incoming messages from reaching your users’ inboxes. This continually updated threat feed is managed by KnowBe4 and syncs with your Microsoft 365 mail server.
|
By KnowBe4
In the mystical realm of cyberspace, where digital forests hold secrets and virtual owls deliver messages, we find ourselves in a constant dance between magic and deception. Today, KnowBe4's Security Awareness Advocate Anna Collard will unveil the secrets of spear phishing.
The Role of AI in Email Security and How Real-Time Threat Intelligence Can Supercharge Your SOC Team
|
By KnowBe4
In response to improved email security measures, cybercriminals have pivoted to more advanced attack methods, namely artificial intelligence (AI), that bypass existing protections. But security defenders are also using AI in remarkable new ways to fortify their networks. Join Erich Kron, Security Awareness Advocate for KnowBe4, and Michael Sampson, Principal Analyst at Osterman Research, as they dig into the findings of our latest joint report on The Role of AI in Email Security. They’ll share tips on how your SOC team can identify and use AI to supercharge your anti-phishing defense.
|
By KnowBe4
They are out there, watching and waiting for an opportunity to strike; the bad actors who have carefully researched your organization in order to set the perfect trap using easily found public resources. Open-Source Intelligence (OSINT) can provide cybercriminals everything they need to know to perfectly target your users by gathering data on everything from password clues to tech stack details, banking/credit card accounts, social media details and more. Emerging technologies like AI can make gathering this intelligence even easier.
|
By KnowBe4
Cyber-Monsters beware! In this week's cyber-monsters blog edition, KnowBe4's Security Awareness Advocate Jacqueline Jayne discusses how Count Hackula could be waiting in the shadows to bite on your weak or reused password.
|
By KnowBe4
Imagine an artificial intelligence (AI) system developed by a mad scientist to leverage the full capabilities of Large-Language-Models (LLM). Then, the scientist went truly mad by utilizing text, voice, and video generation paired with mutating and self-perpetuating malware, as well as continuous improvement through reinforcement learning. The concoction you would get from the scientist’s wild lab is called Frankenphisher, the most effective social engineering AI you can possibly imagine.
|
By KnowBe4
Cyber threats can be scary, and for good reason. Malware can be lurking in a suspicious email your users get convinced to click. All it takes is one crack in the door of your network to let all the wrong ones in; spear phishing witches, ravenous ransomwolves, you name it!
|
By KnowBe4
Your employees are your largest attack surface. For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit. But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.
|
By KnowBe4
Want to read this bestseller? Register now for your free (instant 240-page PDF download) Cyberheist e-book and learn how to not be the next victim! Cyberheist was fully updated and written for the IT team and owners / management of Small and Medium Enterprise, which includes non-profits, local and state government, churches, and any other organization with more than a few thousand dollars in their bank operating account.
|
By KnowBe4
Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don't have an effective strategy to stop them. This enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Don't get caught in a phishing net! Learn how to avoid having your end users take the bait. Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.
|
By KnowBe4
Hackers have become increasingly savvy at launching specialized attacks that target your users by tapping into their fears, hopes, and biases to get access to their data. Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one. People, no matter their tech savviness, are often duped by social engineer scams, like CEO fraud, because of their familiarity and immediacy factors.
|
By KnowBe4
All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks.
|
By KnowBe4
Anything but 100% completion on your employee compliance training is often more than simply frustrating. Compliance audits and regulatory requirements can make anything less than 100% feel like a failure. But, getting compliance on your compliance training is possible! Organizations have struggled for years with getting everyone to complete their required compliance training. This puts organizations at risk of more incidents occurring, fines or reputational damage if an employee is non-compliant.
- April 2024 (27)
- March 2024 (38)
- February 2024 (42)
- January 2024 (46)
- December 2023 (41)
- November 2023 (33)
- October 2023 (45)
- September 2023 (49)
- August 2023 (49)
- July 2023 (42)
- June 2023 (45)
- May 2023 (48)
- April 2023 (44)
- March 2023 (14)
- February 2023 (3)
- January 2023 (4)
- December 2022 (3)
KnowBe4 is the provider of the world's largest integrated platform for security awareness training combined with simulated phishing attacks. Join our more than 56,000 customers to manage the continuing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive, and powerful. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design a full-featured, yet easy-to-use platform.
Find Out How Effective Our Security Awareness Training Is:
- Train Your Users: The world’s largest library of security awareness training content. Automated training campaigns with scheduled reminder emails.
- Phish Your Users: Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
- See The Results: Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
Human Error. Conquered.