|
By Stu Sjouwerman
The Swiss National Cyber Security Centre (NCSC) has warned of a QR code phishing (quishing) campaign that’s targeting people in Switzerland via physical letters sent through the mail, Malwarebytes reports. The letters purport to come from the Swiss Federal Office of Meteorology and Climatology (MeteoSwiss), asking recipients to scan a QR code to install a new app for severe weather warnings.
|
By Javvad Malik
As the holiday shopping season kicks into high gear, cybercriminals are gearing up too. This year, alongside the usual suspects, we're seeing some crafty new scams, so let’s take a look at some of the ones you should be most careful of during Black Friday, Cyber Monday and Giving Tuesday. AI-Generated Fake Reviews AI has allowed scammers to flood product pages with well-written and convincing fake reviews of products.
|
By Stu Sjouwerman
A new and concerning cybersecurity trend has emerged. According to the latest Q3 2024 Cato CTRL SASE Threat Report from Cato Networks, ransomware gangs are now actively recruiting penetration testers to enhance the effectiveness of their attacks. This development signals a significant shift in the tactics employed by cybercriminals and underscores the need for organizations to remain vigilant in their defense strategies.
|
By Stu Sjouwerman
The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access. I’ve stood on the “phishing is a problem” soapbox for many years, attempting to focus the attention of cybersecurity teams on the single largest problem within the organization: the employees that fall for social engineering tactics time and time again.
|
By Roger Grimes
About five years ago, I was having trouble with an expensive brand-name refrigerator that my wife and I had bought. It was a great refrigerator feature-wise. My wife and I initially loved it. But it kept breaking. And each break, even though it was covered by the warranty, took weeks and weeks to repair.
|
By Stu Sjouwerman
Cybersecurity threats grow more sophisticated by the day. Amid this constant change, one truth remains: people are simultaneously our greatest security vulnerability and our strongest line of defense. It’s time to empower organizations with a new approach that minimizes human risk and maximizes protection.
|
By Stu Sjouwerman
New data shows just how crippling ransomware has been on small businesses that have fallen victim to an attack and needed to pay the ransom. Logic would normally dictate that ransomware gangs are going to go after the “big fishes” – the larger organizations with deep pockets. But with the advent of the “as a service” model of ransomware, threat actors have found a niche, with many of them focusing on businesses with 1 to 50 employees.
|
By Stu Sjouwerman
Threat actors are exploiting Microsoft Visio files and SharePoint to launch two-step phishing attacks, according to researchers at Perception Point. “Perception Point’s security researchers have observed a dramatic increase in two-step phishing attacks leveraging.vsdx files – a file extension rarely used in phishing campaigns until now,” the researchers explain.
|
By Stu Sjouwerman
Researchers at IBM X-Force are tracking a phishing campaign by the criminal threat actor “Hive0145” that’s using stolen invoice notifications to trick users into installing malware. Hive0145 acts as an initial access broker, selling access to compromised organizations to other threat actors who then carry out additional cyberattacks.
|
By James McQuiggan
In the ever-evolving landscape of cybersecurity, the convergence of Artificial Intelligence (AI) and Open-Source Intelligence (OSINT) has created new opportunities for risk. It is crucial to understand that this powerful combination is also being weaponized by cybercriminals, presenting unprecedented challenges for organizations worldwide.
|
By KnowBe4
Introducing HRM+, KnowBe4’s groundbreaking human risk management platform. Built as a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, HRM+ creates an adaptive defense layer against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. HRM+ tackles the complex human-element cybersecurity challenges of the modern world.
|
By KnowBe4
Need holiday tips to keep your users cyber safe this holiday season? Not to fear, our KnowBe4 Security Awareness Advocates Erich Kron and Javvad are here to help! They share five helpful holiday cyber safety tips that you can share with your users.
|
By KnowBe4
In the final series of our blog series, KnowBe4's Security Awareness Advocate covers mobile device security measures that are relevant themes to The Inside Man Original Series.
|
By KnowBe4
In a world where cybersecurity incidents are no longer a matter of if they will happen, but when, having a solid incident response plan is a critical component of cyber resilience and business continuity. The National Institute of Standards and Technology (NIST) provides comprehensive guidelines on how to set up an executive incident response. For this blog, Anna Collard will be drawing inspiration from Fiona, the vibrant and friendly PA to the IT director in the first season of our security awareness series "The Inside Man," to illustrate how effective incident response should be managed.
|
By KnowBe4
AI and AI-generated deepfakes are proving to be the most intriguing, and in some ways troubling, recent advances in technology. No wonder one of my favorite characters from “The Inside Man” series, AJ, is so enthralled by them.AJ is a friendly, funny, unstoppable security dynamo with a deep love of all things tech. But as AJ learns through his journey in the events of “The Inside Man,” AI can have a dark side.
|
By KnowBe4
KnowBe4's Data-Driven Defense Evangelist Roger A. Grimes shares his hacking story on consulting for a large, U.S. multinational, multi business, conglomerate, Fortune 500 company. I had been brought in because they had been badly hacked for the third time.
|
By KnowBe4
As cyber threats evolve, the target has become crystal clear: your data. A staggering 90% of ransomware attacks now include a data exfiltration component. With this in mind, KnowBe4 has introduced a robust free tool, BreachSim, to identify your network's vulnerabilities and shore up your cyber defenses. Financial losses, reputation damage, intellectual property theft, regulatory repercussions and operational disruptions are just a few of the harsh consequences of data exfiltration assaults. KnowBe4 BreachSim can help you nip these risks in the bud.
|
By KnowBe4
Ever wondered what your social media posts reveal about you? Hear from James McQuiggan as he explores how open-source intelligence unveils personal details from TikTok and Instagram. Discover why oversharing online can pose serious risks.
|
By KnowBe4
What’s the worst that could happen? KnowBe4's Lead Security Awareness Advocate, Javvad Malik's, nightmare became a reality when he became a hacker for an online bank due to a simple mistake. Learn from his experience and ensure your team is properly trained in cybersecurity.
|
By KnowBe4
Join us for this new webinar hosted by Roger A. Grimes, author of the new book, “Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing”. He will speak to these growing threats and share a blueprint to fend them off.
|
By KnowBe4
Your employees are your largest attack surface. For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit. But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.
|
By KnowBe4
Want to read this bestseller? Register now for your free (instant 240-page PDF download) Cyberheist e-book and learn how to not be the next victim! Cyberheist was fully updated and written for the IT team and owners / management of Small and Medium Enterprise, which includes non-profits, local and state government, churches, and any other organization with more than a few thousand dollars in their bank operating account.
|
By KnowBe4
Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don't have an effective strategy to stop them. This enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Don't get caught in a phishing net! Learn how to avoid having your end users take the bait. Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.
|
By KnowBe4
Hackers have become increasingly savvy at launching specialized attacks that target your users by tapping into their fears, hopes, and biases to get access to their data. Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one. People, no matter their tech savviness, are often duped by social engineer scams, like CEO fraud, because of their familiarity and immediacy factors.
|
By KnowBe4
All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks.
|
By KnowBe4
Anything but 100% completion on your employee compliance training is often more than simply frustrating. Compliance audits and regulatory requirements can make anything less than 100% feel like a failure. But, getting compliance on your compliance training is possible! Organizations have struggled for years with getting everyone to complete their required compliance training. This puts organizations at risk of more incidents occurring, fines or reputational damage if an employee is non-compliant.
- November 2024 (22)
- October 2024 (37)
- September 2024 (27)
- August 2024 (33)
- July 2024 (41)
- June 2024 (32)
- May 2024 (38)
- April 2024 (34)
- March 2024 (38)
- February 2024 (42)
- January 2024 (46)
- December 2023 (41)
- November 2023 (33)
- October 2023 (45)
- September 2023 (49)
- August 2023 (49)
- July 2023 (42)
- June 2023 (45)
- May 2023 (48)
- April 2023 (44)
- March 2023 (14)
- February 2023 (3)
- January 2023 (4)
- December 2022 (3)
KnowBe4 is the provider of the world's largest integrated platform for security awareness training combined with simulated phishing attacks. Join our more than 56,000 customers to manage the continuing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive, and powerful. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design a full-featured, yet easy-to-use platform.
Find Out How Effective Our Security Awareness Training Is:
- Train Your Users: The world’s largest library of security awareness training content. Automated training campaigns with scheduled reminder emails.
- Phish Your Users: Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
- See The Results: Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
Human Error. Conquered.