Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

KnowBe4

knowbe4

A New Era In Human Risk Management:Introducing KnowBe4 HRM+

Nov 19, 2024 By Stu Sjouwerman In KnowBe4
Cybersecurity threats grow more sophisticated by the day. Amid this constant change, one truth remains: people are simultaneously our greatest security vulnerability and our strongest line of defense. It’s time to empower organizations with a new approach that minimizes human risk and maximizes protection.
Read Post

A New Era In Human Risk Management:Introducing KnowBe4 HRM+

Nov 19, 2024 By KnowBe4 In KnowBe4
Introducing HRM+, KnowBe4’s groundbreaking human risk management platform. Built as a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, HRM+ creates an adaptive defense layer against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. HRM+ tackles the complex human-element cybersecurity challenges of the modern world.
View Video
knowbe4

Half of all Ransomware Attacks This Year Targeted Small Businesses

Nov 15, 2024 By Stu Sjouwerman In KnowBe4
New data shows just how crippling ransomware has been on small businesses that have fallen victim to an attack and needed to pay the ransom. Logic would normally dictate that ransomware gangs are going to go after the “big fishes” – the larger organizations with deep pockets. But with the advent of the “as a service” model of ransomware, threat actors have found a niche, with many of them focusing on businesses with 1 to 50 employees.
Read Post
knowbe4

Phishing Attacks Exploit Microsoft Visio Files and SharePoint

Nov 15, 2024 By Stu Sjouwerman In KnowBe4
Threat actors are exploiting Microsoft Visio files and SharePoint to launch two-step phishing attacks, according to researchers at Perception Point. “Perception Point’s security researchers have observed a dramatic increase in two-step phishing attacks leveraging.vsdx files – a file extension rarely used in phishing campaigns until now,” the researchers explain.
Read Post
knowbe4

Criminal Threat Actor Uses Stolen Invoices to Distribute Malware

Nov 13, 2024 By Stu Sjouwerman In KnowBe4
Researchers at IBM X-Force are tracking a phishing campaign by the criminal threat actor “Hive0145” that’s using stolen invoice notifications to trick users into installing malware. Hive0145 acts as an initial access broker, selling access to compromised organizations to other threat actors who then carry out additional cyberattacks.
Read Post
knowbe4

Fortifying Defenses Against AI-Powered OSINT Cyber Attacks

Nov 13, 2024 By James McQuiggan In KnowBe4
In the ever-evolving landscape of cybersecurity, the convergence of Artificial Intelligence (AI) and Open-Source Intelligence (OSINT) has created new opportunities for risk. It is crucial to understand that this powerful combination is also being weaponized by cybercriminals, presenting unprecedented challenges for organizations worldwide.
Read Post
knowbe4

Nation-State Threat Actors Rely on Social Engineering First

Nov 12, 2024 By Stu Sjouwerman In KnowBe4
A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique. In the second and third quarters of 2024, state-sponsored APTs from China, Russia, Iran, and North Korea used social engineering attacks to compromise their targets. Iranian threat actors continued conducting cyber espionage against countries across the Middle East, Europe, and the US. They also expanded their targeting to hit financial companies in Africa.
Read Post
knowbe4

[Eye Opener] Attackers Don't Hack, They Log In. Can You Stop Them?

Nov 9, 2024 By Stu Sjouwerman In KnowBe4
The latest trend in cybercrime is that attackers don't really focus on “hacking” in; they’re logging in. We see this now in the wild, driven by organized criminal groups like Scattered Spider and BlackCat, who’ve reemerged with a renewed focus on gaining access through legitimate means, often exploiting help desks and social engineering tactics.
Read Post
knowbe4

Attackers Abuse DocuSign to Send Phony Invoices

Nov 7, 2024 By Stu Sjouwerman In KnowBe4
Threat actors are abusing DocuSign’s API to send phony invoices that appear “strikingly authentic,” according to researchers at Wallarm. “Unlike traditional phishing scams that rely on deceptively crafted emails and malicious links, these incidents use genuine DocuSign accounts and templates to impersonate reputable companies, catching users and security tools off guard,” Wallarm says.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.