Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

What Bletchley Park Can Teach Us About Building a Strong Security Culture

Oct 7, 2024 By Javvad Malik In KnowBe4
During World War II, a group of brilliant minds led by Alan Turing gathered at Bletchley Park in England to crack the German Enigma code. This wasn't just a technological challenge, it was a race against time that required diverse skills, innovative thinking, and collaboration. The success at Bletchley Park didn't come from a single genius or a magic machine, but from a collective effort that brought together linguists, mathematicians, chess players, and even crossword enthusiasts.
Read Post
knowbe4

Free Phishing Platform Has Created More than 140,000 Spoofed Websites

Oct 7, 2024 By Stu Sjouwerman In KnowBe4
A free phishing-as-a-service (PhaaS) platform named Sniper Dz has assisted in the creation of more than 140,000 phishing sites over the past year, according to researchers at Palo Alto Networks. The service allows unskilled criminals to spin up sophisticated phishing sites that steal credentials or deliver malware.
Read Post
knowbe4

Financial Services Industry Experiences a Massive Increase in Brand Abuse

Oct 4, 2024 By Stu Sjouwerman In KnowBe4
Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate. It’s one thing to see your industry at the top of some “state of” cybersecurity report, but it’s entirely different to learn that 68% of all phishing web pages identified in a single quarter are from your industry. That’s exactly what we find in Akamai’s latest analysis of websites across the Internet.
Read Post
knowbe4

New VPN Credential Attack Goes to Great Lengths to Obtain Access

Oct 3, 2024 By Stu Sjouwerman In KnowBe4
A new “so-phish-ticated” attack uses phone calls, social engineering, lookalike domains, and impersonated company VPN sites to gain initial access to a victim network. This is one of the most advanced initial access attacks I’ve seen. Security analysts at GuidePoint Security have published details on a new attack that tricks users into providing the attacker with credentialed access.
Read Post
knowbe4

Cybercriminal Gang Targeting SMBs Using Business Email Compromise

Oct 3, 2024 By Stu Sjouwerman In KnowBe4
Researchers at Todyl have published a report on a major cybercriminal group that’s conducting business email compromise (BEC) attacks against small and medium-sized businesses. Todyl describes three separate BEC attacks launched by this threat actor. In one case, the attackers compromised a Microsoft 365 account belonging to an individual working at a small non-profit.
Read Post
knowbe4

Don't Put Real Answers Into Your Password Reset Questions

Oct 3, 2024 By Roger Grimes In KnowBe4
This recent article on how a hacker used genealogy websites to help better guess victims' password reset answers made it a great time to share a suggestion: Don’t answer password reset questions with real answers! It’s not Jeopardy! You don’t have to answer the questions correctly. In fact, you’re putting yourself at increased risk if you do. Instead, give a false question to any required password reset answer.
Read Post
knowbe4

From Desire Paths to Security Highways: Lessons from Disney's Approach to User-Centric Design

Oct 2, 2024 By Javvad Malik In KnowBe4
When Walt Disney first unveiled the Magic Kingdom, he made a decision that would revolutionize theme park design - and inadvertently offer a valuable lesson for cybersecurity professionals. Instead of pre-determining where visitors should walk, Disney let guests create their own paths. Only after observing these "desire paths" did Disney pave the official walkways. This approach, seemingly simple, carries profound implications for how we should approach security in our organizations.
Read Post
knowbe4

Dick's Sporting Goods Cyber Attack Underscores Importance of Email Security and Internal Controls

Oct 2, 2024 By Stu Sjouwerman In KnowBe4
The recent cyber attack on Dick's Sporting Goods makes it clear that email played a critical role and emphasizes the need for better security controls. Dick’s Sporting Goods is a $12 billion company with more than 800 stores across the United States. That measure of success made the retailer the target of a recent cyber attack. A filing with the U.S.
Read Post

[Cybersecurity Awareness Month 2024] Incident Response Fiona Anna Collard

Oct 1, 2024 By KnowBe4 In KnowBe4
In a world where cybersecurity incidents are no longer a matter of if they will happen, but when, having a solid incident response plan is a critical component of cyber resilience and business continuity. The National Institute of Standards and Technology (NIST) provides comprehensive guidelines on how to set up an executive incident response. For this blog, Anna Collard will be drawing inspiration from Fiona, the vibrant and friendly PA to the IT director in the first season of our security awareness series "The Inside Man," to illustrate how effective incident response should be managed.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.