May 26, 2023
|
By Stu Sjouwerman
As the world continues to evolve, so does the nature of warfare. China's People's Liberation Army (PLA) is increasingly focused on "Cognitive Warfare," a term referring to artificial intelligence (AI)-enabled military systems and operational concepts. The PLA's exploration into this new domain of warfare could potentially change the dynamics of global conflict.
May 25, 2023
|
By Stu Sjouwerman
Egress, a cybersecurity company that provides intelligent email security, recently released their Email Security Risk Report 2023. It's solid research that shows 99% of cybersecurity leaders are stressed about their email security with good reason. The numbers are scary. We mentioned their report a few weeks ago, but there are many important findings there.
May 25, 2023
|
By Stu Sjouwerman
Verizon has renewed its warnings to customers about the threat of smishing, a social engineering approach that relies upon texts as opposed to other communication channels like the email used in phishing. The smishing problem may be smaller than the phishing problem, or the robocall nuisance, but it represents a comparable threat that organizations should address in their risk management process.
May 24, 2023
|
By Stu Sjouwerman
New data shows that changes in cybercriminals’ phishing techniques are improving their game, making it easier to make their way into a potential victim user’s inbox. I recently wrote about how 12% of all email threats were getting all the way to the inbox. But new data from cybersecurity vendor Armorblox’s 2023 Email Security Threat Report shows that the number is much higher, depending on the security solutions in place.
May 24, 2023
|
By Stu Sjouwerman
Malign persuasion can take many forms. We tend to hear the most about phishing (malicious emails) or smishing (malicious texts). Other threats are also worth some attention, like the risk of drive-by attacks. One current drive-by campaign is being run by the operators of BatLoader, a malware strain that establishes initial entry and persistence, and then can be used to distribute a range of other malicious code that loots affected systems and networks of valuable data, including funds.
May 24, 2023
|
By Stu Sjouwerman
With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all. When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack?
May 23, 2023
|
By Stu Sjouwerman
Microsoft has observed a thirty-eight percent increase in cybercrime-as-a-service (CaaS) offerings for launching business email compromise (BEC) attacks between 2019 and 2022. “Cybercriminal activity around business email compromise is accelerating,” the company said in a report. “Microsoft observes a significant trend in attackers’ use of platforms like BulletProftLink, a popular service for creating industrial-scale malicious email campaigns.
May 23, 2023
|
By Stu Sjouwerman
The Insider reported that an apparently AI-generated photo faking an explosion near the Pentagon in D.C. went viral. The Arlington Police Department confirmed that the image and accompanying reports were fake. But when the news was shared by a reputable Twitter account on Monday, the market briefly dipped. The photo was spread by dozens of accounts on social media, including RT, a Russian state-media Twitter account with more than 3 million followers — but the post has since been deleted.
May 23, 2023
|
By Stu Sjouwerman
As you all know, KnowBe4 frequently promotes security awareness training and we also mention that unpatched software is a distant number two issue after social engineering. We generally say that unpatched software is involved in 20%-40% of successful exploits. It's been hard though to get good figures on that for years and even CISA has not published hard numbers, even though they appear to focus on it.
May 22, 2023
|
By Jacqueline Jayne
Food for thought as discussed on May 18, 2023, an article posted in The Australian Insurance Council: Banning paying a ransom to cyber hackers is counter-productive where Andrew Hall, the Chief Executive of the Insurance Council of Australia (ICA), stated that “attempts to ban businesses from paying ransoms for cyber attacks risks eroding trust and relationships with government.”
Mar 14, 2023
|
By KnowBe4
Phishing emails increase in volume every month and every year, so we created this free resource kit to help you defend against attacks. Request your kit now to learn phishing mitigation strategies, what new trends and attack vectors you need to be prepared for, and our best advice on how to protect your users and your organization.
Feb 1, 2023
|
By KnowBe4
Artificial intelligence (AI) is no longer science fiction. And the emergence of newer technologies like ChatGPT has raised new questions about the real threats AI poses. Join James McQuiggan, Security Awareness Advocate at KnowBe4, for this presentation as he discusses the benefits of AI, the potential threats, and strategies you can use to protect your network today and in the future.
Jan 31, 2023
|
By KnowBe4
Kevin Mitnick, KnowBe4's Chief Hacking Officer, reveal the real risks of weak passwords. Attack assumes the hacker is already on network with victim’s IP address and password, and is trying to access passwords on the victim’s locked password manager remotely. We strongly recommend that you use a password manager to reduce password reuse and improve complexity, but you may be wondering if it’s really worth the risk. Is it safe to store all of your passwords in one place? Can cybercriminals hack them? Are password managers a single point of failure?
Jan 30, 2023
|
By KnowBe4
Kevin Mitnick, KnowBe4's Chief Hacking Officer, demonstrates how bad actors conduct "password sprays". A password spray is when a cybercriminal chooses a single password and tries it against everyone in their target organization. We strongly recommend that you use a password manager to reduce password reuse and improve complexity, but you may be wondering if it’s really worth the risk. Is it safe to store all of your passwords in one place? Can cybercriminals hack them? Are password managers a single point of failure?
Jan 26, 2023
|
By KnowBe4
Kevin Mitnick, KnowBe4's Chief Hacking Officer, demonstrates how easy it is for bad actors to steal credentials (like saved passwords) from a target's browser.
Jan 18, 2023
|
By KnowBe4
Deliver real-time coaching in response to risky user security behavior with SecurityCoach. SecurityCoach is the first real-time security coaching product created to help IT and Security Operations teams further protect your organization’s largest attack surface — your employees. Introducing a new category of technology called Human Detection and Response (HDR), SecurityCoach helps strengthen your security culture by enabling real-time coaching of your users in response to their risky security behavior.
Dec 21, 2022
|
By KnowBe4
The holiday season is consistently a time where fraudsters and cybercriminals come out in full force. The holidays are an especially busy time of year for cybercriminals.
Dec 14, 2022
|
By KnowBe4
Cybercriminals are infiltrating your social media networks this holiday season. The holidays are an especially busy time of year for cybercriminals.
Apr 2, 2023
|
By KnowBe4
Want to read this bestseller? Register now for your free (instant 240-page PDF download) Cyberheist e-book and learn how to not be the next victim! Cyberheist was fully updated and written for the IT team and owners / management of Small and Medium Enterprise, which includes non-profits, local and state government, churches, and any other organization with more than a few thousand dollars in their bank operating account.
Apr 2, 2023
|
By KnowBe4
Your employees are your largest attack surface. For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit. But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.
Mar 1, 2023
|
By KnowBe4
Hackers have become increasingly savvy at launching specialized attacks that target your users by tapping into their fears, hopes, and biases to get access to their data. Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one. People, no matter their tech savviness, are often duped by social engineer scams, like CEO fraud, because of their familiarity and immediacy factors.
Mar 1, 2023
|
By KnowBe4
Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don't have an effective strategy to stop them. This enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Don't get caught in a phishing net! Learn how to avoid having your end users take the bait. Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.
Feb 1, 2023
|
By KnowBe4
Anything but 100% completion on your employee compliance training is often more than simply frustrating. Compliance audits and regulatory requirements can make anything less than 100% feel like a failure. But, getting compliance on your compliance training is possible! Organizations have struggled for years with getting everyone to complete their required compliance training. This puts organizations at risk of more incidents occurring, fines or reputational damage if an employee is non-compliant.
Feb 1, 2023
|
By KnowBe4
All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks.
- May 2023 (43)
- April 2023 (43)
- March 2023 (14)
- February 2023 (3)
- January 2023 (4)
- December 2022 (3)
KnowBe4 is the provider of the world's largest integrated platform for security awareness training combined with simulated phishing attacks. Join our more than 56,000 customers to manage the continuing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive, and powerful. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design a full-featured, yet easy-to-use platform.
Find Out How Effective Our Security Awareness Training Is:
- Train Your Users: The world’s largest library of security awareness training content. Automated training campaigns with scheduled reminder emails.
- Phish Your Users: Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
- See The Results: Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
Human Error. Conquered.