For the fifth year in a row, we've been honored with the TrustRadius Tech Cares Award! This recognition is a testament to our unwavering commitment to corporate social responsibility (CSR) and the incredible efforts of our team. What makes this recognition so special is that it celebrates companies that go above and beyond in their CSR programs. At KnowBe4, we've always believed that our responsibility extends far beyond our products and services.

Researchers at Menlo Security warn that a phishing campaign is exploiting Google Drawings to evade security filters. The phishing emails inform the user that their Amazon account has been suspended, instructing them to click on a link in order to update their information and reactivate their account. The phishing page is crafted with Google Drawings, which makes it more likely to fool humans while evading detection by security technologies.

Researchers at ThreatFabric warn that a phishing campaign is distributing the Chameleon Android malware by impersonating a Customer Relationship Management (CRM) app. The campaign is currently targeting users in Canada and Europe, but may expand to other regions. “The naming used for the dropper and the payloads clearly shows that the intended victims of the campaign are hospitality workers and potentially B2C business employees in general,” ThreatFabric says.

Cross-Site Request Forgery (CSRF) is a serious web security vulnerability that allows attackers to exploit active sessions of targeted users to perform privileged actions on their behalf. Depending on the relevancy of the action and the permissions of the targeted user, a successful CSRF attack may result in anything from minor integrity impacts to a complete compromise of the application.

From email compromise to insider threat, manufacturing businesses are under pressure to defend themselves effectively from threats across their environment. Drawing on insights from the recent Kroll report, The State of Cyber Defense: Manufacturing Resilience, this article outlines the primary threats currently impacting manufacturing companies.

In this episode of the Trust Issues podcast, Debashis Singh and host David Puner explore the intricate world of digital transformation and identity security. Debashis, the Global CIO at Persistent Systems, shares his frontline insights on the singular challenges and strategies organizations face on their digital transformation journeys.

Attackers and bot authors are continually evolving their methods, shifting their focus beyond just websites. With websites often having a reasonable level of protection, malicious actors are increasingly targeting less-protected areas, namely APIs, with their bots. This blog post delves into the evolving threat landscape. We’ll focus on how attackers exploit APIs and IoT devices to launch attacks like credential stuffing, using streaming services as a prime example.

The National Institute of Standards and Technology (NIST) helps organizations implement best practices across their operations, including cybersecurity. In particular, NIST password guidelines outlines are considered the gold standard for solid password creation and management policies.

Welcome to our post-release blog post where we share the latest GitProtect enhancements and new features launched with version 1.8.0. Although we believe that these changes could not have been missed!

Experience the heat of innovation at BSides Las Vegas 2024, where cybersecurity experts tackle AI security, passwordless solutions, and zero-downtime credential rotation.