Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

KnowBe4

More Than 33,000 People in the UK Have Been Hacked Over the Past Year

Action Fraud, the UK’s national fraud and cyber crime reporting service, warns that more than 33,000 people have reported that their online accounts have been hacked over the past year. Most of these hacks were the result of phishing and other social engineering tactics. Action Fraud describes one technique that involves using a compromised account to target the victim’s friends.

Cyber Attackers are Adopting a "Mobile First" Attack Strategy

With 16+ billion mobile devices in use worldwide, new data sheds light on how cyber attackers are shifting focus and tactics to put attacks into the victim’s hands. There’s an interesting story woven throughout mobile security provider Zimperium’s 2024 Global Mobile Threat Report that demands the attention of organizations intent on securing every attack vector – which includes personal mobile devices.

Phishing Attacks Are Abusing Legitimate Services to Avoid Detection

Microsoft warns that threat actors are abusing legitimate file-hosting services to launch phishing attacks. These attacks are more likely to bypass security filters and appear more convincing to employees who frequently use these services. “Legitimate hosting services, such as SharePoint, OneDrive, and Dropbox, are widely used by organizations for storing, sharing, and collaborating on files,” Microsoft says.

FBI Warns Scammers Are Targeting Law Firms For Phony Debt Collections

The U.S. FBI warns that scammers are attempting to trick law firms into transferring money as part of a phony debt collection scheme. The scam “may focus on any type of representation where a lawyer is hired to assist in the transfer or collection of money, e.g. real estate, collection matters, collaborative law agreements in family matters, etc.” The schemes typically take the following steps: The FBI outlines some recommendations to help organizations avoid falling for these scams.

AI-Enhanced Cyber Attacks Top the List of Potential Threats Facing Data Security

AI is quickly becoming the basis for more cyber attacks, leading organizations to realize the risk it presents. A new report now shows that AI-enhanced cyber attacks are now the top concern of security leaders. I recently wrote about how prolific ransomware attacks are and what the outcomes were for those experiencing attacks. In the same report - GetApp’s 2024 Data Security report – I also found some interesting data around where AI sits in the list of concerns for cybersecurity leaders.

KnowBe4 Named a Leader in the Fall 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) Software

We are excited to announce that KnowBe4 has been named a leader in the Fall 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the 14th consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 318 G2 customer reviews, KnowBe4’s PhishER platform is the top ranked SOAR software.

The Number of Malicious Emails Reaching Inboxes Is Declining

New research shows that less malicious emails are getting past security scanners to the inbox, but also provides details about how phishing emails are becoming increasingly dangerous. So much of our training is centered around elevating the employee’s state of cyber awareness so that when they do come across that sketchy email or that too good to be true web page, they know better. But it’s only one part of a larger cybersecurity effort within an organization.

KnowBe4 Named a Leader in the Fall 2024 G2 Grid Report for Security Awareness Training

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. Have you ever wanted to peek behind the curtain of Security Awareness Training (SAT) platforms and see which one truly stands out? Well, you don't need to wonder anymore.

44% of U.S. Organizations Experienced One or More Ransomware Attacks in the Last Year

As ransomware becomes more pervasive, new data provides insight into how well organizations are responding and the attack vector being used most. We hear a lot about ransomware attacks, but I’m not seeing data about how well organizations fared, so I was glad to see GetApp’s 2024 Data Security report. According to the report, nearly half of U.S.

"Operation Kaerb" Takes Down Sophisticated Phishing-as-a-Service Platform "iServer"

A partnering of European and Latin American law enforcement agencies took down the group behind the mobile phone credential theft of 483,000 victims. Someone steals a physical mobile phone and they need to unlock it. But to do so, you need the Apple ID or Google account of the phone’s owner. So, where do you go? Well, it used to be iServer – an automated phishing-as-a-service platform that could harvest credentials to unlock the stolen phones.