Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

KnowBe4

knowbe4

New VPN Credential Attack Goes to Great Lengths to Obtain Access

Oct 3, 2024 By Stu Sjouwerman In KnowBe4
A new “so-phish-ticated” attack uses phone calls, social engineering, lookalike domains, and impersonated company VPN sites to gain initial access to a victim network. This is one of the most advanced initial access attacks I’ve seen. Security analysts at GuidePoint Security have published details on a new attack that tricks users into providing the attacker with credentialed access.
Read Post
knowbe4

Cybercriminal Gang Targeting SMBs Using Business Email Compromise

Oct 3, 2024 By Stu Sjouwerman In KnowBe4
Researchers at Todyl have published a report on a major cybercriminal group that’s conducting business email compromise (BEC) attacks against small and medium-sized businesses. Todyl describes three separate BEC attacks launched by this threat actor. In one case, the attackers compromised a Microsoft 365 account belonging to an individual working at a small non-profit.
Read Post
knowbe4

From Desire Paths to Security Highways: Lessons from Disney's Approach to User-Centric Design

Oct 2, 2024 By Javvad Malik In KnowBe4
When Walt Disney first unveiled the Magic Kingdom, he made a decision that would revolutionize theme park design - and inadvertently offer a valuable lesson for cybersecurity professionals. Instead of pre-determining where visitors should walk, Disney let guests create their own paths. Only after observing these "desire paths" did Disney pave the official walkways. This approach, seemingly simple, carries profound implications for how we should approach security in our organizations.
Read Post
knowbe4

Dick's Sporting Goods Cyber Attack Underscores Importance of Email Security and Internal Controls

Oct 2, 2024 By Stu Sjouwerman In KnowBe4
The recent cyber attack on Dick's Sporting Goods makes it clear that email played a critical role and emphasizes the need for better security controls. Dick’s Sporting Goods is a $12 billion company with more than 800 stores across the United States. That measure of success made the retailer the target of a recent cyber attack. A filing with the U.S.
Read Post

[Cybersecurity Awareness Month 2024] Incident Response Fiona Anna Collard

Oct 1, 2024 By KnowBe4 In KnowBe4
In a world where cybersecurity incidents are no longer a matter of if they will happen, but when, having a solid incident response plan is a critical component of cyber resilience and business continuity. The National Institute of Standards and Technology (NIST) provides comprehensive guidelines on how to set up an executive incident response. For this blog, Anna Collard will be drawing inspiration from Fiona, the vibrant and friendly PA to the IT director in the first season of our security awareness series "The Inside Man," to illustrate how effective incident response should be managed.
View Video
knowbe4

New Survey Shows 40% of Respondents Never Received Cybersecurity Training From Their Employer

Oct 1, 2024 By Stu Sjouwerman In KnowBe4
Yubico has published a survey of 20,000 people from 10 countries around the world, finding that 40% of respondents have never received cybersecurity training from their employer. Additionally, 70% of respondents said they’ve been exposed to cyber attacks in their personal lives within the past 12 months, and 50% faced cyber attacks at work.
Read Post
knowbe4

Threat Actors Behind MFA Bypass Service 'OTP Agency' Plead Guilty to Fraud

Oct 1, 2024 By Stu Sjouwerman In KnowBe4
The criminal prosecution of the threat actors behind the "OTP Agency" has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication. The OTP Agency launched back in November of 2019. Their service was simple: if you have a compromised credential, their service would call the credential owner and pose as the website the account was for citing fraudulent activity, and ask the owner to verify themselves by providing the one-time password (OTP) sent to them via SMS.
Read Post
knowbe4

The Number of Ransomware Attacks Around the World Increased by 73% in 2023

Sep 30, 2024 By Stu Sjouwerman In KnowBe4
The number of ransomware attacks around the world increased by 73% in 2023, according to a new report by the Institute for Security and Technology’s Ransomware Task Force (RTF). These attacks opportunistically target organizations across all industries, but the hardest-hit sectors over the past two years have been construction, hospitals and health care, government, IT services and consulting, and financial services.
Read Post
knowbe4

From Tetris to Minecraft: The Evolution of Security Awareness into Human Risk Management

Sep 27, 2024 By Javvad Malik In KnowBe4
Once upon a time, security awareness training resembled a never-ending game of Tetris. Threats cascaded down, demanding swift action and strategy, only to speed up until we inevitably faltered. Today, we've entered a new realm of engagement, creativity, and community in human risk management.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.