Monthly Archives: March 2024

Using little more than a well-known business name and a invoice-related PDF, the “NaurLegal” phishing campaign aims at installing malware trojans.

New analysis of APT29’s (aka Cozy Bear) activities and their association with Russia’s Foreign Intelligence Service (SVR) has revealed suspected attempts to collect political intelligence.

A new malware loader is delivering the Agent Tesla remote access Trojan (RAT), according to researchers at Trustwave SpiderLabs. The malware is distributed by phishing emails with malicious attachments.

New data shows organizations are well aware that their users are one of their greatest cybersecurity risks today, and yet aren’t taking the right steps to remediate the risk.

Check out the 35 new pieces of training content added in March, alongside the always fresh content update highlights, events and new features.

Attention Google Workspace users! You’ve asked, and we’ve delivered, integrating KnowBe4’s SecurityCoach with Google Chat.

Analysis of a new initial access malware attack shows how simple these attacks can be while also proving that malware can reside on legitimate repositories.

The threat of novel malware is growing exponentially, making it more difficult for security solutions to identify attachments and links to files as being malware.

Israeli researchers came out with a hell of a hing just now. Here is a bit of the abstract and a video. YIKES.

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its focus on bypassing victims’ multi-factor authentication measures.

A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy toward being cyber resilient.

We’re thrilled to announce the release of the 2024 Security Culture Report, which dives deep into how security measures affect organizations and the way employees act and feel at work.

The one thing I love about our annual conference in Orlando, KB4-CON, is its thought-provoking nature. Year after year, the events team manages to keep a fine balance between product updates and thought leadership talks. The convention is the best … Read More

A new Chrome update brings to light Google findings about malicious websites that have serious implications on detecting malicious links, spoofed brands and the use of legitimate web services.

The FBI’s Internet Crime Complaint Center (IC3) newly-released Internet Crimes Report provides an unbiased big picture of the cyber crimes that were the most used and most successful.

New data shows increased expertise in leveraging and exploiting cloud environments.

The threat group “RA World” (formerly RA Group) has shifted from country-specific ransomware attacks to include specific industries via a new – not previously seen – method of extortion.

The following paragraphs were cited directly from my recent article highlighting social engineering. “Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close.

In an age when 70% – 90% of successful data breaches involve social engineering (which gets past all other defenses), sufficient training is needed to best reduce human-side cybersecurity risk. Everyone should be trained in how to recognize social engineering … Read More