Monthly Archives: May 2024

By Roger Grimes.  Security awareness training (SAT) and simulated phishing works to significantly reduce cybersecurity risk. We have the data, customer testimonials, and government recommendations to prove it.

New insight into ransomware attacks show that cyber attacks are a top concern for organizations – with many not aware they were a victim until after the attack.

Check out the 60 new pieces of training content added in May, alongside the always fresh content update highlights, events and new features.

This Pro-Hamas hacktivist group has updated their payload arsenal to include updated versions of their BiBi Wiper malware, and two new wiper variants.

Threat actors are abusing cloud storage platforms to host phishing sites that can more easily evade detection by security scanners, according to researchers at Enea. Criminals are exploiting numerous cloud services, including Google Cloud, AWS, IBM Cloud, and others.

Criminals are launching a variety of scams targeting Muslims around the world who are planning on making the Hajj pilgrimage to Mecca, according to researchers at Resecurity.

The China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point.

We are big fans of the U.S. Cybersecurity Infrastructure Security Agency (CISA), whose informal slogan of “An organization so committed to security that it’s in our name twice” is a source of pride.

If you want to sell cloud-based software to the U.S. Government, you need to be FedRAMP authorized. This is what they state in their Program Overview:

Fluctuations in consecutive quarterly reports demonstrates that organizations should be worried that their cyber defenses may not be strong enough to stop phishing attacks.

Working to ensure all communities within the United States are educated and prepared, the Cybersecurity and Infrastructure Security Agency (CISA) has released a set of tools, services and assistance to level the playing field.

As someone who can barely keep up when my 10-year-old shows me around his Minecraft worlds, I was a bit apprehensive about writing a review of our gamified cybersecurity awareness module. But hey, maybe being a bit of a klutz … Read More

Several phishing campaigns are targeting users of the Foxit PDF Reader, according to researchers at Check Point. Foxit is a popular alternative to Adobe Acrobat Reader for viewing PDF files.

Companies have needed a website for the last 25 years at least. But where do you host your site? The techies at HostingAdvice decided to create an extremely thorough real-world review site to share their expertise.  And clearly, your organization’s … Read More

Analysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams.

Summer has finally arrived in certain parts of the world, and with it come many exciting events — from the grandeur of the Olympics to the grass courts of Wimbledon, from the electrifying performances of Taylor Swift to the many … Read More

The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organizations defend themselves against business email compromise (BEC) attacks, especially those targeting senior staff members.

I recently heard another heartbreaking story of students who were scammed out of financial aid by a phishing attack. We have also heard stories of employment scams and social media based attacks where students fell victim to cybercriminals. 

For better or for worse, we live in a world that is an anarchy of nations. Over the last few decades, warfare has transcended traditional battlefields. We may already be experiencing a cold World War III, not with bombs and … Read More