June 13, 2024 at 05:33PM KnowBe4 announced its new Risk & Insurance Partner Program to address the rising cyber threats. The program offers exclusive discounts and aims to combine KnowBe4’s platform with partners’ cyber risk expertise. CEO Stu Sjouwerman emphasized the need to better protect customers from evolving cyber threats and encouraged interested parties to … Read more
June 4, 2024 at 09:12AM KnowBe4 announced an integration with MobileMind, enabling K12 school districts to track and report on completed security awareness training. This partnership aims to strengthen organizations’ security resilience by providing a seamless learning experience. CEO Stu Sjouwerman emphasized the importance of educating end users on cyber threats, while MobileMind’s CEO Tyce … Read more
May 14, 2024 at 07:15AM Deploying advanced authentication measures is crucial for organizations in addressing human users as the weakest cybersecurity link. Mistakes to avoid include failing to conduct a risk assessment, neglecting integration with current systems, relying on one authentication factor, disregarding user experience, overlooking authentication activities, and neglecting user training. These mistakes hinder … Read more
May 13, 2024 at 10:19AM The Post Millennial and Human Events were hacked, exposing data of writers, editors, and subscribers. Have I Been Pwned added this data, including names, email addresses, passwords, and more, to their breach notification service. The source of the data is unclear. The affected sites have not issued statements, so subscribers … Read more
May 2, 2024 at 03:35PM Summary: The landscape of cybersecurity involves psychological tactics alongside technological defenses. The MGM Casino hack exemplifies the evolution of social engineering, demonstrating sophisticated strategies that leverage psychological manipulation. The incidents highlight the human element as an exploitable vulnerability, emphasizing the need for security awareness training, strict access controls, and verification … Read more
May 1, 2024 at 07:12AM In order to improve security, organizations must recognize the importance of training their staff to become the first line of defense against cyber threats. Security Awareness Training (SAT) aims to educate employees on cybersecurity risks, minimize exposure to threats, and maintain regulatory compliance. However, the efficacy of traditional SAT programs … Read more
April 28, 2024 at 12:03PM Security researchers found that phishing campaigns targeting the USPS saw fake domains receiving traffic similar to the legitimate site, especially during holidays. The phishing operations mimic genuine USPS services, with convincing designs and tracking pages. Malicious domains received over 1.1 million queries, indicating heightened activity during the winter holidays. Consumers … Read more
April 26, 2024 at 09:57AM Unknown threat actors targeted Ukrainian government entities using an old Microsoft Office RCE exploit (CVE-2017-8570) to deliver a malicious PowerPoint file via Signal. The attack involved a Russian VPS and Cobalt Strike Beacon for information theft. The campaign’s advanced masquerading and evasive techniques pose challenges for detection and attribution. Enhanced … Read more
April 26, 2024 at 08:39AM Thousands of patients’ personal and health information was exposed in a data breach at Los Angeles County Department of Health Services. The breach was a result of a phishing attack on employees, compromising 23 mailboxes. Approximately 6,085 individuals’ information may have been impacted. The health system took measures to address … Read more
April 25, 2024 at 03:58PM The Los Angeles County Department of Health Services revealed a data breach involving patients’ personal and health information exposed by a phishing attack on 23 employees’ email credentials. The breached data includes patients’ names, contact information, medical records, and health plan details, though not Social Security Numbers or financial data. … Read more