Scammers are now impersonating KnowBe4, a legitimate company that specializes in phishing training. Cofense, another company who specializes in phishing prevention, has found a new phishing scam that uses fake security awareness training emails. These fake emails warn users that they have 24 hours to complete their security awareness training before it expires. They are then told that the training will not be conducted on an employee training portal, and that they need to click a link to a fake KnowBe4 website. This link takes the user to a fake Outlook page hosted on a Russian domain that then asks them to provide their username, password, email, name, birthday, and address. This stolen information can then be used to compromise your work network, or to hijack your email to run BEC scams on other unsuspecting people! For more information, feel free to check out the link below.
Windows 10 vulnerability using SAM registry entries allows local elevation privileges
The FBI has issued a warning to companies about scammers impersonating construction companies to target critical US infrastructure sectors.