Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/11/2016
05:00 PM
Dark Reading
Dark Reading
Products and Releases
100%
0%

KnowBe4 Unveils Kevin Mitnick Security Awareness Training Spring 2016

KnowBe4 adds first human pentest, USB drive test, and geo-location to simulated phishing testing.

(Clearwater/Tampa Bay, FL) April 12, 2016 -- KnowBe4 Inc., the United States’ most popular integrated platform for security awareness training and simulated phishing tests, released a new Spring 2016 version with advanced security features, bringing enterprise level security features to SMBs. Exploding threats of ransomware, CEO email fraud and other social engineering attacks make employee training a must. KnowBe4 helps IT manage the risks of social engineering with advanced security features in its new Kevin Mitnick Security Awareness Training Spring 2016.

An FBI alert issued on April 4, 2016 warned of a massive increase in CEO fraud to the tune of 2.3 billion dollars. Companies are now realizing they cannot keep doing the same old annual awareness training, as threats are evolving much faster.

KnowBe4’s program provides a comprehensive new-school approach that integrates baseline testing using mock attacks, engaging web-based training and continuous assessment through simulated phishing, vishing or smishing attacks to build a more resilient and secure organization. KnowBe4 also provides "double-random" message delivery with hundreds of highly realistic phishing messages, spread over time. Every employee receives a different phishing email at a different time, eliminating the “prairie dog” effect. Automated phishing campaigns with unlimited usage and community templates help keep IT efforts current. The new advanced features include:

  • EZXploit™: Includes patent pending functionality that allows an internal, fully automated "human pentest". By launching a simulated phishing attack, which when clicked, comes up with a secondary ruse like a Java popup that the user is further social engineered to click on. No malicious action is performed but the process allows IT to see which data is accessible and users most prone to click by scanning info such as user name, IP address, a user's workstation and Active Directory info.

KnowBe4’s Chief Hacking Officer Kevin Mitnick stated "EZXploit truly assesses whether your business can be exploited by the bad guys. Just clicking on a link sent in email alone doesn't mean your business can be successfully phished. The true test is to determine whether the user can be exploited. EZXploit allows you to evaluate that risk."

  • USB Drive Test™: A customer can download a special, "beaconized" Microsoft Office file from the KnowBe4 admin console onto a USB drive which can then be dropped at an on-site, high traffic area. If an employee picks up the USB drive, plugs it in their workstation, and opens the file, it will "call home" and report the fail.

A recent study sponsored by University of Illinois, University of Michigan and Google, found 98% picked up dropped USBs and 45% opened or enabled files, confirming this as an effective attack vector for social engineering.

  • GEO-location was added by KnowBe4 to its phishing templates, allowing an admin to see where simulated phishing attack failures are on a map, with drilldown capability and CSV-export options. This is highly useful for multi-site offices and road warriors alike.

KnowBe4’s CEO Stu Sjouwerman stated, “Employees are the weakest link in your network security and you need effective security awareness training to keep on top of furiously innovating cybercrime. The new features we are announcing were previously out of reach for IT managers with limited budget, and we have worked hard to make effective training and frequent simulated phishing affordable for these companies.”

The strong demand for KnowBe4’s training has propelled it into the Cybersecurity 500 and fueled unparalleled growth for 11 straight quarters.

For more information, pricing, or demos, visit www.KnowBe4.com

About KnowBe4
KnowBe4 is the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. Realizing that the human element of security was being seriously neglected, KnowBe4 was created by two of the best known names in cybersecurity, Kevin Mitnick (the World’s Most Famous Hacker), and Inc. 500 alum serial security entrepreneur Stu Sjouwerman, to help organizations manage the problem of social engineering tactics through new school security awareness training. The company maintains a top spot in the Cybersecurity 500, the definitive list of the world’s hottest and most innovative companies in cybersecurity. More than 3,500 organizations use KnowBe4’s platform to keep employees on their toes with security top of mind. KnowBe4 is used across all industries, including highly regulated fields such as finance, healthcare, energy, government and insurance.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25655
PUBLISHED: 2021-06-24
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).
CVE-2021-25656
PUBLISHED: 2021-06-24
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).
CVE-2021-25649
PUBLISHED: 2021-06-24
** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be availab...
CVE-2021-25650
PUBLISHED: 2021-06-24
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services.
CVE-2021-25651
PUBLISHED: 2021-06-24
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services.