Latest news with #ErichKron
Associated Press
22-05-2025
- Business
- Associated Press
Stay Cyber-Safe This Summer With the Top 7 Cybersecurity Travel Tips From KnowBe4
KnowBe4 shares cybersecurity tips for travelers to protect their information during summer trips TAMPA BAY, Fla., May 22, 2025 /PRNewswire/ -- KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today offered key travel safety tips tailored to address cybersecurity threats targeting travelers this summer. As travelers prepare for their summer getaways, cybercriminals look for ways to exploit security gaps in travel plans. The increase in social engineering scams, public WiFi vulnerabilities and emerging mobile device threats highlights the critical need for proactive protection measures. KnowBe4 is offering advice to help travelers lower their cyber risk exposure while on vacation. KnowBe4's top seven summer travel cybersecurity tips include: 'No matter how far we travel, cybercriminals remain closer than we think,' said Erich Kron, Security Awareness Advocate at KnowBe4. 'While it's easy to let your guard down during a trip, keeping cybersecurity at the forefront can prevent your vacation from being derailed by scams or cyberattacks. With these holiday tips, KnowBe4 aims to equip travelers with practical tools and actionable knowledge to navigate today's digital landscape securely.' For more information on KnowBe4, visit About KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset. Media Contact: Kathy Wattman SVP of Public Relations [email protected] 727-474-9950 View original content to download multimedia: SOURCE KnowBe4 Inc.
Forbes
14-05-2025
- Forbes
New Zoom Alert—Update Windows, iOS, Android Apps Now
Video conferencing app Zoom has issued a new update alert after fixing multiple vulnerabilities affecting its Workplace apps. The fixes affect Zoom Workplace apps across various platforms, including Windows, macOS, Linux, iOS and Android. The worst issue is a flaw tracked as CVE-2025-30663, which is ranked as having a high severity, according to Zoom's security bulletin. The Zoom flaw is a time-of-check to time-of-use issue. This could, in theory, allow an attacker to modify or replace a file between it being checked and being used. The other vulnerabilities are ranked as having a medium severity. Among these, CVE-2025-30668 is an integer underflow issue in Zoom Workplace apps for Windows. Meanwhile, CVE-2025-46785 is a buffer over-read issue in Zoom Workplace apps for Windows. CVE-2025-30665 and CVE-2025-30666 are NULL pointer dereference issues in Zoom Workplace apps for Windows. None of the flaws are known to have been used in real-life attacks. The Zoom patches come at a busy time for updates. Apple has issued iOS 18.5, fixing over 30 issues in its iPhone operating system, alongside other updates including iPadOS 17.7.7. Meanwhile, Microsoft's Patch Tuesday addresses a number of important flaws. In total, there are nine Zoom flaws, the worst of which could allow an attacker to elevate privileges, says Erich Kron, security awareness advocate at Knowbe4. "Given the number of people that use and rely on Zoom for their organizations' day-to-day activities, this type of flaw could be very significant,' he says. Since the pandemic, Zoom has remained a key communication tool for businesses globally. But as AI allows attackers to create fake images and videos, it's difficult to know whether people are who they say they are. Deepfake audio and video have already been an issue, and in this case having a Zoom meeting initiated from a legitimate account could be the difference between a person believing the caller and not believing them, says Kron. Fortunately, exploiting the Zoom flaw in question is not something that can be done easily remotely, he says. This means physical access to your device is required, which is obviously much more difficult for an adversary. 'However, it demonstrates what may be possible with other future vulnerabilities that could be remotely exploited,' Kron says. The Zoom updates cover multiple apps, so it's a good idea to check your devices now. If the updates are available, apply them as soon as you can to keep your Zoom apps safe.
Techday NZ
14-05-2025
- Business
- Techday NZ
Australia, New Zealand invest AUD $7 million in cyber education
Australia and New Zealand have ranked third globally for phishing vulnerability, with a baseline Phish-prone Percentage (PPP) of 36.8% according to KnowBe4's 2025 Phishing by Industry Benchmarking Report. The report provides an analysis of cybersecurity readiness based on how likely employees are to fall victim to social engineering or phishing attempts. The PPP metric, developed by KnowBe4, reflects the percentage of users who are susceptible to phishing prior to any security training. For Australia and New Zealand (ANZ), this baseline figure of 36.8% is higher than both the global average of 33.1% and the European average of 32.5%. KnowBe4's study draws on data from 67.7 million simulated phishing exercises conducted among 14.5 million users in 62,400 organisations worldwide. Employees underwent a programme of security awareness training, with their PPP tracked at intervals of ninety days and again after more than a year, to evaluate the effectiveness of ongoing training in reducing cyber risk. The findings highlight a marked improvement in resilience to phishing threats following sustained training. Within the first ninety days of awareness training, the average PPP in the region dropped from 36.8% to 19.9%. After twelve months, this figure declined further to just 4.9% on average. KnowBe4 noted that these results are consistent with global patterns, where ongoing security awareness initiatives play a substantial role in strengthening defences against cyber attacks. Large organisations in Australia and New Zealand were identified as the most susceptible globally, with an initial PPP of 44.6%. The report shows these organisations reduced their risk dramatically to 4.7% after a year of continuous security awareness training. The data also indicated that the critical infrastructure and banking sectors were the most vulnerable to phishing in the ANZ region at the outset of the study. Government action in response to the findings has included an investment of AUD $7 million, distributed among 200 recipients, to support community-level cyber education initiatives. This forms part of broader efforts to build long-term resilience, which also include legislative measures to address the increasing sophistication of cyber threats targeted at critical infrastructure sectors. International cooperation has become a core strategy in the region's response to cyber challenges. Australia and New Zealand have engaged with partners through the Five Eyes security alliance and invested in developing a skilled cybersecurity workforce as part of their approach to strengthening organisational and national resilience. Erich Kron, Security Awareness Advocate at KnowBe4, commented on the results: "Our report shows that large ANZ organisations began with the highest phishing vulnerability globally at 44.6% yet achieved a remarkable reduction to just 4.7% after ongoing training. The most significant shift we are seeing is the growing recognition by the Australian government of the critical role that community-level education plays in building a resilient cyber ecosystem, evidenced by their AUD $7 million investment across 200 recipients. While progress is being made, it is clear from the data in the report that sustained security training is essential to drive long-lasting change." The KnowBe4 report reiterates the importance of regular, comprehensive security training in reducing individuals' susceptibility to phishing and social engineering, particularly within sectors deemed high risk. The report underlines the necessity of a multifaceted approach that combines education, government policy, industry collaboration, and workforce development to address the persistent risk posed by phishing attacks in the region. Follow us on: Share on:
