Tag: social-engineering
-
Workday: Datenleck bei großem Cloud-Softwarekonzern
Cyberkriminelle sind per Social Engineering in eine CRM-Plattform eingedrungen. Workday ist nur einer von vielen betroffenen Konzernen. First seen on golem.de Jump to article: www.golem.de/news/workday-datenleck-bei-grossem-cloud-softwarekonzern-2508-199297.html
-
Workday hit in wave of social engineering attacks
A campaign of voice-based social engineering attacks targeting users of Salesforce’s services appears to have struck HR platform Workday First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366629343/Workday-hit-in-wave-of-social-engineering-attacks
-
Workday hit by social engineering data breach targeting its CRM platform
The human resources software company Workday announced that some customer information was obtained in a social engineering attack. First seen on therecord.media Jump to article: therecord.media/workday-social-engineering-data-breach
-
Ransomware-Gruppe Interlock zielt auf Command-andInfrastruktur bei deutschen Hosting-Providern
Arctic Wolf Labs, das Threat-Research-Team von Arctic Wolf, hat am 15. August 2025 eine aktualisierte Analyse zur Ransomware-Gruppe Interlock veröffentlicht. Der Akteur setzt auf neue Social-Engineering-Taktiken (ClickFix/FileFix) und zielt häufig auf virtuelle Umgebungen ab. Besonders relevant: Arctic Wolf identifizierte neue Indikatoren für eine Kompromittierung (IOCs) aus eigener Telemetrie, darunter Command-and-Control-Infrastruktur bei deutschen Hosting-Providern (z.B. 168.119.96[.]41).…
-
HR giant Workday discloses data breach after Salesforce attack
Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hr-giant-workday-discloses-data-breach-amid-salesforce-attacks/
-
Workday Data Breach Exposes HR Records via Third-Party CRM Hack
Tags: access, breach, cyber, data, data-breach, risk, security-incident, social-engineering, software, supply-chain, unauthorizedEnterprise software giant Workday has disclosed a security incident involving unauthorized access to employee information through a compromised third-party customer relationship management (CRM) platform. The breach, discovered as part of a broader social engineering campaign targeting multiple large organizations, has raised concerns about supply chain security risks in the enterprise software sector. Incident Details and…
-
HR giant Workday discloses data breach amid Salesforce attacks
Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hr-giant-workday-discloses-data-breach-amid-salesforce-attacks/
-
Scattered Spider and ShinyHunters’ Next Move: Leaking Data
Extortionists Detail Fresh Victims, Although Sensitivity of Stolen Data Unclear. Extortionists tied to the Scattered Spider and ShinyHunters hacking collectives have begun naming victims and leaking data via a new, dedicated Telegram channel. Many of the breaches appear to trace to social engineering attacks that gained attackers access to a victim’s Salesforce instance. First seen…
-
ClickFix macOS Malware Targets User Login Credentials
Security researchers have identified a new malware campaign targeting macOS users through a sophisticated ClickFix technique that combines phishing and social engineering to steal cryptocurrency wallet details, browser credentials, and sensitive personal data. The Odyssey Stealer malware, discovered by X-Labs researchers in August 2025, represents an evolution of earlier ClickFix attacks that previously focused on…
-
Social Engineering laut Unit 42 Haupteinfallstor 2025
Tags: social-engineeringFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/social-engineering-forschung-unit-42-haupteinfallstor-2025
-
Tips to Protect Yourself on LinkedIn from Fraud, Social Engineering, and Espionage
Tags: business, cyber, cybersecurity, data, espionage, fraud, jobs, linkedin, malicious, phishing, risk, social-engineering, spam, tool, vulnerabilityLinkedIn is a great communication tool for business professionals that informs, provides opportunities, and fosters collaboration”Š”, “Šwhich is exactly why it is attractive to sophisticated cyber adversaries, including aggressive nation state actors, who use LinkedIn for nefarious activities such as information gathering, target profiling, human-asset engagement, fraud, social engineering, and trust building. Urgent and time…
-
Social Engineering als Haupteinfallstor 2025
Die neue Social-Engineering-Edition des 2025 Global Incident Response Report von Unit 42 zeigt: Social Engineering ist 2025 das häufigste Einfallstor für Cyberangriffe [1]. In mehr als einem Drittel der über 700 analysierten Fälle weltweit nutzten Angreifer Social Engineering als Einstieg, also den gezielten Versuch, Menschen durch Täuschung zu bestimmten Handlungen zu verleiten und so Sicherheitskontrollen……
-
Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework
Tags: access, advisory, ai, attack, authentication, automation, backup, breach, china, cisa, cloud, computer, credentials, cve, cyber, cybersecurity, data, defense, detection, docker, exploit, framework, github, google, government, grc, group, guide, hacker, healthcare, identity, infrastructure, iot, ISO-27001, jobs, kubernetes, malicious, malware, mfa, microsoft, mitigation, monitoring, network, nist, open-source, password, programming, ransomware, resilience, risk, risk-management, service, social-engineering, software, startup, strategy, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-dayCheck out what CISA found after it dissected malware from the latest SharePoint hacks. Plus, the U.K.’s cyber agency is overhauling its cyber framework to keep pace as threats escalate. In addition, Google is warning that cloud attacks are getting dangerously sophisticated. And get the latest on CISA’s new malware analysis platform and its report…
-
Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework
Tags: access, advisory, ai, attack, authentication, automation, backup, breach, china, cisa, cloud, computer, credentials, cve, cyber, cybersecurity, data, defense, detection, docker, exploit, framework, github, google, government, grc, group, guide, hacker, healthcare, identity, infrastructure, iot, ISO-27001, jobs, kubernetes, malicious, malware, mfa, microsoft, mitigation, monitoring, network, nist, open-source, password, programming, ransomware, resilience, risk, risk-management, service, social-engineering, software, startup, strategy, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-dayCheck out what CISA found after it dissected malware from the latest SharePoint hacks. Plus, the U.K.’s cyber agency is overhauling its cyber framework to keep pace as threats escalate. In addition, Google is warning that cloud attacks are getting dangerously sophisticated. And get the latest on CISA’s new malware analysis platform and its report…
-
From fake CAPTCHAs to RATs: Inside 2025’s cyber deception threat trends
Cybercriminals are getting better at lying. That’s the takeaway from a new LevelBlue report, which outlines how attackers are using social engineering and legitimate tools to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/08/cyber-deception-threat-trends-2025/
-
Social-Engineering ist Haupteinfallstor in 2025
Die neue Social-Engineering-Edition des 2025-Global-Incident-Response-Report von Unit 42 zeigt: Social-Engineering ist 2025 das häufigste Einfallstor für Cyberangriffe. In mehr als einem Drittel der über 700 analysierten Fälle weltweit nutzten Angreifer Social-Engineering als Einstieg, also den gezielten Versuch, Menschen durch Täuschung zu bestimmten Handlungen zu verleiten und so Sicherheitskontrollen zu umgehen. Die zentralen Erkenntnisse auf einen…
-
Here’s how deepfake vishing attacks work, and why they can be hard to detect
Why AI-based voice cloning is the next frontier social-engineering attacks. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/08/heres-how-deepfake-vishing-attacks-work-and-why-they-can-be-hard-to-detect/
-
Here’s how deepfake vishing attacks work, and why they can be hard to detect
Why AI-based voice cloning is the next frontier social-engineering attacks. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/08/heres-how-deepfake-vishing-attacks-work-and-why-they-can-be-hard-to-detect/
-
ShinyHunters Target Chanel in Salesforce Linked Data Breach
ShinyHunters breached Chanel’s US client database via Salesforce-linked access, exposing limited customer details through social engineering tactics. First seen on hackread.com Jump to article: hackread.com/shinyhunters-target-chanel-salesforce-data-breach/
-
ShinyHunters Target Chanel in Salesforce Linked Data Breach
ShinyHunters breached Chanel’s US client database via Salesforce-linked access, exposing limited customer details through social engineering tactics. First seen on hackread.com Jump to article: hackread.com/shinyhunters-target-chanel-salesforce-data-breach/
-
6 ways hackers hide their tracks
Tags: access, ai, antivirus, api, attack, backdoor, breach, captcha, ceo, computer, control, credentials, crypto, cybersecurity, data, data-breach, defense, detection, email, endpoint, exploit, github, hacker, injection, intelligence, jobs, law, linux, LLM, login, malicious, malware, monitoring, network, open-source, openai, phishing, programming, RedTeam, resilience, reverse-engineering, risk, rust, service, social-engineering, software, supply-chain, threat, tool, virus, windowsBackdoors in legitimate software libraries: In April 2024, it was revealed that the XZ Utils library had been covertly backdoored as part of years-long supply-chain compromise effort. The widely used data compression library that ships as a part of major Linux distributions had malicious code inserted into it by a trusted maintainer.Over the last decade,…
-
Datenpanne bei Google: ShinyHunters hat zugeschlagen
Google-Leak aufgedeckt: ShinyHunters dringt mit Social Engineering und OAuth-Missbrauch in Salesforce-Daten für KMUs ein. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenpanne-bei-google-shinyhunters-hat-zugeschlagen-319227.html
-
Hackers Exploit Social Engineering to Gain Remote Access in Just 5 Minutes
Tags: access, attack, corporate, cyber, cybersecurity, exploit, group, hacker, incident response, social-engineering, threatCybersecurity experts are raising alarms over a sophisticated social engineering attack that allowed threat actors to compromise corporate systems in under five minutes, according to a recent incident response investigation by NCC Group’s Digital Forensics and Incident Response (DFIR) team. The attack began with threat actors impersonating legitimate IT support personnel, targeting approximately twenty employees…
-
Google’s Salesforce Environment Compromised User Information Exfiltrated
Google has confirmed that one of its corporate Salesforce instances was breached in June by sophisticated threat actors, resulting in the theft of contact information for small and medium businesses. The incident highlights the growing threat of voice phishing attacks targeting enterprise cloud environments and demonstrates how social engineering tactics continue to evolve in sophistication…
-
Social Engineering Attacks Surge in 2025, Becoming Top Cybersecurity Threat
Social engineering attacks made up 36% of intrusions from May 2024 to May 2025, surpassing malware and exploits as the top breach method. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-social-engineering-top-cyber-threat-2025/
-
Chollima APT Group Targets Job Seekers and Organizations with JavaScript-Based Malware
Tags: apt, cyber, espionage, group, jobs, malware, north-korea, programming, social-engineering, software, threatThe North Korean-linked Chollima advanced persistent threat (APT) group, also known as Famous Chollima, has been orchestrating a persistent cyber espionage campaign since at least December 2022, primarily targeting job seekers in the software development and IT sectors to infiltrate a wide array of United States-based organizations. This operation leverages intricate social engineering techniques, where…
-
Ransomware goes cloud native to target your backup infrastructure
Tags: access, api, authentication, backup, cloud, container, control, credentials, cybercrime, data, defense, exploit, google, group, identity, infrastructure, least-privilege, linkedin, linux, malicious, malware, mfa, north-korea, ransomware, social-engineering, strategy, threat, vulnerability, vulnerability-managementCredential compromise and misconfiguration woes: More sophisticated threat groups have developed social engineering techniques to the point where they reliably trick targets into helping them to bypass multi-factor authentication (MFA) controls before ransacking compromised cloud-hosted environments.For example, threat actors are using compromised OAuth tokens to bypass MFA and inject malicious code into developer ecosystems via…
-
Ransomware attacks: The evolving extortion threat to US financial institutions
Tags: access, ai, antivirus, attack, backup, banking, breach, business, cloud, communications, compliance, control, credentials, crime, crimes, cyber, cybercrime, cybersecurity, dark-web, data, ddos, defense, detection, edr, email, encryption, endpoint, extortion, finance, firewall, governance, group, identity, incident response, infrastructure, insurance, intelligence, international, korea, law, leak, least-privilege, lessons-learned, linkedin, linux, lockbit, login, malicious, mfa, monitoring, network, north-korea, organized, phishing, ransom, ransomware, resilience, risk, rust, service, soc, social-engineering, software, startup, strategy, supply-chain, tactics, theft, threat, tool, training, update, usa, vmware, vulnerability, warfare, windows, zero-trustBefore sunrise on a chilly November morning, I got the kind of call no security leader ever wants. A mid-sized U.S. bank had been hit overnight hard. Customers couldn’t access their accounts, ATMs were non-functional and every screen in the company’s environment glowed with the same ominous message: their systems were encrypted, and data had…