Tag: social-engineering
-
Social engineering and Signal chats led to new Russian malware attacks, Ukraine says
Tags: attack, blizzard, cybersecurity, government, group, malware, russia, social-engineering, ukraineUkraine’s cybersecurity agency said the Russian group tracked as APT28, Fancy Bear or Forest Blizzard was responsible for targeting new malware strains at government officials. First seen on therecord.media Jump to article: therecord.media/ukraine-new-russian-malware-social-engineering-signal-chats
-
North Korean Hackers Use Malicious Zoom Apps to Execute System-Takeover Attacks
Tags: attack, cyber, cybersecurity, hacker, malicious, north-korea, scam, social-engineering, threatCybersecurity researchers and targeted individuals have reported a highly sophisticated scam orchestrated by suspected North Korean hackers. This attack, disguised as a legitimate Zoom meeting, leverages advanced social engineering techniques to trick professionals into compromising their systems. The campaign, which surfaced recently, highlights the growing audacity and technical prowess of state-sponsored threat actors aiming to…
-
OpenAI Used Globally for Attacks FireTail Blog
Jun 23, 2025 – – In 2025, virtually no one is a stranger to OpenAI’s ChatGPT. It is one of the most popular AI applications on the Internet, and almost everyone is using it from your boss, to your neighbor, to the passive-aggressive friend sending you oddly phrased text messages.But since it is relatively new,…
-
BlueNoroff Hackers Exploit Zoom App to Deploy Infostealer Malware in Targeted Attacks
The Field Effect Analysis team has uncovered a targeted social engineering campaign orchestrated by the North Korean state-sponsored threat actor BlueNoroff, a financially motivated subgroup of the notorious Lazarus Group. A Canadian online gambling provider fell victim to a meticulously crafted attack involving impersonation of a trusted contact and the Zoom platform. Sophisticated Social Engineering…
-
71% of new hires click on phishing emails within 3 months
New hires are more likely to fall for phishing attacks and social engineering than longer-term employees, especially in their first 90 days, according to Keepnet. Why new … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/23/new-hire-phishing-risk/
-
Russian hackers bypass Gmail MFA using stolen app passwords
Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-bypass-gmail-mfa-using-stolen-app-passwords/
-
Aflac Discloses Cybersecurity Incident, Customer Data Potentially Exposed Amid Industry-Wide Attacks
Aflac confirms a cyberattack exposed sensitive customer data, citing social engineering tactics amid a wave of breaches targeting US insurers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/aflac-cyber-security-incident-2025/
-
Mocha Manakin Uses PasteRun Technique to Deceive Users into Downloading Malware
A malicious campaign tracked as Mocha Manakin has been identified employing the deceptive >>paste-and-run
-
Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds
Tags: access, advisory, ai, api, apple, attack, authentication, best-practice, business, cisa, cisco, cloud, conference, container, control, credentials, cve, cyber, cybersecurity, data, data-breach, detection, email, encryption, endpoint, exploit, google, governance, government, group, guide, hacker, Hardware, identity, infrastructure, intelligence, Internet, kubernetes, linux, macOS, microsoft, mitigation, mobile, monitoring, network, oracle, password, phishing, ransomware, risk, russia, service, social-engineering, software, sql, strategy, tactics, technology, threat, tool, update, vmware, vulnerability, windowsCheck out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent academics’ Gmail accounts. And get the latest on AI system security, just-in-time access, CIS Benchmarks and more! Dive into six things that are top…
-
Aflac duped by social-engineering attack, marking another hit on insurance industry
Three insurance companies have publicly disclosed cyberattacks in the past week. Scattered Spider, an amorphous band of cybercriminals, has been actively targeting the sector. First seen on cyberscoop.com Jump to article: cyberscoop.com/aflac-cyberattack-insurance-sector-scattered-spider/
-
Hackers Use Social Engineering to Target Expert on Russian Operations
Citizen Lab and Google uncovered a new, sophisticated cyberattack linked to Russian state actors that exploits App-Specific Passwords, bypassing Multi-Factor Authentication. Discover how to protect yourself from these evolving threats. First seen on hackread.com Jump to article: hackread.com/hackers-use-social-engineering-expert-russian-operations/
-
Chain IQ data theft highlights need to oversee third party suppliers
Tags: access, attack, awareness, breach, ceo, ciso, corporate, data, data-breach, detection, extortion, finance, governance, group, intelligence, international, jobs, law, monitoring, phishing, ransomware, risk, risk-management, service, social-engineering, supply-chain, tactics, theft, threatCSO attempted to contact Chain IQ and UBS for comment, but was unable to reach a spokesperson for either by publication time. What should be of note to CSOs is that this is another example of an attack on a third party supplier that impacts its customers.”Chain IQ’s breach serves as yet another reminder that…
-
Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims’ emails.Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the Citizen…
-
Scattered Spider Aims at US Insurers After UK Retail Hit, Google Warns
Scattered Spider targets US insurance firms after UK retail attacks, using social engineering to breach help desks and disrupt services, Google warns. First seen on hackread.com Jump to article: hackread.com/scattered-spider-us-insurers-uk-retail-hit-google/
-
What Is Social Engineering? A Guide for K12 School Leaders
Understanding the Human Side of Cyberattacks”, and Why Schools Need Stronger Protection Cybersecurity in schools isn’t just about firewalls and software anymore. One of the most effective”, and dangerous”, threats school districts face today doesn’t start with malware. It starts with a carefully timed and crafted message. It’s called social engineering, and it’s now one…
-
News alert: Arsen launches AI-powered vishing simulation to help combat voice phishing at scale
Paris, Jun. 3, 2025, CyberNewswireArsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one of the fastest-growing… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/news-alert-arsen-launches-ai-powered-vishing-simulation-to-help-combat-voice-phishing-at-scale/
-
Cybersecurity Snapshot: NIST Offers Zero Trust Implementation Advice, While OpenAI Shares ChatGPT Misuse Incidents
Tags: access, ai, attack, best-practice, breach, chatgpt, china, cloud, computer, computing, control, credentials, crime, cyber, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, encryption, endpoint, exploit, finance, fraud, government, guide, Hardware, identity, infrastructure, intelligence, Internet, iot, korea, law, least-privilege, linkedin, malicious, malware, military, ml, mobile, monitoring, network, nist, north-korea, openai, phishing, phone, programming, ransomware, risk, russia, scam, service, social-engineering, software, supply-chain, technology, theft, threat, tool, update, vulnerability, zero-trustCheck out NIST best practices for adopting a zero trust architecture. Plus, learn how OpenAI disrupted various attempts to abuse ChatGPT. In addition, find out what Tenable webinar attendees said about their exposure management experiences. And get the latest on cyber crime trends, a new cybersecurity executive order and more! Dive into six things that…
-
Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale
Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one of the fastest-growing attack vectors: voice phishing (vishing). This new module usesAI-generated voices and adaptive dialogue systemsto simulate live phone-based social engineering attacks, such as […]…
-
Neue Taktik der 3AMGruppe: Virtuelle Maschine als Tarnkappe
Sophos X-Ops hat eine Ransomware-Angriffswelle analysiert, bei der die Cybercrime-Gruppe ‘3AM” bewährte Social-Engineering-Methoden sowie die Nutzung legitimer Fernwartungstools mit einer technischen Neuerung kombiniert: Den Einsatz einer versteckten virtuellen Maschine, um verdeckt Zugriff auf das Unternehmensnetzwerk zu erlangen unter Umgehung klassischer Endpunktschutzlösungen. Im ersten Quartal 2025 betreute das Sophos X-Ops-Team ein Unternehmen, das einen solchen Angriff First…
-
KnowBe4 warnt vor neuer Welle des Credential Harvesting
Die Angreifer setzen auf täuschend echt gestaltete E-Mails und manipulierte Webseiten, um an vertrauliche Zugangsdaten zu gelangen. Hinter den Angriffen steckt ausgeklügeltes Social Engineering also der Versuch, Menschen psychologisch zu beeinflussen und zu überlisten, um an sensible Informationen zu kommen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/knowbe4-warnt-vor-neuer-welle-des-credential-harvesting/a41125/
-
Virtuelle Tarnkappe: Ransomware unter dem Radar
Eine virtuelle Maschine als Einfallstor, Social Engineering am Telefon und legitime Fernwartungstools: Die Cybercrime-Gruppe 3AM hat ihre Methoden weiterentwickelt. In der neuen Angriffswelle trifft technische Raffinesse auf psychologische Manipulation mit erschreckendem Erfolg. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/virtuelle-tarnkappe-ransomware-unter-dem-radar/
-
Why Threat Agents Must be Included in Cybersecurity Risk Assessments
Tags: access, attack, business, compliance, control, cyber, cybercrime, cybersecurity, data, defense, detection, espionage, finance, group, incident, intelligence, risk, risk-assessment, risk-management, social-engineering, strategy, tactics, theft, threat, tool, update, vulnerabilityIn the ever-evolving landscape of cybersecurity, organizations face a constant struggle: how to best allocate limited resources to maximize their defensive posture. No one has enough budget, personnel, or tools to defend against every conceivable threat. When effort is misapplied to low-risk areas, higher-risk areas are left exposed. This inefficiency can prove disastrous. Risk management…
-
Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053)
Tags: access, advisory, apt, attack, authentication, best-practice, business, control, cve, espionage, exploit, group, malicious, microsoft, office, rce, remote-code-execution, service, social-engineering, update, vulnerability, windows, zero-day9Critical 56Important 0Moderate 0Low Microsoft addresses 65 CVEs, including two zero-day vulnerabilities, with one being exploited in the wild. Microsoft addresses 65 CVEs in its June 2025 Patch Tuesday release, with nine rated critical, and 56 rated as important. Our counts omitted one vulnerability reported by CERT CC. This month’s update includes patches for: .NET…
-
FIN6 hackers pose as job seekers to backdoor recruiters’ devices
In a twist on typical hiring-related social engineering attacks, the FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fin6-hackers-pose-as-job-seekers-to-backdoor-recruiters-devices/
-
Why Traditional Email Filters Aren’t Enough to Stop Phishing in K12
How to stop phishing in K-12 using artificial intelligence Phishing is one of the most common”, and most damaging”, cybersecurity threats facing K12 schools today. And yet, many districts still rely on basic, built-in email filters as their primary line of defense. These tools simply aren’t built to handle the sophisticated, social engineering threats schools…
-
OpenAI Bans ChatGPT Accounts Linked to Nation-State Threat Actors
The AI company’s investigative team found that many accounts were using the program to engage in malicious activity around the world, such as employment schemes, social engineering, and cyber espionage. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/openai-bans-chatgpt-accounts-nation-state-threat-actors
-
Scattered Spider targeting MSPs, IT vendors in social engineering campaigns
The same group is believed to be behind a wave of attacks against retailers in the UK, the US and elsewhere. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/scattered-spider-msps-it-vendors-social-engineering/750172/
-
HelloTDS Malware Spread via FakeCaptcha Infrastructure Infects Millions of Devices
In a Gen Threat Labs, a complex Traffic Direction System (TDS) dubbed >>HelloTDS
-
Report on the Malicious Uses of AI
OpenAI just published its annual report on malicious uses of AI. By using AI as a force multiplier for our expert investigative teams, in the three months since our last report we’ve been able to detect, disrupt and expose abusive activity including social engineering, cyber espionage, deceptive employment schemes, covert influence operations and scams. These…
-
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users
Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems.The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum.”macOS users are served a…