Tag: social-engineering
-
Hackers Leverage New ClickFix Tactic to Exploit Human Error with Deceptive Prompts
Tags: cyber, cybercrime, cybersecurity, defense, exploit, group, hacker, iran, malicious, russia, social-engineering, threatA sophisticated social engineering technique known as ClickFix baiting has gained traction among cybercriminals, ranging from individual hackers to state-sponsored Advanced Persistent Threat (APT) groups like Russia-linked APT28 and Iran-affiliated MuddyWater. This method targets human end users as the weakest link in cybersecurity defenses, tricking them into executing malicious commands through seemingly benign prompts. A…
-
ClickFix Attack Uses Fake Cloudflare Verification to Silently Deploy Malware
Tags: attack, captcha, cyber, exploit, malicious, malware, phishing, powershell, social-engineering, threatA newly identified social engineering attack dubbed >>ClickFix
-
ClickFix Attack Uses Fake Cloudflare Verification to Silently Deploy Malware
Tags: attack, captcha, cyber, exploit, malicious, malware, phishing, powershell, social-engineering, threatA newly identified social engineering attack dubbed >>ClickFix
-
Scattered Spider Hackers Target Tech Company Help-Desk Administrators
Tags: breach, corporate, cyber, cyberattack, exploit, group, hacker, hacking, social-engineering, technology, threat, vulnerabilityA newly identified wave of cyberattacks by the notorious Scattered Spider hacking group has zeroed in on help-desk administrators at major technology companies, leveraging advanced social engineering techniques to breach corporate defenses. Known for their adept use of psychological manipulation, these threat actors have demonstrated a chilling ability to exploit human vulnerabilities as effectively as…
-
Microsoft startet neues europäisches Sicherheitsprogramm
Tags: ai, china, crime, crimes, cyber, cyberattack, cybercrime, cyberespionage, cyersecurity, deep-fake, governance, government, guide, infrastructure, intelligence, iran, LLM, microsoft, north-korea, open-source, ransomware, resilience, service, social-engineering, supply-chain, threat, ukraine, update, usa, vulnerabilityMicrosoft will die Cybersicherheit in Europa stärken.Microsoft warnt davor, dass sich Ransomware-Gruppen und staatlich geförderte Akteure aus Russland, China, dem Iran und Nordkorea in Umfang und Raffinesse stetig weiterentwickeln. Europa dürfe daher nicht zögern, seine Verteidigungsmechanismen zu stärken. Der Tech-Konzern will deshalb mit einer neuen Initiative bestehende Schutzprogramme erweitern und gezielt auf europäische Bedürfnisse eingehen.Das…
-
#Infosec2025: Top Six Cyber Trends CISOs Need to Know
Experts at Infosecurity Europe 2025 highlighted a range of major industry trends, from advanced social engineering techniques to vulnerability exploits First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cyber-trends-cisos-know/
-
3AM-Ransomware: Sophos warnt vor neuer Angriffstaktik mit virtuellen Maschinen
Die Cyberkriminellen kombinieren klassische Social-Engineering-Tricks wie Vishing (Telefonbetrug) und E-Mail-Bombing mit einem technischen Kniff dem Einsatz einer versteckten virtuellen Maschine (VM), um sich unbemerkt im Netzwerk eines Unternehmens einzunisten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/3am-ransomware-sophos-warnt-vor-neuer-angriffstaktik-mit-virtuellen-maschinen/a41062/
-
Cybersecurity Needs Satellite Navigation, Not Paper Maps
Tags: access, ai, attack, automation, best-practice, breach, business, ceo, cloud, communications, computer, computing, cryptography, cyber, cyberattack, cybersecurity, data, data-breach, deep-fake, defense, encryption, endpoint, exploit, finance, firewall, framework, government, Hardware, healthcare, infrastructure, intelligence, Internet, leak, least-privilege, malicious, military, network, phishing, privacy, resilience, risk, saas, service, social-engineering, software, strategy, technology, threat, tool, vpn, vulnerability, zero-trust -
Hacker erbeuten Salesforce-Daten mit Vishing
Tags: access, authentication, cloud, cyberattack, data, google, group, hacker, infrastructure, intelligence, malware, mfa, phishing, ransomware, social-engineering, threat, vulnerabilitySalesforce-User in mehreren Branchen wurden Opfer einer gezielten Vishing-Attacke.Eine neue Welle von Cyberangriffen auf Salesforce-Kunden erfasst aktuell Unternehmen verschiedener Branchen, darunter Gastgewerbe, Einzelhandel und Bildungswesen. Die Google Threat Intelligence Group (GTIG) hat die Angreifer, die sich auf Voice-Phishing (Vishing) spezialisiert haben, als UNC6040 identifiziert. Berichten zufolge geben sich Vertreter der Gruppe am Telefon als IT-Support-Mitarbeitende…
-
Cyberkriminelle nutzen virtuelle Maschine als Tarnkappe
Sophos X-Ops hat eine Ransomware-Angriffswelle analysiert, bei der die Cybercrime-Gruppe ‘3AM” bewährte Social-Engineering-Methoden sowie die Nutzung legitimer Fernwartungstools mit einer technischen Neuerung kombiniert: Den Einsatz einer versteckten virtuellen Maschine, um verdeckt Zugriff auf das Unternehmensnetzwerk zu erlangen unter Umgehung klassischer Endpunktschutzlösungen. Im ersten Quartal 2025 betreute das Sophos-X-Ops-Team ein Unternehmen, das einen solchen Angriff […]…
-
Salesforce customers duped by series of social-engineering attacks
Google Threat Intelligence Group said about 20 organizations have been hit by a cybercrime group it tracks as UNC6040. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-unc6040-salesforce-attacks/
-
Exploiting Clickfix: AMOS macOS Stealer Evades Security to Deploy Malicious Code
A newly uncovered campaign involving an Atomic macOS Stealer (AMOS) variant has emerged, showcasing the evolving sophistication of multi-platform social engineering attacks. This campaign, discovered during routine attacker infrastructure analysis, leverages typo-squatted domains mimicking Spectrum, a prominent U.S.-based telecommunications provider offering cable television, internet, and managed services. By employing the Clickfix method, attackers deliver tailored…
-
SCATTERED SPIDER Hackers Target IT Support Teams Bypass Multi-Factor Authentication
Tags: authentication, cyber, cybercrime, finance, group, hacker, mfa, ransomware, social-engineering, threatA cybercriminal group known as SCATTERED SPIDER has emerged as a formidable threat, targeting sectors like hospitality, telecommunications, finance, and retail with unprecedented sophistication. This group, active since at least 2022, differentiates itself from traditional ransomware actors by blending advanced social engineering with technical expertise. Their modus operandi heavily relies on manipulating IT support teams…
-
Hackers use Vishing to breach Salesforce customers and swipe data
Tags: access, attack, authentication, best-practice, breach, cloud, data, extortion, group, hacker, least-privilege, malware, mfa, microsoft, monitoring, network, okta, service, social-engineering, tactics, threat, toolLateral movement for further extortion: After breaching Salesforce, the group moves laterally across cloud services, targeting tools like Okta, Microsoft 365, and Workplace to widen the scope of the breach.Researchers point out that, in some cases, extortion attempts have surfaced months after the initial intrusion, with the threat actors even claiming ties to the infamous…
-
Hackers target Salesforce accounts in data extortion attacks
Google has observed hackers claiming to be the ShinyHunters extortion group conducting social engineering attacks against multi-national companies to steal data from organizations’ Salesforce platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/
-
AI gives superpowers to BEC attackers
Tags: ai, attack, authentication, automation, business, ceo, cloud, communications, corporate, credentials, crypto, data, deep-fake, defense, dmarc, email, exploit, finance, framework, fraud, gartner, google, group, identity, india, jobs, LLM, mail, malicious, malware, microsoft, mitigation, office, phishing, phone, scam, service, skills, social-engineering, spam, spear-phishing, strategy, technology, theft, threat, tool, trainingThe role of AI in business email compromise: Unlike traditional spam or phishing emails, which are designed to be as generic as possible, BEC fraud is highly targeted. Attackers must do a great deal of research about their targets to craft their messages and time their attacks for when their victim would be most susceptible,…
-
‘In der Security geht es vor allem um Resilienz”
Tags: ai, awareness, backup, business, cio, ciso, cyber, cyberattack, cyersecurity, deep-fake, governance, group, ransomware, resilience, social-engineering, strategy, tool, training, vulnerabilityTimo Wandhöfer verantwortet als Group CISO beim Metallverarbeiter Klöckner & Co den Bereich Informationssicherheit und Business Continuity Management (BCM). Klöckner & Co SERansomware-Attacken zählen nach wie vor zu den größten Cyberbedrohungen in der Industrie. Wie schützen Sie Ihr Unternehmen vor solchen Angriffen? Und worauf kommt es dabei besonders an?Wandhöfer: Ja, das ist richtig. Auch bei…
-
Getting the Most Value Out of the OSCP: After the Exam
Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windowsIn the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
-
Threat Actors Leverage ClickFix Technique to Deploy EddieStealer Malware
Cybersecurity researchers have identified a sophisticated malware campaign utilizing deceptive CAPTCHA interfaces to distribute EddieStealer, a Rust-based information stealing malware that targets sensitive user data across multiple platforms. The attack employs the ClickFix technique, tricking victims into executing malicious commands through fake verification prompts, representing a significant evolution in social engineering tactics used by cybercriminals.…
-
6 hard truths security pros must learn to live with
Tags: ai, attack, breach, business, ciso, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, defense, detection, finance, fraud, gartner, hacker, ibm, insurance, jobs, network, phishing, resilience, risk, risk-management, skills, social-engineering, tactics, technology, threat, training, vulnerabilityNo matter how good you are, your organization will be victimized: This is a hard one to swallow, but if we take the “five stages of grief” approach to cybersecurity, it’s better to reach the “acceptance” level than to remain in denial because much of what happens is simply out of your control.A global survey…
-
Defend Your Business: Mastering Cybersecurity Awareness Against Teams Phishing & Social Engineering
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/defend-your-business-mastering-cybersecurity-awareness-against-teams-phishing-social-engineering/
-
New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data
Tags: browser, captcha, chrome, data, encryption, malicious, malware, powershell, rust, social-engineeringA new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.”This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as First seen on thehackernews.com…
-
Passwortlose Authentifizierung wird für CISOs immer wichtiger
Tags: ai, authentication, business, ciso, credentials, cyber, cyberattack, deep-fake, gartner, mfa, microsoft, password, phishing, risk, risk-management, social-engineeringSelbst MFA ist vor raffinierten, KI-gesteuerten Phishing-Angriffen nicht sicher. Biometrische Verfahren gelten als vielversprechende Alternative.Die rasante Entwicklung von KI-Agenten eröffnet Cyberkriminellen neue Angriffsmöglichkeiten, die insbesondere für Chief Information Security Officers (CISOs) eine erhebliche Herausforderung darstellen. Automatisierte Angriffe, die von KI gesteuert werden, können herkömmliche Sicherheitsmaßnahmen wie Passwörter und Multi-Faktor-Authentifizierung (MFA) zunehmend unterlaufen. Trotz weit verbreiteter…
-
New Rust-Based InfoStealer Uses Fake CAPTCHA to Deliver EDDIESTEALER
A newly discovered Rust-based infostealer, dubbed EDDIESTEALER, has been uncovered by Elastic Security Labs, spreading through a sophisticated social engineering tactic involving fake CAPTCHA verification pages. Mimicking legitimate CAPTCHA systems like Google’s reCAPTCHA, these malicious prompts deceive users into executing harmful PowerShell scripts, ultimately deploying the infostealer on Windows systems to harvest sensitive data such…
-
New Spear-Phishing Campaign Targets Financial Executives with NetBird Malware
Tags: banking, cyber, email, finance, insurance, malware, middle-east, phishing, social-engineering, spear-phishingTrellix’s email security systems detected a highly targeted spear-phishing campaign aimed at CFOs and finance executives across industries like banking, energy, insurance, and investment firms in regions spanning Europe, Africa, Canada, the Middle East, and South Asia. This meticulously crafted operation, uncovered by Trellix’s Advanced Research Center, leverages social engineering to impersonate a Rothschild &…
-
6 rising malware trends every security pro should know
Tags: adobe, ai, antivirus, apple, attack, awareness, backdoor, business, captcha, cloud, corporate, cybercrime, data, defense, detection, encryption, endpoint, exploit, extortion, framework, group, hacking, incident response, infrastructure, intelligence, Internet, law, leak, macOS, malicious, malware, network, password, phishing, powershell, programming, pypi, ransom, ransomware, service, social-engineering, software, supply-chain, tactics, theft, threat, tool, update, vulnerability, wormMalicious packages targeting developer environments: Threat actors are systematically compromising the software supply chain by embedding malicious code within legitimate development tools, libraries, and frameworks that organizations use to build applications.”These supply chain attacks exploit the trust between developers and package repositories,” Immersive’s McCarthy tells CSO. “Malicious packages often mimic legitimate ones while running harmful…
-
Infostealer Attackers Deploy AI-Generated Videos on TikTok
Social Engineering Attacks Trick Victims Running Malware-Installation Scripts. Attackers are tapping TikTok to distribute videos, apparently generated using artificial intelligence tools, to trick victims into running scripts that install information-stealing malware, researchers warn. The campaign is the latest in a long line of schemes designed to distribute infostealers. First seen on govinfosecurity.com Jump to article:…
-
7 Cybersicherheitstipps für Reisende
Die weltweit renommierte Cybersicherheitsplattform KnowBe4, die sich umfassend mit Human-Risk-Management befasst, hat wichtige Tipps für die Reisesicherheit veröffentlicht. Diese sind speziell auf Cybersicherheitsbedrohungen für Reisende in diesem Sommer zugeschnitten. Während sich Reisende auf ihren Sommerurlaub vorbereiten, suchen Cyberkriminelle nach Möglichkeiten, Sicherheitslücken in Reiseplänen auszunutzen. Die Zunahme von Social-Engineering-Betrug, Schwachstellen in öffentlichen WLAN-Netzen sowie neuen Bedrohungen…
-
Die wertvollsten Security-Zertifizierungen
Tags: access, ai, blockchain, china, cisa, cisco, cloud, compliance, control, cyberattack, cybersecurity, data, DSGVO, endpoint, framework, germany, governance, hacker, hacking, identity, incident response, injection, international, jobs, kali, linux, monitoring, network, password, penetration-testing, privacy, resilience, risk, risk-management, sans, security-incident, service, siem, skills, social-engineering, sql, threat, usa, vulnerability, windowsZertifizierte IT-Sicherheitsprofis sind (unter anderem) gefragter und verdienen besser.(Cybersecurity-)Zertifizierungen können eine aktienähnliche Volatilität entfalten: Ihre Popularität kann steigen oder auch fallen und sie können an Relevanz verlieren, wenn sie nicht mit den aktuellen Branchenentwicklungen Schritt halten. Allerdings sind davon nicht alle Zertifizierungen gleichermaßen betroffen: Sogenannte “Blue Chips” haben sich über den Lauf der Zeit bewährt…
-
Wer landet im Netz der Cyber-Spinne?
Tags: awareness, backup, ciso, cyber, cyberattack, edr, google, hacker, infrastructure, intelligence, login, malware, mfa, phishing, ransomware, service, social-engineering, tool, usa, vpnNachdem die Hackergruppe Scattered Spider unter britischen Einzelhändlern gewütet hat, verstärkt sie ihre Kooperation mit RaaS und weitet ihr Jagdgebiet aus.Der britische Einzelhändler Marks & Spencer wurde Ende April durch eine Cyberattacke erheblich in seinem Geschäftsbetrieb gestört. Voraussichtlicher Schaden: über 400 Millionen Dollar. Kurz darauf ereigneten sich ähnliche Angriffe auf die Einzelhändler Harrods und Co-op.Alle…