Tag: social-engineering
-
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign
The U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over the past two years.The campaign leverages “information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive…
-
How CISOs can defend against Scattered Spider ransomware attacks
Tags: access, antivirus, attack, backup, ciso, control, credentials, data, defense, detection, edr, exploit, google, group, guide, hacker, hacking, identity, infrastructure, Internet, Intruder, law, mandiant, mfa, network, password, phishing, phone, ransom, ransomware, social-engineering, tactics, threat, tool, vmware, vpn, zero-daySignificant shift to social engineering: Over the past two years, many Scattered Spider members have been arrested and even convicted, including one key member known as “King Bob,” who was arrested in early 2024 and later pleaded guilty to the charges against him. Six other significant Scattered Spider members were arrested in late 2024.Due to…
-
How Google Meet Pages Are Exploited to Deliver PowerShell Malware
Tags: attack, cyber, cyberattack, email, exploit, google, macOS, malicious, malware, phishing, powershell, social-engineering, tactics, windowsA new wave of cyberattacks exploits user trust in Google Meet by deploying meticulously crafted fake meeting pages that trick victims into running malicious PowerShell commands. This campaign, dubbed ClickFix, leverages advanced social engineering tactics, bypassing traditional security measures and targeting Windows and macOS systems. The attack begins with phishing emails containing links that closely…
-
Diese Social-Engineering-Trends sollten Sie kennen
Tags: access, ai, authentication, ceo, computer, cyberattack, cyersecurity, hacker, mail, mfa, microsoft, psychology, social-engineering, tool, vulnerability, windowsBeim Social Engineering nutzen Cyberkriminelle menschliches Verhalten für ihre Zwecke aus. Dabei lassen sich folgende Trends beobachten. Anstatt auf fortschrittliche Tools oder komplexe Skripte zu setzen, dringen erfahrene Angreifer in Systeme ein und stehlen Daten mit Hilfe der effektivsten aller Waffen: Social Engineering befindet sich an der Schnittstelle zwischen Cybersicherheit und Psychologie und nutzt menschliches…
-
Sieben gängige Wege, ein Smartphone zu hacken
Angriffsvektoren gibt es etliche, doch wenn der Mensch aufpasst, lassen sich viele neutralisieren.Mobiltelefone gelten gemeinhin zwar als sicherer als PCs, sind aber dennoch anfällig für Angriffe insbesondere durch Social Engineering und andere Hacking-Methoden. Die sieben am weitesten verbreiteten Wege, ein Smartphone zu hacken, sind dabei:Zero-Click-SpywareSocial EngineeringMalvertisingSmishingGefälschte AppsPretextingPhysischer Zugriff Die gefährlichsten und raffiniertesten Angriffe auf Smartphones…
-
Silent Ransom Group targeting law firms, the FBI warns
FBI warns Silent Ransom Group has targeted U.S. law firms for 2 years using callback phishing and social engineering extortion tactics. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S. law firms using phishing and social engineering. Linked to BazarCall campaigns, the group previously…
-
Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique
The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector.”The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk,” Expel said in a report shared with The Hacker News. “This removes many…
-
FBI warns of Luna Moth extortion attacks targeting law firms
The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-warns-of-luna-moth-extortion-attacks-targeting-law-firms/
-
KI gegen KI Praktische und ethische Überlegungen
Künstliche Intelligenz (KI) entwickelt sich ständig weiter, und die Cybersicherheitslandschaft für Verteidiger und Angreifer setzt das Katz-und-Maus-Spiel zwischen ihnen fort. Unternehmen nutzen KI, um Anomalien zu erkennen, Sicherheitsreaktionen zu automatisieren und Bedrohungsdaten in Echtzeit zu analysieren. Cyberkriminelle hingegen nutzen KI, um ihre Taktiken zu verfeinern, Phishing-E-Mails überzeugender zu gestalten, Social-Engineering zu automatisieren und sogar Malware…
-
Vidar and StealC Malware Delivered Through Viral TikTok Videos by Hackers
A sophisticated social engineering campaign that leverages the viral power of TikTok to distribute dangerous information-stealing malware, specifically Vidar and StealC. This alarming trend marks a shift in cybercriminal tactics, moving away from traditional methods like fake CAPTCHA pages to exploiting the vast user base and algorithmic reach of social media platforms. Unlike previous attacks…
-
AI-Generated TikTok Videos Used to Distribute Infostealer Malware
Malware campaign exploiting TikTok’s popularity has been observed using social engineering to spread Vidar and StealC First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-tiktok-videos-infostealer/
-
Hackers Targets Coinbase Users Targeted in Advanced Social Engineering Hack
Coinbase users have become the prime targets of an intricate social engineering campaign since early 2025. Reports from on-chain investigator Zach reveal that over $300 million is stolen annually through these meticulously coordinated attacks, with a staggering $45 million lost in just one week in May. Unlike traditional hacks exploiting technical vulnerabilities, these scams manipulate…
-
Service desks are under attack: What can you do about it?
Service desks are on the front lines of defense”, and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/service-desks-are-under-attack-what-can-you-do-about-it/
-
The Coinbase Data Breach: A Breakdown of What Went Wrong
How did a $400 million data breach happen at Coinbase? It wasn’t a tech failure”, it was a human one. Learn how social engineering exploited trust and what it means for cybersecurity. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/the-coinbase-data-breach-a-breakdown-of-what-went-wrong/
-
Shields up US retailers. Scattered Spider threat actors can target them
Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting U.S. companies, shifting their focus across the Atlantic. The financially motivated group UNC3944 (also known as Scattered Spider, 0ktapus) is known for social engineering and extortion. The cybercrime group is suspected of hacking into hundreds of organizations over the past two years,…
-
Coinbase Hacked and Turns the Tables on the Cybercriminals!
Tags: attack, ceo, ciso, cyber, cybercrime, cybersecurity, data, data-breach, defense, extortion, finance, ransom, ransomware, risk, social-engineering, technology, threat, toolThis is how you handle cybercrime digital extortion! Coinbase was compromised by trusted 3rd party partners, which exposed customer data”Š”, “Šbut customer keys to their assets were still safe. The cyber criminals then attempted to extort $20 million from Coinbase, to keep the attack secret. Coinbase’s answer: NO! Instead, they are creating a $20 million…
-
Feds charge 12 more suspects in RICO case over crypto crime spree
Some of the suspects allegedly “cold-called victims and used social engineering to convince them their accounts were the subject of cyberattacks and the enterprise callers were attempting to help secure their accounts,” according to the DOJ. First seen on therecord.media Jump to article: therecord.media/feds-charge-12-suspects-in-rico-crypto-heist
-
Feds charge 12 more suspects in RICO case over crypto crime spree
Some of the suspects allegedly “cold-called victims and used social engineering to convince them their accounts were the subject of cyberattacks and the enterprise callers were attempting to help secure their accounts,” according to the DOJ. First seen on therecord.media Jump to article: therecord.media/feds-charge-12-suspects-in-rico-crypto-heist
-
Researchers warn threat actors in UK retail attacks are targeting US sector
Google Threat Intelligence researchers say the hackers behind intrusions at multiple British retailers are launching similar social engineering attacks against American companies.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-actors-uk-retail-attacks-targeting-us/748198/
-
Coinbase suffers data breach, gets extorted (but won’t pay)
Cryptocurrency exchange platform Coinbase has suffered a breach, which resulted in attackers acquiring customers’ data that can help them mount social engineering … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/15/coinbase-suffers-data-breach-gets-extorted/
-
Sicherheitsbewusstsein sollte angesichts zunehmender Cyberbedrohungen in Europa geschärft werden
Die weltweit renommierte Cybersicherheitsplattform KnowBe4, die sich umfassend mit Human-Risk-Management befasst, hat heute ihren ‘Phishing by Industry Benchmarking Report 2025″ veröffentlicht. Der Bericht misst den ‘Phish-Prone-Percentage” (PPP) einer Organisation, also den Prozentsatz der Mitarbeiter, die wahrscheinlich auf Social-Engineering- oder Phishing-Angriffe hereinfallen, und gibt damit Aufschluss über deren allgemeine Anfälligkeit für Phishing-Bedrohungen. Der diesjährige Bericht ergab…
-
Swan Vector APT Targets Organizations with Malicious LNK and DLL Implants
A newly identified advanced persistent threat (APT) campaign, dubbed >>Swan Vector
-
Deepfake Defense in the Age of AI
The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale. Let’s review the status of these rising attacks, what’s fueling them, and how to actually prevent, not detect, them. The Most Powerful Person…
-
Detecting Remote Monitoring and Management Tools Used by Attackers
Tags: access, browser, chrome, cloud, control, credentials, data, detection, endpoint, exploit, identity, intelligence, ivanti, microsoft, monitoring, network, open-source, risk, saas, service, social-engineering, software, strategy, theft, threat, tool, unauthorized, update, vulnerability, vulnerability-management, windowsFollowing up on last year’s LOLDriver plugin, Tenable Research is releasing detection plugins for the top Remote Monitoring and Management (RMM) tools that attackers have been more frequently leveraging in victim environments. Background In August 2024, Tenable Research released a detection plugin for Nessus, Tenable Security Center and Tenable Vulnerability Management to help customers identify…
-
Scattered Spider Malware Targets Klaviyo, HubSpot, and Pure Storage Platforms
Silent Push researchers have identified that the notorious hacker collective Scattered Spider, also known as UNC3944 or Octo Tempest, continues to actively target prominent services in 2025, including Klaviyo, HubSpot, and Pure Storage. This group, active since at least 2022, has built a reputation for executing sophisticated social engineering attacks to harvest usernames, login credentials,…
-
Threat Actors Leverage Multimedia Systems in Stealthy Vishing Attacks
Threat actors have begun exploiting multimedia systems as a pivotal component of their voice phishing (vishing) attacks. Unlike traditional vishing schemes that rely solely on spoofed phone numbers and social engineering tactics, these advanced operations integrate compromised multimedia platforms, such as VoIP (Voice over Internet Protocol) systems and streaming services, to orchestrate highly convincing and…
-
The many variants of the ClickFix social engineering tactic
As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/08/clickfix-social-engineering-tactic-variants/
-
Protect Yourself From Cyber’s Costliest Threat: Social Engineering
Today, it is safe to say that social engineering has become the most dangerous and costly form of cybercrime that businesses face. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/protect-yourself-from-cybers-costliest-threat-social-engineering/
-
Phishing-Resistant MFA: Why FIDO is Essential
Tags: access, ai, attack, authentication, breach, business, cloud, compliance, credentials, cryptography, cybersecurity, data, data-breach, defense, dora, encryption, exploit, fido, framework, GDPR, Hardware, iam, identity, ISO-27001, malicious, mfa, mobile, network, nist, passkey, password, phishing, phone, ransomware, regulation, risk, service, social-engineering, software, strategy, tactics, technology, theft, threat, tool, unauthorizedPhishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 – 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error. Traditional Multi-Factor Authentication (MFA), while a step up from password-only security, is no longer enough to fight modern phishing schemes. Today’s…