Tag: social-engineering
-
SCATTERED SPIDER Hackers Target IT Support Teams Bypass Multi-Factor Authentication
Tags: authentication, cyber, cybercrime, finance, group, hacker, mfa, ransomware, social-engineering, threatA cybercriminal group known as SCATTERED SPIDER has emerged as a formidable threat, targeting sectors like hospitality, telecommunications, finance, and retail with unprecedented sophistication. This group, active since at least 2022, differentiates itself from traditional ransomware actors by blending advanced social engineering with technical expertise. Their modus operandi heavily relies on manipulating IT support teams…
-
Hackers use Vishing to breach Salesforce customers and swipe data
Tags: access, attack, authentication, best-practice, breach, cloud, data, extortion, group, hacker, least-privilege, malware, mfa, microsoft, monitoring, network, okta, service, social-engineering, tactics, threat, toolLateral movement for further extortion: After breaching Salesforce, the group moves laterally across cloud services, targeting tools like Okta, Microsoft 365, and Workplace to widen the scope of the breach.Researchers point out that, in some cases, extortion attempts have surfaced months after the initial intrusion, with the threat actors even claiming ties to the infamous…
-
Hackers target Salesforce accounts in data extortion attacks
Google has observed hackers claiming to be the ShinyHunters extortion group conducting social engineering attacks against multi-national companies to steal data from organizations’ Salesforce platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/
-
AI gives superpowers to BEC attackers
Tags: ai, attack, authentication, automation, business, ceo, cloud, communications, corporate, credentials, crypto, data, deep-fake, defense, dmarc, email, exploit, finance, framework, fraud, gartner, google, group, identity, india, jobs, LLM, mail, malicious, malware, microsoft, mitigation, office, phishing, phone, scam, service, skills, social-engineering, spam, spear-phishing, strategy, technology, theft, threat, tool, trainingThe role of AI in business email compromise: Unlike traditional spam or phishing emails, which are designed to be as generic as possible, BEC fraud is highly targeted. Attackers must do a great deal of research about their targets to craft their messages and time their attacks for when their victim would be most susceptible,…
-
‘In der Security geht es vor allem um Resilienz”
Tags: ai, awareness, backup, business, cio, ciso, cyber, cyberattack, cyersecurity, deep-fake, governance, group, ransomware, resilience, social-engineering, strategy, tool, training, vulnerabilityTimo Wandhöfer verantwortet als Group CISO beim Metallverarbeiter Klöckner & Co den Bereich Informationssicherheit und Business Continuity Management (BCM). Klöckner & Co SERansomware-Attacken zählen nach wie vor zu den größten Cyberbedrohungen in der Industrie. Wie schützen Sie Ihr Unternehmen vor solchen Angriffen? Und worauf kommt es dabei besonders an?Wandhöfer: Ja, das ist richtig. Auch bei…
-
Getting the Most Value Out of the OSCP: After the Exam
Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windowsIn the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
-
Threat Actors Leverage ClickFix Technique to Deploy EddieStealer Malware
Cybersecurity researchers have identified a sophisticated malware campaign utilizing deceptive CAPTCHA interfaces to distribute EddieStealer, a Rust-based information stealing malware that targets sensitive user data across multiple platforms. The attack employs the ClickFix technique, tricking victims into executing malicious commands through fake verification prompts, representing a significant evolution in social engineering tactics used by cybercriminals.…
-
6 hard truths security pros must learn to live with
Tags: ai, attack, breach, business, ciso, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, defense, detection, finance, fraud, gartner, hacker, ibm, insurance, jobs, network, phishing, resilience, risk, risk-management, skills, social-engineering, tactics, technology, threat, training, vulnerabilityNo matter how good you are, your organization will be victimized: This is a hard one to swallow, but if we take the “five stages of grief” approach to cybersecurity, it’s better to reach the “acceptance” level than to remain in denial because much of what happens is simply out of your control.A global survey…
-
Defend Your Business: Mastering Cybersecurity Awareness Against Teams Phishing & Social Engineering
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/defend-your-business-mastering-cybersecurity-awareness-against-teams-phishing-social-engineering/
-
New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data
Tags: browser, captcha, chrome, data, encryption, malicious, malware, powershell, rust, social-engineeringA new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.”This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as First seen on thehackernews.com…
-
Passwortlose Authentifizierung wird für CISOs immer wichtiger
Tags: ai, authentication, business, ciso, credentials, cyber, cyberattack, deep-fake, gartner, mfa, microsoft, password, phishing, risk, risk-management, social-engineeringSelbst MFA ist vor raffinierten, KI-gesteuerten Phishing-Angriffen nicht sicher. Biometrische Verfahren gelten als vielversprechende Alternative.Die rasante Entwicklung von KI-Agenten eröffnet Cyberkriminellen neue Angriffsmöglichkeiten, die insbesondere für Chief Information Security Officers (CISOs) eine erhebliche Herausforderung darstellen. Automatisierte Angriffe, die von KI gesteuert werden, können herkömmliche Sicherheitsmaßnahmen wie Passwörter und Multi-Faktor-Authentifizierung (MFA) zunehmend unterlaufen. Trotz weit verbreiteter…
-
New Rust-Based InfoStealer Uses Fake CAPTCHA to Deliver EDDIESTEALER
A newly discovered Rust-based infostealer, dubbed EDDIESTEALER, has been uncovered by Elastic Security Labs, spreading through a sophisticated social engineering tactic involving fake CAPTCHA verification pages. Mimicking legitimate CAPTCHA systems like Google’s reCAPTCHA, these malicious prompts deceive users into executing harmful PowerShell scripts, ultimately deploying the infostealer on Windows systems to harvest sensitive data such…
-
New Spear-Phishing Campaign Targets Financial Executives with NetBird Malware
Tags: banking, cyber, email, finance, insurance, malware, middle-east, phishing, social-engineering, spear-phishingTrellix’s email security systems detected a highly targeted spear-phishing campaign aimed at CFOs and finance executives across industries like banking, energy, insurance, and investment firms in regions spanning Europe, Africa, Canada, the Middle East, and South Asia. This meticulously crafted operation, uncovered by Trellix’s Advanced Research Center, leverages social engineering to impersonate a Rothschild &…
-
6 rising malware trends every security pro should know
Tags: adobe, ai, antivirus, apple, attack, awareness, backdoor, business, captcha, cloud, corporate, cybercrime, data, defense, detection, encryption, endpoint, exploit, extortion, framework, group, hacking, incident response, infrastructure, intelligence, Internet, law, leak, macOS, malicious, malware, network, password, phishing, powershell, programming, pypi, ransom, ransomware, service, social-engineering, software, supply-chain, tactics, theft, threat, tool, update, vulnerability, wormMalicious packages targeting developer environments: Threat actors are systematically compromising the software supply chain by embedding malicious code within legitimate development tools, libraries, and frameworks that organizations use to build applications.”These supply chain attacks exploit the trust between developers and package repositories,” Immersive’s McCarthy tells CSO. “Malicious packages often mimic legitimate ones while running harmful…
-
Infostealer Attackers Deploy AI-Generated Videos on TikTok
Social Engineering Attacks Trick Victims Running Malware-Installation Scripts. Attackers are tapping TikTok to distribute videos, apparently generated using artificial intelligence tools, to trick victims into running scripts that install information-stealing malware, researchers warn. The campaign is the latest in a long line of schemes designed to distribute infostealers. First seen on govinfosecurity.com Jump to article:…
-
7 Cybersicherheitstipps für Reisende
Die weltweit renommierte Cybersicherheitsplattform KnowBe4, die sich umfassend mit Human-Risk-Management befasst, hat wichtige Tipps für die Reisesicherheit veröffentlicht. Diese sind speziell auf Cybersicherheitsbedrohungen für Reisende in diesem Sommer zugeschnitten. Während sich Reisende auf ihren Sommerurlaub vorbereiten, suchen Cyberkriminelle nach Möglichkeiten, Sicherheitslücken in Reiseplänen auszunutzen. Die Zunahme von Social-Engineering-Betrug, Schwachstellen in öffentlichen WLAN-Netzen sowie neuen Bedrohungen…
-
Die wertvollsten Security-Zertifizierungen
Tags: access, ai, blockchain, china, cisa, cisco, cloud, compliance, control, cyberattack, cybersecurity, data, DSGVO, endpoint, framework, germany, governance, hacker, hacking, identity, incident response, injection, international, jobs, kali, linux, monitoring, network, password, penetration-testing, privacy, resilience, risk, risk-management, sans, security-incident, service, siem, skills, social-engineering, sql, threat, usa, vulnerability, windowsZertifizierte IT-Sicherheitsprofis sind (unter anderem) gefragter und verdienen besser.(Cybersecurity-)Zertifizierungen können eine aktienähnliche Volatilität entfalten: Ihre Popularität kann steigen oder auch fallen und sie können an Relevanz verlieren, wenn sie nicht mit den aktuellen Branchenentwicklungen Schritt halten. Allerdings sind davon nicht alle Zertifizierungen gleichermaßen betroffen: Sogenannte “Blue Chips” haben sich über den Lauf der Zeit bewährt…
-
Wer landet im Netz der Cyber-Spinne?
Tags: awareness, backup, ciso, cyber, cyberattack, edr, google, hacker, infrastructure, intelligence, login, malware, mfa, phishing, ransomware, service, social-engineering, tool, usa, vpnNachdem die Hackergruppe Scattered Spider unter britischen Einzelhändlern gewütet hat, verstärkt sie ihre Kooperation mit RaaS und weitet ihr Jagdgebiet aus.Der britische Einzelhändler Marks & Spencer wurde Ende April durch eine Cyberattacke erheblich in seinem Geschäftsbetrieb gestört. Voraussichtlicher Schaden: über 400 Millionen Dollar. Kurz darauf ereigneten sich ähnliche Angriffe auf die Einzelhändler Harrods und Co-op.Alle…
-
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign
The U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over the past two years.The campaign leverages “information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive…
-
How CISOs can defend against Scattered Spider ransomware attacks
Tags: access, antivirus, attack, backup, ciso, control, credentials, data, defense, detection, edr, exploit, google, group, guide, hacker, hacking, identity, infrastructure, Internet, Intruder, law, mandiant, mfa, network, password, phishing, phone, ransom, ransomware, social-engineering, tactics, threat, tool, vmware, vpn, zero-daySignificant shift to social engineering: Over the past two years, many Scattered Spider members have been arrested and even convicted, including one key member known as “King Bob,” who was arrested in early 2024 and later pleaded guilty to the charges against him. Six other significant Scattered Spider members were arrested in late 2024.Due to…
-
How Google Meet Pages Are Exploited to Deliver PowerShell Malware
Tags: attack, cyber, cyberattack, email, exploit, google, macOS, malicious, malware, phishing, powershell, social-engineering, tactics, windowsA new wave of cyberattacks exploits user trust in Google Meet by deploying meticulously crafted fake meeting pages that trick victims into running malicious PowerShell commands. This campaign, dubbed ClickFix, leverages advanced social engineering tactics, bypassing traditional security measures and targeting Windows and macOS systems. The attack begins with phishing emails containing links that closely…
-
Diese Social-Engineering-Trends sollten Sie kennen
Tags: access, ai, authentication, ceo, computer, cyberattack, cyersecurity, hacker, mail, mfa, microsoft, psychology, social-engineering, tool, vulnerability, windowsBeim Social Engineering nutzen Cyberkriminelle menschliches Verhalten für ihre Zwecke aus. Dabei lassen sich folgende Trends beobachten. Anstatt auf fortschrittliche Tools oder komplexe Skripte zu setzen, dringen erfahrene Angreifer in Systeme ein und stehlen Daten mit Hilfe der effektivsten aller Waffen: Social Engineering befindet sich an der Schnittstelle zwischen Cybersicherheit und Psychologie und nutzt menschliches…
-
Sieben gängige Wege, ein Smartphone zu hacken
Angriffsvektoren gibt es etliche, doch wenn der Mensch aufpasst, lassen sich viele neutralisieren.Mobiltelefone gelten gemeinhin zwar als sicherer als PCs, sind aber dennoch anfällig für Angriffe insbesondere durch Social Engineering und andere Hacking-Methoden. Die sieben am weitesten verbreiteten Wege, ein Smartphone zu hacken, sind dabei:Zero-Click-SpywareSocial EngineeringMalvertisingSmishingGefälschte AppsPretextingPhysischer Zugriff Die gefährlichsten und raffiniertesten Angriffe auf Smartphones…
-
Silent Ransom Group targeting law firms, the FBI warns
FBI warns Silent Ransom Group has targeted U.S. law firms for 2 years using callback phishing and social engineering extortion tactics. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S. law firms using phishing and social engineering. Linked to BazarCall campaigns, the group previously…
-
Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique
The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector.”The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk,” Expel said in a report shared with The Hacker News. “This removes many…
-
FBI warns of Luna Moth extortion attacks targeting law firms
The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-warns-of-luna-moth-extortion-attacks-targeting-law-firms/
-
KI gegen KI Praktische und ethische Überlegungen
Künstliche Intelligenz (KI) entwickelt sich ständig weiter, und die Cybersicherheitslandschaft für Verteidiger und Angreifer setzt das Katz-und-Maus-Spiel zwischen ihnen fort. Unternehmen nutzen KI, um Anomalien zu erkennen, Sicherheitsreaktionen zu automatisieren und Bedrohungsdaten in Echtzeit zu analysieren. Cyberkriminelle hingegen nutzen KI, um ihre Taktiken zu verfeinern, Phishing-E-Mails überzeugender zu gestalten, Social-Engineering zu automatisieren und sogar Malware…
-
Vidar and StealC Malware Delivered Through Viral TikTok Videos by Hackers
A sophisticated social engineering campaign that leverages the viral power of TikTok to distribute dangerous information-stealing malware, specifically Vidar and StealC. This alarming trend marks a shift in cybercriminal tactics, moving away from traditional methods like fake CAPTCHA pages to exploiting the vast user base and algorithmic reach of social media platforms. Unlike previous attacks…
-
AI-Generated TikTok Videos Used to Distribute Infostealer Malware
Malware campaign exploiting TikTok’s popularity has been observed using social engineering to spread Vidar and StealC First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-tiktok-videos-infostealer/
-
Hackers Targets Coinbase Users Targeted in Advanced Social Engineering Hack
Coinbase users have become the prime targets of an intricate social engineering campaign since early 2025. Reports from on-chain investigator Zach reveal that over $300 million is stolen annually through these meticulously coordinated attacks, with a staggering $45 million lost in just one week in May. Unlike traditional hacks exploiting technical vulnerabilities, these scams manipulate…

