Tag: social-engineering
-
Service desks are under attack: What can you do about it?
Service desks are on the front lines of defense”, and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/service-desks-are-under-attack-what-can-you-do-about-it/
-
The Coinbase Data Breach: A Breakdown of What Went Wrong
How did a $400 million data breach happen at Coinbase? It wasn’t a tech failure”, it was a human one. Learn how social engineering exploited trust and what it means for cybersecurity. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/the-coinbase-data-breach-a-breakdown-of-what-went-wrong/
-
Shields up US retailers. Scattered Spider threat actors can target them
Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting U.S. companies, shifting their focus across the Atlantic. The financially motivated group UNC3944 (also known as Scattered Spider, 0ktapus) is known for social engineering and extortion. The cybercrime group is suspected of hacking into hundreds of organizations over the past two years,…
-
Coinbase Hacked and Turns the Tables on the Cybercriminals!
Tags: attack, ceo, ciso, cyber, cybercrime, cybersecurity, data, data-breach, defense, extortion, finance, ransom, ransomware, risk, social-engineering, technology, threat, toolThis is how you handle cybercrime digital extortion! Coinbase was compromised by trusted 3rd party partners, which exposed customer data”Š”, “Šbut customer keys to their assets were still safe. The cyber criminals then attempted to extort $20 million from Coinbase, to keep the attack secret. Coinbase’s answer: NO! Instead, they are creating a $20 million…
-
Feds charge 12 more suspects in RICO case over crypto crime spree
Some of the suspects allegedly “cold-called victims and used social engineering to convince them their accounts were the subject of cyberattacks and the enterprise callers were attempting to help secure their accounts,” according to the DOJ. First seen on therecord.media Jump to article: therecord.media/feds-charge-12-suspects-in-rico-crypto-heist
-
Feds charge 12 more suspects in RICO case over crypto crime spree
Some of the suspects allegedly “cold-called victims and used social engineering to convince them their accounts were the subject of cyberattacks and the enterprise callers were attempting to help secure their accounts,” according to the DOJ. First seen on therecord.media Jump to article: therecord.media/feds-charge-12-suspects-in-rico-crypto-heist
-
Researchers warn threat actors in UK retail attacks are targeting US sector
Google Threat Intelligence researchers say the hackers behind intrusions at multiple British retailers are launching similar social engineering attacks against American companies.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-actors-uk-retail-attacks-targeting-us/748198/
-
Coinbase suffers data breach, gets extorted (but won’t pay)
Cryptocurrency exchange platform Coinbase has suffered a breach, which resulted in attackers acquiring customers’ data that can help them mount social engineering … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/15/coinbase-suffers-data-breach-gets-extorted/
-
Sicherheitsbewusstsein sollte angesichts zunehmender Cyberbedrohungen in Europa geschärft werden
Die weltweit renommierte Cybersicherheitsplattform KnowBe4, die sich umfassend mit Human-Risk-Management befasst, hat heute ihren ‘Phishing by Industry Benchmarking Report 2025″ veröffentlicht. Der Bericht misst den ‘Phish-Prone-Percentage” (PPP) einer Organisation, also den Prozentsatz der Mitarbeiter, die wahrscheinlich auf Social-Engineering- oder Phishing-Angriffe hereinfallen, und gibt damit Aufschluss über deren allgemeine Anfälligkeit für Phishing-Bedrohungen. Der diesjährige Bericht ergab…
-
Swan Vector APT Targets Organizations with Malicious LNK and DLL Implants
A newly identified advanced persistent threat (APT) campaign, dubbed >>Swan Vector
-
Deepfake Defense in the Age of AI
The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale. Let’s review the status of these rising attacks, what’s fueling them, and how to actually prevent, not detect, them. The Most Powerful Person…
-
Detecting Remote Monitoring and Management Tools Used by Attackers
Tags: access, browser, chrome, cloud, control, credentials, data, detection, endpoint, exploit, identity, intelligence, ivanti, microsoft, monitoring, network, open-source, risk, saas, service, social-engineering, software, strategy, theft, threat, tool, unauthorized, update, vulnerability, vulnerability-management, windowsFollowing up on last year’s LOLDriver plugin, Tenable Research is releasing detection plugins for the top Remote Monitoring and Management (RMM) tools that attackers have been more frequently leveraging in victim environments. Background In August 2024, Tenable Research released a detection plugin for Nessus, Tenable Security Center and Tenable Vulnerability Management to help customers identify…
-
Scattered Spider Malware Targets Klaviyo, HubSpot, and Pure Storage Platforms
Silent Push researchers have identified that the notorious hacker collective Scattered Spider, also known as UNC3944 or Octo Tempest, continues to actively target prominent services in 2025, including Klaviyo, HubSpot, and Pure Storage. This group, active since at least 2022, has built a reputation for executing sophisticated social engineering attacks to harvest usernames, login credentials,…
-
Threat Actors Leverage Multimedia Systems in Stealthy Vishing Attacks
Threat actors have begun exploiting multimedia systems as a pivotal component of their voice phishing (vishing) attacks. Unlike traditional vishing schemes that rely solely on spoofed phone numbers and social engineering tactics, these advanced operations integrate compromised multimedia platforms, such as VoIP (Voice over Internet Protocol) systems and streaming services, to orchestrate highly convincing and…
-
The many variants of the ClickFix social engineering tactic
As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/08/clickfix-social-engineering-tactic-variants/
-
Protect Yourself From Cyber’s Costliest Threat: Social Engineering
Today, it is safe to say that social engineering has become the most dangerous and costly form of cybercrime that businesses face. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/protect-yourself-from-cybers-costliest-threat-social-engineering/
-
Phishing-Resistant MFA: Why FIDO is Essential
Tags: access, ai, attack, authentication, breach, business, cloud, compliance, credentials, cryptography, cybersecurity, data, data-breach, defense, dora, encryption, exploit, fido, framework, GDPR, Hardware, iam, identity, ISO-27001, malicious, mfa, mobile, network, nist, passkey, password, phishing, phone, ransomware, regulation, risk, service, social-engineering, software, strategy, tactics, technology, theft, threat, tool, unauthorizedPhishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 – 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error. Traditional Multi-Factor Authentication (MFA), while a step up from password-only security, is no longer enough to fight modern phishing schemes. Today’s…
-
Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware
The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures.”LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker,” the Google Threat First…
-
‘Eine Krisensituation erfordert klare Entscheidungen”
Tags: ai, awareness, ciso, cyersecurity, group, incident response, nis-2, phishing, risk, risk-management, social-engineering, training, vulnerabilityVolker Buß, CISO bei der Merck Group: “Das Wichtigste bei einem Cybervorfall ist, Ruhe zu bewahren.” Merck GroupDie Merck Gruppe beschäftigt weltweit rund 63.000 Mitarbeiter. Wie behalten Sie den Überblick in Sachen Cybersicherheit?Buß: Zum Glück haben wir ein sehr engagiertes Team, das in alle Richtungen den Überblick behält. Unser Security Operations Center bildet dabei das…
-
Retail Sector in Scattered Spider Crosshairs
Don’t Fall for Easy Social Engineering Traps, Advises Mandiant. The teenage hackers behind Scattered Spider tend to launch attacks in waves against specific sectors – and it may be the retail sector’s turn. High street British mainstays Marks & Spencer, Co-op and Harrods have all felt a wave of incidents. First seen on govinfosecurity.com Jump…
-
Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware
Tags: apple, blockchain, crypto, cyber, cybersecurity, macOS, malware, password, social-engineering, technologyCybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised websites. The operation, dubbed >>MacReaper,
-
Hackers Exploit Fake Chrome Error Pages to Deploy Malicious Scripts on Windows Users
Hackers are leveraging a sophisticated social engineering technique dubbed >>ClickFix>fix
-
How cybercriminals exploit psychological triggers in social engineering attacks
Most attacks don’t start with malware; they begin with a message that seems completely normal, whether it comes through email, a phone call, or a chat, and that is exactly … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/06/social-engineering-human-behavior/
-
Fake resumes targeting HR managers now come with updated backdoor
Tags: attack, awareness, backdoor, best-practice, ciso, control, cybersecurity, data, defense, detection, email, endpoint, espionage, exploit, government, infection, infrastructure, intelligence, jobs, linkedin, malicious, microsoft, mitigation, network, password, phishing, radius, scam, soc, social-engineering, spear-phishing, theft, threat, windows%temp%\ieuinit.inf and writes obfuscated commands to it, including a Windows batch file.When this code is executed, Microsoft WordPad is automatically launched in a ploy to distract the user, who is meant to believe the promised resumé is being opened. The batch script will then covertly launch the legitimate Windows utility %windir%\system32\ie4uinit.exe, which in turn executes the commands from…
-
LUMMAC.V2 Stealer Uses ClickFix Technique to Deceive Users into Executing Malicious Commands
The LUMMAC.V2 infostealer malware, also known as Lumma or Lummastealer, has emerged as a significant threat, employing the cunning >>ClickFix
-
12 most innovative launches at RSA 2025
Tags: ai, attack, awareness, ciso, cloud, communications, compliance, control, cyber, cybersecurity, data, deep-fake, detection, email, endpoint, finance, framework, governance, healthcare, identity, insurance, intelligence, login, malicious, network, nist, open-source, openai, phishing, privacy, RedTeam, resilience, risk, risk-analysis, risk-management, saas, service, siem, social-engineering, tactics, threat, tool, training, update, zero-day, zero-trustAuditBoard: AI governance solution: AuditBoard announced its AI governance solution, designed to help organizations accelerate AI risk management and promote responsible AI adoption. The solution is designed to streamline AI use case intake, review, and approval processes, establish a centralized repository for approved AI models, and dynamically link AI risks to vendors, assets, and controls…
-
Threat Actors Attacking U.S. Citizens Via Social Engineering Attack
Tags: attack, cyber, cybercrime, cybersecurity, email, exploit, malicious, phishing, social-engineering, tactics, threatAs Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S. citizens, according to a detailed report from Seqrite Labs. Security researchers have uncovered a malicious campaign exploiting the tax season through sophisticated social engineering tactics, primarily phishing attacks. These cybercriminals are deploying deceptive emails and malicious attachments to steal sensitive…
-
Was ist Vishing?
Tags: social-engineeringVishing ist eine Form des Social-Engineerings, bei der Angreifer versuchen, sensible Informationen telefonisch zu erlangen. Der Begriff setzt sich aus ‘Voice” (Stimme) und ‘Phishing” zusammen. Beim Vishing nutzen Betrüger das Telefon als Angriffsvektor. Sie geben sich beispielsweise als Bankmitarbeiter, IT-Support oder Behördensprecher aus und täuschen Dringlichkeit oder Autorität vor, um ihr Ziel zur Herausgabe vertraulicher Daten…
-
Doppel Secures $35M Series B to Expand AI-Powered Social Engineering Defense Platform
First seen on scworld.com Jump to article: www.scworld.com/news/doppel-secures-35m-series-b-to-expand-ai-powered-social-engineering-defense-platform

