Tag: social-engineering
-
Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems.The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by…
-
DarkCloud Stealer Uses Weaponized .TAR Archives to Target Organizations and Steal Passwords
Tags: cyber, cyberattack, email, international, malicious, office, password, social-engineering, tacticsA recent cyberattack campaign leveraging the DarkCloud stealer has been identified, targeting Spanish companies and local offices of international organizations across various industries. The attackers are spoofing a legitimate Spanish company specializing in mountain and skiing equipment to deliver malicious payloads via email. The emails, which use billing-themed social engineering tactics, feature subjects such as…
-
AI disinformation didn’t upend 2024 elections, but the threat is very real
Tags: ai, attack, authentication, business, ceo, ciso, control, corporate, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, deep-fake, detection, disinformation, election, email, endpoint, finance, fraud, group, hacking, identity, incident, incident response, intelligence, international, jobs, login, malware, network, phishing, ransomware, RedTeam, risk, scam, soc, social-engineering, tactics, threat, tool, trainingAttackers are using AI to distort and undermine threat intelligence: AI-powered disinformation has moved beyond external influence, it is now reshaping adversary tactics inside compromised networks. Attackers can generate false system logs, fabricate network traffic, and manipulate forensic evidence, forcing incident response teams to chase misleading anomalies while real intrusions progress undetected. AI-assisted malware is also…
-
New Malware Targets Magic Enthusiasts to Steal Logins
A newly discovered malware, dubbed Trojan.Arcanum, is targeting enthusiasts of tarot, astrology, and other esoteric practices. Disguised as a legitimate fortune-telling application, this Trojan infiltrates devices to steal sensitive data, manipulate users through social engineering, and even deploy cryptocurrency mining software. The malware is distributed via websites dedicated to mystical practices, masquerading as a harmless…
-
Serial Entrepreneurs Raise $43M to Counter AI Deepfakes, Social Engineering
Adaptive is pitching a security platform designed to replicate real-world attack scenarios through AI-generated deepfake simulations. The post Serial Entrepreneurs Raise $43M to Counter AI Deepfakes, Social Engineering appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/serial-entrepreneurs-raise-43m-to-counter-ai-deepfakes-social-engineering/
-
Malicious actors increasingly put privileged identity access to work across attack chains
Tags: access, ai, api, apt, attack, authentication, best-practice, breach, cisa, cisco, cloud, corporate, credentials, cybercrime, cyberespionage, data, detection, email, endpoint, exploit, framework, group, healthcare, identity, infrastructure, login, malicious, malware, mfa, microsoft, network, open-source, password, phishing, phone, ransomware, service, social-engineering, strategy, threat, tool, vpn, windowsLateral movement: Leveraging privileged access to act in plain sight: Once situated on the corporate network, compromised credentials also allow attackers to expand access to other internal systems with a reduced likelihood of being discovered or triggering malware detection.According to Talos, nearly half of investigated identity attacks targeted Active Directory, with another 20% targeting cloud…
-
Only 1% of malicious emails that reach inboxes deliver malware
99% of email threats reaching corporate user inboxes in 2024 were response-based social engineering attacks or contained phishing links, according to Fortra. Only 1% of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/02/email-attacks-social-engineering/
-
Wiz’s Security GraphDB vs. DeepTempo’s LogLM
Tags: access, ai, api, attack, automation, best-practice, breach, business, cisa, cloud, container, credentials, cve, cybersecurity, data, data-breach, defense, detection, exploit, flaw, framework, guide, iam, identity, infrastructure, intelligence, Internet, jobs, kev, leak, LLM, login, malicious, mitre, ml, network, phishing, risk, social-engineering, strategy, technology, threat, tool, update, vulnerability, vulnerability-management, zero-dayHow can a friendly Eye of Sauron help the Wizards? Cloud security is evolving beyond silos. Wiz’s meteoric rise has been powered by a fresh approach: an agentless, graph-based view of risk context across the cloud stack that supplanted a number of point solutions and created the Cloud-Native Application Protection Platform category (CNAPP). If you want…
-
Lazarus APT Jumps on ClickFix Bandwagon in Recent Attacks
A continuation of the North Korean nation-state threat’s campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lazarus-apt-clickfix-bandwagon-attacks
-
Gen Z’s Rising Susceptibility to Social Engineering Attacks
Gen Z, or individuals born between 1997 and 2012, have certain types of lifestyles, upbringings and character traits that make them ideal for social engineering exploitation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/gen-zs-rising-susceptibility-to-social-engineering-attacks/
-
Die Zukunft von Social Engineering KI, Wearables und VR kurbeln Cyberkriminalität an
Der neue Bericht von Trend Micro zeigt auf, wie Cyberkriminelle KI, Wearables, Virtual Reality (VR) und Augmented Reality (AR) sowie Chatbots nutzen werden, um Opfer präziser denn je zu manipulieren [1]. Die Bedrohungsforschern von Trend Micro analysierten, wie Angreifer diese Technologien nutzen, um ihre Taktiken zu verfeinern und ihre Täuschungsmanöver weiterzuentwickeln. »Social Engineering, also… First…
-
>>Crocodilus<< A New Malware Targeting Android Devices for Full Takeover
Researchers have uncovered a dangerous new mobile banking Trojan dubbed Crocodilus actively targeting financial institutions and cryptocurrency platforms. The malware employs advanced techniques like remote device control, stealthy overlays, and social engineering to steal sensitive data, marking a significant escalation in mobile threat sophistication. Early campaigns focus on banks in Spain and Turkey, but experts…
-
The Trump administration made an unprecedented security mistake you can avoid doing the same
Tags: access, attack, business, communications, control, cybersecurity, data, defense, government, group, intelligence, international, malicious, military, mobile, network, office, resilience, risk, russia, social-engineering, technology, threat, ukraine, unauthorized, usa, vulnerability, wormfaux pas of senior administration personnel went from bad to worse to the gutter in the span of 24 hours. If you haven’t read The Atlantic writeup, you should (there are two pieces, the revelation from Goldberg and then the subsequent release of the contents of the Signal chat). There is no getting around it,…
-
MailChimp Under Attack: How Cybercriminals Are Exploiting Email Marketing Platforms
At Constella, we’ve spent years analyzing how cybercriminals execute attacks that affect organizations of all sizes, whether they’re startups, local businesses, or global enterprises. One of the most revealing recent cases involves the abuse of Email Marketing Platforms like MailChimp, whose accounts are being compromised through account takeover (ATO), phishing, and social engineering tactics. These……
-
Banking Malware Infects 248,000 Mobile Users Through Social Engineering Techniques
In 2024, the number of users affected by mobile banking malware skyrocketed to nearly 248,000, a staggering 3.6-fold increase from the previous year’s 69,000 affected users. This dramatic rise in malicious activity was particularly pronounced in the latter half of the year, indicating an evolving threat landscape in the mobile finance sector. Mamont Emerges as…
-
Charm Security Emerges From Stealth With $8 Million in Funding
Charm Security has emerged from stealth mode with $8 million in funding for AI-powered scams and social engineering prevention. The post Charm Security Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/charm-security-emerges-from-stealth-with-8-million-in-funding/
-
11 ways cybercriminals are making phishing more potent than ever
Tags: 2fa, ai, attack, authentication, awareness, breach, business, ciso, conference, corporate, credentials, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, detection, dns, email, exploit, finance, hacker, infrastructure, intelligence, linkedin, login, malicious, malware, mfa, microsoft, mobile, office, phishing, powershell, qr, russia, service, social-engineering, software, sophos, spam, sql, switch, theft, threat, toolThey’re luring with voice and video: Bad actors are also exploiting AI’s ability to clone voices and likenesses from audio and video clips or images found online.Combined with tools that mimic caller ID, cybercriminals can fool targets by calling them and purporting to be a family member, friend, or work colleague seeking urgent assistance. Such…
-
How AI agents could undermine computing infrastructure security
In this Help Net Security video, Ev Kontsevoy, CEO at Teleport, explores the risks AI agents pose to computing infrastructure, particularly when exposed to social engineering … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/25/ai-agents-infrastructure-security-video/
-
News alert: Arsen introduces new AI-based phishing tests to improve social engineering resilience
Paris, France, Mar. 24, 2025, CyberNewswire, Arsen, a leading cybersecurity company specializing in social engineering defense, today announced the full release of Conversational Phishing, a groundbreaking feature embedded in its phishing simulation platform. This AI-powered tool introduces dynamic,… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/news-alert-arsen-introduces-new-ai-based-phishing-tests-to-improve-social-engineering-resilience/
-
KI als Turbo für Kriminelle
Tags: access, ai, cyberattack, ddos, deep-fake, extortion, fraud, Internet, ransomware, social-engineeringEuropol warnt: Kriminelle nutzen KI, um ihre Operationen zu automatisieren und zu verstärken.Von Cyberbetrug über Ransomware bis hin zu Drogenhandel und Geldwäsche: Das Internet ist laut Europol zum Hauptschauplatz für kriminelle Machenschaften geworden. ‘Nahezu alle Formen schwerer und organisierter Kriminalität hinterlassen einen digitalen Fußabdruck”, betont die Europäische Polizeibehörde, sei es als Werkzeug, Ziel oder Vermittler.Vor…
-
Arsen Introduces AI-Powered Phishing Tests to Improve Social Engineering Resilience
Paris, France, 24th March 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/arsen-introduces-ai-powered-phishing-tests-to-improve-social-engineering-resilience/
-
Intro to Deceptionology: Why Falling for Scams is Human Nature
Deception is a core component of many cyberattacks, including phishing, scams, social engineering and disinformation campaigns. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/intro-to-deceptionology-why-falling-for-scams-is-human-nature/
-
AI in the Enterprise: Key Findings from the ThreatLabz 2025 AI Security Report
Tags: access, ai, attack, best-practice, breach, business, chatgpt, cloud, compliance, control, cyber, cybercrime, cybersecurity, data, deep-fake, exploit, finance, firewall, framework, germany, governance, government, healthcare, india, insurance, intelligence, least-privilege, malicious, malware, microsoft, monitoring, network, open-source, phishing, risk, scam, social-engineering, strategy, technology, threat, tool, unauthorized, update, vpn, vulnerability, zero-trustArtificial intelligence (AI) has rapidly shifted from buzz to business necessity over the past year”, something Zscaler has seen firsthand while pioneering AI-powered solutions and tracking enterprise AI/ML activity in the world’s largest security cloud.As enterprises embrace AI to boost productivity, accelerate decision-making, and automate workflows, to name a few benefits, cybercriminals are using the…
-
‘Ich bin kein Roboter” aber ein mögliches Cyber-Opfer
Tags: access, ai, authentication, awareness, captcha, cyber, cyberattack, data, exploit, github, Internet, mail, malware, open-source, powershell, rat, social-engineering, software, threatExperten haben mehrere Kampagnen entdeckt, bei denen Angreifer unter anderem steigende ‘Klick-Toleranz” mit mehrstufigen Infektionsketten ausnutzen.Cyber-Kriminelle werden immer einfallsreicher, zum Beispiel indem sie GitHub infizieren. Sie nutzen die Gewohnheiten der Menschen verstärkt aus. Captchas gehören zu den Sicherheitsmechanismen, die seit geraumer Zeit auf Websites verwendet werden, um die Echtheit von Nutzenden zu überprüfen.Experten im aktuellen…
-
Immutable Cybersecurity Law #12
Tags: attack, awareness, breach, credentials, cyber, cybercrime, cybersecurity, data, email, exploit, law, login, malicious, password, phishing, powershell, scam, social-engineering, software, tactics, technology, threat, vulnerability, windows“Never underestimate the simplicity of the attackers, nor the gullibility of the victims.” Cyberattacks don’t always rely on sophisticated exploits or advanced malware. In reality, many of the most successful breaches stem from simple tactics like phishing emails, social engineering, and exploiting basic security misconfigurations. Complexity isn’t a prerequisite for effectiveness”Š”, “Šattackers often favor the…
-
Hackers Rapidly Adopt ClickFix Technique for Sophisticated Attacks
Tags: attack, cyber, cybercrime, exploit, hacker, malicious, powershell, psychology, social-engineeringIn recent months, a sophisticated social engineering technique known as ClickFix has gained significant traction among cybercriminals and nation-state-sponsored groups. This method exploits human psychology by presenting users with fake prompts that appear to resolve a non-existent issue, effectively bypassing traditional security measures. The ClickFix technique involves deceiving users into executing malicious PowerShell commands by…
-
8 Tipps zum Schutz vor Business E-Mail Compromise
Tags: ai, authentication, awareness, best-practice, business, ceo, chatgpt, ciso, compliance, cyberattack, defense, dmarc, fraud, hacker, Hardware, incident response, insurance, intelligence, mail, malware, mfa, phishing, risk, social-engineering, strategy, threat, toolLesen Sie, welche Punkte in einer Richtlinie zum Schutz vor Business E-Mail Compromise (BEC) enthalten sein sollten.Laut einer Analyse von Eye Security waren Business E-Mail Compromise (BEC)-Angriffe für 73 Prozent aller gemeldeten Cybervorfälle im Jahr 2024 verantwortlich ein deutlicher Anstieg im Vergleich zu 44 Prozent im Jahr 2023. Die Aggressoren steigern nicht nur das Volumen…
-
Threat Actor Impersonates Booking.com in Phishing Scheme
Microsoft detailed a sophisticated campaign that relies on a social engineering technique, ClickFix, in which a phisher uses security verification like captcha to give the target a false sense of safety. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/threat-actor-booking-com-clickfix-phishing-scheme
-
Ongoing Cyber Attack Mimic Booking.com to Spread Password-Stealing Malware
Tags: attack, credentials, cyber, finance, fraud, intelligence, malware, microsoft, password, phishing, social-engineering, threatMicrosoft Threat Intelligence has identified an ongoing phishing campaign that began in December 2024, targeting organizations in the hospitality industry by impersonating the online travel agency Booking.com. The campaign, tracked as Storm-1865, employs a sophisticated social engineering technique called ClickFix to deliver credential-stealing malware designed to conduct financial fraud and theft. This attack specifically targets…
-
OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection
A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77.The activity, condemned OBSCURE#BAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It’s currently not known who is behind the campaign.The rootkit “has the ability to cloak or mask any file, registry…

