2014 and Social Engineering - Cyber Security Informer

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

SecureWorld News

APRIL 22, 2025

This incident highlights the critical vulnerability in cryptocurrency communities, where high-net-worth individuals or executives may be more prone to social engineering attacks due to the high volume of media and investor engagement they handle. Lazarus is also behind significant cryptocurrency heists, such as the $1.5

Cryptocurrency

Cryptocurrency Social Engineering Cybercrime Engineering

Hackers use overlay screens on legitimate sites to steal Outlook credentials

Security Affairs

SEPTEMBER 5, 2020

“Another social engineering technique the threat actor uses to lure the employee into interacting with the email is giving the messages urgency, asking the recipient to review them or they will be deleted after three days.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Phishing Engineering Advertising

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

“In addition to infecting victims through legitimate-looking websites, HIDDEN COBRA actors also use phishing, social networking, and social engineering techniques to lure users into downloading the malware.” billion from banks and other victims worldwide. .

Cryptocurrency

Cryptocurrency Financial Services Banking Government

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

SocialEngineered forum hacked and data leaked online

Security Affairs

JUNE 24, 2019

SocialEngineered.net is a forum dedicated to social engineering discussions, it has been compromised data of its users was leaked on a hacker forum. SocialEngineered.net, the forum dedicated to social engineering topics, announced it has suffered a data breach two weeks ago. Pierluigi Paganini.

Hacking

Hacking Social Engineering Data breaches Engineering

Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures

Security Boulevard

FEBRUARY 23, 2021

Such lures are used as social engineering schemes by threat actors; in this case, the malware was targeted at security researchers. We have recently observed other instances of threat actors targeting security researchers with social engineering techniques. Threat attribution. Currently logged in user name.

Social Engineering

Social Engineering Engineering Passwords Malware

ZINC Hackers Leverage Open-source Software to Lure IT Pros

eSecurity Planet

OCTOBER 3, 2022

PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer have been backdoored to perform a wide range of social engineering campaigns that started in April 2022. See the Best Open Source Security Tools. Highly Evasive Attack. Also read: How Hackers Evade Detection.

Software

Software Social Engineering Engineering Phishing

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

Voice phishing is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering VPN Phishing Authentication

Ex-NASA contractor pleaded guilty for cyberstalking crimes

Security Affairs

OCTOBER 14, 2018

The man acknowledged having targeted friends, co-workers, and family members, he used social engineering tricks and also used malware to compromise victims’ systems. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Identity Theft

Identity Theft Social Engineering Advertising Hacking

North Korean threat actor APT43 pivots back to strategic cyberespionage

CSO Magazine

MARCH 29, 2023

It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm. When it comes to threat actors working for the North Korean government, most people have heard of the Lazarus group (APT38).

Social Engineering

Social Engineering Cybercrime Government Banking

North Korea’s Lazarus compromised dozens of organizations in Israel

Security Affairs

AUGUST 14, 2020

The Lazarus APT is linked to North Korea, the activity of the Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cyber Attacks

Cyber Attacks Social Engineering Advertising Malware

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

The Last Watchdog

AUGUST 18, 2021

Norton got ‘ demergered ’ from Symantec in 2014 and then acquired LifeLock for $2.3 Also, one of the top ways attackers can target individuals is via social engineering or phishing. A lot of water has flowed under the bridge since then. billion in 2017; Avast acquired AVG for $1.3 billion in 2016, for instance.

Antivirus

Antivirus Marketing Identity Theft Social Engineering

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

The experts first discovered the malware in June 2018, but it has been available since 2014, when they observed threat actors spreading it via a Microsoft Word document containing an auto-executable malicious VBA Macro. “When combined with timely social engineering lures, these non-sophisticated attacks continue to be successful.”

Passwords

Passwords Spyware VPN Malware

Girl Scouts data breach exposed personal information of 2,800 members

Security Affairs

OCTOBER 30, 2018

Experts warn of possible social-engineering-based cyber attacks leveraging the exposed info. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Social Engineering Advertising Insurance

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

AUGUST 26, 2020

For several years beginning around 2010, a lone teenager in Vietnam named Hieu Minh Ngo ran one of the Internet’s most profitable and popular services for selling “ fullz ,” stolen identity records that included a consumer’s name, date of birth, Social Security number and email and physical address.

Identity Theft

Identity Theft Computers and Electronics Hacking Accountability

Privacy Roundup: Week 3 of Year 2025

Security Boulevard

JANUARY 20, 2025

Successful exploitation requires social engineering users into manipulating a specially crafted file. These probably don't affect most users reading this. CVE-2025-21308. This is probably a CVE most users should tune into. It is a spoofing vulnerability that affects Themes in Windows.

Surveillance

Surveillance Malware Data breaches Scams

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The CryptoLocker wave went into a decline in June 2014 as a result of the so-called Operation Tovar , an initiative orchestrated by law enforcement agencies from multiple countries. The newsmaking emergence of CTB-Locker in 2014 and the CryptoWall ransomware in 2015 fully demonstrated this multi-pronged shift.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

Interestingly, this campaign relies on a well-known social engineering trick – a fake Adobe Flash update warning – in order to induce the user to download and install malware.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Kill (uninstall) the malware. . Pierluigi Paganini.

Malware

Malware Social Engineering Advertising Government

Microsoft issues guidance to defend Exchange servers under attack

Security Affairs

JUNE 25, 2020

There are two primary techniques to target Exchange servers; the most common scenario sees attackers launching social engineering or drive-by download attacks targeting endpoints to steal credentials and move laterally until they gain access to an Exchange server. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Advertising Engineering Authentication

Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

Security Affairs

MAY 21, 2020

The Chafer APT group has distributed data stealer malware since at least mid-2014, it was focused on surveillance operations and the tracking of individuals. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Government

Government Social Engineering Hacking Advertising

Reading Mandiant M-Trends 2023

Anton on Security

APRIL 20, 2023

Furthermore, these adversaries demonstrated a willingness to get personal with their targets, bullying and threatening many of them. ” NOT SURPRISING “Global median dwell time continued to improve year over year, with organizations detecting incidents in just over two weeks in 2022.

Social Engineering

Social Engineering Ransomware Cybercrime Cyber Attacks

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Security Affairs

MARCH 30, 2020

. “It calls on its C&C server to fetch relevant web injections when infected users land on a targeted page and uses them to modify the pages users are browsing to include social engineering content and trick them into divulging personal information and authentication codes.” Pierluigi Paganini.

Banking

Banking Malware Social Engineering Advertising

Police are warning crooks are using cleaners to compromise businesses

Security Affairs

FEBRUARY 3, 2020

The only way to p revent this kind of p hysical intrusions that exploit human factor and social engineering is to implement a cultural change. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Advertising CISO Hacking

Charming Kitten APT is targeting Iranian dissidents in Germany

Security Affairs

AUGUST 10, 2023

The Charming Kitten group made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. The cyber spies used social media to gather information on the targets and as a vector for social engineering attacks.

Social Engineering

Social Engineering Engineering Media Cyber Attacks

IDF soldiers tricked into installing malicious apps by Hamas operatives posing as attractive women

Security Affairs

FEBRUARY 17, 2020

This kind of social engineering attacks was already used by Hamas hackers in the past, in July 2018 Israeli military intelligence accused Hamas operatives of creating tainted apps to lure soldiers into downloading spyware onto their phones. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Media Advertising Spyware

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Malware

Malware Scams Social Engineering Phishing

350 million decrypted email addresses left exposed on an unsecured server

Security Affairs

AUGUST 27, 2020

They can then conduct elaborate phishing and social engineering attacks to gain access to the victims’ accounts on other digital services such as entertainment and shopping platforms or even online banking. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Social Engineering

Social Engineering Passwords Marketing Phishing

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

The second human-operated ransomware family is Doppelpaymer that in recent months targeted enterprise environments through social engineering. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Cybercrime Social Engineering Banking

Experts analyzed the distribution technique used in a recent Emotet campaign

Security Affairs

JANUARY 2, 2019

” The attack begins with an email message with a weaponized document that once opened will ask the victim to enable macros using social engineering tricks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Advertising Malware Engineering

Hackers leak data on hundreds of German Politicians, including Chancellor Merkel

Security Affairs

JANUARY 4, 2019

It’s a very elaborately done social engineering attack,” he said Friday by phone. Stay Tuned … ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. It’s a lot of data that’s been dumped.”. Pierluigi Paganini.

Social Engineering

Social Engineering Advertising Government Accountability

Reading the ENISA Threat Landscape Report 2018

Security Affairs

JANUARY 30, 2019

Nation-state hacking reduced the use of complex malware and appears to go towards low profile social engineering attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cyber threats

Cyber threats IoT Social Engineering Advertising

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

The abuse of nothing new, however, as high-profile movies and TV shows are frequently used as social engineering baits promising early previews either in the form of malicious files disguised as early released copies or fake streaming sites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Security Intelligence Adware Social Engineering

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

In classic social engineering attack, the phishing message presents a “one time username and password” to the victims and urges the user to click the “Login Right Here” button. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing

Phishing Social Engineering Malware Advertising

Experts disclose security flaws in Oracle’s iPlanet Web Server

Security Affairs

MAY 11, 2020

” The second issue, tracked as CVE-2020-9314 , could be exploited to inject external images which can be used for phishing and social engineering attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Phishing Advertising Encryption

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

DECEMBER 3, 2018

In 2014, a JP Morgan Chase hack exposed 76 million households. The attackers apparently had unauthorized access since 2014 – a massive window of opportunity to explore internal servers, escalate privileges, moves laterally to other systems, and plot a careful exfiltration strategy before being discovered.

Hacking

Hacking eCommerce Authentication Social Engineering

Charming Kitten Campaign involved new impersonation methods

Security Affairs

OCTOBER 13, 2019

As part of the recently observed campaign, the state-sponsored hackers used three different spear-phishing methods: Ending an email message leveraging social engineering methods. Impersonating social media websites, such as Facebook, Twitter and Instagram, as well as using these social media to spread malicious links.

Media

Media Social Engineering Phishing Advertising

U.S. authorities sanction six Nigerian nationals for BEC and Romance Fraud

Security Affairs

JUNE 20, 2020

The crooks exploited online tools and technology along with social engineering tactics to target the victims and steal usernames, passwords, and bank accounts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Scams Small Business Banking

Emotet is back, it spreads reusing stolen email content

Security Affairs

SEPTEMBER 19, 2019

The operators are hijacking legitimate email threads as part of a social engineering attack. “One of Emotet’s most devious methods of self-propagation centers around its use of socially engineered spam emails. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Malware Advertising Engineering

Hacker stole $1m from Silicon Valley executive via SIM swap

Security Affairs

NOVEMBER 26, 2018

Typically the attacker gathers the information to respond the questions through social engineering or through OSINT activities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Identity Theft Social Engineering Advertising

Experts disclosed an unpatched Kernel buffer overflow in Trusteer Rapport for MacOS

Security Affairs

DECEMBER 24, 2018

“Security awareness training can also help prevent local malware or social engineering attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .” ” concludes the analysis. Pierluigi Paganini.

Advertising

Advertising Social Engineering Software Security Awareness

WhatsApp flaws allow the attackers to manipulate conversations

Security Affairs

AUGUST 8, 2019

“Our team observed three possible methods of attack exploiting this vulnerability – all of which involve social engineering tactics to fool end-users.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Advertising Engineering Architecture

Signed Malspam campaigns hit Europeans with Multi-Stage JasperLoader

Security Affairs

APRIL 28, 2019

“The choice to abuse certified email services such as PEC demonstrates that as attackers are always looking for new ways to lend credibility to their social engineering attacks.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues Cisco Talos. Pierluigi Paganini.

Malware

Malware Social Engineering Banking Advertising

Experts disclose a Webroot SecureAnywhere macOS Kernel Level bug found months ago

Security Affairs

SEPTEMBER 15, 2018

The flaw is difficult to trigger, it is exploitable only by a local attacker that is logged into a vulnerable Mac system or by tricking an already logged-in user into opening an exploit through social engineering. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Social Engineering

Social Engineering Advertising Software Engineering

Emotet spam uses unconventional IP address formats to evade detection

Security Affairs

JANUARY 24, 2022

Both routines use social engineering techniques to trick users into enabling document macros and automate malware execution. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. ” reported Trend Micro.

Malware

Malware Social Engineering Ransomware Banking

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Security Affairs

APRIL 25, 2019

Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware

Firmware Social Engineering Advertising Malware

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

Hackers use overlay screens on legitimate sites to steal Outlook credentials

Webinars

Trending Sources

U.S. Indicts North Korean Hackers in Theft of $200 Million

Webinars

SocialEngineered forum hacked and data leaked online

Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures

ZINC Hackers Leverage Open-source Software to Lure IT Pros

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Ex-NASA contractor pleaded guilty for cyberstalking crimes

North Korean threat actor APT43 pivots back to strategic cyberespionage

North Korea’s Lazarus compromised dozens of organizations in Israel

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Girl Scouts data breach exposed personal information of 2,800 members

Confessions of an ID Theft Kingpin, Part I

Privacy Roundup: Week 3 of Year 2025

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Russia-Linked Turla APT uses new malware in watering hole attacks

Microsoft issues guidance to defend Exchange servers under attack

Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

Reading Mandiant M-Trends 2023

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Police are warning crooks are using cleaners to compromise businesses

Charming Kitten APT is targeting Iranian dissidents in Germany

IDF soldiers tricked into installing malicious apps by Hamas operatives posing as attractive women

New Coronavirus-themed malspam campaign delivers FormBook Malware

350 million decrypted email addresses left exposed on an unsecured server

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Experts analyzed the distribution technique used in a recent Emotet campaign

Hackers leak data on hundreds of German Politicians, including Chancellor Merkel

Reading the ENISA Threat Landscape Report 2018

Crooks spread malware via pirated movies during COVID-19 outbreak

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Experts disclose security flaws in Oracle’s iPlanet Web Server

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

Charming Kitten Campaign involved new impersonation methods

U.S. authorities sanction six Nigerian nationals for BEC and Romance Fraud

Emotet is back, it spreads reusing stolen email content

Hacker stole $1m from Silicon Valley executive via SIM swap

Experts disclosed an unpatched Kernel buffer overflow in Trusteer Rapport for MacOS

WhatsApp flaws allow the attackers to manipulate conversations

Signed Malspam campaigns hit Europeans with Multi-Stage JasperLoader

Experts disclose a Webroot SecureAnywhere macOS Kernel Level bug found months ago

Emotet spam uses unconventional IP address formats to evade detection

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Stay Connected