The Hacker News

JANUARY 26, 2021

An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information.

Phishing 127

Phishing Social Engineering Manufacturing Engineering 127

CSO Magazine

MARCH 28, 2022

Blame it on pandemic fatigue, remote work or just too much information, but employees appear to be lowering their guard when it comes to detecting social engineering tricks. Attackers were more successful with their social engineering schemes last year than they were a year earlier, according to Proofpoint.

Social Engineering 97

Social Engineering Engineering Phishing 97

Security Affairs

NOVEMBER 18, 2020

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection. Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection.

Phishing 143

Phishing Social Engineering Passwords Security Intelligence 143

Security Affairs

JUNE 8, 2023

North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. ” concludes the report.

Social Engineering 98

Social Engineering Engineering Malware Risk 98

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings. Image: CISA.

Cryptocurrency 331

Cryptocurrency Financial Services Banking Government 331

Krebs on Security

JUNE 15, 2024

0KTAPUS In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. A Scattered Spider phishing lure sent to Twilio employees.

Hacking 335

Hacking Cybercrime Phishing Passwords 335

Krebs on Security

AUGUST 19, 2021

“According to this actor, he had originally intended to send his targets—all senior-level executives—phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext,” Hassold wrote. billion in 2020. Image: FBI. DON’T QUIT YOUR DAY JOB.

Ransomware 363

Ransomware Social Engineering Cybercrime Scams 363

SecureWorld News

FEBRUARY 13, 2025

Evolution of social engineering Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or taking harmful actions. Deepfakes are revolutionizing social engineering attacks, making them more deceptive and harder to detect.

Social Engineering 86

Social Engineering Authentication Identity Theft Education 86

Duo's Security Blog

FEBRUARY 25, 2021

The first known mention of the word “phishing” happened in the America Online (AOL) user group named appropriately “AOHell. Phishing has raised hell ever since. As technology has evolved so has the sophistication of targeted phishing attacks. What is spear-phishing? What happened when a popular company was breached?

Phishing 106

Phishing Social Engineering Engineering Authentication 106

SecureList

MARCH 1, 2021

In 2020, Kaspersky mobile products and technologies detected: 5,683,694 malicious installation packages, 156,710 new mobile banking Trojans, 20,708 new mobile ransomware Trojans. It just so happened that the year 2020 gave hackers a large number of powerful news topics, with the COVID-19 pandemic as the biggest of these.

Mobile 145

Mobile Malware Adware Banking 145

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

SecureList

AUGUST 23, 2021

billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures. This rapid growth owes a lot to the surge in mobile gaming and focus on social interaction during the pandemic. Pandemic-related statistics cover the period of January 2020 through June 2021.

Mobile 139

Mobile Adware Malware Phishing 139

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. 2, and Aug.

Mobile 337

Mobile Phishing Authentication Accountability 337

Security Boulevard

JUNE 17, 2022

The tactics, techniques, and procedures (TTPs) of this threat actor have a high overlap with a previous voicemail campaign that ThreatLabz analyzed in July 2020. Voicemail-themed phishing campaigns continue to be a successful social engineering theme used by this threat actor to lure victims in opening a malicious attachment.

Phishing 128

Phishing Social Engineering Manufacturing Healthcare 128

Hot for Security

MARCH 18, 2021

The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI have released a Joint Cybersecurity Advisory on TrickBot warning that a sophisticated group of cyber actors are sending phishing emails claiming to contain proof of traffic violations to lure victims into downloading the insidious malware.

Phishing 119

Phishing Social Engineering Malware Antivirus 119

Security Affairs

FEBRUARY 25, 2022

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. reads a translation of the message.

Phishing 121

Phishing Social Engineering Government Accountability 121

Daniel Miessler

MAY 19, 2021

Top three patterns in breaches were: social engineering, basic web application attacks, and system intrusion. Top three patterns in incidents were: denial of service, basic web application attacks, and social engineering. Internal actors moved significantly towards External in 2020.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

The Last Watchdog

APRIL 14, 2022

This type of targeted phishing or whaling (executive-level) attack tricks email recipients into believing someone they know and trust is asking them to carry out a specific financial task. Today’s BEC attempts aren’t the easy-to-spot, typo-laden phishing campaigns of the past. The short answer: Not always. Prevention is the cure.

Phishing 247

Phishing Accountability Scams Social Engineering 247

eSecurity Planet

AUGUST 16, 2021

A phishing campaign that Microsoft security researchers have been tracking for about a year highlights not only the ongoing success of social engineering efforts by hackers to compromise systems, but also the extent to which the bad actors will go to cover their tracks while stealing user credentials. Invoice-Themed Lures.

Phishing 109

Phishing Social Engineering Passwords Engineering 109

Malwarebytes

AUGUST 18, 2021

Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. Google searches for DocuSign almost doubled during March 2020, and stayed there, as so many people around the world started working from home. We’ve included some examples of DocuSign phishing campaigns below.

Phishing 145

Phishing Password Management Passwords Accountability 145

eSecurity Planet

MARCH 31, 2022

Approximately 83 percent of organizations said they faced a successful phishing attempt in 2021, up from 57 percent in 2020. This guide breaks down the different types of phishing attacks and provides examples to help organizations better prepare their staff to deal with them. What is Phishing? Spear Phishing.

Phishing 131

Phishing Banking Social Engineering Scams 131

SC Magazine

JANUARY 26, 2021

companies as a primary target of a new phishing scheme. Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. The company could not be certain, however, if the V4 phishing kit was involved.

Phishing 118

Phishing Passwords Security Awareness Social Engineering 118

Security Boulevard

OCTOBER 15, 2021

In the Human Hacking report recently published by SlashNext Threat Labs, data shows phishing attacks rose 51% over 2020 (a record-breaking year), and 59% were credential stealing.

Social Engineering 52

Social Engineering Engineering Phishing Hacking 52

Security Affairs

OCTOBER 30, 2024

Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. The group is known for the SolarWinds supply chain attack that in 2020 hit more than 18,000 customer organizations, including Microsoft. ” reads the report published by Microsoft.

Phishing 98

Phishing Social Engineering Government Hacking 98

SecureWorld News

FEBRUARY 25, 2022

Proofpoint has announced its 2022 State of the Phish report, which is the latest in-depth look at end-user awareness, vulnerability, and resilience. The eighth annual study features an analysis of global survey responses, simulated phishing exercises, and real-world attacks.

Phishing 98

Phishing Risk Security Awareness Social Engineering 98

Security Affairs

APRIL 7, 2021

Crooks increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. Last year, Group-IB identified phishing kits targeting over 260 unique brands. Last year, Group-IB identified phishing kits targeting over 260 unique brands.

Phishing 103

Phishing Cybercrime Social Engineering Accountability 103

Hacker's King

DECEMBER 16, 2024

The SolarWinds attack in 2020 is a prime example of cybercriminals infiltrating a software company and compromising its products, allowing them to access hundreds of organizations, including government agencies and Fortune 500 companies. Simulated phishing exercises can help staff become more aware of these threats.

Cyber Attacks 59

Cyber Attacks Phishing Artificial Intelligence Penetration Testing 59

CyberSecurity Insiders

FEBRUARY 22, 2022

And security experts from Check Point believe that the malicious software has so far targeted over 140,000 victims since November 2020, hitting high profile victims including those on PayPal, Microsoft, Amazon, Bank of America and Wells Fargo.

Malware 122

Malware Social Engineering Banking Phishing 122

Krebs on Security

OCTOBER 2, 2023

These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks. Image: @Pressmaster on Shutterstock. And that was from just a few minutes of searching.

Engineering 310

Engineering Encryption Social Engineering Healthcare 310

Malwarebytes

JUNE 19, 2023

A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. A 21 year old man named David Smith, from Connecticut, allegedly figured out a way to extract large quantities of cash from drivers with a scam stretching back to 2020.

Scams 98

Scams Phishing Password Management Passwords 98

Approachable Cyber Threats

MARCH 22, 2021

Through phishing. What’s phishing again?” Phishing is a specific type of cyber attack through which hackers and scammers use email to trick you. It’s part of a broader cyber attack called “social engineering” that includes other avenues like phone calls, text messages, and even impersonating people in real life.

Phishing 98

Phishing Passwords Education Authentication 98

Hot for Security

MARCH 24, 2021

Fraud losses climbed to $56 billion in 2020 and identity fraud scams accounted for a staggering $43 billion of that cost, according to a new report. As consumers relied increasingly on digital payment products during 2020, identity fraud scams kept pace with this shift in behavior, the report reveals.

Scams 122

Scams Accountability Authentication Internet 122

SecureWorld News

JANUARY 28, 2022

Phishing attacks have steadily been on the rise, and according to Proofpoint's 2021 State of the Phish Report , over half of all participants reported receiving a successful phishing attack in 2020. Criminals use departmental reputation to trick users into trusting phishing lures.

Phishing 98

Phishing Education Social Engineering Security Awareness 98

Security Affairs

MAY 11, 2020

Researchers discovered two security flaws impacting Oracle’s iPlanet Web Server, tracked as CVE-2020-9315 and CVE-2020-9314, that could cause sensitive data exposure and limited injection attacks. The CVE-2020-9314 issue resides in the “productNameSrc” parameter of the console. ” continues the report.

Social Engineering 126

Social Engineering Phishing Advertising Encryption 126

Security Affairs

FEBRUARY 9, 2021

The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF) vulnerabilities, their exploitation could lead to a site takeover, malicious redirects, spam injection, phishing, and other malicious activities. December 15, 2020 – Imagely replies and we provide full disclosure.

Social Engineering 129

Social Engineering Firewall Engineering Phishing 129

Malwarebytes

MARCH 31, 2022

That flaw makes it possible for phishing attempts to bypass filters and escape the trained eye, and results in apps incorrectly displaying URLs. As there are a handful of applications affected by this flaw, each one has been assigned a CVE number to track: CVE-2020-20093 – Facebook Messenger 227.0 or prior for iOS and 107.0.0.11

Phishing 102

Phishing Malware Social Engineering Engineering 102

Spinone

SEPTEMBER 8, 2020

Phishing attacks are one of the main cyber threats involving mistakes by workers. Arranging training for your employees is a great way to protect your company against phishing and its expensive and time-consuming consequences. So, let’s take a look at notable phishing awareness training providers.

Phishing 52

Phishing InfoSec Social Engineering Backups 52