CSO Magazine

MARCH 28, 2022

Blame it on pandemic fatigue, remote work or just too much information, but employees appear to be lowering their guard when it comes to detecting social engineering tricks. Attackers were more successful with their social engineering schemes last year than they were a year earlier, according to Proofpoint.

Social Engineering 97

Social Engineering Engineering Phishing 97

Krebs on Security

DECEMBER 29, 2020

With the ongoing disruption to life and livelihood wrought by the Covid-19 pandemic, 2020 has been a fairly horrid year by most accounts. In almost every category — from epic breaches and ransomware to cybercrime justice and increasingly aggressive phishing and social engineering scams — 2020 was a year that truly went to eleven.

Scams 308

Scams Social Engineering Cybercrime Advertising 308

Digital Guardian

JANUARY 25, 2021

SOX compliance, preventing social engineering attacks, and data classification. In this blog, we count down the most read blogs of 2020.

Social Engineering 111

Social Engineering Engineering 111

Krebs on Security

APRIL 6, 2022

In some ways, the attacks from LAPSUS$ recall the July 2020 intrusion at Twitter , wherein the accounts for Apple, Bill Gates, Jeff Bezos, Kanye West, Uber and others were made to tweet messages inviting the world to participate in a cryptocurrency scam that promised to double any amount sent to specific wallets.

Social Engineering 289

Social Engineering Phishing Engineering Accountability 289

Krebs on Security

NOVEMBER 21, 2020

2019 that wasn’t discovered until April 2020. In response to questions from KrebsOnSecurity, GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam. and 11:00 p.m. PST on Nov.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

SecureWorld News

OCTOBER 12, 2021

According to investigators, he wrote the following in April 2020 as he tried to connect with a foreign nation: “I apologize for this poor translation into your language. By the end of 2020, the FBI was looking at it. This happened through social engineering, which included a secret signal for him in Washington D.C.

Social Engineering 98

Social Engineering Engineering Encryption Cryptocurrency 98

SecureList

JULY 21, 2021

This article contains some analytical findings from Managed Detection and Response (MDR) operations during Q4 2020. In Q4 2020, the average number of collected raw events from one host was around 15 000. Social engineering. What is Kaspersky MDR. Data processing pipeline and security operations. DDOS/DOS with impact.

Social Engineering 121

Social Engineering Engineering Technology Adware 121

SecureList

AUGUST 23, 2021

billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures. This rapid growth owes a lot to the surge in mobile gaming and focus on social interaction during the pandemic. Pandemic-related statistics cover the period of January 2020 through June 2021.

Mobile 141

Mobile Adware Malware Phishing 141

Krebs on Security

JANUARY 24, 2020

In the case of e-hawk.net, however, the scammers managed to trick an OpenProvider customer service rep into transferring the domain to another registrar with a fairly lame social engineering ruse — and without triggering any verification to the real owners of the domain. ” REGISTRY LOCK.

DNS 313

DNS Social Engineering Engineering Accountability 313

SecureList

OCTOBER 6, 2022

We observed the threat landscape of ATM/PoS malware attacks and how it changed in 2020-2022. For these purposes, we analyzed threat statistics from Kaspersky Security Network (KSN), a system for processing anonymized cyberthreat-related data shared voluntarily by Kaspersky users, for the period between January 2020 and August 2022.

Malware 143

Malware Banking Software Cybercrime 143

Security Affairs

MARCH 3, 2021

The Perl.com domain was hijacked in January, but a senior editor at the site revealed that the hackers took control of the domain in September 2020. The Perl.com domain was hijacked in January 2021, but according to Brian Foy , senior editor of Perl.com, the attack took place months before, in September 2020. ” added Foy.

Social Engineering 121

Social Engineering Malware Hacking Engineering 121

Malwarebytes

MARCH 17, 2021

The so-called “mastermind” behind the 2020 Twitter hack that compromised the accounts of several celebrities and public figures—including President Barack Obama, Bill Gates, and Elon Musk—pleaded guilty to several charges on Tuesday in a Florida court. He will also earn credit for the 229 days that he has already spent in jail.

Hacking 107

Hacking Social Engineering Scams Accountability 107

Krebs on Security

MARCH 23, 2022

Microsoft says LAPSUS$ — which it boringly calls “ DEV-0537 ” — mostly gains illicit access to targets via “social engineering.” “My budget is $100000 in BTC,” Breachbase told Raidforums in October 2020. “Person who directs me to someone will get $10000 BTC.

Social Engineering 331

Social Engineering Accountability Mobile Passwords 331

SecureWorld News

FEBRUARY 13, 2025

Evolution of social engineering Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or taking harmful actions. Deepfakes are revolutionizing social engineering attacks, making them more deceptive and harder to detect.

Social Engineering 81

Social Engineering Authentication Identity Theft Education 81

Approachable Cyber Threats

SEPTEMBER 14, 2021

According to DBIR, social engineering and basic web application attacks account for over 50% of all incidents of breaches. When we thought about 2020, it felt like hackers and ransomware should have been at the top (these fall under system intrusion). What did “the internet” think was causing breaches in 2020?

Data breaches 97

Data breaches Social Engineering Engineering Computers and Electronics 97

The Hacker News

JANUARY 26, 2021

An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information.

Phishing 132

Phishing Social Engineering Manufacturing Engineering 132

SecureWorld News

NOVEMBER 6, 2024

To gain support, highlight how Zero Trust mitigates current threats like the SolarWinds supply chain attack in 2020, which exposed vulnerabilities in traditional defenses. Deepfake social engineering: Deepfakes can mimic legitimate users to manipulate access. These evolving threats often exploit gaps in traditional security.

Social Engineering 102

Social Engineering Authentication Architecture Ransomware 102

Adam Levin

AUGUST 26, 2020

In 2020 alone, we’ve seen ransomware attacks bring the operations of international corporations and high-powered law firms to a standstill. Since email addresses and phone numbers are sensitive personal information that can be used in social engineering, you may want to consider the adoption of these email security tips.

Education 246

Education Backups Social Engineering Engineering 246

Hot for Security

MARCH 24, 2021

Fraud losses climbed to $56 billion in 2020 and identity fraud scams accounted for a staggering $43 billion of that cost, according to a new report. As consumers relied increasingly on digital payment products during 2020, identity fraud scams kept pace with this shift in behavior, the report reveals.

Scams 122

Scams Accountability Authentication Internet 122

Daniel Miessler

MAY 19, 2021

Top three patterns in breaches were: social engineering, basic web application attacks, and system intrusion. Top three patterns in incidents were: denial of service, basic web application attacks, and social engineering. Ransomware doubled from 5% of breaches to 10% in 2020. 61% of breaches involved credentials.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software. Twilio disclosed in Aug.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

Daniel Miessler

SEPTEMBER 29, 2020

DanielMiessler) September 19, 2020. SafetyDetectives reports the average cost of a ransomware-caused downtime incident has risen from $46,800 in 2018, to $141,000 in 2019, to $283,800 in 2020. A ransomware attack against the New Orleans city government in early 2020 cost the city over $7 million dollars.

Ransomware 246

Ransomware Government Social Engineering Small Business 246

SecureWorld News

MAY 11, 2023

RELATED: Famous Twitter Accounts Hacked: Insider Threat or Social Engineering Attack? ] Lastly, the DOJ says that O'Connor stalked and threatened a minor victim in June and July 2020, orchestrating a series of swatting attacks on this third victim. Now, the U.S.

Accountability 97

Accountability Social Engineering Media Hacking 97

Krebs on Security

APRIL 20, 2023

This ongoing North Korean espionage campaign using LinkedIn was first documented in August 2020 by ClearSky Security , which said the Lazarus group operates dozens of researchers and intelligence personnel to maintain the campaign globally. Microsoft Corp.

Malware 328

Malware Software Technology Accountability 328

Security Affairs

FEBRUARY 9, 2021

The two CSRF vulnerabilities, tracked as CVE-2020-35942, were discovered by researchers at security firm Wordfence. An attacker could trigger the flaws with social engineering techniques by tricking WordPress admins into clicking specially crafted links or attachments to perform malicious actions.

Social Engineering 126

Social Engineering Firewall Engineering Phishing 126

Security Through Education

OCTOBER 27, 2021

Social-Engineer, LLC saw an almost 350% increase in recognition of phishing emails when using a similar training platform in 2020. It is to these carefully crafted campaigns that Social-Engineer, LLC can attribute their success. The answer is simple; with simulated attacks and subsequent training.

Cybersecurity 137

Cybersecurity Social Engineering Firewall Engineering 137

Krebs on Security

OCTOBER 2, 2023

These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks. Image: @Pressmaster on Shutterstock. And that was from just a few minutes of searching.

Engineering 308

Engineering Encryption Social Engineering Healthcare 308

Duo's Security Blog

FEBRUARY 25, 2021

In this report, we walk through a real-world case study of how a socially engineered phishing attack worked on a popular company, and show you some steps on how it could have been prevented. This report guides you through some big questions and answers about phishing, including: What is social engineering?

Phishing 106

Phishing Social Engineering Engineering Authentication 106

Security Affairs

NOVEMBER 18, 2020

“We’re tracking an active credential phishing attack targeting enterprises that uses multiple sophisticated methods for defense evasion and social engineering,” reads a message published by Microsoft via Twitter. pic.twitter.com/YpUVEfmlUH — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2020.

Phishing 142

Phishing Social Engineering Passwords Security Intelligence 142

Malwarebytes

APRIL 19, 2022

A new advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department (Treasury), highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020.

Cryptocurrency 138

Cryptocurrency Social Engineering Computers and Electronics Engineering 138

The Hacker News

AUGUST 16, 2022

Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into

Social Engineering 97

Social Engineering Malware Engineering Cybersecurity 97

Security Affairs

AUGUST 2, 2021

According to the 2020 Insider Threat Report , contractors, service providers, and temporary workers pose the greatest risk to 50% of organizations. The cleaner’s insider access takes care of the physical access challenge, while detachment to the organization makes the individual more susceptible to social engineering.

Social Engineering 136

Social Engineering Healthcare Engineering Hacking 136

Krebs on Security

JUNE 15, 2024

The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software. One of the more popular SIM-swapping channels on Telegram maintains a frequently updated leaderboard of the most accomplished SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency.

Hacking 333

Hacking Cybercrime Phishing Passwords 333

CyberSecurity Insiders

FEBRUARY 22, 2022

And security experts from Check Point believe that the malicious software has so far targeted over 140,000 victims since November 2020, hitting high profile victims including those on PayPal, Microsoft, Amazon, Bank of America and Wells Fargo.

Malware 122

Malware Social Engineering Banking Phishing 122

Security Affairs

MAY 11, 2020

Researchers discovered two security flaws impacting Oracle’s iPlanet Web Server, tracked as CVE-2020-9315 and CVE-2020-9314, that could cause sensitive data exposure and limited injection attacks. The CVE-2020-9314 issue resides in the “productNameSrc” parameter of the console.

Social Engineering 124

Social Engineering Phishing Advertising Encryption 124

The Last Watchdog

APRIL 14, 2022

For starters, attackers leverage social engineering tactics and information gleaned from websites and social media profiles to determine employees’ working relationships and connections. billion in annual losses during 2020, resulting from 19,369 incidents. Prevention is the cure.

Phishing 247

Phishing Accountability Scams Social Engineering 247

Malwarebytes

FEBRUARY 15, 2021

The UK’s National Crime Agency (NCA)—working alongside the US Secret Service, Homeland Security, the FBI, Europol, and the District Attorney’s Office of Santa Clara California—spearheaded the arrest of eight British citizens in the UK and Scotland, aged between 18 to 26, for a string of SIM swapping attacks that occurred in 2020.

Social Engineering 139

Social Engineering Cryptocurrency Accountability Authentication 139