eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. Heres what comes next: These emails lure victims with urgent requests, from resolving guest review issues to verifying account information.

Phishing 65

Phishing Malware Social Engineering Authentication 65

SecureWorld News

NOVEMBER 8, 2023

Social engineering attacks have long been a threat to businesses worldwide, statistically comprising roughly 98% of cyberattacks worldwide. Given the much more psychologically focused and methodical ways that social engineering attacks can be conducted, it makes spotting them hard to do.

Social Engineering 113

Social Engineering Engineering Cyber Attacks Artificial Intelligence 113

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 331

Hacking Social Engineering Phishing Scams 331

Identity IQ

JUNE 20, 2023

What Are Social Engineering Scams? Thanks, Your CEO This common scenario is just one example of the many ways scammers may attempt to trick you through social engineering scams. In this scheme, scammers gain unauthorized access to a victim’s account and exploit it for malicious purposes.

Social Engineering 94

Social Engineering Scams Engineering Identity Theft 94

The Hacker News

MAY 16, 2024

The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware.

Social Engineering 140

Social Engineering Malware Engineering Accountability 140

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime 138

Cybercrime Social Engineering Accountability Government 138

Hacker Combat

OCTOBER 25, 2021

Google has reported that it disrupted the phishing attacks where threat actors had tried to hijack various YouTube accounts using cookie theft malware. The hijacker’s intent was to use those accounts to promote different crypto-currency scams. . The malware has the ability to steal passwords and cookies. and email.cz.

Accountability 126

Accountability Malware Scams Antivirus 126

Krebs on Security

AUGUST 19, 2021

Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company. Image: Abnormal Security. For example, the Lockbit 2.0 “Would you like to earn millions of dollars?

Ransomware 363

Ransomware Social Engineering Cybercrime Scams 363

Security Affairs

MARCH 10, 2025

Kaspersky researchers discovered a mass malware campaign spreading SilentCryptoMiner by disguising it as a tool to bypass internet restrictions. While investigating the increased use of Windows Packet Divert ( WPD ) tools by crooks to distribute malware under this pretense, the researchers spotted the campaign.

Cryptocurrency 91

Cryptocurrency Malware Social Engineering Antivirus 91

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 334

Malware Software Technology Accountability 334

SecureWorld News

FEBRUARY 25, 2025

One of the report's most pressing concerns is the role of Generative AI in social engineering attacks. Deepfake phishing, AI-generated malware, and automated spear-phishing campaigns are already on the rise. The report emphasizes the importance of transparency, explainability, and accountability in AI-driven security decisions.

Cybersecurity 95

Cybersecurity Social Engineering Artificial Intelligence Cyber threats 95

SecureWorld News

OCTOBER 3, 2023

And one of the most successful and increasingly prevalent ways of attack has come from social engineering, which is when criminals manipulate humans directly to gain access to confidential information. Social engineering is more sophisticated than ever, and its most advanced iteration is the topic of today's discussion: deepfakes.

Social Engineering 109

Social Engineering Phishing Engineering Technology 109

Security Affairs

SEPTEMBER 29, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 126

Malware Social Engineering IoT Scams 126

IT Security Guru

FEBRUARY 25, 2025

Other Ways Threat Actors Exploit Human Behaviour In addition to fatigue attacks, malefactors weaponise social engineering. MFA fatigue is often coupled with social engineeringan attacker might contact the victim, masquerading as IT support, and advise them to approve the prompt to “resolve an issue.”

Social Engineering 118

Social Engineering Authentication Risk Accountability 118

The Last Watchdog

JANUARY 30, 2025

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victims browser. This allows the extension to directly interact with local apps without further authentication.

Social Engineering 130

Social Engineering Engineering Authentication Media 130

SecureList

JANUARY 30, 2025

Introduction Since mid-2024, we’ve observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which we have named “Tria Stealer” after unique strings found in campaign samples. Contact me at ‘[link].

Accountability 98

Accountability Malware Banking Phishing 98

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. Most targeted employees are working from home or can be reached on a mobile device.

Social Engineering 294

Social Engineering Phishing Engineering Accountability 294

Malwarebytes

FEBRUARY 4, 2025

And yet, if artificial intelligence achieves what is called an agentic model in 2025, novel and boundless attacks could be within reach, as AI tools take on the roles of agents that independently discover vulnerabilities, steal logins, and pry into accounts. You can find the full 2025 State of Malware report here.

Artificial Intelligence 143

Artificial Intelligence Small Business Malware Technology 143

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. We also changed the methodology for PC banking malware by removing obsolete families that no longer use Trojan banker functionality, hence the sharp drop in numbers against 2023. million detections compared to 5.84

Phishing 74

Phishing Banking Scams Mobile 74

Security Affairs

AUGUST 28, 2024

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. The group also relied on social engineering efforts in attacks against organizations in the higher education, satellite, and defense sectors through LinkedIn. dll to execute its functions.

Malware 128

Malware Social Engineering Education Government 128

Security Affairs

JANUARY 22, 2025

STAC5777 was spotted using Microsoft Quick Assist and manual configuration changes to deploy malware. Common tactics include email bombing with spam (in some cases the volume reached as 3,000 in less than an hour), posing as tech support via Teams messages and calls, and using Microsoft remote tools to install malware.

Ransomware 98

Ransomware Malware Social Engineering Engineering 98

Security Affairs

AUGUST 9, 2021

Experts spotted a new Android trojan, dubbed FlyTrap, that compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. Zimperium’s zLabs researchers spotted a new Android trojan, dubbed FlyTrap , that already compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021.

Accountability 136

Accountability Social Engineering Malware Media 136

Security Affairs

FEBRUARY 19, 2025

Russia-linked threat actors exploit Signal ‘s “linked devices” feature to hijack accounts, per Google Threat Intelligence Group. Google Threat Intelligence Group (GTIG) researchers warn of multiple Russia-linked threat actors targeting Signal Messenger accounts used by individuals of interest to Russian intelligence.

Phishing 80

Phishing Accountability Social Engineering Malware 80

SecureWorld News

FEBRUARY 20, 2025

He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts. Develop and test ransomware response plans.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection 88

Consumer Protection Identity Theft Scams Social Engineering 88

The Hacker News

DECEMBER 1, 2021

Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts.

Phishing 144

Phishing Social Engineering Banking Engineering 144

Security Affairs

MARCH 29, 2025

“This report explores the features of Crocodilus, its links to known threat actors, and how it lures victims into helping the malware steal their own credentials.” ” The new threat mimics modern banking malware, using overlay attacks, keylogging, and remote access. ” ThreatFabric concludes.

Banking 67

Banking Mobile Identity Theft Malware 67

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency.

Scams 83

Scams Media Cryptocurrency Cybercrime 83

The Last Watchdog

APRIL 2, 2024

It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering. Some 74 percent of cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.

Social Engineering 211

Social Engineering Technology Engineering Accountability 211

Security Boulevard

MARCH 2, 2021

23, 2021 Twitter booted a gaggle of accounts from its platform, including those determined to be associated with the Russian government and the well-known disinformation machine Internet Research Agency (IRA). The post Twitter Removes Russian Disinformation Accounts appeared first on Security Boulevard. president, are banned.

Accountability 144

Accountability Internet Internet Government 144

The Hacker News

APRIL 1, 2021

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack.

Social Engineering 139

Social Engineering Cybersecurity Media Engineering 139

Security Boulevard

MARCH 17, 2025

Cyberattacks dont always rely on sophisticated exploits or advanced malware. In reality, many of the most successful breaches stem from simple tactics like phishing emails, social engineering, and exploiting basic security misconfigurations. Criminals, like everyone else, seek the easiest means to success.

Cybersecurity 52

Cybersecurity Social Engineering Scams Engineering 52

SecureList

DECEMBER 17, 2024

The attackers would then send what appeared to be the photo itself but was actually a malware installer. In reality, this was malware with no parcel-tracking functionality whatsoever. We reported the scam accounts and channels to Telegram, but the messaging service had done nothing to block them at the time of writing this.

Scams 93

Scams Malware Social Engineering Banking 93

Hacker's King

JANUARY 1, 2025

You may also like to read: Instagram Hacked: Top 5 Ways to Protect Your Account Ways to Secure Your Twitter Account Set a Strong Password - Setting a strong password is the very first step to secure your Twitter account. It enables us to make our accounts more secure. Be cautious with public Wi-Fi.

Accountability 52

Accountability Hacking Passwords Scams 52

SecureWorld News

DECEMBER 30, 2024

This may involve identifying compromised servers, web applications, databases, or user accounts. If malware is detected on workplace computers, these devices must be promptly disconnected from the network to prevent further spread. Introduce MFA for all corporate accounts.

Data breaches 111

Data breaches Social Engineering Passwords Accountability 111

Webroot

JUNE 2, 2022

Unfortunately, hackers realize this and use the lure of free games to infect people with malware. A huge economy has developed within the gaming community: People buy and sell in-game objects, character modifications, and even accounts. But you’ll get the most benefit out of focusing on the following three: Malware.

Cyber threats 127

Cyber threats Social Engineering Accountability Malware 127

Malwarebytes

SEPTEMBER 11, 2023

Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. Microsoft Teams has client-side protections in place to block file delivery from external tenant accounts.

Malware 130

Malware Social Engineering Cryptocurrency Cybercrime 130