Article, CSO and Social Engineering - Cyber Security Informer

Social engineering explained: How criminals exploit human behavior

CSO Magazine

SEPTEMBER 16, 2021

Social engineering definition. Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data. To read this article in full, please click here

Social Engineering

Social Engineering Engineering Scams Passwords

How deepfakes enhance social engineering and authentication threats, and what to do about it

CSO Magazine

OCTOBER 25, 2021

Learn what makes these 6 social engineering techniques so effective. | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here

Social Engineering

Social Engineering Engineering Authentication CSO

Social engineering: Definition, examples, and techniques

CSO Magazine

FEBRUARY 7, 2022

What is social engineering? Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Learn what makes these 6 social engineering techniques so effective. | To read this article in full, please click here

Social Engineering

Social Engineering Engineering CSO Passwords

5 social engineering assumptions that are wrong

CSO Magazine

JUNE 24, 2022

Social engineering is involved in the vast majority of cyberattacks, but a new report from Proofpoint has revealed five common social engineering assumptions that are not only wrong but are repeatedly subverted by malicious actors in their attacks. To read this article in full, please click here

Social Engineering

Social Engineering Engineering Cybercrime

7 new social engineering tactics threat actors are using now

CSO Magazine

APRIL 13, 2021

It’s been a boom time for social engineering. Social engineering, of course, means attacking the user rather than the computing system itself, trying to extract information or incite an action that will lead to compromise. Learn what makes these 6 social engineering techniques so effective. |

Social Engineering

Social Engineering Engineering CSO

Strangest social engineering attacks of 2021

CSO Magazine

MARCH 8, 2022

New research has highlighted the creative and occasionally unusual lengths fraudsters take to carry out social engineering attacks. global resident CISO at Proofpoint, tells CSO. To read this article in full, please click here

Social Engineering

Social Engineering Engineering CSO CISO

North Korean APT group targets email credentials in social engineering campaign

CSO Magazine

JUNE 8, 2023

Researchers warn of a social engineering campaign by the North Korean APT group known as Kimsuky that attempts to steal email credentials and plant malware. Operating since at least 2012, the group often employs targeted phishing and social engineering tactics to gather intelligence and access sensitive information."

Social Engineering

Social Engineering Engineering Phishing Government

FBI arrests social engineer who allegedly stole unpublished manuscripts from authors

CSO Magazine

JANUARY 13, 2022

To read this article in full, please click here

Social Engineering

Social Engineering Identity Theft Engineering

5 old social engineering tricks employees still fall for, and 4 new gotchas

CSO Magazine

MARCH 28, 2022

Blame it on pandemic fatigue, remote work or just too much information, but employees appear to be lowering their guard when it comes to detecting social engineering tricks. Attackers were more successful with their social engineering schemes last year than they were a year earlier, according to Proofpoint.

Social Engineering

Social Engineering Engineering Phishing

8 top multifactor authentication products and how to choose an MFA solution

CSO Magazine

OCTOBER 19, 2021

Whether it’s advanced phishing techniques, credential stuffing, or even credentials compromised through social engineering or breaches of a third-party service, credentials are easily the most vulnerable point in defending corporate systems. Get the latest from CSO by signing up for our newsletters. ]

Authentication

Authentication CSO Social Engineering Engineering

8 IT security disasters: Lessons from cautionary examples

CSO Magazine

MARCH 21, 2022

Sign up for CSO newsletters. ]. 2012: Court Ventures gets social-engineered. Sometimes all it takes is some brazen misrepresentation and social engineering skills. To read this article in full, please click here Hopefully you'll come away with some ideas on how not to suffer a disaster of your own.

Social Engineering

Social Engineering CSO Engineering Data breaches

BrandPost: Changing the Narrative Around Attack Victim Shaming

CSO Magazine

MAY 25, 2021

Unfortunately, in some organizations, employees who fall victim to a social engineering ploy that leads to a ransomware attack are blamed for their actions. Social engineering attacks, like phishing emails, are common conduits of ransomware, and have become more sophisticated. Victim shaming is never OK.

Social Engineering

Social Engineering Engineering Ransomware Phishing

How to hack a phone: 7 common attack methods explained

CSO Magazine

NOVEMBER 2, 2021

Social engineering. Social engineering The easiest way for any hacker to break into any device is for the user to open the door themselves. Making that happen is easier said than done, of course, but it's the goal of most forms of social engineering attacks. To read this article in full, please click here

Social Engineering

Social Engineering Hacking Engineering Malware

97% of enterprises say VPNs are prone to cyberattacks: Study

CSO Magazine

SEPTEMBER 26, 2022

Reliance on VPNs for remote access is putting enterprises at significant risk as social engineering , ransomware , and malware attacks continue to advance, exposing businesses to greater risk, according to a new report by cloud security company Zscaler. To read this article in full, please click here

Social Engineering

Social Engineering Engineering Risk Ransomware

NCSC warns industry, academia of foreign threats to their intellectual property

CSO Magazine

NOVEMBER 25, 2021

While ransomware attacks emphasize how criminals monetize their ability to socially engineer individuals to click that link or attachment, nation states are quietly working to fleece the IP and gain foothold within targets of interest. To read this article in full, please click here

Social Engineering

Social Engineering CISO Engineering Ransomware

BrandPost: Lessons in Security: School District Shares Pandemic Experiences

CSO Magazine

JULY 30, 2021

The education sector is a top target for cybercriminals, and faces “an unusually large percentage” of social engineering attacks, according to the 2021 Verizon Data Breach Investigations Report. To read this article in full, please click here

Social Engineering

Social Engineering Data breaches Education Engineering

5 most dangerous new attack techniques

CSO Magazine

APRIL 27, 2023

The five emerging cyber-attack vectors the speakers covered were adversarial AI, ChatGPT-powered social engineering, third-party developer, SEO, and paid advertising attacks. To read this article in full, please click here

Social Engineering

Social Engineering Cyber Attacks Advertising Engineering

10 top anti-phishing tools and services

CSO Magazine

APRIL 28, 2022

Most phishing attacks are less about the technology and more about social engineering. To read this article in full, please click here It’s amazing how easily humans are manipulated when emotions are triggered.

Phishing

Phishing Social Engineering Engineering Technology

Microsoft reports jump in business email compromise activity

CSO Magazine

MAY 22, 2023

“BEC attacks stand apart in the cybercrime industry for their emphasis on social engineering and the art of deception,” said Vasu Jakkal, corporate vice president of security, in a blog post. To read this article in full, please click here Successful BEC attacks cost organizations hundreds of millions of dollars annually.”

Social Engineering

Social Engineering Cybercrime Engineering Cybersecurity

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

CSO Magazine

JANUARY 11, 2023

Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off.

Scams

Scams Phishing Social Engineering Engineering

Security asset management should be buttoned down. It isn’t.

CSO Magazine

FEBRUARY 18, 2022

Oh, and the bad guys go looking for these open doors using automated scanning tools, software exploits, social engineering scams, or anything else that works. To read this article in full, please click here Because every IT widget represents a potential entry point for cyber-adversaries.

Social Engineering

Social Engineering Scams Engineering Software

China-aligned APT renews cyberattack on European diplomats, as war rages

CSO Magazine

MARCH 9, 2022

This provides a "sign of life" confirmation to the bad actor establishing that the target account is valid and inclined to open malicious emails with social engineering content. To read this article in full, please click here

Social Engineering

Social Engineering Accountability Engineering Cybersecurity

What are phishing kits? Web components of phishing attacks explained

CSO Magazine

APRIL 1, 2021

Editor's note: This article, originally published on August 7, 2018, has been updated to include new information on phishing kit features. Phishing is a social attack, directly related to social engineering. To read this article in full, please click here

Phishing

Phishing Social Engineering Engineering

What is phishing? Examples, types, and techniques

CSO Magazine

APRIL 12, 2022

These attacks use social engineering techniques to trick the email recipient into believing that the message is something they want or need—a request from their bank, for instance, or a note from someone in their company—and to click a link or download an attachment. To read this article in full, please click here

Phishing

Phishing Social Engineering Banking Engineering

BrandPost: Why You Need a New Approach to Contain Phishing Attacks

CSO Magazine

JULY 1, 2021

After all, employees need to click on links to do their jobs, and social engineering makes phishing links difficult to identify. Malicious phishing links are constantly evolving and take many forms: To read this article in full, please click here That’s because they work so well.

Phishing

Phishing Social Engineering Engineering

Microsoft urges Windows users to run patch for DogWalk zero-day exploit

CSO Magazine

AUGUST 10, 2022

By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems. To read this article in full, please click here

Social Engineering

Social Engineering Engineering Phishing

Darktrace/Email upgrade enhances generative AI email attack defense

CSO Magazine

APRIL 2, 2023

Darktrace has announced a new upgrade to its Darktrace/Email product with enhanced features that defend organizations from evolving cyberthreats including generative AI business email compromise (BEC) and novel social engineering attacks. To read this article in full, please click here

Social Engineering

Social Engineering Engineering Phishing Accountability

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection

Threat Detection Authentication Accountability Data breaches

What is spear phishing? Examples, tactics, and techniques

CSO Magazine

APRIL 7, 2022

Spear phishing messages are often crafted with care using pernicious social engineering techniques and are difficult to defend against with mere technical means. To read this article in full, please click here

Phishing

Phishing Social Engineering Engineering Malware

North Korean threat actor APT43 pivots back to strategic cyberespionage

CSO Magazine

MARCH 29, 2023

APT43 specializes in credential harvesting and social engineering with a focus on foreign policy and nuclear security issues, topics that align with North Korea’s strategic nuclear goals. To read this article in full, please click here

Social Engineering

Social Engineering Cybercrime Government Banking

Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges

CSO Magazine

JANUARY 31, 2023

According to a blog on the company’s website , threat actors satisfied Microsoft’s requirements for third-party OAuth apps by abusing the Microsoft “verified publisher” status, employing brand abuse, app impersonation and other social engineering tactics to lure users into authorizing malicious apps.

Social Engineering

Social Engineering Engineering Cybersecurity

Making security a more welcoming field for women

CSO Magazine

MARCH 29, 2022

Alethe Denis was on maternity leave when she decided to participate in DEF CON's Social Engineering Capture the Flag competition in 2019. To read this article in full, please click here She took her three-month-old daughter and her husband to Las Vegas and planned the trip to the finest detail.

Social Engineering

Social Engineering Engineering

BrandPost: Secure Microsoft 365 with Reveal(x) 360 Network Detection and Response

CSO Magazine

NOVEMBER 5, 2021

Once an identity or set of credentials is compromised, any data they have access to is at risk and the identity can be used as part of a social engineering or spear-phishing attack to access more privileged credentials. To read this article in full, please click here

Social Engineering

Social Engineering Phishing Data breaches Risk

Meta, Apple emergency data request scam holds lessons for CISOs

CSO Magazine

APRIL 11, 2022

had been successfully socially engineered into providing customer data in response to “emergency data requests” to individuals who they believed to be representing the U.S. To read this article in full, please click here A recent Bloomberg piece highlighted how Meta Platforms, Inc., parent company of Facebook) and Apple, Inc.,

Social Engineering

Social Engineering CISO Scams Government

Abnormal Security expands threat protection to Slack, Teams and Zoom

CSO Magazine

APRIL 25, 2023

The company — focused on protecting enterprises from targeted email attacks, such as phishing , social engineering , and business email compromise — is also adding data ingestion from new sources to better its AI model, which maps user identity behavior. To read this article in full, please click here

Social Engineering

Social Engineering Threat Detection Engineering Phishing

BrandPost: Keeping Your Hybrid Workforce Secure with Cyber Hygiene Training

CSO Magazine

SEPTEMBER 20, 2021

Any time an organization shifts an employee’s workspace and network usage, they may be less adept at identifying phishing attacks, social engineering or other security threats. To read this article in full, please click here If this was true when on-site work was the norm, it is even more so in a hybrid work environment.

Social Engineering

Social Engineering Phishing Education Security Awareness

Ransomware attacks are increasing with more dangerous hybrids ahead

CSO Magazine

JUNE 14, 2022

The same actions taken to quash ransomware activity might end up forging alliances among financially motivated threat actors to create hybrid cyber-attacks that meld social engineering with ransomware. To read this article in full, please click here

Ransomware

Ransomware Social Engineering Cyber Attacks Engineering

Iranian cyberspies use multi-persona impersonation in phishing threads

CSO Magazine

SEPTEMBER 14, 2022

Incident response company Mandiant recently reported with medium confidence that APT42 operates on behalf of the Islamic Revolutionary Guard Corps (IRGC)’s Intelligence Organization (IRGC-IO) and specializes in highly targeted social engineering. To read this article in full, please click here

Phishing

Phishing Social Engineering Engineering

HTML smuggling campaigns impersonate well-known brands to deliver malware

CSO Magazine

FEBRUARY 9, 2023

Trustwave SpiderLabs researchers have cited an increased prevalence of HTML smuggling activity whereby cybercriminal groups abuse the versatility of HTML in combination with social engineering to distribute malware. To read this article in full, please click here

Malware

Malware Social Engineering Engineering Internet

Interview with Dr. Arun Vishwanath on the Latest Cybersecurity Attacks

CyberSecurity Insiders

JUNE 3, 2021

The “people problem” is a phrase I heard in many different occasions when I met with IT managers (CISO, CSO, CIOs), many in leading research labs, national security establishments, and such. Some of the data that is stolen feeds social engineering attacks, where hackers use the stolen data to attack people and steal even more.

Cybersecurity

Cybersecurity Energy and Utilities Social Engineering Phishing

Malwarebytes releases Mobile Security for OneView to secure Chromebooks, Android, iOS devices

CSO Magazine

MAY 9, 2023

Malware, social engineering, data leakage, and Wi-Fi interference are among the many mobile security risks organizations face, while novel technologies such as generative AI are predicted to create new opportunities for cybercriminals to target mobile devices. To read this article in full, please click here

Mobile

Mobile Social Engineering Engineering Ransomware

Luna Moth callback phishing campaign leverages extortion without malware

CSO Magazine

NOVEMBER 21, 2022

Callback phishing – or telephone-oriented attack delivery (TOAD) – is a social engineering attack that requires a threat actor to interact with the target to accomplish their objectives. To read this article in full, please click here Luna Moth removes malware portion of phishing callback attack.

Phishing

Phishing Malware Social Engineering Retail

ChatGPT Security and Privacy Issues Remain in GPT-4

eSecurity Planet

APRIL 27, 2023

The software supply chain issues identified … in OpenAI’s breach are not surprising, as most organizations are struggling with these challenges, albeit perhaps less publicly,” said Peter Morgan, who is the co-founder and CSO of Phylum.io, a cybersecurity firm that focuses on the supply chain. The key is getting ahead of the risks.”

Engineering

Engineering Risk CSO Social Engineering

Cybersecurity Snapshot: Tenable Report Warns About Toxic Cloud Exposures, as PwC Study Urges C-Suite Collaboration for Stronger Cyber Resilience

Security Boulevard

OCTOBER 18, 2024

The most common types of attacks were social engineering; malware; denial of service; and compromise of unpatched systems.

Cybersecurity

Cybersecurity CISO CSO Risk

Social engineering explained: How criminals exploit human behavior

How deepfakes enhance social engineering and authentication threats, and what to do about it

Trending Sources

Social engineering: Definition, examples, and techniques

5 social engineering assumptions that are wrong

7 new social engineering tactics threat actors are using now

Strangest social engineering attacks of 2021

North Korean APT group targets email credentials in social engineering campaign

FBI arrests social engineer who allegedly stole unpublished manuscripts from authors

5 old social engineering tricks employees still fall for, and 4 new gotchas

8 top multifactor authentication products and how to choose an MFA solution

8 IT security disasters: Lessons from cautionary examples

BrandPost: Changing the Narrative Around Attack Victim Shaming

How to hack a phone: 7 common attack methods explained

97% of enterprises say VPNs are prone to cyberattacks: Study

NCSC warns industry, academia of foreign threats to their intellectual property

BrandPost: Lessons in Security: School District Shares Pandemic Experiences

5 most dangerous new attack techniques

10 top anti-phishing tools and services

Microsoft reports jump in business email compromise activity

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

Security asset management should be buttoned down. It isn’t.

China-aligned APT renews cyberattack on European diplomats, as war rages

What are phishing kits? Web components of phishing attacks explained

What is phishing? Examples, types, and techniques

BrandPost: Why You Need a New Approach to Contain Phishing Attacks

Microsoft urges Windows users to run patch for DogWalk zero-day exploit

Darktrace/Email upgrade enhances generative AI email attack defense

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

What is spear phishing? Examples, tactics, and techniques

North Korean threat actor APT43 pivots back to strategic cyberespionage

Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges

Making security a more welcoming field for women

BrandPost: Secure Microsoft 365 with Reveal(x) 360 Network Detection and Response

Meta, Apple emergency data request scam holds lessons for CISOs

Abnormal Security expands threat protection to Slack, Teams and Zoom

BrandPost: Keeping Your Hybrid Workforce Secure with Cyber Hygiene Training

Ransomware attacks are increasing with more dangerous hybrids ahead

Iranian cyberspies use multi-persona impersonation in phishing threads

HTML smuggling campaigns impersonate well-known brands to deliver malware

Interview with Dr. Arun Vishwanath on the Latest Cybersecurity Attacks

Malwarebytes releases Mobile Security for OneView to secure Chromebooks, Android, iOS devices

Luna Moth callback phishing campaign leverages extortion without malware

ChatGPT Security and Privacy Issues Remain in GPT-4

Cybersecurity Snapshot: Tenable Report Warns About Toxic Cloud Exposures, as PwC Study Urges C-Suite Collaboration for Stronger Cyber Resilience

Stay Connected