SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration. Cedric Leighton , CNN Military Analyst; U.S.

Malware 88

Malware Social Engineering Engineering Government 88

The Last Watchdog

NOVEMBER 11, 2024

However, before we get too carried away, it is crucial to explore the symbiotic relationship between AR and cybersecurity. This is primarily because AR is still relatively new and a rapidly evolving technology, which ultimately means that it is bound to bring about unprecedented opportunities, challenges, and even risks to cybersecurity.

Cybersecurity 130

Cybersecurity Social Engineering Technology Threat Detection 130

Tech Republic Security

MARCH 14, 2022

A new social engineering method is spreading this malware, and it’s very easy to fall for. The post Cybersecurity: Attacker uses websites’ contact forms to spread BazarLoader malware appeared first on TechRepublic. Here’s what it’s doing and how to avoid it.

Malware 198

Malware Social Engineering Cybersecurity Engineering 198

Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. “In terms of overall social engineering attacks, the more you have a relationship with someone the more they’re going to trust you,” Donahue said. Don’t be discouraged. dot-gov emails get hacked. .

Hacking 280

Hacking Accountability Government Social Engineering 280

SecureWorld News

FEBRUARY 25, 2025

Artificial intelligence (AI) is transforming industries at an unprecedented pace, and its impact on cybersecurity is no exception. From automating cybersecurity defenses to combatting adversarial AI threats, the report underscores both the power and pitfalls of AI-driven security.

Cybersecurity 98

Cybersecurity Social Engineering Artificial Intelligence Cyber threats 98

Malwarebytes

APRIL 24, 2025

Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. The malware, which cybersecurity company Cleafy calls SuperCard X, uses a feature now found in most Android phones: near-field communication (NFC).

Malware 95

Malware Banking Software Social Engineering 95

SecureWorld News

APRIL 22, 2025

Once control is granted, the attacker can secretly install malware, including infostealers and remote access trojans (RATs), onto the victim's machine. The malware then exfiltrates sensitive data, including cryptocurrency wallet credentials, personal information, and private keys.

Cryptocurrency 92

Cryptocurrency Social Engineering Cybercrime Engineering 92

Krebs on Security

JANUARY 7, 2025

Each participant in the call has a specific role, including: -The Caller: The person speaking and trying to social engineer the target. A tutorial shared by Stotle titled “Social Engineering Script” includes a number of tips for scam callers that can help establish trust or a rapport with their prey.

Phishing 334

Phishing Cryptocurrency Accountability Social Engineering 334

SecureWorld News

NOVEMBER 8, 2023

Social engineering attacks have long been a threat to businesses worldwide, statistically comprising roughly 98% of cyberattacks worldwide. Given the much more psychologically focused and methodical ways that social engineering attacks can be conducted, it makes spotting them hard to do.

Social Engineering 113

Social Engineering Engineering Cyber Attacks Artificial Intelligence 113

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Social Engineering 105

Social Engineering Mobile Authentication Engineering 105

Schneier on Security

APRIL 2, 2024

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. modified the way the software functions.

Social Engineering 357

Social Engineering Engineering Software Encryption 357

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. This command, executed via mshta.exe, downloads and launches various malware families, such as XWorm, Lumma Stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT.

Phishing 65

Phishing Malware Social Engineering Authentication 65

eSecurity Planet

MARCH 3, 2025

In a comprehensive new report, cybersecurity leader CrowdStrike unveiled a rapidly evolving threat landscape that challenges traditional defenses. Notably, 79% of detections were malware-free a reminder that modern adversaries often bypass traditional antivirus defenses by leveraging innovative, non-malware techniques.

Threat Reports 112

Threat Reports Cybercrime Artificial Intelligence Social Engineering 112

SecureWorld News

JANUARY 21, 2025

Just as homeowners rely on services like Pestie to protect their spaces from unwanted intruders, cybersecurity professionals use strategic tools and methods to safeguard their organizations from cyber threats. Let's explore the correlation and what cybersecurity professionals can learn from a simple act like spraying for pests.

CISO 112

CISO Cybersecurity Cyber threats Education 112

The Hacker News

MAY 16, 2024

The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware.

Social Engineering 142

Social Engineering Malware Engineering Accountability 142

Security Boulevard

MARCH 17, 2025

Cyberattacks dont always rely on sophisticated exploits or advanced malware. In reality, many of the most successful breaches stem from simple tactics like phishing emails, social engineering, and exploiting basic security misconfigurations. The post Immutable Cybersecurity Law #12 appeared first on Security Boulevard.

Cybersecurity 52

Cybersecurity Social Engineering Scams Engineering 52

Malwarebytes

DECEMBER 19, 2024

More and more, threat actors are leveraging the browser to deliver malware in ways that can evade detection from antivirus programs. Social engineering is a core part of these schemes and the tricks we see are sometimes very clever. 93 Malware download URLs hxxp[://]topsportracing[.]com/wpnot21 com microsoft.team-chaats[.]com

Social Engineering 102

Social Engineering Engineering Malware Antivirus 102

The Last Watchdog

NOVEMBER 19, 2023

A hacking gang known as Scattered Spiders soundly defeated the cybersecurity defenses of MGM and Caesars casinos. For the moment, hackers appear to have the upper hand in the global chess match between cybersecurity professionals and digital criminals. Scattered Spiders employed a technique known as “MFA Fatigue.”

Social Engineering 310

Social Engineering Passwords Authentication Marketing 310

IT Security Guru

FEBRUARY 25, 2025

The common maxim in cybersecurity is that the industry is always on the back foot. While cybersecurity practitioners build higher walls, adversaries are busy creating taller ladders. MFA Fatigue: The I Give Up Button in Cybersecurity While MFA is extremely effective at preventing unauthorized access, it is not impervious to abuse.

Social Engineering 118

Social Engineering Authentication Risk Accountability 118

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. The comments we received were uniformly insightful and helpful.

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Penetration Testing

APRIL 27, 2025

Threat analysts at Silent Push have uncovered a new campaign orchestrated by the North Korean state-sponsored APT group, The post North Korean APT ‘Contagious Interview’ Launches Fake Crypto Companies to Spread Malware Trio appeared first on Daily CyberSecurity.

Malware 74

Malware Cybersecurity Social Engineering Cyber Attacks 74

Penetration Testing

OCTOBER 19, 2024

A new and dangerous social engineering tactic, dubbed ClickFix, has emerged as a significant cybersecurity threat in 2024, according to a recent report from the Sekoia Threat Detection & Research... The post Beware of Fake Google Meet Invites: ClickFix Campaign Spreading Infostealers appeared first on Cybersecurity News.

Social Engineering 84

Social Engineering Threat Detection Engineering Cybersecurity 84

Malwarebytes

FEBRUARY 4, 2025

A paradigm shift in technology is hurtling towards us, and it could change everything we know about cybersecurity. This warning comes from our 2025 State of Malware report, which compiled a years worth of intelligence to identify the most pressing cyberattacks on the horizon. You can find the full 2025 State of Malware report here.

Artificial Intelligence 144

Artificial Intelligence Small Business Malware Technology 144

SecureWorld News

DECEMBER 17, 2024

This operation, which blends social engineering and technical exploitation, has resulted in the theft of more than 390,000 WordPress credentials. Once executed, this upgrade triggered commands to install the malware payload, compromising the victim's system. Follow SecureWorld News for more stories related to cybersecurity.

Phishing 109

Phishing Threat Detection Social Engineering Cybercrime 109

Krebs on Security

FEBRUARY 17, 2021

In reality, prosecutors say, the programs were malware or downloaded malware after the applications were installed. “ Hidden Cobra ” is the collective handle assigned to the hackers behind the AppleJeus malware.

Cryptocurrency 331

Cryptocurrency Financial Services Banking Government 331

The Last Watchdog

DECEMBER 18, 2024

Part four of our four-part series From cybersecurity skills shortages to the pressures of hybrid work, the challenges facing organizations are at an all-time high. Organizations face rising risks of AI-driven social engineering and personal device breaches.

Risk 173

Risk Threat Detection Technology Phishing 173

Heimadal Security

AUGUST 16, 2024

“Multiple intrusion attempts” have been connected to an ongoing social engineering campaign purportedly tied to the Black Basta ransomware group, which aims to steal credentials and install a malware dropper named SystemBC. What Do We Know About the Operation?

Malware 110

Malware Social Engineering Engineering Ransomware 110

Penetration Testing

MARCH 15, 2025

A sophisticated phishing campaign impersonating Booking.com is targeting organizations in the hospitality industry, using a novel social engineering The post Booking.com Impersonated in Phishing Campaign Delivering Credential-Stealing Malware appeared first on Cybersecurity News.

Phishing 42

Phishing Malware Social Engineering Engineering 42

Tech Republic Security

FEBRUARY 26, 2024

Identity-based and social engineering attacks still take center stage, according to the CrowdStrike 2024 Global Threat Report.

Threat Reports 200

Threat Reports Social Engineering Engineering Phishing 200

The Hacker News

APRIL 26, 2024

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors.

Software 141

Software Social Engineering Malware Engineering 141

eSecurity Planet

APRIL 8, 2025

Built for offense, not defense Cybersecurity firm SlashNext refers to it as the next evolution of black-hat AI. Xanthorox reasoner advanced mimics human reasoning, helping attackers craft more believable phishing messages or manipulate targets through social engineering. But this isnt just another tweaked version of a chatbot.

Social Engineering 110

Social Engineering Phishing Engineering Education 110

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Follow SecureWorld News for more stories related to cybersecurity.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach.

Social Engineering 288

Social Engineering Phishing Engineering Accountability 288

Tech Republic Security

MAY 23, 2024

Find out how Grandoreiro banking trojan campaigns work and the countries targeted, as well as how to mitigate this malware threat.

Banking 191

Banking Malware Social Engineering Cryptocurrency 191

Tech Republic Security

NOVEMBER 9, 2023

A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.

Cybersecurity 214

Cybersecurity Malware Big data Social Engineering 214

Malwarebytes

MARCH 10, 2025

I realize that may sound like something trivial to steer clear from, but apparently its not because the social engineering behind it is pretty sophisticated. Use an active anti-malware solution that blocks malicious websites and scripts. We have seen mp3, mp4, jpg, jpeg, swf, html, and there will be other possibilities.

Social Engineering 140

Social Engineering Media Scams Malware 140

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime 138

Cybercrime Social Engineering Accountability Government 138