SecureWorld News

FEBRUARY 15, 2024

The hackers rely heavily on social engineering tactics to distribute the malware. Once installed, GoldPickaxe can harvest facial scans and identity documents, intercept text messages, and more. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Social Engineering 100

Social Engineering Mobile Authentication Engineering 100

SecureWorld News

OCTOBER 12, 2021

Navy insider threat case revealed in court documents. SecureWorld News just analyzed dozens of pages of court documents to understand this story of the Naval Engineer—an insider—who is accused of going rogue in a high-tech and high-stakes operation. Court documents do not reveal which country was he trying to sell to.

Social Engineering 98

Social Engineering Engineering Encryption Cryptocurrency 98

Krebs on Security

NOVEMBER 21, 2020

In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.” “Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees. ” In the early morning hours of Nov.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

Krebs on Security

JUNE 13, 2023

“Gaining access to sensitive and privileged documents, stealing and deleting documents as part of a ransomware attack or replacing real documents with malicious copies to further infect users in the organization.” ” There are at least three other vulnerabilities fixed this month that earned a collective 9.8

Social Engineering 262

Social Engineering System Administration Authentication Internet 262

Krebs on Security

APRIL 9, 2024

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

DNS 301

DNS Social Engineering Malware Media 301

CyberSecurity Insiders

MAY 11, 2023

Intro In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. OneNote documents have emerged as a new infection vector, which contain malicious code that executes when the document is interacted with. However, the best defense is always prevention.

Malware 98

Malware Social Engineering Engineering Education 98

Security Boulevard

JULY 10, 2024

Google and Apple look to give users better protections against social engineering attacks like phishing, with Google giving high-risk users access to the APP service with a passkey and Apple educating users about the threats with a detailed support document in the wake of a recent smishing campaign.

Social Engineering 122

Social Engineering Education Engineering Phishing 122

Penetration Testing

APRIL 1, 2025

The Gootloader malware has resurfaced with a fresh campaign that blends old-school social engineering with modern ad-based delivery. The post Gootloader Returns with Fake Legal Document Lure via Google Ads appeared first on Daily CyberSecurity.

Social Engineering 60

Social Engineering Engineering Malware Cybersecurity 60

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. ” Like LAPSUS$, these vishers just kept up their social engineering attacks until they succeeded.

Social Engineering 289

Social Engineering Phishing Engineering Accountability 289

Webroot

MARCH 3, 2025

Medical identity theft Medical identity theft happens when someone steals or uses your personal information like your name, Social Security number, or Medicare details, to get healthcare in your name. Social engineering attacks Social engineering attacks occur when someone uses a fake persona to gain your trust.

Consumer Protection 84

Consumer Protection Identity Theft Scams Social Engineering 84

The Hacker News

JULY 30, 2021

The attacks — dubbed "BazaCall" — eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are

Social Engineering 130

Social Engineering Ransomware Engineering Malware 130

Krebs on Security

DECEMBER 14, 2022

The vulnerability allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web,” despite being downloaded from untrusted sites. ” Speaking of malicious documents, Trend Micro’s Zero Day Initiative highlights CVE-2022-44713 , a spoofing vulnerability in Outlook for Mac.

Social Engineering 237

Social Engineering Ransomware Software Engineering 237

Krebs on Security

MAY 14, 2024

“CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said.

Social Engineering 274

Social Engineering Backups Malware Software 274

Krebs on Security

APRIL 20, 2023

Mandiant , Proofpoint and other experts say Lazarus has long used these bogus LinkedIn profiles to lure targets into opening a malware-laced document that is often disguised as a job offer. The malware was found inside of a document that offered an employment contract at the multinational bank HSBC. Microsoft Corp.

Malware 328

Malware Software Technology Accountability 328

Bleeping Computer

FEBRUARY 15, 2024

A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. [.]

Social Engineering 112

Social Engineering Banking Malware Engineering 112

The Hacker News

SEPTEMBER 5, 2024

The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed

Penetration Testing 107

Penetration Testing Social Engineering Malware Engineering 107

Krebs on Security

AUGUST 26, 2020

For several years beginning around 2010, a lone teenager in Vietnam named Hieu Minh Ngo ran one of the Internet’s most profitable and popular services for selling “ fullz ,” stolen identity records that included a consumer’s name, date of birth, Social Security number and email and physical address.

Identity Theft 355

Identity Theft Computers and Electronics Hacking Accountability 355

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. As documented by Group-IB, the group pivoted from its access to Twilio to attack at least 163 of its customers. Twilio disclosed in Aug.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

Heimadal Security

JULY 15, 2022

Researchers have uncovered a new phishing kit that, under the guise of security controls, injects malware into legitimate WordPress sites and uses a fake PayPal-branded social engineering scam to trick targets into handing over their most sensitive data. This data includes government documents, photos, and even financial information.

Phishing 111

Phishing Social Engineering Scams Engineering 111

SecureWorld News

DECEMBER 30, 2024

Be sure to secure server rooms, document archives, and other sensitive areas that could be involved in the incident. Social engineering techniques enable them to bypass technical security measures effectively. Physical security must also be addressed.

Data breaches 108

Data breaches Social Engineering Passwords Accountability 108

The Hacker News

FEBRUARY 20, 2023

The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign. Previously documented intrusions have entailed the use of watering holes

Social Engineering 106

Social Engineering Engineering Malware 106

eSecurity Planet

OCTOBER 3, 2022

PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer have been backdoored to perform a wide range of social engineering campaigns that started in April 2022. Targets were encouraged to apply for open positions in legitimate companies. Also read: How Hackers Evade Detection.

Software 130

Software Social Engineering Engineering Phishing 130

Security Affairs

SEPTEMBER 5, 2020

“Another social engineering technique the threat actor uses to lure the employee into interacting with the email is giving the messages urgency, asking the recipient to review them or they will be deleted after three days.” ” continues the report.

Social Engineering 145

Social Engineering Phishing Engineering Advertising 145

SC Magazine

MAY 11, 2021

AWS System Manager (SSM) misconfigurations led to the potential exposure of more than 5 million documents with personally identifiable information and credit card transactions on more than 3,000 SSM documents. AWS SSM documents contain the operations that an AWS systems manager performs on a company’s cloud assets.

Backups 140

Backups Social Engineering Encryption Media 140

Malwarebytes

NOVEMBER 21, 2023

In an interesting new development, AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake’ This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system.

Social Engineering 137

Social Engineering Engineering Passwords Malware 137

SecureWorld News

MARCH 17, 2025

Although there remains some ambiguity over whether ransomware was employed, the Play ransomware gang later claimed responsibility , alleging that sensitive data, such as payroll records, contracts, tax documents, and customer financial information, was exfiltrated. You also need a clear and well-practiced incident response plan in place.

Cyber Attacks 107

Cyber Attacks Digital transformation Threat Detection Penetration Testing 107

The Hacker News

APRIL 17, 2022

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information.

Malware 99

Malware Social Engineering Government Hacking 99

Heimadal Security

JUNE 8, 2023

Kimsuky, the notorious North Korean nation-state threat actor, has been linked to a social engineering campaign targeting experts on North Korean affairs in order to steal Google credentials and deliver reconnaissance malware.

Social Engineering 101

Social Engineering Engineering Malware Cybersecurity 101

CSO Magazine

AUGUST 10, 2022

By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems. To read this article in full, please click here

Social Engineering 106

Social Engineering Engineering Phishing 106

Security Affairs

OCTOBER 19, 2023

During the reporting period, key findings include: DDoS and ransomware rank the highest among the prime threats, with social engineering, data related threats, information manipulation, supply chain, and malware following.

Social Engineering 133

Social Engineering Artificial Intelligence Engineering Ransomware 133

CyberSecurity Insiders

OCTOBER 14, 2021

This gang of cybercriminals targets individuals within an organization with social engineering tactics designed to fool them into opening a document from a ZIP file attached to an email. How do hackers use social engineering? They have been known to use a Word or Excel document within a ZIP file.

Ransomware 133

Ransomware Social Engineering Engineering Phishing 133

eSecurity Planet

FEBRUARY 24, 2022

Great documentation and easy to learn. Provides a complete documentation. Great documentation. BeEF , or Browser Exploitation Framework, makes classic tasks such as enumeration, phishing, or social engineering seamless. Supports multiple programming and scripting languages. Easy to learn and use.

Penetration Testing 139

Penetration Testing Social Engineering Passwords Phishing 139

Krebs on Security

MARCH 29, 2022

Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

Accountability 292

Accountability Government Hacking Social Engineering 292

Security Affairs

JULY 9, 2021

Most of the malspam campaigns leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. The attack chain starts with a spam message using a Microsoft Word document that once opened, downloaded a password-protected Microsoft Excel file from a remote server.

Social Engineering 118

Social Engineering Banking Engineering Passwords 118

Malwarebytes

MARCH 22, 2023

Opening the attachment up reveals a Word document called W-9 form.doc This file’s size is 548,164 KB (548 MB), which is very suspicious. You won’t find many genuine Word documents weighing in at 500MB or more. Opening the document quickly becomes a game of Macro-related risk. This is no exception. File early.

Malware 98

Malware Scams Social Engineering Banking 98

Digital Shadows

OCTOBER 23, 2024

The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. Leveraging its English proficiency, the collective uses social engineering for initial access. Within six hours, the attacker began encrypting the organization’s systems.

Social Engineering 122

Social Engineering Engineering Accountability Backups 122

Malwarebytes

JULY 19, 2022

The data it’s after includes government documents like passport, as well as selfie photos. It also encourages victims to upload official government documents, such as a passport, driver’s license, or national ID, to secure the account. ” Phishing, in general, has come a long way. .

Phishing 118

Phishing Social Engineering Accountability Engineering 118