Engineering and Social Engineering - Cyber Security Informer

Clever Social Engineering Attack Using Captchas

Schneier on Security

SEPTEMBER 20, 2024

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line.

Social Engineering

Social Engineering Engineering Phishing Malware

New cybersecurity data reveals persistent social engineering vulnerabilities

Tech Republic Security

FEBRUARY 8, 2023

The post New cybersecurity data reveals persistent social engineering vulnerabilities appeared first on TechRepublic. Ransomware was down last year, though LockBit led threat actors and employees opened a third of the toxic emails in the last six months of 2022.

Social Engineering

Social Engineering Engineering Cybersecurity Ransomware

Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware

Tech Republic Security

DECEMBER 12, 2023

Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. Get the details.

Social Engineering

Social Engineering Engineering Malware Big data

The Mad Liberator ransomware group uses social-engineering techniques

Security Affairs

AUGUST 18, 2024

Mad Liberator employs social engineering techniques to gain access to the victim’s environment, specifically targeting organizations using remote access tools like Anydesk. However, the social-engineering tactics the group used in the case described above are noteworthy – but they are not unique.

Social Engineering

Social Engineering Engineering Ransomware Cybercrime

ReliaQuest Uncovers New Black Basta Social Engineering Technique

Digital Shadows

OCTOBER 25, 2024

During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” There has been a significant rise in ransomware actors using social engineering techniques to gain unauthorized access to sensitive systems and data.

Social Engineering

Social Engineering Engineering Phishing Accountability

Onsite Social Engineering: Tribe Mentality

Security Through Education

NOVEMBER 4, 2024

Let me tell you about possibly my favorite onsite social engineering team engagement I have ever done! So, before we start, what exactly is tribe mentality, and why is it important to social engineering ? So, before we start, what exactly is tribe mentality, and why is it important to social engineering ?

Social Engineering

Social Engineering Engineering Firewall Education

Investigating the Navalny Poisoning

Schneier on Security

DECEMBER 23, 2020

Navalny got a confession out of one of the poisoners, displaying some masterful social engineering. Bellingcat has investigated the near-fatal poisoning of Alexey Navalny by the Russian GRU back in August. The details display some impressive traffic analysis. Lots of interesting opsec details in all of this.

Social Engineering

Social Engineering Engineering

Black Basta Ransomware Group Elevates Social Engineering with Microsoft Teams and Malicious QR Codes

Penetration Testing

OCTOBER 27, 2024

The ReliaQuest Threat Research Team uncovered an intensified social engineering campaign tied to the ransomware group Black Basta.

Social Engineering

Social Engineering Engineering Ransomware Cybersecurity

F5 Warns Australian IT of Social Engineering Risk Escalation Due to Generative AI

Tech Republic Security

OCTOBER 11, 2023

F5 says an artificial intelligence war could start between generative AI-toting bad actors and enterprises guarding data with AI. Australian IT teams will be caught in the crossfire.

Social Engineering

Social Engineering Artificial Intelligence Engineering Risk

Many Cyber Attacks Begin by Breaking Human Trust

Lohrman on Security

OCTOBER 1, 2023

Sophisticated social engineering attacks have led to hundreds of data breaches this year. What can be done? And what new resources can help?

Cyber Attacks

Cyber Attacks Social Engineering Data breaches Engineering

UAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense Industrial Base

Penetration Testing

DECEMBER 10, 2024

The attacks, attributed to... The post UAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense Industrial Base appeared first on Cybersecurity News.

Social Engineering

Social Engineering Engineering Phishing Cybersecurity

xz Utils Backdoor

Schneier on Security

APRIL 2, 2024

An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. The cybersecurity world got really lucky last week. modified the way the software functions.

Social Engineering

Social Engineering Engineering Software Encryption

Using Legitimate GitHub URLs for Malware

Schneier on Security

APRIL 22, 2024

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

Malware

Malware Social Engineering Engineering Software

Python Developers Targeted with Malware During Fake Job Interviews

Schneier on Security

SEPTEMBER 17, 2024

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware.

Malware

Malware Social Engineering Engineering Hacking

Over 600,000 Personal Records Exposed by Data Broker

Tech Republic Security

DECEMBER 3, 2024

The exposed database creates opportunities for staging convincing phishing and social engineering attacks, among other issues.

Social Engineering

Social Engineering Engineering Phishing Cybersecurity

Hackers Stole Access Tokens from Okta’s Support Unit

Krebs on Security

OCTOBER 20, 2023

BeyondTrust’s security team detected that someone was trying to use an Okta account assigned to one of their engineers to create an all-powerful administrator account within their Okta environment. He said that on Oct 2.,

Social Engineering

Social Engineering Engineering Accountability Hacking

CrowdStrike 2024 Global Threat Report: 6 Key Takeaways

Tech Republic Security

FEBRUARY 26, 2024

Identity-based and social engineering attacks still take center stage, according to the CrowdStrike 2024 Global Threat Report.

Threat Reports

Threat Reports Social Engineering Engineering Phishing

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Joseph Steinberg

OCTOBER 24, 2022

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window.

Cybersecurity

Cybersecurity Social Engineering Artificial Intelligence Scams

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. The agencies said crooks use the vished VPN credentials to mine the victim company databases for their customers’ personal information to leverage in other attacks.

VPN

VPN Social Engineering Authentication Engineering

Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC)

Tech Republic Security

AUGUST 23, 2024

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.

Social Engineering

Social Engineering Malware Engineering Banking

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

The Last Watchdog

NOVEMBER 19, 2023

Using routine social engineering strategies, the cyber-thieves gathered information about key employees. Professional networking and social media platforms continue to prove a rich landscape for phone numbers, locations, hobbies, dates of birth, family members, and friendships.

Social Engineering

Social Engineering Passwords Authentication Marketing

New Bluetooth Vulnerability

Schneier on Security

SEPTEMBER 17, 2020

The only way to protect against BLURtooth attacks is to control the environment in which Bluetooth devices are paired, in order to prevent man-in-the-middle attacks, or pairings with rogue devices carried out via social engineering (tricking the human operator). However, patches are expected to be available at one point.

Authentication

Authentication Social Engineering Firmware Engineering

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing

Phishing VPN Social Engineering Media

Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

The Hacker News

DECEMBER 17, 2024

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An

Social Engineering

Social Engineering Malware Engineering

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

In response to questions from KrebsOnSecurity, GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam. GoDaddy said the outage between 7:00 p.m. and 11:00 p.m. PST on Nov.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

The Original APT: Advanced Persistent Teenagers

Krebs on Security

APRIL 6, 2022

The actors used social engineering techniques and, in some cases, posed as members of the victim company’s IT help desk, using their knowledge of the employee’s personally identifiable information—including name, position, duration at company, and home address—to gain the trust of the targeted employee.” ” SMASH & GRAB.

Social Engineering

Social Engineering Phishing Engineering Accountability

Do Not Post Your COVID-19 Vaccination Card On Social Media

Joseph Steinberg

FEBRUARY 11, 2021

Perhaps even scarier is the possibility that, if you share a photo of your vaccine card, a criminal may use the information to social engineer you (or a family member, co-worker, etc.)

Media

Media Artificial Intelligence Social Engineering Manufacturing

Mobile Device Security Policy

Tech Republic Security

JANUARY 31, 2024

In addition, the same social engineering, phishing and application/operating system vulnerabilities which plague desktops. Mobile devices are commonly used to conduct company business, which can render them more susceptible to risk than desktop or even laptop computers.

Mobile

Mobile Social Engineering Engineering Phishing

8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play

The Hacker News

DECEMBER 2, 2024

These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which

Social Engineering

Social Engineering Malware Mobile Engineering

Malware Response Checklist

Tech Republic Security

FEBRUARY 15, 2024

Whether an infection is the result of a disgruntled employee, hardware vulnerability, software-based threat, social engineering penetration, robotic attack or human error, all organizations must be prepared to immediately respond effectively to such an issue if the corresponding damage is to be minimized.

Malware

Malware Social Engineering Engineering Software

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

The Hacker News

NOVEMBER 23, 2024

The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period.

Social Engineering

Social Engineering Scams Cryptocurrency Malware

Trojaned Windows Installer Targets Ukraine

Schneier on Security

DECEMBER 20, 2022

The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

Social Engineering

Social Engineering Engineering Software Government

Identity Phishing: Using Legitimate Cloud Services to Steal User Access

Security Boulevard

DECEMBER 5, 2024

Identity phishing doesn’t just lead to data theft – it can also lead to financial fraud, targeted social engineering attacks and lateral movement across endpoints. The post Identity Phishing: Using Legitimate Cloud Services to Steal User Access appeared first on Security Boulevard.

Phishing

Phishing Social Engineering Engineering Security Awareness

A Closer Look at the LAPSUS$ Data Extortion Group

Krebs on Security

MARCH 23, 2022

Microsoft says LAPSUS$ — which it boringly calls “ DEV-0537 ” — mostly gains illicit access to targets via “social engineering.” ” This involves bribing or tricking employees at the target organization or at its myriad partners, such as customer support call centers and help desks.

Social Engineering

Social Engineering Accountability Mobile Passwords

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. Twilio disclosed in Aug. LastPass said criminal hackers had stolen encrypted copies of some password vaults, as well as other personal information.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

MY TAKE: Why email security desperately needs retooling in this post-Covid 19, GenAI era

The Last Watchdog

APRIL 2, 2024

It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering. Some 74 percent of cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.

Social Engineering

Social Engineering Technology Engineering Accountability

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

The Hacker News

MAY 7, 2024

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments.

Social Engineering

Social Engineering Media Engineering Hacking

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

The Hacker News

JULY 29, 2024

This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems," Trellix security researcher Rafael Pena said in a Monday analysis. The cybersecurity

Phishing

Phishing Social Engineering Scams Engineering

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

The Hacker News

MAY 16, 2024

The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware.

Social Engineering

Social Engineering Malware Engineering Accountability

Bogus npm Packages Used to Trick Software Developers into Installing Malware

The Hacker News

APRIL 26, 2024

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors.

Software

Software Social Engineering Malware Engineering

Redline Stealer Malware Evolves with Sneaky New Tricks, Spreads Globally

Penetration Testing

APRIL 17, 2024

McAfee Labs researchers have uncovered a dangerous new variant of the Redline Stealer malware that uses clever obfuscation tactics and aggressive social engineering to trick victims and evade detection.

Penetration Testing

Penetration Testing Malware Social Engineering Engineering

Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks

The Hacker News

MAY 15, 2024

The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks.

Social Engineering

Social Engineering Ransomware Engineering

Happy 11th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2020

In almost every category — from epic breaches and ransomware to cybercrime justice and increasingly aggressive phishing and social engineering scams — 2020 was a year that truly went to eleven. But it was hardly a dull one for computer security news junkies.

Scams

Scams Social Engineering Cybercrime Advertising

Clever Social Engineering Attack Using Captchas

New cybersecurity data reveals persistent social engineering vulnerabilities

Trending Sources

Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware

The Mad Liberator ransomware group uses social-engineering techniques

ReliaQuest Uncovers New Black Basta Social Engineering Technique

Onsite Social Engineering: Tribe Mentality

Investigating the Navalny Poisoning

Black Basta Ransomware Group Elevates Social Engineering with Microsoft Teams and Malicious QR Codes

F5 Warns Australian IT of Social Engineering Risk Escalation Due to Generative AI

Many Cyber Attacks Begin by Breaking Human Trust

UAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense Industrial Base

xz Utils Backdoor

Using Legitimate GitHub URLs for Malware

Python Developers Targeted with Malware During Fake Job Interviews

Over 600,000 Personal Records Exposed by Data Broker

Hackers Stole Access Tokens from Okta’s Support Unit

CrowdStrike 2024 Global Threat Report: 6 Key Takeaways

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC)

When Low-Tech Hacks Cause High-Impact Breaches

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

New Bluetooth Vulnerability

Voice Phishers Targeting Corporate VPNs

Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

The Original APT: Advanced Persistent Teenagers

Do Not Post Your COVID-19 Vaccination Card On Social Media

Mobile Device Security Policy

8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play

Malware Response Checklist

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Trojaned Windows Installer Targets Ukraine

Identity Phishing: Using Legitimate Cloud Services to Steal User Access

A Closer Look at the LAPSUS$ Data Extortion Group

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

MY TAKE: Why email security desperately needs retooling in this post-Covid 19, GenAI era

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

Bogus npm Packages Used to Trick Software Developers into Installing Malware

Redline Stealer Malware Evolves with Sneaky New Tricks, Spreads Globally

Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks

Happy 11th Birthday, KrebsOnSecurity!

Stay Connected