Hacking and Social Engineering - Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

Social engineering: A cheat sheet for business professionals

Tech Republic Security

MAY 29, 2020

People, like computers, can be hacked using a process called social engineering, and there's a good chance a cybersecurity attack on your organization could start with this technique.

Social Engineering

Social Engineering Engineering Hacking Cybersecurity

North Korean Hackers Steal $1.5B in Cryptocurrency

Schneier on Security

FEBRUARY 25, 2025

” More : This hack sets a new precedent in crypto security by bypassing a multisig cold wallet without exploiting any smart contract vulnerability. The Bybit hack has shattered long-held assumptions about crypto security. This attack proves that UI manipulation and social engineering can bypass even the most secure wallets.

Cryptocurrency

Cryptocurrency Social Engineering Hacking Engineering

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

“Cloaks attack strategy involves acquiring network access through Initial Access Brokers (IABs) or social engineering methods such as phishing, malvertising, exploit kits, and drive-by downloads disguised as legitimate updates like Microsoft Windows installers.” ” reads a report published by Halcyon.

Ransomware

Ransomware Hacking Social Engineering VPN

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

Hacking

Hacking Social Engineering Phishing Scams

The Mad Liberator ransomware group uses social-engineering techniques

Security Affairs

AUGUST 18, 2024

Mad Liberator employs social engineering techniques to gain access to the victim’s environment, specifically targeting organizations using remote access tools like Anydesk. However, the social-engineering tactics the group used in the case described above are noteworthy – but they are not unique.

Social Engineering

Social Engineering Engineering Ransomware Cybercrime

Ô! China Hacks Canada too, Says CCCS

Security Boulevard

NOVEMBER 1, 2024

China Hacks Canada too, Says CCCS appeared first on Security Boulevard. Plus brillants exploits: Canadian Centre for Cyber Security fingers Chinese state sponsored hackers. The post Ô!

Hacking

Hacking Social Engineering Cyber Attacks Data privacy

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Each participant in the call has a specific role, including: -The Caller: The person speaking and trying to social engineer the target. A tutorial shared by Stotle titled “Social Engineering Script” includes a number of tips for scam callers that can help establish trust or a rapport with their prey.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Social engineering attacks target Okta customers to achieve a highly privileged role

Security Affairs

SEPTEMBER 2, 2023

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions.

Social Engineering

Social Engineering Engineering Authentication Accountability

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Cybercrime Phishing Passwords

Python Developers Targeted with Malware During Fake Job Interviews

Schneier on Security

SEPTEMBER 17, 2024

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware.

Malware

Malware Social Engineering Engineering Hacking

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. police as part of an FBI investigation into the MGM hack. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Twitter Hacking for Profit and the LoLs

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. ” Twice in the past year, the OGUsers forum was hacked , and both times its database of usernames, email addresses and private messages was leaked online.

Hacking

Hacking Accountability Scams Media

Instagram Hacked: Top 5 Ways to Protect Your Account

Hacker's King

DECEMBER 26, 2024

While hacking attempts continue to evolve, so do the strategies to secure your account. Here are five distinct ways to safeguard your Instagram from being hacked, with fresh insights you wont find elsewhere. Common Social Engineering Techniques: Fake messages from accounts posing as Instagram support.

Accountability

Accountability Hacking Social Engineering Passwords

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

The Last Watchdog

MARCH 28, 2025

Mar 28, 2025, CyberNewswire — From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Palo Alto, Calif.,

Antivirus

Antivirus Ransomware Social Engineering Engineering

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Joseph Steinberg

OCTOBER 24, 2022

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window.

Cybersecurity

Cybersecurity Social Engineering Artificial Intelligence Scams

Hackers Stole Access Tokens from Okta’s Support Unit

Krebs on Security

OCTOBER 20, 2023

The disclosure from Okta comes just weeks after casino giants Caesar’s Entertainment and MGM Resorts were hacked. In both cases, the attackers managed to social engineer employees into resetting the multi-factor login requirements for Okta administrator accounts.

Social Engineering

Social Engineering Engineering Accountability Hacking

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Security Affairs

JANUARY 21, 2025

” Threat actors are attempting to use social engineering techniques by exploiting the trust of local entities in the authority. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Ukraine)

Social Engineering

Social Engineering Scams Engineering Software

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

Rather than using advanced hacking techniques, they exploited systems with default credentials to compromise target networks. Observed ChatGPT behavior mainly involved reconnaissance, threat actors used the OpenAI’s platform to seek info on companies, services, and vulnerabilities, similar to search engine queries.

Malware

Malware Social Engineering Engineering Hacking

North Korean Hackers Hone Social Engineering Skills, Abuse DMARC to Target Foreign Policy Experts

Penetration Testing

APRIL 16, 2024

A newly released report from cybersecurity leaders at Proofpoint paints a chilling picture of North Korean hacking operations reaching new levels of sophistication.

Social Engineering

Social Engineering Engineering Penetration Testing Government

15 SpyLoan Android apps found on Google Play had over 8 million installs

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Google Play)

Social Engineering

Social Engineering Media Mobile Scams

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

SecureWorld News

FEBRUARY 15, 2024

Uncovered by cybersecurity firm Group-IB , GoldPickaxe exists in both Android and iOS versions and was developed by a suspected Chinese hacking group called "GoldFactory." The hackers rely heavily on social engineering tactics to distribute the malware.

Social Engineering

Social Engineering Mobile Authentication Engineering

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses. ” reads the press release published by DoJ.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

FBI Warns of Cyber Attacks on Multi-Factor Authentication

Adam Levin

OCTOBER 8, 2019

In a Private Industry Notification (PIN), the FBI warned businesses that “cyber actors” had been observed, “circumventing multi-factor authentication through common social engineering and technical attacks.” The methods used were SIM swapping , phishing , and newer hacking tools such as Muraena and Necrobrowser.

Authentication

Authentication Cyber Attacks Social Engineering Engineering

The Original APT: Advanced Persistent Teenagers

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. In fact, the group often announces its hacks on social media.

Social Engineering

Social Engineering Phishing Engineering Accountability

Score an extra 15% discount on this cyber analysis training on sale ahead of Black Friday

Tech Republic Security

NOVEMBER 12, 2021

Eight courses and 51 hours of content on CompTIA CySA+, ethical hacking, social engineering and more. Everything you need to be a certified cybersecurity analyst.

Social Engineering

Social Engineering Engineering Hacking Cybersecurity

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing

Phishing VPN Social Engineering Media

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

The Last Watchdog

NOVEMBER 19, 2023

A hacking gang known as Scattered Spiders soundly defeated the cybersecurity defenses of MGM and Caesars casinos. Scattered spiders In early September, Scattered Spiders infiltrated MGM and Caesars using a variety of relatively common hacking techniques.

Social Engineering

Social Engineering Passwords Authentication Marketing

xz Utils Backdoor

Schneier on Security

APRIL 2, 2024

Installing it was a multi-year process that seems to have involved social engineering the lone unpaid engineer in charge of the utility. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware. It was an incredibly complex backdoor.

Social Engineering

Social Engineering Engineering Software Encryption

U.S. authorities charged an Iranian national for long-running hacking campaign

Security Affairs

MARCH 2, 2024

Department of Justice (DoJ) charged Iranian national Alireza Shafie Nasab (39) for multi-year hacking campaign targeting U.S. Our National Security Cyber Section remains focused on disputing these cross-border hacking schemes and holding those responsible to account.” government and defense entities. Targeted entities include the U.S.

Hacking

Hacking Identity Theft Social Engineering Accountability

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Security Affairs

OCTOBER 29, 2024

The experts noticed that Civil Defense website employs social engineering tactics to trick users into installing APK outside the App Store. “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, UNC5812)

Malware

Malware Social Engineering Software Mobile

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

Threat actors relies on social engineering tactics like ClickFix and FakeCaptcha to trick users into executing malicious scripts via PowerShell or Run prompts. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, malware)

Encryption

Encryption Password Management Cryptocurrency Social Engineering

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. The big names that pioneered in these targeted attacks are Sodinokibi (aka REvil) and Ryuk. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

Ueland said after hearing about the escrow.com hack Monday evening he pulled the domain name system (DNS) records for escrow.com and saw they were pointing to an Internet address in Malaysia — 111.90.149[.]49 com was identical to the one displayed by escrow.com while the site’s DNS records were hacked.

Phishing

Phishing DNS Social Engineering Accountability

Instagram Hacked: Steps to Prevent Data Breaches

Hacker's King

DECEMBER 28, 2024

Instagram is a top social media platform with over 2 billion active users, making it a prime target for hackers. Data breaches and account hacks are a growing concern for users, especially with the personal and professional information shared on the platform.

Data breaches

Data breaches Hacking Passwords Accountability

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. Here’s what I took away from our discussion: Transient hacks. One tried-and-true incursion method pivots off social engineering.

Hacking

Hacking Energy and Utilities System Administration Accountability

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

Security Affairs

DECEMBER 1, 2024

Through Zyxel! Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter )

Malware

Malware Social Engineering Antivirus Engineering

2020 Likely To Break Records for Breaches

Adam Levin

JULY 10, 2020

Phishing scams skyrocketed as citizens self-isolated during the lockdown, and social-engineering schemes defrauded Internet users of millions.”. million customers of MGM Resorts was found posted on a hacking forum. MGM Resorts (10.6 Marriott (5.2

Data breaches

Data breaches Social Engineering Antivirus Scams

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

The Hacker News

MAY 7, 2024

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments.

Social Engineering

Social Engineering Media Engineering Hacking

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

The Hacker News

MAY 16, 2024

The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware.

Social Engineering

Social Engineering Malware Engineering Accountability

Okta discloses a new data breach after a third-party vendor was hacked

Security Affairs

NOVEMBER 2, 2023

In early September, Okta warned customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions. In December 2022, the American identity and access management giant revealed that its private GitHub repositories were hacked.

Data breaches

Data breaches Hacking Social Engineering Healthcare

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Security Affairs

MARCH 10, 2025

Using this social engineering trick, threats like stealers, RATs, Trojans, and crypto miners can persist undetected. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,SilentCryptoMiner) Common malware families include NJRat , XWorm, Phemedrone , and DCRat.

Cryptocurrency

Cryptocurrency Malware Social Engineering Antivirus

Russia Hacks Ukraine, Ukraine Hacks Russia — Day#658

Security Boulevard

DECEMBER 13, 2023

The post Russia Hacks Ukraine, Ukraine Hacks Russia — Day#658 appeared first on Security Boulevard. When will it end? Russia takes down Kyivstar cellular system, Ukraine destroys Russian tax system.

Hacking

Hacking Digital transformation Social Engineering Data privacy

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Social engineering: A cheat sheet for business professionals

Trending Sources

North Korean Hackers Steal $1.5B in Cryptocurrency

Cloak ransomware group hacked the Virginia Attorney General’s Office

When Low-Tech Hacks Cause High-Impact Breaches

The Mad Liberator ransomware group uses social-engineering techniques

Ô! China Hacks Canada too, Says CCCS

A Day in the Life of a Prolific Voice Phishing Crew

Social engineering attacks target Okta customers to achieve a highly privileged role

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Python Developers Targeted with Malware During Fake Job Interviews

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Twitter Hacking for Profit and the LoLs

Instagram Hacked: Top 5 Ways to Protect Your Account

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Hackers Stole Access Tokens from Okta’s Support Unit

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Iran and China-linked actors used ChatGPT for preparing attacks

North Korean Hackers Hone Social Engineering Skills, Abuse DMARC to Target Foreign Policy Experts

15 SpyLoan Android apps found on Google Play had over 8 million installs

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

FBI Warns of Cyber Attacks on Multi-Factor Authentication

The Original APT: Advanced Persistent Teenagers

Score an extra 15% discount on this cyber analysis training on sale ahead of Black Friday

Voice Phishers Targeting Corporate VPNs

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

xz Utils Backdoor

U.S. authorities charged an Iranian national for long-running hacking campaign

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Instagram Hacked: Steps to Prevent Data Breaches

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

2020 Likely To Break Records for Breaches

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

Okta discloses a new data breach after a third-party vendor was hacked

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Russia Hacks Ukraine, Ukraine Hacks Russia — Day#658

Stay Connected