Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 360

Phishing VPN Social Engineering Media 360

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla., Twilio disclosed in Aug.

Social Engineering 340

Social Engineering Mobile Passwords Cybercrime 340

SecureList

FEBRUARY 26, 2024

The most common threat to mobile devices was adware: 40.8% million malicious installation packages, 154,000 of these containing a mobile banking Trojan. The year’s trends Malware, adware, and riskware attacks on mobile devices dipped in February, only to rise steadily until the end of the year. of all threats detected.

Mobile 135

Mobile Malware Adware Banking 135

Krebs on Security

MARCH 23, 2022

Microsoft says LAPSUS$ — which it boringly calls “ DEV-0537 ” — mostly gains illicit access to targets via “social engineering.” Sources tell KrebsOnSecurity that LAPSUS$ has been recruiting insiders via multiple social media platforms since at least November 2021.

Social Engineering 327

Social Engineering Accountability Mobile Passwords 327

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 309

Hacking Social Engineering Phishing Scams 309

Tech Republic Security

AUGUST 23, 2024

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.

Social Engineering 205

Social Engineering Malware Engineering Banking 205

Krebs on Security

DECEMBER 18, 2024

A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

Cryptocurrency 358

Cryptocurrency Accountability Authentication Phishing 358

Security Boulevard

APRIL 16, 2024

The post SIM Swappers Try Bribing T-Mobile and Verizon Staff $300 appeared first on Security Boulevard. Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication.

Mobile 132

Mobile Authentication Social Engineering Wireless 132

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. In an Aug.

Mobile 329

Mobile Phishing Authentication Accountability 329

Appknox

AUGUST 7, 2022

Unfortunately, because of widespread misconceptions, several businesses still don't understand the true potential of pen testing and refrain from using it to ensure mobile app security. However, this article will clear those myths and help you with a reality check on penetration testing for mobile applications.

Penetration Testing 131

Penetration Testing Mobile Engineering Small Business 131

Security Affairs

AUGUST 23, 2024

Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs).

Phishing 132

Phishing Mobile Banking Social Engineering 132

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. YOUR CREDIT FILES.

Accountability 360

Accountability Mobile Banking Passwords 360

The Hacker News

DECEMBER 2, 2024

These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which

Social Engineering 121

Social Engineering Malware Mobile Engineering 121

Krebs on Security

APRIL 6, 2022

The actors used social engineering techniques and, in some cases, posed as members of the victim company’s IT help desk, using their knowledge of the employee’s personally identifiable information—including name, position, duration at company, and home address—to gain the trust of the targeted employee.” ” SMASH & GRAB.

Social Engineering 277

Social Engineering Phishing Engineering Accountability 277

Security Affairs

DECEMBER 12, 2024

These are the first known mobile malware families linked to the Russian APT. These findings tie the mobile surveillance families to Gamaredons desktop campaigns. Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. Armageddon , Primitive Bear, and ACTINIUM).

Mobile 98

Mobile Malware Surveillance Social Engineering 98

Krebs on Security

JANUARY 29, 2020

leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. Fresh on the heels of a disclosure that Microsoft Corp.

Social Engineering 282

Social Engineering Telecommunications Engineering Data privacy 282

The Hacker News

JULY 1, 2024

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest.

Spyware 110

Spyware Social Engineering Mobile Engineering 110

Malwarebytes

MARCH 19, 2024

Once an attacker has successfully hijacked their victim’s mobile number, they can use it to send and receive calls and messages (and the victim can’t). SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier.

Social Engineering 141

Social Engineering Computers and Electronics Mobile Identity Theft 141

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. In early July 2018, Ferri was traveling in Europe when he discovered his T-Mobile phone no longer had service.

Mobile 243

Mobile Cryptocurrency Accountability Passwords 243

Daniel Miessler

MAY 19, 2021

Top three patterns in breaches were: social engineering, basic web application attacks, and system intrusion. Top three patterns in incidents were: denial of service, basic web application attacks, and social engineering. Interesting to see mobile phone in there. They map to the CIS controls for recommendations.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

The Hacker News

NOVEMBER 20, 2023

Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data.

Social Engineering 112

Social Engineering Banking Government Mobile 112

Security Affairs

NOVEMBER 15, 2021

The malware has been active at least since late October 2021, it targeting the mobile users of banks in Italy, the UK, and the US. The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. The name comes after one of the domains used for its command and control servers.

Banking 144

Banking Mobile Social Engineering Malware 144

Security Affairs

NOVEMBER 10, 2021

Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware also allows an attacker to remotely control the infected mobile devices. The malware already hit more than a thousand South Korean victims.

Spyware 145

Spyware Mobile Social Engineering Malware 145

Duo's Security Blog

FEBRUARY 27, 2024

For best security, administrators should require that users implement screen lock on their devices when authenticating with Duo Mobile. Some software tokens, like Duo Mobile, can be configured to require screen lock. They can additionally require biometric verification every time that a user approves a push.

Social Engineering 125

Social Engineering Authentication Phishing Engineering 125

Security Affairs

FEBRUARY 8, 2024

Generative AI Impact : Generative AI will have a big role in cyber security, especially in areas like email protection and fighting social engineering attacks. Mobile Threats: Mobile devices are increasingly targeted by cyber criminals, with mobile malware attacks rising by 54%.

Social Engineering 142

Social Engineering Cyber Attacks Cyber Insurance IoT 142

The Last Watchdog

JULY 24, 2023

Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. First and foremost, most solutions rely on connected devices like mobile phones to authenticate users. That all changed rather quickly. Some solutions do this today.

Authentication 245

Authentication Passwords Social Engineering Phishing 245

Security Boulevard

JULY 10, 2024

Google and Apple look to give users better protections against social engineering attacks like phishing, with Google giving high-risk users access to the APP service with a passkey and Apple educating users about the threats with a detailed support document in the wake of a recent smishing campaign.

Social Engineering 122

Social Engineering Education Engineering Phishing 122

Krebs on Security

OCTOBER 9, 2024

19, a group of cybercriminals that allegedly included the couple’s son executed a sophisticated phone-based social engineering attack in which they stole $243 million worth of cryptocurrency from a victim in Washington, D.C. .’s son was loaded with cryptocurrency? Approximately one week earlier, on Aug.

Cryptocurrency 266

Cryptocurrency Social Engineering Accountability Mobile 266

Krebs on Security

OCTOBER 18, 2024

In December 2022, KrebsOnSecurity broke the news that USDoD had social-engineered his way into the FBI’s InfraGard program , an FBI initiative designed to build informal information sharing partnerships with vetted professionals in the private sector concerning cyber and physical threats to critical U.S. national infrastructure.

Social Engineering 238

Social Engineering Passwords Cybercrime Mobile 238

The Hacker News

DECEMBER 1, 2023

Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers," Oslo-based mobile app

Banking 96

Banking Malware Social Engineering Mobile 96

CyberSecurity Insiders

MAY 28, 2023

Social Engineering: Investigate the human element of cybersecurity by exploring social engineering techniques and tactics used to manipulate individuals. Mobile Security: Research the unique security challenges posed by mobile devices, including app vulnerabilities, data leakage, and mobile malware.

Cybersecurity 111

Cybersecurity Penetration Testing Social Engineering IoT 111

SecureWorld News

JUNE 17, 2024

Ezra Graziano, Director of Federal Accounts at Zimperium, emphasized the urgency for defense against such evolving social engineering tactics. This includes educating staff on impersonation scam signs, verifying caller identities, reporting suspicious calls, and integrating mobile threat defense solutions.

Social Engineering 93

Social Engineering Scams Artificial Intelligence Engineering 93

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media. Some apps were suspended by Google from Google Play while others were updated by the developers.

Social Engineering 129

Social Engineering Media Mobile Scams 129

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 228

Identity Theft Phishing Cryptocurrency Accountability 228

Krebs on Security

AUGUST 5, 2019

The second is through an unauthorized SIM swap , a form of fraud in which scammers bribe or trick employees at mobile phone stores into seizing control of the target’s phone number and diverting all texts and phone calls to the attacker’s mobile device.

Banking 258

Banking Passwords Risk Accountability 258

Bleeping Computer

FEBRUARY 15, 2024

A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. [.]

Social Engineering 112

Social Engineering Banking Malware Engineering 112

SecureWorld News

MARCH 21, 2024

March Madness is a prime opportunity for cybercriminals to deploy phishing lures, malicious apps, and social engineering tactics," warns Krishna Vishnubhotla, VP of Product Strategy at mobile security firm Zimperium. These can be vehicles for delivering malware, committing fraud, or harvesting valuable data.

Cybersecurity 93

Cybersecurity Social Engineering Phishing Mobile 93