Schneier on Security

FEBRUARY 25, 2025

This attack proves that UI manipulation and social engineering can bypass even the most secure wallets. The Bybit hack has shattered long-held assumptions about crypto security. No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link.

Cryptocurrency 246

Cryptocurrency Social Engineering Hacking Engineering 246

Security Affairs

AUGUST 18, 2024

Mad Liberator employs social engineering techniques to gain access to the victim’s environment, specifically targeting organizations using remote access tools like Anydesk. However, the social-engineering tactics the group used in the case described above are noteworthy – but they are not unique.

Social Engineering 144

Social Engineering Engineering Ransomware Cybercrime 144

The Hacker News

JANUARY 31, 2025

Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. Theres no brute-force spray and pray password guessing. No scouring systems for unpatched software.

Social Engineering 120

Social Engineering Engineering Passwords Software 120

Digital Shadows

OCTOBER 25, 2024

During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” There has been a significant rise in ransomware actors using social engineering techniques to gain unauthorized access to sensitive systems and data.

Social Engineering 128

Social Engineering Engineering Phishing Accountability 128

Krebs on Security

JANUARY 7, 2025

Each participant in the call has a specific role, including: -The Caller: The person speaking and trying to social engineer the target. A tutorial shared by Stotle titled “Social Engineering Script” includes a number of tips for scam callers that can help establish trust or a rapport with their prey.

Phishing 333

Phishing Cryptocurrency Accountability Social Engineering 333

Schneier on Security

DECEMBER 23, 2020

Navalny got a confession out of one of the poisoners, displaying some masterful social engineering. Bellingcat has investigated the near-fatal poisoning of Alexey Navalny by the Russian GRU back in August. The details display some impressive traffic analysis. Lots of interesting opsec details in all of this.

Social Engineering 361

Social Engineering Engineering 361

Security Boulevard

DECEMBER 5, 2024

Identity phishing doesn’t just lead to data theft – it can also lead to financial fraud, targeted social engineering attacks and lateral movement across endpoints. The post Identity Phishing: Using Legitimate Cloud Services to Steal User Access appeared first on Security Boulevard.

Phishing 111

Phishing Social Engineering Engineering Security Awareness 111

Lohrman on Security

OCTOBER 1, 2023

Sophisticated social engineering attacks have led to hundreds of data breaches this year. What can be done? And what new resources can help?

Cyber Attacks 321

Cyber Attacks Social Engineering Data breaches Engineering 321

Tech Republic Security

OCTOBER 11, 2023

F5 says an artificial intelligence war could start between generative AI-toting bad actors and enterprises guarding data with AI. Australian IT teams will be caught in the crossfire.

Social Engineering 191

Social Engineering Artificial Intelligence Engineering Risk 191

The Hacker News

FEBRUARY 7, 2025

The foundations for social engineering attacks manipulating humans might not have changed much over the years. Its the vectors how these techniques are deployed that are evolving. And like most industries these days, AI is accelerating its evolution.

Social Engineering 95

Social Engineering Engineering Cybersecurity 95

Schneier on Security

SEPTEMBER 17, 2024

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware.

Malware 305

Malware Social Engineering Engineering Hacking 305

Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. “In terms of overall social engineering attacks, the more you have a relationship with someone the more they’re going to trust you,” Donahue said. Don’t be discouraged.

Hacking 271

Hacking Accountability Government Social Engineering 271

Schneier on Security

APRIL 22, 2024

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

Malware 338

Malware Social Engineering Engineering Software 338

The Hacker News

FEBRUARY 14, 2025

Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: As technology continues to evolve, so do cybercriminals' tactics.

Social Engineering 93

Social Engineering Engineering Technology 93

Penetration Testing

NOVEMBER 5, 2024

LastPass, a leading password management platform, has issued a critical warning to users about a social engineering campaign targeting its customer base through deceptive reviews on its Chrome Web Store... The post Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store appeared first on Cybersecurity (..)

Scams 82

Scams Phishing Social Engineering Password Management 82

Schneier on Security

JANUARY 21, 2025

It also turns out that some of the best ways to “ jailbreak ” LLMs (getting them to disobey their creators’ explicit instructions) look a lot like the kinds of social engineering tricks that humans use on each other: for example, pretending to be someone else or saying that the request is just a joke.

Social Engineering 339

Social Engineering Engineering Technology Risk 339

Schneier on Security

APRIL 2, 2024

Installing it was a multi-year process that seems to have involved social engineering the lone unpaid engineer in charge of the utility. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware. It was an incredibly complex backdoor.

Social Engineering 353

Social Engineering Engineering Software Encryption 353

SecureWorld News

JANUARY 7, 2025

Beware the Poisoned Apple: Defending Against Malware and Social Engineering Just like Snow White was tricked into accepting a poisoned apple from the Evil Queen, malware and social engineering attacks exploit trust to deliver harmful payloads. Are your defenses ready to withstand a "Jack"?

Cybersecurity 112

Cybersecurity Social Engineering Phishing Engineering 112

Joseph Steinberg

OCTOBER 24, 2022

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window.

Cybersecurity 363

Cybersecurity Social Engineering Artificial Intelligence Scams 363

Krebs on Security

OCTOBER 20, 2023

In both cases, the attackers managed to social engineer employees into resetting the multi-factor login requirements for Okta administrator accounts. In March 2022, Okta disclosed a breach from the hacking group LAPSUS$, a criminal hacking group that specialized in social-engineering employees at targeted companies.

Social Engineering 352

Social Engineering Engineering Accountability Hacking 352

Krebs on Security

AUGUST 21, 2020

” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. The agencies said crooks use the vished VPN credentials to mine the victim company databases for their customers’ personal information to leverage in other attacks.

VPN 363

VPN Social Engineering Authentication Engineering 363

Tech Republic Security

AUGUST 23, 2024

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.

Social Engineering 203

Social Engineering Malware Engineering Banking 203

Tech Republic Security

DECEMBER 3, 2024

The exposed database creates opportunities for staging convincing phishing and social engineering attacks, among other issues.

Social Engineering 192

Social Engineering Engineering Phishing Cybersecurity 192

Security Affairs

JANUARY 21, 2025

” Threat actors are attempting to use social engineering techniques by exploiting the trust of local entities in the authority. The threat actors need to have the victim’s AnyDesk ID to carry out the attack and the software must be active on the target systems.

Social Engineering 108

Social Engineering Scams Engineering Software 108

Tech Republic Security

FEBRUARY 26, 2024

Identity-based and social engineering attacks still take center stage, according to the CrowdStrike 2024 Global Threat Report.

Threat Reports 184

Threat Reports Social Engineering Engineering Phishing 184

The Last Watchdog

NOVEMBER 11, 2024

It could also help users identify various cybersecurity attacks, whether they are types of spoofing , phishing, social engineering, or malware. One significant risk is the potential for the technology to become a host to sophisticated social engineering attacks.

Cybersecurity 130

Cybersecurity Social Engineering Technology Threat Detection 130

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 319

Hacking Social Engineering Phishing Scams 319

Tech Republic Security

JANUARY 9, 2025

Hidden dependencies, social engineering attacks, and the complexity of foundation models can all contribute tothe insecure use of open-source software in 2025.

Software 181

Software Social Engineering Engineering Artificial Intelligence 181

Penetration Testing

OCTOBER 19, 2024

A new and dangerous social engineering tactic, dubbed ClickFix, has emerged as a significant cybersecurity threat in 2024, according to a recent report from the Sekoia Threat Detection & Research... The post Beware of Fake Google Meet Invites: ClickFix Campaign Spreading Infostealers appeared first on Cybersecurity News.

Social Engineering 82

Social Engineering Threat Detection Engineering Cybersecurity 82

IT Security Guru

FEBRUARY 25, 2025

Other Ways Threat Actors Exploit Human Behaviour In addition to fatigue attacks, malefactors weaponise social engineering. MFA fatigue is often coupled with social engineeringan attacker might contact the victim, masquerading as IT support, and advise them to approve the prompt to “resolve an issue.”

Social Engineering 118

Social Engineering Authentication Risk Accountability 118

eSecurity Planet

MARCH 3, 2025

The report details how threat actors harness automation, artificial intelligence, and advanced social engineering to scale their operations. They are now running highly efficient operations that mirror legitimate business models.

Threat Reports 112

Threat Reports Cybercrime Artificial Intelligence Social Engineering 112

The Last Watchdog

JANUARY 30, 2025

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victims browser.

Social Engineering 130

Social Engineering Engineering Authentication Media 130

SecureWorld News

FEBRUARY 25, 2025

One of the report's most pressing concerns is the role of Generative AI in social engineering attacks. From the report: "Generative AI is being used to create highly convincing phishing emails, fake voices, and even deepfake videosmaking social engineering attacks more difficult to detect.

Cybersecurity 85

Cybersecurity Social Engineering Artificial Intelligence Cyber threats 85

Schneier on Security

DECEMBER 20, 2022

The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

Social Engineering 244

Social Engineering Engineering Software Government 244

Krebs on Security

NOVEMBER 21, 2024

In January 2024, KrebsOnSecurity broke the news that Urban had been arrested in Florida in connection with multiple SIM-swapping attacks.

Identity Theft 245

Identity Theft Phishing Cryptocurrency Accountability 245

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media.

Social Engineering 128

Social Engineering Media Mobile Scams 128

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering.

Scams 124

Scams Malware Phishing Social Engineering 124