Tag: social-engineering
-
8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play
Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs.”These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions,…
-
Check Point warnt vor lauernden Gefahren im Foxit PDF Reader
Tags: social-engineeringAngesichts der raffinierten Social-Engineering-Taktiken ist es für die Nutzer unerlässlich, aufmerksam und wachsam zu sein, sich zu informieren, Vorsi… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-warnt-vor-lauernden-gefahren-im-foxit-pdf-reader/a37392/
-
From Russia with love: Sophos entdeckt ausgefeilte Social-Engineering-Kampagne
Offenbar haben die Angreifer das Wissen über online nachvollziehbare Communities ausgenutzt, wodurch das Sophos-Team auf die Kampagne aufmerksam wurde… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/from-russia-with-love-sophos-entdeckt-ausgefeilte-social-engineering-kampagne/a37592/
-
Services Australia data breaches surge as scammers try to hack customer accounts using stolen details
Exclusive: Breaches linked to ‘social engineering’ rise by more than 440% after nine reported last year<ul><li>Get our <a href=https://… First seen on theguardian.com Jump to article: www.theguardian.com/australia-news/2024/sep/29/services-australia-hacks-data-breach-scam
-
Ransomware-Gruppe tarnt sich als IT-Support
Die Gruppe hinter der BlackBasta-Ransomware hat ihre Social-Engineering-Aktivitäten zu Microsoft Teams verlagert, wo sich die Cyberkriminellen als IT-… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/ransomware-gruppe-tarnt-sich-als-it-support
-
New North Korean Campaigns Target Cryptocurrency Industry
New social engineering and vulnerability exploitation campaigns by North Korean threat actors are targeting people and organizations in the cryptocurr… First seen on duo.com Jump to article: duo.com/decipher/new-north-korean-campaigns-target-cryptocurrency-industry
-
15 SpyLoan Android apps found on Google Play had over 8 million installs
McAfee researchers discovered 15 SpyLoan Android apps on Google Play with a combined total of over 8 million installs. 15 SpyLoan apps with a combined total of 8M+ installs were found on Google Play, targeting users in South America, Southeast Asia, and Africa. SpyLoan apps exploit social engineering to gain sensitive user data and excessive…
-
Supply chain managers underestimate cybersecurity risks in warehouses
32% of warehouse respondents report that social engineering is one of the most-used entry points in warehouse cyberattacks tied with software vulnerabilities (32%) and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/27/warehouses-cybersecurity-concern/
-
Beware Of SpyLoan Apps Exploits Social Engineering To Steal User Data
SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive users into granting excessive permissions, where these apps, installed millions of times, exfiltrate sensitive data to C2 servers via encrypted HTTP requests. Primarily targeting South America, Southern Asia, and Africa, these apps are often promoted through deceptive social media ads, as…
-
Social engineering becomes lucrative business for North Korean hackers
First seen on scworld.com Jump to article: www.scworld.com/brief/social-engineering-becomes-lucrative-business-for-north-korean-hackers
-
Black Basta Ransomware Group Retools for Strategic Attacks
Social Engineering Moves Mirror Nation-State Groups’ Tactics, Researchers Say. The Black Basta ransomware group has been refining its social engineering tactics to amass more victims despite escalating law enforcement disruptions, together with a shift to more strategic, long-term planning that security experts said suggests Russian state ties. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/black-basta-ransomware-group-retools-for-strategic-attacks-a-26898
-
Top challenges holding back CISOs’ agendas
Tags: ai, attack, authentication, awareness, breach, business, ceo, cisa, ciso, compliance, control, cyberattack, cybersecurity, data, deep-fake, defense, detection, framework, grc, group, insurance, intelligence, jobs, malicious, monitoring, network, password, phishing, privacy, regulation, risk, skills, soc, social-engineering, strategy, threat, tool, training, vulnerability, zero-trustIn the past decade, every CISO knew the question awaiting them in the boardroom: Can we survive the next cyberattack? Now, as the turbulent 2024 draws to a close, the concerns have multiplied, says Don Gibson, the CISO at Kinly. Board members are often asking: Can we survive these economic times? Or are we prepared…
-
Rising ClickFix malware distribution trick puts PowerShell IT policies on notice
Tags: access, ai, apt, attack, captcha, chatgpt, control, cyber, cybercrime, defense, detection, email, espionage, finance, github, group, infrastructure, jobs, least-privilege, malicious, malware, marketplace, microsoft, open-source, password, phishing, powershell, social-engineering, software, technology, threat, tool, ukraine, update, vulnerability, windowsThreat groups are increasingly adopting a social engineering technique dubbed ClickFix to trick users into copying malicious PowerShell code and executing it themselves. Despite requiring more user interaction to succeed, the tactic has been adopted by several threat groups in recent months, suggesting it is reasonably effective at evading detection compared to relying on automated…
-
Job termination scam warns staff of phony Employment Tribunal decision
Creators of phishing messages usually want to create anxiety in their targets so they’ll unwittingly download malware. And nothing gets stomachs churning more than the possibility of losing your job.One of the latest examples of this was detected by Cloudflare, which issued a report Thursday on a recent job termination phishing scam that included some…
-
North Korean fake IT workers up the ante in targeting tech firms
Tags: access, advisory, ai, awareness, breach, ciso, compliance, crowdstrike, crypto, cybercrime, data, deep-fake, detection, edr, email, exploit, extortion, finance, governance, government, grc, group, incident response, infrastructure, jobs, korea, north-korea, risk, scam, social-engineering, technology, theft, tool, unauthorized, usa, vpnNorth Korean fake IT worker scams are evolving to incorporate theft and extortion as more examples of targeting against technology and other companies emerge.The deception typically features North Korean operatives posing as legitimate IT professionals in attempts to gain employment at Western firms, almost always for positions that offer remote working options.Once hired, these “remote…
-
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period.These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on…
-
5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme
Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars.All of…
-
‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise
Proofpoint researchers have observed the growing use of the ClickFix social engineering tactic, which lures people into running malicious content on their computer First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/clickfix-cyber-malware-rise/
-
APT Group DONOT Launches Cyberattack on Pakistan’s Maritime and Defense Industry
A new hacker collective, known as the APT group DONOT, has targeted critical sectors of Pakistan’s economy, specifically the maritime and defense manufacturing industries. By leveraging advanced malware and targeted social engineering strategies, the DONOT hacker group has successfully compromised sensitive infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apt-group-donot-targets-pakistan/
-
Black Basta Ransomware Leveraging Social Engineering For Malware Deployment
Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022 by employing sophisticated social engineering techniques to infiltrate target networks, often leveraging advanced malware to compromise systems undetected. Once inside, Black Basta extorts victims with ransom demands, threatening to publicly release sensitive data if payment is not made. The group’s…
-
Langwierige, dafür aber extrem ausgefeilte Attacke auf VPN-Zugangsdaten
Ein neuer, ausgeklügelter Angriff nutzt Telefonanrufe, Social-Engineering, ähnlich aussehende Domains und gefälschte VPN-Websites von Unternehmen, um sich einen ersten Zugang zu einem Opfernetzwerk zu verschaffen. Dies ist einer der ausgefeiltesten Initial-Access-Attacks, die wir je gesehen haben. Die Sicherheitsanalysten von Guidepoint Security haben Details zu einem neuen Angriff veröffentlicht, bei dem Benutzer dazu verleitet werden, dem…
-
Social engineering scams sweep through financial institutions
North American financial institutions fielded 10 times more reports of social engineering scams in 2024 than they did a year ago, according to BioCatch. The data shows scams … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/13/financial-institutions-scams/
-
The changing face of identity security
It’s easy to see why identity security is often synonymous with user security. Social engineering tactics are the mainstay of the threat actor’s arsenal, and it’s rare to find … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/12/identity-security-strategy/
-
Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store
LastPass, a leading password management platform, has issued a critical warning to users about a social engineering campaign targeting its customer ba… First seen on securityonline.info Jump to article: securityonline.info/warning-lastpass-alerts-users-to-phishing-scam-using-fake-support-reviews-on-chrome-web-store/
-
MoneyGram customer data breached in attack
MoneyGram confirms that customer data has been stolen in an incident that appears to have started with a social engineering attack on its IT helpdesk … First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366613195/MoneyGram-customer-data-breached-in-attack
-
Security Awareness – 4 Basis-Tipps gegen Social Engineering
First seen on security-insider.de Jump to article: www.security-insider.de/schutz-vor-social-engineering-sicherheitsmassnahmen-fuer-unternehmen-a-42ceb7170a2de8bb52275346e97c92c2/
-
Black Basta Ransomware Group Elevates Social Engineering with Microsoft Teams and Malicious QR Codes
The ReliaQuest Threat Research Team uncovered an intensified social engineering campaign tied to the ransomware group Black Basta. Known for using ema… First seen on securityonline.info Jump to article: securityonline.info/black-basta-ransomware-group-elevates-social-engineering-with-microsoft-teams-and-malicious-qr-codes/
-
Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
The BlackBasta ransomware operation has moved its social engineering attacks to Microsoft Teams, posing as corporate help desks contacting employees t… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/black-basta-ransomware-poses-as-it-support-on-microsoft-teams-to-breach-networks/
-
Krypto-Millionenraub: Social-Engineering beschert Hackern 240 Millionen Dollar
First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/online-betrug/krypto-millionenraub-social-engineering-beschert-hackern-240-millionen-dollar-301749.html