#social-engineering

[ follow ]
#cybersecurity #malware #data-breach #scattered-spider #ransomware #phishing #threat-intelligence #clickfix #workday
#scattered-spider
more#scattered-spider
fromTheregister
1 day ago

FileFix attacks trick victims into executing infostealers

FileFix is a variation on ClickFix, a newish type of social-engineering technique first spotted last year that tricks victims into running malware on their own devices using fake fixes and login prompts. These types of attacks have surged by 517 percent in the past six months, according to researchers at antivirus and internet security software vendor ESET, making them second most common attack vector behind phishing.
Information security
Information security
fromCyberScoop
1 week ago

The npm incident frightened everyone, but ended up being nothing to fret about

A social-engineering compromise of an npm maintainer briefly poisoned 18 popular packages, but quick detection and response limited the supply-chain attack’s impact and damage.
#data-breach
fromTechCrunch
1 week ago
Information security

VC giant Insight Partners notifies staff and limited partners after data breach | TechCrunch

fromIT Pro
4 weeks ago
Information security

The Allianz Life data breach just took a huge turn for the worse

fromTechCrunch
1 week ago
Information security

VC giant Insight Partners notifies staff and limited partners after data breach | TechCrunch

fromIT Pro
4 weeks ago
Information security

The Allianz Life data breach just took a huge turn for the worse

more#data-breach
#phishing
fromLifehacker
3 weeks ago
Information security

This Creative Phishing Scam Uses Netflix Job Offers to Steal Facebook Credentials

fromIT Pro
4 weeks ago
Privacy professionals

Malicious URLs overtake email attachments as the biggest malware threat

fromwww.itpro.com
1 month ago
Information security

New hires are your weakest link when it comes to phishing attacks here's how you can build a strong security culture that doesn't judge victims

fromLifehacker
3 weeks ago
Information security

This Creative Phishing Scam Uses Netflix Job Offers to Steal Facebook Credentials

fromIT Pro
4 weeks ago
Privacy professionals

Malicious URLs overtake email attachments as the biggest malware threat

fromwww.itpro.com
1 month ago
Information security

New hires are your weakest link when it comes to phishing attacks here's how you can build a strong security culture that doesn't judge victims

more#phishing
Artificial intelligence
fromWIRED
1 week ago

Psychological Tricks Can Get AI to Break the Rules

Human-style persuasion techniques can often cause some LLMs to violate system prompts and comply with objectionable requests.
Information security
fromTheregister
1 week ago

Double trouble with CastleRAT malware, now in C and Python

TAG-150 created CastleRAT in Python and C, using ClickFix social engineering to trick users into pasting commands that enable remote access and payload delivery.
Information security
fromIT Pro
1 week ago

Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacks

Stealerium infostealer has surged, exfiltrating credentials, crypto wallets, Wi‑Fi and VPN data via multiple channels and leveraging social‑engineering lures for global campaigns.
Information security
fromThe Hacker News
2 weeks ago

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

Lazarus Group used a Telegram social-engineering campaign to deliver PondRAT, ThemeForestRAT, and RemotePE, enabling credential theft and network discovery in a DeFi organization.
#cybersecurity
fromTechRadar
2 weeks ago
Information security

I am a cybersecurity expert - here's why it's time for businesses to bolster defenses, beyond just tech

Information security
fromSecuritymagazine
1 month ago

Scattered Spider's Newest Targets: Transportation and Airlines

A sophisticated cyber campaign targets retail, airline, and insurance sectors using social engineering tactics instead of traditional software exploits.
Information security
fromThe Hacker News
1 month ago

Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure

Scattered Spider targets VMware ESXi hypervisors, employing social engineering to bypass security measures and conduct precise, campaign-driven attacks.
fromTechRadar
2 weeks ago
Information security

I am a cybersecurity expert - here's why it's time for businesses to bolster defenses, beyond just tech

more#cybersecurity
History
fromPsychology Today
3 weeks ago

The Man Who Sold a Fake Country

Con artists exploit timeless human psychology—scarcity, forged credibility, and persuasive storytelling—to sell false opportunities across eras, from 19th-century Poyais to modern online scams.
fromThe Hacker News
3 weeks ago

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Instead of sending unsolicited phishing emails, attackers initiate contact through a company's public 'Contact Us' form, tricking employees into starting the conversation. What follows are weeks of professional, credible exchanges, often sealed with fake NDAs, before delivering a weaponized ZIP file carrying MixShell, a stealthy in-memory malware.
Information security
Information security
fromIT Pro
3 weeks ago

Has password hygiene ever improved?

Passwords are fundamentally insecure and human-dependent, enabling breaches that can topple organizations; static credentials must be eliminated in favor of stronger authentication.
Information security
fromTheregister
3 weeks ago

'Impersonation as a service' next big thing in cybercrime

Demand for English-language social engineering skills has surged, enabling impersonation-as-a-service operations that facilitate Salesforce intrusions and financially motivated attacks.
fromThe Hacker News
1 month ago

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

"Like a real-world virus variant, this new 'ClickFix' strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web just last year."
Privacy professionals
#malware
fromThe Hacker News
3 months ago
Growth hacking

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

EDDIESTEALER is a Rust-based information stealer using fake CAPTCHA pages to trick users into executing malware that harvests sensitive information.
fromThe Hacker News
3 months ago
Marketing tech

Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique

Latrodectus malware utilizes the ClickFix technique for stealthy and dangerous payload distribution.
Growth hacking
fromThe Hacker News
3 months ago

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

EDDIESTEALER is a Rust-based information stealer using fake CAPTCHA pages to trick users into executing malware that harvests sensitive information.
Marketing tech
fromThe Hacker News
3 months ago

Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique

Latrodectus malware utilizes the ClickFix technique for stealthy and dangerous payload distribution.
more#malware
fromArs Technica
1 month ago

After BlackSuit is taken down, new ransomware group Chaos emerges

Chaos is likely a rebranding of BlackSuit ransomware or operated by former members, based on similar encryption mechanisms, ransom note structure, and tools used.
Privacy technologies
Apple
fromSecuritymagazine
2 months ago

New ZuRu Malware Variant Targeting Developers

ZuRu is a trojan malware for macOS that spreads through trojanized legitimate software and relies on social engineering tactics.
Privacy professionals
fromSecuritymagazine
2 months ago

Security Leaders Discuss Marco Rubio AI Imposter

AI-generated impersonation attempts pose serious risks to information security and can bypass human caution.
Generative AI tools have reached a level of sophistication that allows for credible impersonations.
#cybercrime
more#cybercrime
Mobile UX
fromSecuritymagazine
3 months ago

2024 Saw Over 4 Million Mobile Social Engineering Attacks

Mobile devices are increasingly susceptible to social engineering attacks, particularly with rising phishing interactions on iOS.
fromIT Pro
3 months ago

Disinformation security is a major concern for cyber teams - here's what your business can do

Being able to imitate anyone's voice with only a few seconds of audio or create a nefarious video of someone with only a few pictures found online - that's the scary part.
Information security
fromPsychology Today
4 months ago

The Psychology of Crowds

When people gather in large groups, they often act in ways that are different from how they would behave individually.
Psychology
Privacy professionals
fromThe Hacker News
4 months ago

[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats

Identity systems face vulnerabilities beyond traditional authentication methods, necessitating comprehensive lifecycle protection.
Attackers increasingly use social engineering and advanced technologies, like deepfakes, to compromise identity systems.
Privacy professionals
fromTechCrunch
4 months ago

Citizen Lab say exiled Uyghur leaders targeted with Windows spyware | TechCrunch

Hackers targeted Uyghur community leaders using Windows spyware, highlighting the issue of digital attacks on marginalized groups.
[ Load more ]