#social-engineering

[ follow ]
organizations
TechRepublic
11 months ago
Information security

Cyberattacks surge to 61% of small and medium-sized businesses, says study

Cyber-attacks on small and medium businesses are becoming increasingly common, and can cause significant data loss and damage to a company's reputation.
Businesses should be proactive in implementing a comprehensive security plan that includes regular monitoring, employee training, and the use of secure firewalls and anti-virus software. [ more ]
ITPro
11 months ago
Privacy professionals

Inside the platform propping up the next generation of email crime

A years-old malicious platform is being used at a vastly accelerated rate by cyber criminals to launch "industrial-scale" email attacks on businesses.Microsoft publicized the rapid adoption of platforms such as BulletProftLink in a report on Friday, saying the tools are being widely used to carry out highly sophisticated business email compromise (BEC) attacks.
VentureBeat
1 year ago
Privacy professionals

Google AdWords scam epidemic shows social engineering is evolving

Check out all the on-demand sessions from the Intelligent Security Summit here.Social engineering scams are everywhere.Every day, cybercriminals are using whatever medium they can to trick users into handing over their data.This not only includes email, SMS and messaging services, but also online advertising services.
Ars Technica
1 year ago
Privacy professionals

Numerous orgs hacked after installing weaponized open source apps

Hackers backed by the North Korean government are weaponizing well-known pieces of open source software in an ongoing campaign that has already succeeded in compromising "numerous" organizations in the media, defense and aerospace, and IT services industries, Microsoft said on Thursday.
Securityweek
1 year ago
Privacy professionals

North Korean Gov Hackers Caught Rigging Legit Software | SecurityWeek.Com

Threat hunters at Microsoft have intercepted a notorious North Korean government hacking group lacing legitimate open source software with custom malware capable of data theft, espionage, financial gain and network destruction.
TechRepublic
1 year ago
Information security

Uber exposes Lapsus$ extortion group for security breach

In last week's security breach against Uber, the attackers downloaded internal messages from Slack as well as information from a tool used to manage invoices.
moreorganizations
information
SecurityWeek
1 year ago
Privacy professionals

Data Protection Startup Optery Raises $2.7 Million in Seed Funding

Data protection startup Optery this week announced raising $2.7 million in a seed funding round that brings the total raised by the company to $6 million.The new investment round was led by Bayhouse Capital, with participation from Goodwater Capital, Global Founders Capital, Pioneer Fund, Soma Capital, TRAC, and Y Combinator, among others.
www.vice.com
1 year ago
Privacy professionals

Hacker Breaches Activision Slack, Steals Call of Duty Info

Image: Rich Polk/Stringer Hacking.Disinformation.Surveillance.CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.A hacker managed to break into a Slack channel of gaming publishing giant Activision, post offensive messages from the targeted account, and steal information related to upcoming Call of Duty releases, according to screenshots posted online by cybersecurity collective VX-Underground.
Zero Day Initiative
1 year ago
Information security

Zero Day Initiative - The November 2022 Security Update Review

There are four additional bugs in Exchange Server receiving fixes this month, and three of those were reported by ZDI Vulnerability Researcher Piotr Bazydło.Most notably, the privilege escalation bug is due to Exchange having a hardcoded path to a file on the "D:" drive.If a "D:" exists and an attacker puts a DLL in the specified folder, Exchange will load the DLL.
Theregister
1 year ago
Privacy professionals

Samsung facing class action after customer data leaks

A class action lawsuit has accused Samsung of failing to address a data breach in early 2022, leading to the theft of US customers' personally identifiable information (PII) in a second attack earlier this month.
moreinformation
years
Acm
1 year ago
Digital life

Passkeys Unlock a New Era for Authentication

Few things evoke a level of disdain on par with computer passwords.They are inconvenient and incredibly insecure.Cybergangs attack them, hack them, and constantly wreak havoc with them.According to industry statistics, upwards of 80% of all breaches involve passwords in one form or another.Even more advanced multifactor authentication (MFA), whether in the form of text codes or rolling numbers on an authentication app, does not address the underlying problem.
The Verge
1 year ago
Information security

Uber apparently hacked by teen, employees thought it was a joke

"We are currently responding to a cybersecurity incident.
...
From there, they found PowerShell scripts on Uber's intranet containing access management credentials that allowed them to allegedly breach Uber's AWS and G Suite accounts.
moreyears
researchers
ComputerWeekly.com
1 year ago
Privacy professionals

NCSC warns over AI language models but rejects cyber alarmism | Computer Weekly

The UK's National Cyber Security Centre (NCSC) has issued advice and guidance for users of AI tools such as ChatGPT that rely on large language model (LLM) algorithms, saying that while they present some data privacy risks, they are not necessarily that useful currently when it comes to deploying them in the service of cyber criminal activity.
Ars Technica
1 year ago
Information security

North Korea-backed hackers have a clever way to read your Gmail

Researchers have unearthed never-before-seen malware that hackers from North Korea have been using to surreptitiously read and download email and attachments from infected users' Gmail and AOL accounts.
moreresearchers
people
ComputerWeekly.com
1 year ago
Privacy professionals

Nine in 10 enterprises fell victim to successful phishing in 2022 | Computer Weekly

Email security company Egress finds that 92% of organisations have fallen victim to a successful phishing attack in their Microsoft 365 environments over the past year, with a further 98% of cyber security managers expressing frustration with secure email gateway (SEG) technologies.According to Egress' Email security risks report 2023 - which investigated both inbound phishing attacks and outbound data loss and exfiltration - 58% of cyber security managers said traditional SEG technologies were not effective in stopping employees from accidentally emailing the wrong person or with the wrong attachment, while 53% conceded that too many phishing attacks bypass their gateway.
Social Media Explorer
1 year ago
Online marketing

Cybersecurity Experts Warn Twitter Breach Will Have Lasting Ramifications - Social Media Explorer

A hacker forum posted the account information of around 200 million Twitter users for no cost.getty After a ransomware infection, the United States Conference of Mayors unanimously voted to stop paying ransoms to hackers in July 2019.Cybersecurity experts heralded the decision, and numerous companies have also taken a stance that a ransom should never be paid - as doing so will only likely result in future attacks from bad actors.
TechRepublic
1 year ago
Information security

Phishing attack spoofs Zoom to steal Microsoft user credentials

Targeting more than 21,000 users, the phishing email managed to bypass Microsoft Exchange email security, says Armorblox.
threatpost.com
1 year ago
Privacy professionals

Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats Again

Deja-Vu data from this year's DBIR report feels like we are stuck in the movie Groundhog Day.'
The Verge
1 year ago
Information security

Hacker accesses a Verizon employee database and tries to ransom the data for $250,000

Verizon is dealing with an incident where a hacker captured a database containing company employee data, including the full names of workers as well as their ID numbers, email addresses, and phone numbers.
Theregister
1 year ago
Privacy professionals

About half of popular websites vulnerable to pre-hijacking

Two security researchers have identified five related techniques for hijacking internet accounts by preparing them to be commandeered in advance.
morepeople
TechRepublic
6 days ago
Privacy professionals

How Can Businesses Defend Themselves Against Cyberthreats?

Businesses face growing cyberattack risks due to increased online data, accessible cyber tools, and evolving attack methods. [ more ]
TechCrunch
3 days ago
Privacy professionals

'Got that boomer!': How cyber-criminals steal one-time passcodes for SIM swap attacks and raiding bank accounts | TechCrunch

Cybercriminals trick victims into giving access codes, allowing hijacking of online accounts and digital wallets. [ more ]
Exponential-e Ltd.
2 days ago
Privacy professionals

Black Basta ransomware group's techniques evolve, as FBI issues new warning in wake of hospital attack

Security agencies warn about Black Basta ransomware group after Ascension cyberattack. [ more ]
Nextgov.com
1 month ago
Privacy professionals

Why plugging leaks sometimes means protecting leakers

Cybersecurity breaches are prevalent due to social engineering, targeting individuals with valuable information.
The need for amnesty laws to encourage self-reporting of cyber/counterintelligence intrusions among military and government personnel. [ more ]
Theregister
1 month ago
Privacy professionals

Crypto scams more costly to US than ransomware, feds say

Investment fraud led to the largest financial loss in cybercrimes last year at $4.57 billion, mostly targeting victims seeking quick returns through cryptocurrency.
Scammers utilize social engineering tactics like romance or confidence scams to transition into crypto investment fraud, along with appealing scams claiming to recover lost funds. [ more ]
WIRED
2 months ago
Privacy professionals

How to Not Get Scammed Out of $50,000

Experts emphasize vulnerability to social engineering by scammers.
High alert, avoid isolation, and report suspicious activity to thwart scammers. [ more ]
Information security
ITPro
3 days ago
Information security

What is a TOAD attack?

TOAD attacks combine different phishing methods, posing a significant threat to businesses globally. [ more ]
ITPro
2 days ago
Information security

Scattered Spider, the ransomware group behind the MGM cyber attack, is still on a rampage - and authorities are ramping up efforts to catch them

Scattered Spider, a threat group responsible for disrupting MGM Resorts, is now targeting financial services firms with phishing attacks and fake login pages. [ more ]
Theregister
7 hours ago
Information security

Crims abusing Microsoft Quick Assist to deploy ransomware

A cybercrime gang is exploiting Microsoft's Quick Assist for social engineering attacks leading to Black Basta ransomware infections. [ more ]
CyberScoop
2 weeks ago
Information security

Iranian hackers impersonate journalists in social engineering campaign

Iranian hackers linked to Revolutionary Guard impersonated journalists and human rights groups for phishing attacks. [ more ]
TechRepublic
2 months ago
Information security

10 Must-Read Books on Cybersecurity | TechRepublic

Cybersecurity is crucial for curtailing cyberattacks and improving privacy practices.
Books recommended by Franklin Okeke offer insights on cybersecurity and protection. [ more ]
TechRepublic
11 months ago
Information security

CISO Guide to Business Email Compromise

1. Business Email Compromise (BEC) is a type of cyber attack that targets businesses through emails to commit fraud or steal sensitive information.
2. CISOs should implement a layered security approach to protect against BEC, which includes providing employee security awareness training, enforcing strong passwords, and using
moreInformation security
Axios
1 month ago
Data science

"Social engineering" hacks work on chatbots, too

Over 2,200 hackers participated in a challenge testing the security of AI models.
Approximately 15.5% of conversations successfully manipulated AI models to break rules or share sensitive data. [ more ]
Theregister
3 months ago
Privacy professionals

Miscreants turn to ad tech to measure malware metrics

Cyber criminals are using ad networks to optimize their malware campaigns and increase the likelihood of users falling for their social engineering attacks.
The DarkGate PDF malware campaign uses ad tools to deliver malicious URLs to victims, evading detection and collecting analytics on who clicks their links. [ more ]
www.theguardian.com
3 months ago
Writing

Poem of the week: Blood by Holly Pester

Pester treats the making of the self and its experiences into poetry as dramatisation.
The poems in the collection combine critique with artistry and humor. [ more ]
TNW | Data-Security
3 months ago
Privacy professionals

States could already produce AI malware that evades detection

AI-generated malware that can evade detection may already be in the hands of nation-states
AI will heighten the global ransomware threat and lower the entry barrier for cybercriminals [ more ]
www.nytimes.com
4 months ago
New York City

Alice Mason, Real Estate Fixer and Hostess to the Elite, Dies at 100

Alice Mason, a real estate broker and hostess, passed away at the age of 100.
She was known for her talent at social engineering and reshaping the demographics of Manhattan's exclusive co-ops. [ more ]
time.com
4 months ago
Artificial intelligence

How Smart Should Robots Be?

The real source of social engineering can be found in our devices and soon, social robots.
The question of how smart we want our robots to be arises, as social robots aim to replace human interaction. [ more ]
www.fastcompany.com
5 months ago
Artificial intelligence

5 cybersecurity predictions for 2024

Cybersecurity costs are predicted to rise globally to $10.5 trillion by 2025 as cybercrime becomes more sophisticated.
AI-powered scams and advanced phishing techniques are expected to increase in 2024. [ more ]
The Times of India
6 months ago
Artificial intelligence

Woman gets SOS from 'nephew' in Canada, loses Rs 1.4 lakh to AI voice fraud | Hyderabad News - Times of India

Artificial intelligence (AI) voice fraud is increasingly targeting people with family in Canada and Israel.
Fraudsters are using AI voice imitating tools to mimic the voices of targeted individuals.
Creating a sense of urgency and claiming to have a relative in a troubled country adds to the effectiveness of the fraud. [ more ]
TechRadar
1 year ago
Artificial intelligence

Businesses turn to SASE, zero trust to solve remote working challenges

(Image credit: Shutterstock)
Now businesses have enabled their employees to operate remotely, their attention is shifting towards protecting them from increasingly damaging cybersecurity threats.
TechRepublic
5 months ago
Privacy professionals

Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware

Recruiters are being targeted in a new social engineering attack campaign by threat actor TA4557.
The campaign involves sending benign emails and tricking recruiters into visiting fake resume websites and downloading malware. [ more ]
Dark Reading
5 months ago
Privacy professionals

Fake Browser Updates Targeting Mac Systems With Infostealer

A social engineering campaign that previously targeted Windows systems is now spreading to macOS.
The campaign uses fake browser updates to distribute the Atomic Stealer malware.
This is the first time experts have observed a social engineering scam targeting both Windows and macOS systems. [ more ]
ComputerWeekly.com
1 year ago
Cryptocurrency

NatWest introduces limits on crypto trading to prevent fraud | Computer Weekly

Retail bank NatWest is to implement daily and monthly limits on the amount of money customers may pay into cryptocurrency exchanges in an attempt to protect them from fraud and scams, and prevent them from losing "life-changing" sums of money.Going forward, customers will only be able to transfer up to £1,000 daily, and up to £5,000 every 30 days.
Ars Technica
1 year ago
Games

Stolen League of Legends source code being ransomed, and Riot Games won't pay

Riot Games has confirmed that an attack on its development environment last week included the theft of source code for its League of Legends and Teamfight Tactics games, along with a "legacy anticheat platform."The company has received a ransom demand but states that it will not pay.The release of source code by the attackers, whether publicly or by sale, could have implications for cheat software, providing direct knowledge of the game's mechanisms rather than relying on reverse engineering.
TechRepublic
1 year ago
Information security

How to add an extra layer of protection in Bitwarden vault items

Jack Wallen shows you how you can increase the security of Bitwarden vault items with a simple configuration.
Bitwarden is one of the best password managers on the market.
The Verge
1 year ago
Privacy professionals

Uber's hack shows the stubborn power of social engineering

Like many other hacks, Uber's major security breach started with a text message.
The Verge
1 year ago
Apple

Apple demos Safari's 'passkeys' support in macOS Ventura that will help bring an end to passwords

At its WWDC 2022 event, Apple just demonstrated how Safari in macOS Ventura will support "passkeys," a sign-in standard that's built with cross-platform support to enable logins that don't use passwords at all.
TechRepublic
1 year ago
Information security

Voice phishing attacks reach all-time high

A study conducted by Agari and PhishLabs found a five-times increase in attempted vishing attacks from the beginning of 2021 to Q1 of 2022.
[ Load more ]