#social-engineering

[ follow ]
fromSecuritymagazine
6 days ago

Help Desk Havoc: Why Identity Verification Is Still the Weakest Link in Targeted Attacks

Organizations are heavily investing in zero trust, a security framework that requires strict verification and ongoing monitoring of every user, device, and application. As of 2025, the size of the zero trust market is estimated at $38.37 billion USD and is projected to grow to $86.57 billion USD by 2030. Investmentsinclude not only tools but also organizational transformation, policy overhaul, and long-term architectural changes. When combined with strong, phishing-resistant multi-factor authentication (MFA) and AI-powered threat detection, a move toward zero trust will significantly enhance cybersecurity. However, help desks often lack robust identity verification, creating a critical vulnerability.
Information security
fromSecurityWeek
5 days ago

In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware

Gladinet vulnerability exploited in the wild A vulnerability affecting Gladinet's CentreStack and Triofox products has been exploited in the wild, Huntress warns. CentreStack is a mobile access and secure sharing solution while Triofox is a secure file access solution. Huntress earlier this year discovered exploitation of CVE-2025-30406, a hardcoded machine key issue affecting the products, and it has now detected exploitation of a new vulnerability, CVE-2025-11371, which allows unauthenticated local file inclusion. Gladinet is aware of the issue and is in the process of providing a workaround to customers until a patch is developed.
Information security
fromSecuritymagazine
6 days ago

85,000 Pet and Pet Owner Records Exposed

Cybersecurity Researcher Jeremiah Fowler discovered a database that lacked password protection as well as encryption, exposing 85,361 files (158 GB in total). The records included invoices, claims, and emails that contained policy holder names, addresses, phone numbers, email addresses, and other personally identifiable information (PII). The personal information of pets were also exposed, including their names, ages, breeds, medical histories, microchip numbers, and more.
Information security
#north-korea
fromTechCrunch
1 week ago
Information security

North Korean hackers stole over $2 billion in crypto so far in 2025, researchers say | TechCrunch

fromTechCrunch
1 week ago
Information security

North Korean hackers stole over $2 billion in crypto so far in 2025, researchers say | TechCrunch

fromThe Hacker News
1 week ago

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers

The attack chains, per the cybersecurity company, leverage ZIP archives containing decoy PDF documents along with malicious shortcut (LNK) or executable files that are masked as PDF to trick users into opening them. When launched, the LNK file runs an embedded PowerShell script that reaches out to an external server to download a lure document, a PDF for a marketing job at Marriott.
Information security
#salesforce-breach
fromMarTech
1 week ago
Information security

Salesforce says social engineering to blame for breaches leading to ransom demands | MarTech

fromMarTech
1 week ago
Information security

Salesforce says social engineering to blame for breaches leading to ransom demands | MarTech

Information security
fromTheregister
1 week ago

Kodex outage blamed on AWS social engineering attack

Social engineering against AWS froze Kodex Global's domain, causing service outages and risking email interception despite Kodex claiming no internal breach.
Information security
fromTalentLMS Blog
1 week ago

10 Essential Cybersecurity Topics for Employee Training

Comprehensive cybersecurity training for all employees prevents breaches, protects data, preserves customer trust, and reduces financial, legal, and reputational damage.
Information security
fromThe Hacker News
2 weeks ago

New Android Banking Trojan "Klopatra" Uses Hidden VNC to Control Infected Smartphones

Klopatra Android banking trojan has compromised over 3,000 devices using VNC and dynamic overlays to enable remote control, credential theft, and fraudulent transactions.
#phishing
fromZDNET
2 weeks ago
Information security

4 better ways to protect your business than dreaded (and useless) anti-phishing training

fromLifehacker
1 month ago
Information security

This Creative Phishing Scam Uses Netflix Job Offers to Steal Facebook Credentials

fromIT Pro
1 month ago
Privacy professionals

Malicious URLs overtake email attachments as the biggest malware threat

fromwww.itpro.com
2 months ago
Information security

New hires are your weakest link when it comes to phishing attacks here's how you can build a strong security culture that doesn't judge victims

fromZDNET
2 weeks ago
Information security

4 better ways to protect your business than dreaded (and useless) anti-phishing training

fromLifehacker
1 month ago
Information security

This Creative Phishing Scam Uses Netflix Job Offers to Steal Facebook Credentials

fromIT Pro
1 month ago
Privacy professionals

Malicious URLs overtake email attachments as the biggest malware threat

fromwww.itpro.com
2 months ago
Information security

New hires are your weakest link when it comes to phishing attacks here's how you can build a strong security culture that doesn't judge victims

fromThe Hacker News
2 weeks ago

New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events

Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting "active senior trips." Some of the other territories targeted by the threat actors include Singapore, Malaysia, Canada, South Africa, and the U.K. The campaigns, it added, specifically focused on elderly people looking for social activities, trips, in-person meetings, and similar events. These Facebook groups have been found to share artificial intelligence (AI)-generated content, claiming to organize various activities for seniors.
Privacy technologies
#cybersecurity
fromFortune
2 weeks ago
Information security

Cybersecurity professionals under pressure turn to AI amid rising threats | Fortune

fromSFGATE
3 weeks ago
Information security

Teen arrested on suspicion of Vegas Strip attack that cost $100M

fromTechRadar
1 month ago
Information security

I am a cybersecurity expert - here's why it's time for businesses to bolster defenses, beyond just tech

Information security
fromThe Hacker News
2 months ago

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

EncryptHub exploits a security flaw in Microsoft Windows to deploy malicious payloads via social engineering tactics.
fromFortune
2 weeks ago
Information security

Cybersecurity professionals under pressure turn to AI amid rising threats | Fortune

fromSFGATE
3 weeks ago
Information security

Teen arrested on suspicion of Vegas Strip attack that cost $100M

fromTechRadar
1 month ago
Information security

I am a cybersecurity expert - here's why it's time for businesses to bolster defenses, beyond just tech

Information security
fromwww.bbc.com
2 weeks ago

'You'll never need to work again': Criminals offer reporter money to hack BBC

Criminal gangs recruit insiders by offering employees a percentage of ransom payments in exchange for login credentials and PC access to facilitate ransomware attacks.
Information security
fromThe Hacker News
2 weeks ago

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

North Korea-linked actors use multi-platform malware including AkdoorTea to target cryptocurrency and Web3 developers via fake recruiter job offers that install backdoors.
Information security
fromTheregister
3 weeks ago

Deepfaked calls hit 44% of businesses in last year: Gartner

AI-generated deepfakes and prompt-injection attacks targeted staff, with audio and video deepfakes causing operational and financial losses and evading detection.
#scattered-spider
Information security
fromFortune
3 weeks ago

London teenager orchestrated 'help desk' extortion scheme against 47 U.S. companies that netted $115 million says DOJ | Fortune

A 19-year-old London resident allegedly led social-engineering attacks that extorted $115 million, compromising at least 120 networks and targeting 47 U.S. entities including federal courts.
#data-breach
fromIT Pro
3 weeks ago
Information security

The Salesloft hackers claim they have 1.5 billion compromised Salesforce records

fromTechCrunch
1 month ago
Information security

VC giant Insight Partners notifies staff and limited partners after data breach | TechCrunch

fromIT Pro
1 month ago
Information security

The Allianz Life data breach just took a huge turn for the worse

fromIT Pro
3 weeks ago
Information security

The Salesloft hackers claim they have 1.5 billion compromised Salesforce records

fromTechCrunch
1 month ago
Information security

VC giant Insight Partners notifies staff and limited partners after data breach | TechCrunch

fromIT Pro
1 month ago
Information security

The Allianz Life data breach just took a huge turn for the worse

#ransomware
fromTheregister
4 weeks ago

FileFix attacks trick victims into executing infostealers

FileFix is a variation on ClickFix, a newish type of social-engineering technique first spotted last year that tricks victims into running malware on their own devices using fake fixes and login prompts. These types of attacks have surged by 517 percent in the past six months, according to researchers at antivirus and internet security software vendor ESET, making them second most common attack vector behind phishing.
Information security
Information security
fromCyberScoop
1 month ago

The npm incident frightened everyone, but ended up being nothing to fret about

A social-engineering compromise of an npm maintainer briefly poisoned 18 popular packages, but quick detection and response limited the supply-chain attack’s impact and damage.
Artificial intelligence
fromWIRED
1 month ago

Psychological Tricks Can Get AI to Break the Rules

Human-style persuasion techniques can often cause some LLMs to violate system prompts and comply with objectionable requests.
Information security
fromTheregister
1 month ago

Double trouble with CastleRAT malware, now in C and Python

TAG-150 created CastleRAT in Python and C, using ClickFix social engineering to trick users into pasting commands that enable remote access and payload delivery.
Information security
fromIT Pro
1 month ago

Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacks

Stealerium infostealer has surged, exfiltrating credentials, crypto wallets, Wi‑Fi and VPN data via multiple channels and leveraging social‑engineering lures for global campaigns.
Information security
fromThe Hacker News
1 month ago

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

Lazarus Group used a Telegram social-engineering campaign to deliver PondRAT, ThemeForestRAT, and RemotePE, enabling credential theft and network discovery in a DeFi organization.
History
fromPsychology Today
1 month ago

The Man Who Sold a Fake Country

Con artists exploit timeless human psychology—scarcity, forged credibility, and persuasive storytelling—to sell false opportunities across eras, from 19th-century Poyais to modern online scams.
fromThe Hacker News
1 month ago

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Instead of sending unsolicited phishing emails, attackers initiate contact through a company's public 'Contact Us' form, tricking employees into starting the conversation. What follows are weeks of professional, credible exchanges, often sealed with fake NDAs, before delivering a weaponized ZIP file carrying MixShell, a stealthy in-memory malware.
Information security
Information security
fromIT Pro
1 month ago

Has password hygiene ever improved?

Passwords are fundamentally insecure and human-dependent, enabling breaches that can topple organizations; static credentials must be eliminated in favor of stronger authentication.
Information security
fromTheregister
1 month ago

'Impersonation as a service' next big thing in cybercrime

Demand for English-language social engineering skills has surged, enabling impersonation-as-a-service operations that facilitate Salesforce intrusions and financially motivated attacks.
fromThe Hacker News
2 months ago

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

"Like a real-world virus variant, this new 'ClickFix' strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web just last year."
Privacy professionals
#malware
Apple
fromSecuritymagazine
3 months ago

New ZuRu Malware Variant Targeting Developers

ZuRu is a trojan malware for macOS that spreads through trojanized legitimate software and relies on social engineering tactics.
Privacy professionals
fromSecuritymagazine
3 months ago

Security Leaders Discuss Marco Rubio AI Imposter

AI-generated impersonation attempts pose serious risks to information security and can bypass human caution.
Generative AI tools have reached a level of sophistication that allows for credible impersonations.
#cybercrime
fromBusiness Matters
3 months ago
EU data protection

British teens arrested over 300m Marks & Spencer hacking spree

Four individuals, including a 17-year-old and a 20-year-old, were arrested for cybercrimes linked to attacks on major retailers.
fromTheregister
4 months ago
Growth hacking

Crooks posing as job hunters to malware-infect recruiters

Cybercriminals are targeting recruiters by posing as job seekers on LinkedIn and Indeed, delivering malware via fake resume portfolios.
Mobile UX
fromSecuritymagazine
4 months ago

2024 Saw Over 4 Million Mobile Social Engineering Attacks

Mobile devices are increasingly susceptible to social engineering attacks, particularly with rising phishing interactions on iOS.
Information security
fromIT Pro
4 months ago

Disinformation security is a major concern for cyber teams - here's what your business can do

Disinformation, while not new, poses a significant cybersecurity threat to enterprises due to technological advancements.
Businesses must manage vulnerabilities related to public trust and online presence in an increasingly competitive landscape.
[ Load more ]