2014, Phishing and Social Engineering - Cyber Security Informer

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

SecureWorld News

APRIL 22, 2025

Victims are sent unsolicited invitations to join Zoom calls, often via links in phishing emails or messages. According to Security Alliance's findings, the campaign relied on social engineering and Zoom's remote control feature to infect targets with malware. billion hack of the Bybit exchange in February 2025.

Cryptocurrency

Cryptocurrency Social Engineering Cybercrime Engineering

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings. .

Cryptocurrency

Cryptocurrency Financial Services Banking Government

Hackers use overlay screens on legitimate sites to steal Outlook credentials

Security Affairs

SEPTEMBER 5, 2020

Experts spotted a phishing campaign that employees overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the victims. Researchers from Cofense discovered a phishing campaign that uses overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the targets.

Social Engineering

Social Engineering Phishing Engineering Advertising

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide. . PerSwaysion is a highly-targeted phishing campaign. New round of phishing attempts leveraging current victim’s account usually takes less than 24 hours.

Phishing

Phishing Accountability Financial Services Cloud Migration

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey. Pierluigi Paganini.

Phishing

Phishing Social Engineering Malware Advertising

Privacy Roundup: Week 3 of Year 2025

Security Boulevard

JANUARY 20, 2025

Successful exploitation requires social engineering users into manipulating a specially crafted file. Phishing and Scams Covers popular phishing schemes affecting end users - smishing, vishing, and any new scam/phish. These probably don't affect most users reading this. CVE-2025-21308.

Surveillance

Surveillance Malware Data breaches Scams

ZINC Hackers Leverage Open-source Software to Lure IT Pros

eSecurity Planet

OCTOBER 3, 2022

PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer have been backdoored to perform a wide range of social engineering campaigns that started in April 2022. They used LinkedIn to connect with the victims and gain their trust. Also read: How Hackers Evade Detection.

Software

Software Social Engineering Engineering Phishing

Bitcoin scammers phish for wallet recovery codes on Twitter

Malwarebytes

APRIL 28, 2021

The victim is typically sent to a phishing page where accounts, payment details, identities, or other things can be stolen. We first observed the technique used on gamers back in 2014, and it eventually branched out into bank phishing. This time around, it’s being used to bag bitcoin. Shall we take a look? Emptying your wallet.

Phishing

Phishing Cryptocurrency Accountability Scams

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

Voice phishing is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering VPN Phishing Authentication

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

The Last Watchdog

AUGUST 18, 2021

Norton got ‘ demergered ’ from Symantec in 2014 and then acquired LifeLock for $2.3 In addition, even simple training or quizzes on how to spot a phishing attack will help individuals to avoid being caught up in a scam or a potential attack. A lot of water has flowed under the bridge since then. billion in 2016, for instance.

Antivirus

Antivirus Marketing Identity Theft Social Engineering

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

The emails provide updates on the Coronavirus outbreak, it includes stats on the epidemic and contains an email of corona-virus@caramail.com that is likely used for phishing purposes. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information. Pierluigi Paganini.

Malware

Malware Scams Social Engineering Phishing

North Korea’s Lazarus compromised dozens of organizations in Israel

Security Affairs

AUGUST 14, 2020

The Lazarus APT is linked to North Korea, the activity of the Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Attackers sent to the victims weaponized spear-phishing messages using a malicious attachment. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cyber Attacks

Cyber Attacks Social Engineering Advertising Malware

350 million decrypted email addresses left exposed on an unsecured server

Security Affairs

AUGUST 27, 2020

Here are some examples of how potential attackers can use the data found in the unsecured Amazon S3 bucket against the owners of the exposed email addresses: Spamming 350 million email IDs Carrying out phishing attacks Brute-forcing the passwords of the email accounts. Watch out for potential spam messages and phishing emails.

Social Engineering

Social Engineering Passwords Marketing Phishing

Experts disclose security flaws in Oracle’s iPlanet Web Server

Security Affairs

MAY 11, 2020

” The second issue, tracked as CVE-2020-9314 , could be exploited to inject external images which can be used for phishing and social engineering attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Phishing Advertising Encryption

Reading Mandiant M-Trends 2023

Anton on Security

APRIL 20, 2023

Phishing returned as the second most utilized vector , representing 22 percent of intrusions as compared to 12 percent in 2021.” “Of Furthermore, these adversaries demonstrated a willingness to get personal with their targets, bullying and threatening many of them. ”

Social Engineering

Social Engineering Ransomware Cybercrime Cyber Attacks

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The CryptoLocker wave went into a decline in June 2014 as a result of the so-called Operation Tovar , an initiative orchestrated by law enforcement agencies from multiple countries. The newsmaking emergence of CTB-Locker in 2014 and the CryptoWall ransomware in 2015 fully demonstrated this multi-pronged shift.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

Security Affairs

MAY 21, 2020

The Chafer APT group has distributed data stealer malware since at least mid-2014, it was focused on surveillance operations and the tracking of individuals. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Government

Government Social Engineering Hacking Advertising

Charming Kitten Campaign involved new impersonation methods

Security Affairs

OCTOBER 13, 2019

Iran-linked APT group Charming Kitten employed new spear-phishing methods in attacks carried out between August and September. As part of the recently observed campaign, the state-sponsored hackers used three different spear-phishing methods: Ending an email message leveraging social engineering methods.

Media

Media Social Engineering Phishing Advertising

Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

Security Affairs

OCTOBER 18, 2018

In most cases, cybercriminals, while attacking cryptocurrency exchanges, use traditional tools and methods, such as spear phishing, social engineering, distribution of malware, and website defacement. Spear phishing remains the major vector of attack on corporate networks. Crypto exchanges: in the footsteps of Lazarus .

Cyber Attacks

Cyber Attacks Cryptocurrency Phishing Social Engineering

Charming Kitten APT is targeting Iranian dissidents in Germany

Security Affairs

AUGUST 10, 2023

The Charming Kitten group made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. The cyber spies used social media to gather information on the targets and as a vector for social engineering attacks.

Social Engineering

Social Engineering Engineering Media Cyber Attacks

Emotet is back, it spreads reusing stolen email content

Security Affairs

SEPTEMBER 19, 2019

Emotet is back, its operators leverage a recently introduced spear-phishing technique to deliver their malware, they are hijacking legitimate email conversations. The operators are hijacking legitimate email threads as part of a social engineering attack. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Malware Advertising Engineering

Reading the ENISA Threat Landscape Report 2018

Security Affairs

JANUARY 30, 2019

Nation-state hacking reduced the use of complex malware and appears to go towards low profile social engineering attacks. The main trends emerged in the 2018’s cyberthreat landscape are: Mail and phishing messages have become the primary malware infection vector. ” reads the ENISA Threat Landscape Report 2018.

Cyber threats

Cyber threats IoT Social Engineering Advertising

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

DECEMBER 3, 2018

In 2014, a JP Morgan Chase hack exposed 76 million households. The attackers apparently had unauthorized access since 2014 – a massive window of opportunity to explore internal servers, escalate privileges, moves laterally to other systems, and plot a careful exfiltration strategy before being discovered.

Hacking

Hacking eCommerce Authentication Social Engineering

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The main risks enumerated in the report are: Creating malicious DNS records; Obtaining SSL certificates; Transparent Proxying for traffic interception; To prevent phishing attacks, NCSC recommends using unique, strong passwords, and enabling multi-factor authentication when the option is available. gov ) to prevent DNS hijacking attacks.

DNS

DNS Social Engineering Accountability Advertising

T-Mobile Store Owner Made $25M Illegally Unlocking Cellphones

SecureWorld News

AUGUST 4, 2022

Department of Justice (DOJ) says Argishti Khudaverdyan, 44, was found guilty of 14 federal criminal charges for the scheme he ran from 2014 to 2019 that netted $25 million in criminal proceeds. The former store owner used various phishing techniques to steal T-Mobile employee credentials. How was he unlocking these phones?

Mobile

Mobile Identity Theft Social Engineering Retail

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

The unknown intruders gained access to internal Mailchimp tools and customer data by social engineering employees at the company, and then started sending targeted phishing attacks to owners of Trezor hardware cryptocurrency wallets. It emerges that email marketing giant Mailchimp got hacked. In 2016, while the U.S.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Interview with Dr. Arun Vishwanath on the Latest Cybersecurity Attacks

CyberSecurity Insiders

JUNE 3, 2021

This breach, like every major ransomware attack, was likely because of spear phishing, where someone either received the malware via an emailed attachment or clicked on a link that took them to a website that hosted it. This was how the Sony Pictures ransomware hack also took place in late 2014 and since.

Cybersecurity

Cybersecurity Energy and Utilities Social Engineering Phishing

How Hackers Access Direct Deposit Paycheck — And What to Do About It

Security Affairs

MAY 24, 2019

Hackers Do a Payroll Diversion Through Phishing. A direct deposit paycheck hack involves getting the necessary details from the victim through a phishing scheme. This method hackers use likely won’t come as a surprise when you consider a few recent statistics about phishing. Plus, in 83.9% Pierluigi Paganini.

Phishing

Phishing Accountability Banking Social Engineering

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Security Affairs

APRIL 25, 2019

Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware

Firmware Social Engineering Advertising Malware

More than 737 million medical radiological images found on open PACS servers

Security Affairs

SEPTEMBER 18, 2019

Identity Theft

Identity Theft Social Engineering Healthcare Internet

Security Affairs newsletter Round 291

Security Affairs

NOVEMBER 29, 2020

Pierluigi Paganini. SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 291 appeared first on Security Affairs.

Data breaches

Data breaches Social Engineering Ransomware Malware

New TA2101 threat actor poses as government agencies to distribute malware

Security Affairs

NOVEMBER 15, 2019

The phishing campaigns delivering malicious attachments were observed since the end of October. “The increasing sophistication of these lures mirrors improved social engineering and a focus on effectiveness over quantity appearing in many campaigns globally across the email threat landscape.” Pierluigi Paganini.

Government

Government Malware Social Engineering Banking

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Security Affairs

FEBRUARY 26, 2020

The proof is the leverage of the current physical threat, the CoronaVirus (COVID-19), as a social engineering trick to infect the cyber world. It is not new for cyber-crooks to exploit social phenomena to spread malware in order to maximize the impact and dissemination of a malicious campaign. Technical Analysis.

Cyber Attacks

Cyber Attacks Malware Social Engineering Advertising

Rent a hacker: Group-IB uncovers corporate espionage group RedCurl

Security Affairs

AUGUST 13, 2020

As with all subsequent campaigns, the initial compromise vector was a well-written phishing email. The spear-phishing email content was always carefully drafted. If RedCurl fails to obtain the data required, it uses a Windows PowerShell script that displays a phishing pop-up Microsoft Outlook window to the victim.

Phishing

Phishing Banking Social Engineering Advertising

5 Cybersecurity Trends in the Professional Services Sector

Security Affairs

SEPTEMBER 21, 2019

Employee Training on Phishing and Digital Security. Hackers aren’t only coders — they’re also social engineers. One in 99 emails is a phishing attack , a fraudulent email designed to look legitimate so an employee will click on a malicious link inside or reply with privileged information. Pierluigi Paganini.

Cybersecurity

Cybersecurity Data breaches Artificial Intelligence Phishing

Beware: Fake IRS tax email delivers Emotet malware

Malwarebytes

MARCH 22, 2023

Emotet has been around since 2014. Avoiding tax scams Here are some of the ways you can outsmart tax fraudsters and keep one step ahead of the phishing, malware, and social engineering attacks which come around every year during tax season. Enabling this will result in Emotet being downloaded onto the system. File early.

Malware

Malware Scams Social Engineering Banking

Iran-linked APT42 is behind over 30 espionage attacks

Security Affairs

SEPTEMBER 11, 2022

APT42’s TTPs overlap with another Iran-linked APT group tracked as APT35 (aka ‘ Charming Kitten ‘, ‘ Phosphorus ‘, Newscaster , and Ajax Security Team) which made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media.

Surveillance

Surveillance Social Engineering Phishing Government

Kaspersky warns of a new Loki Bot campaign target corporate mailboxes

Security Affairs

SEPTEMBER 2, 2018

Loki Bot operators employ various social engineering technique to trick victims into opening weaponized attachments that would deploy the Loki Bot stealer. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Cryptocurrency Advertising Malware

Major coordinated disinformation campaign hit the Lithuanian Defense

Security Affairs

APRIL 14, 2019

The attack started on the night of April 10, threat actors launched a spear phishing campaign from an e-mail address that pretended to be sent from an employee of the Ministry of Defense. Security Center has confirmed it is a typical social engineering attack using spoofed email accounts, it also attributed the attack to a foreign government.

Cyber Attacks

Cyber Attacks Media Social Engineering Advertising

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

Security Affairs

DECEMBER 12, 2024

The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related to Ukrainian affairs, since October 2021. Gamaredon has been launching cyber-espionage campaigns on Ukraine since at least 2014. These are the first known mobile malware families linked to the Russian APT.

Mobile

Mobile Malware Surveillance Social Engineering

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Security Affairs

OCTOBER 10, 2018

They were helped in one of their attacks by members of the group Anunak , which had not conducted at attack of this kind since 2014. Attacks on bank customers: The decline of Android Trojans and the triumph of phishing. Using web phishing, criminals have managed to steal $3.7 They account for 80% of all financial phishing sites.

Cyber Attacks

Cyber Attacks Banking Cyber threats Phishing

Brazilian trojan banker is targeting Portuguese users using browser overlay

Security Affairs

MAY 7, 2020

At least since the year of 2014 that new variants have been observed, with minor changes, and with the objective of collecting bank details of the victims. The success of malicious campaigns always depends on the starting point of infection: social engineering. The modus operandi of this piece of malware is not new in Portugal.

Banking

Banking Malware Phishing Advertising

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Krebs on Security

OCTOBER 25, 2018

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. RT: As we started getting more and more people involved, we realized BEC was much broader than just phishing emails.

Scams

Scams Accountability Media Banking

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

The Last Watchdog

OCTOBER 5, 2023

I held this position from 2000 through 2014, during which time Windows emerged as a prime target for both precocious script kiddies and emerging criminal hacking rings. Erin: What are some of the most common social engineering tactics that cybercriminals use? What drew you to this field?

Cyber threats

Cyber threats Cyber Insurance Threat Detection Cybersecurity

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

U.S. Indicts North Korean Hackers in Theft of $200 Million

Trending Sources

Hackers use overlay screens on legitimate sites to steal Outlook credentials

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Privacy Roundup: Week 3 of Year 2025

ZINC Hackers Leverage Open-source Software to Lure IT Pros

Bitcoin scammers phish for wallet recovery codes on Twitter

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

New Coronavirus-themed malspam campaign delivers FormBook Malware

North Korea’s Lazarus compromised dozens of organizations in Israel

350 million decrypted email addresses left exposed on an unsecured server

Experts disclose security flaws in Oracle’s iPlanet Web Server

Reading Mandiant M-Trends 2023

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

Charming Kitten Campaign involved new impersonation methods

Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

Charming Kitten APT is targeting Iranian dissidents in Germany

Emotet is back, it spreads reusing stolen email content

Reading the ENISA Threat Landscape Report 2018

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

NCSC report warns of DNS Hijacking Attacks

T-Mobile Store Owner Made $25M Illegally Unlocking Cellphones

Happy 13th Birthday, KrebsOnSecurity!

Interview with Dr. Arun Vishwanath on the Latest Cybersecurity Attacks

How Hackers Access Direct Deposit Paycheck — And What to Do About It

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

More than 737 million medical radiological images found on open PACS servers

Security Affairs newsletter Round 291

New TA2101 threat actor poses as government agencies to distribute malware

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Rent a hacker: Group-IB uncovers corporate espionage group RedCurl

5 Cybersecurity Trends in the Professional Services Sector

Beware: Fake IRS tax email delivers Emotet malware

Iran-linked APT42 is behind over 30 espionage attacks

Kaspersky warns of a new Loki Bot campaign target corporate mailboxes

Major coordinated disinformation campaign hit the Lithuanian Defense

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Brazilian trojan banker is targeting Portuguese users using browser overlay

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

Stay Connected