Security Boulevard

JUNE 27, 2025

APT35 CALANQUE Charming Kitten CharmingCypress ITG18 Mint Sandstorm (formerly Phosphorus) Newscaster TA453 Yellow Garuda Educated Manticore APT42* Agent Serpens UNC788 Social engineering campaigns targeting journalists and internet-facing applications *APT42 is a subcluster of APT35 and also poses as journalists in order to harvest credentials.

Accountability 58

Accountability Passwords Authentication Energy and Utilities 58

Security Affairs

JULY 21, 2025

The first MuddyWater campaign was observed in late 2017, when the APT group targeted entities in the Middle East. Experts named the campaign “MuddyWater” due to the confusion surrounding the attribution of a wave of attacks carried out between February and October 2017. ” concludes.

Spyware 72

Spyware Telecommunications Surveillance VPN 72

Krebs on Security

FEBRUARY 17, 2021

million in a 2018 ATM cash out scheme targeting a Pakistani bank; and a total of $112 million in virtual currencies stolen between 2017 and 2020 from cryptocurrency companies in Slovenia, Indonesia and New York. billion from banks and other victims worldwide. Investigators with the DOJ, U.S.

Cryptocurrency 356

Cryptocurrency Financial Services Banking Government 356

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 349

Hacking Social Engineering Phishing Scams 349

SecureWorld News

SEPTEMBER 9, 2021

Business email compromise scheme and social engineering. Social engineering—in person—was the next part of the scheme. Those are some of the highlights, now let's look at a few specifics. Prosecutors say Ghaleb Alaumary, a native of Ontario Canada, confessed to two specific conspiracies. million CAD (approximately $9.4

Social Engineering 96

Social Engineering Engineering Banking Cybercrime 96

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 364

Phishing VPN Social Engineering Media 364

Krebs on Security

APRIL 9, 2024

“This is the largest release from Microsoft this year and the largest since at least 2017,” said Dustin Childs , from Trend Micro’s Zero Day Initiative (ZDI). “As far as I can tell, it’s the largest Patch Tuesday release from Microsoft of all time.”

DNS 339

DNS Social Engineering Malware Media 339

The Last Watchdog

AUGUST 18, 2021

billion in 2017; Avast acquired AVG for $1.3 Also, one of the top ways attackers can target individuals is via social engineering or phishing. A lot of water has flowed under the bridge since then. Norton got ‘ demergered ’ from Symantec in 2014 and then acquired LifeLock for $2.3 billion in 2016, for instance.

Antivirus 223

Antivirus Marketing Identity Theft Social Engineering 223

CSO Magazine

MARCH 29, 2023

It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm.

Social Engineering 108

Social Engineering Cybercrime Government Banking 108

Security Affairs

MARCH 25, 2024

The campaign targeted Israeli employees of large multinational organizations with a pay-related social engineering lure. The first MuddyWater campaign was observed in late 2017, when the APT group targeted entities in the Middle East. The phishing campaign started on March 7 and continued through the week of March 11, 2024.

Phishing 141

Phishing Social Engineering Telecommunications Accountability 141

Security Boulevard

JANUARY 17, 2022

And the tactics look strikingly similar to 2017’s NotPetya hack by the Russian GRU. Ukraine is again under malware attack. The post ‘Russian’ Wiper Malware: ‘Prelude to war’ in Ukraine appeared first on Security Boulevard.

Malware 144

Malware Hacking Social Engineering Engineering 144

SecureWorld News

FEBRUARY 17, 2022

Security researchers from Proofpoint have tracked an APT that has targeted the aviation, aerospace, transportation, manufacturing, and defense industries dating back to 2017, and are calling it TA2541. Proofpoint has tracked this threat actor since 2017, and it has used consistent tactics, techniques, and procedures (TTPs) in that time.

Social Engineering 98

Social Engineering Phishing Engineering Manufacturing 98

Security Affairs

MARCH 8, 2020

The final payload is the FormBook information-stealing Trojan, a malware that was first spotted by researchers at FireEye in October 2017. Researchers explained that FormBook is easy to use, it is offered for sale in the criminal underground since July 2017, it was offered for $29 a week up to a $299 full-package “pro” deal.

Malware 145

Malware Scams Social Engineering Phishing 145

The Last Watchdog

MARCH 4, 2019

That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. One tried-and-true incursion method pivots off social engineering. Fast forward to 2017. Whoever was behind NotPetya, notably, leveraged the stolen NSA tools, to completely destroy global shipping company Maersk’s computer network in 2017.

Hacking 212

Hacking Energy and Utilities System Administration Accountability 212

Krebs on Security

AUGUST 12, 2020

Most mobile providers offer customers the option of placing a PIN or secret passphrase on their accounts to lessen the likelihood of such attacks succeeding, but these protections also usually fail when the attackers are social engineering some $12-an-hour employee at a mobile phone store.

Accountability 362

Accountability Mobile Banking Passwords 362

Security Affairs

APRIL 12, 2024

TA547 is a financially motivated threat actor that has been active since at least November 2017, it was observed conducting multiple campaigns to deliver a variety of Android and Windows malware, including DanaBot , Gootkit , Lumma stealer , NetSupport RAT , Ursnif , and ZLoader. . ” concludes the report.

Malware 137

Malware Social Engineering Retail Engineering 137

Security Affairs

SEPTEMBER 1, 2023

EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack. Targeted Phishing and Social Engineering: In some cases, attackers may employ targeted phishing emails or social engineering techniques to gain initial access to a system within the target network.

Social Engineering 135

Social Engineering Penetration Testing Engineering Malware 135

Security Boulevard

AUGUST 8, 2022

Since 2017, if you’ve invited anyone to a Slack workspace, your password has leaked. How could this have happened? The post Slack App Leaked Hashed User Passwords for 5 YEARS appeared first on Security Boulevard.

Passwords 124

Passwords Social Engineering Security Awareness Engineering 124

Security Affairs

FEBRUARY 25, 2022

According to FireEye, the campaign tracked as GhostWriter, has been ongoing since at least March 2017 and is aligned with Russian security interests. The phishing messages used a classic social engineering technique in the attempt to trick victims into providing their information to avoid the permanent suspension of their email accounts.

Phishing 125

Phishing Social Engineering Government Accountability 125

Security Affairs

OCTOBER 18, 2018

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018. In most cases, cybercriminals, while attacking cryptocurrency exchanges, use traditional tools and methods, such as spear phishing, social engineering, distribution of malware, and website defacement.

Cyber Attacks 110

Cyber Attacks Cryptocurrency Phishing Social Engineering 110

Security Affairs

FEBRUARY 27, 2021

In 2017, hackers stole some personal information belonging to T-Mobile customers by exploiting a well-known vulnerability. Such kind of info could be used by hackers in social engineering attack against T-Mobile’s customer support employees with the intent of stealing the victim’s phone number.

Mobile 137

Mobile Data breaches Telecommunications Identity Theft 137

Security Affairs

OCTOBER 3, 2021

TA544 is a financially motivated threat actor that is active at least since 2017, it focuses on attacks on banking users, it leverages banking malware and other payloads to target organizations worldwide, mainly in Italy and Japan. Upon enabling the macro, the infection process will start.

Malware 114

Malware Banking Social Engineering Retail 114

Security Affairs

AUGUST 14, 2020

The group has been linked to several major cyber attacks, including the 2014 Sony Pictures hack , several SWIFT banking attacks since 2016, and the 2017 WannaCry ransomware infection. In our estimation, the group operates dozens of researchers and intelligence personnel to maintain the campaign globally.”

Cyber Attacks 132

Cyber Attacks Social Engineering Advertising Manufacturing 132

NopSec

FEBRUARY 9, 2017

As we look forward into 2017 cyber attacks , information security teams have to think like hackers in order to stay ahead of the challenges to come. Based on 2016’s trends, we expect in 2017 to see more frequent and severe DDoS incidents. 2017 will see major advancements in technology. For a preview, read on.

Cybersecurity 40

Cybersecurity DDOS IoT Social Engineering 40

Security Affairs

NOVEMBER 26, 2021

APT-C-23 group is using Android spyware since at least 2017, most of the targets were in the Palestinian Territories. The malicious apps use social engineering to ask the user to grant advanced permissions.

Spyware 124

Spyware Social Engineering Surveillance Malware 124

SecureWorld News

AUGUST 4, 2022

which was a T-Mobile store, in Los Angeles in January 2017. Very often he would socially engineer employees at the IT help desk to get their credentials. Court documents show that Khudaverdyan and another business partner owned a store called Top Tier Solutions Inc., How was he unlocking these phones?

Mobile 98

Mobile Identity Theft Social Engineering Retail 98

Security Affairs

JUNE 20, 2020

The crooks exploited online tools and technology along with social engineering tactics to target the victims and steal usernames, passwords, and bank accounts. From September 2015 to June 2017, Olorunyomi and an accomplice engaged in a romance fraud scheme that resulted in losses of more than $1 million.

Scams 119

Scams Social Engineering Small Business Banking 119

Hot for Security

MARCH 29, 2021

That’s why email-validation services are an attractive target for cybercriminals looking for a fresh batch of email addresses for their next wave of social engineering attacks. The leaked data contained no highly sensitive information such as passwords, credit card numbers or Social Security numbers.

Data breaches 116

Data breaches Media Marketing Accountability 116

eSecurity Planet

SEPTEMBER 14, 2022

According to statistics from the FBI’s 2021 Internet Crime Report , complaints to the Internet Crime Complaint Center (IC3) have been rising since 2017. Then, we’ll go over the basic, foundational techniques most scammers find themselves using, such as social engineering and phishing. Social Tactics.

Social Engineering 120

Social Engineering Energy and Utilities Phishing Scams 120

Malwarebytes

MAY 7, 2021

As recently as 2017, a tiny amount of GMail users made use of its two-step options. A few password resets later, and one account used for spam is now multiple accounts spamming, sending infections, social engineering, the works. Maybe the uptake is still slow, and Google has decided enough is enough.

Passwords 123

Passwords Password Management Backups Accountability 123

The Last Watchdog

JUNE 21, 2020

The WannaCry and NotPetya outbreaks in May and June 2017, respectively, were the most devastating in history. CrySiS, also known as Dharma, has been around since 2016 and continues to be active at the time of this publication. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

DECEMBER 12, 2024

net, consistent with Gamaredons techniques since 2017. Lookout linked BoneSpy and PlainGnome to Gamaredon due to shared IP infrastructure, domain naming conventions, and the use of dynamic DNS services like ddns[.]net, These findings tie the mobile surveillance families to Gamaredons desktop campaigns.

Mobile 101

Mobile Malware Surveillance Social Engineering 101

Security Affairs

OCTOBER 10, 2018

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 In December 2017, Group-IB published the first report on this group: “MoneyTaker: 1.5

Cyber Attacks 108

Cyber Attacks Banking Cyber threats Phishing 108

Security Affairs

NOVEMBER 25, 2020

Since at least 2017, the prolific gang compromised at least 500,000 government and private sector companies in more than 150 countries. Business Email Compromise (BEC) is a type of email phishing attack that relies on social engineering. The investigation continues as some of the gang members remain at large.

Cybercrime 141

Cybercrime Phishing Social Engineering Spyware 141

Malwarebytes

JUNE 8, 2021

Money mules and spear phishing are thrown into the mix alongside social engineering and international theft of money, personal, and confidential information. The wire transfers listed range from $44,900 to $230,400 across most of 2017 to 2018. There’s folks looking after finances, and testing malware against CAV services.

Cybercrime 121

Cybercrime Malware Banking Phishing 121

SecureWorld News

JULY 13, 2023

Notably, the Equifax breach in 2017 was attributed to exploiting an unpatched vulnerability, highlighting the importance of timely updates and patches. Data Level: Encrypting sensitive data at rest and in transit is crucial to securing information.

Cybersecurity 98

Cybersecurity Data breaches Social Engineering Encryption 98

Security Affairs

MARCH 25, 2019

Besides being the Egyptian God associated with mummification and afterlife, Anubis is also an Android banking malware that has caused quite some trouble for over 300 financial institutions worldwide since 2017. Effectively, Anubis can be considered one of the most used Android banking Trojans since late 2017.

Malware 110

Malware Banking Advertising Social Engineering 110