Security Affairs

AUGUST 18, 2024

The Mad Liberator ransomware group has been active since July 2024, it focuses on data exfiltration instead of data encryption. Mad Liberator employs social engineering techniques to gain access to the victim’s environment, specifically targeting organizations using remote access tools like Anydesk.

Social Engineering 145

Social Engineering Engineering Ransomware Cybercrime 145

SecureList

NOVEMBER 28, 2024

This is our latest roundup, covering activity we observed during Q3 2024. Earlier in 2024, a secure USB drive was found to be compromised and malicious code was injected into the access management software installed on the USB drive. After that, we did not observe any new activity related to this actor until mid-July 2024.

Malware 118

Malware Government Software Spyware 118

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 104

Energy and Utilities Ransomware Malware Government 104

Digital Shadows

OCTOBER 25, 2024

In October 2024, ReliaQuest responded to an alert for Impacket activity. During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” What Happened? Examples we have seen so far include: securityadminhelper.onmicrosoft[.]com

Social Engineering 128

Social Engineering Engineering Phishing Accountability 128

Security Affairs

DECEMBER 25, 2024

dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” ” reads the press release published by FBI. ” reads the press release published by FBI. BTC ($308M). .”

Cryptocurrency 123

Cryptocurrency Social Engineering Hacking Cybercrime 123

The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. The comments we received were uniformly insightful and helpful.

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Phishing 258

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. The healthcare sector has been particularly hard-hit, accounting for over 30% of the total breaches.

Risk 81

Risk Healthcare Education Cybersecurity 81

Webroot

MARCH 3, 2025

The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Organizations should implement domain monitoring, enforce DMARC policies, and train employees to recognize social engineering methods.

Insurance 65

Insurance Phishing Social Engineering Engineering 65

Duo's Security Blog

MAY 28, 2025

Sixty percent of all Cisco Talos IR cases in 2024 saw identity as a key component of reported attacks. AI significantly exacerbates the situation by amplifying the scale, speed and sophistication of account takeover attacks, enabling automated and highly adaptive social engineering techniques. Identity is under siege.

Social Engineering 126

Social Engineering Engineering Phishing Marketing 126

eSecurity Planet

OCTOBER 22, 2024

ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues.

Scams 123

Scams Malware Phishing Social Engineering 123

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. The Ministry of Human Resources and Emiratisation (MoHRE) has announced that December 2 and 3, 2024, will be official paid holidays for all private sector employees in the UAE.

Social Engineering 112

Social Engineering Phishing Banking DNS 112

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. In January 2024, U.S.

Cybercrime 111

Cybercrime Identity Theft Cryptocurrency Phishing 111

SecureList

OCTOBER 23, 2024

On May 13, 2024, our consumer-grade product Kaspersky Total Security detected a new Manuscrypt infection on the personal computer of a person living in Russia. According to the blog, Microsoft had also been tracking the campaign and associated websites since February 2024.

Engineering 145

Engineering Accountability Social Engineering Cryptocurrency 145

SecureList

JANUARY 30, 2025

Introduction Since mid-2024, we’ve observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which we have named “Tria Stealer” after unique strings found in campaign samples.

Accountability 100

Accountability Malware Banking Phishing 100

SecureWorld News

FEBRUARY 20, 2025

He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise. Stolen credentials remain the top breach factor, responsible for 24% of incidents in 2024. Develop and test ransomware response plans.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

BH Consulting

NOVEMBER 14, 2024

There was no doubting the one topic on almost everyone’s minds at IRISSCON 2024: AI. Widely considered one of the industry’s leading sources of security research, the 2024 edition found that ransomware and extortion made up 32% of incidents. Many of these attacks are preventable, he added.

Artificial Intelligence 64

Artificial Intelligence Ransomware Social Engineering Cybersecurity 64

eSecurity Planet

MAY 16, 2025

The stolen information was then used in social engineering scams that tricked users into giving away their crypto. These insiders abused their access to customer support systems to steal the account data for a small subset of customers, Coinbase said in a blog post. Masked Social Security numbers (last four digits).

Social Engineering 70

Social Engineering Scams Accountability Engineering 70

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. In mid-January 2024, several Leaked[.]cx Twilio disclosed in Aug. According to an Aug.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Security Affairs

MARCH 10, 2025

Using this social engineering trick, threats like stealers, RATs, Trojans, and crypto miners can persist undetected. A Telegram channel and a popular YouTube account with 340,000 subscribers also spread the malware. By December 2024, reports emerged of further miner-infected versions spreading via Telegram and YouTube.

Cryptocurrency 92

Cryptocurrency Malware Social Engineering Antivirus 92

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Privacy Compliance: By 2024, 40% of privacy tools will rely on AI, highlighting its expanding role in ensuring data privacy and meeting regulations. RaaS usage is expected to increase by 25% in 2024.

Social Engineering 142

Social Engineering Cyber Attacks Cyber Insurance IoT 142

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing Manufacturing 126

Security Affairs

JANUARY 22, 2025

Sophos researchers started investigating two distinct clusters of activity, tracked as STAC5143 and STAC5777, in response to customer ransomware attacks in November and December 2024. Sophos first observed a STAC5143 attack in November 2024, it began with spam emails followed by a Teams call from an account named “Help Desk Manager.”

Ransomware 98

Ransomware Malware Social Engineering Phishing 98

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Cloud services alerts increased by 20% due to rising cloud account usage, while malicious file alerts in phishing attacks remain high, exploiting users’ tendencies to open files.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

SecureWorld News

JUNE 9, 2025

Additionally, a distributed workforce, ranging from remote maintenance technicians to cabin crews, multiplies entry points for social-engineering tactics like phishing. Aircraft themselves are nodes on data networks, constantly transmitting telemetry, engine performance metrics, and passenger connectivity data.

Cybersecurity 115

Cybersecurity Social Engineering Computers and Electronics Risk 115

The Last Watchdog

APRIL 2, 2024

It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering. Related: AI makes scam email look real Fresh evidence comes from Mimecast’s “The State of Email and Collaboration Security” 2024 report.

Social Engineering 211

Social Engineering Technology Accountability Engineering 211

Hacker's King

JANUARY 5, 2025

With this accessibility comes the critical issue of fake account detection. Cybercriminals exploit social platforms by creating fake profiles to deceive unsuspecting users. As our digital interactions grow, effective measures for fake account detection become essential to protect our online presence and maintain a safer environment.

Accountability 52

Accountability Authentication Scams Cybercrime 52

SecureList

DECEMBER 9, 2024

As part of Kaspersky Security Bulletin 2024, our “Story of the Year” centers on these pressing issues. We’ll begin by revisiting notable supply chain incidents from 2024, and then explore potential scenarios of more damaging cases and the ways we prepare for them. Let’s dive in! Why does it matter? The Polyfill.io

Internet 111

Internet Internet Risk Social Engineering 111

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Organizations face rising risks of AI-driven social engineering and personal device breaches. As compute costs decrease, autonomous operations and AI-discovered zero-day exploits loom.

Risk 173

Risk Threat Detection Technology Phishing 173

SecureWorld News

MAY 9, 2025

The method, known as "ClickFix," leverages social engineering to bypass traditional email-based defenses. The LOSTKEYS malware shows how attackers are getting smarter at tricking people and sneaking past basic security tools, especially by using fake websites and social engineering to get users to run harmful scripts," said J.

Malware 83

Malware Social Engineering Government Engineering 83

Security Affairs

APRIL 15, 2024

The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack. Then they used the access to download a set of MFA SMS message logs belonging to customers’ Duo accounts. date and time of the message, type of message, etc.).”

Data breaches 141

Data breaches Social Engineering Authentication Engineering 141

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K. In January 2024, U.S.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Digital Shadows

OCTOBER 23, 2024

Key Points In October 2024, ReliaQuest responded to an intrusion affecting a manufacturing sector customer. The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. We identified “Scattered Spider” to be behind the incident.

Social Engineering 122

Social Engineering Accountability Engineering Backups 122

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. With retail sales during 2024 set to grow to between $5.23 trillion and $5.28 trillion and $5.28

Retail 71

Retail Cyber Risk Risk DDOS 71

SecureList

APRIL 24, 2024

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. The backdoor code was inserted in February and March 2024, mostly by Jia Cheong Tan, likely a fictitious identity. It’s highly recommended reading. It’s highly recommended reading.

Social Engineering 141

Social Engineering Engineering Accountability VPN 141

IT Security Guru

DECEMBER 20, 2023

Foundational controls must also take into account complex supply chains, which have the ability to impact data. Thomas McCarthy, CEO of OSP Cyber Academy : AI will be weaponised by attackers and defenders “If 2023 was the year that tech companies revolutionised AI, 2024 will be the year attackers weaponise it.

Cybersecurity 142

Cybersecurity Phishing Scams Cloud Migration 142

Krebs on Security

APRIL 20, 2023

In many cases, the phony profiles spoofed chief information security officers at major corporations , and some attracted quite a few connections before their accounts were terminated. which owns LinkedIn, said in September 2022 that it had detected a wide range of social engineering campaigns using a proliferation of phony LinkedIn accounts.

Malware 331

Malware Software Technology Accountability 331