Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024.

Encryption 116

Encryption Password Management Cryptocurrency Social Engineering 116

Krebs on Security

APRIL 9, 2024

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

DNS 315

DNS Social Engineering Malware Media 315

Thales Cloud Protection & Licensing

MAY 7, 2025

Traditional Multi-Factor Authentication (MFA), while a step up from password-only security, is no longer enough to fight modern phishing schemes. Todays threat actors use AI to craft compelling phishing campaigns and advanced social engineering tactics to slip past MFA, resulting in credential theft and account takeovers.

Phishing 71

Phishing Authentication Passwords Social Engineering 71

eSecurity Planet

OCTOBER 22, 2024

ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues.

Scams 123

Scams Malware Phishing Social Engineering 123

SecureList

DECEMBER 9, 2024

As part of Kaspersky Security Bulletin 2024, our “Story of the Year” centers on these pressing issues. We’ll begin by revisiting notable supply chain incidents from 2024, and then explore potential scenarios of more damaging cases and the ways we prepare for them. Let’s dive in! Why does it matter? The Polyfill.io

Internet 112

Internet Internet Risk Social Engineering 112

Webroot

MARCH 3, 2025

The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Organizations face rising risks of AI-driven social engineering and personal device breaches. As compute costs decrease, autonomous operations and AI-discovered zero-day exploits loom.

Risk 173

Risk Threat Detection Technology Phishing 173

Security Affairs

SEPTEMBER 11, 2024

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. ” The four actively exploited zero-day vulnerabilities are: CVE-2024-38014 – Windows Installer Elevation of Privilege Vulnerability. However, we at the ZDI think that number should be five.”

Social Engineering 128

Social Engineering IoT Engineering Authentication 128

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page.

Social Engineering 358

Social Engineering Mobile Passwords Cybercrime 358

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing VPN 126

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. In January 2024, U.S.

Hacking 343

Hacking Cybercrime Phishing Passwords 343

eSecurity Planet

FEBRUARY 26, 2025

Zimperium found that mishing activity peaked in August 2024, with over 1,000 daily attacks recorded. As businesses rely more on mobile devices for authentication and communication, these evolving threats are slipping past conventional security defenses, putting corporate networks at greater risk.

Phishing 87

Phishing Mobile Social Engineering Data breaches 87

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone. .” So we wholeheartedly agree with Amazon on this.

Authentication 135

Authentication Passwords Social Engineering Accountability 135

SecureWorld News

FEBRUARY 20, 2025

He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise. Stolen credentials remain the top breach factor, responsible for 24% of incidents in 2024. Develop and test ransomware response plans.

Ransomware 112

Ransomware IoT Encryption Social Engineering 112

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack.

Data breaches 140

Data breaches Social Engineering Engineering Authentication 140

SecureList

JANUARY 25, 2024

Australia has also unveiled a national strategy for digital identity resilience, aiming for mainstream use in 2024. We expected organizations to try to reduce the impact of the human factor on data security, so as to bring down the number of insider threats and social engineering attacks. This is no longer adequate in 2024.

Passwords 124

Passwords Authentication Technology Insurance 124

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Top Techniques: A Closer Look Phishing Techniques: The Evergreen Threat in Cybersecurity Initial access methods were the most common MITRE ATT&CK techniques between May and July 2024.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

eSecurity Planet

MARCH 14, 2025

First detected in December 2024 and persisting into early 2025, the threat targets hospitality organizations across North America, Oceania, Asia, and Europe. Implement phishing-resistant authentication methods and multi-factor authentication (MFA) across all access points.

Phishing 65

Phishing Malware Social Engineering Authentication 65

IT Security Guru

DECEMBER 20, 2023

Many of the applications that historically integrated with the on-premise corporate directory for Single Sign-On will now require manual, password-based authentication, increasing the burden on users and also further extending the attack surface for malicious actors. AI will dominate the cyber landscape in 2024 in ways few people can imagine.

Cybersecurity 142

Cybersecurity Phishing Scams Cloud Migration 142

Duo's Security Blog

MAY 15, 2024

We’ve heard some version of this phrase many times over, whether it pertains to a bad actor physically breaking into a secured building or socially engineering an unsuspecting victim to provide access to protected information. “The best way to break in is through the front door.” a password) and something you have (i.e.,

Authentication 124

Authentication Social Engineering Passwords Engineering 124

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. With retail sales during 2024 set to grow to between $5.23 trillion and $5.28 trillion and $5.28

Retail 71

Retail Cyber Risk Risk DDOS 71

Security Boulevard

JANUARY 23, 2024

On January 22, 2024 Fortra posted a security advisory for their GoAnywhere MFT product. This advisory details an authentication bypass vulnerability, CVE-2024-0204, that allows an unauthenticated attacker to create an […] The post CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive appeared first on Horizon3.ai.

Authentication 69

Authentication Social Engineering Engineering 69

Digital Shadows

OCTOBER 23, 2024

Key Points In October 2024, ReliaQuest responded to an intrusion affecting a manufacturing sector customer. The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. Editor’s note: James Xiang and Hayden Evans contributed to this blog.

Social Engineering 122

Social Engineering Engineering Accountability Backups 122

Security Boulevard

JANUARY 2, 2024

This past year set a profound stage, from the advent of stringent cyber regulations to the convergence of generative AI, social engineering, and ransomware. Let's delve into the rewind of 2023, exploring five influential trends and threats that molded the cyberthreat landscape and are poised to resonate throughout enterprises in 2024.

CISO 104

CISO Social Engineering Architecture Ransomware 104

Digital Shadows

OCTOBER 14, 2024

in Q3 2024 compared to the previous quarter but remains 1.5% Meow” took fourth place in Q3 2024, shifting its tactics from data encryption to selling stolen data on cybercriminal forums and its own data-leak site. In the short term, we expect a gradual increase in ransomware incidents, peaking by Q4 2024. lower than in Q3 2023.

Ransomware 94

Ransomware Social Engineering Insurance Cyber Insurance 94

Security Affairs

MAY 21, 2024

The most severe vulnerability is a flaw tracked as CVE-2024-27130. The WatchTowr Labs researchers also published technical details of the flaw CVE-2024-27130 and a proof of concept (PoC) exploit code. The WatchTowr Labs researchers also published technical details of the flaw CVE-2024-27130 and a proof of concept (PoC) exploit code.

Authentication 134

Authentication Accountability Social Engineering Hacking 134

Malwarebytes

MARCH 19, 2024

For that reason, SIM swapping can be used to get around two-factor authentication (2FA) codes sent by SMS message. SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. Sentencing is scheduled to take place on July 16, 2024.

Social Engineering 143

Social Engineering Computers and Electronics Mobile Identity Theft 143

Malwarebytes

MAY 8, 2025

Beside stealing usernames, passwords and circumventing two factor authentication, we identified malicious code capable of performing additional nefarious actions unbeknownst to the victim. After entering their credentials, victims are social engineered by the crooks to type a security code that was sent to their email address.

Phishing 80

Phishing Authentication Engineering Social Engineering 80

eSecurity Planet

OCTOBER 21, 2024

October 10, 2024 GitHub Flaw Allows Authentication Bypass Type of vulnerability: Improper verification of cryptographic signature. The problem: GitHub published a security update for Enterprise Server due to a high-severity vulnerability that allows an attacker to bypass SSO authentication. The flaw is tracked as CVE-2024-9487.

Technology 62

Technology Authentication Social Engineering Software 62

SecureList

JANUARY 30, 2025

Introduction Since mid-2024, we’ve observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which we have named “Tria Stealer” after unique strings found in campaign samples.

Accountability 101

Accountability Malware Banking Phishing 101

SecureList

MAY 7, 2024

Additionally, we take a close look at several noteworthy vulnerabilities discovered in Q1 2024. The number of newly registered CVEs, 2019 — 2024. The decline in 2024 is due to data being available for Q1 only ( download ) As the chart illustrates, the number of new vulnerabilities has been steadily increasing year over year.

Software 120

Software Internet Internet Social Engineering 120

Jane Frankland

FEBRUARY 7, 2025

According to Microsoft’s Digital Dfense Report 2024 , 37% of the 600 million attacks they face daily can be attributed to nation-state threat actors. For one, they often lack control over user access and authentication, leaving the door open for anyone to join group conversationsor worse, impersonate someone else.

Cyber Risk 130

Cyber Risk CISO Risk Encryption 130

Security Boulevard

JANUARY 22, 2025

During H2 2024 , credential-related vulnerabilities like weak or no passwords continued to be the most common entry point for attackers as shown [below], though the frequency decreased slightly through 2024. of observed incidents, a substantial increase from the approximately 13% observed in the first half of 2024.

Passwords 69

Passwords Social Engineering Cybersecurity Accountability 69

SecureWorld News

FEBRUARY 10, 2025

Throughout 2024, a wave of botnets were used to launch hundreds of targeted, high-scale DDoS attacks that crippled major organizations across Europe, North America, and Asia. Multi-factor authentication (MFA) is also a must to prevent unauthorized access from just a stolen password.

DDOS 68

DDOS Ransomware Authentication Phishing 68

Webroot

JUNE 2, 2022

But there are some good reasons for this trend: The global gaming market is booming—and is expected to reach $219 billion by 2024. Phishing and social engineering. Gaming is now an online social activity. If possible, enable two-factor authentication (2FA) on your gaming accounts as well. Account takeovers.

Cyber threats 128

Cyber threats Social Engineering Accountability Malware 128

Security Boulevard

JULY 14, 2024

In episode 338, we discuss the recent breach of the two-factor authentication provider Authy and its implications for users. We also explore a massive password list leak titled ‘Rock You 2024’ that has surfaced online. The post Authy Breach: What It Means for You, RockYou 2024 Password Leak appeared first on Security Boulevard.

Passwords 72

Passwords Authentication Social Engineering Data privacy 72

Identity IQ

JANUARY 11, 2024

New AI Scams to Look Out For in 2024 IdentityIQ Artificial intelligence (AI) has quickly reshaped many aspects of everyday life. Here are three new AI scams to look out for in 2024 as well as some tips to help protect yourself and stay prepared for the explosive development of AI.

Scams 98

Scams Artificial Intelligence Identity Theft Phishing 98