The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. The comments we received were uniformly insightful and helpful.

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. A common characteristic among the vendor breaches reported in 2024 is the exploitation of weak security protocols.

Risk 81

Risk Healthcare Education Cybersecurity 81

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024.

Encryption 129

Encryption Password Management Cryptocurrency Social Engineering 129

Security Affairs

OCTOBER 30, 2024

“On October 22, 2024, Microsoft identified a spear-phishing campaign in which Midnight Blizzard sent phishing emails to thousands of users in over 100 organizations. The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust.”

Phishing 134

Phishing Social Engineering Government Hacking 134

Duo's Security Blog

MAY 28, 2025

Sixty percent of all Cisco Talos IR cases in 2024 saw identity as a key component of reported attacks. The Duo difference: End-to-end phishing resistance For too long, defenders have focused solely on login protection with multi-factor authentication (MFA). Identity is under siege. This creates a real identity crisis.

Social Engineering 124

Social Engineering Engineering Phishing Marketing 124

Krebs on Security

APRIL 9, 2024

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

DNS 319

DNS Social Engineering Malware Media 319

Security Affairs

SEPTEMBER 11, 2024

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. ” The four actively exploited zero-day vulnerabilities are: CVE-2024-38014 – Windows Installer Elevation of Privilege Vulnerability. However, we at the ZDI think that number should be five.”

Social Engineering 138

Social Engineering IoT Engineering Authentication 138

SecureList

DECEMBER 9, 2024

As part of Kaspersky Security Bulletin 2024, our “Story of the Year” centers on these pressing issues. We’ll begin by revisiting notable supply chain incidents from 2024, and then explore potential scenarios of more damaging cases and the ways we prepare for them. Let’s dive in! Why does it matter? The Polyfill.io

Internet 114

Internet Internet Risk Social Engineering 114

eSecurity Planet

OCTOBER 22, 2024

ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues.

Scams 123

Scams Malware Phishing Social Engineering 123

Webroot

MARCH 3, 2025

The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Organizations face rising risks of AI-driven social engineering and personal device breaches. As compute costs decrease, autonomous operations and AI-discovered zero-day exploits loom.

Risk 173

Risk Threat Detection Technology Phishing 173

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page.

Social Engineering 359

Social Engineering Mobile Passwords Cybercrime 359

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing VPN 126

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. In January 2024, U.S.

Hacking 345

Hacking Cybercrime Phishing Passwords 345

Thales Cloud Protection & Licensing

MAY 7, 2025

Traditional Multi-Factor Authentication (MFA), while a step up from password-only security, is no longer enough to fight modern phishing schemes. Todays threat actors use AI to craft compelling phishing campaigns and advanced social engineering tactics to slip past MFA, resulting in credential theft and account takeovers.

Phishing 71

Phishing Authentication Passwords Social Engineering 71

eSecurity Planet

FEBRUARY 26, 2025

Zimperium found that mishing activity peaked in August 2024, with over 1,000 daily attacks recorded. As businesses rely more on mobile devices for authentication and communication, these evolving threats are slipping past conventional security defenses, putting corporate networks at greater risk.

Phishing 87

Phishing Mobile Social Engineering Data breaches 87

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone. .” So we wholeheartedly agree with Amazon on this.

Authentication 136

Authentication Passwords Social Engineering Accountability 136

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack.

Data breaches 143

Data breaches Social Engineering Engineering Authentication 143

SecureWorld News

FEBRUARY 20, 2025

He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise. Stolen credentials remain the top breach factor, responsible for 24% of incidents in 2024. Develop and test ransomware response plans.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

SecureList

JANUARY 25, 2024

Australia has also unveiled a national strategy for digital identity resilience, aiming for mainstream use in 2024. We expected organizations to try to reduce the impact of the human factor on data security, so as to bring down the number of insider threats and social engineering attacks. This is no longer adequate in 2024.

Passwords 127

Passwords Authentication Technology Insurance 127

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Top Techniques: A Closer Look Phishing Techniques: The Evergreen Threat in Cybersecurity Initial access methods were the most common MITRE ATT&CK techniques between May and July 2024.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

eSecurity Planet

MARCH 14, 2025

First detected in December 2024 and persisting into early 2025, the threat targets hospitality organizations across North America, Oceania, Asia, and Europe. Implement phishing-resistant authentication methods and multi-factor authentication (MFA) across all access points.

Phishing 65

Phishing Malware Social Engineering Authentication 65

SecureList

MAY 28, 2025

The threat actors behind Zanubis continue to refine its code adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. It copied both the name and icon of the legitimate app, making it appear authentic to unsuspecting users.

Banking 111

Banking Malware Energy and Utilities Encryption 111

IT Security Guru

DECEMBER 20, 2023

Many of the applications that historically integrated with the on-premise corporate directory for Single Sign-On will now require manual, password-based authentication, increasing the burden on users and also further extending the attack surface for malicious actors. AI will dominate the cyber landscape in 2024 in ways few people can imagine.

Cybersecurity 142

Cybersecurity Phishing Scams Cloud Migration 142

Duo's Security Blog

MAY 15, 2024

We’ve heard some version of this phrase many times over, whether it pertains to a bad actor physically breaking into a secured building or socially engineering an unsuspecting victim to provide access to protected information. “The best way to break in is through the front door.” a password) and something you have (i.e.,

Authentication 124

Authentication Social Engineering Passwords Engineering 124

Malwarebytes

MAY 8, 2025

Beside stealing usernames, passwords and circumventing two factor authentication, we identified malicious code capable of performing additional nefarious actions unbeknownst to the victim. After entering their credentials, victims are social engineered by the crooks to type a security code that was sent to their email address.

Phishing 101

Phishing Authentication Engineering Social Engineering 101

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. With retail sales during 2024 set to grow to between $5.23 trillion and $5.28 trillion and $5.28

Retail 71

Retail Cyber Risk Risk DDOS 71

Security Boulevard

JANUARY 23, 2024

On January 22, 2024 Fortra posted a security advisory for their GoAnywhere MFT product. This advisory details an authentication bypass vulnerability, CVE-2024-0204, that allows an unauthenticated attacker to create an […] The post CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive appeared first on Horizon3.ai.

Authentication 69

Authentication Social Engineering Engineering 69

Security Affairs

MAY 21, 2024

The most severe vulnerability is a flaw tracked as CVE-2024-27130. The WatchTowr Labs researchers also published technical details of the flaw CVE-2024-27130 and a proof of concept (PoC) exploit code. The WatchTowr Labs researchers also published technical details of the flaw CVE-2024-27130 and a proof of concept (PoC) exploit code.

Authentication 141

Authentication Accountability Social Engineering Hacking 141

Digital Shadows

OCTOBER 23, 2024

Key Points In October 2024, ReliaQuest responded to an intrusion affecting a manufacturing sector customer. The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. Editor’s note: James Xiang and Hayden Evans contributed to this blog.

Social Engineering 122

Social Engineering Engineering Accountability Backups 122

Security Boulevard

JANUARY 2, 2024

This past year set a profound stage, from the advent of stringent cyber regulations to the convergence of generative AI, social engineering, and ransomware. Let's delve into the rewind of 2023, exploring five influential trends and threats that molded the cyberthreat landscape and are poised to resonate throughout enterprises in 2024.

CISO 104

CISO Social Engineering Architecture Ransomware 104

Digital Shadows

OCTOBER 14, 2024

in Q3 2024 compared to the previous quarter but remains 1.5% Meow” took fourth place in Q3 2024, shifting its tactics from data encryption to selling stolen data on cybercriminal forums and its own data-leak site. In the short term, we expect a gradual increase in ransomware incidents, peaking by Q4 2024. lower than in Q3 2023.

Ransomware 94

Ransomware Social Engineering Insurance Cyber Insurance 94

Malwarebytes

MARCH 19, 2024

For that reason, SIM swapping can be used to get around two-factor authentication (2FA) codes sent by SMS message. SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. Sentencing is scheduled to take place on July 16, 2024.

Social Engineering 143

Social Engineering Computers and Electronics Mobile Identity Theft 143

eSecurity Planet

OCTOBER 21, 2024

October 10, 2024 GitHub Flaw Allows Authentication Bypass Type of vulnerability: Improper verification of cryptographic signature. The problem: GitHub published a security update for Enterprise Server due to a high-severity vulnerability that allows an attacker to bypass SSO authentication. The flaw is tracked as CVE-2024-9487.

Technology 62

Technology Authentication Social Engineering Software 62

SecureList

MAY 7, 2024

Additionally, we take a close look at several noteworthy vulnerabilities discovered in Q1 2024. The number of newly registered CVEs, 2019 — 2024. The decline in 2024 is due to data being available for Q1 only ( download ) As the chart illustrates, the number of new vulnerabilities has been steadily increasing year over year.

Software 123

Software Internet Internet Social Engineering 123

SecureList

JANUARY 30, 2025

Introduction Since mid-2024, we’ve observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which we have named “Tria Stealer” after unique strings found in campaign samples.

Accountability 102

Accountability Malware Banking Phishing 102

Jane Frankland

FEBRUARY 7, 2025

According to Microsoft’s Digital Dfense Report 2024 , 37% of the 600 million attacks they face daily can be attributed to nation-state threat actors. For one, they often lack control over user access and authentication, leaving the door open for anyone to join group conversationsor worse, impersonate someone else.

Cyber Risk 130

Cyber Risk CISO Risk Encryption 130