SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 72

Phishing Banking Scams Mobile 72

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 98

Energy and Utilities Ransomware Malware Government 98

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024.

Encryption 120

Encryption Password Management Cryptocurrency Social Engineering 120

eSecurity Planet

OCTOBER 22, 2024

ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues.

Scams 123

Scams Malware Phishing Social Engineering 123

Security Affairs

APRIL 17, 2025

increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. Then the DLL launches a decoy by opening an msedge_proxy window that displays a legitimate cryptocurrency trading website. Microsoft warns of a malvertising campaign using Node.js components.

Social Engineering 119

Social Engineering Malware Cryptocurrency Engineering 119

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Organizations should implement domain monitoring, enforce DMARC policies, and train employees to recognize social engineering methods.

Insurance 65

Insurance Phishing Social Engineering Engineering 65

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Organizations face rising risks of AI-driven social engineering and personal device breaches. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities.

Risk 173

Risk Threat Detection Technology Phishing 173

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. ” reads the report published by Insikt Group.

Scams 88

Scams Media Cryptocurrency Cybercrime 88

SecureList

OCTOBER 23, 2024

On May 13, 2024, our consumer-grade product Kaspersky Total Security detected a new Manuscrypt infection on the personal computer of a person living in Russia. According to the blog, Microsoft had also been tracking the campaign and associated websites since February 2024.

Engineering 145

Engineering Cryptocurrency Accountability Social Engineering 145

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Top Techniques: A Closer Look Phishing Techniques: The Evergreen Threat in Cybersecurity Initial access methods were the most common MITRE ATT&CK techniques between May and July 2024.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

Security Affairs

APRIL 7, 2025

“In the Florida case, Urban was accused of stealing at least $800,000 in cryptocurrency from five different victims between August 2022 and March 2023.” In January 2024, U.S. . “In the California case, he pleaded guilty to one count of conspiracy to commit wire fraud.” ” reported News4Jax.

Cybercrime 70

Cybercrime Identity Theft Social Engineering Hacking 70

Digital Shadows

JANUARY 27, 2025

Key Findings 2024 was the year cyber threats got quicker. Our research reveals 2024 saw a 22% increase in attack speed compared to 2023, with the fastest incident achieving lateral movement in just 27 minutes. Among the 2024 hands-on-keyboard incidents we analyzed, 50% of them used valid or exposed credentials for initial access.

Scams 76

Scams Ransomware Accountability Social Engineering 76

SecureList

MAY 28, 2025

The threat actors behind Zanubis continue to refine its code adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. The once-broad range of targets, including cryptocurrency wallets, has been abandoned.

Banking 98

Banking Malware Encryption Energy and Utilities 98

Penetration Testing

JULY 9, 2025

The malware’s infection chains and system persistence methods echo those used in DPRK’s cryptocurrency-stealing operations—albeit now adapted and deployed globally by Russia-affiliated threat actors. That’s when the malware begins to harvest sensitive data—and lay the groundwork for persistent access.

Malware 77

Malware Surveillance InfoSec Penetration Testing 77

Cisco Security

JULY 7, 2025

The astonishing accumulation of personal information available from data brokers and collected from a fusion of advertising and social media has made social engineering attacks much more effective.

Cyber Risk 101

Cyber Risk Media Risk Cybersecurity 101

Security Affairs

JANUARY 12, 2025

CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog Threat actors breached the Argentinas airport security police (PSA) payroll Moxa router flaws pose serious risks to industrial environmets US adds Tencent to the list of companies supporting Chinese military Eagerbee backdoor targets govt entities (..)

Data breaches 63

Data breaches Phishing Social Engineering Engineering 63

Security Boulevard

JUNE 26, 2025

Podcast Techstrong.tv - Twitch Devops Chat DevOps Dozen DevOps TV Media Kit About Sponsor Analytics AppSec CISO Cloud DevOps GRC Identity Incident Response IoT / ICS Threats / Breaches More Blockchain / Digital Currencies Careers Cyberlaw Mobile Social Engineering Humor --> Security Bloggers Network Home » Security Bloggers Network » Who is Hero?

Social Engineering 52

Social Engineering Data privacy Security Awareness Engineering 52

Webroot

OCTOBER 31, 2024

Steam the Webinar on demand HERE As we look back on the cybersecurity landscape of 2024, it’s clear that the world of digital threats continues to evolve at an alarming pace in parallel with AI. The saga of LockBit in 2024 exemplifies the resilience and adaptability of these cybercriminal groups.

Malware 117

Malware Ransomware Healthcare Passwords 117

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

Social Engineering 363

Social Engineering Cybercrime Mobile Identity Theft 363

Krebs on Security

JUNE 15, 2024

In January 2024, U.S. One of the more popular SIM-swapping channels on Telegram maintains a frequently updated leaderboard of the most accomplished SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. — and charged him with stealing at least $800,000 from five victims between August 2022 and March 2023.

Hacking 357

Hacking Cybercrime Phishing Passwords 357

Security Affairs

AUGUST 31, 2024

North Korea-linked APT exploited the recently patched Google Chrome zero-day CVE-2024-7971 to deploy the FudModule rootkit. North Korea-linked group Citrine Sleet (aka AppleJeus , Labyrinth Chollima , UNC4736, Hidden Cobra ) have exploited the recently patched Google Chrome zero-day CVE-2024-7971 (CVSS score 8.8)

Social Engineering 136

Social Engineering Cryptocurrency Malware Hacking 136

Malwarebytes

MARCH 19, 2024

SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. However, if you have a telecoms manager on your payroll then there’s no need for social engineering—they can just do the SIM swap for you. Katz pleaded guilty before Chief U.S.

Social Engineering 140

Social Engineering Computers and Electronics Mobile Identity Theft 140

Krebs on Security

APRIL 20, 2023

which owns LinkedIn, said in September 2022 that it had detected a wide range of social engineering campaigns using a proliferation of phony LinkedIn accounts. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Microsoft Corp.

Malware 346

Malware Software Technology Accountability 346

Penetration Testing

OCTOBER 22, 2024

The Tapioca Foundation, a cryptocurrency project, has fallen victim to a sophisticated social engineering attack, resulting in the theft of $4.7 The attack, which occurred on October 18, 2024,... The post Tapioca Foundation Offers $1M Bounty After $4.7M DeFi Heist appeared first on Cybersecurity News.

Social Engineering 70

Social Engineering Cryptocurrency Engineering Cybersecurity 70

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. Verdict: prediction not fulfilled ❌ APT predictions for 2024 Now, let us take a look at a possible future of the advanced persistent threat landscape.

Hacking 137

Hacking Energy and Utilities Malware Government 137

SecureList

SEPTEMBER 3, 2024

The code was inserted in February and March 2024, mostly by Jia Cheong Tan – probably a fictitious identity. The XZ compromise was assigned the identifier CVE-2024-3094 and the maximum severity level of 10. The vulnerability was assigned CVE-2024-30051 and a patch was released as part of Patch Tuesday on May 14.

Malware 104

Malware Passwords Ransomware Encryption 104

Security Affairs

JUNE 17, 2024

He was not immediately… — vx-underground (@vxunderground) June 15, 2024 According to the Spanish police, the man once controlled Bitcoins worth $27 million. . In January 2024, U.S. The individual arrested as a 22-year-old male from the United Kingdom. ” states KrebsOnSecurity. ” continues Krebs.

Cybercrime 133

Cybercrime Hacking Social Engineering Cryptocurrency 133

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 124

Cryptocurrency Malware Authentication Banking 124

Malwarebytes

MARCH 5, 2024

As revealed in our 2024 ThreatDown State of Malware report, a full 11% of all detections recorded by Malwarebytes on Mac computers in 2023 were for different variants of malware—the catch-all term that cybersecurity researchers use to refer to ransomware, trojans, info stealers, worms, viruses, and more. There pretty much always has been.

Malware 141

Malware Adware Ransomware Social Engineering 141

SecureList

JUNE 10, 2024

Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. An OTP bot is a piece of software programmed to intercept OTPs with the help of social engineering. The bot accepts payments in cryptocurrency only. There are several options depending on the included features.

Phishing 144

Phishing Banking Social Engineering Accountability 144

SecureList

NOVEMBER 25, 2024

In this article in the KSB series, we review the trends of the past year, reflect on the predictions we made for 2024 , and offer insights into what we can expect in 2025. As expected, we continued to observe attacks in 2024 involving exploits for Apple devices. For instance, in Q2 2024, we saw a 23% increase in BYOVD usage.

IoT 112

IoT Energy and Utilities Phishing Cryptocurrency 112

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing 129

Phishing Banking Scams Cryptocurrency 129

Digital Shadows

NOVEMBER 13, 2024

2024 has had its ups and downs , with geopolitical tensions rising in the Middle East and enterprises rapidly adopting generative AI and automation. Cross-Border Alliances: Ransomware’s New Frontier Prediction: Ransomware activity will return to pre-2024 levels, as new ransomware groups such as RansomHub rise to prominence.

Social Engineering 59

Social Engineering Cybersecurity DDOS Ransomware 59

Digital Shadows

NOVEMBER 14, 2024

2024 has had its ups and downs , with geopolitical tensions rising in the Middle East and enterprises rapidly adopting generative AI and automation. Cross-Border Alliances: Ransomware’s New Frontier Prediction: Ransomware activity will return to pre-2024 levels, as new ransomware groups such as RansomHub rise to prominence.

Social Engineering 52

Social Engineering Cybersecurity DDOS Ransomware 52

Security Affairs

JANUARY 3, 2024

Utilizing AI-driven bots for advanced social engineering techniques. These frameworks enable the creation of complex and sophisticated Business Email Compromise (BEC) campaigns, and generation of contents for “Money Mule” spam used in money laundering schemes, and the provision of pre-made malicious strategies and tools.

Artificial Intelligence 139

Artificial Intelligence Banking Scams Cybercrime 139

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Top Techniques: A Closer Look Phishing Techniques: The Evergreen Threat in Cybersecurity Initial access methods were the most common MITRE ATT&CK techniques between May and July 2024.

Cyber Attacks 52

Cyber Attacks Phishing Ransomware Cyber Insurance 52

Digital Shadows

OCTOBER 29, 2024

In Q3 2024, ransomware service provider “RansomHub” emerged as the most dominant ransomware group, taking the mantle from “LockBit” and “ALPHV.” Our report spotlights five major threat actors dominating the cybersecurity landscape in 2024 that every professional should know about.

Ransomware 88

Ransomware Encryption Technology Cybercrime 88