Tech Republic Security

FEBRUARY 26, 2024

Identity-based and social engineering attacks still take center stage, according to the CrowdStrike 2024 Global Threat Report.

Threat Reports 198

Threat Reports Social Engineering Engineering Phishing 198

SecureList

NOVEMBER 28, 2024

This is our latest roundup, covering activity we observed during Q3 2024. Earlier in 2024, a secure USB drive was found to be compromised and malicious code was injected into the access management software installed on the USB drive. After that, we did not observe any new activity related to this actor until mid-July 2024.

Malware 118

Malware Government Software Spyware 118

SecureList

FEBRUARY 20, 2025

Security incident statistics for 2024 In 2024, the MDR infrastructure received and processed on average 15,000 telemetry events per host every day, generating security alerts as a result. This report answers key questions, including: Who are the potential attackers? What methods are they using today? in IT, 18.3% in government, 17.8%

Social Engineering 101

Social Engineering Phishing Government Threat Detection 101

Security Through Education

APRIL 7, 2025

I’ve seen people with disabilities in online discussions and on the Social Engineer Slack channel exploring suitable career paths. The Value of Diversity in Social Engineering Social engineering is, at its core, the art of human connection.

Social Engineering 52

Social Engineering Engineering Technology Information Security 52

Security Affairs

AUGUST 18, 2024

The Mad Liberator ransomware group has been active since July 2024, it focuses on data exfiltration instead of data encryption. Mad Liberator employs social engineering techniques to gain access to the victim’s environment, specifically targeting organizations using remote access tools like Anydesk.

Social Engineering 145

Social Engineering Engineering Ransomware Cybercrime 145

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 77

Phishing Banking Scams Mobile 77

Digital Shadows

OCTOBER 25, 2024

In October 2024, ReliaQuest responded to an alert for Impacket activity. During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” What Happened?

Social Engineering 128

Social Engineering Engineering Phishing Accountability 128

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 104

Energy and Utilities Ransomware Malware Government 104

Krebs on Security

NOVEMBER 21, 2024

In January 2024, KrebsOnSecurity broke the news that Urban had been arrested in Florida in connection with multiple SIM-swapping attacks. In September 2024, KrebsOnSecurity reported that a 17-year-old from the United Kingdom was arrested last year by U.K. police as part of an FBI investigation into the MGM hack.

Identity Theft 268

Identity Theft Phishing Cryptocurrency Accountability 268

Krebs on Security

DECEMBER 18, 2024

On the evening of May 15, 2024, Tony was putting his three- and one-year-old boys to bed when he received a message from Google about an account security issue, followed by a phone call from a “Daniel Alexander” at Google who said his account was compromised by hackers. .” Nevertheless, Soundcloud removed the audio file.

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. The comments we received were uniformly insightful and helpful.

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. A common characteristic among the vendor breaches reported in 2024 is the exploitation of weak security protocols.

Risk 81

Risk Healthcare Education Cybersecurity 81

Penetration Testing

OCTOBER 19, 2024

A new and dangerous social engineering tactic, dubbed ClickFix, has emerged as a significant cybersecurity threat in 2024, according to a recent report from the Sekoia Threat Detection & Research... The post Beware of Fake Google Meet Invites: ClickFix Campaign Spreading Infostealers appeared first on Cybersecurity News.

Social Engineering 88

Social Engineering Threat Detection Engineering Cybersecurity 88

BH Consulting

OCTOBER 24, 2024

The malevolent seven: ENISA report identifies prime cybersecurity threats Ransomware; malware; social engineering; threats against data; threats against availability (denial of service); information manipulation and interference; and supply chain attacks. Information Security Buzz has a good summary of the main points.

Social Engineering 69

Social Engineering Passwords Cybersecurity Ransomware 69

Security Affairs

DECEMBER 25, 2024

dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” ” reads the press release published by FBI. ” reads the press release published by FBI. BTC ($308M). .”

Cryptocurrency 126

Cryptocurrency Social Engineering Hacking Cybercrime 126

Security Affairs

OCTOBER 29, 2024

” The Telegram channel was created on September 10, 2024 and at this time has 189 subscribers. that was registered in April 2024. On September 18, 2024, a missile alert channel with over 80,000 subscribers promoted the “Civil Defense” Telegram channel.

Malware 123

Malware Social Engineering Software Mobile 123

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media. Some apps were suspended by Google from Google Play while others were updated by the developers.

Social Engineering 132

Social Engineering Media Mobile Scams 132

Tech Republic Security

NOVEMBER 9, 2023

A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.

Cybersecurity 214

Cybersecurity Malware Big data Social Engineering 214

Security Affairs

OCTOBER 30, 2024

“On October 22, 2024, Microsoft identified a spear-phishing campaign in which Midnight Blizzard sent phishing emails to thousands of users in over 100 organizations. The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust.”

Phishing 126

Phishing Social Engineering Government Hacking 126

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Organizations should implement domain monitoring, enforce DMARC policies, and train employees to recognize social engineering methods.

Insurance 65

Insurance Phishing Social Engineering Engineering 65

Krebs on Security

APRIL 9, 2024

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

DNS 317

DNS Social Engineering Malware Media 317

Duo's Security Blog

MAY 28, 2025

Sixty percent of all Cisco Talos IR cases in 2024 saw identity as a key component of reported attacks. AI significantly exacerbates the situation by amplifying the scale, speed and sophistication of account takeover attacks, enabling automated and highly adaptive social engineering techniques. Identity is under siege.

Social Engineering 126

Social Engineering Engineering Phishing Marketing 126

Security Affairs

APRIL 17, 2025

increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js Microsoft has observed Node.js

Social Engineering 118

Social Engineering Malware Cryptocurrency Engineering 118

Tech Republic Security

JUNE 4, 2024

Organisations providing services related to the Paris Olympics 2024 have an increased risk of cyber attack, a new study has found.

Cyber Attacks 195

Cyber Attacks Risk Social Engineering Engineering 195

BH Consulting

NOVEMBER 14, 2024

There was no doubting the one topic on almost everyone’s minds at IRISSCON 2024: AI. Widely considered one of the industry’s leading sources of security research, the 2024 edition found that ransomware and extortion made up 32% of incidents. Many of these attacks are preventable, he added.

Artificial Intelligence 64

Artificial Intelligence Ransomware Social Engineering Cybersecurity 64

eSecurity Planet

MARCH 3, 2025

The report details how threat actors harness automation, artificial intelligence, and advanced social engineering to scale their operations. A dramatic 442% surge in vishing attacks during the latter half of 2024 further illustrates the lengths to which adversaries will go to exploit vulnerabilities.

Threat Reports 110

Threat Reports Cybercrime Artificial Intelligence Social Engineering 110

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Privacy Compliance: By 2024, 40% of privacy tools will rely on AI, highlighting its expanding role in ensuring data privacy and meeting regulations. RaaS usage is expected to increase by 25% in 2024.

Social Engineering 143

Social Engineering Cyber Attacks Cyber Insurance IoT 143

Security Affairs

SEPTEMBER 11, 2024

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. ” The four actively exploited zero-day vulnerabilities are: CVE-2024-38014 – Windows Installer Elevation of Privilege Vulnerability. However, we at the ZDI think that number should be five.”

Social Engineering 132

Social Engineering IoT Engineering Authentication 132

We Live Security

DECEMBER 12, 2024

Attackers could use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally in carrying out malicious activities

Social Engineering 89

Social Engineering Engineering 89

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. The Ministry of Human Resources and Emiratisation (MoHRE) has announced that December 2 and 3, 2024, will be official paid holidays for all private sector employees in the UAE.

Social Engineering 114

Social Engineering Phishing Banking DNS 114

Security Affairs

NOVEMBER 15, 2024

Threat actors relies on social engineering tactics like ClickFix and FakeCaptcha to trick users into executing malicious scripts via PowerShell or Run prompts. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024.

Encryption 119

Encryption Password Management Cryptocurrency Social Engineering 119

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing Manufacturing 126

eSecurity Planet

OCTOBER 22, 2024

ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues.

Scams 123

Scams Malware Phishing Social Engineering 123

Webroot

MARCH 3, 2025

The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

SecureWorld News

JUNE 9, 2025

Additionally, a distributed workforce, ranging from remote maintenance technicians to cabin crews, multiplies entry points for social-engineering tactics like phishing. Aircraft themselves are nodes on data networks, constantly transmitting telemetry, engine performance metrics, and passenger connectivity data.

Cybersecurity 117

Cybersecurity Social Engineering Computers and Electronics Risk 117

SecureList

DECEMBER 9, 2024

As part of Kaspersky Security Bulletin 2024, our “Story of the Year” centers on these pressing issues. We’ll begin by revisiting notable supply chain incidents from 2024, and then explore potential scenarios of more damaging cases and the ways we prepare for them. Let’s dive in! Why does it matter? The Polyfill.io

Internet 111

Internet Internet Risk Social Engineering 111

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media. Some apps were suspended by Google from Google Play while others were updated by the developers.

Social Engineering 98

Social Engineering Media Scams Advertising 98