Blog, Encryption and Social Engineering

Microsoft: Happy 2025. Here’s 161 Security Updates

Krebs on Security

JANUARY 14, 2025

Kev Breen at Immersive points to an interesting flaw ( CVE-2025-21210 ) that Microsoft fixed in its full disk encryption suite Bitlocker that the software giant has dubbed “exploitation more likely.” Further reading on today’s patches from Microsoft: Tenable blog SANS Internet Storm Center Ask Woody Unpatched.ai

Artificial Intelligence

Artificial Intelligence Social Engineering Encryption Internet

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Each participant in the call has a specific role, including: -The Caller: The person speaking and trying to social engineer the target. A tutorial shared by Stotle titled “Social Engineering Script” includes a number of tips for scam callers that can help establish trust or a rapport with their prey.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

The Evolution of Encrypted IM Messenging Platforms – The Rise and Future of the OMEMO Protocol – An Analysis

Security Boulevard

JANUARY 28, 2022

Compared to OTR (Off-the-Record) which basically allows single-user type of secure and encrypted communication the OMEMO protocol actually allows multi-user type of data and information exchange further strengthening the protocol's position on the market for secure mobile IM (instant messaging) applications.

Encryption

Encryption Cybercrime Social Engineering Mobile

Improve your AWS security posture, Step 3: Encrypt AWS data in transit and at rest

CyberSecurity Insiders

JANUARY 19, 2023

In the first two blogs in this series, we discussed properly setting up IAM and avoiding direct internet access to AWS resources. In this blog, we’ll tackle encrypting AWS in transit and at rest. Fortunately, with adequate encryption measures in place, data exposures such as these can be nullified.

Encryption

Encryption Internet Internet Social Engineering

Strengths and Weaknesses of MFA Methods Against Cyberattacks: Part 2

Duo's Security Blog

FEBRUARY 27, 2024

In the first part of this three-part blog series , we discussed the various methods available to MFA users. WebAuthn-based authenticators use private keys that are not shared publicly and that can be stored securely on tamper-resistant hardware protected with strong encryption.

Social Engineering

Social Engineering Authentication Phishing Engineering

Secure Communications: Relevant or a Nice to Have?

Jane Frankland

FEBRUARY 7, 2025

This is where the real opportunity lies, and what Im exploring in this blog. Why Free Tools Don’t Cut It While consumer grade and free communication tools like WhatsApp, Telegram, and Signal offer end-to-end encryption, and can help in crises, they do fall short when it comes to enterprise level security and compliance.

Cyber Risk

Cyber Risk CISO Risk Encryption

Octo Tempest cybercriminal group is "a growing concern"—Microsoft

Malwarebytes

OCTOBER 27, 2023

Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. This can be done in a number of ways, but the most common ones involve social engineering attacks on the victim's carrier. Stop malicious encryption.

Social Engineering

Social Engineering Engineering Ransomware Backups

New Glove Stealer Malware Bypasses Google Chrome’s App-Bound to Steal Data

Heimadal Security

NOVEMBER 15, 2024

The New Glove Stealer malware has the ability to bypass Google Chrome’s Application-Bound (App-Bound) encryption to steal browser cookies.

Malware

Malware Social Engineering Encryption Phishing

ZINC Hackers Leverage Open-source Software to Lure IT Pros

eSecurity Planet

OCTOBER 3, 2022

PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer have been backdoored to perform a wide range of social engineering campaigns that started in April 2022. Then they moved the conversation away from the platform to encrypted messaging apps like WhatsApp.

Software

Software Social Engineering Engineering Phishing

Vmware ESXi Virtual Computers Targeted by the REvil Ransomware’s New Linux Encryptor

Heimadal Security

JUNE 29, 2021

The REvil ransomware (aka Sodinokibi) threat actors are now employing a Linux encryptor that targets and encrypts Vmware ESXi virtual computers. The post Vmware ESXi Virtual Computers Targeted by the REvil Ransomware’s New Linux Encryptor appeared first on Heimdal Security Blog.

Social Engineering

Social Engineering Encryption Ransomware Engineering

Coinbase Flips the Script on Ransomware Criminals

SecureWorld News

MAY 21, 2025

The attack involved the bribery of third- party customer service contractors, enabling unauthorized access to user names, addresses, email addresses, and partial Social Security numbers. Coinbase disclosed the incident through a detailed blog post and an SEC filing, in which they outlined the ransom demand and their refusal to comply.

Ransomware

Ransomware Social Engineering Data breaches Cryptocurrency

The Rise of AI Social Engineering Scams

Identity IQ

JUNE 1, 2023

The Rise of AI Social Engineering Scams IdentityIQ In today’s digital age, social engineering scams have become an increasingly prevalent threat. Social engineering scams leverage psychological manipulation to deceive individuals and exploit the victims’ trust.

Social Engineering

Social Engineering Scams Engineering Identity Theft

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

The Last Watchdog

FEBRUARY 20, 2024

Malicious intent or manipulation: AI chatbots can be exploited to spread misinformation, execute social engineering attacks or launch phishing. Such manipulation can harm user trust, tarnish brand reputation and have broader social consequences. Machine learning helps AI chatbots adapt to and prevent new cyber threats. .

Cybersecurity

Cybersecurity Penetration Testing Authentication Social Engineering

Krispy Kreme Cyber Attack a Wake-Up Call for the Food Industry

SecureWorld News

MARCH 17, 2025

To make sure you don't become the next headline on a cybersecurity blog, you should consider the following layered cybersecurity measures. You must equip your staff with the knowledge to recognize phishing attempts, social engineering ploys, and other common cyber threats through regular, targeted training sessions.

Cyber Attacks

Cyber Attacks Digital transformation Threat Detection Penetration Testing

GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do

The Last Watchdog

APRIL 28, 2022

That explains why over 80 percent of data breaches start with weak, reused, and stolen passwords through password phishing, social engineering, brute force attacks and credential stuffing. O’Toole. Hackers don’t need to hack in, they just log in. With more victims, they harvest more credentials, which lead to more victims.

Passwords

Passwords Encryption Phishing Social Engineering

How To Protect Businesses from Social Engineering Attacks this Cybersecurity Awareness Month and Beyond

NetSpi Executives

OCTOBER 24, 2023

Don’t be afraid of social engineering attacks this Cybersecurity Awareness Month! In the spirit of this year’s theme, we created a parody of the Monster Mash to share social engineering prevention tips far and wide. In fact, 98 percent of cyber attacks involve some form of social engineering.

Social Engineering

Social Engineering Engineering Cybersecurity Passwords

Google Cloud Security Threat Horizons Report #11 Is Out!

Security Boulevard

JANUARY 22, 2025

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 , #4 , #5 , #6 , #7 , #8 , #9 and #10 ). P.S. Coming soon!

Passwords

Passwords Social Engineering Accountability Cybersecurity

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

“Eventually, the threat actor was able to compromise both the Windows and macOS build environments,” 3CX said in an April 20 update on their blog. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Microsoft Corp.

Malware

Malware Software Technology Accountability

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

Editor’s note: James Xiang and Hayden Evans contributed to this blog. The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. Within six hours, the attacker began encrypting the organization’s systems. What Happened?

Social Engineering

Social Engineering Engineering Accountability Backups

Quantum computing brings new security risks: How to protect yourself

CyberSecurity Insiders

FEBRUARY 1, 2022

This blog was written by an independent guest blogger. With quantum computing looming in the not-so-distant future, the way that we think about encryption will need to evolve. However, the complex math behind creating encryption keys is no match for the power of quantum computers.

Risk

Risk Social Engineering Threat Detection Encryption

Google Cloud Security Threat Horizons Report #11 Is Out!

Anton on Security

JANUARY 22, 2025

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 , #4 , #5 , #6 , #7 , #8 , #9 and #10 ). P.S. Coming soon!

Passwords

Passwords Social Engineering Accountability Encryption

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

If the data is online, then it’s accessible to bad actors and just waiting to be encrypted for ransom. Fun fact: 80% of these breaches occur at the endpoint , often via phishing or social engineering. Back up your data and secure your backups in an offline location. It’s quick to deploy and simple to operate. Let’s talk VPNs.

Ransomware

Ransomware Risk Internet Internet

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

The Last Watchdog

JANUARY 31, 2022

Password managers store passwords in an encrypted file called a vault, which is a target for attackers. AIS have no emotions and therefore cannot be attacked by social engineering methods. Online and offline password managers come into play here. Attackers can use the brute force method to crack this vault. ”

Passwords

Passwords Computers and Electronics Password Management Artificial Intelligence

GUEST ESSAY: A full checklist on how to spot pharming attacks — and avoid becoming a victim

The Last Watchdog

JUNE 1, 2021

It is a type of social engineering cyberattack in which the website’s traffic is manipulated to steal confidential credentials from the users. An SSL certificate ensures that the website is encrypted and secure. It is an online scam attack quite similar to Phishing. Related: Credential stuffing explained.

DNS

DNS Phishing Social Engineering Cyber Attacks

Zoom Security Issues Are a Wakeup Call for Enterprises

eSecurity Planet

JANUARY 28, 2022

A little more than a week later, cybersecurity firm Armorblox outlined an account takeover attack that leveraged malicious phishing and social engineering. The servers process meeting audio and video content, which means that an attacker who compromised the system could monitor any Zoom meetings that didn’t have end-to-end encryption.

Social Engineering

Social Engineering Engineering Phishing Accountability

How Most Cyber Attacks Begin: The Hidden Dangers of Credential-Based Threats

Hacker's King

MAY 24, 2025

In this blog, we'll delve into the attack vectors and their intricate workings alongside evolving tactics used to safeguard data. Phishing is now done through text messages (smishing), social media (social engineering), and even voice phone calls (vishing). These are the foundation of lucrative weak links for hackers.

Cyber Attacks

Cyber Attacks Passwords Education Phishing

Meet Exotic Lily, access broker for ransomware and other malware peddlers

Malwarebytes

MARCH 18, 2022

The RaaS will provide the encryption software, the contact and leak sites, and negotiate the ransom with the victim. From the TAG blog we can learn that Exotic Lily was very much specialized. Microsoft also posted a blog about attacks that exploited this vulnerability. Social engineering. Exotic Lily.

Ransomware

Ransomware Malware Social Engineering Media

LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung

eSecurity Planet

MARCH 24, 2022

In a blog post detailing its efforts to track and contain the breach, Microsoft described LAPSUS$ as a “large scale social engineering and extortion campaign.” LAPSUS$ doesn’t appear to be using overtly sophisticated intrusion methods but instead relying on social engineering and purchased accounts.

Social Engineering

Social Engineering Data breaches Engineering Hacking

Five Key Points When Preventing Cybersecurity Attacks in a World of Hybrid Working

Security Boulevard

AUGUST 30, 2021

<a href='/blog?tag=Endpoint tag=Endpoint Protection'>Endpoint Protection</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Advanced Additional Resources.

Cybersecurity

Cybersecurity Social Engineering Unstructured Data Cyber Attacks

The Crypto Game of Lazarus APT: Investors vs. Zero-days

SecureList

OCTOBER 23, 2024

While we respected Google’s request for a set disclosure period, on May 28, 2024, Microsoft published a blog post titled “Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks,” which partially revealed our findings.

Engineering

Engineering Social Engineering Accountability Cryptocurrency

AWS configuration issues lead to exposure of 5 million records

SC Magazine

MAY 11, 2021

In a blog, Check Point researchers said they have worked with AWS Security to provide customers with the necessary information to help them resolve any configuration issues with the SSMs. This not only serves as a basis for social engineering attacks, but can lead to the exposure of additional resources.

Backups

Backups Social Engineering Encryption Media

Ransomware targets Edge users

Malwarebytes

JANUARY 12, 2022

A convincingly-branded message that tells users they need to update their out of date software taps into all the good security messaging users have soaked up, it gives them a reason to install strange software from the Internet, and it carries exactly the right mixture of implied threat and urgency that social engineers like.

Ransomware

Ransomware Social Engineering Engineering Software

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

SecureList

JANUARY 18, 2023

The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. In addition, the likelihood of the data being used for phishing and social engineering increases. . Kaspersky detects an average of 400,000 malicious files every day.

Media

Media Social Engineering Ransomware Hacking

Top 5 Cyber Predictions for 2024: A CISO Perspective

Security Boulevard

JANUARY 2, 2024

This past year set a profound stage, from the advent of stringent cyber regulations to the convergence of generative AI, social engineering, and ransomware. Ransomware gangs also got stealthier in 2023, with ThreatLabz observing an increase in encryption-less extortion attacks.

CISO

CISO Social Engineering Architecture Ransomware

Phishing Campaign Used Morse Code to Evade Detection: Microsoft

eSecurity Planet

AUGUST 16, 2021

A phishing campaign that Microsoft security researchers have been tracking for about a year highlights not only the ongoing success of social engineering efforts by hackers to compromise systems, but also the extent to which the bad actors will go to cover their tracks while stealing user credentials. Invoice-Themed Lures.

Phishing

Phishing Social Engineering Passwords Engineering

P@ssW0rdsR@N0T_FUN!

Duo's Security Blog

OCTOBER 4, 2023

Updating software Cisco Duo is all about cybersecurity, so every week we’re going to publish a blog focused on those respective topics. Cybercriminals can harvest this information through social engineering and deduce your password. Enabling multi-factor authentication 3. Recognizing and reporting phishing 4.

Password Management

Password Management Passwords Authentication Social Engineering

NPM packages found containing the TurkoRat infostealer

Security Affairs

MAY 19, 2023

ReversingLabs discovered two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat. The nodejs-encrypt-agent was discovered due to name and version discrepancies noticed by the researchers while scanning the repository.

Encryption

Encryption Social Engineering Malware Cryptocurrency

Peugeot leaks access to user information in South America

Security Affairs

APRIL 25, 2023

The leaked Symphony application secret could have been used to decrypt previously encrypted data such as user cookies and session IDs. The link to the git repository could be used in social engineering attacks against the platform developers to gain access to the repository, and in turn, steal the source code of the site.

Social Engineering

Social Engineering Education Marketing Media

4 Most Common Network Attacks and How to Thwart Them

SecureWorld News

FEBRUARY 10, 2025

"Adversary-in-the-Middle (AitM) attacks use a phishing proxy to intercept and relay communications between the user and the legitimate website, capturing credentials and session tokens," wrote Madere in a blog post. This foul play is usually unveiled only after the damage has already been done.

DDOS

DDOS Ransomware Authentication Phishing

8 Cyber Predictions for 2025: A CSO’s Perspective

Security Boulevard

JANUARY 9, 2025

Threat actors used AI tools to orchestrate highly convincing and scalable social engineering campaigns, making it easier to deceive users and infiltrate systems. This trend, among other AI-powered social engineering attacks, will amplify identity compromise, ransomware, and data exfiltration in 2025.

Social Engineering

Social Engineering Architecture Phishing Risk

MY TAKE: Why it’s now crucial to preserve PKI, digital certificates as the core of Internet security

The Last Watchdog

DECEMBER 9, 2019

For decades, the cornerstone of IT security has been Public Key Infrastructure, or PKI , a system that allows you to encrypt and sign data, issuing digital certificates that authenticate the identity of users. Fortanix is supplying the advanced encryption technology underpinning Google’s new service.

Internet

Internet Internet Encryption Authentication

Cybersecurity Awareness Month Blog Series: Using Technology to Safeguard the Nation’s Critical Infrastructure

Thales Cloud Protection & Licensing

OCTOBER 25, 2018

In this blog post, I’ll discuss: Our current perimeter defense; The need to shift to a data-centric security approach; and, The need to educate the public to strengthen our critical infrastructure security posture. Some of these include: Advanced persistent threats (APTs); Insider threats; Social engineering; and, Human error.

Technology

Technology Cybersecurity Unstructured Data Education

GUEST ESSAY: A call to decentralize social identities — to curtail social media privacy abuses

The Last Watchdog

AUGUST 15, 2023

A user can then connect this decentralized identity to encrypted decentralized storage to store their personal data. For instance, to hack decentralized end-to-end encrypted data, a hacker must compromise multiple nodes on the storage network to gain access to the data.

Media

Media Accountability Social Engineering Hacking

Microsoft: Happy 2025. Here’s 161 Security Updates

A Day in the Life of a Prolific Voice Phishing Crew

Trending Sources

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

The Evolution of Encrypted IM Messenging Platforms – The Rise and Future of the OMEMO Protocol – An Analysis

Improve your AWS security posture, Step 3: Encrypt AWS data in transit and at rest

Strengths and Weaknesses of MFA Methods Against Cyberattacks: Part 2

Secure Communications: Relevant or a Nice to Have?

Octo Tempest cybercriminal group is "a growing concern"—Microsoft

New Glove Stealer Malware Bypasses Google Chrome’s App-Bound to Steal Data

ZINC Hackers Leverage Open-source Software to Lure IT Pros

Vmware ESXi Virtual Computers Targeted by the REvil Ransomware’s New Linux Encryptor

Coinbase Flips the Script on Ransomware Criminals

The Rise of AI Social Engineering Scams

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

Krispy Kreme Cyber Attack a Wake-Up Call for the Food Industry

GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do

How To Protect Businesses from Social Engineering Attacks this Cybersecurity Awareness Month and Beyond

Google Cloud Security Threat Horizons Report #11 Is Out!

3CX Breach Was a Double Supply Chain Compromise

Scattered Spider x RansomHub: A New Partnership

Quantum computing brings new security risks: How to protect yourself

Google Cloud Security Threat Horizons Report #11 Is Out!

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

GUEST ESSAY: A full checklist on how to spot pharming attacks — and avoid becoming a victim

Zoom Security Issues Are a Wakeup Call for Enterprises

How Most Cyber Attacks Begin: The Hidden Dangers of Credential-Based Threats

Meet Exotic Lily, access broker for ransomware and other malware peddlers

LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung

Five Key Points When Preventing Cybersecurity Attacks in a World of Hybrid Working

The Crypto Game of Lazarus APT: Investors vs. Zero-days

AWS configuration issues lead to exposure of 5 million records

Ransomware targets Edge users

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

Top 5 Cyber Predictions for 2024: A CISO Perspective

Phishing Campaign Used Morse Code to Evade Detection: Microsoft

P@ssW0rdsR@N0T_FUN!

NPM packages found containing the TurkoRat infostealer

Peugeot leaks access to user information in South America

4 Most Common Network Attacks and How to Thwart Them

8 Cyber Predictions for 2025: A CSO’s Perspective

MY TAKE: Why it’s now crucial to preserve PKI, digital certificates as the core of Internet security

Cybersecurity Awareness Month Blog Series: Using Technology to Safeguard the Nation’s Critical Infrastructure

GUEST ESSAY: A call to decentralize social identities — to curtail social media privacy abuses

Stay Connected