Krebs on Security

NOVEMBER 21, 2020

In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.” “At this moment in time, it looks like no emails, passwords, or any personal data were accessed, but we do suggest resetting your password and activate 2FA security,” the company wrote in a blog post.

Cryptocurrency 364

Cryptocurrency Scams VPN Social Engineering 364

Krebs on Security

AUGUST 19, 2021

Abnormal Security documented how it tied the email back to a young man in Nigeria who acknowledged he was trying to save up money to help fund a new social network he is building called Sociogram. “You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc.

Ransomware 363

Ransomware Social Engineering Cybercrime Scams 363

Jane Frankland

MAY 16, 2025

Fraudsters use AI, social engineering, and emotional manipulation to steal not just money, but also trust, time, and peace of mind. Auto-fill Exploits: A small but critical sign when your password manager doesnt autofill it might be a scam site. Avoid reusing passwords across different services. turning off MFA).

Scams 130

Scams Password Management Passwords Banking 130

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. According to an Aug.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. ” Like LAPSUS$, these vishers just kept up their social engineering attacks until they succeeded.

Social Engineering 293

Social Engineering Phishing Accountability Engineering 293

Krebs on Security

APRIL 9, 2024

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

DNS 317

DNS Social Engineering Malware Media 317

IT Security Guru

NOVEMBER 18, 2024

It’s interesting to note that many people will happily unlock their phone by just looking at it and have no problem tapping their bank card against a store’s point of sale terminal, but if the term password security is presented to them, they have a blank expression, or worse, shrink away. So, it’s undoubtedly already out there.

Passwords 101

Passwords Password Management Technology Authentication 101

SecureWorld News

DECEMBER 30, 2024

Disable compromised accounts or restrict their permissions immediately, update passwords for authorized users to prevent further unauthorized access. Be sure to secure server rooms, document archives, and other sensitive areas that could be involved in the incident. Physical security must also be addressed.

Data breaches 111

Data breaches Social Engineering Passwords Accountability 111

eSecurity Planet

APRIL 8, 2025

Xanthorox vision can analyze images and screenshots to extract sensitive data or interpret visual content useful for cracking passwords or reading stolen documents. Xanthorox reasoner advanced mimics human reasoning, helping attackers craft more believable phishing messages or manipulate targets through social engineering.

Social Engineering 109

Social Engineering Phishing Engineering Cybercrime 109

Security Affairs

AUGUST 12, 2020

The experts first discovered the malware in June 2018, but it has been available since 2014, when they observed threat actors spreading it via a Microsoft Word document containing an auto-executable malicious VBA Macro. “When combined with timely social engineering lures, these non-sophisticated attacks continue to be successful.”

Passwords 145

Passwords Spyware VPN Malware 145

CyberSecurity Insiders

MAY 11, 2023

Intro In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.

Malware 98

Malware Social Engineering Engineering Education 98

SecureWorld News

JUNE 9, 2025

Additionally, a distributed workforce, ranging from remote maintenance technicians to cabin crews, multiplies entry points for social-engineering tactics like phishing. Aircraft themselves are nodes on data networks, constantly transmitting telemetry, engine performance metrics, and passenger connectivity data.

Cybersecurity 117

Cybersecurity Social Engineering Computers and Electronics Risk 117

eSecurity Planet

MAY 16, 2025

The stolen information was then used in social engineering scams that tricked users into giving away their crypto. Limited internal corporate documentation. No passwords, private keys, or customer funds were accessed. Masked bank account details and identifiers. Government-issued ID images.

Social Engineering 70

Social Engineering Scams Accountability Engineering 70

Krebs on Security

AUGUST 12, 2020

For those who can’t be convinced to use a password manager, even writing down all of the account details and passwords on a slip of paper can be helpful, provided the document is secured in a safe place. Perhaps the most important place to enable MFA is with your email accounts.

Accountability 357

Accountability Mobile Banking Passwords 357

Krebs on Security

APRIL 20, 2023

The decrypted icon files revealed the location of the malware’s control server, which was then queried for a third stage of the malware compromise — a password stealing program dubbed ICONICSTEALER. The malware was found inside of a document that offered an employment contract at the multinational bank HSBC. Microsoft Corp.

Malware 331

Malware Software Technology Accountability 331

Malwarebytes

NOVEMBER 21, 2023

In an interesting new development, AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake’ This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system.

Social Engineering 139

Social Engineering Engineering Passwords Malware 139

Security Through Education

JUNE 10, 2025

There have even been documented cases of predators using the platform to connect with young players. Helpful Resource: This website supplies links to all of the parental control options, and how to use them, for the various social media apps. Written by Amanda Marchuck Online Content Manager, Social-Engineer, LLC

Social Engineering 104

Social Engineering Technology Engineering Education 104

Malwarebytes

JUNE 9, 2025

Scammers are getting better at social engineering and are using Artificial Intelligence (AI) to sound more authentic and eliminate any spelling errors. Secure your accounts Change the passwords on all your online accounts, especially financial and email accounts. Unfortunately, people getting scammed online is a frequent event.

Scams 77

Scams Banking Artificial Intelligence Accountability 77

Security Boulevard

FEBRUARY 23, 2021

In Jan 2021, Zscaler ThreatLabZ discovered new instances of the MINEBRIDGE remote-access Trojan (RAT) embedded in macro-based Word document files crafted to look like valid job resumes (CVs). Such lures are used as social engineering schemes by threat actors; in this case, the malware was targeted at security researchers.

Social Engineering 64

Social Engineering Engineering Passwords Malware 64

eSecurity Planet

FEBRUARY 24, 2022

Great documentation and easy to learn. Provides a complete documentation. Great documentation. BeEF , or Browser Exploitation Framework, makes classic tasks such as enumeration, phishing, or social engineering seamless. Full of advanced features, such as fake password manager logins and redirect with iFrames.

Penetration Testing 139

Penetration Testing Social Engineering Passwords Phishing 139

SecureWorld News

JUNE 3, 2025

GB trove included plaintext usernames and passwords linked to major platforms such as Google, Apple, Microsoft, Facebook, Instagram, Snapchat, and Roblox. The anatomy of the breach The exposed database was neither encrypted nor password-protected, making it easily accessible to anyone who stumbled upon it.

Malware 65

Malware Passwords Identity Theft Phishing 65

Malwarebytes

AUGUST 18, 2021

DocuSign is a service that allows people to sign documents in the Cloud. Signing documents electronically saves a lot of paper and time. Recipients can check links by hovering their mouse pointer over the document link in the email. If it is an actual DocuSign document it will be hosted at docusign.net.

Phishing 145

Phishing Password Management Passwords Accountability 145

BH Consulting

OCTOBER 24, 2024

The malevolent seven: ENISA report identifies prime cybersecurity threats Ransomware; malware; social engineering; threats against data; threats against availability (denial of service); information manipulation and interference; and supply chain attacks. Links we liked NIST updates and simplifies longstanding password guidelines.

Social Engineering 69

Social Engineering Passwords Cybersecurity Ransomware 69

SecureWorld News

JUNE 4, 2025

While the company emphasized that no financial data or passwords were exposed, the incident raises concerns about the potential for highly targeted phishing and social engineering , particularly given the brand's clientele of high-net-worth individuals (HNWIs). The reputational damage could be immense."

Retail 65

Retail Banking Financial Services Social Engineering 65

Digital Shadows

OCTOBER 23, 2024

The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. Leveraging its English proficiency, the collective uses social engineering for initial access. Within six hours, the attacker began encrypting the organization’s systems.

Social Engineering 122

Social Engineering Engineering Accountability Backups 122

Security Affairs

JULY 9, 2021

Most of the malspam campaigns leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. The attack chain starts with a spam message using a Microsoft Word document that once opened, downloaded a password-protected Microsoft Excel file from a remote server.

Social Engineering 121

Social Engineering Banking Engineering Passwords 121

Malwarebytes

MAY 8, 2025

Beside stealing usernames, passwords and circumventing two factor authentication, we identified malicious code capable of performing additional nefarious actions unbeknownst to the victim. After entering their credentials, victims are social engineered by the crooks to type a security code that was sent to their email address.

Phishing 107

Phishing Authentication Engineering Banking 107

Security Affairs

MARCH 30, 2020

“Current malspam campaigns feature booby-trapped document files named “COVID 19 relief” and subject lines relying on the same theme. The document is password-protected, likely to prevent analysis before it is received by the potential victim, the password is included in the content of the email.

Banking 140

Banking Malware Social Engineering Advertising 140

Malwarebytes

FEBRUARY 12, 2021

The prosecution documents [PDF] make for some eye-opening reading. With those, he broke into social media profiles / web storage and stole nude images and movies, and traded them with others. To gain access to the email accounts, he appears to have reset account passwords by correctly guessing password reset questions.

Identity Theft 127

Identity Theft Social Engineering Passwords Accountability 127

NopSec

OCTOBER 26, 2016

Email attachments are one of the best known social engineering attack vectors. These attacks are some of the oldest social engineering attacks. Spam and Chain letters, these types of attacks are not inherently dangerous, but can be used by social engineers for information gathering or other nuisance purposes.

Social Engineering 40

Social Engineering Engineering Passwords Penetration Testing 40

SecureList

MAY 28, 2025

The threat actors behind Zanubis continue to refine its code adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. If not, it employs a deceptive tactic to manipulate the user into enabling them, a feature that varies between versions.

Banking 107

Banking Malware Energy and Utilities Encryption 107

Security Affairs

JULY 12, 2021

While not deeply sensitive, the information could still be used by malicious actors to quickly and easily find new targets based on the criminals’ preferred methods of social engineering. Change the password of your LinkedIn and email accounts. Beware of suspicious messages on social media and connection requests from strangers.

Social Engineering 145

Social Engineering Data collection Media Passwords 145

Security Affairs

AUGUST 27, 2019

The activity of the Lyceum APT group was first documents earlier of August by researchers at ICS security firm Dragos that tracked it as Hexane. Lyceum was observed using password spraying and brute-force attacks to compromise email accounts of targeted individuals. Security experts at Dragos Inc. ” continues the analysis.

DNS 107

DNS Passwords Penetration Testing Social Engineering 107

CyberSecurity Insiders

NOVEMBER 14, 2021

Unless you need your card or Social Security number, there’s no need to keep them in your wallet. Keep highly-sensitive documents at home and make sure to properly dispose of any printed documents that contain personal data. #2: 2: Use Strong Passwords. 3: Two-Factor Authentication (2FA). 4: Educate Yourself.

Identity Theft 122

Identity Theft Passwords Password Management Accountability 122

Malwarebytes

JULY 19, 2022

The data it’s after includes government documents like passport, as well as selfie photos. Hundreds—if not thousands—of WordPress sites remain vulnerable and easily exploited by scammers because of their poor security and the use of weak passwords. ” Phishing, in general, has come a long way. .

Phishing 118

Phishing Social Engineering Accountability Engineering 118

Security Affairs

AUGUST 21, 2020

Voice phishing is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward. . Limit the amount of personal information you post on social networking sites.

Social Engineering 141

Social Engineering VPN Phishing Authentication 141

Security Affairs

APRIL 8, 2021

Brute-forcing the passwords of LinkedIn profiles and email addresses. The leaked files appear to only contain LinkedIn profile information – we did not find any deeply sensitive data like credit card details or legal documents in the sample posted by the threat actor. Change the password of your LinkedIn and email accounts.

Identity Theft 144

Identity Theft Passwords Social Engineering Phishing 144