Security Affairs

FEBRUARY 1, 2022

A massive social engineering campaign targeting banks has been delivered in the last two years in several countries. A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil, Mexico, Chile, the UK, and France. Pierluigi Paganini.

Social Engineering 98

Social Engineering Banking Engineering Phishing 98

Security Affairs

JANUARY 21, 2025

. “Thus, unidentified individuals send requests to connect to AnyDesk under the pretext of conducting a “security audit to check the level of security”, using the name “CERT.UA”, the CERT-UA logo, and the AnyDesk identifier “1518341498” (may change).”

Social Engineering 110

Social Engineering Scams Engineering Software 110

Security Affairs

OCTOBER 11, 2024

Rather than using advanced hacking techniques, they exploited systems with default credentials to compromise target networks. Observed ChatGPT behavior mainly involved reconnaissance, threat actors used the OpenAI’s platform to seek info on companies, services, and vulnerabilities, similar to search engine queries.

Malware 138

Malware Social Engineering Engineering Hacking 138

Security Affairs

JUNE 8, 2023

North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. ” concludes the report.

Social Engineering 98

Social Engineering Engineering Malware Risk 98

Security Affairs

APRIL 21, 2025

The malware is delivered via social engineering, attackers attempt to trick victims into tapping cards on infected phones. Calls enable social engineering in a Telephone-Oriented Attack Delivery (TOAD) scenario. Analysis of the SuperCard X campaign in Italy revealed custom malware builds tailored for regional use.

Malware 108

Malware Social Engineering Banking Engineering 108

Security Affairs

OCTOBER 30, 2024

The Midnight Blizzard group along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections. The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust.”

Phishing 124

Phishing Social Engineering Government Hacking 124

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Google Play)

Social Engineering 131

Social Engineering Media Mobile Scams 131

Security Affairs

MAY 17, 2025

Access to personal or official accounts operated by US officials could be used to target other government officials, or their associates and contacts, by using trusted contact information they obtain.” Use a secret word with family to confirm identities and stay secure. ” reads the alert issued by the FBI.

Government 124

Government Social Engineering Authentication Accountability 124

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses. ” reads the press release published by DoJ.

Cybercrime 111

Cybercrime Identity Theft Cryptocurrency Phishing 111

Security Affairs

APRIL 7, 2025

With the help of these documents, even inexperienced operators with limited hacking skills can quickly acquire the necessary expertise to successfully forward counterfeit EDRs. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,EDR-as-a-Service)

Cybercrime 140

Cybercrime Social Engineering Accountability Government 140

Security Affairs

DECEMBER 25, 2024

TraderTraitor activity is often characterized by targeted social engineering directed at multiple employees of the same company simultaneously.” Researchers attributed the hack of Harmonys Horizon bridge and Sky Mavis Ronin Bridge to North Korea-linked threat actors. BTC ($308M).

Cryptocurrency 124

Cryptocurrency Social Engineering Hacking Cybercrime 124

Security Affairs

APRIL 17, 2025

In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter) to deploy malicious payloads. components.

Social Engineering 117

Social Engineering Malware Cryptocurrency Engineering 117

Security Affairs

OCTOBER 29, 2024

The experts noticed that Civil Defense website employs social engineering tactics to trick users into installing APK outside the App Store. Its FAQ claims this approach protects user anonymity and security, directing victims to video instructions. .

Malware 121

Malware Social Engineering Software Mobile 121

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. More information, including IoCs and the lists of locally installed apps and browser extensions, are available on GitHub.

Encryption 118

Encryption Password Management Cryptocurrency Social Engineering 118

Security Affairs

MARCH 2, 2024

Department of Justice (DoJ) charged Iranian national Alireza Shafie Nasab (39) for multi-year hacking campaign targeting U.S. sensitive information and critical infrastructure. Our National Security Cyber Section remains focused on disputing these cross-border hacking schemes and holding those responsible to account.”

Hacking 139

Hacking Identity Theft Social Engineering Accountability 139

Adam Levin

AUGUST 13, 2020

Describing itself as “the most trusted and by far the largest source for information security training in the world,” SANS stated in their announcement of the breach on August 6 that they “identified a suspicious forwarding rule” in their email configuration. 513 emails were forwarded to a suspicious external email address.

Phishing 196

Phishing Cybersecurity Social Engineering Data breaches 196

The Last Watchdog

JUNE 21, 2020

In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

CyberSecurity Insiders

MAY 4, 2023

Therefore, computer admins are being warned to be aware of phishing emails, malicious downloads, and be wary of other social engineering attacks. According to sources, a hack has exposed data of over 780,000 children who were patients of Brightline.

Information Security 99

Information Security Healthcare Social Engineering Ransomware 99

Security Affairs

APRIL 23, 2021

However, the cleaner might not be malicious at all and, instead, unwittingly, or unknowingly brought the device inside the organization as a result of social engineering, which brings us to the second vulnerability. Finally, disguises can be the perfect social engineering technique to gain physical access.

Hacking 127

Hacking Social Engineering Engineering Wireless 127

Security Affairs

MAY 17, 2025

The financially motivated group UNC3944 (also known as Scattered Spider , 0ktapus ) is known for social engineering and extortion. The cybercrime group is suspected of hacking intohundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp.

Retail 67

Retail Social Engineering Cybercrime Financial Services 67

Security Affairs

NOVEMBER 2, 2023

In early September, Okta warned customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions. In December 2022, the American identity and access management giant revealed that its private GitHub repositories were hacked.

Data breaches 142

Data breaches Hacking Healthcare Social Engineering 142

Security Boulevard

JUNE 26, 2022

How Information Security Breaks The Classic IT Model. Many hacker groups will even approach social engineering to see if anyone in IT or SecOps knows if any layoffs are coming. How does information security fit into the producer/consumer model? The number of endpoints required to have EDR/XDR security.

Information Security 98

Information Security Technology Marketing Data breaches 98

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Smishing Triad )

Social Engineering 112

Social Engineering Phishing Banking DNS 112

Security Boulevard

OCTOBER 25, 2024

Gary Perkins, Chief Information Security Officer Social engineers rely on two key psychological triggers: urgency and empathy. Attackers don’t just hack systems; they hack people, and they’re exceptionally good at it.

Scams 105

Scams Social Engineering CISO Engineering 105

Security Affairs

AUGUST 17, 2021

The identifier could be obtained via social engineering. The attacker would also need to obtain Kalay UIDs through social engineering or other vulnerabilities in APIs or services that return Kalay UIDs. SecurityAffairs – hacking, CVE-2021-28372). ” states the report published by Mandiant. Pierluigi Paganini.

IoT 126

IoT Hacking Social Engineering Firmware 126

Security Affairs

FEBRUARY 19, 2025

According to the company, threat actors used a sophisticated social engineering technique to gain access to its infrastructure. “On January 16, 2025, Insight Partners detected that an unauthorized third-party accessed certain Insight information systems through a sophisticated social engineering attack.”

Social Engineering 73

Social Engineering Engineering Cyber Attacks Hacking 73

Security Affairs

JANUARY 10, 2022

Several EA Sports FIFA 22 players claim to have been hacked, they say to have lost access to their personal EA and email accounts. A growing number of EA Sports FIFA 22 players reported that their EA accounts were hacked, including famous streamers such as Jamie Bateson (AKA Bateson87), NickRTFM, Trymacs, TisiSchubecH and FUT FG.

Hacking 121

Hacking Accountability Social Engineering Media 121

Security Affairs

FEBRUARY 27, 2023

Data allegedly stolen from the American gaming giant Activision in December security breach were leaked on a cybercrime forum. A threat actor leaked on the Breached hacking forum the data allegedly stolen from the gaming giant Activision in December 2022. Activision was breached December 4th, 2022. ” states the post.

Hacking 98

Hacking Cybercrime Social Engineering Data breaches 98

Security Affairs

MARCH 10, 2025

Threat actors distribute malware in archives with fake installation instructions, urging users to disable security tools to allow their execution. Using this social engineering trick, threats like stealers, RATs, Trojans, and crypto miners can persist undetected.

Cryptocurrency 92

Cryptocurrency Malware Social Engineering Antivirus 92

Daniel Miessler

MAY 19, 2021

Top three patterns in breaches were: social engineering, basic web application attacks, and system intrusion. Top three patterns in incidents were: denial of service, basic web application attacks, and social engineering. Top three for beginning: hacking, error, and social.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

Security Affairs

JANUARY 22, 2025

Employees should be aware of who their actual technical support team is and be mindful of tactics intended to create a sense of urgency that these sorts of social-engineering driven attacks depend upon.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,ransomware)

Ransomware 98

Ransomware Malware Social Engineering Phishing 98

Security Affairs

MAY 3, 2021

Some malware attacks install tools like keyloggers to capture the keystrokes for stealing passwords or other sensitive information. Social Engineering It’s been found that almost one-fourth of the data breach is carried out by using social engineering. SecurityAffairs – hacking, data breach). One common.

Data breaches 145

Data breaches Social Engineering Engineering Network Security 145

Security Affairs

APRIL 7, 2025

The cybercrime group Scattered Spider is suspected of hacking intohundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. Urban, known online as Sosa and King Bob, is linked to the same group that hacked Twilio and other companies in 2022.

Cybercrime 67

Cybercrime Identity Theft Social Engineering Hacking 67

Security Affairs

FEBRUARY 3, 2025

” Crazy Evil is referred as a traffer team, which is a group of social engineering specialists tasked with redirecting legitimate traffic to malicious landing pages. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,cybercrime)

Scams 86

Scams Media Cryptocurrency Cybercrime 86

Security Affairs

MAY 2, 2025

Microsoft announced that all new accounts will be “passwordless by default” to increase their level of security. Microsoft now makes all new accounts “passwordless by default,” enhancing protection against social engineering attacks, phishing, brute-force, and credential stuffing attacks.

Accountability 67

Accountability Passwords Social Engineering Authentication 67

Security Affairs

AUGUST 2, 2021

In our latest video, we demonstrate an attack scenario that can occur within any organization – hacking a smart TV. The cleaner’s insider access takes care of the physical access challenge, while detachment to the organization makes the individual more susceptible to social engineering. The Faceless Man.

Social Engineering 139

Social Engineering Healthcare Engineering Hacking 139

Krebs on Security

APRIL 20, 2023

Mandiant concluded that the 3CX attack was orchestrated by the North Korean state-sponsored hacking group known as Lazarus , a determination that was independently reached earlier by researchers at Kaspersky Lab and Elastic Security. Microsoft Corp.

Malware 331

Malware Software Technology Accountability 331