SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The hackers rely heavily on social engineering tactics to distribute the malware.

Social Engineering 103

Social Engineering Mobile Authentication Engineering 103

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media. Some apps were suspended by Google from Google Play while others were updated by the developers.

Social Engineering 131

Social Engineering Media Mobile Scams 131

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. Related: Kaseya hack worsens supply chain risk. According to the attackers, this was a configuration issue on an access point T-Mobile used for testing. This was not a sophisticated attack.

Mobile 235

Mobile Data breaches Authentication Accountability 235

Security Affairs

MARCH 29, 2025

Notifications & Social Engineering: Posts fake push notifications to trick users. “The emergence of the Crocodilus mobile banking Trojan marks a significant escalation in the sophistication and threat level posed by modern malware. ” ThreatFabric concludes.

Banking 69

Banking Mobile Identity Theft Malware 69

Security Affairs

APRIL 21, 2025

The malware is delivered via social engineering, attackers attempt to trick victims into tapping cards on infected phones. Calls enable social engineering in a Telephone-Oriented Attack Delivery (TOAD) scenario. Analysis of the SuperCard X campaign in Italy revealed custom malware builds tailored for regional use.

Malware 108

Malware Social Engineering Banking Engineering 108

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Security Affairs

OCTOBER 29, 2024

The group UNC5812 also coordinated influence campaigns to spread narratives and solicit content aimed at weakening the support for Ukraine’s mobilization and military recruitment efforts. The experts noticed that Civil Defense website employs social engineering tactics to trick users into installing APK outside the App Store.

Malware 121

Malware Social Engineering Software Mobile 121

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims. Once authenticated, the mobile phone number of the target victim is moved to the criminal’s phone. million worth of wire fraud and identity theft.

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. In fact, the group often announces its hacks on social media.

Social Engineering 293

Social Engineering Phishing Accountability Engineering 293

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile 135

Mobile Data breaches Telecommunications Identity Theft 135

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media. Some apps were suspended by Google from Google Play while others were updated by the developers.

Social Engineering 98

Social Engineering Media Scams Mobile 98

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Smishing Triad )

Social Engineering 112

Social Engineering Phishing Banking DNS 112

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. YOUR CREDIT FILES.

Accountability 357

Accountability Mobile Banking Passwords 357

Security Affairs

AUGUST 23, 2024

Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs).

Phishing 134

Phishing Mobile Banking Social Engineering 134

Daniel Miessler

MAY 19, 2021

Top three patterns in breaches were: social engineering, basic web application attacks, and system intrusion. Top three patterns in incidents were: denial of service, basic web application attacks, and social engineering. Top three for beginning: hacking, error, and social.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. Telecom company T-Mobile on Friday revealed that LAPSUS$ extortion gang gained access to its networks. ” LAPSUS$ leader White/Lapsus Jobs looking up the Department of Defense in T-Mobile’s internal Atlas system.

Mobile 102

Mobile VPN Social Engineering Telecommunications 102

Hacker's King

NOVEMBER 16, 2024

How the Hack Works Many modern cars, including those from Kia, use telematics systems that connect to mobile apps and cloud-based services for convenience features like remote start or door unlocking. These systems can be vulnerable to exploitation if not properly secured.

Hacking 52

Hacking Mobile Encryption Authentication 52

Security Boulevard

APRIL 16, 2024

The post SIM Swappers Try Bribing T-Mobile and Verizon Staff $300 appeared first on Security Boulevard. Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication.

Mobile 132

Mobile Authentication Social Engineering Wireless 132

The Last Watchdog

DECEMBER 3, 2018

Related: Uber hack shows DevOps risk. The Starwood hack appears to come in second in scale only to the 2013 Yahoo breac h, which affected as many as 3 billion accounts, while a subsequent Yahoo breach also hit 500 million accounts. In 2014, a JP Morgan Chase hack exposed 76 million households. John Gunn, CMO, OneSpan: Gunn.

Hacking 157

Hacking eCommerce Authentication Social Engineering 157

Security Boulevard

DECEMBER 13, 2023

The post Russia Hacks Ukraine, Ukraine Hacks Russia — Day#658 appeared first on Security Boulevard. When will it end? Russia takes down Kyivstar cellular system, Ukraine destroys Russian tax system.

Hacking 131

Hacking Digital transformation Social Engineering Data privacy 131

Threatpost

SEPTEMBER 18, 2019

The idea that humans are the weakest link shouldn't guide the thinking on social-engineering defense.

Social Engineering 63

Social Engineering Engineering InfoSec Mobile 63

Security Affairs

DECEMBER 12, 2024

These are the first known mobile malware families linked to the Russian APT. These findings tie the mobile surveillance families to Gamaredons desktop campaigns. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Gamaredon) Armageddon , Primitive Bear, and ACTINIUM).

Mobile 99

Mobile Malware Surveillance Social Engineering 99

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. Sadly, coronavirus phishing and ransomware hacks already are in high gear. Leaders of the top hacking collectives are astute and disciplined. I agree wholeheartedly with Levin on this, as I imagine most folks would.

Social Engineering 174

Social Engineering Cyber Attacks Scams Phishing 174

CyberSecurity Insiders

DECEMBER 14, 2021

SANS Holiday Hack Challenge 2021 is back to help Santa Claus defeat cyber villains like Jack Frost to save the holiday season from a digital disaster. SANS Holiday Hack Challenge 2020 witnessed the participation of over 19,000 players and this year it’s expected to double up, as the event is being held online.

Hacking 90

Hacking Penetration Testing Social Engineering Mobile 90

Security Affairs

NOVEMBER 15, 2021

The malware has been active at least since late October 2021, it targeting the mobile users of banks in Italy, the UK, and the US. The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. SecurityAffairs – hacking, SharkBot). ” concludes the report.

Banking 144

Banking Mobile Social Engineering Malware 144

Security Affairs

NOVEMBER 10, 2021

Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware also allows an attacker to remotely control the infected mobile devices. SecurityAffairs – hacking, spyware). Zimperium concludes.

Spyware 145

Spyware Mobile Social Engineering Malware 145

Security Boulevard

MAY 2, 2024

The post Dropbox Hacked: eSignature Service Breached appeared first on Security Boulevard. Drop Dropbox? The company apologized as user details were leaked from its “Dropbox Sign” product.

Hacking 135

Hacking Social Engineering Data privacy Engineering 135

The Last Watchdog

FEBRUARY 3, 2021

It’s only February, and 2021 already is rapidly shaping up to be the year of supply-chain hacks. The latest twist: mobile network operator UScellular on Jan. The SolarWinds hack came to light in mid-December and has since become a red hot topic in the global cybersecurity community. Related: The quickening of cyber warfare.

Phishing 252

Phishing Hacking Accountability Social Engineering 252

Security Boulevard

APRIL 12, 2023

The post ‘But His Emails!’ — Ukrainian Hackers Hack Hillary Hacker appeared first on Security Boulevard. Beware Fancy Bears Bearing Gifts: Confirms DCLeaks caper was by APT28. Also that APT28 is Russian military unit.

Hacking 144

Hacking Social Engineering Security Awareness Engineering 144

Security Boulevard

SEPTEMBER 7, 2022

TikTok was hacked, with over two billion records stolen. The post TikTok Hack: 2B Records Leak — but ByteDance Denies appeared first on Security Boulevard. Or so says notorious leak group BlueHornet (a/k/a AgainstTheWest, @AggressiveCurl).

Hacking 140

Hacking Social Engineering Security Awareness Engineering 140

Hacker's King

DECEMBER 25, 2024

Social Engineering : Attackers manipulate victims into sharing personal information, such as passwords or answers to security questions. This adds an extra layer of protection by requiring a code to be sent to your mobile device during login attempts. This is one of the most prevalent methods of account compromise.

Passwords 52

Passwords Social Engineering Accountability Scams 52

Security Boulevard

MAY 24, 2022

A wedding planning startup, Zola, has been hacked—or so it seems. The post Zola Wedding App ‘Hacked’ — Victims Lose BIG Money appeared first on Security Boulevard. Users allege serious PCI violations.

Hacking 136

Hacking Social Engineering Passwords Engineering 136

Security Affairs

DECEMBER 1, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime 73

Cybercrime Firewall Social Engineering Ransomware 73

Security Affairs

FEBRUARY 8, 2024

Generative AI Impact : Generative AI will have a big role in cyber security, especially in areas like email protection and fighting social engineering attacks. Mobile Threats: Mobile devices are increasingly targeted by cyber criminals, with mobile malware attacks rising by 54%.

Social Engineering 142

Social Engineering Cyber Attacks Cyber Insurance IoT 142

Krebs on Security

AUGUST 5, 2019

Most often, the attacker will use lists of email addresses and passwords stolen en masse from hacked sites and then try those same credentials to see if they permit online access to accounts at a range of banks. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Banking 279

Banking Passwords Risk Accountability 279

Security Boulevard

JUNE 2, 2023

The post Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research appeared first on Security Boulevard. Tit-For-Tat Triangulation Trojan Talk: Backdoor inserted at U.S. behest, alleges FSB.

Hacking 145

Hacking Social Engineering Spyware Security Awareness 145