Hacking and Social Engineering - Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

Social engineering: A cheat sheet for business professionals

Tech Republic Security

MAY 29, 2020

People, like computers, can be hacked using a process called social engineering, and there's a good chance a cybersecurity attack on your organization could start with this technique.

Social Engineering

Social Engineering Engineering Hacking Cybersecurity

North Korean Hackers Steal $1.5B in Cryptocurrency

Schneier on Security

FEBRUARY 25, 2025

” More : This hack sets a new precedent in crypto security by bypassing a multisig cold wallet without exploiting any smart contract vulnerability. The Bybit hack has shattered long-held assumptions about crypto security. This attack proves that UI manipulation and social engineering can bypass even the most secure wallets.

Cryptocurrency

Cryptocurrency Social Engineering Hacking Engineering

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

Hacking

Hacking Social Engineering Phishing Scams

The Mad Liberator ransomware group uses social-engineering techniques

Security Affairs

AUGUST 18, 2024

Mad Liberator employs social engineering techniques to gain access to the victim’s environment, specifically targeting organizations using remote access tools like Anydesk. However, the social-engineering tactics the group used in the case described above are noteworthy – but they are not unique.

Social Engineering

Social Engineering Engineering Ransomware Cybercrime

Ô! China Hacks Canada too, Says CCCS

Security Boulevard

NOVEMBER 1, 2024

China Hacks Canada too, Says CCCS appeared first on Security Boulevard. Plus brillants exploits: Canadian Centre for Cyber Security fingers Chinese state sponsored hackers. The post Ô!

Hacking

Hacking Social Engineering Cyber Attacks Data privacy

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

“Cloaks attack strategy involves acquiring network access through Initial Access Brokers (IABs) or social engineering methods such as phishing, malvertising, exploit kits, and drive-by downloads disguised as legitimate updates like Microsoft Windows installers.” ” reads a report published by Halcyon.

Ransomware

Ransomware Hacking Social Engineering VPN

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. police as part of an FBI investigation into the MGM hack. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Each participant in the call has a specific role, including: -The Caller: The person speaking and trying to social engineer the target. A tutorial shared by Stotle titled “Social Engineering Script” includes a number of tips for scam callers that can help establish trust or a rapport with their prey.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Cybercrime Phishing Passwords

Social engineering attacks target Okta customers to achieve a highly privileged role

Security Affairs

SEPTEMBER 2, 2023

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions.

Social Engineering

Social Engineering Engineering Authentication Accountability

Python Developers Targeted with Malware During Fake Job Interviews

Schneier on Security

SEPTEMBER 17, 2024

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware.

Malware

Malware Social Engineering Engineering Hacking

Twitter Hacking for Profit and the LoLs

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. ” Twice in the past year, the OGUsers forum was hacked , and both times its database of usernames, email addresses and private messages was leaked online.

Hacking

Hacking Accountability Scams Media

Instagram Hacked: Top 5 Ways to Protect Your Account

Hacker's King

DECEMBER 26, 2024

While hacking attempts continue to evolve, so do the strategies to secure your account. Here are five distinct ways to safeguard your Instagram from being hacked, with fresh insights you wont find elsewhere. Common Social Engineering Techniques: Fake messages from accounts posing as Instagram support.

Accountability

Accountability Hacking Social Engineering Passwords

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Joseph Steinberg

OCTOBER 24, 2022

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window.

Cybersecurity

Cybersecurity Social Engineering Artificial Intelligence Scams

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

SecureWorld News

APRIL 22, 2025

This incident highlights the critical vulnerability in cryptocurrency communities, where high-net-worth individuals or executives may be more prone to social engineering attacks due to the high volume of media and investor engagement they handle. billion hack of the Bybit exchange in February 2025.

Cryptocurrency

Cryptocurrency Social Engineering Cybercrime Engineering

Hackers Stole Access Tokens from Okta’s Support Unit

Krebs on Security

OCTOBER 20, 2023

The disclosure from Okta comes just weeks after casino giants Caesar’s Entertainment and MGM Resorts were hacked. In both cases, the attackers managed to social engineer employees into resetting the multi-factor login requirements for Okta administrator accounts.

Social Engineering

Social Engineering Engineering Accountability Hacking

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

Security Affairs

APRIL 21, 2025

The malware is delivered via social engineering, attackers attempt to trick victims into tapping cards on infected phones. Calls enable social engineering in a Telephone-Oriented Attack Delivery (TOAD) scenario. Analysis of the SuperCard X campaign in Italy revealed custom malware builds tailored for regional use.

Malware

Malware Social Engineering Banking Engineering

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Security Affairs

JANUARY 21, 2025

” Threat actors are attempting to use social engineering techniques by exploiting the trust of local entities in the authority. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Ukraine)

Social Engineering

Social Engineering Scams Engineering Software

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

Rather than using advanced hacking techniques, they exploited systems with default credentials to compromise target networks. Observed ChatGPT behavior mainly involved reconnaissance, threat actors used the OpenAI’s platform to seek info on companies, services, and vulnerabilities, similar to search engine queries.

Malware

Malware Social Engineering Engineering Hacking

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

The Last Watchdog

MARCH 28, 2025

Mar 28, 2025, CyberNewswire — From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Palo Alto, Calif.,

Antivirus

Antivirus Ransomware Social Engineering Engineering

Happy 15th Anniversary, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2024

Identified by the Mandiant as one of the most consequential threat actors of 2024, Judische was responsible for a hacking rampage that exposed private information on hundreds of millions of Americans. One focus of that story was a Canadian cybercriminal who used the nickname Judische.

Scams

Scams Cybercrime Cryptocurrency Social Engineering

15 SpyLoan Android apps found on Google Play had over 8 million installs

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Google Play)

Social Engineering

Social Engineering Media Mobile Scams

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

Security Affairs

MAY 17, 2025

“Contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,deepfake) ” reads the alert issued by the FBI.

Government

Government Social Engineering Authentication Accountability

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses. ” reads the press release published by DoJ.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

Score an extra 15% discount on this cyber analysis training on sale ahead of Black Friday

Tech Republic Security

NOVEMBER 12, 2021

Eight courses and 51 hours of content on CompTIA CySA+, ethical hacking, social engineering and more. Everything you need to be a certified cybersecurity analyst.

Social Engineering

Social Engineering Engineering Hacking Cybersecurity

The Original APT: Advanced Persistent Teenagers

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. In fact, the group often announces its hacks on social media.

Social Engineering

Social Engineering Phishing Engineering Accountability

Shields up US retailers. Scattered Spider threat actors can target them

Security Affairs

MAY 17, 2025

The financially motivated group UNC3944 (also known as Scattered Spider , 0ktapus ) is known for social engineering and extortion. The cybercrime group is suspected of hacking intohundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp.

Retail

Retail Social Engineering Cybercrime Financial Services

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

With the help of these documents, even inexperienced operators with limited hacking skills can quickly acquire the necessary expertise to successfully forward counterfeit EDRs. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,EDR-as-a-Service)

Cybercrime

Cybercrime Social Engineering Accountability Government

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Security Affairs

DECEMBER 25, 2024

TraderTraitor activity is often characterized by targeted social engineering directed at multiple employees of the same company simultaneously.” Researchers attributed the hack of Harmonys Horizon bridge and Sky Mavis Ronin Bridge to North Korea-linked threat actors. BTC ($308M).

Cryptocurrency

Cryptocurrency Social Engineering Hacking Cybercrime

Node.js malvertising campaign targets crypto users

Security Affairs

APRIL 17, 2025

In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter) to deploy malicious payloads. components.

Social Engineering

Social Engineering Malware Cryptocurrency Engineering

New Charges Derail COVID Release for Hacker Who Aided ISIS

Krebs on Security

JANUARY 19, 2021

He admitted to hacking a U.S.-based based e-commerce company, stealing personal and financial data on 1,300 government employees, and providing the data to an Islamic State hacking group. ” [Side note: It may be little more than a coincidence, but my PayPal account was hacked in Dec.

Identity Theft

Identity Theft Government Social Engineering Accountability

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The method, known as "ClickFix," leverages social engineering to bypass traditional email-based defenses. Cedric Leighton , CNN Military Analyst; U.S.

Malware

Malware Social Engineering Engineering Government

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing

Phishing VPN Social Engineering Media

xz Utils Backdoor

Schneier on Security

APRIL 2, 2024

Installing it was a multi-year process that seems to have involved social engineering the lone unpaid engineer in charge of the utility. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware. It was an incredibly complex backdoor.

Social Engineering

Social Engineering Engineering Software Encryption

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

The Last Watchdog

NOVEMBER 19, 2023

A hacking gang known as Scattered Spiders soundly defeated the cybersecurity defenses of MGM and Caesars casinos. Scattered spiders In early September, Scattered Spiders infiltrated MGM and Caesars using a variety of relatively common hacking techniques.

Social Engineering

Social Engineering Passwords Authentication Marketing

U.S. authorities charged an Iranian national for long-running hacking campaign

Security Affairs

MARCH 2, 2024

Department of Justice (DoJ) charged Iranian national Alireza Shafie Nasab (39) for multi-year hacking campaign targeting U.S. Our National Security Cyber Section remains focused on disputing these cross-border hacking schemes and holding those responsible to account.” government and defense entities. Targeted entities include the U.S.

Hacking

Hacking Identity Theft Social Engineering Accountability

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Security Affairs

OCTOBER 29, 2024

The experts noticed that Civil Defense website employs social engineering tactics to trick users into installing APK outside the App Store. “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, UNC5812)

Malware

Malware Social Engineering Software Mobile

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

Ueland said after hearing about the escrow.com hack Monday evening he pulled the domain name system (DNS) records for escrow.com and saw they were pointing to an Internet address in Malaysia — 111.90.149[.]49 com was identical to the one displayed by escrow.com while the site’s DNS records were hacked.

Phishing

Phishing DNS Social Engineering Accountability

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

Threat actors relies on social engineering tactics like ClickFix and FakeCaptcha to trick users into executing malicious scripts via PowerShell or Run prompts. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, malware)

Encryption

Encryption Password Management Cryptocurrency Social Engineering

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

SecureWorld News

FEBRUARY 28, 2025

This is because the whole paradigm around security training is building technical knowledge; whereas the whole point of successful social engineering is to bypass the logical and rational brain and bait the subconscious and emotions. it's WAY easier to hack minds than networks. Cybersecurity training isn't the full solution.

Cybersecurity

Cybersecurity Risk Social Engineering Phishing

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

Security Affairs

DECEMBER 1, 2024

Through Zyxel! Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter )

Malware

Malware Social Engineering Antivirus Engineering

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. The big names that pioneered in these targeted attacks are Sodinokibi (aka REvil) and Ryuk. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Scattered Spider Strikes Again: U.K. Attacks Spark U.S. Retailer Alarm

SecureWorld News

MAY 16, 2025

Scattered Spider is a financially motivated threat actor group known for its social engineering prowess, SIM-swapping attacks, and living-off-the-land (LOTL) techniques. The group is well known to employ social engineering tactics to gain access, so hardening your help desk is an immediate first step in defense," Staynings continued.

Retail

Retail Social Engineering Engineering Telecommunications

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Social engineering: A cheat sheet for business professionals

Trending Sources

North Korean Hackers Steal $1.5B in Cryptocurrency

When Low-Tech Hacks Cause High-Impact Breaches

The Mad Liberator ransomware group uses social-engineering techniques

Ô! China Hacks Canada too, Says CCCS

Cloak ransomware group hacked the Virginia Attorney General’s Office

Feds Charge Five Men in ‘Scattered Spider’ Roundup

A Day in the Life of a Prolific Voice Phishing Crew

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Social engineering attacks target Okta customers to achieve a highly privileged role

Python Developers Targeted with Malware During Fake Job Interviews

Twitter Hacking for Profit and the LoLs

Instagram Hacked: Top 5 Ways to Protect Your Account

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

Hackers Stole Access Tokens from Okta’s Support Unit

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Iran and China-linked actors used ChatGPT for preparing attacks

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

Happy 15th Anniversary, KrebsOnSecurity!

15 SpyLoan Android apps found on Google Play had over 8 million installs

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Score an extra 15% discount on this cyber analysis training on sale ahead of Black Friday

The Original APT: Advanced Persistent Teenagers

Shields up US retailers. Scattered Spider threat actors can target them

EDR-as-a-Service makes the headlines in the cybercrime landscape

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Node.js malvertising campaign targets crypto users

New Charges Derail COVID Release for Hacker Who Aided ISIS

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

Voice Phishers Targeting Corporate VPNs

xz Utils Backdoor

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

U.S. authorities charged an Iranian national for long-running hacking campaign

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Scattered Spider Strikes Again: U.K. Attacks Spark U.S. Retailer Alarm

Stay Connected