Schneier on Security

NOVEMBER 28, 2018

This presents a scary social-engineering vector for malware: A malicious person volunteers to help maintain the project, makes some small, positive contributions, gets commit access to the project, and releases a malicious patch, infecting millions of users and apps.

Malware 270

Malware Social Engineering Engineering 270

Security Affairs

JUNE 8, 2023

North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. ” concludes the report.

Social Engineering 98

Social Engineering Engineering Malware Risk 98

SecureWorld News

APRIL 22, 2025

Once the victim accepts the invitation, the attackers ask for remote control access to the individual's computer under the guise of technical support or presentation assistance. According to Security Alliance's findings, the campaign relied on social engineering and Zoom's remote control feature to infect targets with malware.

Cryptocurrency 90

Cryptocurrency Social Engineering Cybercrime Engineering 90

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering.

Scams 123

Scams Malware Phishing Social Engineering 123

Security Affairs

DECEMBER 1, 2024

Through Zyxel! Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter )

Malware 71

Malware Social Engineering Antivirus Engineering 71

The Last Watchdog

JANUARY 30, 2025

Critically, the malicious extension only requires read/write capabilities present in the majority of browser extensions on the Chrome Store, including common productivity tools like Grammarly, Calendly and Loom, desensitizing users from granting these permissions.

Social Engineering 130

Social Engineering Engineering Authentication Accountability 130

Schneier on Security

MAY 1, 2024

Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her.

Scams 338

Scams Social Engineering Artificial Intelligence Engineering 338

Security Affairs

APRIL 7, 2025

OPERATIONAL MANUALS AND DECEPTION STRATEGIES As further evidence of the increasing professionalization of this illicit sector, Meridian Group reports the publication of informational content designed to guide the proper use of EDR services, presented as a detailed guide on how to correctly complete and unlawfully submit the requests.

Cybercrime 139

Cybercrime Social Engineering Accountability Government 139

Duo's Security Blog

NOVEMBER 20, 2023

This group of English-speaking threat actors are known for launching sophisticated campaigns that can bypass weak MFA implementations, leveraging tactics such as SIM swapping, adversary-in-the-middle (AiTM) techniques, and social engineering to gain unauthorized access to organizations’ sensitive data.

Threat Detection 138

Threat Detection Authentication Accountability Data breaches 138

Security Boulevard

OCTOBER 30, 2024

Cybersecurity firm Proofpoint, which is eyeing an IPO in the next 18 months, is buying startup Normalyze to improve its data protection capabilities and mitigate the threat humans present in an increasingly fast-paced, interconnected, and AI-focus world.

Cybersecurity 110

Cybersecurity Social Engineering Security Awareness Engineering 110

SecureWorld News

MARCH 20, 2025

This annual college basketball bonanza presents a prime opportunity for scammers to capitalize on excitement, urgency, and, of course, the lure of easy money. This intersection of sports, money, and digital activity makes for a perfect storm of social engineering attacks.

Scams 82

Scams Social Engineering Mobile Phishing 82

The Last Watchdog

APRIL 22, 2025

As AI technology advances, attackers are shifting their focus from technical exploits to human emotions using deeply personal and well-orchestrated social engineering tactics. Uprotected targets Companies admit they are largely unprepared for this dangerous evolution.

Authentication 100

Authentication Social Engineering Technology Media 100

Herjavec Group

AUGUST 26, 2021

1970-1995 — Kevin Mitnick — Beginning in 1970, Kevin Mitnick penetrates some of the most highly-guarded networks in the world, including Nokia and Motorola, using elaborate social engineering schemes, tricking insiders into handing over codes and passwords, and using the codes to access internal computer systems.

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135

Security Affairs

AUGUST 2, 2021

Did you ever stop to think that the office smart TV used for company presentations, Zoom meetings, and other work-related activities may not be so trustworthy? Later that day, a company meeting takes place in that same meeting room, and the smart TV displays a presentation containing confidential data. The Faceless Man.

Social Engineering 138

Social Engineering Healthcare Engineering Hacking 138

Schneier on Security

AUGUST 13, 2021

Defcon presentation and slides. Combine it with voice and video synthesis, and you have some pretty scary scenarios. The real risk isn’t that AI-generated phishing emails are as good as human-generated ones, it’s that they can be generated at much greater scale. Another news article.

Phishing 360

Phishing Risk Social Engineering Artificial Intelligence 360

SecureList

FEBRUARY 20, 2025

The annual MDR analyst report presents insights based on the analysis of incidents detected by Kaspersky’s SOC team. User Execution and Phishing techniques ranked again in the top three threats, with nearly 5% of high-severity incidents involving successful social engineering.

Social Engineering 101

Social Engineering Phishing Government Threat Detection 101

CSO Magazine

APRIL 27, 2023

They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging Tactics, Techniques, and Procedures (TTPs) and advised organizations on how to prepare for them. To read this article in full, please click here

Social Engineering 137

Social Engineering Cyber Attacks Advertising Engineering 137

Schneier on Security

JUNE 20, 2018

To achieve this the adversary might use social engineering techniques such as phishing and vishing and/or tools such as Man-in-the-Browser malware. Applied to 2FA, the user would no longer need to open and read the SMS from which the code has already been conveniently extracted and presented.

Authentication 179

Authentication Banking Social Engineering Mobile 179

Security Through Education

JUNE 10, 2025

You don’t need to be a tech expert to protect your kids online—you just need to be informed, proactive, and present. Written by Amanda Marchuck Online Content Manager, Social-Engineer, LLC With the right tools and conversations, you can help your child explore the digital world safely and confidently this summer.

Social Engineering 104

Social Engineering Technology Engineering Education 104

IT Security Guru

NOVEMBER 1, 2024

Phishing and Social Engineering: These tactics manipulate individuals to disclose sensitive information. National security policies must consider the long-term implications of climate change to maintain regional stability and manage the social, political, and economic effects of environmental disruptions according to resustain.com 4.

Technology 109

Technology Cyber Attacks Government Social Engineering 109

Security Through Education

MARCH 22, 2023

They all use psychology and social engineering skills to convince their victims to take an action that is detrimental to them. But at that very moment your boss emails you telling you to buy some Apple gift cards from a nearby store for a presentation they have. Urgency You’re done with your workday, about to log off.

Scams 122

Scams Social Engineering Engineering Media 122

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. Social engineering invariably is the first step in cyber attacks ranging from phishing and ransomware to business email compromise ( BEC ) scams and advanced persistent threat ( APT ) hacks.

Social Engineering 174

Social Engineering Cyber Attacks Scams Engineering 174

CSO Magazine

MARCH 21, 2022

Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. 2012: Court Ventures gets social-engineered. Sometimes all it takes is some brazen misrepresentation and social engineering skills. Sign up for CSO newsletters. ].

Social Engineering 113

Social Engineering CSO Engineering Data breaches 113

SecureList

MAY 28, 2025

The threat actors behind Zanubis continue to refine its code adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. Additionally, several debugging functions were still present in the versions captured in the wild.

Banking 105

Banking Malware Energy and Utilities Encryption 105

Javvad Malik

DECEMBER 12, 2022

My presentation on navigating the social engineering jungle. Cuthbert spoke about security walled gardens, the responsibility of the cybersecurity community, and how to work with regulators in order to defend our digital world from the ravages of criminal enterprises.

Social Engineering 234

Social Engineering Engineering Cybersecurity 234

eSecurity Planet

MARCH 14, 2025

Using an insidious social engineering method called ClickFix, attackers manipulate users into unwittingly executing malicious commands, leading to extensive data theft and financial fraud. ClickFix: A tactic to bypass traditional defenses ClickFix capitalizes on human error by presenting victims with seemingly routine error messages.

Phishing 61

Phishing Malware Social Engineering Authentication 61

Security Through Education

MARCH 8, 2023

People in many different professions use social engineering as a tool in everyday life. In the case of sales, social engineering plays a significant role in persuading potential customers to buy a product or service. This is done using a social engineering technique known as Influence Tactics.

Social Engineering 111

Social Engineering Engineering Education Technology 111

Security Through Education

OCTOBER 27, 2021

A human firewall is made up of the defenses the target presents to the attacker during a request for information. Social-Engineer, LLC saw an almost 350% increase in recognition of phishing emails when using a similar training platform in 2020. The answer is simple; with simulated attacks and subsequent training.

Cybersecurity 137

Cybersecurity Social Engineering Firewall Engineering 137

SecureList

DECEMBER 9, 2024

Kaspersky presented detailed technical analysis of this case in three parts. This case underscores the serious risk that social engineering and supply chain attacks pose to open-source projects. Kaspersky products detect malicious objects related to the attack. Kaspersky products detect malicious objects related to the attack.

Internet 110

Internet Internet Risk Social Engineering 110

The Last Watchdog

SEPTEMBER 21, 2022

Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. It describes companies that present customers with an offering, as its name suggests, to purchase and use “as a service.” Related: Utilizing humans as security sensors. Phishing-as-a-Service (PhaaS). Mitigating PhaaS.

Phishing 198

Phishing Artificial Intelligence Cybercrime Social Engineering 198

IT Security Guru

NOVEMBER 18, 2024

It’s interesting to note that many people will happily unlock their phone by just looking at it and have no problem tapping their bank card against a store’s point of sale terminal, but if the term password security is presented to them, they have a blank expression, or worse, shrink away.

Passwords 101

Passwords Password Management Technology Authentication 101

eSecurity Planet

JANUARY 28, 2022

A little more than a week later, cybersecurity firm Armorblox outlined an account takeover attack that leveraged malicious phishing and social engineering. In Armobox’s research, hackers used email with a socially engineered payload. Social Engineering Not Going Away. Spoofed Zoom email.

Social Engineering 130

Social Engineering Engineering Phishing Accountability 130

BH Consulting

NOVEMBER 14, 2024

The result, as ever, was presentations strong on realism and common sense, short on sales hype and scaremongering. James Coker, reporting from the conference for Infosecurity Magazine, had this writeup of McArdle’s presentation. There was no doubting the one topic on almost everyone’s minds at IRISSCON 2024: AI.

Artificial Intelligence 64

Artificial Intelligence Ransomware Social Engineering Cybersecurity 64

Webroot

JANUARY 21, 2025

Todays adversaries employ advanced tactics like cross-domain attacks, use of stolen credentials, and sophisticated social engineering campaigns to infiltrate systems. The days of simplistic attacks that can be thwarted by basic defenses are long gone. In addition to their increasing sophistication, adversaries are also incredibly fast.

Threat Detection 107

Threat Detection Social Engineering Technology Cybersecurity 107

SecureList

APRIL 24, 2024

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. While this highly targeted and interactive social engineering approach might not be completely novel, it is extraordinary. It’s highly recommended reading. It’s highly recommended reading.

Social Engineering 140

Social Engineering Engineering Accountability VPN 140

Krebs on Security

AUGUST 5, 2019

“If the account is active, hackers then can go to the next stage for 2FA phishing or social engineering, or linking the accounts with another.” “The way it works today, you the aggregator or app stores the credentials encrypted and presents them to the bank.

Banking 279

Banking Passwords Risk Accountability 279

Security Boulevard

JANUARY 20, 2025

Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Successful exploitation requires social engineering users into manipulating a specially crafted file. These probably don't affect most users reading this. CVE-2025-21308.

Surveillance 97

Surveillance Malware Data breaches Scams 97