Schneier on Security

APRIL 22, 2024

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

Malware 339

Malware Social Engineering Engineering Software 339

Schneier on Security

APRIL 2, 2024

An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. modified the way the software functions. It was an incredibly complex backdoor.

Social Engineering 354

Social Engineering Engineering Software Encryption 354

NetSpi Executives

OCTOBER 25, 2024

In this article, we will dive deep into the sea of phishing and vishing, sharing real-world stories and insights we’ve encountered during social engineering tests to highlight the importance of awareness. The customer didn’t provide any other information. Time to start digging around!

Social Engineering 98

Social Engineering Engineering Phishing Penetration Testing 98

eSecurity Planet

OCTOBER 22, 2024

ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues.

Scams 124

Scams Malware Phishing Social Engineering 124

The Hacker News

APRIL 26, 2024

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors.

Software 142

Software Social Engineering Malware Engineering 142

SecureWorld News

JANUARY 7, 2025

Beware the Poisoned Apple: Defending Against Malware and Social Engineering Just like Snow White was tricked into accepting a poisoned apple from the Evil Queen, malware and social engineering attacks exploit trust to deliver harmful payloads. Are your defenses ready to withstand a "Jack"?

Cybersecurity 113

Cybersecurity Social Engineering Phishing Engineering 113

Krebs on Security

AUGUST 21, 2020

” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. Employ the principle of least privilege and implement software restriction policies or other controls; monitor authorized user accesses and usage.

VPN 363

VPN Social Engineering Authentication Engineering 363

Schneier on Security

DECEMBER 20, 2022

The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

Social Engineering 242

Social Engineering Engineering Software Government 242

Security Affairs

OCTOBER 29, 2024

Civil Defense” poses as a provider of free software programs that allow potential conscripts to view and share crowdsourced locations of Ukrainian military recruiters. The threat actors use the Civil Defense website to distribute multiple software programs that, once installed, download different malware families.

Malware 133

Malware Social Engineering Software Mobile 133

Malwarebytes

DECEMBER 19, 2024

Social engineering is a core part of these schemes and the tricks we see are sometimes very clever. The new campaign we observed uses a a combination of malicious ads and decoy pages for software brands, followed by a fake Cloudflare notification that instructs users to manually run a few key combinations.

Social Engineering 100

Social Engineering Engineering Malware Antivirus 100

SecureWorld News

APRIL 22, 2025

This incident highlights the critical vulnerability in cryptocurrency communities, where high-net-worth individuals or executives may be more prone to social engineering attacks due to the high volume of media and investor engagement they handle. This adds an additional layer of protection in the event of credential theft.

Cryptocurrency 92

Cryptocurrency Social Engineering Cybercrime Engineering 92

Schneier on Security

APRIL 2, 2021

“Guides for cheats will typically ask users to disable or uninstall antivirus software and host firewalls, disable kernel code signing, etc.” . “It is common practice when configuring a cheat program to run it the with the highest system privileges,” the report notes. ” Detailed report.

Software 228

Software Malware Advertising Antivirus 228

Security Affairs

DECEMBER 1, 2024

A Case-Control Study to Measure Behavioral Risks of Malware Encounters in Organizations PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot Bootkitty: Analyzing the first UEFI bootkit for Linux Hudson Rock Announces First Comprehensive Infostealers AI Bot: CavalierGPT Gaming Engines: An Undetected Playground for (..)

Malware 85

Malware Social Engineering Antivirus Engineering 85

SecureWorld News

MAY 16, 2025

Scattered Spider is a financially motivated threat actor group known for its social engineering prowess, SIM-swapping attacks, and living-off-the-land (LOTL) techniques. The group is well known to employ social engineering tactics to gain access, so hardening your help desk is an immediate first step in defense," Staynings continued.

Retail 76

Retail Social Engineering Engineering Telecommunications 76

SecureWorld News

JANUARY 22, 2025

Limitations of traditional security measures While organizations typically rely on email filters, firewalls, and antivirus software, these solutions often fall short against AI-powered phishing attacks.

Phishing 115

Phishing Threat Detection Social Engineering DNS 115

Security Affairs

OCTOBER 11, 2024

.” Beyond previous reports on this threat actor’s focus on ICS and PLCs, the prompts observed during this campaign provide precious information on other technologies and software the state-sponsored hackers may target.

Malware 142

Malware Social Engineering Engineering Hacking 142

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. The key works without the need for any special software drivers.

Hacking 333

Hacking Social Engineering Phishing Scams 333

Security Affairs

APRIL 17, 2025

attacks, threat actors use malvertising to lure users to fake sites offering malicious installers disguised as legitimate software. In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js Though less common today, Node.js-based

Social Engineering 119

Social Engineering Malware Cryptocurrency Engineering 119

Security Affairs

NOVEMBER 15, 2024

Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. Threat actors relies on social engineering tactics like ClickFix and FakeCaptcha to trick users into executing malicious scripts via PowerShell or Run prompts.

Encryption 131

Encryption Password Management Cryptocurrency Social Engineering 131

SecureWorld News

MAY 28, 2025

In early May 2025, two of the United Kingdom's best-known grocers, Marks & Spencer (M&S) and the Co-op, as well as luxury retailer Harrods, were struck by sophisticated social-engineering attacks that tricked IT teams into resetting critical passwords and deploying ransomware across their networks.

Retail 106

Retail Social Engineering Passwords Ransomware 106

Tech Republic Security

FEBRUARY 15, 2024

Whether an infection is the result of a disgruntled employee, hardware vulnerability, software-based threat, social engineering penetration, robotic attack or human error, all organizations must be prepared to immediately respond effectively to such an issue if the corresponding damage is to be minimized.

Malware 178

Malware Social Engineering Engineering Software 178

SecureWorld News

MAY 9, 2025

The method, known as "ClickFix," leverages social engineering to bypass traditional email-based defenses. The threat posed by the complex LOSTKEYS infection is serious, especially as the Russian state-sponsored group COLDRIVER uses the software to attack high-profile political targets.

Malware 88

Malware Social Engineering Engineering Government 88

Krebs on Security

APRIL 11, 2023

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. This could be via social engineering, spear phishing attacks, or exploitation of other services.”

Social Engineering 306

Social Engineering Ransomware Internet Internet 306

The Last Watchdog

JANUARY 30, 2025

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victims browser. The browser syncjacking attack exposes a fundamental flaw in the way remote-managed profiles and browsers are managed.

Social Engineering 130

Social Engineering Engineering Authentication Media 130

Security Affairs

DECEMBER 25, 2024

TraderTraitor activity is often characterized by targeted social engineering directed at multiple employees of the same company simultaneously.” BTC ($308M).

Cryptocurrency 135

Cryptocurrency Social Engineering Hacking Cybercrime 135

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

APRIL 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report. Microsoft Corp.

Malware 331

Malware Software Technology Accountability 331

Krebs on Security

JANUARY 29, 2020

This sort of information would no doubt be of interest to scammers seeking to conduct social engineering attacks against Sprint employees as way to perpetrate other types of fraud, including unauthorized SIM swaps or in gleaning more account information from targeted customers.

Social Engineering 329

Social Engineering Telecommunications Data privacy Engineering 329

Krebs on Security

NOVEMBER 14, 2023

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks.

Social Engineering 330

Social Engineering Internet Internet Phishing 330

Krebs on Security

NOVEMBER 21, 2020

In response to questions from KrebsOnSecurity, GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam. GoDaddy said the outage between 7:00 p.m. and 11:00 p.m. PST on Nov.

Cryptocurrency 364

Cryptocurrency VPN Scams Social Engineering 364

Bleeping Computer

SEPTEMBER 15, 2023

Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. [.]

Social Engineering 141

Social Engineering Authentication Engineering Accountability 141

Webroot

MARCH 3, 2025

Medical identity theft Medical identity theft happens when someone steals or uses your personal information like your name, Social Security number, or Medicare details, to get healthcare in your name. Social engineering attacks Social engineering attacks occur when someone uses a fake persona to gain your trust.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

Malwarebytes

APRIL 1, 2025

Even though scammers can use Artificial Intelligence to create convincing emails that appear to come from the IRS, there are often some tell-tale signs of social engineering attempts: Too good to be true: Huge, unexpected tax returns are usually just an incentive to get you to surrender private information in the hopes of obtaining that sum.

Scams 139

Scams Phishing Artificial Intelligence Social Engineering 139

SecureWorld News

FEBRUARY 20, 2025

Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, explains: "Attacks on legacy cyber-physical, IoT, and IIoT devicesparticularly in an OT environmentare to be expected and must be planned for as part of the operational requirements for the device. Enforce DMARC, DKIM, and SPF to prevent spoofing.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

SecureWorld News

DECEMBER 17, 2024

This operation, which blends social engineering and technical exploitation, has resulted in the theft of more than 390,000 WordPress credentials. Stephen Kowski added: "This attack targeted the software development pipeline by corrupting widely-used libraries and tools.

Phishing 109

Phishing Threat Detection Social Engineering Cybercrime 109

Krebs on Security

MAY 14, 2024

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. To ensure your Mac is up-to-date, go to System Settings, General tab, then Software Update and follow any prompts.

Social Engineering 298

Social Engineering Backups Malware Software 298

Schneier on Security

APRIL 11, 2024

There’s an important moral to the story of the attack and its discovery : The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. The modularity they provide makes software projects tractable.

Software 361

Software Engineering Internet Internet 361