social engineering - Security Ticks

Social engineering scams sweep through financial institutions

BioCatch, cybercrime, financial industry, fraud, News, report, social engineering, survey / SecurityTicks

Social engineering scams sweep through financial institutions 2024-11-13 at 06:04 By Help Net Security North American financial institutions fielded 10 times more reports of social engineering scams in 2024 than they did a year ago, according to BioCatch. The data shows scams now represent 23% of all digital banking fraud. Growing danger of deepfake and […]

React to this headline:

Social engineering scams sweep through financial institutions Read More »

Black Basta operators phish employees via Microsoft Teams

Don't miss, enterprise, Hot stuff, Microsoft Teams, News, phishing, Ransomware, ReliaQuest, SMBs, social engineering / SecurityTicks

Black Basta operators phish employees via Microsoft Teams 2024-10-28 at 18:51 By Zeljka Zorz Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft Teams. Phishing via MS Teams Earlier this year, Rapid7 warned about Black Basta using the

React to this headline:

Black Basta operators phish employees via Microsoft Teams Read More »

Fake Google Meet pages deliver infostealers

Don't miss, Hot stuff, macOS, Malware, News, Proofpoint, Sekoia.io, social engineering, video conferencing, Windows / SecurityTicks

Fake Google Meet pages deliver infostealers 2024-10-17 at 14:47 By Zeljka Zorz Users of the Google Meet video communication service have been targeted by cyber crooks using the ClickFix tactic to infect them with information-stealing malware. Fake Google Meet video conference page with malicious ClickFix pop-up (Source: Sekoia) “The ClickFix tactic deceives users into downloading

React to this headline:

Fake Google Meet pages deliver infostealers Read More »

Transportation, logistics companies targeted with lures impersonating fleet management software

Don't miss, Hot stuff, Malware, News, Proofpoint, social engineering, supply chain, transportation, USA / SecurityTicks

Transportation, logistics companies targeted with lures impersonating fleet management software 2024-09-24 at 17:46 By Zeljka Zorz Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever new trick. How the attack unfolds According to Proofpoint threat researchers, the attackers start by compromising

React to this headline:

Transportation, logistics companies targeted with lures impersonating fleet management software Read More »

North Korean hackers’ social engineering tricks

Cryptocurrency, Cryptocurrency Exchange, Don't miss, government-backed attacks, Hot stuff, News, North Korea, social engineering / SecurityTicks

North Korean hackers’ social engineering tricks 2024-09-04 at 15:31 By Zeljka Zorz “North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months,” the FBI has warned through a public service announcement. This suggests that they are likely to target companies associated with

React to this headline:

North Korean hackers’ social engineering tricks Read More »

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise

cybersecurity, DevOps, DevSecOps, GitHub, GitLab, GitProtect.io, monitoring, News, penetration testing, Ransomware, report, social engineering, vulnerability management / SecurityTicks

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise 2024-08-07 at 06:01 By Help Net Security Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io. DevSecOps The possibility to integrate security

React to this headline:

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise Read More »

Email attacks skyrocket 293%

Acronis, Artificial Intelligence, attacks, cybersecurity, email security, MSP, News, Ransomware, report, social engineering / SecurityTicks

Email attacks skyrocket 293% 2024-08-06 at 06:31 By Help Net Security Email attacks have surged by 293% in the first half of 2024 compared to the same period in 2023, according to Acronis. The number of ransomware detections was also on the rise, increasing 32% from Q4 2023 to Q1 2024. Ransomware remains a top

React to this headline:

Email attacks skyrocket 293% Read More »

Malware peddlers love this one social engineering trick!

consumer, cybercrime, Don't miss, enterprise, Hot stuff, Malware, News, Proofpoint, scams, social engineering / SecurityTicks

Malware peddlers love this one social engineering trick! 2024-06-17 at 16:16 By Zeljka Zorz Attackers are increasingly using a clever social engineering technique to get users to install malware, Proofpoint researchers are warning. The message warns of a problem but also offers a way to fix it (Source: Proofpoint) Social engineering users to install malware

React to this headline:

Malware peddlers love this one social engineering trick! Read More »

90% of threats are social engineering

APT, Avast, cybersecurity, Don't miss, Gen, Hot stuff, Malware, phishing, Ransomware, scams, social engineering, threats, Video / SecurityTicks

90% of threats are social engineering 2024-06-06 at 06:32 By Help Net Security In this Help Net Security video, Jakub Kroustek, Malware Research Director at Gen, discusses the Avast Q1 2024 Threat Report. The report highlights significant trends and incidents in cybersecurity. Key findings include: Surge in social engineering attacks: Nearly 90% of threats blocked

React to this headline:

90% of threats are social engineering Read More »

Identity-related incidents becoming severe, costing organizations a fortune

authentication, cybercrime, cybersecurity, identity, IDSA, News, report, social engineering, survey / SecurityTicks

Identity-related incidents becoming severe, costing organizations a fortune 2024-05-30 at 06:09 By Help Net Security With the rise of identity sprawl and system complexity, more businesses are suffering identity-related incidents than ever before, according to IDSA. Identity-related incidents in headlines Identity-related incidents continue to dominate today’s headlines. Clorox, MGM, and Caesars fell prey to social

React to this headline:

How fraudsters stole $37 million from Coinbase Pro users

account hijacking, Coinbase, Don't miss, fraud, Hot stuff, News, phishing, remote access, social engineering, USA / SecurityTicks

How fraudsters stole $37 million from Coinbase Pro users 2024-05-29 at 13:46 By Zeljka Zorz A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal over $37 million from unlucky Coinbase Pro users. One of them – Chirag Tomar, a 30-year-old citizen of the Republic of India – has

React to this headline:

How fraudsters stole $37 million from Coinbase Pro users Read More »

YouTube has become a significant channel for cybercrime

Avast, cybercrime, cybersecurity, deepfakes, News, report, scams, social engineering, survey / SecurityTicks

YouTube has become a significant channel for cybercrime 2024-05-21 at 06:31 By Help Net Security Social engineering threats – those which rely on human manipulation – account for most cyberthreats faced by individuals in 2024, according to Avast. According to the latest quarterly Avast Threat Report, which looks at the threat landscape from January-March 2024,

React to this headline:

YouTube has become a significant channel for cybercrime Read More »

Black Basta target orgs with new social engineering campaign

CISA, Don't miss, Hot stuff, News, Ransomware, Rapid7, remote management, social engineering, vishing / SecurityTicks

Black Basta target orgs with new social engineering campaign 2024-05-13 at 15:46 By Zeljka Zorz Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access tools. Black Basta TTPs and newest initial access attempts According to a cybersecurity advisory

React to this headline:

Black Basta target orgs with new social engineering campaign Read More »

GenAI can enhance security awareness training

awareness, cybersecurity, deepfakes, Don't miss, Expert analysis, Expert corner, framework, generative AI, Hot stuff, News, opinion, Prism Infosec, social engineering, training / SecurityTicks

GenAI can enhance security awareness training 2024-04-24 at 07:31 By Help Net Security One of the biggest concerns over generative AI is its ability to manipulate us, which makes it ideal for orchestrating social engineering attacks. From mining someone’s digital footprint to crafting highly convincing spear phishing emails, to voice capture enabling vishing and deep

React to this headline:

GenAI can enhance security awareness training Read More »

Cisco Duo provider breached, SMS MFA logs compromised

Cisco, Don't miss, Duo Security, Hot stuff, MFA, MSP, News, social engineering, third party compromise / SecurityTicks

Cisco Duo provider breached, SMS MFA logs compromised 2024-04-16 at 18:31 By Zeljka Zorz Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-factor authentication) SMS message logs of Duo customers. About the attack The unnamed provider – one of two that Duo uses

React to this headline:

Cisco Duo provider breached, SMS MFA logs compromised Read More »

New open-source project takeover attacks spotted, stymied

backdoor, CISA, Don't miss, Endor Labs, Hot stuff, News, O'Reilly, open source, OpenJS Foundation, OpenSSF, social engineering, supply chain attacks, tips / SecurityTicks

New open-source project takeover attacks spotted, stymied 2024-04-16 at 16:16 By Zeljka Zorz The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious maintainer achieved that coveted position after

React to this headline:

New open-source project takeover attacks spotted, stymied Read More »

US organizations targeted with emails delivering NetSupport RAT

Don't miss, Hot stuff, Malware, News, Perception Point, phishing, Remote Access Trojan, social engineering / SecurityTicks

US organizations targeted with emails delivering NetSupport RAT 2024-03-22 at 15:08 By Helga Labus Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The malware campaign The campaign, dubbed PhantomBlu, takes the form of email messages purportedly coming from a

React to this headline:

US organizations targeted with emails delivering NetSupport RAT Read More »

95% believe LLMs making phishing detection more challenging

Artificial Intelligence, generative AI, LastPass, News, phishing, report, social engineering / SecurityTicks

95% believe LLMs making phishing detection more challenging 2024-03-04 at 07:32 By Help Net Security More than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass. Recent AI advancements, particularly generative AI, have empowered cybercriminals to coordinate social engineering assaults with unprecedented

React to this headline:

95% believe LLMs making phishing detection more challenging Read More »