Articles tagged: social-engineering
16 articles found
Notable Security Incidents and Research
Recent security incidents include Cloudflare's post-quantum security roadmap, zero-day exploits for the human mind, and backdoored updates for WordPress and Joomla plugins. These threats highlight the need for long-term cryptographic planning and awareness of social engineering tactics.
Industrialized Social Engineering on the Rise
Sophisticated social engineering attacks are becoming increasingly industrialized, posing significant threats to maintainers and users of popular packages. Recent high-profile hacks demonstrate the patience and sophistication of certain threat actors.
Node.js Under Siege
North Korean hackers target Node.js maintainers with social engineering campaigns, exploiting Redis and PostgreSQL to deploy persistent implants. 36 malicious npm packages discovered, affecting thousands of projects.
North Korean Cyberattacks Surge
North Korean threat actors are behind several high-profile cyberattacks, including the Axios npm hack and Drift's $285 million loss. Recent attacks showcase sophisticated social engineering tactics and swift financial gains. Understanding these threats is crucial for cybersecurity awareness.
North Korean Hackers Steal $285 Million
North Korean hackers have stolen $285 million from the Solana-based decentralized exchange Drift in a durable nonce social engineering attack. This critical incident highlights the significant threat posed by North Korean hacking groups to cryptocurrency exchanges. Read on for key details and recommendations.
DeepLoad Malware Spreads with ClickFix
A new malware loader called DeepLoad has been discovered, using the ClickFix social engineering tactic to distribute itself and steal browser credentials. This high-severity threat utilizes AI-assisted obfuscation and WMI persistence, making it a significant concern for security professionals.
GitHub Malware Alert
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts, tricking users into downloading malware. This poses a significant risk to developer systems and projects, emphasizing the need for caution when interacting with VS Code alerts.
TikTok Phishing & Ajax Hack Expose Social Engineering Risks
A new TikTok phishing campaign and the Ajax football club hack highlight social engineering threats, while a critical PTC Windchill vulnerability requires immediate patching. Learn about these risks and how to protect yourself.
Phishing Attacks Surge
Russian state-sponsored hackers are targeting government officials and journalists with Signal and WhatsApp phishing campaigns, while threat actors abuse .arpa DNS and IPv6 to evade defenses. Financial and healthcare organizations are also being targeted with Microsoft Teams phishing and A0Backdoor malware.
Phishing Attacks Surge with New Tactics
Phishing attacks are on the rise with new tactics, including abusing .arpa DNS and IPv6 reverse DNS. Data breaches and cybersecurity strategy updates are also in focus. Learn about the latest threats and how to protect yourself.
Critical Threats: UNC4899, Cisco Vulnerability, and Phishing Attacks
The cybersecurity landscape is threatened by active exploitation of vulnerabilities, phishing and social engineering attacks, and data breaches. UNC4899 is suspected to be behind a sophisticated cloud compromise campaign, while a recent Cisco Catalyst SD-WAN vulnerability is being widely exploited. Phishing attacks impersonating US city and county officials are also on the rise.
MyFirst Kids Watch Hacked Amidst Rising Cyber Threats
The MyFirst Kids Watch has been hacked, allowing access to its camera and microphone. This incident is part of a larger landscape of cyber threats, including fake Claude Code install guides, Iran's cyber-kinetic war doctrine, and vulnerabilities in Rockwell industrial control systems. These threats underscore the importance of cybersecurity in protecting sensitive information and physical assets.
Nation-State Actors Unleash New Malware Campaigns
Nation-state actors are launching sophisticated malware campaigns, including the ClickFix social engineering campaign and attacks on Iraqi officials. These threats highlight the evolving landscape of cyberattacks and the need for heightened security measures.
Ghanaian National Pleads Guilty in $100M Fraud Ring
A Ghanaian national has pleaded guilty to his role in a $100 million fraud ring that targeted victims across the US. The ring used business email compromise attacks and romance scams. Learn how to protect your organization from similar threats.
Critical Cisco SD-WAN Bugs Exploited Amidst Zero-Days and AI Threats
Active exploitation of critical Cisco SD-WAN vulnerabilities, alongside zero-day exploits in cyber espionage campaigns and malicious AI-generated code attacks, pose significant threats to global cybersecurity. Learn about the key risks and necessary mitigation strategies.
Industrial Control Systems Under Siege
Critical vulnerabilities in industrial control systems pose significant risks, while malicious activities target developers and supply chains with fake job interviews and social engineering attacks. Learn about the key threats and how to protect against them.