Tag

Social Engineering

All articles tagged with #social engineering

technology10 days ago•25 min saved

Identity as the Perimeter: The Hidden Gate in Cyber Breaches

A sponsored Visual Capitalist infographic (in partnership with Unit 42 by Palo Alto Networks) outlines how cyberattackers breach systems by exploiting identity. Identity-based techniques drive about 65% of initial access, with social engineering and credential misuse leading the way, and 90% of recent investigations showing identity weaknesses as material. Once inside, over-privileged identities and token abuse enable rapid lateral movement, making identity the practical perimeter. Defenses recommended include phishing-resistant MFA (passkeys/FIDO2), rotating machine credentials, shorter sessions, just-in-time elevation for admins, and cross-cloud identity telemetry to detect unusual access chains.

via Visual Capitalist|

#cloud-security #cyberattacks #cybersecurity

technology1 month ago•3 min saved

Teams adds brand-impersonation warnings for external calls

Microsoft will roll out Brand Impersonation Protection for Teams Calling, automatically warning users on first-time external calls that try to impersonate trusted brands. Enabled by default in the targeted release mid-February, the feature lets users accept, block, or end flagged calls, with alerts possibly persisting during a conversation. It aims to curb social-engineering attacks and complements other security updates; no admin action is required for activation, though IT should update training materials.

via BleepingComputer|

#brand-impersonation-protection #caller-id #microsoft-teams

cybersecurity1 month ago•2 min saved

ErrTraffic: New $800 Service Automates Large-Scale ClickFix Cyberattacks

ErrTraffic is a new cybercrime platform that automates ClickFix attacks by creating fake browser glitches on compromised websites to trick users into downloading malware or executing malicious commands, with high success rates and customizable payloads targeting multiple operating systems, primarily sold on hacker forums for $800.

via BleepingComputer|

#clickfix #cybercrime #cybersecurity

security3 months ago•2 min saved

ClickFix Threat Evolves, Signaling New Wave of Malicious Copy-and-Paste Attacks

ClickFix is a sophisticated scam campaign targeting Windows and macOS users by exploiting trust in online travel bookings and using social engineering tactics, such as fake CAPTCHA prompts and device-adaptive payloads, to infect devices with malware like PureRAT. The attacks leverage native OS capabilities and often bypass security tools, making awareness and cautious behavior the best defenses, especially during holiday gatherings when family members may be less vigilant.

via Ars Technica|

#clickfix #cyberattack #endpoint-protection

technology3 months ago•2 min saved

Microsoft Teams Vulnerabilities Enable Impersonation, Message Tampering, and Data Theft

Cybersecurity researchers revealed four security vulnerabilities in Microsoft Teams that could allow attackers to impersonate colleagues, manipulate messages without detection, and exploit notifications, posing significant social engineering risks. Some issues have been patched, but the flaws highlight the importance of securing collaboration tools against trust-based attacks, especially as threat actors increasingly target enterprise communication platforms.

via The Hacker News|

#cybersecurity #impersonation #microsoft-teams

technology3 months ago•3 min saved

12 Android Apps That Secretly Record Conversations

Researchers at ESET have identified 12 malicious Android apps, including some on Google Play, that secretly record conversations and steal personal data using spyware called VajraSpy, which exploits social engineering and emotional trust to infect devices. Users are advised to delete these apps immediately, watch for signs of infection, and follow security best practices to protect their privacy.

via carrollcountyobserver.com|

#android-privacy #malware #security-tips

technology5 months ago•3 min saved

Google Addresses Security Warnings Amid Hacker Threats and Data Breaches

ShinyHunters, a cybercrime group known for data breaches and now employing voice-based social engineering tactics like vishing, has targeted major companies including Salesforce, affecting millions of users. The group has links with other hacking groups and is involved in selling stolen data and offering ransomware services. Protecting against such attacks involves vigilance, employee training, and enhanced security measures like multi-factor authentication. The rise of AI-generated deepfakes makes these scams more sophisticated and harder to detect.

via The Conversation|

#cybercrime #data-breach #shinyhunters

technology6 months ago•2 min saved

Workday Confirms Data Breach Linked to Salesforce Hack

Workday, a provider of HR technology, experienced a data breach affecting some user contact information, likely linked to a larger attack on Salesforce databases by the hacking group ShinyHunters, raising concerns about social engineering scams and limited disclosure practices.

via Gizmodo|

#cybersecurity #data-breach #shinyhunters

technology6 months ago•1 min saved

Workday Confirms Data Breach Linked to Salesforce Attack

Workday experienced a data breach through a social engineering attack targeting its employees, which compromised some business contact information from its third-party CRM platform, though no customer account data was reportedly accessed. The company responded quickly by cutting off access and enhancing security measures, but the full scope of the breach remains uncertain.

via Engadget|

#crm #cybersecurity #data-breach

technology6 months ago•2 min saved

Workday Confirms Data Breach Linked to Salesforce Hack

Workday disclosed a data breach resulting from a social engineering attack on a third-party CRM platform, likely linked to the ShinyHunters group targeting Salesforce instances, exposing business contact information of over 11,000 organizations, including some of the Fortune 500, while denying customer tenant impact.

via BleepingComputer|

#data-breach #salesforce #shinyhunters

cybersecurity6 months ago•3 min saved

Hackers Exploit Microsoft Teams and MSC Vulnerability in New Cyberattacks

Russian-linked cybercriminal group EncryptHub is exploiting a zero-day vulnerability in Microsoft Management Console via social engineering on Microsoft Teams to gain remote access, deploy malware, and steal sensitive data, highlighting the need for immediate patching and enhanced security measures.

via CyberSecurityNews|

#cve-2025-26633 #cybersecurity #encrypthub

technology6 months ago•1 min saved

Google Reports Hackers Breached Internal Salesforce System

Google announced that the hacking group ShinyHunters breached one of its Salesforce databases containing contact information for small and medium-sized businesses, but the hackers only accessed publicly available data for a brief period. The group is known for social engineering attacks and has targeted other major companies this year, often demanding ransom after data exfiltration.

via Axios|

#cybersecurity #data-breach #google

cybersecurity7 months ago•3 min saved

FBI Urges Caution Over Password Reset Risks

The FBI has issued a warning against resetting passwords in response to the Scattered Spider cyber threat, which uses social engineering to manipulate support staff into resetting passwords and transferring MFA tokens. Organizations are advised to use phishing-resistant multifactor authentication and review helpdesk procedures to prevent these targeted attacks. Additionally, the FBI warns against scanning QR codes in unsolicited packages, which can lead to financial fraud and data theft.

via Forbes|

#cyberattack #cybersecurity #fbi

cybersecurity7 months ago•2 min saved

FBI Warns of Scattered Spider's Ongoing Threats to Financial Data

The FBI and CISA have issued a warning against resetting passwords in response to attacks by the threat group Scattered Spider, which uses sophisticated social engineering tactics to manipulate helpdesk staff into resetting passwords and transferring MFA tokens. Organizations are advised to use phishing-resistant multi-factor authentication and review helpdesk procedures to prevent these targeted attacks.

via Forbes|

#cyberattack #cybersecurity #fbi

cybersecurity7 months ago•4 min saved

Scattered Spider Launches Multi-Vector Attacks on Critical Infrastructure and Data

The FBI and international agencies warn that the cybercriminal group Scattered Spider has adapted its tactics, now using sophisticated social engineering, legitimate remote access software, and new malware like DragonForce to infiltrate organizations, exfiltrate data, and deploy ransomware rapidly. They target sectors like retail, insurance, and aviation, often exfiltrating data to multiple sites and quickly deploying ransomware such as DragonForce, especially targeting VMware ESXi servers. Despite recent arrests slowing their activity, authorities advise organizations to strengthen defenses through offline backups, multi-factor authentication, and application controls.

via theregister.com|

#cyber-threats #cybersecurity #data-exfiltration