Social Engineering
Social Engineering | News, how-tos, features, reviews, and videos
New DownEx malware campaign targets Central Asia
While the attacks have not been attributed to any specific threat actor, it is likely that a Russian group is responsible for the attacks, according to researchers at Bitdefender.
Malware disguised as ChatGPT apps are being used to lure victims, Meta says
Since March, Meta has discovered malware using ChatGPT and other AI themes to steal user data and compromise business accounts.
Google rolls out passkey support across accounts on all major platforms
Passkeys for Google Accounts are available now while Google Workspace administrators will soon be able to enable passkeys for their end-users.
Attacks increasingly use malicious HTML email attachments
New research shows that up to a half of all HTML email attachments are malicious, and not just because of a few massive campaigns.
Iranian hacking group targets Israel with improved phishing attacks
Research by CheckPoint presents a new and improved infection chain leading to the deployment of a new version of a Windows backdoor called PowerLess.
Akamai debuts Brand Protector service to combat phishing, online forgery
A new product from cloud services provider Akamai takes aim at online fakery by automating protection of a user’s brand and web presence.
ZeroFox partners with Google Cloud to warn users against phishing domains
If a URL or domain flagged by ZeroFox is validated as malicious, Google will provide a warning message to users across its 5 billion devices in a matter of minutes, advising them not to access the domain in question.
North Korean threat actor APT43 pivots back to strategic cyberespionage
The APT43 group is highly adept at using social engineering to target individuals and extract sensitive information.
7 guidelines for identifying and mitigating AI-enabled phishing campaigns
Phishing has always been a thorn in the side of enterprise cybersecurity, and recent AI developments such as ChatGPT are making things even worse. Here are some guidelines for dealing with the increasingly sophisticated phishing...
Dark Pink APT group linked to new KamiKakaBot attacks in Southeast Asia
The latest APT cyberattacks on ASEAN countries use similar techniques as a previous Dark Pink KamiKakaBot campaign, including phishing.
6 reasons why your anti-phishing strategy isn’t working
Phishing is such a successful scam that appears to be here to stay — and only get more effective. From over-reliance on technology to confusing and counterproductive training, here are six reasons why your anti-phishing strategy might...
New cyberattack tactics rise up as ransomware payouts increase
Although threat actors continue to use phishing, brand impersonation, and business email compromise (BEC) as common tactics, use of less familiar attack methods to infiltrate global organizations have picked up, Proofpoint says.
HTML smuggling campaigns impersonate well-known brands to deliver malware
Researchers cite an increased prevalence of HTML smuggling activity including impersonation of brands such as Adobe Acrobat, Google Drive, and the US Postal Service.
Microsoft attributes Charlie Hebdo attacks to Iranian nation-state threat group
NEPTUNIUM group claims access to the personal information of more than 200,000 Charlie Hebdo customers and uses sockpuppet accounts to taunt France’s cybersecurity sector.
How AI chatbot ChatGPT changes the phishing game
The Microsoft-backed free chatbot is improving fast and can not only write emails, essays but can also code. ChatGPT is also polyglot and that could facilitate and increase exponentially phishing attacks.
Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams
Researchers demonstrate how attackers can use the GPT-3 natural language model to launch more effective, harder-to-detect phishing and business email compromise campaigns.
Attackers use stolen banking data as phishing lure to deploy BitRAT
Data from an older breach lends credibility to this newer sophisticated attack that delivers a highly obfuscated payload.
Social media use can put companies at risk: Here are some ways to mitigate the danger
Using social media can expose company and employee data, and misuse could harm organizational reputation. Here are some tips that can help reduce the risk.