A new article in Bloomberg focused on new sky-high online fraud numbers, they are horrendous. Here is a short summary and I recommend you read the whole article.
Tag: Social Engineering
Europe, Global Security News, North America
Relaying NTLM Authentication from SCCM Clients
by Chris Thompson •
tl;dr: Seriously, please disable NTLM
I recently learned that you can coerce NTLM authentication from SCCM servers using any Windows SCCM client when automatic site-wide client push installation is enabled and NTLM has not been explicitly disabled. Dur…
Security Vendor News
It’s Social Media Day! Here’s How to Protect Yourself From Social Engineering Online
by McAfee •
It’s Social Media Day! How are you celebrating? Reposting your very first profile picture from a decade ago? Sharing your…
The post It’s Social Media Day! Here’s How to Protect Yourself From Social Engineering Online appeared first on McAfee Blog.
Security Vendor News
Wars and Lechery, Nothing Else Holds Fashion for Phishing Attacks
by Stu Sjouwerman •
Shakespeare said it first, and things haven’t changed: suffering and desire continue to drive victims to the social engineers. Researchers at Bitdefender have observed a phishing campaign that’s using a phony dating site for men to meet Ukrain…
Europe, Global Security News, North America
Phishing Reached All-Time High: Social Engineering News
by Social-Engineer •
Phishing reached an all-time high in the first quarter of 2022. To clarify what this means, in the first quarter […]
The post Phishing Reached All-Time High: Social Engineering News appeared first on Security Boulevard.
Europe, Global Security News, North America
The Phantom Credentials of SCCM: Why the NAA Won’t Die
by Duane Michael •
TL;DR — Stop Using Network Access Accounts!
If a Windows machine has ever been an SCCM client, there may be credential blobs for the network access account (NAA) on disk.
If an Active Directory account has ever been configured as an NAA, there may be c…
Europe, Global Security News, North America
ADPPA US Privacy Law: Coming Soon in Wake of Roe v. Wade Redo
by Richi Jennings •
We could soon have a federal GDPR. But the American Data Privacy and Protection Act wasn’t the only privacy related issue on Capitol Hill last week.
The post ADPPA US Privacy Law: Coming Soon in Wake of Roe v. Wade Redo appeared first on Security Boul…
Europe, Global Security News, North America
Tim Hortons Privacy Investigation, Social Engineering Kill-Chain, Hospitals Sending Facebook Your Data
by Tom Eston •
The Tim Hortons mobile app created a “a mass invasion of Canadians’ privacy” by conducting continuous location tracking without user consent even when the app was closed, what is a social engineering kill-chain and how can this help understand and prev…
Security Vendor News
Amazon Prime Day 2022 is Coming: Here are Quick Cybersecurity Tips to Help You Stay Safe
by Erich Kron •
Amazon Prime Days this year are July 12 – 13th 2022. As a result, cybercriminals are taking every step to capitalize on the holiday with new phishing attacks. I have been getting asked about common types of Amazon-related scams and wanted to s…
Security Vendor News
Vendor Impersonation Competing with CEO Fraud
by Stu Sjouwerman •
Researchers at Abnormal Security have observed an increase in vendor impersonation in business email compromise (BEC) attacks.
Europe, Global Security News, North America
Myths About Human Lie Detection
by Social-Engineer •
“Look me in the eyes.” People often use phrases like this to determine if someone is lying. We may think […]
The post Myths About Human Lie Detection appeared first on Security Boulevard.
Security Vendor News
FBI Warns of Fraudsters on LinkedIn
by Stu Sjouwerman •
The US FBI has warned that scammers on LinkedIn are a “significant threat,” CNBC reports. Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento field offices, told CNBC in an interview that cryptocurrency scams have…
Security Vendor News
Interpol busts 2000 suspects in phone scamming takedown
by Paul Ducklin •
Friends don’t let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples…
Security Vendor News
Smishing Text Scams Have Doubled in the Last Three Years
by Stu Sjouwerman •
New data shows a rise in the use of text messages as an effective vehicle to connect with potential victims for social engineering scams as Americans increase their preference of the medium.
Security Vendor News
New PDF-Based Phishing Attack Demonstrates that Office Docs Aren’t Passé – They are Just Obfuscated!
by Stu Sjouwerman •
Security researchers have discovered a cunning PDF-based phishing attack that leverages social engineering and PDF prompt specifics to trick users into opening malicious Office docs.
Security Vendor News
Over 2000 Social Engineering Scammers Arrested in Multi-Country Crackdown on Fraud, BEC, and Money Laundering
by Stu Sjouwerman •
Thousands of members of cybercriminal groups were arrested in a sting that lasted 2 months and involved coordinated efforts of the law enforcement departments of 76 countries.
Security Vendor News
Vishing Attacks Increase 550% Over Last Year as the Financial Sector Continues to be a Primary Target
by Stu Sjouwerman •
Cybercriminals are continuing to bypass the use of malware in favor of response-based and credential-centric social engineering attacks, according to new data from Agari and PhishLabs.
Uncategorized
Interpol arrests thousands of scammers in operation “First Light 2022”
by Graham Cluley •
Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation which has seized tens of millions of dollars and seen more than 2000 people arrested.
Read more in my article on the Tri…
Europe, Global Security News, North America
Hang Fire: Challenging our Mental Model of Initial Access
by Matt Hand •
For as long as I’ve been working in security, initial access has generally looked the same. While there are high degrees of variation within each technique (i.e., payloads, pretexts, delivery mechanisms, obfuscations) used by most threat actors there i…
Security Vendor News
A Closer Look at HR Scams: Does Niceness Have a Downside?
by Stu Sjouwerman •
Threat actors are targeting HR employees who are looking to hire new people, according to Lisa Vaas at Contrast Security. As part of their job, HR employees frequently interact with people outside of the organization and are more likely to ope…
Global Security News, North America
How social engineering attacks are evolving beyond email
by Help Net Security •
In this Help Net Security video, Chris Lehman, CEO at SafeGuard Cyber, talks about how adversaries are moving beyond email to attack companies through a wide range of digital communications platforms, including mobile messaging, collaboration (Slack, T…
Security Vendor News
Spear Phishing Campaign Targets Former Israeli Officials
by Stu Sjouwerman •
An Iranian threat actor is conducting a spear phishing operation against Israeli officials, according to researchers at Check Point. The targets have included the former Foreign Minister and Deputy Prime Minister of Israel, a former Major Gene…
Europe, Global Security News, North America
Introducing Ghostwriter v3.0
by Christopher Maddalena •
The Ghostwriter team recently released v3.0.0. This release represents a significant milestone for the project, and there has never been a better time to try out Ghostwriter.
Our goal was to make it much simpler to install and manage the application a…
Security Vendor News
Monkeypox Scams Continue to Increase
by Stu Sjouwerman •
Attackers are taking advantage of the current news about monkeypox to trick people into clicking on malicious links, Pickr reports. Researchers at Mimecast have spotted a phishing campaign that impersonates companies in an attempt to trick emp…
Europe, Global Security News, North America, Vulnerabilities
Tesla Fails Yet Again: Hackers can Steal Cars via NFC
by Richi Jennings •
Tesla Models 3 and Y can be unlocked and stolen via a bug in their NFC software. Two separate research groups found this new bug at around the same time.
The post Tesla Fails Yet Again: Hackers can Steal Cars via NFC appeared first on Security Bouleva…
Europe, Global Security News, North America
DoJ, FBI, IRS Make Empty Boast: SSNDOB ‘Seized’
by Richi Jennings •
Feds are gloating over their “seizure” of the notorious SSNDOB marketplace, which traded in stolen personal information. But the action seems too little, too late.
The post DoJ, FBI, IRS Make Empty Boast: SSNDOB ‘Seized’ appeared first on Security Bou…
Europe, Global Security News, North America
Ransomware Actors, Access Brokers Form Lucrative Relationships
by Nathan Eddy •
When ransomware crews need access to launch their attacks, they reach out to initial access merchants—malicious actors who offer to sell compromised network access to cybercriminals. As key enablers in the financially motivated cybercriminal undergr…
Security Vendor News
FTC Warns that Scammers are Turning to Cryptocurrencies
by Stu Sjouwerman •
The US Federal Trade Commission (FTC) has warned that people have reported losing over $1 billion in crypto to scams since the beginning of 2021. The vast majority of these losses were due to investment scams, in which people are tricked into …
Europe, Global Security News, North America
Microsoft Suggests Work-Around For ‘Serious’ Follina Zero-Day
by Teri Robinson •
While malicious email attachments are nothing new, there’s reason to be particularly cautious when it comes to the new zero-day vulnerability, dubbed Follina, found in Microsoft Word, for which the tech giant almost immediately issued a workaround. Th…
Security Vendor News
Homographic Domain Name Phishing Tactics
by Stu Sjouwerman •
Bitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Affected applications include Outlook, Word, Excel, OneNote, and PowerPoint.
Europe, Global Security News, North America, Vulnerabilities
Broken Windows: ‘Follina’ Flaw not Fixed — For 22 MONTHS
by Richi Jennings •
A nasty zero-click, zero-day RCE bug remains unpatched in Windows. Dubbed “Follina,” Microsoft’s done diddly-squat about it.
The post Broken Windows: ‘Follina’ Flaw not Fixed — For 22 MONTHS appeared first on Security Boulevard.
Europe, Global Security News, North America
DuckDuckGo Browser Allows Microsoft Trackers, Stolen Verizon Employee Database, Attacking Powered Off iPhones
by Tom Eston •
The DuckDuckGo mobile browser allows Microsoft trackers due to an agreement in their syndicated search content contract, a database of contact details for hundreds of Verizon employees was compromised after an employee was social engineered to give the…
Malware Indicators (IoCs)
Researcher Shows How An Attacker Can Hack WhatsApp Via Call Forwarding
by Abeerah Hashim •
Once again, a trivial WhatsApp hack has surfaced online that risks the security of users…
Researcher Shows How An Attacker Can Hack WhatsApp Via Call Forwarding on Latest Hacking News.
Security Vendor News
Smishing and Home Delivery
by Stu Sjouwerman •
A smishing campaign is impersonating the UK-based delivery company Evri with text messages informing recipients that their package couldn’t be delivered, according to Paul Ducklin at Naked Security. The messages state that a driver tried to de…
Security Vendor News
SideWinder Targets Pakistani Entities With Phishing Attacks
by Stu Sjouwerman •
The India-aligned APT SideWinder is using a variety of social engineering techniques to target Pakistani government and military entities, according to researchers at Group-IB. The threat actor is using phishing emails as well as a malicious V…
Europe, Global Security News, North America
INKY Identifies Telegraph as Platform for Phishing Campaigns
by Michael Vizard •
INKY, a provider of an email security platform, today revealed that since the start of 2022, it has detected 1,288 malicious emails sent via Telegraph. Telegraph is a free minimalist publishing tool that allows users to publish web pages instantly and…
Security Bloggers, Security Vendor News
Spear Phishing: A Technical Case Study for XDR
by Anthony M. Freed •
Spear phishing is a social engineering tactic adversaries use in targeted attacks where they send emails purported to be from someone known or trusted by the target–such as a coworker or established organization–to trick them into revealing co…
Security Vendor News
Phishing Campaign Targets QuickBooks Users
by Stu Sjouwerman •
Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit’s QuickBooks product, informing them that their account has been put on hold.
Europe, Global Security News, North America, Vulnerabilities
Shodan: Still the Scariest Search Engine on the Internet?
by Ran Levy •
In April of 2013, CNN introduced the world to Shodan, a search engine for internet-connected devices, by publishing an article titled, Shodan: The scariest search engine on the Internet. CNN described how Shodan was used to find vulnerabilities: “R…
Europe, Global Security News, North America
Making the Metaverse Safe For Everyone
by Gary LaFever •
Unlike any other time in history, the past decade has shown us the power of technology to transform our working and personal lives. Technology-enabled shopping, banking and working from any location made the restrictions from COVID-19 more manageable….