04 Aug 2021

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam

A new campaign using catfishing techniques with fake aerobics-instructor profiles has been discovered in a supply-chain attack attempt originating from an Iranian APT, TA456. The threat actors created convincing profiles of objectively attractive women to charm victims into downloading malware. According to a new report from Proofpoint, the campaign allegedly

Read More
23 Nov 2020

GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave

GoDaddy employees have allegedly fallen victim to a series of social engineering phishing scams that led them to facilitate attacks on multiple cryptocurrency exchanges. The scam duped employees into changing email and registration records which were then used by cyberattackers to launch attacks on other organizations. The incident was reported

Read More
17 Aug 2020

Ritz London suspects data breach, fraudsters pose as staff in credit card data scam

Scammers in London posed as staff members at the Ritz Hotel to steal credit card data from customers staying at the hotel. The Ritz is currently investigating the data breach, which occurred earlier this month. The company released an announcement on Twitter stating that they were made aware of a

Read More
27 Jan 2020

New Social Engineering Event to Train Business Pros on Human Hacking

Chris Hadnagy, the founder and chief human hacker for the firm behind the Social Engineering Capture the Flag contest at DEF CON, has announced that he is launching the first social engineering event geared towards professionals in the business, technology, security, and psychology industries. Hadnagy stated that the Human Hacking

Read More
14 Aug 2019

Link between personality type and vulnerabilities to cybercrime

A new ESET report shows that just 42% of organizations provide training on compliance issues as part of their cybersecurity strategy, even though such training is vital for ensuring that user data is securely collected, processed and stored. Moreover, 63% of companies still mostly rely on passwords for securing data.

Read More
10 Jun 2019

The Minefield of Corporate Email

Even though the concept of spam is about 40 years old and phishing campaigns have been around for over 30 years, email-based attacks remain a massive problem for corporations and individual users alike, a new Cisco report shows. One of the reasons that email attacks are still so common and

Read More
03 Jun 2019

Wave of SIM swapping attacks hit US cryptocurrency users

A massive SIM swapping campaign has hit numerous members of the US cryptocurrency community over the past week. The aim of a SIM swapping attack is for the threat actor to get the phone number of a victim assigned to a SIM card they control. The criminal can subsequently use

Read More
18 Dec 2018

How Instagram Became the Russian IRA’s Go-To Social Network

“For Russian misinformation mongers, 2017 was the year of Instagram. As Facebook and Twitter cracked down on foreign influence campaigns amid media scrutiny, the Kremlin’s Internet Research Agency (IRA) found unprecedented success in shifting its disinformation efforts to the photo-sharing app, according to a new report commissioned by the Senate

Read More
01 Feb 2015

UK CERT Introduction to Social Engineering

Social engineering is one of the most prolific and effective means of gaining access to secure systems and obtaining sensitive information, yet requires minimal technical knowledge. Attacks vary from bulk phishing emails with little sophistication through to highly targeted, multi-layered attacks which use a range of social engineering techniques. Social

Read More