Tag: SOCIAL ENGINEERING

“Scam Yourself” Attacks Show How Social Engineering is Evolving
Summary: The emergence of “scam yourself” attacks represents a sophisticated evolution of social engineering, where attackers manipulate users into compromising their own security. These attacks exploit routine actions, authority, and urgency, making them particularly dangerous as they blend seamlessly into everyday digital interactions. Understanding the psychological triggers behind these scams is essential for developing effective defenses against them.…
Read More
Fileless Malware Nedir? S1Ep2 Cobalt Kitty Operasyonu
This article examines “Operation Cobalt Kitty,” a sophisticated cyberattack targeting financial companies in Asia. The attackers primarily employed fileless malware, spear-phishing, and DNS tunneling techniques to gain access to sensitive systems and maintain persistence. The operation exemplifies the potential damage posed by fileless malware and highlights the lack of detection by existing security measures.…
Read More
TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware
Summary: Google has identified a financially motivated threat actor named TRIPLESTRENGTH, which targets cloud environments for cryptojacking and on-premise ransomware attacks. The actor employs stolen credentials to hijack cloud resources for cryptocurrency mining and advertises access to compromised servers. Additionally, TRIPLESTRENGTH has been linked to ransomware operations using various malicious tools and has actively sought partnerships for further attacks.…
Read More
Dark Web Profile: OilRig (APT34)
OilRig, also known as APT34, is a state-sponsored APT group linked to Iranian intelligence, primarily targeting sectors like government, energy, finance, and telecommunications. Their sophisticated cyber-espionage tactics include spear-phishing and custom malware, making them a persistent threat across the Middle East and beyond. Affected: government, energy, financial, telecommunications sectors

Keypoints :

OilRig is a state-sponsored APT group associated with Iranian intelligence.…
Read More
Cyber Insights 2025: APIs – The Threat Continues
Summary: SecurityWeek’s Cyber Insights 2025 highlights expert predictions regarding the increasing vulnerabilities associated with APIs as their usage expands. As organizations adopt more SaaS applications and AI-driven tools, APIs are becoming prime targets for cybercriminals, leading to a significant rise in API-related breaches. Experts emphasize the urgent need for improved API security measures to combat these evolving threats.…
Read More
Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
Summary: The rise of GenAI tools and SaaS platforms has significantly increased risks related to data exposure and identity vulnerabilities in the workplace. A new complimentary risk assessment is available to help organizations evaluate their specific browsing environment and identify key risks. This assessment provides actionable insights to enhance security posture and inform decision-making for security and IT teams.…
Read More
Annual Payment Fraud Intelligence Report: 2024
The 2024 Payment Fraud Intelligence Report from Recorded Future reveals a significant rise in fraud activities, particularly in stolen card data and e-skimmer infections. Key trends indicate that fraudsters are increasingly exploiting modern payment technologies and social engineering tactics. Predictions for 2025 suggest a continuation of these trends, emphasizing the need for enhanced security measures among financial institutions and merchants.…
Read More
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
Sophos X-Ops’ Managed Detection and Response (MDR) has reported on two active threat clusters, STAC5143 and STAC5777, utilizing Microsoft Office 365 to infiltrate organizations for data theft and ransomware deployment. The tactics include email-bombing, fake tech support, and exploiting remote control tools. Both clusters exhibit overlapping techniques with known threat groups like FIN7 and Storm-1811.…
Read More
Hackers impersonate Ukraine’s CERT to trick people into allowing computer access
Summary: Ukrainian researchers have uncovered a cyber campaign where attackers impersonate tech support from CERT-UA to gain unauthorized access to victims’ devices. Utilizing AnyDesk, a legitimate remote desktop software, the intruders claim to conduct “security audits” to exploit trust and authority. The campaign highlights the growing number of cyberattacks targeting Ukraine, with a significant increase in incidents reported over the past year.…
Read More
Russian ransomware hackers increasingly posing as tech support on Microsoft Teams
Summary: Russian cybercriminals are executing a new scam by impersonating tech support on Microsoft Teams to install ransomware on victims’ networks. British cybersecurity firm Sophos reported over 15 incidents involving two groups leveraging Microsoft Office 365 settings for social engineering attacks. The report highlights connections between one group and Storm-1811, while the other may have ties to the FIN7 cybercrime group.…
Read More
TA505 is a financially motivated cybercriminal group known for large-scale malware distribution and sophisticated phishing campaigns. Active since 2015, they utilize advanced social engineering tactics and target various sectors, including finance and healthcare. The article discusses threat hunting techniques in Azure/XDR to detect TA505 activities. Affected: finance, retail, healthcare, critical infrastructure

Keypoints :

TA505 is also known as GOLD TAHOE or FIN11.…
Read More
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
Summary: The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about ongoing social engineering attempts by unknown threat actors impersonating the agency through AnyDesk connection requests. These requests aim to exploit user trust under the guise of conducting security audits, highlighting the need for vigilance and proper communication protocols.…
Read More
Analysis Report on the Latest Phishing Incident by Clickfix: The Tragedy of CAPTCHA Resistance – Security Cow
This article analyzes the Clickfix phishing incidents, highlighting the evolution of CAPTCHA bypass techniques and the exploitation of user trust in verification mechanisms. It details how attackers use social engineering to manipulate users into executing malicious commands, leading to data theft. Affected: Windows system users, WordPress websites, online security sector

Keypoints :

Clickfix is a phishing technique that exploits user fatigue with verification processes.…
Read More
Facilitating Phishing and Pig Butchering Activities using Zendesk Infrastructure [Bait & Switch Mode]
This report serves as an advisory to organizations regarding the misuse of Zendesk’s platform for creating subdomains that impersonate legitimate companies, potentially facilitating investment scams. The analysis highlights how these domains can be exploited for phishing attacks, particularly through a technique known as Pig Butchering. Organizations are urged to block or take down suspicious domains to prevent disruptions.…
Read More
Summary: NVISO Labs has identified a sophisticated phishing campaign linked to the Black Basta ransomware group, utilizing Microsoft Teams for social engineering attacks. The campaign employs an email bombing strategy to distract victims before attackers impersonate IT personnel to gain remote access. Once inside, they disable security measures, exfiltrate data, and deploy malware, highlighting the need for proactive detection measures.…
Read More
Star Blizzard hackers abuse WhatsApp to target high-value diplomats
Summary: Russian nation-state actor Star Blizzard has initiated a spear-phishing campaign targeting WhatsApp accounts of individuals in government, diplomacy, and organizations related to Ukraine aid. This campaign marks a tactical shift following the exposure of their previous methods, utilizing social engineering techniques to compromise accounts without malware.…
Read More
10 Most Historic Cyber Attacks That Changed the Internet World
This article discusses the evolution of cyber warfare through historical cyberattacks, emphasizing the importance of cybersecurity in the digital age. It highlights ten significant cyber incidents that have shaped our understanding of digital security, the lessons learned, and the ongoing threats organizations face today. Affected: organizations, government, healthcare, energy, transportation, technology sector

Keypoints :

Cyberattacks are malicious attempts to steal, damage, or disrupt computer systems and data.…
Read More

Victim: nightingalehammerson.org Country : UK Actor: kairos Source: http://nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion/detail?code=nightingalehammerson-org-uk Discovered: 2025-01-17 21:28:29.670006 Published: 2025-01-17 21:28:29.670006 Description : UK – Nightingale Hammerson

Ransomware Victims – ALL | Other Victims by kairos

Security Overview: Nightingale Hammerson Incident Victim Organization: Nightingale Hammerson Website: nightingalehammerson.org Type: A charitable organization providing care for the elderly in the UK.…
Read More