Social Engineering News, Articles and Updates

URL file attacks spread Quant Loader trojan

A recent spate of attacks using phishing, social engineering, exploits, and obfuscation are being used to spread a Quant Loader trojan capable of distributing ransomware and password stealers.

Warning: Human error & social engineering join ransomware & DDoS threats

Human error and social engineering are front and centre of the biggest cyber-threats to enterprise over the last 12 months, according to a new report.

Social media and engineering used to spread Tempted Cedar Spyware

Cyber-criminals are using social media and social engineering to dupe victims into downloading Advance Persistent Threat spyware disguised as the Kik messenger app.

Update: Dell storage platform security bugs allow root access

Security researchers recently unearthed up to nine security vulnerabilities in Dell EMC's Isilon OneFS platform that could allow remote attackers to launch social engineering attacks and subsequently access the Isilon systems at root.

Social Engineering: How Social Media Is Compounding the Threat

Joe Ferrara stresses that organisations need to continuously assess, train, reinforce the security message, and check how much users have learnt regarding social engineering threats.

Nuance says that biometrics have reached their "coming of age"

The biometrics firm argues that the issues with biometrics often cloud over the benefits gained from using them.

IP Expo: 'Don't be so helpful' to those social engineers

Sophos' Greg Iddon told an audience at IP Expo 2016 some of the ways to spot - and stop - social engineering

Pen-testing made easy with Datasploit social engineering toolset

GUI friendly social-engineering toolset made available as open source software - great for penetration testing, not bad for criminals either.

Black Hat Las Vegas: Researchers detail efforts against Iranian dissidents

Two independent cyber-security researchers took the stage at Black Hat to diagram how groups possibly controlled by the Iranian government are targeting dissidents.

The scourge of social engineering

Social media platforms are a social engineering resource for hackers. Andrew Tang, service director, security, MTI Technology outlines the problem and what is required to guard against it

Email attacks targeting online networkers, says Intel's Samani

Raj Samani, CTO EMEA of Intel Security, has warned of the risks of employees networking online. As social networking sites contain a wealth of information on an organisation, they can be a treasure trove for criminals wanting to carry out email-based attacks.

InfoSec 2016: Dr Jessica Barker explains why social engineering works

Dr Jessica Barker took to the stage at InfoSecurity Europe 2016 to explain why social engineering works and what we can do to reduce its effectiveness.

Call centre fraud spikes 45 percent as payment card security improves

A recent Pindrop study found a spike in call centre fraud as cyber-security improves.

Malicious Android apps downloaded 'over 2 billion times', report claims

Proofpoint's new report shows that malicious androids apps were downloaded two billion times and explains how attackers are not targeting systems but the humans behind them.

Loose talk on social media big security risk for firms, says Kaspersky

Social media users are largely unaware of the value to attackers of personal information they are freely sharing with friends and strangers alike, warns Kaspersky Lab.

Thar she blows: Whaling attacks likely to rise in 2016

Whaling attacks eschew technical sophistication in favour of a good old fashioned confidence trick and according to cyber-security company, Mimecast, they're on the rise.

Insiders are bigger threat than perimeter: report

Employees falling prey to social engineering ploys or with an agenda pose the "biggest threat to company security," concluded a new report from Ari Kaplan and Nuix.

Social engineering: hacker tricks that make recipients click

Amichai Shulman demonstrates the role that social engineering plays in the life of a cyber-attacker.

Strontium hacking team targets NATO members, political advisors

Researchers at the Microsoft Malware Protection Center have observed a hacking team that they call Strontium aiming zero-day attacks at servers in within members of NATO and some governments within Eastern Europe.

Russian hackers exploit unusual Java zero-day to hit unnamed NATO country

Cyber-espionage group 'Pawn Storm' has been exploiting an unusual Java zero-day vulnerability to carry out drive-by-download attacks on a NATO country and US defence company, according to Trend Micro.

Europol and friends bust MiTM malware gang

European law enforcement has cracked down and arrested members of a cyber-fraud gang, which stands accused of using social engineering and malware to steal more than £4 million from several large organisations.

Phishy cyber-criminals 'go corporate' with social engineering

Cyber-criminals are increasingly using social engineering tactics to target middle managers in business, leaving sensitive data at risk, according to a new report from Proofpoint.

Prison escape via mobile phone highlights social engineering vulnerability

A prison escape with a fake release note, from a fake website, set up via mobile phone, demonstrates yet again that people are our biggest security vulnerability says Fotis Gagadis.