Starbucks has confirmed a data breach that leaked the personally identifiable information of its employees after a threat actor breached its business partner’s portal.
Microsoft warns of social engineering attacks dubbed “payroll pirates” resulting in lost wages after hackers divert employees’ earnings to threat actor-controlled bank accounts.
The massive 2023 cyber attack on Clorox can be traced to a negligent help desk employee at longtime contractor Cognizant, according to a new lawsuit filed by the company. Clorox is seeking a total sum of $380 million for breach of contract, lost sales and reputational damage, with $49 million of that in direct remediation.
Google warns Salesforce customers about vishing attacks by hackers impersonating IT support to lure employees into connecting a rogue app, exfiltrate data, and demand ransom.
In at least two of the attacks, those on Co-op and Marks and Spencer, the DragonForce group is confirmed to have used very similar social engineering approaches to convince the IT help desks to have an employee password reset.
North Korean hackers are using ClickFix social engineering tactics to compromise devices and perform data exfiltration in a highly focused cyber espionage campaign.
Behavioral economics offers valuable insights into why humans fall for phishing and social engineering attacks. Bad actors in the world of cybersecurity prey upon these human tendencies to drive actions that put organizations at risk.
The FBI has warned crypto companies of sophisticated social engineering attacks by North Korean hackers targeting employees to install malware leading to crypto theft.
As more recipients get wise to the usual phishing tactics, attackers are adopting another strategy: pretexting. Protecting an organization against pretexting attacks requires a layered approach that includes preventing attack messages from reaching employees, and making employees aware of how pretexting works.
Octo Tempest has gradually stepped up from data theft, to data extortion, and now to ransomware as of this summer (becoming an affiliate of the ALPHV/BlackCat group). The cybercriminals are entirely financially motivated and nearly always leads with either a phishing email/message or a social engineering call. It also looks to execute SIM swap attacks.










