Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.
The US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks.
Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links ...
The Royal Canadian Mounted Police (RCMP) in Nova Scotia is warning of spear phishing attacks that impersonate company managers. The scammers text company employees requesting a payment to ...
Like most observers, I celebrated Google’s recent announcement on April 9th about new multi-party approvals for a handful or so of common actions accomplished by super admins in Google ...
New data shows organizations are improving their ability to detect and respond to ransomware attacks, but is it fast enough to make a difference and stop attacks?
Innovative analysis of data breaches shows which attack vectors are being used and how they’re enabled, highlighting the roles phishing and credentials play.
New data from Verizon makes it clear that the Education sector is under attack, but also breaks down which threat actions and patterns are used most.
The North Korean state-sponsored threat actor Kimsuky is launching spear phishing attacks against individuals working at think tanks and academic institutions in the US, according to a ...
For most folks, social media has become integral to their daily lives in today's hyperconnected world. They use platforms like Facebook, Twitter and Instagram to share their thoughts, ...
With all great power, there comes an equal potential for misuse. Among the sophisticated arsenal of threat actors, impersonation attacks have surged to the forefront, which questions our ...
This blog was co-written by Javvad Malik and Erich Kron. Let’s dive into the cautionary world of phishing simulations gone wrong. You know, those attempts to train users not to fall for ...
Cyber activity by the group "The Com," which leverages (SIM) swapping, cryptocurrency theft, swatting, and corporate intrusions, is increasing.
One of the best things you can teach yourself, your family, and your organization is how to recognize the common signs of phishing and how to mitigate and appropriately report it.
The US Department of Justice has indicted four Iranian nationals for allegedly launching spear phishing attacks against the US government and defense contractors. In one instance, the ...
The other day I was participating in a company’s employee meeting when the CEO revealed he had been “caught” that morning by a real phishing attack email.
Password Manager software developer LastPass warned that one of its employees was targeted by a social engineering attack that used an audio deepfake which impersonated the company’s CEO. ...
The FBI has issued an alert warning of a widespread SMS phishing (smishing) campaign targeting people in several US states with phony notices of unpaid tolls, BleepingComputer reports.
So today, news broke that Iran has sent dozens, if not more than 100 drones to Israel in a direct attack. Discussion on Twitter also claim that ballistic missiles will be sent.
A shocking report shows how email-based disinformation campaigns can have material real-world impacts to the citizens in the targeted countries.
A new sector alert published by the U.S. Department of Health and Human Services outlines new attacks in which social engineering is used to obtain credentials for online fraud.
