Tag: social engineering tactics
-
Slashdot: Salesforce Says It Won’t Pay Extortion Demand in 1 Billion Records Breach
Source URL: https://yro.slashdot.org/story/25/10/08/208202/salesforce-says-it-wont-pay-extortion-demand-in-1-billion-records-breach?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Salesforce Says It Won’t Pay Extortion Demand in 1 Billion Records Breach Feedly Summary: AI Summary and Description: Yes Summary: Salesforce is facing an extortion demand from a crime syndicate that claims to have stolen approximately 1 billion records from various customers, highlighting vulnerabilities in user compliance and security…
-
Krebs on Security: ShinyHunters Wage Broad Corporate Extortion Spree
Source URL: https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/ Source: Krebs on Security Title: ShinyHunters Wage Broad Corporate Extortion Spree Feedly Summary: A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they…
-
The Register: Subpoena tracking platform blames outage on AWS social engineering attack
Source URL: https://www.theregister.com/2025/10/02/subpoena_tracking_platform_outage_blamed/ Source: The Register Title: Subpoena tracking platform blames outage on AWS social engineering attack Feedly Summary: Software maker Kodex said its domain registrar fell for a fraudulent legal order A software platform used by law enforcement agencies and major tech companies to manage subpoenas and data requests went dark this week after…
-
Cloud Blog: Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations/ Source: Cloud Blog Title: Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations Feedly Summary: Written by: Omar ElAhdan, Matthew McWhirt, Michael Rudden, Aswad Robinson, Bhavesh Dhake, Laith Al Background Protecting software-as-a-service (SaaS) platforms and applications requires a comprehensive security strategy. Drawing…
-
Cisco Talos Blog: Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response
Source URL: https://blog.talosintelligence.com/stopping-ransomware-before-it-starts/ Source: Cisco Talos Blog Title: Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response Feedly Summary: Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin. AI Summary and…
-
The Register: Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python
Source URL: https://www.theregister.com/2025/09/05/clickfix_castlerat_malware/ Source: The Register Title: Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python Feedly Summary: Pro tip, don’t install PowerShell commands without approval A team of data thieves has doubled down by developing its CastleRAT malware in both Python and C variants. Both versions spread by…
-
Krebs on Security: The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
Source URL: https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/ Source: Krebs on Security Title: The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft Feedly Summary: The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate…
-
The Register: AWS catches Russia’s Cozy Bear clawing at Microsoft credentials
Source URL: https://www.theregister.com/2025/08/29/aws_catches_russias_apt29_trying/ Source: The Register Title: AWS catches Russia’s Cozy Bear clawing at Microsoft credentials Feedly Summary: Look who’s visiting the watering hole these days Amazon today said it disrupted an intel-gathering attempt by Russia’s APT29 to trick Microsoft users into unwittingly granting the Kremlin-backed cyberspies access to their accounts and data.… AI Summary…
-
Cloud Blog: Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats/ Source: Cloud Blog Title: Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats Feedly Summary: Written by: Patrick Whitsell In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities…
-
The Register: Fake CAPTCHA tests trick users into running malware
Source URL: https://www.theregister.com/2025/08/22/clickfix_report/ Source: The Register Title: Fake CAPTCHA tests trick users into running malware Feedly Summary: ClickFix tricks Microsoft’s security team has published an in-depth report into ClickFix, the social engineering attack which tricks users into executing malicious commands in the guise of proving their humanity.… AI Summary and Description: Yes Summary: Microsoft’s security…