Tag: social engineering tactics
-
The Register: Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department
Source URL: https://www.theregister.com/2025/06/23/lapdog_orb_network_attack_campaign/ Source: The Register Title: Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department Feedly Summary: Chinese crew built 1,000+ device network that runs on home devices then targets critical infrastructure A stealthy, ongoing campaign to gain long-term access to networks bears all the markings of intrusions conducted by China’s…
-
Cloud Blog: What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia/ Source: Cloud Blog Title: What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia Feedly Summary: Written by: Gabby Roncone, Wesley Shields In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russia state-sponsored cyber threat actor impersonating the U.S. Department of State. From at least…
-
Unit 42: Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere
Source URL: https://unit42.paloaltonetworks.com/aws-roles-anywhere/ Source: Unit 42 Title: Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere Feedly Summary: This examination of the Amazon Web Services (AWS) Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives. The post Roles Here? Roles There? Roles Anywhere: Exploring the…
-
Slashdot: Fake IT Support Calls Hit 20 Orgs, End in Stolen Salesforce Data and Extortion, Google Warns
Source URL: https://it.slashdot.org/story/25/06/04/1654250/fake-it-support-calls-hit-20-orgs-end-in-stolen-salesforce-data-and-extortion-google-warns?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Fake IT Support Calls Hit 20 Orgs, End in Stolen Salesforce Data and Extortion, Google Warns Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a cybersecurity incident involving a group of financially motivated scammers, known as UNC6040, who executed voice-phishing attacks to manipulate employees into installing…
-
The Register: Fake IT support calls hit 20 orgs, end in stolen Salesforce data and extortion, Google warns
Source URL: https://www.theregister.com/2025/06/04/fake_it_support_calls_hit/ Source: The Register Title: Fake IT support calls hit 20 orgs, end in stolen Salesforce data and extortion, Google warns Feedly Summary: Victims include hospitality, retail and education sectors A group of financially motivated cyberscammers who specialize in Scattered-Spider-like fake IT support phone calls managed to trick employees at about 20 organizations…
-
Cloud Blog: Hello, Operator? A Technical Analysis of Vishing Threats
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/technical-analysis-vishing-threats/ Source: Cloud Blog Title: Hello, Operator? A Technical Analysis of Vishing Threats Feedly Summary: Written by: Nick Guttilla Introduction Organizations are increasingly relying on diverse digital communication channels for essential business operations. The way employees interact with colleagues, access corporate resources, and especially, receive information technology (IT) support is often conducted through…
-
Cloud Blog: The Cost of a Call: From Voice Phishing to Data Extortion
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion/ Source: Cloud Blog Title: The Cost of a Call: From Voice Phishing to Data Extortion Feedly Summary: Introduction Google Threat Intelligence Group (GTIG) is tracking UNC6040, a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns specifically designed to compromise organization’s Salesforce instances for large-scale data theft and subsequent extortion.…
-
CSA: CISO’s Guide: Top 8 Cyber Threats in 2025
Source URL: https://www.zscaler.com/cxorevolutionaries/insights/cisos-guide-defending-against-top-8-cyber-threats-2025 Source: CSA Title: CISO’s Guide: Top 8 Cyber Threats in 2025 Feedly Summary: AI Summary and Description: Yes Summary: The text discusses evolving cyber threats as we approach 2025, emphasizing the role of AI in both facilitating attacks and enhancing defenses. It provides actionable insights on various threats including AI-powered cyber attacks,…
-
Cloud Blog: Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations/ Source: Cloud Blog Title: Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines Feedly Summary: Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to…
-
Cisco Talos Blog: Threat actors thrive in chaos
Source URL: https://blog.talosintelligence.com/threat-actors-thrive-in-chaos/ Source: Cisco Talos Blog Title: Threat actors thrive in chaos Feedly Summary: Martin delves into how threat actors exploit chaos, offering insights from Talos’ 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted vulnerabilities, even amidst economic disruption. AI Summary and Description: Yes Summary: The…