Security News

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line. Clever.

“North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months,” the FBI has warned through a...

The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their...

The purpose of this customizable Social Engineering Awareness Policy, written by Maria Carrisa Sanchez for TechRepublic Premium, is to provide guidelines for preventing, recognizing and addressing social engineering attacks. Regular update of passwords: The company believes passwords serve as the fundamental line of security against unwanted access.

Attackers are increasingly using a clever social engineering technique to get users to install malware, Proofpoint researchers are warning. Getting users to install malware on their computers was always a matter of finding the right lure and bypassing security protections.

In this Help Net Security video round-up, security experts discuss various aspects of identity verification and security, including generative AI's impact, the state of identity fraud prevention, and the potential impact of identity challenges on the security sector. Complete videos Peter Violaris, Head of Legal, Compliance and Risk, EMEA for OCR Labs, discusses generative AI's impact on identity verification.

The report highlights significant trends and incidents in cybersecurity. Surge in social engineering attacks: Nearly 90% of threats blocked were social engineering-based, with scams and phishing on the rise, particularly utilizing deepfake technology and hijacked YouTube channels.

How a GRC consultant passed the CISSP exam in six weeksAsk any IT security professional which certification they would consider to be the "Gold standard" in terms of prestige, credibility, or difficulty, and almost invariably they will answer: the CISSP. BLint: Open-source tool to check the security properties of your executablesBLint is a Binary Linter designed to evaluate your executables' security properties and capabilities, utilizing LIEF for its operations. OWASP dep-scan: Open-source security and risk audit toolOWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies.

The advisory lists indicators of compromise associated with Black Basta ransomware attacks and offers advice for organizations. Rapid7 analysts have also shared the latest social engineering trick by the Black Basta operators: they spam targets' inbox with junk email, then phone them posing as a member of their organization's IT team, and offer assistance.

Despite this, there are still things that you can do to make your web apps more resistant to social engineering. With this in mind, consider implementing these strategies at your organization to protect your web applications and reduce the chance of falling victim to social engineering.