What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in social engineering

S3 Ep27: Census scammers, beg bounties and data breach fines [Podcast]

by Paul Ducklin How scammers copied a government website almost to perfection. What to do about those fake “bug” hunters who ask for payment for finding “vulnerabilities” that aren’t. Why the Dutch data protection authority fined Booking.com for not sending in a data breach disclosure fast enough. With Kimberly Truong, . . . Read more

Defending Against State and State-Sponsored Threat Actors

Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world. Security threats from states and state-sponsored actors have been around since before the field of cybersecurity was defined. They have now evolved to cyberspace, and present unique challenges for defenders. While there are . . . Read more

Major BEC Phishing Ring Cracked Open with 3 Arrests

Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares. Three men suspected of participating in a massive business email compromise (BEC) ring have been arrested in Lagos, Nigeria. A joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation resulted . . . Read more

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns. A spike in recent phishing and business email compromise (BEC) attacks can be traced back to criminals learning how to exploit Google Services, according to research from Armorblox. Social distancing has . . . Read more

How to do cybersecurity – join us online for the Sophos Evolve event!

by Paul Ducklin If you are a regular Naked Security reader, you’ll know that we generally steer clear of publishing content that deals specifically with Sophos products and services. That’s because our primary goal on this site is to help all of you learn more about cybersecurity by offering information . . . Read more