Tag

Social Engineering

All articles tagged with #social engineering

entertainment-and-gaming3 days ago•14 min saved

PS5 Accounts at Risk: Social-Engineering Flaw Lets Hackers Hijack PSN

A confirmed Sony security flaw enables social-engineering scams that hijack PlayStation Network accounts by abusing PS Support’s account-recovery process. Attackers can impersonate users using basic purchase history, override protections, and take control of emails and passwords, with two-factor authentication rendered ineffective. Sony is aware of the issue but has not yet implemented a robust fix, and reports of stolen PSN accounts are rising.

via PlayStation LifeStyle|

#account-hacking #entertainment-and-gaming #note-only-five-tags-allowed-adjust-to-five-below

technology4 days ago•11 min saved

PSN Security Gap: Social Engineers Could Hijack PlayStation Accounts

A social-engineering vulnerability in Sony’s PlayStation Network could let attackers hijack PSN accounts by exploiting customer-support processes and a small set of publicly available or easily obtained data (such as an email, transaction date, and purchases). It isn’t a traditional data breach, but a weakness that could allow email changes, 2FA removal, and passkey removal, effectively locking users out. The risk was highlighted through Colin Moriarty’s experience and tests by others, with Sony saying it’s taking the issue seriously. Readers are advised to review any publicly exposed receipts or transaction IDs and be cautious about sharing purchase details online.

via Push Square|

#account-hijack #ps5 #psn

technology8 days ago•7 min saved

Prominent PS5 Podcaster's PSN Hack Highlights Social-Engineering Risk

Prominent PS5 podcaster Colin Moriarty confirmed his PSN account was hacked in what appears to be a social-engineering attack, with attackers disabling his 2FA and changing the email; Moriarty wasn’t phished, but the incident led to a warning that customer-service processes can be exploited. Sony helped recover the account, underscoring ongoing PlayStation security vulnerabilities and the need for stronger verification to prevent future takeovers.

via Push Square|

#account-hacking #cybersecurity #playstation

technology1 month ago•6 min saved

Teams Tactics Drive UNC6692’s Modular SNOW Malware Campaign

Security researchers describe UNC6692’s two-stage assault: a flood of spam to overwhelm inboxes followed by impersonating IT staff via Microsoft Teams to coax victims into installing a patch that drops the SNOWBELT/SNOWGLAZE/SNOWBASIN malware suite for remote access, lateral movement, and data exfiltration, leveraging cloud services for C2 and payload delivery. The campaign targets executives and uses WebSocket tunnels and backdoors to expand access, with defenders urged to harden collaboration tools and enforce verified help-desk procedures.

via The Hacker News|

#microsoft-teams #snowbelt #snowglaze

technology2 months ago•6 min saved

MacSync Infostealer Lures Mac Users Through ClickFix Social-Engineering Campaigns

Three ClickFix campaigns have been found delivering the macOS infostealer MacSync by tricking users into pasting Terminal commands to download and run a shell script that fetches the payload and exfiltrates credentials, keychains, and seed phrases. The campaigns (Nov 2025 using OpenAI Atlas bait via Google ads; Dec 2025 via ChatGPT-related pages; Feb 2026 with a new variant) rely on social-engineering lures, malvertising, and trusted platforms to disguise malicious commands and payloads, with in-memory AppleScript execution to evade detection. Defenders are urged to patch hosting platforms (e.g., WordPress), monitor for ClickFix/trojan lures, and maintain zero-trust principles as attackers adapt tactics.

via The Hacker News|

#clickfix #cybersecurity #macos

technology3 months ago•25 min saved

Identity as the Perimeter: The Hidden Gate in Cyber Breaches

A sponsored Visual Capitalist infographic (in partnership with Unit 42 by Palo Alto Networks) outlines how cyberattackers breach systems by exploiting identity. Identity-based techniques drive about 65% of initial access, with social engineering and credential misuse leading the way, and 90% of recent investigations showing identity weaknesses as material. Once inside, over-privileged identities and token abuse enable rapid lateral movement, making identity the practical perimeter. Defenses recommended include phishing-resistant MFA (passkeys/FIDO2), rotating machine credentials, shorter sessions, just-in-time elevation for admins, and cross-cloud identity telemetry to detect unusual access chains.

via Visual Capitalist|

#cloud-security #cyberattacks #cybersecurity

technology4 months ago•3 min saved

Teams adds brand-impersonation warnings for external calls

Microsoft will roll out Brand Impersonation Protection for Teams Calling, automatically warning users on first-time external calls that try to impersonate trusted brands. Enabled by default in the targeted release mid-February, the feature lets users accept, block, or end flagged calls, with alerts possibly persisting during a conversation. It aims to curb social-engineering attacks and complements other security updates; no admin action is required for activation, though IT should update training materials.

via BleepingComputer|

#brand-impersonation-protection #caller-id #microsoft-teams

cybersecurity4 months ago•2 min saved

ErrTraffic: New $800 Service Automates Large-Scale ClickFix Cyberattacks

ErrTraffic is a new cybercrime platform that automates ClickFix attacks by creating fake browser glitches on compromised websites to trick users into downloading malware or executing malicious commands, with high success rates and customizable payloads targeting multiple operating systems, primarily sold on hacker forums for $800.

via BleepingComputer|

#clickfix #cybercrime #cybersecurity

security6 months ago•2 min saved

ClickFix Threat Evolves, Signaling New Wave of Malicious Copy-and-Paste Attacks

ClickFix is a sophisticated scam campaign targeting Windows and macOS users by exploiting trust in online travel bookings and using social engineering tactics, such as fake CAPTCHA prompts and device-adaptive payloads, to infect devices with malware like PureRAT. The attacks leverage native OS capabilities and often bypass security tools, making awareness and cautious behavior the best defenses, especially during holiday gatherings when family members may be less vigilant.

via Ars Technica|

#clickfix #cyberattack #endpoint-protection

technology6 months ago•2 min saved

Microsoft Teams Vulnerabilities Enable Impersonation, Message Tampering, and Data Theft

Cybersecurity researchers revealed four security vulnerabilities in Microsoft Teams that could allow attackers to impersonate colleagues, manipulate messages without detection, and exploit notifications, posing significant social engineering risks. Some issues have been patched, but the flaws highlight the importance of securing collaboration tools against trust-based attacks, especially as threat actors increasingly target enterprise communication platforms.

via The Hacker News|

#cybersecurity #impersonation #microsoft-teams

technology6 months ago•3 min saved

12 Android Apps That Secretly Record Conversations

Researchers at ESET have identified 12 malicious Android apps, including some on Google Play, that secretly record conversations and steal personal data using spyware called VajraSpy, which exploits social engineering and emotional trust to infect devices. Users are advised to delete these apps immediately, watch for signs of infection, and follow security best practices to protect their privacy.

via carrollcountyobserver.com|

#android-privacy #malware #security-tips

technology8 months ago•3 min saved

Google Addresses Security Warnings Amid Hacker Threats and Data Breaches

ShinyHunters, a cybercrime group known for data breaches and now employing voice-based social engineering tactics like vishing, has targeted major companies including Salesforce, affecting millions of users. The group has links with other hacking groups and is involved in selling stolen data and offering ransomware services. Protecting against such attacks involves vigilance, employee training, and enhanced security measures like multi-factor authentication. The rise of AI-generated deepfakes makes these scams more sophisticated and harder to detect.

via The Conversation|

#cybercrime #data-breach #shinyhunters

technology9 months ago•2 min saved

Workday Confirms Data Breach Linked to Salesforce Hack

Workday, a provider of HR technology, experienced a data breach affecting some user contact information, likely linked to a larger attack on Salesforce databases by the hacking group ShinyHunters, raising concerns about social engineering scams and limited disclosure practices.

via Gizmodo|

#cybersecurity #data-breach #shinyhunters

technology9 months ago•1 min saved

Workday Confirms Data Breach Linked to Salesforce Attack

Workday experienced a data breach through a social engineering attack targeting its employees, which compromised some business contact information from its third-party CRM platform, though no customer account data was reportedly accessed. The company responded quickly by cutting off access and enhancing security measures, but the full scope of the breach remains uncertain.

via Engadget|

#crm #cybersecurity #data-breach

technology9 months ago•2 min saved

Workday Confirms Data Breach Linked to Salesforce Hack

Workday disclosed a data breach resulting from a social engineering attack on a third-party CRM platform, likely linked to the ShinyHunters group targeting Salesforce instances, exposing business contact information of over 11,000 organizations, including some of the Fortune 500, while denying customer tenant impact.

via BleepingComputer|

#data-breach #salesforce #shinyhunters