About

Latest social engineering news and attacks

Many cyber-attacks and data breaches begin with social engineering.

Social engineering attacks involve a malicious actor gaining access to a network due to human error, usually achieved through a phishing email.

Social engineering attacks in the news focus on the human or psychological aspects of cybersecurity.

Read about the latest social engineering news, latest social engineering attacks, and various defenses against recent social engineering attacks with The Daily Swig below.


Bug bounty bonanza

Google pays hacker duo $22k for flaws in multiple cloud projects19 January 2023Bug bounty bonanza Google pays hacker duo $22k for flaws in multiple cloud projects

ConnectWise closes XSS vector for remote hijack scams

25 November 2022ConnectWise closes XSS vector for remote hijack scamsResearchers also applaud abandonment of customization feature abused by scammers

F5 fixes RCE bugs in BIG-IP, BIG-IQ

16 November 2022F5 fixes RCE bugs in BIG-IP, BIG-IQWidespread exploitation deemed ‘unlikely’ given hurdles

Persistent Python problem

Tarfile path traversal bug from 2007 still present in 350k open source repos22 September 2022Persistent Python problemTarfile path traversal bug from 2007 still present in 350k open source repos

Uber hack

Social engineering attack uncovers hardcoded secrets in powershell script16 September 2022Uber hackSocial engineering attack uncovers hardcoded secrets in powershell script

Command injection vulnerability in GitHub Pages nets bug hunter $4k

31 August 2022Command injection vulnerability in GitHub Pages nets bug hunter $4kExploit involved duping developers into exposing repositories with social engineering techniques

Microsoft Edge deepens defenses against malicious websites

09 August 2022Microsoft Edge deepens defenses against malicious websitesBrowser adds defense in depth to prevent abuse of unpatched vulnerabilities

Google XSS vulnerabilities could lead to account hijacks

29 July 2022Google XSS vulnerabilities could lead to account hijacksReflected XSS and DOM-based XSS bugs net researchers $3,000 and $5,000 bug bounties

GPS hacker

Zero-days in tracking device pose surveillance, fuel cut-off risks20 July 2022GPS hackerZero-days in tracking device pose surveillance, fuel cut-off risks

Better identity security

W3C launches Decentralized Identifiers as a web standard20 July 2022Better identity securityW3C launches Decentralized Identifiers as a web standard

‘Dirty dancing’ in OAuth

Researcher discloses how cyber-attacks lead to account hijacking11 July 2022‘Dirty dancing’ in OAuthResearcher discloses how cyber-attacks lead to account hijacking

AstraLocker ransomware decryptors released

08 July 2022AstraLocker ransomware decryptors releasedThreat actor released decryption keys after abandoning malware to focus on cryptojacking

Lockdown Mode

Apple offers $2m bug bounty for vulnerabilities in new anti-spyware tech07 July 2022Lockdown ModeApple offers $2m bug bounty for vulnerabilities in new anti-spyware tech

OpenSea email breach

Six orgs affected by email address leak attributed to rogue employee at third-party vendor30 June 2022OpenSea email breachSix orgs affected by email address leak attributed to rogue employee at third-party vendor

RaaS explosion

Rise in off-the-shelf cybercrime kits continues28 June 2022RaaS explosionRise in off-the-shelf cybercrime kits continues

Community backlash

BSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker24 June 2022Community backlashBSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker

Scroll to Text Fragment flaws

Attackers can use web browser feature to steal data, new research shows20 June 2022Scroll to Text Fragment flawsAttackers can use web browser feature to steal data, new research shows

RubyGems trials 2FA-by-default in code repo’s latest security effort

17 June 2022RubyGems trials 2FA-by-default in code repo’s latest security effortMove intended to help prevent Ruby packages from being used in supply chain attacks

GhostTouch

New research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens14 June 2022GhostTouchNew research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens

Hiding in the shadows

Cybercriminals use reverse tunneling and URL shorteners to launch ‘virtually undetectable’ phishing campaigns13 June 2022Hiding in the shadowsCybercriminals use reverse tunneling and URL shorteners to launch ‘virtually undetectable’ phishing campaigns

WWDC 2022

Apple showcases next-gen security tech at annual developer event08 June 2022WWDC 2022Apple showcases next-gen security tech at annual developer event

No patch on horizon for Horde Webmail zero-day

01 June 2022No patch on horizon for Horde Webmail zero-dayCSRF exploit requires user to open malicious email

Data breach at Australian pension provider Spirit Super impacts 50k victims

30 May 2022Data breach at Australian pension provider Spirit Super impacts 50k victims‘Super fund’ confirms user information has been exposed

Canadian healthcare provider issues data breach warning after server hack

26 May 2022Canadian healthcare provider issues data breach warning after server hack SHN plays down concerns over medical records breach

DBIR 2022

Ransomware surge increases global data breach woes24 May 2022DBIR 2022Ransomware surge increases global data breach woes

Black Hat Asia

‘If democracy is to survive, technology will have to be tamed’13 May 2022Black Hat Asia‘If democracy is to survive, technology will have to be tamed’

Box, Zoom, Google Docs offer phishing boost with ‘vanity URL’ flaws

12 May 2022Box, Zoom, Google Docs offer phishing boost with ‘vanity URL’ flawsAttack technique bypasses email filters and burnishes credibility of phishing links

CyberUK 2022

UK government blocked four times as many cyber-scams in 2021 than previous year, delegates told10 May 2022CyberUK 2022UK government blocked four times as many cyber-scams in 2021 than previous year, delegates told

Poisoned packages

NPM developer reputations could be leveraged to legitimize malicious software03 May 2022Poisoned packagesNPM developer reputations could be leveraged to legitimize malicious software

UK government employees receive ‘billions’ of malicious emails per year

20 April 2022UK government employees receive ‘billions’ of malicious emails per yearPhishing, malware, and spam are popular techniques deployed by attackers

Credit card industry standard revised to repel card-skimmer attacks

14 April 2022Credit card industry standard revised to repel card-skimmer attacksPCI DSS v4.0 encourages better defenses against Magecart-style assaults

African banking sector targeted by malware campaign

13 April 2022African banking sector targeted by malware campaignAttackers use HTML smuggling techniques to hide malicious files in fake job opportunities

Third member of FIN7 cybercrime gang jailed over card skimming scheme

08 April 2022Third member of FIN7 cybercrime gang jailed over card skimming schemeUS authorities sentence pen tester to five years in prison

Latest web hacking tools – Q2 2022

01 April 2022Latest web hacking tools – Q2 2022We take a look at the latest additions to security researchers’ armory

‘Dangerous trend’

EU web authentication plan threatens to undercut browser-led certification system, say detractors30 March 2022‘Dangerous trend’ EU web authentication plan threatens to undercut browser-led certification system, say detractors

Medical data exposed by phishing attack on US state health agency

25 March 2022Medical data exposed by phishing attack on US state health agencyMedications and test results among data potentially ‘previewed’ by attacker