North Korean hacker got hired by US security vendor, immediately loaded malware | Ars Technica

Personally, I would not want to deal with a Cybersecurity company that apparently has such poor hiring protocols that they let this happen. https://arstechnica.com/tech-policy/2024/07/us-security-firm-unwittingly-hired-apparent-nation-state-hacker-from-north-korea/

Legacy systems are the Achilles’ heel of critical infrastructure cybersecurity | CSO Online

China and other nation-state bad actors are probing the defenses of critical infrastructure worldwide and legacy or outdated systems are prime targets. The time to mitigate that risk is now.

Revolver Rabbit gang registers 500,000 domains for malware campaigns

A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems.

Don’t Fall for It: Hackers Pounce on CrowdStrike Outage With Phishing Emails | PCMag

Banks and health-care providers saw their services disrupted and TV broadcasters went offline as businesses worldwide grappled with the ongoing outage. Air travel has been hit hard, too, with planes grounded and services delayed.

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks

“These compromised accounts serve as valuable resources, enabling the group to enhance the credibility and effectiveness of their spear-phishing efforts, establish persistence within targeted organizations, and evade detection by blending in with legitimate network traffic.”

Hackers are using Facebook ads to infect Windows PCs with password-stealing malware — how to stay safe | Tom’s Guide

Clicking on one of these fake ads takes potential victims to malicious sites hosted on Google Sites or True Hosting which appear to be download pages for the themes or software advertised on Facebook. These sites have a download button that when clicked, downloads a ZIP file with a name that matches the product advertised online.

Six Types of Social Engineering Attacks

Some examples of social engineering attacks include phishing, pretexting, scareware, baiting, vishing, smishing and CEO fraud. If you are unsure what qualifies as social engineering, imagine how many ways someone can manipulate you to reveal private information. Threat actors use these psychological techniques, both in person and online, to gain access to your personal or organizational information. These bad actors can install malware on your device, steal your information and even take your identity.

How to Identify and Protect Against Phishing Attacks

Data brokers collect your personal information from various sources and compile detailed profiles. That’s why cybercriminals love data brokers. They hoard your info from everywhere: public records (voter rolls, property ownership), online stuff (browsing history, social media profiles, newsletter signups), and even commercial sources (loyalty programs, purchases). This intel helps them craft compelling and realistic phishing scams or impersonate you or trusted sources to steal private info or money.

Evolution of Cybercrime Investigations

Cybercrime costs trillions, rising yearly. Criminals operate globally, teaching their methods. This article explores major cyberattacks from 1962 to 2024 and how investigators use advanced technology to combat them.

How to stay safe from cybercriminal “quishing” attacks | TechRadar

Phishing works so well because it relies on hacking the human psyche. We want to trust the stories we’re told – especially if they’re told by ostensibly trustworthy organizations or individuals. This is an admirable, but highly exploitable, trait. As technologies evolve, threat actors are continually refining the methods they use to take advantage of trusting end-users.