Clorox got cleaned out by hackers who discovered the ultimate cheat code: polite phone conversation 
Their $380M breach happened because Cognizant's help desk handed over passwords to anyone who asked nicely - twice! No verification required.
Sometimes the most "sophisticated" attacks are just good manners.
#Unterscheidung eines #Begriffs von #Telemetrie im #Sinn von #Übertragung von #Messwerten und seiner #Anwendung als #Konzept in der #Informationstechnik
https://de.wikipedia.org/wiki/Telemetrie
https://de.wikipedia.org/wiki/Telemetrie_(Software)
#Synchron #SocialEngineering als #Anwendung auf #gesellschaftlicher #Ebene
#Beispiel DB #Lightgate - #Innovative #Auslastungserfassung in #Echtzeit (#Ziel: #Effizienzsteigerung)
https://lightgate.deutschebahn.com/lightgate-de
Frank #Schätzing - Der #Schwarm, S.221ff.
Seriously? WTF?
“Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques,” according to a copy of the lawsuit reviewed by Reuters. “The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox’s network, and Cognizant handed the credentials right over.”
Security researchers reveal campaign distributing malware through Microsoft Teams
Attack:
- Attackers impersonate IT helpdesk
- Tricks users into downloading the Matanbuchus loader
- The loader in turn can collect information, run commands, and download other malware
Nobody is immune to deepfakes, and definitely not the current US administration https://www.theguardian.com/us-news/2025/jul/08/marco-rubio-ai-impostor #ai #infosec #deepfakes #marcorubio #socialengineering
DATE: July 08, 2025 at 11:59AM
SOURCE: HIPAA JOURNAL
Direct article link at end of text block below.
Compumedics Cyberattack Affects Almost a Dozen Healthcare Providers https://t.co/hp9XBcn3Es #healthcare #databreach
Articles can be found by scrolling down the page at https://www.hipaajournal.com/ .
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity
-------------------------------------------------
Check it out , try it - ethically! -, and if you like it, leave a star. And if you feel brave enough ... 
... fork & contribute.
https://medium.com/bugbountywriteup/darkmailr-generate-realistic-context-aware-phishing-emails-air-gapped-d3cc88457dab
Made with 
for the cybersecurity community.
#Phishing #SocialEngineering #Ollama #Flask #OSS
The more we can deliver, the more resources we consume.
Animals "use efficiency to catalyze sprawl. […] The road to degrowth will require drastic social change."
@blair_fix wrote: https://economicsfromthetopdown.com/2024/05/18/a-tour-of-the-jevons-paradox-how-energy-efficiency-backfires/ 
Scattered Spider hackers are now targeting aviation and transport by posing as trusted insiders—imagine getting a call from "IT support" that isn’t really IT support. How deep does their deception go?
#scatteredspider
#cybersecurity
#socialengineering
#aviationsecurity
#transportationsecurity
Frank stone wall builders have a problem, I repeat, stone wall builders have a ..
Did you know?
Social engineering is the number One attack vector in Computer Science, because the problem is always between the keyboard and the chair.
#Enisa
#socialengineering #cybersecurity #Whistleblower #ZeroDay #Patch #SecretSignsKlub #cybersecurityawareness
@PogoWasRight @lawrenceabrams @zackwhittaker @campuscodi
That is the beauty of the beast.
There does not have to be an actual breach to offer free credit monitoring. As a side effect, In the meantime, they collect updated PII.
Deepfake Danger: FBI Issues Urgent Warning on AI Voice Attacks
Since April, cybercriminals have been using AI-generated voice deepfakes to impersonate senior U.S. officials in phishing attacks that target current and former government personnel.
The FBI’s latest alert warns of growing threats from vishing (voice phishing) and smishing (SMS phishing), where attackers use cloned voices and fake texts to build trust, then trick victims into handing over sensitive data or access.
One tactic? Sending links that move the conversation to other messaging platforms, then hijacking accounts to target additional contacts.
You can't assume messages or even video calls are real these days, so always verify sensitive requests through another known communications channel! These attacks underscore the need for stronger verification protocols, staff training, and multi-layered defenses. Contact us if you need help implementing these proactive cybersecurity controls.
Read the full article: https://www.bleepingcomputer.com/news/security/fbi-us-officials-targeted-in-voice-deepfake-attacks-since-april/
#3AM #ransomware uses spoofed #IT calls, #email bombing to breach networks
The rise of Agentic AI has opened new frontiers for adversaries looking to automate and scale social engineering attacks. We are entering a phase where Agentic AI systems will be able act autonomously, make decisions, adapt based on feedback, and complete goal-oriented operations with minimal human intervention.
I wrote an article explaining what Agentic AI really is, and how it can shape the future of social engineering attacks. 
State-sponsored threat actors often leverage techniques first developed and deployed by cybercriminal actors. One example is #ClickFix, a highly effective technique that involves clever #socialengineering.
Listen as Proofpoint threat research experts Selena Larson, Sarah Sabotka, and Saher Naumaan deep dive into how modern #espionage and #cybercrime are increasingly blurring lines.
Stream DISCARDED now:
Apple Podcasts: https://brnw.ch/21wSNbM
Spotify: https://brnw.ch/21wSNbL
Web player: https://brnw.ch/21wSNbN
Coinbase says hackers bribed overseas support staff to steal customer data, demanding a \$20M ransom. Info included SSNs, IDs, and balances. Company won’t pay, offers \$20M reward for leads.
https://www.europesays.com/2076112/ Australia, New Zealand invest AUD $7 million in cyber education #Australia(Australian) #CriticalInfrastructure #CyberResilience #CyberThreats #Cybersecurity #HumanRiskManagement #knowbe4 #NewZealand #NewZealand(NZ) #OnlineSecurity #phishing #SocialEngineering
NICKEL TAPESTRY expands fraudulent worker operations https://news.sophos.com/en-us/2025/05/08/nickel-tapestry-expands-fraudulent-worker-operations/ #Ctu, #DemocraticPeople’sRepublicOfKorea, #EmploymentScam, #Featured, #Fraud, #NickelTapestry, #NorthKorea, #SocialEngineering
