social engineering

In a stunning demonstration of the evolving cyber threat landscape, multiple Russian nation-state actors are now leveraging a novel phishing technique against Microsoft 365 accounts. This device code authentication phishing campaign, dissected in detail by cybersecurity firm Volexity...

In a twist that plays on the duality of trust and technology, threat actors are now leveraging a legitimate Microsoft feature to infiltrate Microsoft 365 (M365) accounts. This isn't your everyday phishing scam—with no suspicious attachments or shady links—but a sophisticated manipulation of the...

In an era where cybersecurity threats are as commonplace as coffee breaks, a recently uncovered phishing campaign targeting Microsoft 365 (M365) accounts demands your attention. Cybersecurity experts have identified Russian hackers impersonating U.S. and Ukrainian officials, weaving an intricate...

The ongoing saga of cybersecurity breaches has just added another eyebrow-raising chapter as Sophos reports a sophisticated cyberattack campaign targeting Microsoft 365 Copilot (formerly known as Office 365). In what can only be described as a diabolical twist on traditional social engineering...

Cybersecurity alarms are ringing loudly this week as cybercriminals have been identified leveraging misconfigurations and default settings in Microsoft Office 365 and Teams to carry out highly coordinated cyberattacks. Their objectives? Data theft, unauthorised system access, and even deploying...

Phishing scams are like the flu of the cybersecurity world—constant, evolving, and always finding new ways to surprise you. But the latest intel from Fortinet’s FortiGuard Labs warns us of a phishing campaign that adds a layer of sophistication, blending technological savvy with psychological...

In a recent security disclosure, a critical vulnerability, designated as CVE-2024-38164, has been identified in GroupMe, a popular group messaging application owned by Microsoft. This vulnerability allows an unauthenticated attacker to execute an elevation of privilege attack via a malicious...

Here is another real phishing email. This one purporting to be from PayPal. Lets dig in... (Orange) we have typos and grammatical errors (1) Again we have a weird email address from @paypap-us.com. This is highly unlikely owned by PayPal. (2) This email is probably BCC'd to a bunch of users...

Hi everyone. I received an email from Comcast today, it says that my service will be suspended unless I update my payment information. It said that the credit card company failed to authorize the payment. This message really looks official, when I clicked on My Account in the message, I...

Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency...

Original release date: February 11, 2021 Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to...

Original release date: December 10, 2020<br/><h3>Summary</h3><p>This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).</p>...

Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) framework. See the <a href="Techniques - Enterprise | MITRE ATT&CK®">ATT&amp;CK for...

Original release date: October 27, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...

Original release date: August 14, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA)...

Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...

Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...

Phishing is one of the easiest and most common tactics cyber criminals use to complete their objectives whatever it may be. Most people have received one or more phishing attacks and the amount sent to people is staggering. They can come as text messages, phone calls, email, advertisements on...

🇺🇸:p

Some information I've put together regarding social engineering and how people use it to get information. I will likely expand it in the future. ***UPDATE*** This file is safe I did not rig it as a test.