Google Cloud (ex. Mandiant): https://cloud.google.com/blog/topics/threat-intelligence/session-stealing-browser-in-the-middle/

Mandiant details in this article Browser-in-the-Middle (BitM) attacks, a sophisticated session stealing technique that bypasses multi-factor authentication. Unlike traditional transparent proxies like Evilginx2 that require extensive customization, BitM offers attackers a streamlined approach to compromise web application sessions with minimal configuration. The article describes Mandiant's internal tool 'Delusion' for performing BitM attacks and demonstrates how attackers can steal authenticated sessions even when protected by MFA. The authors recommend implementing hardware-based MFA solutions like FIDO2 security keys and client certificates as effective countermeasures against these attacks.

Dramaturgie eines Milliardencoups: Erste Untersuchungsdetails zum Fall #Bybit | heise online https://www.heise.de/news/Dramaturgie-eines-Milliardencoups-Erste-Untersuchungsdetails-zum-Fall-Bybit-10316989.html #cryptocurrency #cryptocurrencies #SocialEngineering

Looks like there is some good human manipulation, er, "social engineering" lately using a pretext of looking for security work and sending links through weird domains that redirect to calendly links for what I assume is an opportunity to continue the con. For now, I would BOLO URIs with ?redirectTo=https://calendly.com/* in the parameters. I can't say they're necessarily malicious, but I would certainly scrutinize them and the domain you see them redirected from, especially if the original subdomain is t or trk.

New #Blog post - My #scammer girlfriend: baiting a romance fraudster

Warning, this is a **long** post.

I decided to fall for a #RomanceFraud campaign so that I could see what #SocialEngineering techniques they used and what data _they_ leaked.

They spent 3 weeks building the storyline + relationship before eventually asking for money

https://www.bentasker.co.uk/posts/blog/security/seducing-a-romance-scammer.html

Russian State Actors: Development in Group Attributions

This analysis explores the evolution of Russian state-backed cyber actors and their operations. It highlights the activities of several prominent groups, including UNC2589, APT44 (Sandworm), APT29, and APT28. These actors, associated with various Russian intelligence agencies, have been involved in global espionage, sabotage, and influence operations. The report details their targets, which include government organizations, critical infrastructure, and diplomatic entities across multiple countries. It also describes the groups' adaptation to new security measures and their use of advanced techniques such as zero-day exploits, social engineering, and living off the land tactics. The analysis emphasizes the importance of understanding these actors' methods for improving global cybersecurity resilience.

Pulse ID: 67cc2ca27d4672d04ef4eb01
Pulse Link: https://otx.alienvault.com/pulse/67cc2ca27d4672d04ef4eb01
Pulse Author: AlienVault
Created: 2025-03-08 11:40:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Someone has apparently registered a Boost mobile phone plan to an email group at my company like security@company[.]com. I’ve verified emails ARE coming from boost servers and the links seem to go to legit boost urls - what’s the scam? #socialengineering #infosec

#NorthKorea's Unprecedented $1.5 Billion #Crypto Heist Exploited Human Element, Not Code

https://it.slashdot.org/story/25/02/26/0522234/north-koreas-unprecedented-15-billion-crypto-heist-exploited-human-element-not-code

"Explain #SocialEngineering to me like I'm five years old."

"A new device logged into your account from #PYONGYANG"

revolutionary new vectors in #socialengineering.

DATE: February 25, 2025 at 05:45PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

#ElonMusk's Federal Worker Email Sparks 'Security Nightmare': #FDA Workers Among Those Caught Up in the Mess https://t.co/UNeZ9CB5kQ

Here are any URLs found in the article text:

https://t.co/UNeZ9CB5kQ

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Phishing-Kampagne zielt auf hochrangige X-Accounts ab

#Cybersecurity @KnowBe4 #Phishing #SecurityAwareness #Sicherheitsbewusstsein #SocialEngineering #ZweiFaktorAuthentifizierung

https://netzpalaver.de/2025/02/25/phishing-kampagne-zielt-auf-hochrangige-x-accounts-ab/

At this point, I don't think I can solve tech issues purely by the book. Not only technology keeps on rapidly evolving, but human interactions and reactions to said tech has been very overlooked IMO. Infosec might as well be considered as an art as well as a science.

All the #infosec bullshit #security work of the last 20 years just looks like cosplay nonsense.

Turns out you can just walk in through the front door with a bunch of zitty #blackhats
As long as you use the "ideology" #socialengineering #sploit and steal and destroy everything.

Cybercrime of the century.

(1/2) In another life I wrote about data breaches. Surprisingly hacks usually resulted from basic attack patterns. Often just credential abuse. Effectively knowledge asymmetry + exploitation of trust.

Once I noticed this, I saw the pattern everywhere. Companies finding ways to sell harmful products. The wealthy using clout to avoid legal consequences. Building systems resistant to trust violations is hard. Thinking about this has become a bit of an obsession.

I would just like to say that these signs in the DFW airport bathrooms are peak social engineering, and I do hope Dan Patrick enjoys all the phone calls from people upset about the government photographing their hairy bits.