engineering
-
Blog
This hacker group is posing as IT helpdesk workers to target enterprises – and researchers warn its social engineering techniques are exceptionally hard to spot
Hackers are ramping up phishing campaigns involving fake helpdesk domains to target the legal, financial services, and accounting sectors in the US. According to researchers at EclecticIQ, with the help of threat researchers Silent Push, the Luna Moth group – also known as Silent Ransom Group, UNC3753, and Storm-0252 – has carried out a flurry of ‘callback phishing’ attacks since…
Read More » -
Blog
France accuses Russia of engineering years of high-profile cyberattacks
In an unprecedented display of diplomatic aggression, French authorities publicly accused Russia of sponsoring several high-profile cyber attacks on French entities for over a decade to gather intelligence and destabilize the country. The incidents include everything from a faked Islamic State takeover of a French television broadcast signal in 2015 to the leak of President Emmanuel Macron’s emails in 2017.…
Read More » -
Blog
State-sponsored cyber groups are flocking to the ‘ClickFix’ social engineering technique
State-sponsored hackers from North Korea, Iran, and Russia are exploiting the ‘ClickFix’ social engineering technique for the first time – and to great success. Popular for some time with cyber crime groups, ClickFix is a social engineering practice that uses dialog boxes with instructions to copy, paste, and run malicious commands on the target’s machine. The technique was first seen…
Read More » -
Blog
State-sponsored hackers embrace ClickFix social engineering tactic
ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns. ClickFix is a social engineering tactic where malicious websites impersonate legitimate software or document-sharing platforms. Targets are lured via phishing or malvertising and shown fake error messages that claim a document or…
Read More » -
Blog
Generative AI Powers Social Engineering Attacks
Phishing was no longer as common in 2024 as before, according to CrowdStrike’s 2025 Global Threat Report. Threat actors trend toward accessing legitimate accounts through social engineering techniques like voice phishing (vishing), callback phishing, and help desk social engineering attacks. We’re well within the era of what cybersecurity technology CrowdStrike called “the enterprising adversary,” with malware-as-a-service and criminal ecosystems replacing…
Read More » -
Blog
Enterprises are set to waste $44.5 billion on needless cloud spending this year – the growing disconnect between FinOps and engineering teams is a key factor
Enterprises could waste up to $44.5 billion in cloud spending this year as a rift between engineering and FinOps teams hampers cost efficiency, according to research from Harness. Enterprises estimate that 21% of their cloud infrastructure spend is wasted on underutilized resources, Harness found, with the majority of surveyed engineering staff putting this down to a disconnect between two key…
Read More » -
Blog
Engineering firm IMI hit with cyber attack just days after Smiths Group incident
Birmingham-based engineering firm IMI has revealed that it has been hit by a cyber attack. The FTSE-100 firm said the incident involved unauthorised access to its systems, but gave no further details. “As soon as IMI became aware of the unauthorised access, the company engaged external cybersecurity experts to investigate and contain the incident. In parallel, the company is taking…
Read More » -
Blog
What is chaos engineering and how can it benefit businesses?
Chaos engineering is the discipline of purposefully injecting faults into a system to build confidence in its resiliency. In the hands of IT teams, it can be a powerful tool for probing an organization’s security – but it has to be implemented in the right way to reduce and not add to staff burden. Chaos engineering isn’t all that different…
Read More » -
Blog
Can Security Experts Leverage Generative AI Without Prompt Engineering Skills?
Professionals across industries are exploring generative AI for various tasks — including creating information security training materials — but will it truly be effective? Brian Callahan, senior lecturer and graduate program director in information technology and web sciences at Rensselaer Polytechnic Institute, and Shoshana Sugerman, an undergraduate student in this same program, presented the results of their experiment on this…
Read More » -
Blog
AI and Platform Engineering Are Transforming DevOps
More than 75% of working professionals worldwide use AI at least once daily for work, but far fewer trust AI-generated code, according to a survey of 3,000 employees in Google’s 2024 Accelerate State of DevOps Report (DORA). The study, published on Oct. 22, revealed that 76% of professionals use AI to write code, summarize information, explain unfamiliar code, optimize code,…
Read More »