Categories Topics
Description
Social Engineering (e.g., phishing)

Overview
Social Engineering is the process of tricking a person into divulging sensitive information.  Various methods include, but not limited to:
  • Phishing - the process of sending out an electronic message that may mimic a fake website in order to lure unsuspecting users to enter sensitive information (e.g. bank login/password, credit card, etc.); phishing is also used to establish a presence on corporate user devices and then continue to search and expand for other target systems inside the network in order to steal data.
  • Malware - the process of persuading users to run malware-laden files sent in electronic messages.
  • Weak authentication methods - social engineers may attempt to call in, mimic a user, and trick help desk or call center employees to reset or gain password information based on information obtained through various methods (e.g. secret questions, social networking sites, sensitive papers in public trash).

Guidelines
Social Engineering can be mitigated through ongoing security awareness training and education of employee staff of social engineering tactics, to include phishing and malware, to name a few.

End-users should handle electronic messages with care.  For instance, users should not open up attachments from unknown origin or file types.  Such files may be laden with malware written by malicious users with the intent of stealing sensitive information.  Additionally, users should discard messages sent from suspicious e-mail addresses, fake or non-authentic websites.  Users should not use e-mail messages to log in to sensitive websites, such as financial institutions.  Instead, use authentic websites that ensure secure SSL communication via a web browser.

Two-factor authentication can also be used when logging into sensitive websites or for remote access into company networks.  For instance, a hardware token that generates a one-time password that must be entered, in addition to user name and password, can thwart many social engineering methods, such as phishing attacks.  Stolen passwords may be worthless to an attacker since they would also need the user's token to log in to the website or network.

Finally, help desk or call center staff should be well trained and have procedures in place to ensure strong authentication is used to reset or give out passwords.  For instance, users may need to provide answers to several private password challenge questions such as mother's maiden name, date of birth, etc. before gaining password information.  Self-service password reset websites can also be programmed to automate help desk tasks to reset passwords. 
       

Topic Category
Acceptable Use
 
News Articles
Google: Security Keys Neutralized Employee Phishingkrebsonsecurity.com7/23/2018
Hoax alert! Starbucks is NOT inviting you to test its shatterproof windowsnakedsecurity.sophos.com5/31/2018
Hackers continue to exploit hijacked MailChimp accounts in cybercrime campaignshotforsecurity.bitdefender.com3/15/2018
Engineering Firm Pays $1.3K after Ransomware Affects Servers, Backupswww.tripwire.com1/23/2018
30K Florida Medicaid Recipients’ Data Possibly Accessed in Phishing Attackwww.tripwire.com1/8/2018
Holiday season scams: Fake deals, fake stores, fake opportunitieswww.helpnetsecurity.com11/22/2017
Canadian Business Banking Customers Hit With Targeted Phishing, Account Takeover Attackssecurityintelligence.com11/22/2017
Malicious Chrome extension steals all datawww.helpnetsecurity.com10/30/2017
“Cyber Conflict” Decoy Document Used In Real Cyber Conflictblog.talosintelligence.com10/22/2017
Malware Fools Users with Fake Document While It Steals Their Passwordswww.tripwire.com10/5/2017
1.4 million phishing websites are created every month: Here's who the scammers are pretending to bewww.zdnet.com9/22/2017
Spoofed IRS notice delivers RAT through link updating trickwww.helpnetsecurity.com9/22/2017
Equifax Sent Breach Victims to Fake Websitewww.securityweek.com9/21/2017
Targeted Attack Uses Word Docs to Collect Info about Installed Softwarewww.tripwire.com9/18/2017
Kedi RAT Phones Transmits Data to Attackers Using Gmailwww.tripwire.com9/14/2017
Phishers targeting LinkedIn users via hijacked accountswww.helpnetsecurity.com9/13/2017
US-CERT advisory: Hurricane-Related Scamswww.us-cert.gov9/8/2017
Canadian university scammed out of $11.8 millionwww.helpnetsecurity.com9/1/2017
Cancer Treatment Center Notifies 19K Patients of Ransomware Attackwww.tripwire.com9/1/2017
Malware Using Facebook Messenger to Serve up Multi-Platform Threatswww.tripwire.com8/25/2017
DMARC anti-phishing standard adoption is lagging even in big firmswww.theregister.co.uk8/24/2017
Google wants iOS Gmail users to think twice about following suspicious linkswww.helpnetsecurity.com8/14/2017
Ransomware turns even nastier: Destruction, not profit, becomes the real aimwww.zdnet.com8/9/2017
APT Group Uses Catfish Technique To Ensnare Victimsthreatpost.com7/27/2017
Trickbot Malware Now Targets US Banksthreatpost.com7/24/2017
Hackers are using this new attack method to target power companieswww.zdnet.com7/10/2017
Fake Facebook Warning Urges Users to Decline Jayden K Smith Hackerwww.tripwire.com7/10/2017
SamSam Increases Ransom Demand to $33,000www.securityweek.com6/24/2017
How the CIA gained access to air-gapped computerswww.helpnetsecurity.com6/23/2017
UCL ransomware attack traced to malvertising campaignwww.theregister.co.uk6/22/2017
The Microsoft security hole at the heart of Russian election hackingwww.computerworld.com6/20/2017
Phishers Padding URLs with Hyphens to Target Facebook Userswww.tripwire.com6/19/2017
How a Single Email Stole $1.9 Million from Southern Oregon Universitywww.tripwire.com6/13/2017
Russian malware controls hiding in plain sight — on Britney Spears' Instagram pagewww.zdnet.com6/8/2017
Mouse hovering malware delivery scheme spotted, called potentially very dangerouswww.scmagazine.com6/8/2017
40,000 Subdomains Tied to RIG Exploit Kit Shut Downthreatpost.com6/5/2017
Financial malware more than twice as prevalent as ransomwarewww.symantec.com6/1/2017
Rash Of Phishing Attacks Use HTTPS To Con Victimsthreatpost.com5/26/2017
Turla gets ready to target Mac userswww.helpnetsecurity.com5/5/2017
Sneaky Gmail phishing attack fools with fake Google Docs appwww.computerworld.com5/4/2017
Brands increasingly targeted by false websites and phishingwww.helpnetsecurity.com5/3/2017
New OS X Malware Grants Attackers Access to All Victim Communicationwww.tripwire.com5/1/2017
Seven in ten UK unis admit being duped by phishing attackswww.theregister.co.uk4/27/2017
Original XPan Ransomware Returns, Targets Brazilian SMBsthreatpost.com4/25/2017
Ransomware hidden inside a Word document that’s hidden inside a PDFnakedsecurity.sophos.com4/24/2017
Don’t Click on a Delta Air Lines Receipt with No Flight Information!www.tripwire.com4/21/2017
Low-Cost Ransomware Service Discoveredthreatpost.com4/18/2017
Fake LinkedIn emails phishing job seekerswww.helpnetsecurity.com4/18/2017
Kelihos/Waledac: US law enforcement hits botnet with major takedownwww.symantec.com4/11/2017
Elite Chinese hackers target board directors at some of the world's largest firmswww.zdnet.com4/6/2017
Aviation-Related Phishing Campaigns Seeking Credentialsthreatpost.com3/31/2017
Open-source developers targeted in sophisticated malware attackwww.computerworld.com3/30/2017
Malspam Campaign Personalizes Emails with Recipient’s Name and Addresswww.tripwire.com3/30/2017
Man Used BEC Scam to Defraud Two U.S. Companies of $100Mwww.tripwire.com3/22/2017
Clever Gmail Phishing Scam Tricked Even Technical Userswww.tripwire.com3/20/2017
Petya-Based PetrWrap Ransomware Emergeswww.securityweek.com3/15/2017
Spam campaign targets financial institutions with fake security softwarewww.symantec.com3/13/2017
FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filingswww.fireeye.com3/7/2017
Tech Support Scam Uses Website Elements to Spoof Microsoft Support Pagewww.tripwire.com3/3/2017
Slack bug paved the way for a hack that can steal user accesswww.computerworld.com3/2/2017
Germans, Czechs served with banking malware through SMSwww.helpnetsecurity.com2/28/2017
Google to Block .js Attachments in Gmailthreatpost.com1/26/2017
Sage 2.0 Ransomware Using Malspam and Macros to Infect Windows Userswww.tripwire.com1/24/2017
Israeli soldiers duped into installing malware via fake Facebook profilesnakedsecurity.sophos.com1/23/2017
IC3 Warns of Employment Scams Targeting College Studentswww.us-cert.gov1/19/2017
Report: malicious 'fake' news links used to socially engineerwww.scmagazine.com1/18/2017
This fake security email tries to make your PC part of a botnetwww.zdnet.com1/12/2017
Amazon Scammers Using Fake Payment Sites to Steal Buyers’ Moneywww.tripwire.com1/12/2017
Ransomware, DDoS now top threats as hackers look for big paydayswww.zdnet.com1/11/2017
Spora Ransomware Equipped with Sophisticated Encryption, Payment Sitewww.tripwire.com1/11/2017
Beware phishing scams in Amazon listingsnakedsecurity.sophos.com1/11/2017
KillDisk now targeting Linux: Demands $250K ransom, but can’t decryptwww.welivesecurity.com1/5/2017
This ransomware targets HR departments with fake job applicationswww.zdnet.com1/4/2017
Website Malware Targets Mobile Platformsblog.sucuri.net1/2/2017
GootKit and Godzilla End 2016 Strong with New Malware Campaignswww.tripwire.com12/29/2016
New Wave of Hailstorm Spam Pelts Inboxesthreatpost.com12/21/2016
New Decryptor Unlocks CryptXXX v3 Filesthreatpost.com12/20/2016
‘Popcorn Time’ Ransomware Sure to Cause Indigestionsecuringtomorrow.mcafee.com12/19/2016
Phishing scam using Microsoft and MasterCard documents as baitwww.scmagazine.com12/16/2016
Latest Intelligence for November 2016www.symantec.com12/14/2016
This 'highly personalized' malware campaign targets retailers with phony customer querieswww.zdnet.com12/9/2016
Webcam Blackmail Cases Doubled in Past Year, Says NCAwww.tripwire.com11/30/2016
San Francisco transport system ransomware attacker also extorted other US-based businesseswww.helpnetsecurity.com11/29/2016
Cerber 5.0.1 ransomware spreading via Google and Torwww.scmagazine.com11/29/2016
Ransomware scams cost Brits £4.5m per yearwww.theregister.co.uk11/28/2016
CEO Fraud Email Scams Target Healthcare Institutionsblog.trendmicro.com11/23/2016
Gatak: Healthcare organizations in the crosshairswww.symantec.com11/21/2016
Telecrypt ransomware uses Telegram for command and controlwww.helpnetsecurity.com11/10/2016
Get Verified Through a Promoted Tweet? Nope. It’s a Scam!www.tripwire.com10/31/2016
Microsoft: Beware this fake Windows BSOD from tech support scammers' malwarewww.zdnet.com10/24/2016
Election misdirection: Scammers exploiting presidential race with malware, spam and botswww.scmagazine.com10/20/2016
Macro Malware Employs Password Protection to Evade Analysiswww.tripwire.com10/19/2016
Scam Using Student Loan Forgiveness Spam to Spread Ascesso Malwarewww.tripwire.com10/14/2016
Odinaff: New Trojan used in high level financial attackswww.symantec.com10/11/2016
772 Detained Following Raids Against Indian IRS Scam Centerswww.tripwire.com10/11/2016
Spam is once again on the risewww.helpnetsecurity.com9/22/2016
Malicious websites visited every five seconds by enterprise workers, reportwww.scmagazine.com9/21/2016
Cybercrooks use drive-by malware to rob Reddit users' cryptowalletswww.scmagazine.com9/19/2016
Mobile users actively spammed from compromised iCloud accountswww.helpnetsecurity.com9/19/2016
FBI urges ransomware victims to step forwardwww.networkworld.com9/16/2016
Amex users hit with phishing email offering anti-phishing protectionwww.helpnetsecurity.com9/15/2016
Seagate sued by angry staff following phishing data breachwww.zdnet.com9/12/2016
Latest Locky version on the loosewww.scmagazine.com8/26/2016
FTC Releases Alert on Louisiana Flood Disaster Scamswww.us-cert.gov8/23/2016
'Massive' Locky ransomware campaign targets hospitalswww.zdnet.com8/19/2016
Non-existent video involving Hillary Clinton and ISIS leader used as bait in malicious spamwww.symantec.com8/17/2016
New ransomware mimics Microsoft activation windowwww.symantec.com8/5/2016
Beware of the Cerber2 Ransomware!www.tripwire.com8/5/2016
AdGholas malvertising campaign hid malicious code in images to avoid discoverywww.scmagazine.com7/29/2016
Active iOS Smishing Campaign Stealing Apple Credentialsblogs.mcafee.com7/28/2016
Feds shut down tech support scammers, freeze assetswww.computerworld.com7/20/2016
CryptXXX Now Being Distributed via Spam Emailswww.securityweek.com7/18/2016
Now ransomware is taking aim at business networkswww.zdnet.com7/15/2016
Ransomware attack almost sends NASCAR team to the garagewww.scmagazine.com6/24/2016
Increased Risks from Macro-Based Malwarewww.us-cert.gov6/9/2016
Phishers Abuse Hosting Temporary URLsblog.sucuri.net6/7/2016
CEO sacked after aircraft company grounded by whaling attackwww.scmagazine.com5/27/2016
Amazon Users Targets of Massive Locky Spear-Phishing Campaignthreatpost.com5/26/2016
Targeted Attacks against Banks in the Middle Eastwww.fireeye.com5/22/2016
Investment Firm Loses $495K in Spear-Phishing Attackwww.tripwire.com5/9/2016
Current Campaign Delivers Hundreds of Thousands of Polymorphic Ransomwareblogs.mcafee.com5/9/2016
FBI Warns of a Rise in Ransomware Attackswww.tripwire.com5/3/2016
GozNym banking Trojan ramps up attacks, targets Europewww.zdnet.com4/26/2016
FTC Issues Alert on Earthquake Relief Email Scamswww.tripwire.com4/21/2016
Google Alerts, Direct Webmaster Communication Get Bugs Fixed Quicklythreatpost.com4/18/2016
Three more hospitals hit with ransomware attackswww.networkworld.com3/23/2016
Hacktivists Turn to Phishing to Fund Their Causesblogs.mcafee.com3/16/2016
Kaspersky sees uptick in spam from fake 'Amazon stores'www.scmagazine.com3/7/2016
IRS Issues Alert for Tax Phishing Schemewww.us-cert.gov3/2/2016
ATMZombie Trojan strikes Israeli bankswww.zdnet.com2/29/2016
http://www.symantec.com/connect/blogs/russian-bank-employees-received-fake-job-offers-targeted-email-attackwww.symantec.com2/22/2016
New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransomresearchcenter.paloaltonetworks.com2/18/2016
Nivdort: Data-Stealing Trojan Arrives via Spamblogs.mcafee.com2/18/2016
Brazilian companies receive more than 40,000 spam emails in infostealer campaignwww.symantec.com2/4/2016
Fake Adobe Flash Update OS X Malwareisc.sans.edu2/4/2016
Anyone could pull off a LostPass phishing attack to get all your LastPass passwordswww.networkworld.com1/17/2016
WhatsApp Phishing Email Campaign Spreading Nivdort Malware Variantwww.tripwire.com1/13/2016
Phishing Email Scam Targeting DHL Customerswww.tripwire.com11/17/2015
Fraudsters exploit weak SSL certificate security to set up hundreds of phishing siteswww.scmagazine.com10/13/2015
The fake LinkedIn recruiter network hackers are using to reel in business userswww.zdnet.com10/8/2015
Dridex is Back and Targeting the UKresearchcenter.paloaltonetworks.com10/1/2015
Novel malware dupes victims with fake blue screen of deathwww.zdnet.com9/29/2015
Phishing is a $3.7-million annual cost for average large companywww.csoonline.com8/26/2015
Facebook tax refund scam earns Arizona woman 6 years in jailnakedsecurity.sophos.com8/7/2015
New Windows 10 phishing scam spotted, complete with faked antivirus scan messagewww.scmagazine.com8/4/2015
Malicious spam continues to serve zip archives of javascript filesisc.sans.edu7/29/2015
Russians use Twitter, photos to hack US computers: Reportwww.cnbc.com7/29/2015
Analyzing a Facebook Clickbait Wormblog.sucuri.net6/30/2015
Dridex Malware Featured in New Spam Campaign Targeting Email Userswww.tripwire.com6/30/2015
Attackers compromise email accounts using password recovery scamwww.scmagazine.com6/22/2015
Phishing study finds major brands heavily targeted, niche sites also at risknakedsecurity.sophos.com6/1/2015
New Research: Some Tough Questions for ‘Security Questions’googleonlinesecurity.blogspot.com5/22/2015
IC3 Issues Internet Crime Report for 2014www.us-cert.gov5/22/2015
‘Phantom Menace’ Malware-Free Scam Used to Steal Login Credentials From Oil Brokerswww.tripwire.com5/18/2015
Google updates Password Alert to block attack that mutes phishing warningswww.zdnet.com5/1/2015
Alert: Nepal Earthquake Disaster Email Scamswww.us-cert.gov4/30/2015
Chrome Can Now Warn Users Who Type Gmail Passwords in Dumb Placeswww.wired.com4/29/2015
Sony Hackers Used Phishing Emails to Breach Company Networkswww.tripwire.com4/22/2015
APT 30 and the Mechanics of a Long-Running Cyber Espionage Operationwww.fireeye.com4/12/2015
Operation Woolen-Goldfish: When Kittens Go Phishingblog.trendmicro.com3/18/2015
‘Gazon’ Malware Spreads Via SMS Using Fake Amazon Gift Card Offerswww.tripwire.com3/3/2015
IRS Issues Warning for a Scam Targeting Tax Preparerswww.us-cert.gov2/18/2015
Microsoft phishing emails target corporate users, deliver malware that evades sandboxeswww.scmagazine.com2/12/2015
Over 90 percent of data breaches in first half of 2014 were preventablewww.zdnet.com1/21/2015
Affordable Care Act Phishing Campaignwww.us-cert.gov1/15/2015
IC3 Issues Alert on University Employee Payroll Scamwww.us-cert.gov1/15/2015
Malware sites offering Oracle 'patches'blogs.oracle.com1/14/2015
TorrentLocker Ransomware Hits ANZ Regionblog.trendmicro.com1/11/2015
Snooker WPA secrets with this Wi-Fi toolwww.theregister.co.uk1/5/2015
ZeuS variant strikes 150 banks worldwidewww.zdnet.com12/19/2014
Upatre Downloader Spreading Dyreza Banking Trojanthreatpost.com12/12/2014
New Phishing Emails Descend On GoDaddy Customerswww.tripwire.com12/12/2014
Traveling business executives targeted through luxury hotel Wi-Fiwww.zdnet.com11/10/2014
The dangers of opening suspicious emails: Crowti ransomwareblogs.technet.com10/28/2014
Fake Dropbox login page nabs credentials, is hosted on Dropboxwww.scmagazine.com10/20/2014
Dyre Banking Trojan Used in APT-Style Attacks Against Enterprisessecurityintelligence.com9/15/2014
'Backwards' writing is spammers' new mail filter avoidance trickwww.theregister.co.uk9/12/2014
JPMorgan customers targeted by unusual scamwww.cnbc.com8/21/2014
Bitcoin phishing campaign targets media, tech, education industrieswww.zdnet.com8/21/2014
Anatomy of an iTunes phish - tips to avoid getting caught outnakedsecurity.sophos.com7/28/2014
Five Year Old Phishing Campaign Unveiledthreatpost.com7/14/2014
Zeus PIF - The evolving strain looking to defeat your security softwarecommunity.websense.com7/7/2014
'Clandestine Fox' hackers target energy employee with social mediawww.computerworld.com6/11/2014
Phishing campaign touts fake 'Heartbleed removal' toolwww.computerworld.com6/3/2014
Brazilian government hit by cyberattackwww.zdnet.com5/30/2014
Hackers go after Google users in advanced phishing attackwww.cnbc.com5/13/2014
Microsoft Azure is phishing-friendlywww.zdnet.com4/30/2014
EA Games hackers get Apple ID, Origin passwords and payment infowww.zdnet.com3/20/2014
Hackers transform EA Web page into Apple ID phishing schemenews.cnet.com3/19/2014
DIY Training on Phishing Detection Backfires for Armywww.securitywatch.pcmag.com3/18/2014
How this one innocous tweet could hack a bank accountwww.zdnet.com3/5/2014
How hackers stole millions of credit card records from Targetwww.zdnet.com2/13/2014
The Internet is Broken–Act Accordinglythreatpost.com2/7/2014
Hackers access 800,000 Orange customers' datawww.zdnet.com2/3/2014
Scammers Using World Cup as Phishing Lurethreatpost.com2/3/2014
Syrian Electronic Army Hacks CNN Social Media, Microsoft Transparency Datathreatpost.com1/27/2014
New Malware Attacks Target Syrian Activiststhreatpost.com12/24/2013
What To Expect After the Target Card Data Breachsecuritywatch.pcmag.com12/19/2013
Cloned Facebook accounts hit up friends with spam and money requestsnakedsecurity.sophos.com12/3/2013
The top ten scams to watch out for this Christmaswww.zdnet.com11/15/2013
British Spies Hacked Telecom Network by Luring Engineers to Fake LinkedIn Pageswww.wired.com11/11/2013
IE zero-day is targeted, sophisticatedwww.zdnet.com11/11/2013
Fake femme fatale dupes IT guys at US government agencynakedsecurity.sophos.com11/3/2013
Fake Dropbox Password Reset Spam Leads to Malwarethreatpost.com10/21/2013
Mac tech support scam reportedwww.zdnet.com10/17/2013
Mac fans: You don't need Windows to get ripped off in tech support scamswww.theregister.co.uk10/16/2013
Announcing the IBM X-Force 2013 Mid-Year Trend and Risk Reportsecurityintelligence.com9/24/2013
'Bogus IT guys' slurp £1.3m from Barclays: Cybercops cuff 8 blokeswww.theregister.co.uk9/20/2013
McAfee: And the most dangerous cyber celebrity is...news.cnet.com9/18/2013
Shylock Financial Malware Back and Targeting Two Dozen Major Banksthreatpost.com9/18/2013
Do you trust your waiter? Hacked bank-card reader TEXTS your info to crimswww.theregister.co.uk9/16/2013
Inside the Response to the New York Times Attackthreatpost.com8/29/2013
Hacking Heist Flummoxes French Bankssecuritywatch.pcmag.com8/28/2013
Good News: Phishing Protection Actually Workssecuritywatch.pcmag.com8/20/2013
Apple hack exploited with new phishing campaignwww.zdnet.com7/25/2013
New Mac malware disguised with right-to-left encoding trickreviews.cnet.com7/15/2013
Before You Share, Ask Yourself “Is This TMI?”blogs.mcafee.com7/15/2013
Practical IT: How to plan against threats to your businessnakedsecurity.sophos.com7/12/2013
Google adds (some) malware and phishing info to Transparency Reportnakedsecurity.sophos.com6/28/2013
Penetration testing employees' social media to improve policywww.zdnet.com6/25/2013
Internet fraud still stings suckerswww.theregister.co.uk6/18/2013
Google uncovers phishing campaign targeting Iraniansnews.cnet.com6/12/2013
Breaking news, LITERALLY: Financial Times vandalized by hackerswww.theregister.co.uk5/17/2013
Study finds hosting providers offer phishing paradisewww.scmagazine.com4/25/2013
Vulns, exploits, hacks: Trusteer touts tech to terminate troubleswww.theregister.co.uk4/24/2013
Healthcare sector, SMBs top cybercrime targets in Singaporewww.zdnet.com4/21/2013
Blackhole Exploit Kit Spam Campaigns Disguised as Top Service Brandsblogs.mcafee.com4/17/2013
Advanced Persistent Threats get more advanced, persistent and threateningwww.theregister.co.uk4/4/2013
Ransomware leverages victims' browser histories for increased credibilitywww.computerworld.com4/1/2013
Phishing Campaign Using Military, Illicit Attachmentsthreatpost.com3/29/2013
Microsoft: Hackers obtained high-profile Xbox Live accountswww.computerworld.com3/20/2013
New class of industrial-scale super-phishing emails threatens bizwww.theregister.co.uk3/4/2013
Security report becomes security riskwww.theregister.co.uk2/22/2013
Twitter aiming to slash phishing e-mails sent from 'Twitter.com'news.cnet.com2/21/2013
Facebook, Apple hacks could affect anyone: Here's what you can dowww.zdnet.com2/20/2013
Oxford Uni blocks Google Docs, points finger at Google over phishing failwww.zdnet.com2/19/2013
Adobe confirms targeted attacks due to security hole in Readernews.cnet.com2/14/2013
Don't open that PDF: There's an Adobe Reader zero-day on the loosewww.zdnet.com2/13/2013
Banking malware returns to basics, researchers saywww.computerworld.com2/8/2013
Wall Street Journal: China hackers hit us, toonews.cnet.com1/31/2013
New York Times breach opens anti-virus, attribution debatewww.scmagazine.com1/31/2013
China, The New York Times and the Value of Self-Shamingthreatpost.com1/31/2013
Trojan preys on victims fearful of missing a FedEx deliverywww.scmagazine.com1/30/2013
Chinese hackers said to wage cyberwar on The New York Timesnews.cnet.com1/30/2013
Spammers joyride Doctor Who's Twitter TARDIS, turn man into Shirley Templewww.theregister.co.uk1/28/2013
Scottish Power blows a fuse after Twitter hijackingwww.theregister.co.uk1/25/2013
Precision Bouncer List Phishing Kits Keep Targets Inside the Ropesthreatpost.com1/16/2013
ADP-Themed Phishing Emails Lead to Blackhole Sitesthreatpost.com1/14/2013
5 key security threats in 2013www.zdnet.com1/8/2013
Yahoo Mail XSS Vulnerability Could Affect Millions of Accountsthreatpost.com1/7/2013
Spammers Using Fake YouTube Notifications to Peddle Drugsthreatpost.com12/26/2012
End of days: Possessed POWERPOINT predicts Mayan Apocalypsewww.theregister.co.uk12/21/2012
Dutch script kiddie pwns 20,000 Twitter profileswww.theregister.co.uk12/14/2012
LogMeIn, DocuSign Investigate Breach Claimskrebsonsecurity.com12/14/2012
Attacker steals ‘old passwords’ from Oz defence academy sitewww.theregister.co.uk12/11/2012
Police-themed ransomware speaks to victims -- literallywww.computerworld.com12/10/2012
That square QR barcode on the poster? Check it's not a stickerwww.theregister.co.uk12/10/2012
How did European bank malware steal $47 million?www.zdnet.com12/7/2012
New Accounting System Hack Could Cause 'Mayhem'threatpost.com12/7/2012
Japan space agency: Virus may have stolen space rocket datawww.computerworld.com11/30/2012
Spear Phishing Remains Preferred Point of Entry in Targeted, Persistent Attacksthreatpost.com11/30/2012
US software firm hacked for years after suing Chinawww.theregister.co.uk11/29/2012
Beware the malware-tipped SPEAR TRAP in your inboxwww.theregister.co.uk11/29/2012
Phony Browser Updates Redirect Victims to Malware Sites, Scarewarethreatpost.com11/28/2012
Researcher Owns Internal Network after Victim Opens Emailthreatpost.com11/28/2012
A patched browser - false feeling of security or a security utopia that actually exists?www.zdnet.com11/27/2012
Yahoo Email-Stealing Exploit Fetches $700krebsonsecurity.com11/23/2012
Attackers Had Access for Months in South Carolina Data Breachthreatpost.com11/21/2012
Malware uses Google Docs as proxy to command and control serverwww.computerworld.com11/19/2012
Cybercriminals start spamvertising Xmas themed scams and malware campaignswww.zdnet.com11/9/2012
4 Long-Term Hacks That Rocked 2012www.darkreading.com11/8/2012
Social networking tops enterprise consumerization security concernswww.infosecurity-magazine.com11/8/2012
Requesting Sensitive Data Via Google Docs: Phishing Really is That Easythreatpost.com10/18/2012
Phishy Direct Messages Link to Fake Twitter Sign-in Pagethreatpost.com10/16/2012
Social Engineers Launch New Attack on Embattled Banksthreatpost.com10/5/2012
Middle East cyberattacks on Google users increasingnews.cnet.com10/3/2012
White House Confirms Spear-Phishing Attackwww.darkreading.com10/1/2012
Tool Scans for RTF Files Spreading Malware in Targeted Attacksthreatpost.com9/14/2012
Sleuths Trace New Zero-Day Attacks to Hackers Who Hit Googlewww.wired.com9/7/2012
Cybercriminals impersonate popular security vendors, serve malwarewww.zdnet.com8/29/2012
RSA: Phishing Attacks Net $687m to Date in 2012threatpost.com8/24/2012
Crisis malware targets virtual machineswww.zdnet.com8/22/2012
Phishing for Fanboys with Phony iPhone 5 Imagesthreatpost.com8/21/2012
Researcher finds serious SMS spoofing flaw on iOSwww.zdnet.com8/17/2012
Social engineering threat affects allwww.zdnet.com8/14/2012
Shylock malware injects rogue phone numbers in online banking websiteswww.computerworld.com8/8/2012
Amazon addresses security exploit after journalist hacknews.cnet.com8/7/2012
Criminals target firms with rogue emails from payroll services providerswww.computerworld.com8/6/2012
Attackers Go Phishing for Payroll Workers With Java CVE-2012-1723 Exploitthreatpost.com8/6/2012
How Apple let a hacker remotely wipe an iPhone, iPad, MacBookwww.zdnet.com8/5/2012
Warning: Fake Groupon e-mails include malwarewww.zdnet.com8/2/2012
Metropolitan Police ransomware pretender ensnares 1,100 computerswww.v3.co.uk8/1/2012
Mac Malware Spies On Email, Survives Rebootswww.informationweek.com7/30/2012
Twitter malware warning: It's you on photo? or It's about you?www.zdnet.com7/27/2012
Hackers pose as hacked software vendor to spread Zeus trojanwww.cso.com.au7/23/2012
Dropbox finds no intrusions, continues spam investigationwww.zdnet.com7/20/2012
Two Britons jailed for £1.5m phishing scamswww.v3.co.uk7/9/2012
Phisher Faces Up To 50 Years For Role In $1.5 Million Scamwww.darkreading.com7/2/2012
Feds recommend jail, fines for Scarlett Johansson hackerwww.scmagazine.com6/27/2012
Banks: Hackers more aggressive in attacking customer accountswww.computerworld.com6/14/2012
Man arrested for hacking into billing providerwww.h-online.com5/31/2012
No More Dot-Mil Accounts on Dating Siteswww.nextgov.com5/25/2012
Researchers intercept Tatanga malware bypassing SMS based transaction authorizationwww.zdnet.com5/24/2012
WHMCS Breach May Be Only Tip of the Troublekrebsonsecurity.com5/24/2012
Banking Trojan hijacks live chat to run real-time fraudwww.theregister.co.uk2/28/2012
Cyber thieves piggyback off Stratfor breach, target fedsgeopoliticalwww.nextgov.com2/15/2012
Hackers compromise TicketWeb email systemwww.zdnet.co.uk2/13/2012
Hungarian hacker gets 30 months for extortion plot on Marriottwww.computerworld.com2/3/2012
Trojan Targets Industry, Government With Fake Conference Invitationswww.eweek.com2/1/2012
Google, Microsoft Say DMARC Spec Stops Phishingwww.informationweek.com1/30/2012
Aggressive Phishing Attack Targets Military Personnelwww.informationweek.com12/28/2011
Student phishing scam: Two men remanded over fraudwww.bbc.co.uk12/10/2011
Zeus Criminals Launch DDoS Attacks to Hide Fraudulent Wire Transferswww.eweek.com12/1/2011
Foreign hackers targeted Canadian firmsnews.ca.msn.com11/30/2011
Justice Dept. cracks down on Cyber Monday scamswww.washingtonpost.com11/28/2011
Phishers net Norwegian secretswww.theregister.co.uk11/17/2011
DHS to set up policies for monitoring Twitter, Facebookwww.computerworld.com11/1/2011
Defense industry body target of cyber-attackwww.yomiuri.co.jp10/16/2011
White Papers
IBM X-Force 2013 Mid-Year Trend and Risk Reportwww14.software.ibm.com9/24/2013
Blue Coat Systems 2013 Mobile Malware Reportwww.bluecoat.com2/12/2013
2013 Threats Predictionswww.mcafee.com1/7/2013