Social engineering cyberattacks play on the mind, manipulating emotions and engaging in deception to get victims to give up passwords, financial data, and other valuable information. According to Verizon's 2022 Data Breach Investigations Report (DBIR), eight in 10 data breaches (82%) involve a human element. Alongside breaches caused by human error and malicious actions, this statistic also includes social engineering attacks.

The city government of Oakland has declared a state of emergency after it was hit by a ransomware attack. The attack, which began in the evening of February 8th, has forced the city to take all its IT systems offline, and has affected many non-emergency services, including the ability to collect payments, issue permits, and process reports.

Read also: Russian cybercriminal convicted in $90M hack-and-trade scheme, US and UK slap sanctions on 7 Russians tied to TrickBot cybercrime gang, and more.

JD Sports Sportswear Retailer have suffered a cyber attack that exposed the data of 10 million customers accessed by backers in the attack. The personal data which was exposed includes customer’s names, email addresses, contact details and passwords.

Search engines automatically create a business listing based on publicly available information, but they permit business owners to override this automatic listing by publishing their own. This listing may include business hours, slogan, geographical location, a website link, contact information, reviews, and images. Business owners are also permitted to respond to reviews. Recently, Sedara has seen incidents in which the attacker claims control over a business listing that they do not own.

The latest on ESXiArgs ransomware attacks, new QakNote attacks pushing QBot malware via Microsoft OneNote files, and Biden’s attention to data privacy in the State of the Union.

Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, In fact, the ‘as a Service’ offering has made its way into the cybercrime landscape. And cybercrime, for its part, has evolved beyond a nefarious hobby — today it’s a means of earning for cybercriminals.

A brute force attack is an attempt to reveal passwords and login credentials in order to gain access to network resources. These attacks are mainly done with the purpose of gaining unauthorized, and undetected access to compromise systems. Threat actors usually prefer this attack method since it is simple to carry out, and can cause significant damage. Once a person’s credentials are revealed, the attacker can log in, generally unnoticed.

Cybersecurity is an ever-present concern for businesses, particularly as the modern attack surface continuously expands and changes due to the shift to remote work in response to the COVID-19 pandemic, cloud adoption, and the growth of shadow IT, among other factors. Implementing the appropriate security control types for attack surface reduction is crucial for bolstering your company’s cybersecurity posture in the modern threat landscape.

When it comes to high profile cybercrime incidents, it’s the major tech vulnerabilities and sophisticated state-sponsored threat vectors that make the headlines. In reality, however, most of the cybercrime incidents exploit the human element as the weakest link in the cyberattack kill chain.