Blog Posts Tagged with "Social Engineering"
Brad Smith: The Power of the Ultimate Social Engineer
February 11, 2012 Added by:Malgorzata Skora
While we often focus on how social engineering skills can be used to break into companies or otherwise obtain information that is supposed to be protected, Brad demonstrates the positive aspects of these skills, and shows how they can be put to good use...
Comments (1)
Tax Season Phishing Scams and Malware Campaigns
February 09, 2012 Added by:Headlines
Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign. These messages may appear to be from the IRS and ask users to submit personal information...
Comments (0)
Seventy-Five Million Unique Malware Samples in 2012
February 08, 2012 Added by:Robert Siciliano
Imagine your body being targeted by 75 million viruses. That is exactly what’s happening to your digital devices. Laptops, desktops, netbooks, notebooks, Macs, iPads, iPhones, BlackBerrys, Androids, and Symbian mobile phones are all being targeted...
Comments (0)
Legal Implications of Social Networking Part 3: Data Security
January 31, 2012 Added by:David Navetta
Technology exists for monitoring and tracking of social media usage by employees. Ultimately however, like social media itself, it comes down to people - risk can only be addressed appropriately if the individuals using social media are equipped to identify and mitigate against it...
Comments (0)
A Conversation with Richard Clarke – Part I
January 31, 2012 Added by:Fergal Glynn
Chris Wysopal and internationally-renowned cyber security expert Richard Clarke discuss the changing cyber threat environment, the evolving cyber legislation landscape, and steps you can take to strengthen your organization’s resilience...
Comments (0)
Email Intrusions Facilitate Wire Transfers Overseas
January 30, 2012 Added by:Headlines
The FBI has observed a trend in which cyber criminals are compromising the e-mail accounts of U.S. individuals and businesses and using variations of the legitimate e-mail addresses associated with the victim accounts to request and authorize overseas transactions...
Comments (0)
Social Engineering: Don't Talk to Strangers
January 29, 2012 Added by:Jim Palazzolo
Policy development must be constructed around conversations that will take place during an attack, and reinforced after the policy has been deployed. Re-training of individuals on security awareness will help to decrease the amount of risk involved in day-to-day operations...
Comments (0)
Beware the TypoSquatters
January 24, 2012 Added by:Theresa Payton
Cybercriminals go where the action is - they wait for websites to get popular and then register domain names based on popular mis-spellings. Once the typosquatter lures you to their site, they use all types of tricks to get you to give them your personal information...
Comments (0)
Social Engineering Toolkit – User Agent Switcher – setuas.sh
January 21, 2012 Added by:Kyle Young
What if I want to clone a website that is the mobile version? What if I want to clone a website that checks to see if end users are Microsoft Windows users? This is where the Social Engineering Toolkit User Agent Switcher (setuas.sh) is applicable...
Comments (0)
Security Beyond the Desktop
January 19, 2012 Added by:Robert Siciliano
The human link: There is an ever-widening disparity between the sophistication of networks and the people who use them. When direct attacks on an organization’s defenses fail, cybercriminals often use social engineering toolkits to exploit unsuspecting employees...
Comments (0)
ICS-CERT: Cogent DataHub Application Vulnerability
January 18, 2012 Added by:Headlines
A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...
Comments (0)
ICS-CERT: 7T IGSS Graphical SCADA System Vulnerability
January 17, 2012 Added by:Headlines
Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...
Comments (0)
Social Engineering: The Tainted PDF and a Sales Call
January 12, 2012 Added by:Scot Terban
Generally, people just aren’t thinking all that much when they get these calls. Sure, people should never be asking them for their passwords, but now this. Open this file would you? Tell me how many pages it has to verify that you got it, would you?
Comments (0)
Backtrack 5: Penetration Testing with Social Engineering Toolkit
January 11, 2012 Added by:Dan Dieterle
Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses anti-virus, firewalls and many intrusion detection systems?
Comments (0)
Facebook Attacks Feed Affiliate Marketing Scams
January 04, 2012 Added by:Headlines
"After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or self-XSS..."
Comments (0)
How Not to Recruit Spies Online and Off
December 21, 2011 Added by:Scot Terban
One must look at the range and breadth of companies and entities being broken in to by the likes of China to see that no one is exempt. Know the ins and outs of the technology as well as the spook landscape, especially if you work in infosec today, lest you become the next target...
Comments (2)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!