Blog Posts Tagged with "Social Engineering"
February 11, 2012 Added by:Malgorzata Skora
While we often focus on how social engineering skills can be used to break into companies or otherwise obtain information that is supposed to be protected, Brad demonstrates the positive aspects of these skills, and shows how they can be put to good use...
February 09, 2012 Added by:Headlines
Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign. These messages may appear to be from the IRS and ask users to submit personal information...
February 08, 2012 Added by:Robert Siciliano
Imagine your body being targeted by 75 million viruses. That is exactly what’s happening to your digital devices. Laptops, desktops, netbooks, notebooks, Macs, iPads, iPhones, BlackBerrys, Androids, and Symbian mobile phones are all being targeted...
January 31, 2012 Added by:David Navetta
Technology exists for monitoring and tracking of social media usage by employees. Ultimately however, like social media itself, it comes down to people - risk can only be addressed appropriately if the individuals using social media are equipped to identify and mitigate against it...
January 31, 2012 Added by:Fergal Glynn
Chris Wysopal and internationally-renowned cyber security expert Richard Clarke discuss the changing cyber threat environment, the evolving cyber legislation landscape, and steps you can take to strengthen your organization’s resilience...
January 30, 2012 Added by:Headlines
The FBI has observed a trend in which cyber criminals are compromising the e-mail accounts of U.S. individuals and businesses and using variations of the legitimate e-mail addresses associated with the victim accounts to request and authorize overseas transactions...
January 29, 2012 Added by:Jim Palazzolo
Policy development must be constructed around conversations that will take place during an attack, and reinforced after the policy has been deployed. Re-training of individuals on security awareness will help to decrease the amount of risk involved in day-to-day operations...
January 24, 2012 Added by:Theresa Payton
Cybercriminals go where the action is - they wait for websites to get popular and then register domain names based on popular mis-spellings. Once the typosquatter lures you to their site, they use all types of tricks to get you to give them your personal information...
January 21, 2012 Added by:Kyle Young
What if I want to clone a website that is the mobile version? What if I want to clone a website that checks to see if end users are Microsoft Windows users? This is where the Social Engineering Toolkit User Agent Switcher (setuas.sh) is applicable...
January 19, 2012 Added by:Robert Siciliano
The human link: There is an ever-widening disparity between the sophistication of networks and the people who use them. When direct attacks on an organization’s defenses fail, cybercriminals often use social engineering toolkits to exploit unsuspecting employees...
January 18, 2012 Added by:Headlines
A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...
January 17, 2012 Added by:Headlines
Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...
January 12, 2012 Added by:Scot Terban
Generally, people just aren’t thinking all that much when they get these calls. Sure, people should never be asking them for their passwords, but now this. Open this file would you? Tell me how many pages it has to verify that you got it, would you?
January 11, 2012 Added by:Dan Dieterle
Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses anti-virus, firewalls and many intrusion detection systems?
January 04, 2012 Added by:Headlines
"After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or self-XSS..."
December 21, 2011 Added by:Scot Terban
One must look at the range and breadth of companies and entities being broken in to by the likes of China to see that no one is exempt. Know the ins and outs of the technology as well as the spook landscape, especially if you work in infosec today, lest you become the next target...
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013