Items Tagged with "Social Engineering"


37d5f81e2277051bc17116221040d51c

Security Beyond the Desktop

January 19, 2012 Added by:Robert Siciliano

The human link: There is an ever-widening disparity between the sophistication of networks and the people who use them. When direct attacks on an organization’s defenses fail, cybercriminals often use social engineering toolkits to exploit unsuspecting employees...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Cogent DataHub Application Vulnerability

January 18, 2012 Added by:Headlines

A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: 7T IGSS Graphical SCADA System Vulnerability

January 17, 2012 Added by:Headlines

Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Social Engineering: The Tainted PDF and a Sales Call

January 12, 2012 Added by:Infosec Island Admin

Generally, people just aren’t thinking all that much when they get these calls. Sure, people should never be asking them for their passwords, but now this. Open this file would you? Tell me how many pages it has to verify that you got it, would you?

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Backtrack 5: Penetration Testing with Social Engineering Toolkit

January 11, 2012 Added by:Dan Dieterle

Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses anti-virus, firewalls and many intrusion detection systems?

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Facebook Attacks Feed Affiliate Marketing Scams

January 04, 2012 Added by:Headlines

"After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or self-XSS..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

How Not to Recruit Spies Online and Off

December 21, 2011 Added by:Infosec Island Admin

One must look at the range and breadth of companies and entities being broken in to by the likes of China to see that no one is exempt. Know the ins and outs of the technology as well as the spook landscape, especially if you work in infosec today, lest you become the next target...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Symantec: Anatomy of a Nitro Cyber Attack

December 13, 2011 Added by:Headlines

"They are sending targets a password-protected archive... which contains a malicious executable. The executable is a variant of Poison IVY and the email topic is some form of upgrade to popular software, or a security update. The most recent email brazenly claims to be from Symantec..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

Human Security is Weaker than IT Security

December 06, 2011 Added by:Robert Siciliano

Information technologies have evolved to a level at which the developers, programmers, and security specialists all know what they’re doing, and are able to produce products and services that work and are reasonably secure. Of course, there’s always room for improvement...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

CERT Warns of Holiday Phishing and Malware Campaigns

December 06, 2011 Added by:Headlines

"US-CERT encourages users and administrators to use caution when encountering email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Top Ten Password Cracking Methods

December 05, 2011 Added by:Headlines

"A rainbow table is a list of pre-computed hashes - the numerical value of an encrypted password, used by most systems today - and that’s the hashes of all possible password combinations for any given hashing algorithm mind..."

Comments  (2)

Bd623fa766512fdf6b57db66f522b741

#EntSec -- Not Business Relevant

October 26, 2011 Added by:Ali-Reza Anghaie

Enterprise Security is Not Business Relevant. Now, that's quite the inflammatory statement but unless your business is security then it's true in practice today. Before the flaming begins let me start by saying I believe firmly it ~IS~ business critical but I want to make it actually relevant...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Are You Cyber Savvy?

October 25, 2011 Added by:Joel Harding

What really set him apart was Social Engineering combined with his hacking. He did his research, he would study, he would probe, and then he would do whatever it took to get a password, to get a free account, to get root access, to get into a facility and physically touch the system...

Comments  (0)

0356a83ecb15c8e33b00560d7bebe47f

Six Security Assessments You’ve Never Had But Should

October 24, 2011 Added by:Stephen Marchewitz

You probably are familiar with the classic security assessments: internal and external penetration testing, security risk assessments, and PCI gap assessments. Consider performing these six assessments at least once in your organization to combat the constantly looming hacker threat...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Operation Hackerazzi Leads to Intrusion Indictment

October 13, 2011 Added by:Headlines

A man accused of targeting the entertainment industry by hacking into the personal e-mail accounts of celebrities was arrested after being charged with accessing protected computers without authorization, damaging protected computers, wiretapping, and aggravated identity theft...

Comments  (0)

B09c361cbdc6cf629affdc7db30a186d

Friends, Foes and Faceless Denizens – The Real Social Network

September 14, 2011 Added by:Steven Fox, CISSP, QSA

The successful compromises of physical security on my social engineering engagements have been enabled by information gleaned from Facebook / MySpace pages. In these cases, my research allowed me to influence employee behavior to circumvent logical and physical access controls...

Comments  (0)

Page « < 4 - 5 - 6 - 7 - 8 > »