Home Tags Social Engineering

Tag: Social Engineering

Classic Ether Wallet Compromised via Social Engineering

Developers of Classic Ether Wallet said an attacker managed to hijack the domain for the wallet via social engineering late Thursday evening.

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors.

As further research demonstrated, this was just part of a bigger story that began much earlier and is unlikely to end any time soon.

Microsoft Office malware: Banking trojan downloads if you hover over PowerPoint...

Malware gangs add mouse-hover downloads to their arsenal of social engineering tricks to infect PCs.

Pop-up Android adware uses social engineering to resist deletion

Ks Clean: Run and install: OK, OK or, er, OK? A malicious Android app that downloads itself from advertisements posted on forums strongly resists removal, security firm Zscaler warns.…

BSides Denver 2017

Everyone loves a decent security conference, and BSides Denver provides one with space to breathe.

Folks in sunny Colorado looking for a fine local gathering found talks on advanced social engineering, APT herding, securing smart cities and more.

Even thoughhellip; Read Full Article

Why your security appliance will be hacked

I’m no world-class hacker/penetration tester, but I’ve been able to break into any organization I’ve been (legally) hired to do so in an hour or less, except for one place that took me three hours.

That was on my second engagement with the customer after it had implemented many of the protections I had recommended during my first visit.Hackers and pen testers typically have areas of specialization.
Some hack point-of-sale terminals, some hack web servers, some hack databases, and some specialize in social engineering. My own area has been focusing on computer security defense appliances—followed by hijacking elevated service/daemon accounts once I was in.

This combination allowed me to break into about 75 percent of my targets.
Sure, there were many other weaknesses, but this one was so prevalent I always went after it first.To read this article in full or to leave a comment, please click here

Google phishing attack was foretold by researchers—and it may have used...

A potential threat from spoofing Google applications was cited in 2011.

1 Million Gmail Users Impacted by Google Docs Phishing Attack

Researchers said good social engineering and users’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday’s Google Docs phishing attacks would spread quickly.

Foiled! 15 tricks to hold off the hackers

Malicious hackers have outsize reputations.

They are über-geniuses who can guess any password in seconds, hack any system, and cause widespread havoc across multiple, unrelated networks with a single keystroke—or so Hollywood says.

Those of us who fight hackers every day know the good guys are usually far smarter. Hackers simply have to be persistent.Each year, a few hackers do something truly new.

But for the most part, hackers repeat the tried and true.
It doesn’t take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine.

The truly inspired work is that of security defenders, those who successfully hack the hackers.To read this article in full or to leave a comment, please click here

Exploits: how great is the threat?

How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Using our own telemetry data and intelligence reports as well as publicly available information, we’ve looked at the top vulnerabilities and applications exploited by attackers.

Latest Tax Scams Include Phishing Lures, Malware

Microsoft warns this year’s crop of tax scams use social engineering attacks based on fear to spread banking Trojans and collect personal info.

Vastly improve your IT security in 2 easy steps

It’s a rough number, but I’d wager that 99 percent of computer security risk in most organizations can be attributed to two root causes: social engineering and unpatched software. I’m not talking about pure numbers of success exploits, but overall impact. Many CISOs and threat intelligence analysts have told me that 100 percent of the biggest events at their company involved social engineering.

Certainly, bad breaks enter your environment through other means, which is why we still need to secure our servers, encrypt our disks, and prevent physical intrusions.

But in terms of the biggest impact, most organizations can tie those events to two root causes.To read this article in full or to leave a comment, please click here