15.1 C
London
Saturday, August 19, 2017
Home Tags Social Engineering

Tag: Social Engineering

Simple business email compromise scams can con companies out of huge sums of money and don't require much hacking or even social engineering know-how.
From attacks on CEOs to "mom phishing," social engineering attacks are getting more targeted and sophisticated. KnowBe4's CEO Stu Sjouwerman explains how online security awareness training and phishing exercises can help educate and train employees to ...
Developers of Classic Ether Wallet said an attacker managed to hijack the domain for the wallet via social engineering late Thursday evening.
In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors.

As further research demonstrated, this was just part of a bigger story that began much earlier and is unlikely to end any time soon.
Malware gangs add mouse-hover downloads to their arsenal of social engineering tricks to infect PCs.
Ks Clean: Run and install: OK, OK or, er, OK? A malicious Android app that downloads itself from advertisements posted on forums strongly resists removal, security firm Zscaler warns.…

BSides Denver 2017

Everyone loves a decent security conference, and BSides Denver provides one with space to breathe.

Folks in sunny Colorado looking for a fine local gathering found talks on advanced social engineering, APT herding, securing smart cities and more.

Even thoughhellip; Read Full Article
I’m no world-class hacker/penetration tester, but I’ve been able to break into any organization I’ve been (legally) hired to do so in an hour or less, except for one place that took me three hours.

That was on my second engagement with the customer after it had implemented many of the protections I had recommended during my first visit.Hackers and pen testers typically have areas of specialization.
Some hack point-of-sale terminals, some hack web servers, some hack databases, and some specialize in social engineering. My own area has been focusing on computer security defense appliances—followed by hijacking elevated service/daemon accounts once I was in.

This combination allowed me to break into about 75 percent of my targets.
Sure, there were many other weaknesses, but this one was so prevalent I always went after it first.To read this article in full or to leave a comment, please click here
A potential threat from spoofing Google applications was cited in 2011.
Researchers said good social engineering and users’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday’s Google Docs phishing attacks would spread quickly.
Malicious hackers have outsize reputations.

They are über-geniuses who can guess any password in seconds, hack any system, and cause widespread havoc across multiple, unrelated networks with a single keystroke—or so Hollywood says.

Those of us who fight hackers every day know the good guys are usually far smarter. Hackers simply have to be persistent.Each year, a few hackers do something truly new.

But for the most part, hackers repeat the tried and true.
It doesn’t take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine.

The truly inspired work is that of security defenders, those who successfully hack the hackers.To read this article in full or to leave a comment, please click here
How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Using our own telemetry data and intelligence reports as well as publicly available information, we’ve looked at the top vulnerabilities and applications exploited by attackers.