Home Tags Social Engineering

Tag: Social Engineering

BSides Denver 2017

Everyone loves a decent security conference, and BSides Denver provides one with space to breathe.

Folks in sunny Colorado looking for a fine local gathering found talks on advanced social engineering, APT herding, securing smart cities and more.

Even thoughhellip; Read Full Article

Why your security appliance will be hacked

I’m no world-class hacker/penetration tester, but I’ve been able to break into any organization I’ve been (legally) hired to do so in an hour or less, except for one place that took me three hours.

That was on my second engagement with the customer after it had implemented many of the protections I had recommended during my first visit.Hackers and pen testers typically have areas of specialization.
Some hack point-of-sale terminals, some hack web servers, some hack databases, and some specialize in social engineering. My own area has been focusing on computer security defense appliances—followed by hijacking elevated service/daemon accounts once I was in.

This combination allowed me to break into about 75 percent of my targets.
Sure, there were many other weaknesses, but this one was so prevalent I always went after it first.To read this article in full or to leave a comment, please click here

Google phishing attack was foretold by researchers—and it may have used...

A potential threat from spoofing Google applications was cited in 2011.

1 Million Gmail Users Impacted by Google Docs Phishing Attack

Researchers said good social engineering and users’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday’s Google Docs phishing attacks would spread quickly.

Foiled! 15 tricks to hold off the hackers

Malicious hackers have outsize reputations.

They are über-geniuses who can guess any password in seconds, hack any system, and cause widespread havoc across multiple, unrelated networks with a single keystroke—or so Hollywood says.

Those of us who fight hackers every day know the good guys are usually far smarter. Hackers simply have to be persistent.Each year, a few hackers do something truly new.

But for the most part, hackers repeat the tried and true.
It doesn’t take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine.

The truly inspired work is that of security defenders, those who successfully hack the hackers.To read this article in full or to leave a comment, please click here

Exploits: how great is the threat?

How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Using our own telemetry data and intelligence reports as well as publicly available information, we’ve looked at the top vulnerabilities and applications exploited by attackers.

Latest Tax Scams Include Phishing Lures, Malware

Microsoft warns this year’s crop of tax scams use social engineering attacks based on fear to spread banking Trojans and collect personal info.

Vastly improve your IT security in 2 easy steps

It’s a rough number, but I’d wager that 99 percent of computer security risk in most organizations can be attributed to two root causes: social engineering and unpatched software. I’m not talking about pure numbers of success exploits, but overall impact. Many CISOs and threat intelligence analysts have told me that 100 percent of the biggest events at their company involved social engineering.

Certainly, bad breaks enter your environment through other means, which is why we still need to secure our servers, encrypt our disks, and prevent physical intrusions.

But in terms of the biggest impact, most organizations can tie those events to two root causes.To read this article in full or to leave a comment, please click here

6 of the most effective social engineering techniques

Social engineering is the strongest method of attack against the enterprise’s weakest vulnerability, its people.

Criminal hackers recognize this fact.
In 2015, social engineering became the No. 1 method of attack, according to Proofpoint’s 2016 Human Factor Report.To read this article in full or to leave a comment, please click here(Insider Story)

How did Yahoo get breached? Employee got spear phished, FBI suggests

Unwitting sysadmin or other employee was conned out of credentials, FBI theorizes.

A five star review and the ads go away: How trojan...

Social engineering is in order to trick victims into giving trojan apps a five star rating on Google's official App Store.

A five-star review and the ads go away: How trojan Android...

Social engineering tricks victims into giving trojan apps a five-star rating on Google's official App Store.