Blog Posts Tagged with "Social Engineering"
Why Effective Awareness Training Matters
August 12, 2012 Added by:Brent Hutfless
Training and education are key elements to securing data. The advances in detection and monitoring solutions have placed more capable tools in the security professional’s toolbox, but APT attacks have grown in sophistication and perseverance – often leading to successful attacks and subsequent data loss...
Comments (0)
Yourikan Claims Ninety-One Iranian Websites Hacked
August 07, 2012 Added by:Headlines
Pro-Israeli hacker Yourikan (you-r!-k@n) is claiming to have hacked and defaced as many as ninety-one Iranian websites including government, education and business targets in protest of Iran's continued pursuit of nuclear weapons and support for terrorist activities targeting Israel...
Comments (0)
On Security Awareness Training
August 05, 2012 Added by:PCI Guru
Security awareness training has its place, but it is not a silver bullet. The world is full of risks and a security professional’s job is to minimize those risks and manage the remaining residual risk. This is why security is done in layers, so that when people make that mistake you minimize the impact...
Comments (0)
Facebook, the Poisoned Network: 83 Million Questionable Profiles
August 03, 2012 Added by:Pierluigi Paganini
There are bots creating a significant number of fake profiles, which are managed by machines capable of interacting with each other and with real users, thus changing the "sentiment" and "conversation" on a large-scale, as well as altering the social graph to preclude meaningful correlations of data...
Comments (2)
Cyber Criminals Prey on Worried Parents
August 02, 2012 Added by:Theresa Payton
Cyberthieves are trolling the internet for information and with a convincing phone call trying to trick parents out of thousands of dollars. It sounds like this scam would be easy to spot but it’s so scary, so emotional, and happens so often even Western Union employees are trained to ask questions...
Comments (0)
Mahdi Campaign and Cyber Espionage in the Middle East
July 19, 2012 Added by:Pierluigi Paganini
The Mahdi attack is based on two well known techniques used to deliver malicious payloads, and the huge quantity of data collected reveals the real targets of the operation are government agencies, critical infrastructure engineering firms and financial houses...
Comments (0)
AttacksTargeting Activists Uses Blackshades Trojan
July 16, 2012 Added by:Electronic Frontier Foundation
A new campaign using Blackshades Remote Controller has been discovered via a message sent from a compromised Skype account. This malware gives an attacker the ability to execute arbitrary code on the infected computer. There is no guarantee that the attacker has not installed additional malicious software...
Comments (0)
Harvesting Credentials with the Social Engineering Toolkit
July 09, 2012 Added by:Dan Dieterle
The Social Engineering Toolkit included with Backtrack 5 is a great way for penetration testers to see how well their network and users would stand up to Social Engineering attacks. In this tutorial I will demonstrate how SET can be used to set up a realistic looking website to harvest e-mail usernames and passwords...
Comments (1)
Georgia Man Convicted for Role in Phishing Operation
July 03, 2012 Added by:Headlines
Osarhieme Uyi Obaygbona, 32, of Atlanta, Georgia, was convicted last week of conspiracy to commit wire fraud, conspiracy to commit identity theft, and conspiracy to gain unauthorized access to protected computers. Phishing attacks use fraudulent web pages that mimic the legitimate web pages...
Comments (0)
How Fast Can Your Password Be Cracked? Instantly...
July 02, 2012 Added by:f8lerror
Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...
Comments (0)
Request for Information: Social Engineering Using Social Media
June 25, 2012 Added by:Joel Harding
We’ve been saying for years that the human element is the weakest link in cybersecurity. Kevin Mitnick (out of prison now and doing well) was an extremely talented hacker but what set him apart was his research into potential victims and then having the audacity to social engineer them...
Comments (1)
Mobiles and Phishing – Why They're More Dangerous
June 14, 2012 Added by:Robert Siciliano
SMiShing is a version of phishing in which scammers send text messages. The best protection from this scam is awareness. Once you understand how it works, you are better positioned to recognize mobile phishing, and how to avoid clicking links within emails or text messages and otherwise responding to such ruses...
Comments (0)
Analysis of Passwords Dumped from LinkedIn
June 11, 2012 Added by:Dan Dieterle
People put a lot of personal information on LinkedIn - their education and job experience, along with the groups that they belong to - treasure trove of information to Social Engineers. Of all the online social sites, LinkedIn users should really choose a long complex password to secure their account...
Comments (0)
LinkedIn Breach Part II: What You Need to Prepare for Next
June 09, 2012 Added by:Jason Clark
The LinkedIn breach made headlines, but I want to go deeper and provide practical advice for organizations on how they can anticipate DLP consequences and tighten network security. You need a strategy to protect against attack scenarios. Here’s a seven-step check list for mitigating your risk...
Comments (4)
How and Why to Alert Your Employees of the LinkedIn Breach
June 07, 2012 Added by:Jason Clark
Cyber security teams should send out an employee alert explaining why LinkedIn passwords need to be changed and best practices for doing so. You may not have direct IT control over individual LinkedIn accounts, but your communication may alleviate social engineering attacks on employees and your network...
Comments (0)
Should You Be Worried About the LinkedIn Breach?
June 06, 2012 Added by:Kelly Colgan
People who rely on LinkedIn for professional networking keep a wealth of information stored on their profile pages. With news of a possible data breach exposing 6.5 million user passwords, LinkedIn users need to take steps to protect their personal data. Here are five tips we recommend you follow...
Comments (3)
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers