Blog Posts Tagged with "spear-phishing"
Chinese cyber attack against the White House
October 02, 2012 Added by:Pierluigi Paganini
The news is circulating on the internet creating great concern once again that Chinese hackers have hit the infrastructure of a foreign state, and once again we are speaking of cyber espionage, but this time they were able to access the White House Military Office...
Comments (2)
FireEye Advanced Threat Report: The Inadequacy of Defenses
September 12, 2012 Added by:Pierluigi Paganini
The security firm FireEye has released an interesting report that provides an overview of the current threat landscape, evolving malware, advanced persistent threat (APT) tactics, and the level of infiltration seen in organizations’ networks today. The report presents an alarming scenario ...
Comments (0)
Cyberheists: Biggest Threat Facing American Businesses
August 28, 2012 Added by:Ben Rothke
It is no myth that there is plenty of money and digital assets on networks worldwide. Those that want to secure those assets need to safeguard them. This book is written specifically for smaller to medium size businesses that often lack the staff and budget necessary to ensure effective information security...
Comments (0)
Mahdi Trojan Employed in Middle Eastern Cyber Espionage
July 18, 2012 Added by:Headlines
"It is still unclear whether this is a state-sponsored attack or not. The targeted organizations seem to be spread between members of the attacking group by giving each victim machine a specific prefix name, meaning that this operation might require a large investment and financial backing..."
Comments (0)
Harvesting Credentials with the Social Engineering Toolkit
July 09, 2012 Added by:Dan Dieterle
The Social Engineering Toolkit included with Backtrack 5 is a great way for penetration testers to see how well their network and users would stand up to Social Engineering attacks. In this tutorial I will demonstrate how SET can be used to set up a realistic looking website to harvest e-mail usernames and passwords...
Comments (1)
Google's Worst Security Idea Ever
June 06, 2012 Added by:Jeffrey Carr
Google announced that it will notify a subset of its Gmail customers if they're the victim of a State-sponsored attack. Google's advice is FUD-inducing for people who aren't targets and insufficient for those who are. I have to wonder what Google was thinking when it created this awful program...
Comments (0)
US Gas Pipeline Companies Under Major Cyber Attack
May 07, 2012 Added by:Headlines
“Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source. It goes on to broadly describe a sophisticated 'spear-phishing' campaign..."
Comments (0)
Nine Tips for CSOs to Get a Fresh Start this Spring
April 13, 2012 Added by:Jason Clark
With everything in the threat landscape changing so frequently, it’s important to reassess your current status and plan for the coming year, whenever we can come up for air. So, I came up with the following nine tips to help you get a fresh start this spring...
Comments (1)
Disclosures: How Much Sharing is Too Much?
February 15, 2012 Added by:Jack Daniel
What is the point of telling you I was compromised by spear phishing, SQL injection, cross site scripting, cross site request forgery, default credentials, or anything else we’ve know about for years? If you are ignoring all of the well-known risks, it is a waste of time...
Comments (0)
MSUpdater Trojan Smuggles Data as Windows Update Traffic
February 01, 2012 Added by:Headlines
"We don't have information about the people behind those attacks, however as all of them are targeting government-related organizations, it is highly reasonable to suspect that the attackers are high profile, maybe even a country..."
Comments (0)
Symantec: Chinese Connection to Attacks on Defense Contractors
January 27, 2012 Added by:Headlines
The data Symantec published reinforces evidence from an earlier investigation conducted by AlienVault, which described an orchestrated sprear-phishing campaign most likely targeting information on US drone technology which utilized malware-infected PDF documents to deliver the Sykipot payload...
Comments (0)
Federal Agencies Tap Online Trust Alliance for Training
November 17, 2011 Added by:Headlines
“Authentication is the front line defense... This program, supported by the White House, will help stem the tide of malicious and deceptive email. This is a great example of the public and private sector working together to increase end-to-end trust of our nation’s critical infrastructure..."
Comments (0)
Steam Attack Puts Users at Risk of Spear Phishing
November 15, 2011 Added by:Josh Shaul
A good implementation of salting before hashing can yield very secure results – however weak implementations that used fixed salt are not all that unusual, and those are quite easy to break. The stored credit card numbers were encrypted. It’s likely that these will be difficult to extract...
Comments (0)
Are You Cyber Savvy?
October 25, 2011 Added by:Joel Harding
What really set him apart was Social Engineering combined with his hacking. He did his research, he would study, he would probe, and then he would do whatever it took to get a password, to get a free account, to get root access, to get into a facility and physically touch the system...
Comments (0)
Email Authentication Rates Rise in 2011
October 05, 2011 Added by:Headlines
“The increased incidents of spear phishing targeting consumers, business and government users have accelerated the business value of email authentication. Organizations who fail to adopt are putting their employees, data and consumers at an unacceptable level of risk..."
Comments (0)
Spear-Phishing Operation Targets Senior US Officials
August 16, 2011 Added by:Headlines
"Victims get a message from an address of a close associate or a collaborating organization/agency, which is spoofed. The message is crafted to look like a subscription form offering to enter Gmail credentials to activate it..."
Comments (0)
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform