Social Engineering

Social Engineering news, information, and how-to advice

candy strangers
stock exchange share prices on an electronic display board stock market wall street stock ticker bo

central station standing

Awareness training: How much is too much?

The goal of security awareness training is to help employees recognize and avoid security risks. The key, experts say, is to make them skeptical but not operate in a “constant state of distrust.”

rio 2016 olympics logo rowing

Russian spies blamed for WADA hack, leaked documents confirm drug exemptions

On Tuesday, a group calling itself Fancy Bear, and claiming association with Anonymous, said they've hacked the World Anti-Doping Agency, and offered drug-screening results as proof. Only, the leaked documents don't contain...

classroom training

Is your security awareness training program working?

The metrics to use to determine where to make improvements in security awareness training

spearfishing

New tech can help catch spearphishing attacks

Highly-targeted spearphishing attacks slip past spam and anti-virus filters, but new approaches that look for more subtle patterns can help reduce the threat

Phishing trends

What is phishing success?

A recent article asking the question to security professionals seemed to miss the mark, and raises more questions than it answers.

mark cuban

Mark Cuban's new app leaves messages in the dust, not the cloud

'Dust' enables people to send private, encrypted, self-destructing text messages.

04 insider threat

Combating insider threats faced by utilities

Today, grid operators face daily external threats from cyber hackers and criminals vandalizing or destroying company assets. While protections are in place to help prevent these external threats, utilities must realize that insiders...

voice of it

Voice technologies make waves in security

Advancements in voice technology could help law enforcement identify social engineers and other frauds and hoaxers

new york times building

Journalists are easy targets for hackers, and that shouldn't surprise anyone

Earlier today, the news broke that Russian intelligence is suspected of hacking journalists at the New York Times and other media outlets. The idea that intelligence agencies would target the media isn't at all surprising. But what...

phishing

How do you measure success when it comes to stopping Phishing attacks?

What's considered a win when it comes to Phishing? This question was posed to IT workers and non-executive types earlier this month, and everyone had a different opinion on the topic. The general feeling among defenders was that a...

free wifi

10 year-old teaches hackers a valuable lesson in privacy

Evan Robertson, age 10, took a science fair project and turned it into a valuable lesson in privacy earlier this month at rootz Asylum, a kids-only gathering at DEF CON where children can learn about security in a safe, encouraging...

071916blog welcome to las vegas sign

Salted Hash Rehashed: Vegas Adventures (Part II)

Welcome to this week's second installment of Rehashed. Today's post has a quick recap of the shenanigans that took place earlier this month in Las Vegas, along some updated information and additional insight that didn't appear in our...

social engineering hp
Q&A

How well does social engineering work? One test returned 150%

A conversation with a white hat hacker

old combine farming great depression dust bowl combine harvestor antique 000003220203

Mobile pharming – same attacks – different seeds

I recently wrote a blog on mobile phishing titled: Mobile phishing – same attacks – different hooks. There was so much feedback that I’ve decided to a write a few more posts around mobile security differences. Since I’ve already...

web app puzzle

5 more critical IT policies you should have in place

In this article we cover part 2 of 10 IT policies every organization should have.

video

Social engineering tricks and why CEO fraud emails work

At the Black Hat conference in Las Vegas, CSO’s Steve Ragan talks with Stephanie Carruthers, owner of Snow Offensive Security, about why business email compromise (aka CEO fraud) works so well against companies. She also discusses...

dead letter office

Researcher releases DNS Greylisting tool for Phishing defense

At the BSides Las Vegas conference on Wednesday, a hacker by the name of Munin, and his research partner Nik LaBelle, are releasing a tool and giving a talk on an interesting concept - DNS Greylisting. The idea isn't new, but how the...

mobile phishing

Mobile phishing – same attacks – different hooks

I spent the last two weeks talking with CISOs, application developers, mobility experts and IoT thought leaders like SRI’s Dr. Ulf Lindqvist. One thing was for certain – mobile is receiving a lot of attention from the...

Load More