Social Engineering information, news, and how-to advice

Salted Hash- Top security newsBy Steve Ragan

Salted Hash – SC 02: What a TSB phishing attack looks like

In April, TSB (a retail and commercial bank in the UK) announced they would shutdown some systems for an IT upgrade. However, the upgrade was a disaster, and over a month later customers are still having problems. As a result,...

video

TSB phishing attacks | Salted Hash Ep 33

TSB customers in the U.K. were already frustrated by the bank's technical problems, but now the situation has gotten worse as criminals take advantage of the chaos. Host Steve Ragan looks at recent TSB phishing attacks and the kit...

Zero Trust ZoneBy Jeff Capone
IDG Contributor Network

The impact of human behavior on security

People should be the last thing in charge of cybersecurity. Remove people and add transparency and automation for true protection.

The Trusted and Valued Insider (Threat)By Christopher Burgess

Chinese citizen tries to steal advanced robotic technology IP

Medrobotics' CEO caught Dong Liu in the company's conference room attempting to steal advanced robotic intellectual property.

Salted Hash- Top security newsBy Steve Ragan

Salted Hash - SC 01: What an Apple phishing attack looks like

Today on Salted Hash, we’re going to look at a phishing attack from two sides. The first side will be what the victim sees. After that, we're going to see what the criminal sees. We'll also discuss some steps administrators can take...

video

What an Apple phishing attack looks like | Salted Hash Ep 32

How can you tell the difference between a legitimate email and a phishing attack? Host Steve Ragan shows what an Apple phishing attack looks like, screen by screen, showing the difference between the real and the fake.

Feature

Security Smart, Winter 2018

From the editors of CSO, Security Smart is a quarterly newsletter ready for distribution in your organization. We combine personal device and home safety tips with organizational security awareness, making security training relevant,...

Privacy and Security FanaticBy Ms. Smith

Tech support scams are on the rise, up 24%, warns Microsoft

Social engineering attacks like the Microsoft tech support scams still work. Fake cold calls, fake messages on websites, and malicious emails continue to trick victims.

Salted Hash- Top security newsBy Steve Ragan

Social engineering: It's time to patch the human

Is there a patch for human stupidity? If you believe the common saying, there isn't. However, Jayson E. Street says there is, and it's time companies started patching their humans. The truth is, technology alone isn't going to save...

The Trusted and Valued Insider (Threat)By Christopher Burgess

Iran's need to steal intellectual property

The indictment of nine Iranians by the DOJ is one in a long string of incursions by Iran to compromise trusted insiders and steal intellectual property.

Salted Hash- Top security newsBy Steve Ragan

Salted Hash Ep 21: Scammers targeting Office 365 and DocuSign

Welcome back! Salted Hash is gearing up to shoot our next season, as well as other segments in April during the RSA Conference, but this week we're going to chat with Asaf Cidon, vice president of email security services at Barracuda....

video

Scammers spoof Office 365, DocuSign and others | Salted Hash Ep 21

As phishing attacks evolve, hackers are using customization and targeted scams to ensnare users. Asaf Cidon, vice president, email security services at Barracuda, talks with host Steve Ragan about the ever-changing cat-and-mouse game...

Salted Hash- Top security newsBy Steve Ragan

North Korea hacking group is expanding operations, researchers say

A group of hackers from North Korea (DPRK), recently connected to the usage of an Adobe Flash zero-day vulnerability (CVE-2018-4878), has expanded its operations in both scope and sophistication, FireEye says.

News Analysis

The two most important ways to defend against security threats

Patching and security training programs will thwart attacks more effectively than anything else. You're already doing them. Here's how to do them better.

Speed to ResolutionBy John J. Irvine
IDG Contributor Network

Train your employees — before someone else does

Slashing overhead often means cutting training budgets, but unintended side effects often include employee attrition, poor performance, or even breach of your organization and loss of intellectual property.

The Trusted and Valued Insider (Threat)By Christopher Burgess

Espionage: Germany unmasks fake Chinese LinkedIn profiles

Germany's BfV says Chinese intelligence services targeted more than 10,000 German citizens in a massive social engineering effort that included LinkedIn.

Privacy and Security FanaticBy Ms. Smith

Over 1 million monthly spam emails spreading new Adwind RAT variants

The newly repackaged Adwind remote access Trojan can monitor user activity, log keystrokes, take screenshots, download malicious files, and record video and audio.

Review

Salted Hash – SC 02: What a TSB phishing attack looks like

In April, TSB (a retail and commercial bank in the UK) announced they would shutdown some systems for an IT upgrade. However, the upgrade was a disaster, and over a month later customers are still having problems. As a result,...

TSB phishing attacks | Salted Hash Ep 33

TSB customers in the U.K. were already frustrated by the bank's technical problems, but now the situation has gotten worse as criminals take advantage of the chaos. Host Steve Ragan looks at recent TSB phishing attacks and the kit...

The impact of human behavior on security

People should be the last thing in charge of cybersecurity. Remove people and add transparency and automation for true protection.

Chinese citizen tries to steal advanced robotic technology IP

Medrobotics' CEO caught Dong Liu in the company's conference room attempting to steal advanced robotic intellectual property.

Salted Hash - SC 01: What an Apple phishing attack looks like

Today on Salted Hash, we’re going to look at a phishing attack from two sides. The first side will be what the victim sees. After that, we're going to see what the criminal sees. We'll also discuss some steps administrators can take...

What an Apple phishing attack looks like | Salted Hash Ep 32

How can you tell the difference between a legitimate email and a phishing attack? Host Steve Ragan shows what an Apple phishing attack looks like, screen by screen, showing the difference between the real and the fake.

Security Smart, Winter 2018

From the editors of CSO, Security Smart is a quarterly newsletter ready for distribution in your organization. We combine personal device and home safety tips with organizational security awareness, making security training relevant,...

Tech support scams are on the rise, up 24%, warns Microsoft

Social engineering attacks like the Microsoft tech support scams still work. Fake cold calls, fake messages on websites, and malicious emails continue to trick victims.

Social engineering: It's time to patch the human

Is there a patch for human stupidity? If you believe the common saying, there isn't. However, Jayson E. Street says there is, and it's time companies started patching their humans. The truth is, technology alone isn't going to save...

Iran's need to steal intellectual property

The indictment of nine Iranians by the DOJ is one in a long string of incursions by Iran to compromise trusted insiders and steal intellectual property.

Salted Hash Ep 21: Scammers targeting Office 365 and DocuSign

Welcome back! Salted Hash is gearing up to shoot our next season, as well as other segments in April during the RSA Conference, but this week we're going to chat with Asaf Cidon, vice president of email security services at Barracuda....

Scammers spoof Office 365, DocuSign and others | Salted Hash Ep 21

As phishing attacks evolve, hackers are using customization and targeted scams to ensnare users. Asaf Cidon, vice president, email security services at Barracuda, talks with host Steve Ragan about the ever-changing cat-and-mouse game...

North Korea hacking group is expanding operations, researchers say

A group of hackers from North Korea (DPRK), recently connected to the usage of an Adobe Flash zero-day vulnerability (CVE-2018-4878), has expanded its operations in both scope and sophistication, FireEye says.

The two most important ways to defend against security threats

Patching and security training programs will thwart attacks more effectively than anything else. You're already doing them. Here's how to do them better.

Train your employees — before someone else does

Slashing overhead often means cutting training budgets, but unintended side effects often include employee attrition, poor performance, or even breach of your organization and loss of intellectual property.

Espionage: Germany unmasks fake Chinese LinkedIn profiles

Germany's BfV says Chinese intelligence services targeted more than 10,000 German citizens in a massive social engineering effort that included LinkedIn.

Over 1 million monthly spam emails spreading new Adwind RAT variants

The newly repackaged Adwind remote access Trojan can monitor user activity, log keystrokes, take screenshots, download malicious files, and record video and audio.

GreatHorn detects the most carefully planned email attacks

Its ability to unmask phishing and social engineering attacks based on context truly sets it apart.