Social Engineering

(get it in RSS or Atom)

Anthem healthcare breach is smaller - and bigger - than first thought

There's good and bad news about Anthem's recent data breach.

The bad news includes the risk to between 8.8M and 18M non-customers who were in Anthem's database anyway...

Revenge-porn king Hunter Moore pleads guilty to identity theft, hacking

Revenge-porn king Hunter Moore pleads guilty to identity theft, hacking

Congratulations to the hundreds of victims and to Charlotte Laws: the extremely tenacious mother of one victim who wouldn't back down.

Psychological profile-based security - could it work?

Image of psychedelic background brain courtesy of Shutterstock.

Fujitsu's working on technology that can assign security countermeasures based on a user's psychological profile and risk tendencies - warning them ahead of time, before an attack can be carried out successfully.

People happily give away their (bad) passwords to TV reporter

Facepalm. Image courtesy of Shutterstock.

Say hello to the people in the street who show us how social engineering works. Hint: say you're from Jimmy Kimmel, sound interested, and ask about their pet!

Syrian Electronic Army uses Taboola ad to hack Reuters (again)

Syrian Electronic Army uses Taboola ad to hack Reuters (again)

Code dynamically inserted into Reuters web pages by content serving company, Taboola, appears to have been poisoned by the Syrian Electronic Army in order to redirect visitors to another page under the hackers' control. It highlights the need for websites to consider security in a broad context and to not rely solely on traditional server-based defenses.

Fake femme fatale dupes IT guys at US government agency

Femme Fatale

Some offered her jobs, asked her out to dinner, or offered to help her get network access and a laptop. In short, men who should know better flocked to "Emily", supposedly a 28-year-old MIT grad with 10 years of experience and fake social-media profiles to die for, like moths to the social engineering flame.

Security education cuts both ways - why marketers need retraining too

Security education cuts both ways - why marketers need retraining too

Legitimate businesses need to be more aware of the impact their emails have on the public - the marketers whose attempts at putting across their messages stray over the line into spamming, and the communications people whose irresponsible use of email risks undoing the good work of educators in training us to spot scams and cons.

Yahoo says unleashing people's old accounts will be fine, just fine

Yahoo says unleashing people's old accounts will be fine, just fine

It will be OK, the company says. We're not giving away your content or personal details, and we're sending bouncebacks for a month. Has that convinced critics? Unlikely.

"G'day, the Queen speaking" - socially engineering the Duchess of Cambridge's hospital

"G'day, the Queen speaking" - socially engineering the Duchess of Cambridge's hospital

Pranksters at a Sydney radio station called the Duchess of Cambridge's hospital in London, pretending to be Her Majesty the Queen and Prince Charles.

To their astonishment, their social engineering succeeded. How would your organisation fare?

SSCC 97 - Black Hat and DEF CON review, broken crypto, Frak, smart meters and hacking transit

Sophos Security Chet Chat

Peter Szabo from SophosLabs joins Chet to chat about 4 more talks from this year's Black Hat and DEF CON conferences. Topics include MS-CHAPv2, Frak, smart meters and hacking public transit.

Targeted emails exploit new Acrobat Reader vulnerability

Target was warned of payment system vulnerabilities before data breach

Attackers are taking advantage of the latest zero-day vulnerability in Adobe's Reader software sending malicious attachments to specific targets. Adobe promises a fix is coming by the week of December 12 at the latest and Reader X users are protected already.

Kevin Mitnick - ghost in the wires, or scourge of the internet?

mitnick-book-250

Duck has just finished reading Kevin Mitnick's autobiography, Ghost in the Wires.

He decided to review it for Naked Security.

Will you enjoy it? Should you buy it?

How hackers tried to break into my wife's 1&1 account - via the phone

How hackers tried to break into my wife's 1&1 account - via the phone

Sophos senior security engineer David Schwartzberg describes how scammers tried to break into his wife's online account at web-hosting firm 1&1 - via the telephone.

Fake iTunes receipt spam

Fake iTunes spam

A rather poorly crafted email campaign is making the rounds today. People around the world are receiving messages that appear to be iTunes receipts from Apple. On closer inspection however there are several oddities. The message arrives as an iTunes Read more…

Are signed files safer than others?

Default image

Mike Wood of SophosLabs Vancouver presented "Want my autograph? The use and abuse of digital signatures by malware" at the 2010 Virus Bulletin conference. Mike's talk was focused on the trust that people and technology put into certificates and how Read more…

MS Patch Tuesday, Adobe Vulns and Firefox 3.6.10 - Sept 2010

Image (1) tuesday250.jpg for post 3509

What a busy week! Aside from not having time to blog, there were a lot of stories about new vulnerabilities and patches for recent vulnerabilities. Microsoft, Adobe, and Mozilla all had news. Microsoft released nine patches addressing 14 vulnerabilities, four Read more…

Sophos Security Chet Chat 25 & 26

Sophos Security Chet Chat 25 & 26

Sophos Security Chet Chat episode 25 is now live in the Sophos podcast archive. Last week Michael Argast and I discussed this weeks social media news as well as Google's new adoption of OpenID with Yahoo! allowing federated login to Read more…

If I had a nickel for every Facebook scam. . .

Image (1) omgschool1-500.png for post 3495

I'd be rich! Not to have my blog turn into the 24/7 social-media-scam network, but another Facebook scam is on the loose. This one is called "OMG! Look What this Kid did to his School after being Expelled!" and follows Read more…