Posts tagged Social Engineering

2 min Microsoft

Microsoft Patch Tuesday - November 2011

November's Microsoft Patch Tuesday contains four bulletins: one “critical”, two “importants”, and one “moderate”. The majority of these bulletins relate to Microsoft's later versions of the OS, implying that the flaws they address were possibly introduced with Windows Vista. Generally more vulnerabilities are found in earlier versions of the OS, so this month is unusual. The critical bulletin – MS11-083 – is a TCP/IP based, specifically UDP, vulnerability which affects Vista, Windows 7, Server

2 min Microsoft

Zero-Day Attacks: Don't Believe the Hype

Microsoft Security Intelligence Report Volume 11 [] for the first half of 2011 offers solid evidence to support what security researchers have been shouting feverishly for the last year. This is just more data to confirm that zero-day attacks – while they can certainly cause damage – aren't needed for over 99% of actual attacks. The numbers also show that the top two attacks are user related. The top attack vector was attacks requiring user in

2 min Networking

A Security Lesson from Benjamin Franklin

"Believe none of what you hear and half of what you see." is my favorite Benjamin Franklin quote. Being an information security practitioner for over half of my 36 years has taught me that this saying is true time and time again. I dropped my wife and daughter off at a store this past weekend, while I stayed in the car trying to keep up with the football scores on a Sunday afternoon. I watched as a man walked out of the store and was interrupted by a male driver in a frantic state who was stopp

2 min Networking

Chinese agencies double cyber attacks on Germany

"Prost Neujahr!" That's what we say for "Happy New Year" in Germany, where I just spent a few days with my family to relax and get away from work. A futile attempt, since the Bundesamt für Verfassungsschutz (Federal Office for the Protection of the Constitution, or BfV for short) decided to publish new statistics about cyber attacks. (And, yes, Germans love long words.) According to the BfV's department for counter-espionage [

1 min Metasploit

Rapid7 scam busters: Using social engineering to train your users about phishing attacks

With the holidays approaching, many people are looking for gift ideas and deals. Holiday season is also hunting season for malicious hackers who send out gift idea and deal phishing emails. How do you protect your employees from divulging their personal and even corporate passwords to an attacker? It's hard to combat phishing with technology. Training employees to spot phishing scams is the most effective, but training is time intensive and may impact productivity. What if you could find a w

2 min Exploits

Sesame open: Auditing password security with Metasploit 3.5.1

Secret passwords don't only get you into Aladdin's cave or the tree house, but also into corporate networks and bank accounts. Yet, they are one of the weakest ways to protect access. Sure, there are better ways to secure access, such as smart cards or one-time password tokens, but these are still far from being deployed everywhere although the technology has matured considerably over the past years. Passwords are still the easiest way into a network. The new Metasploit version 3.5.1 adds a l