Blog, Risk, Security Awareness and Social Engineering

Concession in Social Engineering

Security Through Education

APRIL 23, 2024

Unknowingly, you have just succumbed to a technique we in social engineering refer to as “ concession.” What are ways we can be more aware of concession being used against us? These are “risk-free” concessions. Now imagine how powerful this would be when leveraged maliciously by a professional social engineer!

Social Engineering

Social Engineering Engineering Security Awareness Risk

Elevating Your Defenses with NetSPI’s Updated Social Engineering Solutions

NetSpi Executives

NOVEMBER 7, 2023

Although many companies are adding new processes, technologies, and training materials to combat this, employees continue to fall victim to phishing, vishing, and other forms of social engineering attacks. This delivers actionable results faster, enabling your team to mitigate vulnerabilities, reduce risk, and boost defenses.

Social Engineering

Social Engineering Engineering Phishing Security Awareness

GUEST ESSAY: Leveraging DevSecOps to quell cyber risks in a teeming threat landscape

The Last Watchdog

JANUARY 2, 2024

In today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks. Here are some of the key challenges that organizations encounter in their efforts to mitigate cyber risks in the current environment. Lack of security awareness and education.

Cyber Risk

Cyber Risk Risk Education Security Awareness

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Security awareness training: An educational asset you can’t be without

Webroot

JANUARY 19, 2022

Being aware is the first step towards protecting your business. Security awareness training (SAT) can help. What is Security Awareness Training? Security awareness training is a proven, knowledge-based approach to empowering employees to recognize and avoid security compromises while using business devices.

Security Awareness

Security Awareness Education Phishing Social Engineering

I Don’t Need a Badge – Lessons Learned from Physical Social Engineering

LRQA Nettitude Labs

MARCH 22, 2023

This article provides an introduction to covert entry assessments, and will address the many factors to consider when deciding on a pretext for physical social engineering. It also includes a story from a real engagement focusing on both the human side of physical security and how a common vulnerability can be exploited and remediated.

Social Engineering

Social Engineering Engineering Penetration Testing Security Awareness

How to Build Successful Security Awareness Training Programs in 2021 and Beyond

Webroot

DECEMBER 22, 2020

Security awareness training is one of the most straightforward ways to improve a business’ overall resilience against cyberattacks. To help you get started, here are our top 5 recommendations for starting your security awareness program so you can maximize the impact of your efforts. That is, when you get it just right.

Security Awareness

Security Awareness Social Engineering Phishing Engineering

ENISA 2023 Threat Landscape Report: Key Findings and Recommendations

Thales Cloud Protection & Licensing

DECEMBER 4, 2023

In this blog, we will summarize the key findings of the report and offer actionable recommendations to mitigate these threats. Attackers exploit the geopolitical environment and use AI-powered tools to create convincing deepfakes, disinformation campaigns, and social engineering attacks.

Social Engineering

Social Engineering Backups Manufacturing DDOS

Machine Identities, Human Identities, and the Risks They Pose

Security Boulevard

MAY 10, 2022

Machine Identities, Human Identities, and the Risks They Pose. Notwithstanding the risks discussed above, human identities still pose less of a concern than machine identities. They can do that by leveraging security awareness training to augment their familiarity with phishing attacks and other social engineering techniques.

Risk

Risk Phishing Digital transformation Social Engineering

Security Roundup August 2023

BH Consulting

AUGUST 16, 2023

This could include malware that antivirus and security solutions can’t detect; a secure internet connection to prevent tracing; initial access to victim companies’ networks or mailboxes (which is also key to many ransomware infections); effective social engineering content; fraudulent content hosting, and more.

Social Engineering

Social Engineering Cybercrime Data privacy Engineering

IDENTITY MANAGEMENT DAY 2023: Advice from Cyber Pros

CyberSecurity Insiders

APRIL 10, 2023

We spoke with our blog volunteers to get their insights into what best practices their companies are following, along with how you can get on a path to better identity management. Why is identity management and security important in 2023? “In Security awareness programs for all employees.

Identity Theft

Identity Theft Education Authentication Data breaches

Intro to phishing: simulating attacks to build resiliency

Security Affairs

APRIL 21, 2023

Original post at [link] While organizations must still account for flashy vulnerability exploitations, denial-of-service campaigns, or movie-themed cyber-heists, phishing-based social engineering attacks remain a perennial choice of cybercriminals when it comes to hacking their victims.

Phishing

Phishing Social Engineering Security Awareness Passwords

NIST and No-notice: Finding the Goldilocks zone for phishing simulation difficulty

Webroot

OCTOBER 19, 2021

Earlier this year, the National Institute for Standards and Technology (NIST) published updated recommendations for phishing simulations in security awareness training programs. For security awareness training to be successful, it has to be collaborative. Ready to establish your own successful security awareness training?

Phishing

Phishing Security Awareness Scams Social Engineering

GUEST ESSAY: 5 anti-phishing training tools that can reduce employees’ susceptibility to scams

The Last Watchdog

NOVEMBER 27, 2018

This is a platform for security awareness training and simulated phishing tests focusing on the problem of social-engineering. This is an online solution for conducting phishing simulations and making employees more cyber aware. A free test is provided for up-to 100 employees.

Phishing

Phishing Scams Social Engineering Education

Phish or Be Phished. That is the question!

Security Boulevard

SEPTEMBER 7, 2022

Even with some excellent advanced threat protection, do not risk exposure to your device. Phishing attacks often rely on social engineering techniques to trick users into revealing sensitive data. Social media sites like LinkedIn, Facebook, and Google+ are commonly exploited to access user accounts.

Phishing

Phishing Social Engineering Identity Theft Engineering

Staying a Step Ahead of the Hack

Webroot

DECEMBER 11, 2020

Hackers, never at a loss for creative deception, have engineered new tactics for exploiting the weakest links in the cybersecurity chain: ourselves! Social engineering and business email compromise (BEC) are two related cyberattack vectors that rely on human error to bypass the technology defenses businesses deploy to deter malware.

Hacking

Hacking Social Engineering Engineering Phishing

Cyber CEO – Cyber Hygiene is More Critical for Your Business Now Than Ever Before – Here’s Why

Herjavec Group

MAY 19, 2022

No matter how many firewalls or network controls you have in place, the risk of insider threat will always be present. So it should go without saying that enterprise security programs should be built with this in mind ! We pride ourselves on keeping enterprises around the world secure from the threat of cybercrime.

Penetration Testing

Penetration Testing Social Engineering Cybercrime InfoSec

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

SC Magazine

JANUARY 26, 2021

The scheme highlights the role and responsibility upper management plays in ensuring the security of their own company’s assets. are obviously the main targets of the threat actors that use the Office 365 V4 phishing kit,” the blog post concluded. “As Based on the data distribution, CEOs in the U.S.

Phishing

Phishing Passwords Security Awareness Social Engineering

QR Phishing. Fact or Fiction?

Pen Test Partners

FEBRUARY 14, 2024

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing (QR Code phishing) and how new AI powered email gateways can potentially block these attacks. Currently, most initial access attempts are carried out with social engineering, commonly phishing.

Phishing

Phishing Mobile Social Engineering Data breaches

North Korea Cyber Threat Group ‘Lazarus’ Targets M1 Mac with Signed Executables

Security Boulevard

AUGUST 23, 2022

To get to their targets, the attackers used social engineering via LinkedIn “hiding behind the ruse of attractive, but bogus, job offers,” ESET said, adding that it was likely part of the Lazarus campaign for Mac and is similar to research done by ESET in May. Code Signing Risks and Containers: What You Need to Know. UTM Medium.

Cyber threats

Cyber threats Social Engineering Banking Malware

Security Roundup November 2022

BH Consulting

NOVEMBER 9, 2022

In all, the agency grouped the main risks into eight categories: ransomware, malware, social engineering, threats against data, threats against availability, disinformation/misinformation, and supply chain targeting. Raising awareness about security awareness. Visit our website to find out more.

Social Engineering

Social Engineering Ransomware Password Management Engineering

Security Roundup May 2023

BH Consulting

MAY 23, 2023

Say it again, I double dare you Anyone familiar with phishing and social engineering will know scammers often use psychological tricks to get victims to divulge personal data. Repetition can lead people to over-disclose information, that could then put them at risk of identity theft and cybercrime.

Artificial Intelligence

Artificial Intelligence Identity Theft Social Engineering InfoSec

Penetration Testing: What is it?

NetSpi Executives

APRIL 27, 2024

A penetration testing service , also called a pentesting company , identifies vulnerabilities in IT systems that pose real-world risk to the client’s systems. Threat actors adapt to a given environment, so security testers need to adapt, too. The goal in this phase is to identify and validate exploitable entry points.

Penetration Testing

Penetration Testing Social Engineering Software Wireless

Hackers hit 10,000 mailboxes in phishing attacks on FedEx and DHL Express

SC Magazine

FEBRUARY 23, 2021

In a blog released by Armorblox, the researchers said one attack impersonates a FedEx online document share and the other pretends to share shipping details from DHL. The phishing pages were hosted on free services such as Quip and Google Firebase to trick security technologies and users into thinking the links were legitimate.

Phishing

Phishing Social Engineering Accountability Technology

Be Wary of Scammers in the Holiday Season

Security Through Education

DECEMBER 21, 2022

One instance to be careful of is when posting on social media. we could run the risk of being targeted by a malicious actor. Though these may be useful, they may be more of a security risk if they are not worded properly. Such actions put the security of a company at higher risk, more than the employee may realize.

Scams

Scams Phishing Social Engineering Risk

Hacker Personas Explained: Know Your Enemy and Protect Your Business

Webroot

FEBRUARY 11, 2021

As we mentioned in a previous blog , hackers come in many forms, but their methods can generally be classified into three distinct types of cybercriminals: The Impersonator – Hackers that pretend to be others, often using social engineering and human psychology to trick users. How Do Infiltrators Breach Systems?

Scams

Scams Phishing Firewall Social Engineering

Cyber Playbook: Ransomware 101

Herjavec Group

JULY 20, 2021

From the HG Playbook is a blog series where our diverse, specialized thought leaders will discuss all things cybersecurity. Enhance security awareness training for personnel and ensure a primary focus is on how to detect and report possible “phishing” attacks that could deliver different forms of malware including ransomware. .

Ransomware

Ransomware Malware Backups Insurance

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

FEBRUARY 28, 2021

As a business owner, you must be aware of the implications of different types of malware on your company’s bottom line, and what steps you can take to protect your company from future attacks. This article will walk you through the various types of malware, how to identify and prevent a malware attack, and how to mitigate the risks.

Cyber threats

Cyber threats Computers and Electronics Adware Spyware

Mapping CVEs and ATT&CK Framework TTPs: An Empirical Approach

NopSec

OCTOBER 11, 2022

This blog post focuses on how to create a bridge / correlation between CVE, CAPEC, CWE and ATT&CK vulnerability and attack taxonomies for the purpose of better understanding attack vectors and methods. Learn more about building a successful Vulnerability Risk Management Program directly from the experts.

Software

Software IoT Cyber Attacks Social Engineering

Doxing in the corporate sector

SecureList

MARCH 29, 2021

Confidential corporate information is no less sensitive than the personal data of an individual, and the sheer scale of financial and reputational risks from potential blackmail or disclosure of such information can have a colossal impact. More details about this incident can be found in the Twitter company blog.

Identity Theft

Identity Theft Phishing Accountability Banking

Cyber Security Informer

Concession in Social Engineering

Elevating Your Defenses with NetSPI’s Updated Social Engineering Solutions

Webinars

Trending Sources

GUEST ESSAY: Leveraging DevSecOps to quell cyber risks in a teeming threat landscape

Webinars

Security awareness training: An educational asset you can’t be without

I Don’t Need a Badge – Lessons Learned from Physical Social Engineering

How to Build Successful Security Awareness Training Programs in 2021 and Beyond

ENISA 2023 Threat Landscape Report: Key Findings and Recommendations

Machine Identities, Human Identities, and the Risks They Pose

Security Roundup August 2023

IDENTITY MANAGEMENT DAY 2023: Advice from Cyber Pros

Intro to phishing: simulating attacks to build resiliency

NIST and No-notice: Finding the Goldilocks zone for phishing simulation difficulty

GUEST ESSAY: 5 anti-phishing training tools that can reduce employees’ susceptibility to scams

Phish or Be Phished. That is the question!

Staying a Step Ahead of the Hack

Cyber CEO – Cyber Hygiene is More Critical for Your Business Now Than Ever Before – Here’s Why

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

QR Phishing. Fact or Fiction?

North Korea Cyber Threat Group ‘Lazarus’ Targets M1 Mac with Signed Executables

Security Roundup November 2022

Security Roundup May 2023

Penetration Testing: What is it?

Hackers hit 10,000 mailboxes in phishing attacks on FedEx and DHL Express

Be Wary of Scammers in the Holiday Season

Hacker Personas Explained: Know Your Enemy and Protect Your Business

Cyber Playbook: Ransomware 101

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

Mapping CVEs and ATT&CK Framework TTPs: An Empirical Approach

Doxing in the corporate sector

Stay Connected