Slack App Leaked Hashed User Passwords for 5 YEARS

Richi Jennings | August 8, 2022 | api, I’m willing to bet someone JSON.stringify’d the entire user object without realizing the password hash is in there, Password, Salesforce, SB Blogwatch, slack, slack technologies, Slack Vulnerability

Since 2017, if you’ve invited anyone to a Slack workspace, your password has leaked. How could this have happened? ...

Security Boulevard

US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW

Richi Jennings | August 5, 2022 | Anyone for a hack that leads to an end-of-the-world warning that sends the population into a savage, DHS, Digital Alert Systems, Emergency Alert System, fcc, FEMA, IPAWS, Monroe Electronics, murderous frenzy?, SB Blogwatch

The Emergency Alert System run by FEMA and the FCC is vulnerable to hacking. This is NOT a test. All will be revealed next week at DEF CON 30 ...

Security Boulevard

Impersonation Scams: Social Engineering News

Social-Engineer | August 4, 2022 | General, Impersonation scams, Protect Yourself, scam artists, security awareness training, Security Training,

At Social-Engineer, we define impersonation as the “practice of pretexting as another person with the goal of obtaining information or […] ...

Social-Engineer, LLC

An illustration of a red team fake attacker ranking above two blue team members on a medal stand to illustrate the idea of red teams outperforming blue teams in most simulated attacks

What Is a Red Team? 5 Tips for Safe Red Teaming

Isla Sibanda | August 3, 2022 | Beyond Hashed Out, Hashing Out Cyber Security, Red Team

It’s tough to figure out which vulnerabilities exist within your organization that criminals can exploit. But what if you hired a team of faux cybercriminals to detect the trouble areas... The post ...

Hashed Out by The SSL Store™

Social Media: How to Keep Yourself Safe

Social-Engineer | August 3, 2022 | Cybersecurity, Information Security, , OSINT, security professionals, ,

Human beings are social animals. We like to stay connected with friends, family and even workmates via social media. It […] ...

Security Through Education

FAIL: Nomad DeFi Bridge ‘Loses’ $190M of Worthless Tokens

Richi Jennings | August 2, 2022 | API exploit, blockchain, Crypto, cryptocurrencies, cryptocurrency, cryptocurrency exchange, DeFi, Ethereum, imaginary money, Moonbeam, Nomad, One step closer to ridding the world of web3 nonsense, Ponzi scheme, SB Blogwatch, smart contracts, Web3

Cryptocurrency startup Nomad claimed its “optimistic bridging” protocol would “would keep users’ funds safe.” We take a closer look ...

Security Boulevard

APT29 ransomware NATO Barracuda Networks ATO Attacks

APT29 Leverages Google Drive, Dropbox to Evade Detection

Teri Robinson | August 2, 2022 | APT29, Cosy Bear, cyberattack, Malware, Russia

Call them Cozy Bear or APT29 or Nobelium or, as Palo Alto Networks’ Unit 42 does, Cloaked Ursa—no matter what name they go by, Russia’s Intelligence Service is still at it, this ...

Security Boulevard

Solved: Subzero Spyware Secret — Austrian Firm Fingered

Richi Jennings | July 29, 2022 | DSIRF, Jan Marsalek, Knotweed, Microsoft, RiskIQ, Russia, SB Blogwatch, spyware, Subzero, Wirecard

DSIRF GmbH codenamed ‘Knotweed’ by Microsoft and RiskIQ ...

Security Boulevard

Google ‘Delays Making Less Money’ — Third-Party Cookie Ban on Hold

Richi Jennings | July 28, 2022 | Chrome, cookies, FLoC, google, Might as well read “Google delays making less money”, Privacy, Privacy Sandbox, SB Blogwatch, Topics, tracking cookies

Google’s plan to kill third party cookies is delayed—yet again. And it’s probably not surprising ...

Security Boulevard

DE:CODED – Testing like hackers

“When it’s not a pay-to-play test that’s behind the curtain…” Show notes for series 2, episode 3 What does it mean to test like a hacker? Can a well-intentioned tester behave the ...

SE Labs Blog

Social Engineering

Social Engineering

Slack App Leaked Hashed User Passwords for 5 YEARS

US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW

FAIL: Nomad DeFi Bridge ‘Loses’ $190M of Worthless Tokens

Slack App Leaked Hashed User Passwords for 5 YEARS

US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW

Impersonation Scams: Social Engineering News

What Is a Red Team? 5 Tips for Safe Red Teaming

Social Media: How to Keep Yourself Safe

FAIL: Nomad DeFi Bridge ‘Loses’ $190M of Worthless Tokens

APT29 Leverages Google Drive, Dropbox to Evade Detection

Solved: Subzero Spyware Secret — Austrian Firm Fingered

Google ‘Delays Making Less Money’ — Third-Party Cookie Ban on Hold

DE:CODED – Testing like hackers

4 Ways to Avoid the Next Colonial Pipeline Cyberattack

Malware Families Love Telegram, Discord as Much as Users

Twilio smished – SMS is the new achilles heel

Why is device protection for kids valuable?

Android Application Hacking