Social Engineering

Slack App Leaked Hashed User Passwords for 5 YEARS
Richi Jennings | | api, I’m willing to bet someone JSON.stringify’d the entire user object without realizing the password hash is in there, Password, Salesforce, SB Blogwatch, slack, slack technologies, Slack Vulnerability
Since 2017, if you’ve invited anyone to a Slack workspace, your password has leaked. How could this have happened? ...
Security Boulevard

US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW
Richi Jennings | | Anyone for a hack that leads to an end-of-the-world warning that sends the population into a savage, DHS, Digital Alert Systems, Emergency Alert System, fcc, FEMA, IPAWS, Monroe Electronics, murderous frenzy?, SB Blogwatch
The Emergency Alert System run by FEMA and the FCC is vulnerable to hacking. This is NOT a test. All will be revealed next week at DEF CON 30 ...
Security Boulevard

Impersonation Scams: Social Engineering News
Social-Engineer | | General, Impersonation scams, Protect Yourself, scam artists, security awareness training, Security Training, social engineering
At Social-Engineer, we define impersonation as the “practice of pretexting as another person with the goal of obtaining information or […] ...

What Is a Red Team? 5 Tips for Safe Red Teaming
It’s tough to figure out which vulnerabilities exist within your organization that criminals can exploit. But what if you hired a team of faux cybercriminals to detect the trouble areas... The post ...

Social Media: How to Keep Yourself Safe
Social-Engineer | | Cybersecurity, Information Security, Newsletter, OSINT, security professionals, social engineering, social media
Human beings are social animals. We like to stay connected with friends, family and even workmates via social media. It […] ...

FAIL: Nomad DeFi Bridge ‘Loses’ $190M of Worthless Tokens
Richi Jennings | | API exploit, blockchain, Crypto, cryptocurrencies, cryptocurrency, cryptocurrency exchange, DeFi, Ethereum, imaginary money, Moonbeam, Nomad, One step closer to ridding the world of web3 nonsense, Ponzi scheme, SB Blogwatch, smart contracts, Web3
Cryptocurrency startup Nomad claimed its “optimistic bridging” protocol would “would keep users’ funds safe.” We take a closer look ...
Security Boulevard

APT29 Leverages Google Drive, Dropbox to Evade Detection
Call them Cozy Bear or APT29 or Nobelium or, as Palo Alto Networks’ Unit 42 does, Cloaked Ursa—no matter what name they go by, Russia’s Intelligence Service is still at it, this ...
Security Boulevard

Solved: Subzero Spyware Secret — Austrian Firm Fingered
Richi Jennings | | DSIRF, Jan Marsalek, Knotweed, Microsoft, RiskIQ, Russia, SB Blogwatch, spyware, Subzero, Wirecard
DSIRF GmbH codenamed ‘Knotweed’ by Microsoft and RiskIQ ...
Security Boulevard

Google ‘Delays Making Less Money’ — Third-Party Cookie Ban on Hold
Richi Jennings | | Chrome, cookies, FLoC, google, Might as well read “Google delays making less money”, Privacy, Privacy Sandbox, SB Blogwatch, Topics, tracking cookies
Google’s plan to kill third party cookies is delayed—yet again. And it’s probably not surprising ...
Security Boulevard

DE:CODED – Testing like hackers
SE Labs Team | | 2022, AMTSO, Anti-Malware Testing Standards Organization, attack chain, Business Tips, Cloud, Cybersecurity, email security, enterprise, EPS, ES&S, Hacking, home user, How We Test, Podcast, small business, social engineering, standards, Targeted attacks, Threat Intelligence
“When it’s not a pay-to-play test that’s behind the curtain…” Show notes for series 2, episode 3 What does it mean to test like a hacker? Can a well-intentioned tester behave the ...