Social Engineering
Navigating Security Awareness in the Tech Industry with Erin Gallagher
Tom Eston | | Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, empathy, Episodes, Information Security, Infosec, Phishing, phishing awareness, Podcast, Podcasts, Privacy, security, Security Awareness, security awareness training, social engineering, startup, Startups, Tech, tech industry, technology, Weekly Edition
In this episode Erin Gallagher, cybersecurity awareness lead at Fastly, discusses her journey into the field of security awareness and her unique approach to enhancing cybersecurity within tech companies. Erin shares her ...
House Passes Privacy-Preserving Bill, but Biden Blasts it
Richi Jennings | | 4th Amendment, adtech, Advertising and AdTech, Biden, Biden administration, Biden-Harris, Congress, congressional legislation, Data Broker, Data broker regulations, Data Brokers, foreign adtech, Fourth Amendment, Fourth Amendment is Not For Sale Act (FANFSA ), H.R. 4639, House of Representatives, Joe Biden, national security, national security policy, President Biden, SB Blogwatch, US Congress, White House
Are you a FANFSA fan? The White House isn’t. It says the bill “threatens national security.” ...
Security Boulevard
XZ Utils-Like Takeover Attempt Targets the OpenJS Foundation
The OpenJS Foundation, which oversees multiple JavaScript projects, thwarted a takeover attempt of at least one project that has echoes of the dangerous backdoor found in versions of the XZ Utils data ...
Security Boulevard
LSA Whisperer
Thank you to SpecterOps for supporting this research, to Elad for helping draft this blog, and to Sarah, Daniel, and Adam for proofreading and editing! Crossposted on GitHub.What follows is the culmination of ...
SIM Swappers Try Bribing T-Mobile and Verizon Staff $300
Richi Jennings | | 2fa, 2FA bypass, 2FA Flaws, 2FA policies, 2FA/MFA, bypass 2FA, Industry Insider, Insider, Insider attack, Insider Attacks, insider breach, Insider Fraud, insider risk, malicious social engineering, MFA, MFA hacks, mfa login, MFA Methods, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, sms scam, SMS scams, SMS Spam, SMS Spamming, social engineeering, T-Mobile, t-mobile breach, t-mobile data breach, T-Mobile hack, two factor authentication, two-factor-authentication.2fa, verizon, verizon data breach, Verizon Wireless
Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication ...
Security Boulevard
Sisense Hacked: CISA Warns Customers at Risk
Richi Jennings | | Amazon Web Services (AWS), aws, AWS access keys, AWS bucket, cisa, CISA Advisories, CISA Advisory, CISA Alert, CISA warning, CISA.gov, depth, NSA/CISA, Sangram Dash, SB Blogwatch, Sisense
A hard-coded credential catastrophe: The analytics firm kept big companies’ secrets in an insecure AWS bucket. Government says victims include the “critical infrastructure sector.” ...
Security Boulevard
Rooting out Risky SCCM Configs with Misconfiguration Manager
tl;dr: I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager.Ever since Garrett Foster, Duane Michael, and I released Misconfiguration Manager at SO-CON last month, we’ve had tons ...
Backdoor in XZ Utils That Almost Happened
Bruce Schneier | | backdoors, economics of security, essays, Hacking, Infrastructure, Linux, national security policy, open source, SSH, supply chain, Uncategorized
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s ...
Watch This? Patch This! LG Fixes Smart TV Vulns
Richi Jennings | | BitDefender, bitdefender research, Consumer IoT, CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, CVE-2023-6320, iot, LG, SB Blogwatch, Smart TV, Smart TV Security, Smart TV Vulnerability, Smart TVs, The ‘S’ in IoT stands for Security, TV, WebOS
4×CVE=RCE or Merely CE? Update your LG TV now, or let hackers root it. But is Bitdefender overhyping the issue? ...
Security Boulevard
10 Million Devices Were Infected by Data-Stealing Malware in 2023
Cybercriminals pilfered an average of 50.9 login credentials per device, evidence of the pressing need for cybersecurity measures ...
Security Boulevard