Hot Topics

Social Engineering

Social Engineering

What value do Red Team exercises provide to security awareness programs?

Navigating Security Awareness in the Tech Industry with Erin Gallagher

| | Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, empathy, Episodes, Information Security, Infosec, Phishing, phishing awareness, Podcast, Podcasts, Privacy, security, Security Awareness, security awareness training, social engineering, startup, Startups, Tech, tech industry, technology, Weekly Edition
In this episode Erin Gallagher, cybersecurity awareness lead at Fastly, discusses her journey into the field of security awareness and her unique approach to enhancing cybersecurity within tech companies. Erin shares her ...
Shared Security Podcast
U.S. Capitol Dome at sunset

House Passes Privacy-Preserving Bill, but Biden Blasts it

| | 4th Amendment, adtech, Advertising and AdTech, Biden, Biden administration, Biden-Harris, Congress, congressional legislation, Data Broker, Data broker regulations, Data Brokers, foreign adtech, Fourth Amendment, Fourth Amendment is Not For Sale Act (FANFSA ), H.R. 4639, House of Representatives, Joe Biden, national security, national security policy, President Biden, SB Blogwatch, US Congress, White House
Are you a FANFSA fan? The White House isn’t. It says the bill “threatens national security.” ...
Security Boulevard
open source security

XZ Utils-Like Takeover Attempt Targets the OpenJS Foundation

| | Open Source Security, OpenJS Foundation, software supply chain security, XZ Utils
The OpenJS Foundation, which oversees multiple JavaScript projects, thwarted a takeover attempt of at least one project that has echoes of the dangerous backdoor found in versions of the XZ Utils data ...
Security Boulevard
Elevating Kerberos to the Next Level

LSA Whisperer

| | Infosec, Red Teaming, research, specterops
Thank you to SpecterOps for supporting this research, to Elad for helping draft this blog, and to Sarah, Daniel, and Adam for proofreading and editing! Crossposted on GitHub.What follows is the culmination of ...
Posts By SpecterOps Team Members - Medium
Screenshot of bribery SMS spam

SIM Swappers Try Bribing T-Mobile and Verizon Staff $300

| | 2fa, 2FA bypass, 2FA Flaws, 2FA policies, 2FA/MFA, bypass 2FA, Industry Insider, Insider, Insider attack, Insider Attacks, insider breach, Insider Fraud, insider risk, malicious social engineering, MFA, MFA hacks, , MFA Methods, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, sms scam, SMS scams, SMS Spam, SMS Spamming, social engineeering, T-Mobile, t-mobile breach, t-mobile data breach, T-Mobile hack, two factor authentication, two-factor-authentication.2fa, verizon, verizon data breach, Verizon Wireless
Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication ...
Security Boulevard
Seal of the Cybersecurity & Infrastructure Security Agency

Sisense Hacked: CISA Warns Customers at Risk

| | Amazon Web Services (AWS), aws, AWS access keys, AWS bucket, cisa, CISA Advisories, CISA Advisory, CISA Alert, CISA warning, CISA.gov, depth, NSA/CISA, Sangram Dash, SB Blogwatch, Sisense
A hard-coded credential catastrophe: The analytics firm kept big companies’ secrets in an insecure AWS bucket. Government says victims include the “critical infrastructure sector.” ...
Security Boulevard
Rooting out Risky SCCM Configs with Misconfiguration Manager

Rooting out Risky SCCM Configs with Misconfiguration Manager

| | Information Security, Red Team, research, SCCM
tl;dr: I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager.Ever since Garrett Foster, Duane Michael, and I released Misconfiguration Manager at SO-CON last month, we’ve had tons ...
Posts By SpecterOps Team Members - Medium

Backdoor in XZ Utils That Almost Happened

| | backdoors, economics of security, essays, Hacking, Infrastructure, Linux, national security policy, open source, SSH, supply chain, Uncategorized
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s ...
Schneier on Security
A person standing in a field, but with a TV for a head

Watch This? Patch This! LG Fixes Smart TV Vulns

| | BitDefender, bitdefender research, Consumer IoT, CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, CVE-2023-6320, iot, LG, SB Blogwatch, Smart TV, Smart TV Security, Smart TV Vulnerability, Smart TVs, The ‘S’ in IoT stands for Security, TV, WebOS
4×CVE=RCE or Merely CE? Update your LG TV now, or let hackers root it. But is Bitdefender overhyping the issue? ...
Security Boulevard
worm on a black background

10 Million Devices Were Infected by Data-Stealing Malware in 2023

| | cyberattacks, Malware, Ransomware, research
Cybercriminals pilfered an average of 50.9 login credentials per device, evidence of the pressing need for cybersecurity measures ...
Security Boulevard
Load more

Secure Guardrails