Social Engineering in Cybersecurity; Threats and Defenses by Gururaj H L & Janhavi V & Ambika V, 2024
In today’s digitally interconnected world, the threat landscape has evolved to include not just sophisticated technical exploits but also the art of human manipulation. The primary aim of this textbook is to provide a comprehensive and in-depth exploration of social engineering attacks.
Wie verändert KI die Cyberbedrohungslandschaft? Dieser Frage widmet sich unsere aktuelle Untersuchung: 👉 https://www.bsi.bund.de/dok/1110726
Generative KI senkt die Einstiegshürden für Cyberangriffe und erhöht Umfang, Geschwindigkeit und Schlagkraft schadhafter Handlungen im digitalen Raum. Derzeit stellen wir eine maligne Nutzung vor allem im Bereich des #SocialEngineering und bei der Generierung von #Schadcode fest.
Schön, dass hier angesichts meiner aktuellen Aktivitäten wieder über das fragwürdige Konzept der "Schwachstelle Mensch" diskutiert wird! Allen Zweifler:innen an meinem Rant auf @uebermedien sei versichert: mich erreichen nahezu täglich Infos über die wildesten Sicherheitslücken, die einfach und ganz ohne Social Engineering etc auszunutzen sind. Wenn die Energie, mit der Menschen vorgeworfen wird, ein Sicherheitsproblem zu sein, in IT-Sicherheit gesteckt würde, wäre vieles gelöst. #cybersecurity
Ganz aktuell recherchiere ich über eine deutsche Insitution, die ihre vertraulichen Infos seit Monaten ganz offen ins Netz stellt - auch NACHDEM sie bereits massive Probleme mit Spionage durch andere Geheimdienste hatte. Hier braucht es keinen "dummen User", der irgendeinen Link klickt oder einen Anhang öffnet. Hier braucht es "Awareness" für technische IT-Sicherheit an oberster Stelle.
(Kann noch nicht sagen, um wen es geht - Text kommt aber bald) #socialengineering#cybersecurity
Please, for the collective love of the Intertubes, do not share your security question answers and credit card information through an unsecured form in a brand new website.
This is not the kind of recruitment you want to join.
The Language of Deception: Weaponizing Next Generation AI by Justin Hutchens
A penetrating look at the dark side of emerging AI technologies
In The Language of Deception: Weaponizing Next Generation AI , artificial intelligence and cybersecurity veteran Justin Hutchens delivers an incisive and penetrating look at how contemporary and future AI can and will be weaponized for malicious and adversarial purposes.
Fighting Phishing: Everything You Can Do To Fight Social Engineering and Phishing by Roger R. Grime serves as the ideal defense against phishing for any reader, from large organizations to individuals. Unlike most anti-phishing books, which focus only on one or two strategies, this book discusses all the policies, education, and technical strategies that are essential to a complete phishing defense.
Someone at the edge of my personal network recently got hit by a scam.
In short, a caller to the victim claimed to be from their cellular phone carrier asking if they had requested to transfer the number to a new iPhone 15 delivered to Austin, TX.
The caller got the victim to read back a security code sent via text message, and initiated an "unauthorized port out" of the victim's phone number, and used it to pull cash from the victim's credit cards.
My extremely badass friend and @tallpoppy advisor @satnam has an important new research report out on "pig butchering" scams. If you've ever wondered what those weird wrong-number texts are about, this is the answer, and it's super dark.
Read it, and tell the less-online folks in your life about it. You could save someone you care about from life-altering victimisation.
🚨 BREAKING: One of the largest data breaches to date dubbed the “Mother of All Breaches,” with 26 billion leaked records — including popular sites like LinkedIn, Snapchat, Venmo, Adobe and X, formerly Twitter — in what is called the biggest leak in history.
The compromised data includes more than just login credentials while much of it is allegedly “sensitive”.
Unauthorized access to accounts and identity theft are very much a possibility: it is time to change passwords (accross platforms if there is password reuse), review/enable MFA and keep your guard up for more elaborate social engineering schemes involving personal details.
🎙️In episode 313 of the @sharedsecurity podcast, we talk about the world of scambaiting, discuss preventing social media account takeovers, and reveal how attackers can compromise network-connected wrenches with ransomware!
The prevalence of #AI-generated content signals a tipping point in #socialengineering, requiring us to develop new tools to detect & counter malicious intent. In this recap of a recent Bishop Fox fireside chat featuring Rob Ragan, @alethe, Derek Rush, and Ben Lincoln, we explore the importance of understanding social engineering tactics and strategies, implementing technical controls, and the role of internal network testing.
My wife just fell victim to a One Time Password (OTP) scam.
Someone rang saying that they were from the phone company #EE and told her that she was eligible for a discount, she just needed to confirm a passcode sent to her phone. They knew her email address, name and telephone number. They were very pushy. She gave them the code and only saw later it was a change password code. #scam#socialEngineering 🧵
We put in a password change request, logged in to the EE website and saw that they had upgraded her plan to include the latest iPhone, and put stuff in her basket. We emptied the basket. The scammers then changed the email address on the account locking her out.
We called #EE immediately, they cancelled the transaction and switched the email address on her account over to her backup email. #scam#socialEngineering
Be careful out there, and stay suspicious. There's no such thing as a free lunch and telephone companies don't call you about draws to give you discounts. #scam#socialEngineering#EE
My name's Rob and I’m a Master of #Criminology postgrad from Melbourne. I love #movies, #books, occasionally camping, and obsessing over my dog. Pronouns are he/him.
** Apologies for the instance hopping and repeated intros but I'm still figuring this platform out. I don't want multiple accounts and my last one was kinda lifeless. There seems to be a really good mix of people here so hello again. **
If you know of some videos that you like sharing to work colleagues, friends, and family to help them understand #cybersecurity and the topics above, please reply with links and I'll check them out.