Browsing Category: Social Engineering

Own the Email, Own the Person

For attackers looking to take control of a victim’s online presence, there is no better place to start than the target’s email account. If you own the email, you own the person. That’s never been more true than today, with so many social networks, services and shopping sites attached to users’ email addresses. New research done by Lucas Lundgren of IOActive shows just how simple it can be to get control of a target’s email account, and from there, everything else.

Read more...

Gauss, Flame Highlight Problem of Defeating High-End Malware

If the last couple of years of life on the Internet have taught us anything it should be that there’s a lot we don’t know about what’s happening out there. Sure, we know that there are a lot of attacks going on, metric tons of money being stolen and untold terabytes of data being siphoned off, and once in a while we’re even able to figure out who’s doing some of it. But, as the discovery of tools such as Flame and Gauss suggests, there’s a lot of stuff bubbling under the surface that mostly goes unseen.

Read more...

Firms Need ‘Tough Love’ In Struggle Against APTs

Black Hat is upon us and, with it, a lot of chatter about the dangers posed by so-called “APT,” or advanced persistent threats. Rather than get trapped in the hype bubble, Threatpost editor Paul Roberts took the opportunity to check back in with a recognized expert on detecting and combating APT-style attacks: Amit Yoran, the former CEO of NetWitness Corp. and now a Senior Vice President at RSA, The Security Division of EMC. Yoran says that the darkest days may yet be ahead in the fight against APT style attacks, with mounting attacks and a critical shortage of security talent. To cope, both private sector firms and the government need to stop fighting the last war and pivot to the kinds of practices and monitoring that can spot sophisticated attackers. 

Read more...