Social Engineering in Real-World Computer Attacks

Why bother breaking down the door if you can simply ask to be let in? The SANS Diary has an excellent entry on just how valuable social engineering is to attackers — whether during penetration testing or as part of real world attacks.  It explores the techniques used to marry offline social engineering lures with online attacks and the clever real world attack techniques that can end with malware installation on a computer system.  Read the full diary []

Obama Nominates DHS Intelligence Chief

President Barack Obama has nominated Caryn
Wagner to be the Homeland Security Department s intelligence chief, a
position that oversees information technology systems designed to share
information with federal, state and local officials.

Report: Cyberterror Not a Credible Threat

A new report by a Washington policy think tank dismisses out of hand the idea that terrorist groups are currently launching cyber attacks and says that the recent attacks against U.S. and South Korean networks were not damaging enough to be considered serious incidents.

It turns out Nigeria is taking measures to fight Internet
scams—law enforcement there has shut down close to a thousand websites
and made 18 arrests as part of a new initiative to save the nation’s
reputation and crack down on Internet scammers. The program, called
“Project Eagle Claw,” has only just begun, but Nigerian officials
expect it to be fully operational in 2010. Read the full story [Ars Technica].

Guest Editorial by Vitaly KamlukMalware writers today always try to
conceal their identities, right? Wrong – even some of today’s profit
driven cyber criminals reveal their identities. We are a bit surprised,
but here is the story of how a blackhat has revealed his identity and
is trying to ‘get compensation’ from Kaspersky for conducting research.

Microsoft Windows 7 is on its way tomorrow, and it is bringing with it a set of security features Microsoft hopes will appeal to enterprises.The Windows 7 security story has three main chapters that have received a fair amount of attention – DirectAccess, BitLocker To Go and AppLocker. With these, capabilities like Branchcache and enhancements to features like user account control (UAC), officials at Microsoft feel they are pushing out their most secure operating system yet. Read the full story [eWEEK/Brian Prince]

The growing use of social networking sites is leaving PC inadvertently open to identity thieves warned Hugh Thompson, chief security strategist at People Security.

Speaking at the RSA Europe Conference, Thompson said that people were unaware just how many clues they left for fraudsters. He said such carelessness was fuelling the rise of cybercrime. He told the conference about the way he managed to access one of his wife’s friend’s bank account in a couple of hours using publicly available data – a process that he had previously documented in a Scientific American article. He warned that most people’s private accounts could be accessed in this way.  Read the full article [Techworld/Maxswell Cooter]

One week after the release of its Microsoft Security Essentials utility, Microsoft is sharing some very useful data on malware infections globally.In the first week alone, the tool counted four million detections on 535,752 distinct machines, with ID-theft related Trojans sitting atop the detected category in the US. China has lots of potentially unwanted software threats, and worms (particularly Conficker) are very active in Brazil.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.