Browsing Category: Social Engineering

[img_assist|nid=10958|title=Justin Morehouse|desc=|link=none|align=right|width=100|height=100]Corporate executives and other high value employees traveling abroad need to be on guard for attempts to compromise their mobile devices, and could even have their mobile phone compromised before they even disembark the plane following their arrival, according to security researcher Justin Morehouse. A thirst for intellectual property and trade secrets, and a bugeoning market of sophisticated mobile surveillance tools means that executives need to begin thinking and acting like spies in order to avoid being spied upon themselves, according to a presentation at the OWASP AppSec DC 2012 conference in Washington DC on Thursday.

Read more...

Good Samaritans are few and far between when it comes to lost cell phones, according to the conclusions of a social experiment conducted by security firm Symantec. Smart phones are unlikely to be returned by those who find them, but very likely to be perused for sensitive data including photos, social media applications and banking applications.

Read more...

It can be hard to parse the results of the Verizon Data Breach Investigation Report (DBIR), what with the shifts from year to year in the sources of breach data collected. Last year’s report, if you recall, found a stunning drop in incidents of data theft in 2010, even as tracking sites like Datalossdb.org reported no noticeable change that year.Frankly, it’s hard to read the DBIR and not have the term “sample bias” float into your head time and again. But the DBIR report has always been a good way to understand the security Zeitgeist, and this year’s report is no different, with more normal-seeming results and a focus on the actions of ideologically motivated hacking groups which, Verizon claims, were linked to 58% of all the data stolen from customers in 2011.

Read more...

Threatpost spent much of the last year chasing after Greg Hoglund, the founder and CEO of HB Gary. First, it was to get his reaction to the bruising encounter his firm had with the hacking group Anonymous. Then it was an endless series of requests on the aftermath of that hack, including the departure of HBGary Federal CEO Aaron Barr, and the company’s decision to pull out of the RSA Conference in 2011. When Greg finally did speak out it wasn’t to us.So we were happy when Hoglund, whose firm was recently acquired by the company Mantech International Corp., agreed to speak at the Kaspersky Lab Security Analysts’ Summit in Cancun, Mexico in February. His talk there on “Lateral Movement and Other APT Interaction Patterns Within the Enterprise” reinforced Hoglund’s reputation as one of the top experts on malicious code.Threatpost editor Paul Roberts caught up with Hoglund after the speech. And, while Anonymous and HBGary Federal were not up for discussion on the record, Hoglund offered some great insights into the delicate art of tracking down remote access trojans (or RATs) after they have a foothold in your network, as well as the mistakes companies make in trying to prevent and respond to security incidents.

Read more...