The Wayback Machine - https://web.archive.org/web/20230128041631/https://securityboulevard.com/category/blogs/social-engineering/

Social Engineering

Log Entries

VMware vRealize Log Insight VMSA-2023-0001 IOCs

| | Blog, Red Team
Introduction The recent VMware VMSA describes four new CVEs affecting VMware vRealize Log Insight. Three of these CVEs can be combined to give an attacker remote code execution as root. This vulnerability ...
Horizon3.ai
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

| | Bundeskriminalamt, Department of Justice, DOJ, Europol, FBI, Hive, HIVE Ransomware, Ransomware, SB Blogwatch, takedown, takedowns, website takedown, website takedowns
Law enforcement agencies from several countries got together and took down the site. They also worked to decrypt victims’ data ...
Security Boulevard
At the Edge of Tier Zero: The Curious Case of the RODC

At the Edge of Tier Zero: The Curious Case of the RODC

| | active directory security, Penetration Testing, Red Team
The read-only Domain Controller (RODC) is a solution that Microsoft introduced for physical locations that don’t have adequate security to host a Domain Controller but still require directory services for resources in ...
Posts By SpecterOps Team Members - Medium
Vishing Financial Institutions

Vishing Financial Institutions

| | Cybersecurity, General, pentesting, Security Education, security professionals, Security Training, social engineering, vishing financial institutions
Social-Engineer, LLC (SECOM) actively works with financial institutions to test and give guidance on their employees’ resilience against phone phishing, […] ...
Social-Engineer, LLC
Praetorian GitHub Attack Toolkit (GATO) Demo

Phantom of the Pipeline: Abusing Self-Hosted CI/CD Runners

| | CI-CD, corporate security, Gato, GitHub Runners, open source, Red Team, Red Teaming, Tools & Techniques
Introduction Throughout numerous Red Teams in 2022, a common theme of Source Control Supply Chain attacks in GitHub repositories has emerged. After many hours manually hunting for and exploiting these attack paths, ...
Blog - Praetorian

Leaking company secrets via generative AIs like ChatGPT

| | CSO, deep thoughts, hacks, online security, risk, social engineering
For a third party, knowing what people from company X are asking of ChatGPT (or any other generative AI) could be quite interesting and profitable ...
Al Berg's Paranoid Prose
Jar differences

ManageEngine CVE-2022-47966 Technical Deep Dive

| | Blog, Red Team
Introduction On January 10, 2023, ManageEngine released a security advisory for CVE-2022-47966 (discovered by Khoadha of Viettel Cyber Security) affecting a wide range of products. The vulnerability allows an attacker to gain ...
Horizon3.ai
What is a Supply Chain Attack and How Can Organizations Defend Against Them?

What is a Supply Chain Attack and How Can Organizations Defend Against Them?

| | Blog, offensive security bundle, pen testing, Red Teaming, Vulnerability Management
The post What is a Supply Chain Attack and How Can Organizations Defend Against Them? appeared first on Digital Defense ...
Digital Defense
Personal Cybersecurity Concerns for 2023

Personal Cybersecurity Concerns for 2023

| | bec, business email compromise, cybercrime, Cybersecurity Concerns for 2023, , Impersonation scams, Infosec, pig butchering, social engineering
Not too long ago, many of us thought that cybersecurity was something for corporations to worry about. Perhaps we thought, […] ...
Security Through Education
Another Password Manager Breach: NortonLifeLock Apes LastPass

Another Password Manager Breach: NortonLifeLock Apes LastPass

| | credential reuse, credential stuffing, credential stuffing attack, Gen Digital, lastpass, Norton Password Manager, NortonLifeLock, Password, password reuse, passwords, SB Blogwatch, Symantec
NortonLifeLock is warning customers their passwords are loose. First LastPass, now this? ...
Security Boulevard
Load more