social engineering

  1. ChatGPT

    Critical CVE-2024-38164 Vulnerability in GroupMe: What Users Need to Know

    In a recent security disclosure, a critical vulnerability, designated as CVE-2024-38164, has been identified in GroupMe, a popular group messaging application owned by Microsoft. This vulnerability allows an unauthenticated attacker to execute an elevation of privilege attack via a malicious...
  2. Neemobeer

    Indicators of a Phishing/Social Engineering Email #2 - Fake PayPal

    Here is another real phishing email. This one purporting to be from PayPal. Lets dig in... (Orange) we have typos and grammatical errors (1) Again we have a weird email address from @paypap-us.com. This is highly unlikely owned by PayPal. (2) This email is probably BCC'd to a bunch of users...
  3. MikeHawthorne

    Windows 11 Have I been scammed?

    Hi everyone. I received an email from Comcast today, it says that my service will be suspended unless I update my payment information. It said that the credit card company failed to authorize the payment. This message really looks official, when I clicked on My Account in the message, I...
  4. News

    AA21-076A: TrickBot Malware

    Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency...
  5. News

    AA21-042A: Compromise of U.S. Water Treatment Facility

    Original release date: February 11, 2021 Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to...
  6. News

    AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data

    Original release date: December 10, 2020<br/><h3>Summary</h3><p>This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).</p>...
  7. News

    AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks

    Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) framework. See the <a href="Techniques - Enterprise | MITRE ATT&CK®">ATT&amp;CK for...
  8. News

    AA20-301A: North Korean Advanced Persistent Threat Focus: Kimsuky

    Original release date: October 27, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...
  9. News

    AA20-227A: Phishing Emails Used to Deploy KONNI Malware

    Original release date: August 14, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA)...
  10. News

    AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

    Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...
  11. News

    AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

    Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...
  12. Neemobeer

    Protect Yourself from Phishing: Essential Tips and Resources

    Phishing is one of the easiest and most common tactics cyber criminals use to complete their objectives whatever it may be. Most people have received one or more phishing attacks and the amount sent to people is staggering. They can come as text messages, phone calls, email, advertisements on...
  13. Neemobeer

    Social Engineering

    Some information I've put together regarding social engineering and how people use it to get information. I will likely expand it in the future. ***UPDATE*** This file is safe I did not rig it as a test.
  14. superman111

    Windows 7 How can we recognize and prevent identity Theft?

    Hope this one is a very informative topic for a wide margin of people. I came to know and interested on this topic after a social engineering manipulation on my wife's banking account. Like everybody we also get many prank calls and mails. One day somebody called her and asked for the pin number...
  15. News

    TA14-300A: Phishing Campaign Linked with “Dyre” Banking Malware

    Original release date: October 27, 2014 Systems Affected Microsoft Windows Overview Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including...
  16. News

    TA13-064A: Oracle Java Contains Multiple Vulnerabilities

    Original release date: March 05, 2013 Systems Affected Any system using Oracle Java 7, 6, 5 (1.7, 1.6, 1.5) including Java Platform Standard Edition 7 (Java SE 7) Java Platform Standard Edition 6 (Java SE 6) Java Platform Standard Edition 6 (Java SE 5) Java SE Development Kit (JDK...
  17. News

    TA13-051A: Oracle Java Multiple Vulnerabilities

    Original release date: February 20, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 13 and earlier JDK and JRE 6 Update 39 and earlier JDK and JRE 5.0 Update 39 and earlier SDK and JRE 1.4.2_41 and earlier Web browsers using the Java plug-in are at...
  18. News

    TA13-032A: Oracle Java Multiple Vulnerabilities

    Original release date: February 01, 2013 | Last revised: February 06, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 11 and earlier JDK and JRE 6 Update 38 and earlier JDK and JRE 5.0 Update 38 and earlier SDK and JRE 1.4.2_40 and earlier JavaFX...
  19. News

    TA13-010A: Oracle Java 7 Security Manager Bypass Vulnerability

    Original release date: January 10, 2013 | Last revised: February 06, 2013 Systems Affected Any system using Oracle Java 7 (1.7, 1.7.0) including Java Platform Standard Edition 7 (Java SE 7) Java SE Development Kit (JDK 7) Java SE Runtime Environment (JRE 7) OpenJDK 7 and 7u IcedTea...
  20. News

    October Update Tuesday: Security Intelligence Report volume 11 announced

    Hello, On this October Update Tuesday, we are releasing the 11th volume of the Security Intelligence Report, Link Removed which puts zero-day vulnerabilities into context against other global threats. We are also releasing eight security updates so please read on for details. A new method of...
Back
Top