social engineering

In a recent security disclosure, a critical vulnerability, designated as CVE-2024-38164, has been identified in GroupMe, a popular group messaging application owned by Microsoft. This vulnerability allows an unauthenticated attacker to execute an elevation of privilege attack via a malicious...

Here is another real phishing email. This one purporting to be from PayPal. Lets dig in... (Orange) we have typos and grammatical errors (1) Again we have a weird email address from @paypap-us.com. This is highly unlikely owned by PayPal. (2) This email is probably BCC'd to a bunch of users...

Hi everyone. I received an email from Comcast today, it says that my service will be suspended unless I update my payment information. It said that the credit card company failed to authorize the payment. This message really looks official, when I clicked on My Account in the message, I...

Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency...

Original release date: February 11, 2021 Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to...

Original release date: December 10, 2020<br/><h3>Summary</h3><p>This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).</p>...

Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) framework. See the <a href="Techniques - Enterprise | MITRE ATT&CK®">ATT&amp;CK for...

Original release date: October 27, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...

Original release date: August 14, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA)...

Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...

Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...

Phishing is one of the easiest and most common tactics cyber criminals use to complete their objectives whatever it may be. Most people have received one or more phishing attacks and the amount sent to people is staggering. They can come as text messages, phone calls, email, advertisements on...

Some information I've put together regarding social engineering and how people use it to get information. I will likely expand it in the future. ***UPDATE*** This file is safe I did not rig it as a test.

Hope this one is a very informative topic for a wide margin of people. I came to know and interested on this topic after a social engineering manipulation on my wife's banking account. Like everybody we also get many prank calls and mails. One day somebody called her and asked for the pin number...

Original release date: October 27, 2014 Systems Affected Microsoft Windows Overview Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including...

Original release date: March 05, 2013 Systems Affected Any system using Oracle Java 7, 6, 5 (1.7, 1.6, 1.5) including Java Platform Standard Edition 7 (Java SE 7) Java Platform Standard Edition 6 (Java SE 6) Java Platform Standard Edition 6 (Java SE 5) Java SE Development Kit (JDK...

Original release date: February 20, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 13 and earlier JDK and JRE 6 Update 39 and earlier JDK and JRE 5.0 Update 39 and earlier SDK and JRE 1.4.2_41 and earlier Web browsers using the Java plug-in are at...

Original release date: February 01, 2013 | Last revised: February 06, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 11 and earlier JDK and JRE 6 Update 38 and earlier JDK and JRE 5.0 Update 38 and earlier SDK and JRE 1.4.2_40 and earlier JavaFX...

Original release date: January 10, 2013 | Last revised: February 06, 2013 Systems Affected Any system using Oracle Java 7 (1.7, 1.7.0) including Java Platform Standard Edition 7 (Java SE 7) Java SE Development Kit (JDK 7) Java SE Runtime Environment (JRE 7) OpenJDK 7 and 7u IcedTea...

Hello, On this October Update Tuesday, we are releasing the 11th volume of the Security Intelligence Report, Link Removed which puts zero-day vulnerabilities into context against other global threats. We are also releasing eight security updates so please read on for details. A new method of...