Inside | Real news, curated by real humans
Inside Security

Inside Security (Aug 7th, 2018)

I review a new edition of a classic book about social engineering below. If you ever doubted that these techniques are worth learning, you should read this post about understanding which of your social media accounts have been compromised

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).

  • Email gray
  • Permalink gray

1. Salesforce is warning customers about an API error that may have leaked data for some users of its Marketing Cloud offering. The leak could have happened from June 4 to July 18. Customers were notified last week that data they stored may have been accessed by third parties or inadvertently corrupted.  – BANK INFO SECURITY

  • Email gray
  • Permalink gray

2. DMARC hasn’t been widely adopted, despite making significant progress. For the vast majority of non-profits and academic organizations, it is still not deployed. These analysts examined thousands of domains in this report.  – 250OK BLOG

  • Email gray
  • Permalink gray

3. This is a very detailed explanation of how phishers ply their trade. It is based on the author’s personal experience, and shows the range of sophistication now available to these criminals.– ARS

  • Email gray
  • Permalink gray

4. Security experts have developed a collection of open source tools and disclosed techniques that can be useful in identifying large Twitter botnets. Using the Twitter API, they collected millions of Tweets to figure this out.  They will release the report and the tools at Black Hat tomorrow. – DUO BLOG

  • Email gray
  • Permalink gray

5. There is a new technique to crack WPA PSK passwords. It is a fairly technical explanation, but it looks like it can be implemented easier than previous attacks. – HASHCAT

  • Email gray
  • Permalink gray

6. Analysts have observed additional BGP hijacks of authoritative DNS servers happening more frequently. These were seen in networks in Indonesia and Malaysia and seem to be related to payment processors. – ORACLE BLOG

  • Email gray
  • Permalink gray

7. Social Engineering, the Science of Hacking is a great book and has been recently updated from its 2010 first edition. It can be very useful for security professionals. It will teach you the fundamentals about social engineering, the principles that hackers use to enter your networks and steal your data. It is heavy on the social part of the equation: tutorials on the DISC Myers/Briggs personality methods, understanding facial expressions and human-to-human relationships. There are still plenty of tools mentioned here but that is secondary to understanding how the hacker mindset operates and how easy it is for them to obtain the most personal information about us from the Internet and social media.

  • Email gray
  • Permalink gray

8. To supplement the message of this book above is this blog post that gives further credence to getting inside the hacker’s minds to understand potential fraud. There are other tips here, such as monitoring dark web forums and understanding regional differences in language and computing styles. – FLASHPOINT BLOG

  • Email gray
  • Permalink gray

9. HP is warning that a maliciously crafted file sent to certain ink jet printers can cause a stack or static buffer overflow, which could allow remote code execution. The affected products include Pagewide Pro, DesignJet, OfficeJet, DeskJet and Envy printers. The exploit came from a researcher participating in its bug bounty program. – HOT FOR SECURITY

  • Email gray
  • Permalink gray

10. Remember the McDonalds Monopoly games of the early part of this century? Turns out many of the prizes were awarded to a group led by Jerome Jacobson. The group included mobsters, psychics, strip-club owners, and drug traffickers. They won almost every prize for 12 years, until the FBI figured out the scam. – THE DAILY BEAST

  • Email gray
  • Permalink gray

Resume inflation, indeed. (from DEVHUMOR)

  • Email gray
  • Permalink gray

 

Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   




 

Subscribe to Inside Security

MORE NEWSLETTERS

Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

Essays and musings from Inside.com founder Jason Calacanis

WEEKLY
Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

WEEKLY

SUBSCRIBED!

Share via

Everything you need to know about the resurgence of the spoken word

Inside Podcasting

Everything you need to know about the resurgence of the spoken word

TWICE WEEKLY
Everything you need to know about the resurgence of the spoken word

Inside Podcasting

TWICE WEEKLY

SUBSCRIBED!

Share via

Fascinating, curious and amazing journalism, all in one link.

ReadThisThing

Fascinating, curious and amazing journalism, all in one link.

DAILY
Fascinating, curious and amazing journalism, all in one link.

ReadThisThing

DAILY

SUBSCRIBED!

Share via

Financial, legislative, agricultural, and all the other most important news about the cannabis industry

Inside Cannabis

Financial, legislative, agricultural, and all the other most important news about the cannabis industry

TWICE WEEKLY
Financial, legislative, agricultural, and all the other most important news about the cannabis industry

Inside Cannabis

TWICE WEEKLY

SUBSCRIBED!

Share via