📚New Blog!
The 2nd part of my "Corporate #OSINT for #SocialEngineering" article is now published.
This blog focuses on the physical perimeter of an organization.
It discusses some of the OSINT techniques used in the planning and preparation of in-person, social engineering attacks.
As security professionals, the goal is to proactively follow the same process a threat actor would to identify information that exposes potential vulnerabilities in our organization’s physical perimeter, and to manage those vulnerabilities.
My hope is that you'll proactively test those resources.
Need more help in getting the full picture on the information that is available about the physical perimeter of your organization? Feel free to reach out!
Even the sentries of the digital realm aren't immune! DarkBeam's monumental leak exposed BILLIONS of records! Are your passwords as safe as you think? Do YOU know how to spot a phishing attempt? Dive into our latest post and test your defenses with an interactive quiz! 🔒📢 Your online security might hinge on this! Don't wait – on NOW and stay a step ahead! #CyberSecurityAwareness#Cybersecurity#infosec#informationsecurity#cybersecuritynews#cybercrime https://wp.me/peSvjo-31
Three years ago I was diagnosed with Type 2 Cybersecurity. That's why this month I am happy to continue to spread #CybersecurityAwareness for each and every one of you that is unaware of just how easy it is to unknowingly develop #Cybersecurity.
You may have seen the news this week that the FBI cracked down (Qak-ed down?) on the cyber criminal operation called Qakbot (pronounced quack-bot). If you want to know what kind of what kinds of sneaky tricks Qakbot will pull on you, here's helpful info and a video.
il jailbreak per le Tesla è servito! L’hack sblocca tutte le funzioni a pagamento e fornisce l’accesso root
I veicoli elettrici #Tesla sono famosi per il loro #approccio immediato alla fornitura di opzioni premium.
Gli acquirenti possono acquistare immediatamente una versione “a pagamento” dell’auto e godere di tutte le funzionalità aggiuntive, oppure possono acquistare una versione base per se stessi, ma #sbloccare molte #funzionalità del #pacchetto premium come parte di un normale abbonamento a pagamento.
#MythAmerica July 4, 2023—September 4, 2023 Post a picture of your copy of the book “Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us” with the hashtag #MythAmerica and the link https://bit.ly/CyberMythsBook (Facebook, Mastodon, Linkedin) Lean into your “serious photographer” side or make it pure goofiness. lllustrate your favorite myth in the book (or not). Posting more than once is fine! Have Fun. Be kind. Be safe. (Seriously. Don’t make us turn this car around) | HAVE THE BOOK BUT I DO NOT LIVE IN THE U.S.! NO PROBLEM! Don’t let a play on words stop you! Tag #MythAmerica, the link, and hashtag your own city and/or country. The team will pick a few of the most clever photos submitted by September 4. Those folks will receive an original print, inspired by the book, from the illustrator and signed by all the authors Join this online celebration of cybersecurity awareness and summer fun! Don’t own a copy of the book yet?? Here’s the link: https://bit.ly/CyberMythsBook
This month I have a bit of a general topic. I get into how you can protect yourself online, listing five simple tips you can do right now which will help you stand on a much more secure ground.
Germany's domestic intelligence apparatus (BfV), South Korea's National Intelligence Service (NIS) and the U.S. National Security Agency (NSA) warn about cyber attacks mounted by a threat actor tracked as Kimsuky, using #socialengineering and #malware to target think tanks, academia, and news media sectors.
"Kimsuky has been observed leveraging open source information ( #OSINT ) to identify potential targets of interest and subsequently craft their online personas to appear more legitimate by creating email addresses that resemble email addresses of real individuals they seek to impersonate.
The adoption of spoofed identities is a tactic embraced by other state-sponsored groups and is seen as a ploy to gain trust and build rapport with the victims. The adversary is also known to compromise the email accounts of the impersonated individuals to concoct convincing email messages.
#Kimsuky actors tailor their themes to their target's interests and will update their content to reflect current events discussed among the community of North Korea watchers.
Besides using multiple personas to communicate with a target, the electronic missives come with bearing with password-protected malicious documents, either attached directly or hosted on Google Drive or Microsoft OneDrive."
You may or may not know this about me but I published a book couple of years ago on how the average layman can stay safe online. Initially it had a pretty narrow distribution, you could get it on Amazon or you could special order it from your favorite bookstore.
I have now broadened that distribution significantly. You should now be able to get it pretty much everywhere. For all the places you can buy my book check out https://books2read.com/infosechelp. BTW there are three more distributors that are still working on listing my book on their site.
In addition to all those place it is also available from https://leanpub.com/onlinesafety where you can pay what you feel is fair.
You can also still special order it from your favorite bookstore. Here are ISBN and the editions that are available with old fashion brick and mortar bookstore distributor.