Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How I Would Hack Your Network (If I Woke Up Evil)
Oldest First  |  Newest First  |  Threaded View
Page 1 / 3   >   >>
nosmo_king
nosmo_king,
User Rank: Strategist
1/27/2017 | 9:31:53 AM
Faster and easier
I find that tossing a few carefully crafted USB sticks into the executive parking lot is easier, cheaper and more effective.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/28/2017 | 10:58:46 AM
Re: Faster and easier
@nosmo: Well, sure, that's phishing too -- just a more "physical" type of phishing, compared to email phishing.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/28/2017 | 11:02:25 AM
%
The 20-30% figure isn't surprising.  At an MIT event I went to not too long ago, one presenter talked about an email sent organization-wide that said something to the effect of: "This is a phishing email.  It is fake.  Do not click on this link" -- and found that 10% of the recipients STILL clicked the link.

One C-suite executive who clicked on the link's response when asked why he clicked it: "I wanted to see what would happen."
Dr.T
Dr.T,
User Rank: Ninja
1/30/2017 | 12:42:46 PM
Nature of attacks
The nature of attacks are two folds in my view. One you trick the user so you can get a privilege access to the system and another one you know a back door that most others do not. Government sponsored ones are more likely they have a back door to the systems. System vulnerabilities are not the main paths for the attacks.
Dr.T
Dr.T,
User Rank: Ninja
1/30/2017 | 12:43:53 PM
Re: Faster and easier
Not only executive but for everyine, we will all wonder what we have in a lost and found flash drive.

 
Dr.T
Dr.T,
User Rank: Ninja
1/30/2017 | 12:45:09 PM
Re: Faster and easier
"Well, sure, that's phishing too ..."

True, just tricking users to do something that they are not normally do. Clever.
Dr.T
Dr.T,
User Rank: Ninja
1/30/2017 | 12:47:05 PM
Re: %
"Do not click on this link" -- and found that 10% of the recipients STILL clicked the link. "

I wonder, the reason they would click because of the question in their mind: "why would I get a link not to click?"
Dr.T
Dr.T,
User Rank: Ninja
1/30/2017 | 12:47:23 PM
Source of attacks
Now that security attacks created a new industry I suspect that lots of security firms are behind of lots of those attacks to sell their products. I do not have a proof for it, it is just my guess. 
Dr.T
Dr.T,
User Rank: Ninja
1/30/2017 | 12:48:24 PM
Re: %
"I wanted to see what would happen."

I see their reasoning. There should be second level protection. I should be able to click the link and still be protected.
Dr.T
Dr.T,
User Rank: Ninja
1/30/2017 | 12:48:51 PM
AV vs. DDOD or social engineering
Agree with the article, AV is an outdated strategy, nobody spends time to write a virus, there is more exciting ways of doing impact such as DDOD and social engineering.

 
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-46411
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.
CVE-2022-46412
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.
CVE-2022-46413
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.
CVE-2022-46414
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.
CVE-2022-44721
PUBLISHED: 2022-12-04
CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.)