SecureList

APRIL 16, 2025

Instead, they rely on the default severity in the rule, which is often set randomly or based on an engineer’s opinion without a clear process. Detection engineering program Before diving into the program-level approach, we will first present the detection engineering lifecycle that forms the foundation of the proposed program.

Engineering 72

Engineering Threat Detection Firewall Digital transformation 72

Schneier on Security

SEPTEMBER 20, 2024

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line.

Social Engineering 312

Social Engineering Engineering Phishing Malware 312

Penetration Testing

OCTOBER 27, 2024

The ReliaQuest Threat Research Team uncovered an intensified social engineering campaign tied to the ransomware group Black Basta.

Social Engineering 97

Social Engineering Engineering Ransomware Cybersecurity 97

Schneier on Security

FEBRUARY 24, 2025

Researchers gave the models a seemingly impossible task: to win against Stockfish, which is one of the strongest chess engines in the world and a much better player than any human, or any of the AI models in the study. When they couldn’t win, they sometimes resorted to cheating. In one case, o1-preview found itself in a losing position.

Engineering 293

Engineering Hacking 293

Security Boulevard

APRIL 16, 2025

That AI has gotten much more proficient in social engineering is a revelation that's not surprising, but still sets alarm bells ringing. The post In a Social Engineering Showdown: AI Takes Red Teams to the Mat appeared first on Security Boulevard.

Social Engineering 76

Social Engineering Engineering Cybersecurity 76

Schneier on Security

JANUARY 30, 2025

They exploit people who are using search engines to search sites like Reddit. There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing service. ” Boingboing post.

Malware 237

Malware Engineering 237

Krebs on Security

NOVEMBER 12, 2024

Satnam Narang , senior staff research engineer at Tenable , says the danger with stolen NTLM hashes is that they enable so-called “pass-the-hash” attacks, which let an attacker masquerade as a legitimate user without ever having to log in or know the user’s password.

Authentication 256

Authentication Engineering Malware Passwords 256

Schneier on Security

FEBRUARY 25, 2025

This attack proves that UI manipulation and social engineering can bypass even the most secure wallets. No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link. The industry needs to move to end to end prevention, each transaction must be validated.

Cryptocurrency 245

Cryptocurrency Social Engineering Hacking Engineering 245

Schneier on Security

DECEMBER 2, 2024

Here are the technical details , discovered through reverse engineering. I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.

Engineering 318

Engineering 318

Schneier on Security

APRIL 2, 2024

An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. The cybersecurity world got really lucky last week. modified the way the software functions.

Social Engineering 353

Social Engineering Engineering Software Encryption 353

Security Boulevard

JANUARY 15, 2025

Sweet Security today added a cloud detection engine to its cybersecurity portfolio that makes use of a large language model (LLM) to identify potential threats in real-time. The post Sweet Security Leverages LLM to Improve Cloud Security appeared first on Security Boulevard.

Engineering 124

Engineering Cybersecurity 124

Krebs on Security

JANUARY 7, 2025

Each participant in the call has a specific role, including: -The Caller: The person speaking and trying to social engineer the target. A tutorial shared by Stotle titled “Social Engineering Script” includes a number of tips for scam callers that can help establish trust or a rapport with their prey.

Phishing 334

Phishing Cryptocurrency Accountability Social Engineering 334

Security Boulevard

DECEMBER 5, 2024

Identity phishing doesn’t just lead to data theft – it can also lead to financial fraud, targeted social engineering attacks and lateral movement across endpoints. The post Identity Phishing: Using Legitimate Cloud Services to Steal User Access appeared first on Security Boulevard.

Phishing 111

Phishing Social Engineering Engineering Security Awareness 111

Krebs on Security

FEBRUARY 11, 2025

Tenable senior staff research engineer Satnam Narang noted that since 2022, there have been nine elevation of privilege vulnerabilities in this same Windows component — three each year — including one in 2024 that was exploited in the wild as a zero day (CVE-2024-38193).

Artificial Intelligence 195

Artificial Intelligence Engineering Software Internet 195

Penetration Testing

NOVEMBER 11, 2024

Cado Security Labs has uncovered a targeted GuLoader malware campaign aimed at European industrial and engineering companies.

Engineering 125

Engineering Malware Cybersecurity 125

eSecurity Planet

OCTOBER 18, 2024

It is generalized and entry-level, but it demonstrates a core level of competency that can be a building block of almost any career in cybersecurity, whether in administration, engineering, or development. It’s obviously a step to penetration testing, but it’s also helpful for architect, engineer, and analyst jobs.

Cybersecurity 125

Cybersecurity Artificial Intelligence Penetration Testing CISO 125

Schneier on Security

APRIL 25, 2024

In response, a multibillion-dollar industry—search-engine optimization, or SEO—has emerged to cater to Google’s shifting preferences, strategizing new ways for websites to rank higher on search-results pages and thus attain more traffic and lucrative ad impressions. It is too late to stop the emergence of AI.

Engineering 360

Engineering Internet Internet Artificial Intelligence 360

Schneier on Security

AUGUST 29, 2024

Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret. She was a remarkable person.

Engineering 341

Engineering Internet Internet 341

Schneier on Security

MAY 16, 2024

ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices.

DNS 325

DNS Firewall Engineering Network Security 325

Schneier on Security

SEPTEMBER 17, 2024

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware.

Malware 305

Malware Social Engineering Engineering Hacking 305

Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. “In terms of overall social engineering attacks, the more you have a relationship with someone the more they’re going to trust you,” Donahue said. Don’t be discouraged.

Hacking 276

Hacking Accountability Government Social Engineering 276

Adam Shostack

FEBRUARY 20, 2025

Whether youre an engineer, security professional, or product leader, this discussion may help you refine your approach to building secure systems efficiently. The Four Question Framework At its core, we can make threat modeling more accessible to all engineers by asking four simple questions: 1. Here are some key takeaways: 1.

Cybersecurity 130

Cybersecurity Engineering 130

Security Affairs

OCTOBER 30, 2024

Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The vulnerability is an Inappropriate implementation issue that resides in Chrome’s V8 JavaScript engine.

Engineering 131

Engineering Architecture Hacking Information Security 131

The Last Watchdog

MARCH 12, 2025

Acting as a proactive teammate, Aptori’s AI Security Engineer works alongside developers and security teams to identify security weaknesses, assess risk, and implement fixes in real-time. The result is deeper coverage and more precise security insights.

Risk 130

Risk Engineering Digital transformation Technology 130

The Last Watchdog

APRIL 10, 2025

The LSI overcomes these restraints by implementing an NTT-created AI inference engine. This engine reduces computational complexity while ensuring detection accuracy, improving computing efficiency using interframe correlation and dynamic bit-precision control.

Technology 130

Technology Wireless Engineering Encryption 130

Adam Shostack

JANUARY 2, 2025

The list of threat actors includes both internal attacker, internal malicious user, and Google engineers. I dont want to make too much of this, but making our diagrams easy to read so we can spend our mental energy on other things pays off. I think that means the first two are internal to the GCP customer. What can go wrong?

Engineering 246

Engineering Authentication 246

Schneier on Security

APRIL 22, 2024

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

Malware 338

Malware Social Engineering Engineering Software 338

Krebs on Security

MARCH 27, 2025

Rather, it appears those responsible are promoting them by manipulating the search engine results shown when someone searches for one of these anti-Putin organizations.

Phishing 210

Phishing Government Engineering Internet 210

Security Affairs

APRIL 12, 2025

The symbolic link was flagged as malicious by the AV/IPS engine so that it would be automatically removed if the engine was licensed and enabled. Below are the FortiOS mitigations released by the company: FortiOS 7.6.2, FortiOS 7.4, FortiOS 7.6.2, 7.2.11 & 7.0.17 or 6.4.16.

VPN 103

VPN Engineering Hacking Cybersecurity 103

The Last Watchdog

FEBRUARY 25, 2025

He earned an electrical engineering degree from Purdue University. About the essayist: Jim Alkove is co-founder and CEO of Oleria. He led security at Salesforce, Microsoft, and Google Nest, advises startups like Aembit and Snyk, and holds 50 U.S.

Risk 219

Risk CISO Engineering 219

Adam Shostack

JANUARY 2, 2025

A less busy month in appsec, AI, and regulation, but still interesting stories Im going to kick off with two interesting engineering stories. Threat Modeling Jamie Dicken presented Teaching Software Engineers to Threat Model: We Did It, and So Can You at RSA, and her talk made Security Boulevards 8 hot talks list.

Engineering 130

Engineering Software Cybersecurity Risk 130

Security Affairs

APRIL 21, 2025

The malware is delivered via social engineering, attackers attempt to trick victims into tapping cards on infected phones. Calls enable social engineering in a Telephone-Oriented Attack Delivery (TOAD) scenario. Analysis of the SuperCard X campaign in Italy revealed custom malware builds tailored for regional use.

Malware 105

Malware Social Engineering Banking Engineering 105

Schneier on Security

MAY 21, 2024

Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking. Several Bluetooth tag companies have committed to making their future products compatible with the new standard.

Engineering 312

Engineering Internet Internet Technology 312

Security Affairs

OCTOBER 11, 2024

Observed ChatGPT behavior mainly involved reconnaissance, threat actors used the OpenAI’s platform to seek info on companies, services, and vulnerabilities, similar to search engine queries. They also attempted to send malware-laden emails to OpenAI employees, but the spear-phishing campaign was detected and neutralized.

Malware 135

Malware Social Engineering Engineering Hacking 135

Security Affairs

FEBRUARY 1, 2025

The company, which is engaged in product engineering, provides services to automotive and aerospace original equipment manufacturers as well as industrial machinery companies. Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack.

Technology 115

Technology Ransomware Engineering Manufacturing 115

SecureWorld News

APRIL 22, 2025

This incident highlights the critical vulnerability in cryptocurrency communities, where high-net-worth individuals or executives may be more prone to social engineering attacks due to the high volume of media and investor engagement they handle.

Cryptocurrency 90

Cryptocurrency Social Engineering Cybercrime Engineering 90

Malwarebytes

APRIL 1, 2025

Even though scammers can use Artificial Intelligence to create convincing emails that appear to come from the IRS, there are often some tell-tale signs of social engineering attempts: Too good to be true: Huge, unexpected tax returns are usually just an incentive to get you to surrender private information in the hopes of obtaining that sum.

Scams 137

Scams Phishing Artificial Intelligence Social Engineering 137