Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. A social engineer runs what used to be called a con-game.
For example, a person using social engineering to break into a computer network would try to gain the confidence of someone who is authorized to access the network in order to get them to reveal information that compromises the network's security.
They might call the authorized employee with some kind of urgent problem; social engineers often rely on the natural helpfulness of people as well as on their weaknesses. Appeal to vanity, appeal to authority, and old-fashioned eavesdropping are typical social engineering techniques.
Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology.
Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it.
During this phase of the engagement, Security Compliance Associates will attempt to penetrate nonpublic areas of the facility during and after business hours, attempt to gain access to employees’ desktop computers, attempt to gain access to sensitive documents and information stored on other media, and conduct pretext calling and e-mail phishing to test and evaluate employee awareness and response.
SCA conducts elements of social engineering, during each on-site visit.
Microsoft yesterday issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death."
Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server. While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators.
Hackers flying the AntiSec banner today released what they said was 400 megabytes of internal data from a government cybersecurity contractor, ManTech, as part of their campaign to embarrass the FBI every Friday, as well as target other government agencies and their partners.
The U.S. Attorney's Office in Houston has brought charges against four men for stealing more than $400,000 as part of an ATM skimming scam targeting local banks.
Morgan Stanley Smith Barney is the latest company behind Sony and Epsilon to have its customers' personal data compromised.
A gang that made more than $72m (£45m) peddling fake security software has been shut down in a series of raids.
