Posts tagged Social Engineering

3 min Penetration Testing

7 Funny and Punny Halloween Costume Ideas for Tech and Cybersecurity Pros

Stuck on what to be this year? Here are some of our favorite Halloween costume ideas for tech and cybersecurity professionals.

Read Full Post

4 min Threat Intel

How Cybercriminals Use Pinterest to Run Fraud Scams

There are a variety of scams hackers can run on Pinterest, but for this post, we’ll focus on fraud and financial scams.

Read Full Post

4 min Penetration Testing

Putting Pen (Tests) to Paper: Lessons and Learnings from Rapid7’s Annual Mega-Hackathon

Rapid7's Mega-Hackathon offers a unique chance to go beyond the data and get a feel for what pen testers are like in their natural habitat.

Read Full Post

5 min Threat Intel

How to Automate Identifying and Take Down Malicious Social Media Profiles

Here is how Rapid7 has automated the process of identifying and taking down fake social media profiles to help companies proactively identify these scams.

Read Full Post

1 min Whiteboard Wednesday

Whiteboard Wednesday: How to Implement A Phishing Awareness Training Plan in 5 Steps

There’s no silver bullet to combating protecting your organization from phishing attacks [https://www.rapid7.com/solutions/phishing-protection/] today. The only comprehensive approach leverages a combination of methods, many of which we’ve covered in parts 1 [https://www.rapid7.com/resources/wbw-anti-phishing/] and 2 [https://www.rapid7.com/resources/wbw-phishing-protection/] of our three-part phishing Whiteboard Wednesday series. Phishing is a human problem, and part of the solution is to prop

Read Full Post

3 min Social Engineering

Rapid7 InsightPhishing (Beta): Unified phishing simulation, investigation, and analysis

Starting March 1, 2019, Rapid7 will no longer offer or support InsightPhishing, and the beta program will end. Click here [https://kb.help.rapid7.com/docs/insightphishing-end-of-program-announcement] for more information. Phishing attacks remain one of the top challenges for SecOps teams. Yes, we all nod when we see the stats that get thrown around, like the ones below. But we also know this because we’ve heard it directly from our customers. Rapid7 has a long tradition of creating products an

Read Full Post

2 min Metasploit

Federal Friday - 6.13.14 - New Group, Same Story

Happy Friday, Federal friends! It's another lovely Fall day here in Beantown but I hope each of you are enjoying your early Summer weather. Some exciting news as Rapid7 was named one of the Top Places to Work by the Boston Business Journal (#11 Mid-size company)! I'm going to keep it short and sweet today considering this is a topic I've covered before. Given the news stemming from a new CrowdStrike [http://www.crowdstrike.com/sites/all/themes/crowdstrike2/css/imgs/platform/CrowdStrike_Global_T

Read Full Post

2 min Metasploit

Top 4 Takeaways from the "Live Bait: How to Prevent, Detect, and Respond to Phishing Emails" Webcast

In this week's webcast,Lital Asher - Dotan [https://community.rapid7.com/people/lasherdotan] and ckirsch [https://community.rapid7.com/people/ckirsch] tackled the hot topic, “Live Bait: How to Prevent, Detect, and Respond to Phishing Emails [https://information.rapid7.com/prevent-detect-and-respond-to-phishing-emails.html?CS=blog] ”. Phishing has risen from #9 to #3 in the Verizon Data Breach Investigations Report on the most common attack vectors. Phishing attacks are often successful because i

Read Full Post

1 min Metasploit

Federal Friday - 5.30.14 - Social Engineering from the Middle East

Happy Friday, Federal friends. You can tell it's almost Summah up here because it's been 50 and raining this week. So an interesting piece of news from an article on DarkReading [http://www.darkreading.com/attacks-breaches/iranian-cyberspies-pose-as-journalists-online-to-ensnare-their-targets/d/d-id/1269270] this week regarding an ongoing campaign targeting government officials and contractors of both the US and Israel. This is a mash-up of social engineering techniques from phishing to social

Read Full Post

2 min Metasploit

Top 3 Takeaways from "7 Ways to Make Your Penetration Tests More Productive" Webcast

Earlier this week we heard from ckirsch [https://community.rapid7.com/people/ckirsch], Senior Product Marketing Manager for Metasploit at Rapid7, on the pressure penetration testers are facing. (Hint: it's a lot!). With the increase in high profile breaches and their costs, more and more emphasis is being put on the pen tester and security in general. Read on if you'd like to get the top takeaways from this week's webcast so that you aren't left in the dark about, "7 Ways to Make Your Penetratio

Read Full Post

4 min Social Engineering

Social Engineering: Would You Fall For This Phone Call?

Cyber criminals don't always need a keyboard to hack into your bank account or company network. In fact, a lot of attacks start with a simple phone call. Typically, the attackers are either trying to get information out of you or to make you do something. This is a technique they call social engineering. I've read a lot about social engineering over the years, since it's a personal area of interest. It can be used by a bunch off different occupations, such as FBI interrogators, con artists, sal

Read Full Post

2 min Events

Social-Engineer CTF Report Released

For the last five years, the team at Social-Engineer have been bringing one of the most exciting events to DEF CON - the Social Engineering Capture the Flag.  The contest was designed to help bring awareness to the world about how dangerous social engineering can be.  In our 5th year, the competition was fierce and the report is the best we have ever released. This year a pool of 10 men and 10 women, from diverse backgrounds and experience levels, tested their social engineering abilities again

Read Full Post

1 min Metasploit

Webcast: Decrease Your Risk of a Data Breach - Effective Security Programs with Metasploit

Thanks for the many CISOs and security engineers who attended our recent webcast, in which I presented some practical advice on how to leverage Metasploit to conduct regular security reviews that address current attack vectors. While Metasploit is often used for penetration testing projects, this presentation focuses on leveraging Metasploit for ongoing security assessments that can be achieved with a small security team to reduce the risk of a data breach. This webcast is now available for on-

Read Full Post

2 min Metasploit

Man on the SecurityStreet - Day 2 Continued.

It's your favorite reporter in the field, Patrick Hellen, reporting back with some more updates from our speaking tracks at the UNITED Summit. Dave Kennedy, the founder of TrustedSec, gave an entertaining presentation called Going on the Offensive - Proactive Measures in Security your Company. Just like HD's earlier presentation, we had our staff artist plot out the entire speech, which you can see attached below. When I say entertaining, the previous talk track was a debate session that Dave

Read Full Post

1 min Exploits

Man on the SecurityStreet - UNITED Day 1.

Hello from San Francisco, home of the 2012 UNITED Summit. It's been an incredibly full day. I'm writing this quick update from an excellent presentation that nex [https://community.rapid7.com/people/nex] of Cuckoo Sandbox fame is giving about threat modelling. According to Claudio's research, only 103 of the almost 50,000 odd vulnerabilities in NVD's vulnerability database are actually being exploited in crimeware kits like BlackHole. Claudio identified MS Office as the most exploited piece of

Read Full Post

• 1
• 2
• 3