nicdex @nicdex

0 posts0 participants0 posts today

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Mar 21

@hoernchen72 @fasnix @expertenkommision_cyberunfall EXAKT DAS!

Oft sind das #Betrüber die Menschen dazu überreden (#SocialEngineering / #SocialHacking) und/oder entsprechend #FUD machen.

Gibt da genug Kanäle wie "#JimBrowning" und "#ScammerPayback" die aktiv diese Dinge zerlegen.

Ist nix anderes als die #Schockanruf-Taktik, nur halt 'irgendwas mit #Cyber' und sei's nen Fake-#Popup.

Deshalb sind #AdBlocker auch #Notwehr & #Nothilfe!

#adblocker #notwehr #nothilfe

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Mar 4 *

Mar 4 *

Kevin Karhan @kkarhan@infosec.space

@GossiTheDog the sheer fact that #MSPs & #CSPs can access clients' setups without proper #authorization [including #KYC / #KYB, #AuthCode|s and proper authorization via contract] is already sickening.

This literally begs to be abused via #SocialEngineering / #SocialHacking of #Microsoft personnel or just blatant "#PrivilegueEscalation" through falsefully claiming to be a #MSP / #CSP contracted by the targeted company.

Such fundamental #ITsec fuckups are reasons alone not to use #Azure or any #Microsoft products & services at all...

I mean, it doesn't require #Mitnick-level skills to pull this off, since it doesn't necessitate #Lapsus-Style #SIMswap or other means to gain access...

CyberplaceKevin Beaumont (@GossiTheDog@cyberplace.social)Attached: 3 images This is the partner.microsoft.com portal, it allows CSPs - Cloud Solution Providers - to gain access to their customer's environments. CVE-2024-49035 was around improper privilege management, i.e. being able to access things you shouldn't. It being in CISA KEV says it was being exploited in the wild. That portal allows a huge footprint of access by design.

#mitnick #lapsus #simswap

**Marc Ruef** @mruef@infosec.exchange · Jan 13

Jan 13

Marc Ruef @mruef@infosec.exchange

iMessage text gets recipient to disable phishing protection so they can be phished #socialhacking #phishing https://www.malwarebytes.com/blog/news/2025/01/imessage-text-gets-recipient-to-disable-phishing-protection-so-they-can-be-phished

**5021tips** @5021tips@mastodon.social · Aug 21, 2024

Aug 21, 2024

5021tips @5021tips@mastodon.social

#HACKING si ya kwenye #kompyuta tu ...BUT pamoja na kuchezea akili ya mtu ifanye jinsi unataka kuliko jinsi mwenye hiyo akili anataka afanye. AU?

#socialhacks #socialhacking #hackingtips

Replied in thread

**Sandra** @sandra@digitalpioneers.social · Jun 7, 2024

Jun 7, 2024

Sandra @sandra@digitalpioneers.social

@Saupreiss Aber meist hören sie ja eh nicht. Nicht nur auf mich nicht. Die Info: „Es werden vor allem eher Menschen als Geräte gehackt“ wird nicht verstanden. Dass ER das Passwort des Routers nie geändert hat, dass ER auf den vermeintlichen OneDrive-Ordner-Link seines Kollegen geklickt und seine MS-Daten eingegeben hat, dass ER 2FA zu umständlich findet will niemand verstehen… (ER=Der Mensch, nicht der Nachbar konkret) #SocialHacking #Scam

**Useless Facts, Badly Drawn** @uselessfactsbadlydrawn@mastodon.social · May 27, 2024

May 27, 2024

Useless Facts, Badly Drawn @uselessfactsbadlydrawn@mastodon.social

Useless Facts, Badly Drawn #368: The FBI field office in PA.
.
.
#mediapa #fbi #socialhacking #pennsylvania #spying #hacking #espionage #cointelpro #counterintelligence #history #funfacts #facts #webcomic #comics #uselessfacts #uselessfactsbadlydrawn

In 1971, an FBI field office in PA was broken into by an activist group.
They did it by leaving the following note on the front door: «Please do not lock this door tonight."

Replied in thread

**Kevin Karhan** @kkarhan@mstdn.social · Jun 9, 2023

Jun 9, 2023

Kevin Karhan @kkarhan@mstdn.social

@q Which reminds me how fucked up and fundamentally broken #SSL is and that the entire #RentSeeking businesses of #CA's must be abolished.

Instead of @letsencrypt, we should've pushed for #CAcert since the latter one actually does #DueDiligence and is harder to penetrate or even abuse than getting an EV-SSL - cert fraudulently via #SocialHacking...

**Marc Ruef** @mruef@infosec.exchange · Feb 27, 2023

Feb 27, 2023

Marc Ruef @mruef@infosec.exchange

AI-powered phishing: Chatbot hazard or hot air? https://readme.security/ai-powered-phishing-chatbot-hazard-or-hot-air-654cfdc8cd11 #socialhacking #phishing #ai #chatbot

Recent searches

Search options

Administered by:

Server stats:

#socialhacking