@b4uti4gd/tslash (>=1.0.0 <=1.0.1), @bitsnbobs/starch (>=1.4.0 <=2.0.4) +96 more potentially affected by unknown CVE via @chenglou/pretext (>=0.0.2 <=0.0.4)

@chenglou/pretext NPM version =0.0.2, =1.0.0, =1.4.0, =3.1.0, =3.1.0, =3.1.0, =1.3.1, =0.3.0, =1.17.0, =1.13.1, =0.1.0, =1.61.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-CHENGLOUPRETEXT-16321421...

Real-life social engineering. Two days in tweets

This is the write-up of my live tweets while on a recent social engineering engagement. It’s all available on my feed @ghostie I did this because I wanted to share what it's like to prep for, and work through a job, warts and all. If you can take anything away, to enhance your technique, or defen...

Social Engineering- Beyond the Baseline

Coalfire Labs does a lot of Social Engineering testing. Traditional Social Engineering testing involves a mundane process of taking a sample of a population and then attacking those "targets" with some pretext calls or a phishing email in order to obtain credentials. Metrics are recorded and then...

Mozilla Foundation Security Advisory 2007-32

Mozilla Foundation Security Advisory 2007-32 Title: File input focus stealing vulnerability Impact: Moderate Announced: October 18, 2007 Reporter: hong, Charles McAuley Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description A user on the Sla.ckers.org forums named hong...

File input focus stealing vulnerability — Mozilla

A user on the Sla.ckers.org forums named hong reported that a file upload control could be filled programmatically by switching page focus to the label before a file upload form control for selected keyboard events. An attacker could use this trick to steal files from the users' computer if the...