Core Security Technologies is offering a webcast on "client-side attacks" at 2pm EDT on December 19th and December 21st. The press release is not entirely clear about what they mean by "client-side attacks" but two examples are quoted: opening a malicious Word, Excel or PowerPoint document sent via e-mail, or browsing malicious web sites that exploit vulnerable client-side code.
According to the PR, "During this 45 minute webcast you learn how:
* to assess how vulnerable your information assets are to spear phishing attacks targeted at end users;
* Outlook, IE and other applications can provide an attacker an easy path into your organizations;
* a social engineering attack can be successfully deployed against your network; and,
* to better protect your organization’s critical assets."
I presume they will promote technical security control measures but I hope they will also promote security awareness to address the human vulnerabilities at the root of such attacks. We'll see.
More social engineering resources
[I have no connection with Core Security Technologies, apart from our common interests in social engineering and information security]