Physical penetration testing highlights a growing overlap between human behavior, AI capabilities, and access control weaknesses.

A seasoned pentester explains how publicly available audio, voice cloning tools, and social engineering can bypass service desks and building security - often without exploiting software vulnerabilities.

The discussion raises an important question for defenders: are awareness programs designed to be memorable and practical, or simply compliant?

Source: https://cybernews.com/ai-news/physical-hacker-ai-is-making-job-easier/

Follow TechNadu for continued cybersecurity reporting and practitioner insights.

Engage in the discussion below.

#InfoSec #Pentesting #AIThreats #SocialEngineering #SecurityTraining #PhysicalSecurity #CyberDefense

Card skimming remains a low-complexity, high-impact attack vector driven by physical access and weak inspection cycles.

Recent coordinated inspections demonstrated:
- Broad exposure across POS, ATM, and fuel pump infrastructure
- Ongoing targeting of benefit cards and consumer payment data
- Significant downstream financial and social consequences

This reinforces the importance of layered mitigation: hardware inspection routines, contactless adoption, tamper-evident controls, and behavioral awareness.

What operational controls have proven most effective in your environment for detecting skimmers early?

Follow @technadu for measured reporting on financial-sector cyber risk.

#PaymentFraud #PhysicalSecurity #SkimmingDetection #FinancialCybersecurity #ThreatAwareness #TechNadu

looking for a new safe for work to store backup rdx cartridges and keys (physical and yubi) in. simple to use for multiple users, so i assume digital pin lock required, but physical key as backup? in the best case it fits into a file cabinet. as secure as possible under these circumstances, but honestly i have no idea about safes and physical security or what to watch out for? :boost_ok: #safe #physicalSecurity #security #askfedi

Linux Physical Security based on eBPF

By now uses CanaryToken and-or TelegramBot to send notifications

I have in mind some TODOs, one of them is about monitor accelerometers, if someone has accelerometers sensors on the laptop, please send DM I'm very hype to implement this feature.

https://github.com/carvilsi/caetra

#eBPF #canaryToken #physicalSecurity #monitoring

An interesting read on physical car security for keyless entry and engine starts.

https://paigehai.github.io/blog/my-keyless-car-got-stolen-so-i-worked-out-how-they-did-it/

But I doubt that any of the current mitigation techniques will in broad practice bear any fruit because ... people love the convenience. That's why they buy that sh*t. That's why they use Gmail, etc.

And manufacturers aren't moving fast (or at all), and definitely not on vehicles already sold.

In my books, the main problem mainly originates between the ears of people/customers.

#car #security #keyless #theft #physicalsecurity

CISA’s new venue guides provide a structured, non-prescriptive approach to physical security and dependency disruption planning.

They emphasize:
-Risk-based assessments
- Scalable security options
- Cross-sector dependencies (energy, water, comms, transport)
- Collaboration over compliance

How effective do you find voluntary frameworks compared to regulatory controls in physical and cyber-physical security?

Join the discussion and follow @technadu for continued coverage of infrastructure security.

#PhysicalSecurity #CriticalInfrastructure #RiskAssessment #SecurityFrameworks #Resilience

Beyond the surface of a steel door lies a world of precision engineering. From internal reinforcements to blast-resistant cores. Ever wondered what makes a security door virtually impenetrable?

We’re peeling back the steel layers to show you.

https://vocal.media/stories/the-hidden-engineering-behind-high-security-steel-doors
#SecurityEngineering #SteelDoors #PhysicalSecurity #Architecture #BuildingDefense

New release v5.1.2 for CanaryUSB that fixes a :bug: when building long canaryDNS tokens.

Get a mail notification via, Canary Tokens (DNS) when a USB or SDCard device is connected on a Linux computer.

Also it is possible to de-authorize an USB that is not present on trusted devices list.

https://github.com/carvilsi/canaryusb/releases/tag/v5.1.2

#usb #linux #security #physicalSecurity #sdcard #canaryToken

@indietechnews@ioc.exchange @GrapheneOS

Pros of mobile over desktop/tablet/laptop form factor -->

Physical security of your primary cpu and disk is enhanced by the kind of portability you can always keep in your pocket. No evil maid attacks with your (convergence?) daily driver always in sight. No bad usb (rubber ducky) attacks or untrusted peripherals.

#SecureBoot protections only necessary realistically in very narrow circumstances like border crossings or seizures.

#PhysicalSecurity #AEM #BadUSB #Mobile #Convergence #RFHardened

Encinitas, California safety signs hacked with explicit, antisemitic messages #California #PhysicalSecurity #TrafficSafety #Antisemitism #SignTampering #cybersecurity https://dysruptionhub.com/encinitas-sign-tampering-california/

When the Louvre was robbed in just seven minutes, most people blamed the thieves. But leaked audit reports told another story — one of weak passwords, ignored warnings, and outdated systems.

In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin reveal how the same security blind spots behind the heist also threaten hospitals, banks, and critical infrastructure today and what practical steps you can take to avoid becoming the next headline.

Listen now and learn how to lock down your organization.

Podcast: https://www.chatcyberside.com/e/louvre-heist-exposed-how-weak-tech-old-passwords-invited-the-theft/

Video: https://youtu.be/3ErXdXv_bN8

#Cybersecurity #PhysicalSecurity #Security #Authentication #PasswordSecurity #PenetrationTesting #RiskManagement #Louvre #Infosec

New Attacks Against Secure Enclaves

Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about thi... https://www.schneier.com/blog/archives/2025/11/new-attacks-against-secure-enclaves.html

#physicalsecurity #cloudcomputing #dataprotection #Uncategorized #hardware

Minor release for canaryusb; Fixes check for permissions for de-atuhorize a device when using config file.

https://github.com/carvilsi/canaryusb/releases/tag/v5.1.1

#linux #security #usb #hardening #monitoring-tool #security-automation #security-tools #physicalSecurity

The Basics of Physical Privacy & Security | Go Incognito 5.2

https://techlore.tv/w/toBYTxuJNZzzzmciaU6MCM

Happy to share the new release of canaryusb; right now apart of sending a mail via #canaryToken powered by @ThinkstCanary the new feature deauth_devices (on config file or on cli argument `-d`) allows to de-authorize a USB device attached that does is not on the trust devices list.

https://github.com/carvilsi/canaryusb/releases/tag/v5.1.0

The de-authorize thingy based on https://www.kernel.org/doc/html/v5.15/usb/authorization.html#usage

Of course this new feature requires to execute it as root user (all the thing explained on README if you want to run it as a service)

Also fixed a bug related with cli args parsing ;)

<3 hack the planet!

#linux #security #usb #hardening #monitoring-tool #security-automation #security-tools #physicalSecurity

I'm going to be at BSides NoVA this Saturday, Oct 11th hanging out and assisting in the Breach Village.

Come by for demos, discussions, and challenges centered around Breaking and Entering and bypassing physical security.

(for those that follow me for my solarpunk and food and mutual aid content... uhhh... by trade I'm a hacker, burglar, and thief. So. Umm... Yeah.)

Anyhow. Come hang out!

#BSides #BSidesNoVA #BSidesNoVA2025 #infosec #physicalSecurity #pentesting

https://www.bsidesnova.org

Breach Village: https://bsidesnova-2025.sessionize.com/session/993511

Step into the Lockpick Village and get hands-on with the art of lockpicking!

Join Dylan Baklor "The Magician" as he gives two exciting talks:
Intro to Lockpicking
Intro to Physical Security

Whether you're brand new or just curious about how locks work, this is the perfect chance to learn the basics, practice your skills, and explore the fascinating world of physical security.

#BSidesOrlando #LockpickVillage #PhysicalSecurity #Lockpicking

https://bsorl.org/tickets

🚀💻 Join us tomorrow, Sept 10th, 6:30PM Eastern for Crack the Locks. RSVP - https://www.meetup.com/spacecoastsec/events/309726384 #cybersecurity #buildingcommunity #spacecoast #physicalsecurity #locksport #lockpicking 💻🚀

🚀💻 Join SpaceCoastSec Wednesday, 9/10, at 6:30PM for Crack The Locks. Learn about Locksport with hands-on activities! RSVP - https://www.meetup.com/spacecoastsec/events/309726384 #spacecoast #buildingcommunity #locksport #physicalsecurity 💻🚀

@metacurity

A few years back while working in the office fitting business in Sydney, I would walk in and out of offices, as many times as needed. No questions asked — just because I was wearing a tradie t-shirt.

Sometimes the easiest way in is through the front door.👨🏻‍🔧🚨

#CyberSecurity #PhysicalSecurity #socialengineering