Security Affairs

JUNE 8, 2022

China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers.

Telecommunications 95

Telecommunications Authentication Passwords Accountability 95

Jane Frankland

JANUARY 16, 2024

In last week’s blog I started to explore the pros and cons of using an MDR provider and whether it’s better choosing a boutique provider over that of a traditional big brand. A good SLA should include detail on all setup costs (such as onboarding, training, data migration, and technical support), reporting metrics (e.g.,

Marketing 130

Marketing CISO Cybersecurity Technology 130

SecureWorld News

OCTOBER 21, 2021

Smartphone usage has been linked to many terrible things in a study by Harvard : depression, anxiety, poor sleep, increased odds of dying in a car accident. CrowdStrike recently posted a blog about its investigation into a malicious hacking group known as LightBasin, or UNC1945.

Telecommunications 91

Telecommunications Energy and Utilities Passwords Hacking 91

Privacy and Cybersecurity Law

OCTOBER 11, 2019

Senators Mark Warner (D-Va.) have proposed the Designing Accounting Safeguards to Help Broaden Oversight and Regulations on Data Act, or “DASHBOARD Act.” The bipartisan legislation seeks to impose a series of new regulations on major commercial data operators. Receive our latest blog posts by email. and Josh Hawley (R-Mo.)

Data breaches 40

Data breaches Accountability 40

Security Affairs

AUGUST 22, 2022

Entrust blog still down on your left and official statement on your right. The group published tens of screenshots of allegedly stolen Entrust data, including accounting, legal, and marketing data. The news of the ransomware attack against Entrust made the headlines in July, the security breach was also confirmed by Entrust. “We

DDOS 84

DDOS Hacking InfoSec Ransomware 84

Jane Frankland

JANUARY 12, 2024

Using ISC2’s Workforce Studies as data sources, since 2020, the percentage growth of women in cybersecurity hasn’t grown. Research by Gavin D. Interestingly, too, the World Economic Forum tracks gender, along with age and organisation type, for its Data on Global Risk Perceptions , see below. Data suggests otherwise.

Cybersecurity 182

Cybersecurity Risk Banking CISO 182

Malwarebytes

JULY 19, 2023

The UK’s Ministry of Defence told The Record that they consider the data to be non-sensitive, and also low risk. You may also sometimes see VirusTotal pages linked directly from security blogs such as our own. The result is not conclusive and you may breach confidentiality.

Risk 96

Risk Engineering Government Technology 96

Security Affairs

MAY 14, 2022

A group of Pro-Russian hackers known as “ Killnet ” launched an attack against multiple websites of several Italian institutions, including the senate, the National Institute of Health, and the Automobile Club d’Italia (ACI), the national drivers’ association. To nominate, please visit:? Pierluigi Paganini.

Government 102

Government DDOS Data breaches Media 102

Troy Hunt

DECEMBER 3, 2023

A decade ago to the day, I published a tweet launching what would surely become yet another pet project that scratched an itch, was kinda useful to a few people but other than that, would shortly fade away into the same obscurity as all the other ones I'd launched over the previous couple of decades: It's alive! "Have

Data breaches 363

Data breaches Passwords Internet Internet 363

Security Affairs

OCTOBER 13, 2019

Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Iran-linked Phosphorus group hit a 2020 presidential campaign. D-Link router models affected by remote code execution issue that will not be fixed.

VPN 53

VPN Spyware Data breaches Advertising 53

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. “Sorry, but this is f *d up. On Sunday, Feb.

Ransomware 272

Ransomware Healthcare Cybercrime Government 272

Troy Hunt

SEPTEMBER 11, 2018

Let's start with a few classic examples of the sort of behaviour I'm talking about in terms of those ludicrous statements: @passy We'd lose our security certificate if we allowed pasting. psawers Yes, but they would need to attain this information through you, which once again, is a breach of our terms. So I wrote a blog post.

Media 261

Media Accountability Passwords Mobile 261

Krebs on Security

JANUARY 25, 2022

27 — Thanksgiving Day weekend — Jim got a series of rapid-fire emails from MSF saying they’ve received his loan application, that they’d approved it, and that the funds requested were now available at the bank account specified in his MSF profile. Then on Nov. A portion of the Jan.

Financial Services 219

Financial Services Banking Accountability Identity Theft 219

SC Magazine

JUNE 4, 2021

According to a company blog post , 67.6% So I’d like to see that percentage of user reported [threats] go up over time.”. We say [it takes] 82 seconds from when an email threat hits the inboxes at a company until their first end-user clicks on it,” said Benishti, citing statistics from Verizon Data Breach Investigations Report.

Phishing 99

Phishing Media Security Awareness Data breaches 99

Troy Hunt

DECEMBER 19, 2017

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed? Who Owns Our Personal Data? The cat site?

Data breaches 134

Data breaches Data collection B2B Mobile 134

Security Boulevard

OCTOBER 24, 2023

This concept is important in maintaining your organization’s operational efficiency and making sure that client and proprietary data are secure. Assuming they’ve achieved persistence and there’s evidence of their activity, defenders typically concentrate on the methods used for access, and overlook the post-breach domain environment.

Backups 69

Backups Passwords Authentication Accountability 69

Troy Hunt

JANUARY 17, 2024

It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link to my old No, Spotify Wasn't Hacked blog post (it's just the output of a small set of credentials successfully tested against their service), and we all move on. Is it legit?

Passwords 355

Passwords Password Management Hacking Accountability 355

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “I ran my own analysis on top of their data and reached the same conclusion that Taylor reported. Then on Aug.

Cryptocurrency 350

Cryptocurrency Passwords Encryption Accountability 350

Troy Hunt

JUNE 1, 2020

closed or ia idk | BLM (@pjnkmin) May 31, 2020 Just to be clear: there's not necessarily a direct link between whoever put the video above together and the data now doing the rounds and attribution is tricky once you get a bunch of different people under different accounts and pseudonyms all flying the "Anonymous" banner.

Hacking 364

Hacking Passwords Data breaches Accountability 364

Troy Hunt

NOVEMBER 22, 2022

Let's assume there's no further context given, it's just your legitimate personal data and it also includes your phone number, email address. and over 400 other fields of data. This is a story about a massive corpus of data circulating widely within the hacking community and misattributed to a legitimate organisation.

Data breaches 270

Data breaches Data privacy Hacking InfoSec 270

Krebs on Security

OCTOBER 15, 2020

KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country. An ad on the popular carding site Joker’s Stash for “BlazingSun,” which fraud experts have traced back to a card breach at Dickey’s BBQ.

Data breaches 350

Data breaches Cybercrime Retail Banking 350

Troy Hunt

JUNE 15, 2023

That's 201k people that have searched for a domain, left their email address for future notifications when the domain appears in a new breach and successfully verified that they control the domain. emails to those monitoring domains after a breach has occurred. That's massive! We can't add a meta tag.

Accountability 233

Accountability Small Business InfoSec DNS 233

Troy Hunt

JANUARY 19, 2023

Well and truly back into the swing of things in the new year, I think what I've found most satisfying this week is to sit down and pump out a decent blog post on something technical. It's an itch I just haven't had enough time to scratch properly in recent times and I really hope Pwned or Bot makes up for that.

Data breaches 235

Data breaches Passwords 235

Troy Hunt

MARCH 21, 2018

That harm extends all the way from those in data breaches feeling a sense of personal violation (that's certainly how I feel when I see my personal information exposed), all the way through to people literally killing themselves (there are many documented examples of this in the wake of the Ashley Madison breach).

Data breaches 183

Data breaches Government Passwords Media 183

Troy Hunt

NOVEMBER 6, 2023

I like to think of investigating data breaches as a sort of scientific search for truth. You start out with a theory (a set of data coming from an alleged source), but you don't have a vested interested in whether the claim is true or not, rather you follow the evidence and see where it leads.

Data breaches 344

Data breaches Accountability Passwords 344

Troy Hunt

OCTOBER 27, 2022

The theory checked out, and now with the benefit of several years of data, I can confidently say abuse is near non-existent. It was rough, and I wish I'd done it better. I just don't see it. I think it's all pretty cool, let me explain: Payments Can Be Hard. Now, I have.

Authentication 294

Authentication Accountability Data breaches Internet 294

Krebs on Security

APRIL 18, 2022

“Hospitals reported revenue losses due to Ryuk infections of nearly $100 million from data I obtained through interviews with hospital staff, public statements, and media articles,” Weiss wrote. Conti shames victims who refuse to pay a ransom by posting their internal data on their darkweb blog.

Healthcare 286

Healthcare Ransomware Cybersecurity Malware 286

Troy Hunt

APRIL 5, 2023

This breach has been flagged as "sensitive" which means it is not publicly searchable , rather you must demonstrate you control the email address being searched before the results are shown. That's the short version, here's the whole story: Ever heard that saying about how "data is the new oil"?

Marketing 340

Marketing Passwords Authentication Accountability 340

Troy Hunt

AUGUST 7, 2020

Every single byte of data that's been loaded into the system in recent years has come from someone who freely offered it in order to improve the security landscape for everyone. The very second blog post on that tag was about how I used Azure Table Storage to make it so fast and so cheap. Glenford Williams ????

Passwords 364

Passwords Architecture Data breaches Internet 364

Krebs on Security

JANUARY 18, 2021

Joker’s Stash , by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. As cyber intelligence firm Intel 471 notes, the curator of the store announced in October that he’d contracted COVID-19, spending a week in the hospital.

Marketing 244

Marketing Cybercrime Accountability Cryptocurrency 244

Troy Hunt

FEBRUARY 11, 2019

On reflecting over the last 3 and a half weeks, this is where we seem to be with credential stuffing lists today and I want to use this blog post to explain the thinking whilst also addressing specific questions I've had regarding Collections #2 through #5. There were 2.7B rows of email addresses and passwords in total, but only 1.6B

Passwords 210

Passwords Data breaches Media InfoSec 210

eSecurity Planet

DECEMBER 3, 2021

lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Brian Krebs | @briankrebs.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Troy Hunt

NOVEMBER 8, 2021

They'd left a MongoDB instance exposed to the public without a password and someone had snagged all their data. Within the data were references that granted access to voice recordings made by children, stored in an S3 bucket that also had no auth. Feel free to use this as often as you’d like. Coding mistakes.

Scams 69

Scams Data breaches InfoSec Social Engineering 69

Troy Hunt

JUNE 30, 2022

Every time this very blog loads Font Awesome from Cloudflare's CDN, for example, it's verified against the hash in the integrity attribute of the script tag (view source for yourself). The 1 hash that won't yield any search results (until Google indexes this blog post.) is the middle one.

Passwords 309

Passwords Identity Theft Consumer Services Password Management 309

Troy Hunt

JANUARY 16, 2019

Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". It's made up of many different individual data breaches from literally thousands of different sources. This number makes it the single largest breach ever to be loaded into HIBP.

Data breaches 280

Data breaches Passwords Password Management Accountability 280

Troy Hunt

APRIL 2, 2020

For example, nearly 5 years ago now I wrote about how "we take security seriously" was a ridiculous statement to make immediately after a data breach. I don't mean to question whether the statements are truthful or not, but rather whether they provide any actual assurance whatsoever. The pattern is alarmingly predictable.

Penetration Testing 255

Penetration Testing Risk InfoSec Architecture 255

Troy Hunt

MAY 2, 2018

In other words, once a password has appeared in a data breach and it ends up floating around the web for all sorts of nefarious parties to use, don't let your customers use that password! I mean if you had 1 million people in your system, is it a quarter of them using previously breached passwords? Of those 6.8M

Passwords 196

Passwords Data breaches Risk Accountability 196