Blog - Cyber Security Informer

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Multiple trusted sources told KrebsOnSecurity that Sosa/King Bob was a core member of a hacking group behind the 2022 breach at Twilio , a company that provides services for making and receiving text messages and phone calls. 0ktapus often leveraged information or access gained in one breach to perpetrate another. According to an Aug.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Handling Huge Traffic Spikes with Azure Functions and Cloudflare

Troy Hunt

FEBRUARY 25, 2020

Back in 2016, I wrote a blog post about the Martin Lewis Money show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time. on the programme next week (Monday 28 Nov, 8pm, ITV) saying it's a good way to check if your data has been compromised.

Data breaches

Data breaches Accountability

GoDaddy Incident Leaks Data of More Than 1 Million Wordpress Customers

SecureWorld News

NOVEMBER 24, 2021

GoDaddy confirmed more than 1 million users' data was exposed after it was the victim of a malicious hacking incident. And it was more than two months before they realized the breach had happened. GoDaddy responds to data breach. We are sincerely sorry for this incident and the concern it causes for our customers.

Data breaches

Data breaches Passwords CISO Media

Enhancing Pwned Passwords Privacy with Padding

Troy Hunt

MARCH 4, 2020

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). But what is someone was sitting on the wire between the consumer of the service and HIBP? Very slick!

Passwords

Passwords Data breaches Risk Encryption

Breaking Barriers, Building Bridges: Cultivating Female Belonging in the Cybersecurity Landscape

Jane Frankland

JANUARY 12, 2024

Using ISC2’s Workforce Studies as data sources, since 2020, the percentage growth of women in cybersecurity hasn’t grown. In that moment, I found myself at a crossroads. Facing a perplexed gaze, I turned my back on one of cybersecurity’s most high profile CISOs, my hands pressed firmly against my ears, belting out a powerful melody.

Cybersecurity

Cybersecurity Risk Banking CISO

Security researchers applaud Google’s move towards multi-factor authentication

SC Magazine

MAY 7, 2021

A sign is displayed at the Google outdoor booth during exhibitor setups for CES 2020 at the Las Vegas Convention Center in Las Vegas, Nevada. Google announced that it will automatically enroll users in multifactor authentication – what they are calling two-step verification. Photo by Mario Tama/Getty Images).

Authentication

Authentication Passwords Password Management Mobile

Remote Work is Here to Stay, and Other Cybersecurity Predictions for 2021

Webroot

DECEMBER 14, 2020

But on the heels of an unprecedented year, where a viral outbreak changed the landscape of the global workforce practically overnight, portending what’s in store for the year ahead is even trickier than usual. What is likely to change is how companies respond to their remote workforces. Tyler Moffitt, Sr.

Cybersecurity

Cybersecurity Engineering Phishing Social Engineering

Data Breaches, Class Actions and Ambulance Chasing

Troy Hunt

APRIL 12, 2021

This post has been brewing for a while, but the catalyst finally came after someone (I'll refer to him as Jimmy) recently emailed me regarding the LOQBOX data breach from 2020. Turns out there were a bunch of tweets mentioning me in this context in Feb 2020 , but that was all. C'mon, seriously?!

Data breaches

Data breaches Phishing Scams Advertising

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “I ran my own analysis on top of their data and reached the same conclusion that Taylor reported. .” Then on Aug.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

The Last Watchdog

MAY 20, 2022

Keeping up with new risks, resolving them as soon as they occur, and recovering from incidents identified too late may, as you can certainly imagine, take up valuable resources and cause businesses to lose time, money, and the trust of their clients/partners. Related: Reviving ‘observability’ to secure complex networks.

Marketing

Marketing Digital transformation Technology Cybersecurity

SOC Technology Failures?—?Do They Matter?

Anton on Security

DECEMBER 10, 2021

Example SOC Troubles from some presentation :-) As we are working on the next SOC paper jointly with Deloitte ( paper 1 , paper 2 , paper 3 coming out really soon), we came across the need to review some of the current technology challenges in the SOC. Hence this blog was born. BTW, if somebody wakes me up at 3:00 a.m.

Technology

Technology CISO Data collection Threat Detection

You Don’t Have to Give Up Your Crown Jewels in Hopes of Better Cloud Security

McAfee

APRIL 26, 2021

Movies like The Italian Job , Inception , and Ocean’s 11 are riveting, but outside of cinema these types of heists don’t really happen anymore, right? What’s worse is that the museum didn’t insure the jewelry, resulting in a $1.2 If you’re like me, you love a good heist film. Think again. billion-dollar loss.

Data breaches

Data breaches Internet Internet Insurance

Beg Bounties

Troy Hunt

NOVEMBER 8, 2021

They'd left a MongoDB instance exposed to the public without a password and someone had snagged all their data. Within the data were references that granted access to voice recordings made by children, stored in an S3 bucket that also had no auth. So, why didn't CloudPets respond to attempts to contact them?

Scams

Scams Data breaches InfoSec Social Engineering

SOC Technology Failures?—?Do They Matter?

Security Boulevard

DECEMBER 10, 2021

As we are working on the next SOC paper jointly with Deloitte ( paper 1 , paper 2 , paper 3 coming out really soon), we came across the need to review some of the current technology challenges in the SOC. Hence this blog was born. and says “Anton, what is the top reason why a security operation center may fail?” But I digress.

Technology

Technology CISO Data collection Threat Detection

Cybersecurity Things to Celebrate in 2020

Duo's Security Blog

DECEMBER 21, 2020

I think we can all agree that 2020 was anything but a typical year (and a poster child for Murphy’s law "anything that can go wrong, will go wrong.") Our industry is really good about posting about what has gone wrong, highlighting the latest data breaches, vulnerabilities and threat vectors.

Cybersecurity

Cybersecurity Passwords VPN Authentication

Project Svalbard, Have I Been Pwned and its Ongoing Independence

Troy Hunt

MARCH 2, 2020

This is going to be a lengthy blog post so let me use this opening paragraph as a summary of where Project Svalbard is at : Have I Been Pwned is no longer being sold and I will continue running it independently. Per the Project Svalbard announcement blog post, I engaged KPMG to run the merger and acquisition (M&A) process for me.

Data breaches

Data breaches Marketing Cyber Insurance InfoSec

Building the Ultimate Home Office (Again)

Troy Hunt

JULY 24, 2020

Then I started thinking it sounds a bit obnoxious anyway so maybe it wasn't really that relevant (yet somehow, here we are.) Then the PC itself started sounding really unhappy, like the bearings in a fan had gone. until eventually, I thought "stuff it, let's just write about the computer bits". So here are. No sign of life whatsoever.

IoT

IoT Retail Manufacturing Data breaches

MY TAKE: Lessons learned from the summer of script kiddies hacking Twitter, TikTok

The Last Watchdog

SEPTEMBER 1, 2020

‘Mafiaboy’ The trouble is Clark, 17, of Tampa, Florida, is teaching us much the same lessons in the summer of 2020 that de Guzman and Calce did in the spring of 2000. Here’s what all consumers and companies should heed going forward. Graham Ivan Clark, Onel de Guzman and Michael Calce. On the cusp of electing a U.S.

Hacking

Hacking Media Accountability CISO

Cyber Security Informer

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Handling Huge Traffic Spikes with Azure Functions and Cloudflare

Trending Sources

GoDaddy Incident Leaks Data of More Than 1 Million Wordpress Customers

Enhancing Pwned Passwords Privacy with Padding

Breaking Barriers, Building Bridges: Cultivating Female Belonging in the Cybersecurity Landscape

Security researchers applaud Google’s move towards multi-factor authentication

Remote Work is Here to Stay, and Other Cybersecurity Predictions for 2021

Data Breaches, Class Actions and Ambulance Chasing

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

SOC Technology Failures?—?Do They Matter?

You Don’t Have to Give Up Your Crown Jewels in Hopes of Better Cloud Security

Beg Bounties

SOC Technology Failures?—?Do They Matter?

Cybersecurity Things to Celebrate in 2020

Project Svalbard, Have I Been Pwned and its Ongoing Independence

Building the Ultimate Home Office (Again)

MY TAKE: Lessons learned from the summer of script kiddies hacking Twitter, TikTok

Stay Connected