Data breaches, InfoSec and Password Management

"Pwned", the Book, is Finally Here!

Troy Hunt

SEPTEMBER 8, 2022

Captivating stuff, apart from infosec, you really feel as though you’ve been taken on a journey with Troy through the years of living in paradise a.k.a. Troy Hunt takes us on his life journey, ups and downs, explaining how haveIbeenpwned came to be, raising awareness of the world’s poor password and online security habits.

InfoSec

InfoSec Password Management Passwords IoT

LastPass Data Breach, ETHERLED: Air-Gapped Systems Attack, Twitter Whistleblower Complaint

Security Boulevard

SEPTEMBER 5, 2022

The post LastPass Data Breach, ETHERLED: Air-Gapped Systems Attack, Twitter Whistleblower Complaint appeared first on The Shared Security Show. The post LastPass Data Breach, ETHERLED: Air-Gapped Systems Attack, Twitter Whistleblower Complaint appeared first on Security Boulevard.

Data breaches

Data breaches Password Management Passwords Data privacy

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. For a variety of reasons, I will no longer be sharing these updates on Twitter. ” SEPTEMBER.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

World Password Day and the importance of password integrity

Webroot

MAY 3, 2022

If your passwords follow the standard guidelines offered by most sites that require a single capital letter, at least 6 charters, numbers and one special character, hackers can easily make a series of attempts to try and gain access. Without proper password integrity, personal information and business data may be at risk.

Passwords

Passwords Identity Theft Password Management Antivirus

Keeper Security Acquires Glyptodon to Provide Zero-Trust Remote Access for IT Admins, SREs and DevOps Teams

CyberSecurity Insiders

FEBRUARY 3, 2022

Keeper is the leading provider of zero-trust and zero-knowledge security and encryption software covering enterprise password management, role-based access control, event tracking, dark web monitoring, secure file storage, secrets management and encrypted messaging. Keeper is SOC-2, FIPS 140-2 and ISO 27001 Certified.

Password Management

Password Management Passwords Encryption Data breaches

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 13, 2023

More at: [link] #cybersecurity #InfoSec #VulnerabilityManagement pic.twitter.com/hNwDHFaPtt — CISA Cyber (@CISACyber) March 10, 2023 “This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.

Media

Media InfoSec Password Management Engineering

The 7 Biggest Cybersecurity Scoops from February 2015

SiteLock

AUGUST 27, 2021

Healthcare company Anthem was hacked near the beginning of February, resulting in the theft of over 80 million PII records, including Social Security numbers, birthdays, email/mailing addresses, employment information and income data of current subscribers, former subscribers and employees. 10 Million Passwords Leaked Online.

Passwords

Passwords Cybersecurity Internet Internet

Celebrate Identity Management Day by Taking Identity Security Seriously

CyberSecurity Insiders

APRIL 8, 2022

According to the latest Verizon Data Breach Investigations Report, 61% of all breaches were a result of stolen credentials. In honor of the day coming up on April 12, I spoke to the below industry experts on how both individuals and organizations can strengthen identity management all year round.

Small Business

Small Business InfoSec Password Management Data breaches

The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More)

Troy Hunt

FEBRUARY 11, 2019

The 773 Million Record "Collection #1" Data Breach On Thursday 17 Jan, I loaded 773M records into Have I Been Pwned (HIBP) which I titled "Collection #1". Incidentally, Lorenzo who wrote that Motherboard piece is a top-notch infosec journo I've worked with many times before and he reported accurately in that piece.)

Passwords

Passwords Data breaches Media InfoSec

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

This isn’t the first time we’ve seen Scattered Spider target password managers. Having identified a new target account, the threat actor made another call to the help desk and requested a password reset for the domain administrator account, which also carried Okta Super Administrator privileges.

Social Engineering

Social Engineering Engineering Accountability Backups

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys.

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys.

Software

Software Passwords Internet Internet

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

This isn’t the first time we’ve seen Scattered Spider target password managers. Having identified a new target account, the threat actor made another call to the help desk and requested a password reset for the domain administrator account, which also carried Okta Super Administrator privileges.

Social Engineering

Social Engineering Engineering Accountability Backups

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin" [link] — briankrebs (@briankrebs) September 13, 2017.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Generated Passwords, UX and Security Absolutism

Troy Hunt

DECEMBER 10, 2019

. — Martin Boissonneault (@ve2mrx) December 9, 2019 For me, the issue isn't really about the storage and delivery of the password, it's about the practice of generating a password for someone that just doesn't add up. Password manager? Then you have a strong password generator already. No password manager?

Passwords

Passwords Password Management Accountability Authentication

Cyber Security Informer

"Pwned", the Book, is Finally Here!

LastPass Data Breach, ETHERLED: Air-Gapped Systems Attack, Twitter Whistleblower Complaint

Trending Sources

Happy 13th Birthday, KrebsOnSecurity!

World Password Day and the importance of password integrity

Keeper Security Acquires Glyptodon to Provide Zero-Trust Remote Access for IT Admins, SREs and DevOps Teams

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

The 7 Biggest Cybersecurity Scoops from February 2015

Celebrate Identity Management Day by Taking Identity Security Seriously

The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More)

Scattered Spider x RansomHub: A New Partnership

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

Scattered Spider x RansomHub: A New Partnership

Top Cybersecurity Accounts to Follow on Twitter

Generated Passwords, UX and Security Absolutism

Stay Connected