Troy Hunt

JUNE 10, 2019

Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. Increasingly, I was writing about what I thought was a pretty fascinating segment of the infosec industry; password reuse across Gawker and Twitter resulting in a breach of the former sending Acai berry spam via the latter.

Data breaches 280

Data breaches Passwords InfoSec Accountability 280

Daniel Miessler

MAY 19, 2020

TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. Verizon’s Breach Report is one of the best infosec reports out there, and I’m always excited when I hear it’s been released. The top 2 breach threat actions were Phishing and Use of Stolen Creds.

Data breaches 130

Data breaches Phishing Malware Hacking 130

Troy Hunt

FEBRUARY 11, 2019

The 773 Million Record "Collection #1" Data Breach On Thursday 17 Jan, I loaded 773M records into Have I Been Pwned (HIBP) which I titled "Collection #1". rows of email addresses and passwords in total, but only 1.6B The exposed data included email addresses and passwords stored as salted MD5 hashes. There were 2.7B

Passwords 240

Passwords Data breaches Media InfoSec 240

Security Affairs

JANUARY 25, 2021

A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web. The leaked data contains Name, Email, Mobile, bank account numbers, PAN Number, Wallets Details etc. You leaked my own data too.

Cryptocurrency 144

Cryptocurrency Hacking InfoSec Data breaches 144

Security Affairs

JULY 13, 2020

Records of 45 Million+ travelers to Thailand and Malaysia Leaked on #Darkweb (Blog Link) [link] #infosec #leaks #CyberSecurity pic.twitter.com/zHOujQ8CMm — Cyble (@AuCyble) July 12, 2020. The huge trove of data was discovered by the researchers during their regular Deepweb and Darkweb monitoring activity.

Mobile 145

Mobile InfoSec Data breaches Advertising 145

Security Boulevard

NOVEMBER 10, 2024

The episode also covers a notable Okta vulnerability that allowed someone to login without […] The post Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password appeared first on Shared Security Podcast.

Passwords 104

Passwords Cybersecurity Data privacy Data breaches 104

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. For a variety of reasons, I will no longer be sharing these updates on Twitter. ” SEPTEMBER.

Cryptocurrency 309

Cryptocurrency Cybercrime Computers and Electronics Scams 309

Security Boulevard

SEPTEMBER 5, 2022

The post LastPass Data Breach, ETHERLED: Air-Gapped Systems Attack, Twitter Whistleblower Complaint appeared first on The Shared Security Show. The post LastPass Data Breach, ETHERLED: Air-Gapped Systems Attack, Twitter Whistleblower Complaint appeared first on Security Boulevard.

Data breaches 52

Data breaches Password Management Passwords Data privacy 52

Security Boulevard

AUGUST 26, 2021

While many articles have focused on what consumers should do if they were a victim of the breach (e.g., enroll in credit monitoring, credit freeze, use 2FA, change passwords), infosec people typically have different questions. The post If You Don’t Need Data, Don’t Keep It appeared first on Security Boulevard.

InfoSec 98

InfoSec Mobile Passwords Data breaches 98

Troy Hunt

JANUARY 3, 2019

Of the ones I can talk about, they included: Microsoft in Copenhagen: Thanks @troyhunt , fun and interesting talk in copenhagen today #happyaussieday #infosec #haveibeenpwned pic.twitter.com/vrNQNb6Po5 — Finn Strand (@finnstrand) January 26, 2018. SSW in Sydney: How safe is your #password ?! troyhunt is here to help.

Passwords 233

Passwords Technology Government InfoSec 233

Security Boulevard

JULY 14, 2024

In episode 338, we discuss the recent breach of the two-factor authentication provider Authy and its implications for users. We also explore a massive password list leak titled ‘Rock You 2024’ that has surfaced online. The post Authy Breach: What It Means for You, RockYou 2024 Password Leak appeared first on Security Boulevard.

Passwords 72

Passwords Authentication Social Engineering Data privacy 72

SiteLock

AUGUST 27, 2021

One year ago in February, the major eBay hack was in progress, eventually resulting in over 233 million passwords being stolen. Take a look at the New York Times’ coverage of the data breach here for more insight. 10 Million Passwords Leaked Online. You can read why Mark leaked the passwords here on his personal blog.

Passwords 95

Passwords Cybersecurity Internet Internet 95

CyberSecurity Insiders

FEBRUARY 3, 2022

Keeper is the leading provider of zero-trust and zero-knowledge security and encryption software covering enterprise password management, role-based access control, event tracking, dark web monitoring, secure file storage, secrets management and encrypted messaging. Keeper is SOC-2, FIPS 140-2 and ISO 27001 Certified.

Password Management 80

Password Management Passwords Encryption Data breaches 80

Security Affairs

MARCH 13, 2023

More at: [link] #cybersecurity #InfoSec #VulnerabilityManagement pic.twitter.com/hNwDHFaPtt — CISA Cyber (@CISACyber) March 10, 2023 “This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.

Media 98

Media InfoSec Password Management Engineering 98

Troy Hunt

MARCH 2, 2020

These were companies spanning all sorts of different industries; big tech, general infosec, antivirus, hosting, finance, e-commerce, cyber insurance - I could go on. Anyone can cobble together a website with some APIs and load in a ton of data breaches, but establishing trust is a whole different story.

Data breaches 363

Data breaches Marketing Cyber Insurance InfoSec 363

SecureWorld News

JANUARY 9, 2023

Dominic Alvieri, a cybersecurity analyst and security researcher, was one of the first to share this information on social media: Chik-fil-A investigating cyber incident from apparent app breach Wednesday. chik-fil-a.com #cybersecurity #infosec @ChickfilA pic.twitter.com/kWSBpvQCNt — Dominic Alvieri (@AlvieriD). January 6, 2023.

Accountability 97

Accountability InfoSec Media Passwords 97

CyberSecurity Insiders

APRIL 8, 2022

According to the latest Verizon Data Breach Investigations Report, 61% of all breaches were a result of stolen credentials. Setting up multi-factor authentication, using password managers, creating processes for identity data management, and scheduling automatic updates are all a great place to start.”

Small Business 118

Small Business InfoSec Password Management Data breaches 118

Security Boulevard

JULY 2, 2023

We discuss the alarming trend of hackers targeting trusted suppliers to gain access to customer data, potentially holding companies and individuals for ransom. Is it better to change passwords regularly or focus on creating complex ones?

Passwords 52

Passwords Data privacy Data breaches InfoSec 52

Security Boulevard

OCTOBER 16, 2022

Former Uber CSO Joe Sullivan was found guilty of obstructing a federal investigation in connection with the attempted cover-up of a 2016 hack at Uber, NIST and Microsoft say that mandatory password expiration is no longer needed but many organizations are still doing it, and how fake executive profiles are becoming a huge problem for […].

Passwords 52

Passwords CSO Hacking Accountability 52

Security Affairs

OCTOBER 9, 2022

Eskom_SA #cybersecurity #infosec pic.twitter.com/clUC6hKdSN — Dominic Alvieri (@AlvieriD) October 8, 2022. The ransomware gang is offering a package including servers with administrator, root, sysadmin passwords for Linux and Windows servers, and more. Government of the Republic of South Africa owned utility ESKOM Hld SOC Ltd.

Energy and Utilities 102

Energy and Utilities Ransomware InfoSec Hacking 102

Security Affairs

NOVEMBER 11, 2022

Employees communicate between office chats services, there is file servers with more that 16TB of internal Data including share folder for every usr on the network & They also have flexcube DB. Breaking Deutsche Bank allegedly breached and for sale by the same access broker that sold access to Medibank.

Banking 98

Banking Hacking InfoSec Insurance 98

Troy Hunt

JUNE 15, 2023

" Thing is, "control" is a bit of a nuanced term; there are many people in roles where they don't have access to any of the above means of verification but they're legitimately responsible for infosec and responding to precisely the sorts of notifications HIBP sends out after a breach.

Accountability 272

Accountability Small Business InfoSec DNS 272

Digital Shadows

OCTOBER 23, 2024

Figure 3: Scattered Spider attack timeline Social Engineering: Fool Me Once, Fool Me Twice To gain initial access to the target network, the threat actor called the organization’s IT help desk and persuaded staff to reset the CFO’s account password. This isn’t the first time we’ve seen Scattered Spider target password managers.

Social Engineering 122

Social Engineering Engineering Accountability Backups 122

Herjavec Group

SEPTEMBER 23, 2021

Not using easy to decrypt passwords or the same password for multiple accounts. The average cost of an enterprise data breach is $3.92 The time for change is now – don’t wait for a breach to tell you your enterprise cybersecurity program is outdated. Keeping all device software updated.

Cybersecurity 97

Cybersecurity Penetration Testing Digital transformation Risk 97

Jane Frankland

JUNE 20, 2023

In this blog, and ahead of my talk at Infosec this week , I’m delving into this, and giving you tips for recognising its signs and preventing it as a leader. This increases the likelihood of making mistakes, such as clicking on phishing links, sharing data in insecure ways, using weak passwords, or not spotting cyber threat patterns.

Cybersecurity 130

Cybersecurity Risk InfoSec CISO 130

eSecurity Planet

MARCH 31, 2022

Attackers may try to get their victims to reveal their date of birth, social security number, credit card information, or account passwords. Employees have to know what to look for before they can spot a phishing attempt, so providing cybersecurity awareness training is the best way to protect your business from a data breach.

Phishing 131

Phishing Banking Social Engineering Scams 131

Herjavec Group

DECEMBER 15, 2021

Data breaches and cybersecurity threats were at an all-time high this past year. Use Best Password Practices. End users should be trained not to use easy to decrypt passwords and/or the same password for multiple accounts. Practice Good Remote Working Habits.

Cybersecurity 52

Cybersecurity Digital transformation Ransomware Cyber Risk 52

Security Boulevard

DECEMBER 11, 2022

The post ChatGPT Goes Viral, More Trouble for LastPass, Apple’s New Data Protections appeared first on The Shared Security Show. A chatbot developed by OpenAI, called ChatGPT, has gone viral and is able to mimic human language and speech styles and can interact with users in a conversational way. Attackers broke into a […].

Data privacy 105

Data privacy Data breaches Encryption Passwords 105

Digital Shadows

OCTOBER 23, 2024

Figure 3: Scattered Spider attack timeline Social Engineering: Fool Me Once, Fool Me Twice To gain initial access to the target network, the threat actor called the organization’s IT help desk and persuaded staff to reset the CFO’s account password. This isn’t the first time we’ve seen Scattered Spider target password managers.

Social Engineering 52

Social Engineering Engineering Accountability Backups 52

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys. This was a software flaw.

Software 52

Software Passwords Internet Internet 52

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys. This was a software flaw.

Software 52

Software Passwords Internet Internet 52

Security Boulevard

NOVEMBER 18, 2021

The impact of broken object-level authorization depends on the data object exposed. If a critical object like users’ PII or credentials are exposed, the bug could allow a data breach or the compromise of the application. On a banking site, it could lead to attackers leaking everyone’s credit information and tax forms!

Authentication 64

Authentication Accountability Passwords Engineering 64

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin" [link] — briankrebs (@briankrebs) September 13, 2017.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Troy Hunt

NOVEMBER 8, 2021

They'd left a MongoDB instance exposed to the public without a password and someone had snagged all their data. Within the data were references that granted access to voice recordings made by children, stored in an S3 bucket that also had no auth. I mean, who wouldn't be random in this situation?!

Scams 72

Scams Data breaches InfoSec Social Engineering 72

ForAllSecure

FEBRUARY 8, 2023

Vamosi: Whenever there’s a data breach or an attack, I look at how long the bad actor was active on the compromised network. A lot of infosec’s knowledge is either tribal -- passed on from one person to another - or can be found in books. She’ll also be presenting again at RSAC 2023 in April.

Software 40

Software Phishing Passwords Malware 40

Troy Hunt

FEBRUARY 10, 2020

And importantly, teaching them how to use secure passwords with @1Password ?? Firstly, there's all the precedents of these services suffering data breaches and leaking the aforementioned content all over the web. He won't be emotionally scarred, nor will he grow up feeling like his privacy has been violated.

Media 363

Media Internet Internet Education 363

Troy Hunt

JULY 17, 2018

Here's another one which invoked a similar set of GDPR-related commentary: New breach: South African website ViewFines had 934k records breached this month including 778k unique email addresses, names, phone numbers and plain text passwords. 59% were already in @haveibeenpwned.

InfoSec 158

InfoSec Data breaches Media Passwords 158