Troy Hunt

NOVEMBER 21, 2017

Obviously, the work I've been doing with Have I Been Pwned (HIBP) has given me a heap of insight into this specific area of infosec over the last 4 years and the folks from DC felt my views on things might be helpful. That was all great and I was happy to share my thoughts from the other side of the world.

Data breaches 235

Data breaches InfoSec Backups IoT 235

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, according to Michael Samios of the National Observatory of Athens and his fellow colleagues who put together a new study published in Seismological Research Letters.

IoT 128

IoT InfoSec Data collection Encryption 128

SecureWorld News

JANUARY 9, 2023

chik-fil-a.com #cybersecurity #infosec @ChickfilA pic.twitter.com/kWSBpvQCNt — Dominic Alvieri (@AlvieriD). In the last week or so, several customers took to the internet to share their story of what happened to their CFA account. This has not been handled well. January 6, 2023.

Accountability 98

Accountability InfoSec Media Passwords 98

Security Boulevard

MAY 27, 2021

Internet-connected devices, collectively known as the Internet of Things or IoT, can provide opportunities for attackers to access your network–and as a result, devices more sensitive than your lightbulbs.

IoT 98

IoT Manufacturing Internet Internet 98

SecureWorld News

APRIL 17, 2022

As a simple example, consider the idea of passwords. It was once the case that passwords were a cornerstone of the role of humans in cybersecurity. You would choose a password that only you knew, and without that password, no one could get access to your account. There is also the idea of password management software.

Cybersecurity 97

Cybersecurity Passwords Technology Password Management 97

Security Affairs

JULY 8, 2020

infosec #CVE pic.twitter.com/IqmtfZ8WER — TeamAres (@TeamAresSec) July 7, 2020. ” Threat actors exploited the CVE-2020-5902 flaw to obtain passwords, create web shells, and infect systems with various malware. According to Bad Packets experts, hackers are scanning the Internet in the attempt to exploit the flaw.

InfoSec 145

InfoSec Advertising Government Healthcare 145

The Security Ledger

MAY 8, 2019

Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock. Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock. The Persistence of Passwords.

Passwords 40

Passwords Password Management Authentication InfoSec 40

Security Affairs

FEBRUARY 18, 2020

Artifacts extracted from the FW analysis: Smartlock Passwords & User’s Logs. Luca is working as Principal Offensive Security Engineer and in his spare time is involved in InfoSec where the main fields of research are: Radio Networks, Hardware Reverse Engineering, Hardware Hacking, Internet of Things and Physical Security.

IoT 129

IoT Hacking Firmware Advertising 129

The Security Ledger

SEPTEMBER 26, 2019

Also: Breaking Bad Security Habits Spotlight Podcast: Security Automation is (and isn’t) the Future of Infosec Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy. A perimeter protected your business from the Internet and your workers worked – for the most part – at the office.

Passwords 40

Passwords Authentication InfoSec Accountability 40

Security Affairs

MAY 7, 2021

HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. The Cloud Password that allows to login on Hideez’s website, Laptop’s credentials, Website login user and password are ALL IN PLAINTEXT!

Firmware 106

Firmware Passwords Password Management Encryption 106

SecureWorld News

MARCH 31, 2022

Randy is a CISSP and is active in the Central Missouri InfoSec community. Answer: I was a systems/network admin for several years when the internet was young and mostly benign. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.

Cybersecurity 98

Cybersecurity InfoSec Authentication DDOS 98

Security Through Education

JANUARY 18, 2023

The Internet of Things. IBM describes the internet of things (IoT) as the “the concept of connecting any device … to the Internet and to other connected devices.” Use strong passwords, and ideally a password manager to generate and store unique passwords. Update your software. Think before you click.

Cybersecurity 98

Cybersecurity Social Engineering Scams IoT 98

SecureWorld News

DECEMBER 21, 2023

In that particular case, however, they sought supporting materials in a manner similar to the use of an internet search engine. While it does support password authentication and serve up public key certificates to aid in PKI authentication, LDAP is a directory service. Then the fall 2023 semester began, and a new pattern emerged.

Artificial Intelligence 103

Artificial Intelligence Architecture Authentication Education 103

Pen Test Partners

JANUARY 29, 2024

Just because you have a social media profile and use the internet does not mean an attacker can find the information in seconds, the movies and shows like this make it look trivial, but in many cases OSINT can take time. This is the under reported aspect of OSINT that many do not realise. A grand day out We really enjoyed working with Alexis.

Scams 81

Scams Passwords Media Accountability 81

Daniel Miessler

FEBRUARY 1, 2020

People talk about it like it’s the Internet Demogorgon. And the media doesn’t help either, not to mention InfoSec marketing departments. As far as they’re concerned, if you don’t say the name of your password manager 7 times before bed the Dark Web will haunt your closet.

InfoSec 103

InfoSec Advertising Password Management Cybercrime 103

Duo's Security Blog

APRIL 5, 2021

Ask three infosec pros and you’ll get three different answers. Presented by Duo Head of Advisory CISOs Wendy Nather, and Partner and Co-Founder at the Cyentia Institute, Wade Baker, this keynote explores the survey answers of 4,800 infosec professionals evaluating security program performance. What makes a successful security program?

CISO 97

CISO InfoSec Financial Services Marketing 97

Security Boulevard

AUGUST 15, 2021

Over $600 million stolen in the largest DeFi cryptocurrency hack in history, attackers are getting around $10k for stolen network access credentials, and why your identity is trapped inside a social network and what this means for the next potential evolution of the Internet…the metaverse! ** Links mentioned on the show ** Apple to refuse […].

Cryptocurrency 105

Cryptocurrency Hacking Internet Internet 105

Pen Test Partners

JULY 1, 2024

There has been a lot of talk on various infosec news feeds about the RegreSSHion vulnerability. Also ask yourself the question: do I need to expose SSH to the untrusted internet? Use Strong Authentication: Enhance security by using key-based authentication and disabling password-based logins where possible.

InfoSec 83

InfoSec Authentication Firewall VPN 83

McAfee

JULY 31, 2020

Our own assessment found that SonarQube communicates on port 9000, which was likely misconfigured to be open to the internet for the breached companies, allowing researchers to gain access and discover the data now exposed in the leak. . How You Can Protect Your IP . Audit Cloud Accounts for Misconfiguration .

InfoSec 52

InfoSec Passwords IoT Accountability 52

SecureList

MAY 19, 2023

Over the years, the infosec community has discovered multiple APTs operating in the Russo-Ukrainian conflict region – Gamaredon, CloudAtlas , BlackEnergy and many others. The newly discovered campaign involved using a modular framework we dubbed CloudWizard. Its features include taking screenshots, microphone recording, keylogging and more.

Encryption 129

Encryption Malware Internet Internet 129

SecureWorld News

SEPTEMBER 7, 2023

Glenn Kapetansky, Senior Principal & Chief Security Officer, Trexin: "For those who predict that quantum computing will break InfoSec, I want to point out that very smart people have been working equally long on next-gen cyber techniques that work in a post-quantum computing world.

Encryption 113

Encryption Technology Risk Architecture 113

SecureList

MAY 31, 2021

In particular, the interest of both infosec experts and cybercriminals was piqued by vulnerabilities in the popular Microsoft Exchange Server: CVE-2021-26855 — a service-side request forgery vulnerability that allows remote code execution (RCE). So, once again, we remind you of the importance of regular updates. Local threats.

Mobile 111

Mobile Adware Ransomware Malware 111

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys. This was a software flaw.

Software 52

Software Passwords Internet Internet 52

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys. This was a software flaw.

Software 52

Software Passwords Internet Internet 52

The Security Ledger

SEPTEMBER 25, 2019

» Related Stories Spotlight Podcast: Security Automation is (and isn’t) the Future of Infosec Episode 159: Deep Fakes and Election (in)Security with ZeroFOX Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy. Also: Rachel Stockton of the firm LastPass* joins. Read the whole entry. »

Cyber Attacks 40

Cyber Attacks Energy and Utilities Cyber Risk Firewall 40

Errata Security

SEPTEMBER 12, 2020

Infosec is a largely non-technical field. Then an 0day is discovered, and a worm infecting SSH spreads throughout the Internet. It's like when an organization claims to store passwords security, but refuses to tell you the algorithm, because that would reveal information hackers could use. Let's continue this hypothetical.

InfoSec 75

InfoSec Passwords Accountability CISO 75

NopSec

FEBRUARY 9, 2017

Based on current trends, NopSec has released its latest report on the 5 biggest cyber threats we expect to see this year: nation-state cyber attacks, ransomware, DDoS attacks , the Internet of Things, and social engineering & human error. For a preview, read on. (For The attack may have approached a volume of 1.2

Cybersecurity 40

Cybersecurity DDOS IoT Social Engineering 40

Security Boulevard

OCTOBER 11, 2023

I love using this one to help infosec professionals gauge how bad an incident is. Because they aren’t used to everything (potentially) being on the Internet. The entire management plane is on the Internet, so if an attacker gets credentials, you can’t stop them with a firewall or by shutting down access to a server.

Accountability 59

Accountability Internet Internet InfoSec 59

Security Boulevard

OCTOBER 10, 2022

The applications that were first to appear on the internet in the 90s ran in data centers. Developers want to go incredibly fast and infosec wants to be secure even if it slows down development. Infosec must provide the intellectual property and expertise to accelerate development while securing it. What’s new here? fastsecure.

Digital transformation 59

Digital transformation Software Authentication InfoSec 59

Malwarebytes

APRIL 1, 2021

Passwords are a hot topic on social media at the moment, due to the re-emergence of a discussion about good password management practices. There’s a wealth of password management options available, some more desirable than others. Others involve syncing passwords with services such as Dropbox. The big book of passwords.

Passwords 141

Passwords Internet Internet Password Management 141

ForAllSecure

MARCH 1, 2022

Vamosi: Within InfoSec there's an informal use of AppSec as well. However, on the internet, nothing is truly deleted. This was before the commercial internet when it was easier to forge documents to create new identities today. But I view internet privacy differently. Don't use familiar passwords seriously.

Hacking 52

Hacking Mobile Cryptocurrency VPN 52

ForAllSecure

FEBRUARY 2, 2022

So what if you accidentally forget the password? We’ve all been there-- locked out of some account because we can’t remember the clever password we used. Vamosi: For this episode I also want to weigh in on a very controversial topic within infosec today. That means it falls to you to protect your cryptocurrency.

Cryptocurrency 52

Cryptocurrency InfoSec Software Encryption 52

ForAllSecure

OCTOBER 29, 2020

held a pilot of a new Internet voting system. The confidentiality, integrity, and availability of it all -- you know, the classic CIA triad in infosec. There were PDFs of Election Day passwords that supervisors use to start in elections. Bee: Can you tell me what the password was? Halderman : In 2010, Washington D.C.

Hacking 52

Hacking Mobile Software Technology 52

ForAllSecure

OCTOBER 29, 2020

held a pilot of a new Internet voting system. The confidentiality, integrity, and availability of it all -- you know, the classic CIA triad in infosec. There were PDFs of Election Day passwords that supervisors use to start in elections. Bee: Can you tell me what the password was? Halderman : In 2010, Washington D.C.

Hacking 52

Hacking Mobile Software Technology 52

Security Boulevard

NOVEMBER 18, 2021

And if a write-based broken object-level authorization happens on critical functionalities such as password reset, password change, and account recovery, attackers can often pivot these vulnerabilities to take over user or admin accounts. On a banking site, it could lead to attackers leaking everyone’s credit information and tax forms!

Authentication 64

Authentication Accountability Passwords Engineering 64

ForAllSecure

OCTOBER 20, 2020

held a pilot of a new Internet voting system. The confidentiality, integrity, and availability of it all -- you know, the classic CIA triad in infosec. There were PDFs of Election Day passwords that supervisors use to start in elections. Bee: Can you tell me what the password was? Halderman : In 2010, Washington D.C.

Hacking 40

Hacking Mobile Software Technology 40

Troy Hunt

FEBRUARY 10, 2020

Today is Safer Internet Day which marks the annual occurrence of parents thinking about their kids' online presence (before we go back to thinking very little about it tomorrow!) What say you, internet? I know of other parents who adamantly don't want any trace of their kids on the internet whatsoever.

Media 363

Media Internet Internet Education 363