Troy Hunt

MAY 1, 2018

In that post, I talked about the benefits of subresource integrity or as we often know it, SRI. This should give a boost to anyone considering SRI but reluctant to serve their content from external locations (such as a faster public CDN), due to concerns around incidents like Browsealoud. This has been a long time coming.

Government 123

Government 123

WIRED Threat Level

APRIL 23, 2019

Social media can provide vital information in a crisis, and there's evidence that blocking it does more harm than good.

Government 56

Government Media 56

Schneier on Security

NOVEMBER 29, 2019

From a news article : Together with two BU students and a researcher at SRI International , Li found that modifying just a tiny amount of training data fed to a reinforcement learning algorithm can create a back door.

293

293

CyberSecurity Insiders

MAY 4, 2023

According to the security teams’ analysis, three different threat actors were involved in this campaign and were assigned to focus their malicious goals on users from South Asian countries such as India, Bangladesh, Pakistan, Maldives, Sri Lanka, Nepal, Bhutan, Afghanistan, and others.

Media 100

Media Social Engineering Engineering Accountability 100

Security Affairs

NOVEMBER 24, 2023

Almost a million files with minors’ data, including home addresses and photos were left open to anyone on the internet, posing a threat to children.

Identity Theft 107

Identity Theft Internet Internet Education 107

Troy Hunt

SEPTEMBER 21, 2018

SRI is a super useful little browser feature (it doesn't negate the need to review the code you're running, but it's not meant to either). I've reached out to them to get a new link, but I managed to download and publish the audio earlier on so I'm publishing that for now. References.

Data breaches 162

Data breaches 162

Troy Hunt

APRIL 26, 2019

TicTokTrack is back online per the schedule they represented last week, but apparently the Sri Lanka bombings meant they were back online. hits a day with a 98.4% cache hit ratio courtesy of Cloudflare) I was on the Reply All podcast again this week (these guys rock - listen to this podcast at every opportunity!) when they said they would be?

Passwords 184

Passwords Data breaches 184

CyberSecurity Insiders

MARCH 10, 2022

Information is out that Conti maintains about 255 crypto wallets and has bank accounts in 7 countries, mostly those based in Singapore, Panama, and some parts of Asia, including Sri Lanka. Adjacently, Conti was in a plan to develop a new altcoin based on Rust Programming language and was supposed to release it by June 2021.

Cryptocurrency 119

Cryptocurrency Ransomware Banking Hacking 119

Security Affairs

NOVEMBER 11, 2023

” explained Inspector General of Police Tan Sri Razarudin Husain, who also confirmed the arrest of eight people, including the mastermind. . “We seized around RM960,000 put inside an e-wallet, apart from other valuables during the simultaneous raid we conducted earlier this week.”

Phishing 115

Phishing Cybercrime Advertising Hacking 115

Security Affairs

NOVEMBER 17, 2018

AmFearLiathMor also wrote that ProtonMail hasn’t configured the mandatory Subresource Integrity ( SRI ) allowing tampering and data collection. The ransom demand ( archive.is “We hacked Protonmail and have a significant amount of their data from the past few months. ” wrote the hacker.

Scams 96

Scams Hacking Data collection Advertising 96

Troy Hunt

MAY 11, 2018

The NHS in Scotland now has SRI on their Browsealoud script (view source and search for "ba.js"). I've listed all the upcoming public workshops Scott and I are doing (we're both still running a heap of private ones too, contact me about those if you're interested). Comodo my revoke your EV cert because, well.

Passwords 112

Passwords 112

Krebs on Security

SEPTEMBER 1, 2023

“Or.LK (Sri Lanka), where the acceptable use policy includes a ‘lock and suspend’ if domains are reported for suspicious activity,” Marks said. “These ccTLDs make a strong case for validating domain registrants in the interest of public safety.”

Phishing 224

Phishing Telecommunications Government DNS 224

CyberSecurity Insiders

FEBRUARY 15, 2023

According to the experts of the Singapore-based cybersecurity firm the group of threat actors are from India and were super active between June and November 2021, thus attacking government, military and law enforcement organizations in Afghanistan, Pakistan, Bhutan, Bangladesh, Nepal and Sri Lanka.

Cyber Attacks 101

Cyber Attacks Government Hacking Ransomware 101

Security Affairs

JULY 20, 2020

Telecom Argentina was not the first ISP targeted by REvil ransomware operators, in May the gang infected systems at Sri Lanka Telecom. In the past, REVil operators have targeted Pulse Secure and Citrix VPN and enterprise gateway systems as entry points. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 121

Ransomware VPN Advertising Internet 121

Security Affairs

MARCH 20, 2020

Military documents belong to the US and UK military, experts noticed that the incident also impacted Doxzoo customers from India, Nigeria and Sri Lanka. Exposed records included names, addresses, email addresses, payment method, last four digits of the payment method, passport scans, order details, copyrighted publications (e.g.

Advertising 110

Advertising Cybersecurity Data breaches Information Security 110

Troy Hunt

MAY 4, 2018

SRI and Upgrade-Insecure-Requests are now supported in Microsoft Edge (there goes one of the remaining excuses not to use these!). EVE Online is on Pwned Passwords (Stefán has done some great work, I hope he can share more publicly later). 86% of passwords are terrible (how many passwords in your system are already pwned?).

Passwords 110

Passwords Data breaches 110

Javvad Malik

NOVEMBER 9, 2021

The platform has been used to spread disinformation, anti-sematism, incitement of violence in Sri Lanka, Uyghur, body issues and so many more. There are dozens of articles written about the psychological impact of Facebook which includes self-harm and suicide, narcissism.

Ransomware 100

Ransomware Internet Internet 100

Security Affairs

FEBRUARY 1, 2021

At the time of this writing, the researchers already identified five victims in countries such as Taiwan, Hong Kong, and Sri Lanka. The attack was discovered by cybersecurity firm ESET on January 25, threat actors delivered malware to a limited number of victims across Asia. ESET tracked this campaign as Operation NightScout.

Malware 118

Malware Surveillance Mobile Hacking 118

The Last Watchdog

DECEMBER 31, 2019

About the essayist: Vidya Muthukrishnan is an Assistant Professor in the Department of Instrumentation and Control Engineering at the Sri Krishna College of Technology. But remember: all the network intrusion detection systems and firewalls are entirely useless if someone can get to the equipment and steal data or the device.

Cyber Risk 173

Cyber Risk Risk Firewall Surveillance 173

Security Affairs

SEPTEMBER 7, 2020

The list of victims is long and includes Telecom Argentina , Sri Lanka Telecom , Valley Health Systems , Australian firm Lion , Brown-Forman , the electrical energy company Light S.A. , and Elexon electrical middleman. In June 2018, North Korea-linked hackers hit another bank in Chile , the Banco de Chile infecting its system with a wiper.

Banking 109

Banking Ransomware Advertising VPN 109

Troy Hunt

MARCH 17, 2018

Big thank you to @troyhunt for dropping by Salesforce and chatting with us about Haveibeenpwned, bug bounties, SRI and more. Great catching up @troyhunt at the @Cloudflare today - in front of the famous lava lamp wall. pic.twitter.com/4KDQfhUfWy — Junade Ali (@IcyApril) March 15, 2018. Come back anytime!

Risk 117

Risk 117

The Last Watchdog

JUNE 30, 2021

Companies like Google , Dropbox , Twitter and others have successfully adopted W3C and HTML5 security standards like CSP, SRI, etc. In the long term, organizations must take steps to implement standards-based controls for robust and future-proof security that can respond effectively to zero day threats.

Risk 149

Risk Architecture Hacking Media 149

Security Affairs

AUGUST 21, 2022

The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. The Donot Team threat actor, aka APT-C-35 , has added new capabilities to its Jaca Windows malware framework.

Malware 93

Malware Spyware Phishing Government 93

Security Affairs

JUNE 19, 2021

On December 2020, KISA (Korean Internet & Security Agency) provided a detailed analysis about the phishing infrastructure and TTPs used by Kimsuky to target South Korea.

Hacking 140

Hacking VPN Internet Internet 140

Security Affairs

SEPTEMBER 10, 2020

The list of victims is long and includes Telecom Argentina , Sri Lanka Telecom , Valley Health Systems , Australian firm Lion , Brown-Forman , the electrical energy company Light S.A. , and Elexon electrical middleman. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 65

Ransomware VPN Banking Data breaches 65

Malwarebytes

JANUARY 16, 2023

For this reason, implementing safeguards such as Content Security Policy (CSP) and Subresource Integrity (SRI) can help to mitigate many issues. There are a number of threats that can be disseminated via third-party libraries. Not falling victim.

Retail 81

Retail Passwords Accountability Risk 81

Krebs on Security

MAY 16, 2019

“frusa”) of Volograd, Russia was arrested in 2017 in Sri Lanka on an international warrant from the United States, but escaped and fled back to Russia while on bail awaiting extradition. One of those alleged mule managers — Farkhad Rauf Ogly Manokhim (a.k.a.

Cybercrime 173

Cybercrime Banking Small Business Computers and Electronics 173

Troy Hunt

APRIL 19, 2018

Let me paraphrase: Bank: We're thinking of using SRI to protect malicious modification of scripts we load in from a partner. Me: Ok, but be conscious that means they can never change those scripts without you first modifying the integrity attribute on your script tags and you need time to push that out so as not to break the site.

Banking 119

Banking DNS 119

Security Affairs

MARCH 27, 2019

The list of the organizations mimicked by hackers includes entities in Pakistan, Bangladesh, Sri Lankan, Maldives, Myanmar, and Nepal. According to the ASERT, the LUCKY ELEPHANT campaign was carried out by an Indian APT group. .

Government 86

Government Telecommunications Phishing Advertising 86

Security Affairs

NOVEMBER 24, 2019

The measure is not uncommon, other countries like Egypt, Ethiopia, Iraq, Sri Lanka, Sudan, and Venezuela operate strict censorship. According to the media, Iran’s Internet connectivity was drastically reduced and only government organizations and regime-aligned news outlets were able to access the internet for more than 110 hours.

Internet 102

Internet Internet Government Small Business 102

The Last Watchdog

APRIL 9, 2020

I had a fascinating discussion about this with Sri Sundaralingam, vice president of cloud and security solutions at ExtraHop , a Seattle-based supplier of NDR technologies. We spoke at RSA 2020. For a full drill down on our conversation, give the accompanying podcast a listen.

Internet 195

Internet Internet IoT Technology 195

SC Magazine

JUNE 3, 2021

We have COVID, and ships burning off of Sri Lanka; so [for ransomware] to even get into the talking points suggests to me that there’s a real recognition of the risk,” said Megan Stifel, executive director for the Americas at the international advocacy group, the Global Cyber Alliance and co-chair of the Ransomware Task Force. .

Ransomware 71

Ransomware Government Media Cybercrime 71

CyberSecurity Insiders

JUNE 4, 2021

In fact, after the horrifying Sri Lanka terrorist attack in 2019, involving three high profile hotels, it was revealed that all three hotels had a guest checked-in with identical name and counterfeit National IDs immediately prior to the attacks. is also a reason why hotels are targeted.

Technology 91

Technology Identity Theft Risk Media 91

CyberSecurity Insiders

JUNE 6, 2021

In fact, after the horrifying Sri Lanka terrorist attack in 2019, involving three high profile hotels, it was revealed that all three hotels had a guest checked-in with identical name and counterfeit National IDs immediately prior to the attacks. is also a reason why hotels are targeted.

Technology 78

Technology Identity Theft Risk Media 78

eSecurity Planet

JUNE 24, 2021

Intel will lead one of four research teams; the other three will be headed by software makers Duality Technologies – which uses homomorphic encryption in its Duality SecurePlus platform – and Galois and a Silicon Valley-based nonprofit scientific research institute, SRI International.

Encryption 92

Encryption Marketing Software Data privacy 92

Security Affairs

FEBRUARY 27, 2019

Security experts from Rice University in the United States, University of Cambridge in the United Kingdom, and SRI International, have discovered a new set of security vulnerabilities that can be exploited by attackers via Thunderbolt , the hardware interface created by Apple and Intel for connecting peripheral devices to a computer.

Hacking 76

Hacking Advertising Banking Encryption 76

Security Affairs

FEBRUARY 27, 2019

Security experts from Rice University in the United States, University of Cambridge in the United Kingdom, and SRI International, have discovered a new set of security vulnerabilities that can be exploited by attackers via Thunderbolt , the hardware interface created by Apple and Intel for connecting peripheral devices to a computer. .

Hacking 43

Hacking Advertising Banking Encryption 43