Troy Hunt

APRIL 12, 2019

That's the second update in a row I've done on time! It's also another one with a bunch of other things in common with last week, namely commentary on yet more data breaches. It's not just the breaches in HIBP, but the ones I'm busily trying to disclose.

Data breaches 138

Data breaches 138

Security Affairs

NOVEMBER 3, 2023

Threat actors who breached the Okta customer support system also gained access to files belonging to 134 customers. Threat actors who breached the Okta customer support system in October gained access to files belonging to 134 customers, the company revealed. ” reads the post published by the company.

Data breaches 121

Data breaches Social Engineering Accountability Authentication 121

Security Affairs

NOVEMBER 29, 2023

Having finalized our investigation, we can confirm that from September 28, 2023 to October 17, 2023, a threat actor gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers, or less than 1% of Okta customers.” ” reads the update provided by the company.

Social Engineering 106

Social Engineering Authentication Engineering Accountability 106

Security Affairs

FEBRUARY 9, 2024

“A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthentified attacker to execute arbitrary code or commands via specially crafted requests.” Version Affected Solution FortiOS 7.6 Not affected Not Applicable FortiOS 7.4 through 7.4.2 Upgrade to 7.4.3 through 7.2.6

VPN 103

VPN Firmware Malware Government 103

Security Boulevard

APRIL 13, 2021

Maersk operates in 134 countries, shipping 10 million containers to 76 global ports annually with the help of 88,000 employees. And Maersk must keep every vendor, partner and customer updated during each point of the journey. But have you ever thought about what it takes to orchestrate the movement of that cargo? .

Authentication 64

Authentication Mobile Engineering 64

SecureList

SEPTEMBER 16, 2021

Follow Microsoft security update guidelines. Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. Mitigations. ef32824c7388a848c263deb4c360fd64. 103.231.14[.]134.

Engineering 98

Engineering Telecommunications Internet Internet 98

Troy Hunt

JULY 8, 2019

Subsequent updates to the corpus of breached passwords saw versions 3 and 4 arrive as more passwords flowed in from new breaches whilst the system also continued to grow and grow: Pwned Passwords in @haveibeenpwned is going from strength to strength - 16M requests in the last 24 hous with a cache hit ratio of 99.4% ??

Passwords 234

Passwords Accountability Authentication Data breaches 234