Troy Hunt

NOVEMBER 21, 2017

Obviously, the work I've been doing with Have I Been Pwned (HIBP) has given me a heap of insight into this specific area of infosec over the last 4 years and the folks from DC felt my views on things might be helpful. That was all great and I was happy to share my thoughts from the other side of the world.

Data breaches 232

Data breaches InfoSec Backups IoT 232

McAfee

OCTOBER 29, 2020

At the surface this scenario may sound absurd, but I bet many InfoSec teams can sympathize with the problem. The conversation goes something like this: CEO to InfoSec: You need to make sure we’re secure in the cloud. CEO to InfoSec: Great, go fix it. InfoSec to CEO: Well the problem is I don’t have any say over those teams.

InfoSec 88

InfoSec Software Risk Marketing 88

Troy Hunt

JANUARY 10, 2018

Because their certificate was issued before June 2016 (it was issued on the 31st of March, 2016), Google will begin distrusting it in Chrome this March (although I note the present release date for v66 which will implement this is scheduled for April 17 ). Blocking Paste. Again, see comments above re why this is odd.

Hacking 279

Hacking Government Encryption Risk 279

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. ” The employees who kept things running for RSOCKS, circa 2016. In 2016, while the U.S.

Cryptocurrency 292

Cryptocurrency Cybercrime Computers and Electronics Scams 292

The Falcon's View

AUGUST 29, 2017

New Context reached out in May 2016 and offered me an opportunity to do research and publishing for them, so I jumped at it and got the heck out of dodge. Things seemed ok at first, but after a CIO change a few months in, plus a couple other personnel issues, things got wonky, and it became clear my presence was no longer desired.

InfoSec 45

InfoSec CISO Mobile Marketing 45

Troy Hunt

NOVEMBER 6, 2022

The rate limit, however, needed revisiting and to understand why, let's go back to the beginning: The "1 request per 1,500ms" rate dated all the way back to 2016 where I'd initially attempted to combat abuse by applying the limit per IP. Infosec firms use Enterprise to support customers via domain level API searches.

Identity Theft 328

Identity Theft InfoSec Marketing Authentication 328

Security Affairs

JULY 2, 2019

Malware is currently delivered from: 'hxxps://customermgmt.net/page/macrocosm' #cybersecurity #infosec — USCYBERCOM Malware Alert (@CNMF_VirusAlert) July 2, 2019. The alert refers to an ongoing activity aimed at infecting government networks by exploiting the CVE-2017-11774 Outlook vulnerability. South Korean, and Europe. .

Energy and Utilities 110

Energy and Utilities Malware Advertising InfoSec 110

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? In 2016, Professor Brumley and a team of students from CMU were victorious in DARPA's first ever Cyber Grand Challenge that pitted automated cyber defense technologies against one another.

InfoSec 52

InfoSec Artificial Intelligence Computers and Electronics Software 52

Pen Test Partners

DECEMBER 21, 2023

Back to the Infosec Show in 2011 and the ever-popular socks got another outing. In 2016 we were (rightly) challenged at Infosec that we weren’t offering longer socks for women and people who preferred to wear wellington boots, in a Paddington Bear style. Here’s a pair of that iteration. Pen Test Partners PTP started in 2010.

InfoSec 69

InfoSec Marketing Hacking Software 69

The Falcon's View

AUGUST 29, 2017

For those unfamiliar with Fogg's work, he started out doing research on Persuasive Technology back in the 90s, which has become the basis for most modern uses of technology to influence people (for example, use of Facebook user data to influence the 2016 US Presidential Election). Well, low-and-behold, it already exists!

Information Security 45

Information Security InfoSec Social Engineering Security Awareness 45

Security Boulevard

NOVEMBER 15, 2021

In 2016, for six straight months, communications between Canadian and Korean government networks were hijacked by China Telecom and routed through China. In 2017, traffic from Sweden and Norway to a large American news organization in Japan was hijacked to China for about 6 weeks.

Government 64

Government InfoSec 64

Troy Hunt

JUNE 15, 2023

" Thing is, "control" is a bit of a nuanced term; there are many people in roles where they don't have access to any of the above means of verification but they're legitimately responsible for infosec and responding to precisely the sorts of notifications HIBP sends out after a breach. I pay for it.

Accountability 263

Accountability Small Business InfoSec DNS 263

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? In 2016, Professor Brumley and a team of students from CMU were victorious in DARPA's first ever Cyber Grand Challenge that pitted automated cyber defense technologies against one another.

InfoSec 40

InfoSec Artificial Intelligence Computers and Electronics Software 40

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? In 2016, Professor Brumley and a team of students from CMU were victorious in DARPA's first ever Cyber Grand Challenge that pitted automated cyber defense technologies against one another.

InfoSec 40

InfoSec Artificial Intelligence Computers and Electronics Software 40

SecureList

MAY 19, 2023

Over the years, the infosec community has discovered multiple APTs operating in the Russo-Ukrainian conflict region – Gamaredon, CloudAtlas , BlackEnergy and many others. Some of these APTs have long been forgotten in the past – such as Prikormka ( Operation Groundbait ), discovered by ESET in 2016.

Encryption 129

Encryption Malware Internet Internet 129

Security Affairs

JANUARY 11, 2019

Similar packing of AutoIT code have been observed even by Juniper back in 2016, where SFX files were abused this way to deliver scripts used as first stage of the malware. This particular string has been elected as common malware name by many researchers of the InfoSec community. uaf.icm’s structure. Conclusion.

Malware 106

Malware Phishing Advertising InfoSec 106

SecureWorld News

FEBRUARY 26, 2024

We celebrate their contributions to InfoSec, elevating everyone in the cybersecurity profession—today's heroes. In 2016, she posthumously received the Presidential Medal of Freedom. If you are fighting the good fight against the myriad of digital threats, you too are a cyber hero! Here are the hidden figures we are recognizing.

Technology 101

Technology Cybersecurity Engineering InfoSec 101

Security Boulevard

OCTOBER 16, 2022

Former Uber CSO Joe Sullivan was found guilty of obstructing a federal investigation in connection with the attempted cover-up of a 2016 hack at Uber, NIST and Microsoft say that mandatory password expiration is no longer needed but many organizations are still doing it, and how fake executive profiles are becoming a huge problem for […].

Passwords 52

Passwords CSO Hacking Accountability 52

Security Boulevard

JUNE 6, 2022

Today we’ve been honored with the “Next Generation in API Security” award in the 2022 Global InfoSec Awards from Cyber Defense Magazine (CDM). Salt Security pioneered the first dedicated API security solution in 2016. Salt Security has won again! This award marks our third in just three weeks!

Big data 52

Big data InfoSec Architecture Education 52

NopSec

FEBRUARY 9, 2017

The year 2016 will be remembered for some big moments in the world of cybersecurity: the largest known distributed denial of service (DDoS) attack, a phishing attack on a United States presidential candidate’s campaign, and ransomware attacks on major healthcare organizations are just a few. Malware linked to the U.S.

Cybersecurity 40

Cybersecurity DDOS IoT Social Engineering 40

Kali Linux

MARCH 28, 2023

In information security (infosec) there is the need to be on the latest version. Writing exploits or developing infosec tools is no exception, they often need to have access to the latest libraries. We did not want to step on any other projects toes in infosec realm, or even IT in general. As soon as Kali 2.0

InfoSec 52

InfoSec Penetration Testing Architecture Software 52

eSecurity Planet

MAY 5, 2021

Founded in 2016, the Rishon LeZion-based vendor specializes in breach and attack simulation and security posture verification. DXC Technology has over 40 years of infosec experience, most of which as HPE’s Enterprise Services. XM Cyber is a Tel Aviv-based cyber risk analytics and cloud security vendor launched in 2016.

Penetration Testing 68

Penetration Testing Risk Technology Marketing 68

Malwarebytes

DECEMBER 11, 2022

To be more precise, 2010, 2016, and now 2022 with a whole new astronaut to recover. So yes, it’s weird…but it’s just a one off. Turns out this baffling attempt at parting people from their money would come back around every so often. See you in 2026?

Scams 86

Scams Social Engineering Engineering Accountability 86

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. In a moment you hear from someone who’s been publishing high quality infosec content on YouTube for the last six years and now has over half a million subscribers. How did he get started and what’s next?

Media 52

Media Hacking InfoSec Marketing 52

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. In a moment you hear from someone who’s been publishing high quality infosec content on YouTube for the last six years and now has over half a million subscribers. How did he get started and what’s next?

Media 52

Media Hacking InfoSec Marketing 52

ForAllSecure

JANUARY 15, 2021

And what parallels might infosec learn from COVID-19? In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. If you’ve been in the infosec world as long as I have, you have probably encountered Mike Amadhi. Again, maybe infosec can learn from the biological pandemic.

Healthcare 52

Healthcare Hacking InfoSec Software 52

ForAllSecure

JANUARY 15, 2021

And what parallels might infosec learn from COVID-19? In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. If you’ve been in the infosec world as long as I have, you have probably encountered Mike Amadhi. Again, maybe infosec can learn from the biological pandemic.

Healthcare 52

Healthcare Hacking InfoSec Software 52

ForAllSecure

OCTOBER 29, 2020

The confidentiality, integrity, and availability of it all -- you know, the classic CIA triad in infosec. In 2016, Logan Lamb, a former Oak Ridge National Laboratory researcher, found over 6 million voter registration files exposed on a state-sponsored server at Kennesaw State college in Georgia.

Hacking 52

Hacking Mobile Software Technology 52

ForAllSecure

OCTOBER 29, 2020

The confidentiality, integrity, and availability of it all -- you know, the classic CIA triad in infosec. In 2016, Logan Lamb, a former Oak Ridge National Laboratory researcher, found over 6 million voter registration files exposed on a state-sponsored server at Kennesaw State college in Georgia.

Hacking 52

Hacking Mobile Software Technology 52

ForAllSecure

SEPTEMBER 10, 2021

PPP wanted to give their past high school selves the infosec education they didn’t have. Megan Kerns of Carnegie-Mellon University joins The Hacker Mind to talk about the early days and the continued evolution of this popular online infosec competition site. in InfoSec however, learning happens 365 days a year.

Hacking 52

Hacking Education InfoSec Engineering 52

The Falcon's View

FEBRUARY 27, 2017

Now that I've had a week to recover from the annual infosec circus event to end all circus events, I figured it's a good time to attempt being reflective and proffer my thoughts on the event, themes, what I saw, etc, etc, etc. For starters, holy moly, 43,000+ people?!?!?!?!?! good grief. the event was about a quarter of that a decade ago.

InfoSec 40

InfoSec Education Accountability Big data 40

ForAllSecure

OCTOBER 20, 2020

The confidentiality, integrity, and availability of it all -- you know, the classic CIA triad in infosec. In 2016, Logan Lamb, a former Oak Ridge National Laboratory researcher, found over 6 million voter registration files exposed on a state-sponsored server at Kennesaw State college in Georgia.

Hacking 40

Hacking Mobile Software Technology 40

Security Boulevard

JANUARY 7, 2025

In ADFS 2016, wehave: ClientTLS PRT PKeyAuth The method of Device Authentication is controlled in part by the Set-AdfsGlobalAuthenticationPolicy PowerShell commandlet: Set-AdfsGlobalAuthenticationPolicy DeviceAuthenticationMethod All Out of the box, ADFS 2012 only supports ClientTLS. POST [link] HTTP/1.1

Authentication 52

Authentication Accountability Social Engineering Phishing 52

ForAllSecure

MARCH 24, 2021

I know there’s a whole pro and con argument within the infosec community about whether to name critical vulnerabilities and certainly whether or not they need cute logos. In September 2016, Microsoft announced Project Springfield, a cloud-based fuzz testing service for finding security critical bugs in software.

Software 52

Software Passwords Internet Internet 52

ForAllSecure

MARCH 24, 2021

I know there’s a whole pro and con argument within the infosec community about whether to name critical vulnerabilities and certainly whether or not they need cute logos. In September 2016, Microsoft announced Project Springfield, a cloud-based fuzz testing service for finding security critical bugs in software.

Software 52

Software Passwords Internet Internet 52

eSecurity Planet

DECEMBER 3, 2021

How to screen for natural infosec talent: Ask for a worst case scenario for any common situation. Street is an industry-respected speaker and analyst and currently is the VP of InfoSec for SphereNY. Markstedter actively contributes to filling the infosec education gap. — Matthew Green (@matthew_d_green) February 17, 2016.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Security Boulevard

SEPTEMBER 30, 2022

Bypassing SACL Auditing on LSASS. [13]: 13]: Forshaw, James. NtObjectManager. GitHub repository. [14]: 14]: Delpy, Benjamin; Le Toux, Vincent. Mimikatz lsadump::dcsync. GitHub repository. [15]: 15]: Le Toux, Vincent; ExtraHop. 2020, February 11). MITRE ATT&CK. [16]: 16]: Schroeder, William. Invoke-Kerberoast. GitHub repository. [17]:

Engineering 40

Engineering InfoSec Information Security Threat Reports 40