Troy Hunt

JUNE 10, 2019

Increasingly, I was writing about what I thought was a pretty fascinating segment of the infosec industry; password reuse across Gawker and Twitter resulting in a breach of the former sending Acai berry spam via the latter. And while I'm on Sony, the prevalence with which their users applied the same password to their Yahoo!

Data breaches 280

Data breaches Passwords InfoSec Accountability 280

Troy Hunt

MARCH 1, 2018

My congressional testimony in the US was a very public example of that, less so are the dozens of conversations I've had in all sorts of settings including during conferences, workshops and over coffees and beers. So that's what's been set up in HIBP for the UK and Aussie governments.

Government 228

Government Data breaches Passwords Authentication 228

CyberSecurity Insiders

JUNE 13, 2023

Learn about strong password creation, multi-factor authentica-tion, secure browsing habits, and data encryption. Implement Strong Password Practices: Passwords serve as the first line of defense against unauthorized access to your online accounts.

Cybersecurity 93

Cybersecurity Education Cyber threats Passwords 93

Adam Levin

AUGUST 21, 2019

Bob from accounting goes on vacation with his laptop, and the next thing you know, millions of customers get hacked. Tortoises have no finances and, taken as a genus, they rarely have names and social media accounts. When they do have names and Instagram accounts, there’s a hackable human somewhere nearby. Attacks happen.

Phishing 138

Phishing Accountability Hacking Cybersecurity 138

Security Affairs

AUGUST 8, 2020

The analysis of the file system of the vehicle’s Telematics Control Unit (TCU), to which they gained access by obtaining an interactive shell with root privileges, they uncovered passwords and certificates for the backend server. ” continues the research. So, our next step is to try to access Car Backend.”

Hacking 145

Hacking Advertising Mobile Engineering 145

Thales Cloud Protection & Licensing

APRIL 7, 2022

The reputation is well-deserved when you consider that we (the cybersecurity team) tell users to create a unique password for each account to increase security. According to Gartner, 20 – 50% of help desk calls are for password reset – which is an expensive burden for any help desk.

Passwords 71

Passwords Password Management Authentication Social Engineering 71

Troy Hunt

DECEMBER 20, 2017

It was being sold for 5 Bitcoins: That's over US$80k in today's money but back then, it was only a couple of grand (which actually, seems like pretty good value for 167 million accounts and passwords stored as unsalted SHA1 hashes). When I run workshops , at the end of the second day I like to talk about automating security.

Data breaches 154

Data breaches Marketing Penetration Testing Government 154

Jane Frankland

OCTOBER 17, 2023

By mid-year, there’s been a staggering 156% growth in the total number compared to the previous quarter, with a whopping 855 accounts worldwide being leaked every minute. Then there’s the promise of free content, software, and products; and using unsecured public wi-fi networks, or weak passwords.

Security Awareness 124

Security Awareness Education Cybersecurity Data breaches 124

Troy Hunt

JANUARY 10, 2018

It's the address on Aadhaar's Twitter account , it's the first result on a Google search and time and time again, it's promoted as the site people should go to before doing anything else Aadhaar related. This is poor form as it can break tools that encourage good security practices such as password managers. Let them paste passwords!

Hacking 280

Hacking Government Encryption Risk 280

CyberSecurity Insiders

MARCH 25, 2021

Although this does take time, with training and upskilling programs , insightful workshops, and “Hacker Fridays” (where employees can try to hack a specific smart device), team members will become more capable of dealing with the new diagnostics support work, as well as any general IoT problems. 5 Be aware of your operating landscape.

IoT 100

IoT Authentication Passwords Data collection 100

Pen Test Partners

FEBRUARY 19, 2024

This accounts for nearly $2.25 According to the NCUA, “approximately 60 credit unions experienced system outages affecting member account availability.” credit unions, internal notes, and clients’ full names, home and email addresses, and plaintext passwords. trillion in total assets – no small number!

Banking 72

Banking Penetration Testing Small Business Accountability 72

eSecurity Planet

APRIL 14, 2023

Malicious bots can be used to carry out a range of cyber threats like account takeovers and DDoS attacks, so bot protection is an increasingly important defense for web-facing assets. Comprehensive protection: DataDome protects against all types of bots, including credential stuffing, web scraping, and account takeover attacks.

Software 109

Software DDOS Accountability Firewall 109

Troy Hunt

NOVEMBER 25, 2020

I can't blame this on the teddy bears themselves, rather the fact that the MongoDB holding all the collected data was left publicly facing without a password. It made it easy for all the existing devices to jump onto the new network (I used the same password from the v1 network) and it gives me the option to segment traffic later on.

IoT 363

IoT Firmware Risk Encryption 363

Security Through Education

MARCH 3, 2021

For example, a phony email stating that your online bank account has been compromised and requires a new password will elicit fear in most people. In addition, the emotion of fear can be elicited by a phony email stating that your online bank account has been compromised and requires the password. Helpfulness.

Social Engineering 64

Social Engineering Hacking Engineering Banking 64

eSecurity Planet

APRIL 9, 2024

Is there cybersecurity training on best practices, including setting strong passwords in accordance with the organization’s policy? Encourage strong password practices: Provide tips on how to create complex passwords and use password management tools.

Risk 108

Risk Threat Detection Data breaches Encryption 108

BH Consulting

AUGUST 9, 2022

The ongoing campaign has targeted more than 10,000 Office 365 organisations since September 2021, using ‘adversary in the middle’ (AiTM) sites to steal passwords and hijack login sessions. Windows 11 has built in a default account locking policy to help stop brute force attacks via Remote Desktop Protocol.

Cybercrime 52

Cybercrime Accountability Phishing Authentication 52

eSecurity Planet

APRIL 12, 2024

Customize training materials to address these specific concerns, including data handling protocols, password management , and phishing attempt identification. Encourage regular talks, training, and awareness workshops to help integrate DLP practices into the organization’s culture.

Backups 134

Backups Encryption Data breaches Risk 134

McAfee

FEBRUARY 3, 2020

Laws such as CCPA and GDPR, not to mention vertical market regulations, make it clear how important this issue is to regulators, who take into account the security tools in use and their settings during investigations. Work with GRC and workshop how users use cloud. Fines can be significantly lower if tools are well deployed.).

Technology 52

Technology Marketing Passwords Data collection 52

Identity IQ

JUNE 1, 2023

In fact, last year, scams accounted for 80% of reported identity compromises to the Identity Theft Resource Center (ITRC). Phishing attacks refer to fraudulent attempts, usually through email or messaging platforms, to deceive individuals into revealing sensitive information like passwords, credit card details, or Social Security numbers.

Social Engineering 52

Social Engineering Scams Engineering Identity Theft 52

Duo's Security Blog

MARCH 3, 2021

These policies take into account the risk level of the resource that is being accessed as well as the conditions of the access. Cisco is in a great position to help guide you on your own zero trust journey and is able to run workshops tailored to your own requirements. Learn more by visiting Duo Zero Trust Security.

Architecture 52

Architecture Authentication CISO Risk 52

Troy Hunt

JANUARY 3, 2020

NewPassword: passw0rd ConfirmPassword: passw0rd This is a real request from my Hack Yourself First website I use as part of the workshops Scott Helme and I run. You can go and create an account there then try to change the password and watch the request that's sent via your browser's dev tools. Why is this possible?

Passwords 329

Passwords Accountability Hacking Risk 329

Identity IQ

SEPTEMBER 15, 2023

Discovering that your bank account has been emptied or that mysterious charges have appeared on your credit card can be devastating. Thieves can use a child’s clean financial history to open new accounts or even take out loans. Account monitoring can serve as an early warning system. But it’s not just about you.

Identity Theft 59

Identity Theft Accountability Media Education 59

Pen Test Partners

OCTOBER 9, 2023

Mind maps can be a good way to collaboratively develop this phase within a threat modelling workshop. For example: a user enumeration vulnerability, a weak password policy, and a lack of brute force protection and lockout can still lead to an attacker gaining access to an account. Have a vulnerability disclosure policy (VDP).

IoT 52

IoT Firmware Mobile Manufacturing 52

ForAllSecure

SEPTEMBER 21, 2021

Black Mirror brainstorms, a workshop in which you create Black Mirror episodes. Who else has access to something that's, that's not uncommon, interviewed that, for example, someone still had someone share Facebook passwords. Here's my proposal for replacing design sprints. The plot must revolve around the misuse of your team's product.

Technology 52

Technology Software Surveillance Media 52

Krebs on Security

OCTOBER 5, 2018

There aren’t any corroborating accounts of this scoop so far, but it is both fascinating and terrifying to look at why threats to the global technology supply chain can be so difficult to detect, verify and counter. That in itself should be zero gauge of the story’s potential merit. Even if the U.S. consumers or the U.S.

Computers and Electronics 266

Computers and Electronics IoT Technology Manufacturing 266