Troy Hunt

JANUARY 16, 2019

Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses and link out to more detailed material for those who want to go deeper. Let's start with the raw numbers because that's the headline, then I'll drill down into where it's from and what it's composed of.

Data breaches 280

Data breaches Passwords Password Management Accountability 280

Adam Levin

JANUARY 15, 2019

U.S. citizens are more vulnerable to the effects of identity theft and scams as a result of the ongoing government shutdown. The two primary websites created by the government as resources for victims of identity theft, IdentityTheft.gov and FTC.gov/complaint , are currently offline as part of the partial shutdown of the Federal Trade Commission. This effectively leaves victims unable to file reports or get documentation of their stolen identities, which is typically a first step for mitigating

Identity Theft 219

Identity Theft Scams Government Phishing 219

Schneier on Security

JANUARY 17, 2019

Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and iMessage.

Marketing 213

Marketing Surveillance Government Software 213

Krebs on Security

JANUARY 14, 2019

Seldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes. On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014.

DDOS 203

DDOS Internet Internet Spyware 203

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

JANUARY 17, 2019

And then there was the biggest data breach to go into HIBP ever! I wrote that sentence from home just after publishing all the data, then I got on a plane. Holy cow that's a lot of emails! Hundreds upon hundreds of emails came in whilst on the way to Dubai, more than I'll ever be able to respond to. Plus, I'm actually trying to have some downtime with my son on this trip particularly over the next few days so a bunch of stuff is going to have to go unanswered or at best, delayed.

Data breaches 165

Data breaches Hacking Internet Internet 165

Adam Levin

JANUARY 18, 2019

A gigantic trove of email addresses and passwords containing over 2 billion records has been discovered online. The breached data, dubbed “Collection #1” by cybersecurity expert Troy Hunt , is more than 87 gigabytes and contains roughly 773 million email address and 21 million unique passwords. Hunt found an archive of the data on MEGA, a file-sharing site and has been featured on at least one hacking forum.

Accountability 198

Accountability Passwords Data breaches Data collection 198

The Last Watchdog

JANUARY 18, 2019

The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise. The breach of some 30 computers of South Korea’s Defense Acquisition Program Administration (DAPA), which is part of the Ministry of National Defense, reportedly occurred last October.

Hacking 157

Hacking Encryption Authentication Government 157

WIRED Threat Level

JANUARY 15, 2019

Opinion: The 2009 vs. 2019 profile picture trend may or may not have been a data collection ruse to train its facial recognition algorithm. But we can't afford to blithely play along.

Data collection 112

Data collection 112

Adam Levin

JANUARY 15, 2019

AT&T and T-Mobile announced that in March 2019 they would stop selling user location data to third parties. The announcements came on the heels of a Motherboard article that reported on the ability to track individual cellular phones via “location aggregator” companies with access to mobile customer information. Cellular location data was sold as a customer-friendly feature that could streamline things like roadside assistance and fraud prevention.

Mobile 198

Mobile Accountability Risk Technology 198

Schneier on Security

JANUARY 14, 2019

This is a current list of where and when I am scheduled to speak: I'm speaking at A New Initiative for Poland in Warsaw, January 16-17, 2019. I'm speaking at the Munich Cyber Security Conference (MCSC) on February 14, 2019. The list is maintained on this page.

152

152

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

JANUARY 14, 2019

Malicious intruders have long recognized that getting their hands on privileged credentials equates to possessing the keys to the kingdom. This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints. Related: California enacts pioneering privacy law.

Accountability 153

Accountability Risk Technology System Administration 153

Security Affairs

JANUARY 12, 2019

Rapid7 announced the release of Metasploit 5.0, the latest version of the popular penetration testing framework that promises to be very easy to use. Rapid7 announced the release of Metasploit 5.0 , the new version includes several new important features and, the company believes it will easier to use and more powerful. Most important changes introduced in the Metasploit 5.0 include new database and automation APIs, evasion modules and libraries, language support, improved performance.

Penetration Testing 112

Penetration Testing Advertising Hacking 112

Adam Levin

JANUARY 18, 2019

A massive leak of unprotected data on a server belonging to the Oklahoma Securities Commission was discovered in December 2018. Three terabytes of data were leaked, including evidence from hundreds of FBI investigations. Details in the material gone walkabout included financial transactions, emails relating to cases as well as letters from witnesses.

IoT 151

IoT Engineering Passwords Risk 151

WIRED Threat Level

JANUARY 16, 2019

Collection #1 appears to be the biggest public breach yet, with millions of unique passwords sitting out in the open.

Passwords 108

Passwords 108

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

JANUARY 16, 2019

Kubernetes is one of many key enabling technologies of digital transformation that has tended to remain obscure to non-technical company decision makers. Related podcast: Securing software containers. Kubernetes is an administration console — an open source project from Google that makes containerized software applications easy to deploy, scale, and manage.

Digital transformation 147

Digital transformation Authentication Software Internet 147

Security Affairs

JANUARY 12, 2019

The American hacktivist Martin Gottesfeld (34) has been sentenced to 10 years in prison for carrying out DDoS attacks against two healthcare organizations in the US in 2014. The alleged Anonymous member, Martin Gottesfeld, was accused of launching DDoS attacks against the two US healthcare organizations in 2014, the Boston Children’s Hospital and the Wayside Youth and Family Support Network.

DDOS 111

DDOS Healthcare Advertising Cyber Attacks 111

Thales Cloud Protection & Licensing

JANUARY 17, 2019

Modern encryption can trace its root back to before WWII when Alan Turing built a modern computer in order to break the Enigma. Much has changed since then but the core goals remain the same: limit who has access to certain information and prove the authenticity of who sent a message. 25 years of evolution and coming into the mainstream. The last 25 years has primarily been evolutionary with advances in symmetric and asymmetric cryptography focused on increasing key sizes and developing newer an

Encryption 79

Encryption Artificial Intelligence Technology Data privacy 79

Dark Reading

JANUARY 18, 2019

An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.

80

80

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JANUARY 15, 2019

Opinion: GPS-monitored violent offenders are 95 percent less likely to commit a new crime. We need to implement an integrated, nationwide domestic violence program that tracks domestic abusers.

Technology 71

Technology 71

Security Affairs

JANUARY 17, 2019

The popular cyber security expert Troy Hunt has uncovered a massive data leak he called ‘Collection #1’ that included 773 million records. The name ‘Collection #1’ comes from the name of the root folder. Someone has collected a huge trove of data through credential stuffing , the ‘Collection #1’ archive is a set of email addresses and passwords totalling 2,692,818,238 rows resulting from thousands of different sources.

Passwords 110

Passwords Data breaches Advertising Hacking 110

Thales Cloud Protection & Licensing

JANUARY 16, 2019

It was recently announced that GCHQ has created a new competition for girls aged 12 – 13 in codebreaking, in a bid to create the next generation of female cybersecurity professionals. This initiative, CyberFirst Girls Competition, kicks off on January 21 and offers female students an opportunity to learn about cybersecurity and practice skills in a simulated real-world environment.

Data breaches 66

Data breaches Education Media Cybersecurity 66

Dark Reading

JANUARY 18, 2019

For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.

Cyber threats 78

Cyber threats Government 78

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

JANUARY 17, 2019

Microsoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server.

73

73

Security Affairs

JANUARY 12, 2019

Z-WASP attack: Phishers are using a recently fixed flaw in Office 365 that allows them to bypass protections using zero-width spaces and deliver malicious messages to recipients. Microsoft recently fixed a vulnerability in Office 365 that was exploited by attackers to bypass existing phishing protections and deliver malicious messages to victims’ inboxes.

Phishing 110

Phishing Advertising Banking Internet 110

Spinone

JANUARY 15, 2019

G Suite administrators with organizations today are looking at how they can most efficiently carry out IT operations, including delivering of services to end users. Most are looking at cloud-based solutions to deliver on current IT infrastructure and service demands. This is not limited to corporate environments but also includes today’s educational institutions.

Education 64

Education Backups Mobile Malware 64

Dark Reading

JANUARY 17, 2019

Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.

Malware 80

Malware 80

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

JANUARY 17, 2019

Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen.

Data breaches 80

Data breaches 80

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. The ServHelper is a backdoor, experts analyzed two variants of it, while FlawedGrace is a remote access trojan (RAT). “In November 2018, TA505 , a prolific actor tha

Malware 110

Malware DNS Financial Services Retail 110

Spinone

JANUARY 12, 2019

Today’s businesses are more technology-centric than ever before. Most companies utilize technology-driven processes and services for day-to-day operations and business-critical systems. Especially when it comes to business communication, everyone is using technology to communicate. Email has been the preferred means of communication in the business environment for decades now and is still utilized heavily to provide communication both inside and outside of the organization.

Social Engineering 64

Social Engineering Technology Engineering Banking 64

Dark Reading

JANUARY 14, 2019

In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.

Phishing 89

Phishing Cybercrime Ransomware 89

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity