Troy Hunt

JANUARY 16, 2019

Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses and link out to more detailed material for those who want to go deeper. Let's start with the raw numbers because that's the headline, then I'll drill down into where it's from and what it's composed of.

Data breaches 280

Data breaches Passwords Password Management Accountability 280

Krebs on Security

JANUARY 17, 2019

My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it “the largest collection ever of breached data found.” But in an interview with the apparent seller, KrebsOnSecurity learned that it is not even close to the largest gathering of s

Passwords 54

Passwords Accountability Hacking Password Management 54

Adam Levin

JANUARY 15, 2019

U.S. citizens are more vulnerable to the effects of identity theft and scams as a result of the ongoing government shutdown. The two primary websites created by the government as resources for victims of identity theft, IdentityTheft.gov and FTC.gov/complaint , are currently offline as part of the partial shutdown of the Federal Trade Commission. This effectively leaves victims unable to file reports or get documentation of their stolen identities, which is typically a first step for mitigating

Identity Theft 219

Identity Theft Scams Government Phishing 219

Schneier on Security

JANUARY 17, 2019

Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and iMessage.

Marketing 217

Marketing Surveillance Government Software 217

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

JANUARY 17, 2019

And then there was the biggest data breach to go into HIBP ever! I wrote that sentence from home just after publishing all the data, then I got on a plane. Holy cow that's a lot of emails! Hundreds upon hundreds of emails came in whilst on the way to Dubai, more than I'll ever be able to respond to. Plus, I'm actually trying to have some downtime with my son on this trip particularly over the next few days so a bunch of stuff is going to have to go unanswered or at best, delayed.

Data breaches 182

Data breaches Hacking Internet Internet 182

Krebs on Security

JANUARY 14, 2019

Seldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes. On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014.

DDOS 208

DDOS Internet Internet Spyware 208

Schneier on Security

JANUARY 14, 2019

I recently read two different essays that make the point that while Internet security is terrible, it really doesn't affect people enough to make it an issue. This is true, and is something I worry will change in a world of physically capable computers. Automation, autonomy, and physical agency will make computer security a matter of life and death, and not just a matter of data.

Internet 203

Internet Internet 203

The Last Watchdog

JANUARY 18, 2019

The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise. The breach of some 30 computers of South Korea’s Defense Acquisition Program Administration (DAPA), which is part of the Ministry of National Defense, reportedly occurred last October.

Hacking 157

Hacking Encryption Authentication Government 157

WIRED Threat Level

JANUARY 16, 2019

Collection #1 appears to be the biggest public breach yet, with millions of unique passwords sitting out in the open.

Passwords 111

Passwords 111

Adam Levin

JANUARY 15, 2019

AT&T and T-Mobile announced that in March 2019 they would stop selling user location data to third parties. The announcements came on the heels of a Motherboard article that reported on the ability to track individual cellular phones via “location aggregator” companies with access to mobile customer information. Cellular location data was sold as a customer-friendly feature that could streamline things like roadside assistance and fraud prevention.

Mobile 198

Mobile Accountability Risk Technology 198

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

JANUARY 14, 2019

This is a current list of where and when I am scheduled to speak: I'm speaking at A New Initiative for Poland in Warsaw, January 16-17, 2019. I'm speaking at the Munich Cyber Security Conference (MCSC) on February 14, 2019. The list is maintained on this page.

162

162

The Last Watchdog

JANUARY 14, 2019

Malicious intruders have long recognized that getting their hands on privileged credentials equates to possessing the keys to the kingdom. This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints. Related: California enacts pioneering privacy law.

Accountability 153

Accountability Risk Technology System Administration 153

WIRED Threat Level

JANUARY 15, 2019

Opinion: The 2009 vs. 2019 profile picture trend may or may not have been a data collection ruse to train its facial recognition algorithm. But we can't afford to blithely play along.

Data collection 112

Data collection 112

Adam Levin

JANUARY 18, 2019

A massive leak of unprotected data on a server belonging to the Oklahoma Securities Commission was discovered in December 2018. Three terabytes of data were leaked, including evidence from hundreds of FBI investigations. Details in the material gone walkabout included financial transactions, emails relating to cases as well as letters from witnesses.

IoT 151

IoT Engineering Passwords Risk 151

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JANUARY 18, 2019

Experts at Malwarebytes have reported that the code for the recently discovered Flash zero-day flaw was added to the Fallout Exploit kit. Experts at Malwarebytes observed a new version of the Fallout Exploit kit that include the code to exploit a recently discovered Flash zero-day vulnerability. The Fallout Exploit kit was discovered at the end of August by the threat analyst nao_sec , at the time it was used to distribute the GandCrab ransomware and other malicious codes, including droppers and

Advertising 111

Advertising Ransomware Healthcare Malware 111

The Last Watchdog

JANUARY 16, 2019

Kubernetes is one of many key enabling technologies of digital transformation that has tended to remain obscure to non-technical company decision makers. Related podcast: Securing software containers. Kubernetes is an administration console — an open source project from Google that makes containerized software applications easy to deploy, scale, and manage.

Digital transformation 147

Digital transformation Authentication Software Internet 147

Dark Reading

JANUARY 15, 2019

When it comes to privacy, it's the little things that can lead to big mishaps.

99

99

WIRED Threat Level

JANUARY 15, 2019

Opinion: GPS-monitored violent offenders are 95 percent less likely to commit a new crime. We need to implement an integrated, nationwide domestic violence program that tracks domestic abusers.

Technology 91

Technology 91

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JANUARY 12, 2019

Rapid7 announced the release of Metasploit 5.0, the latest version of the popular penetration testing framework that promises to be very easy to use. Rapid7 announced the release of Metasploit 5.0 , the new version includes several new important features and, the company believes it will easier to use and more powerful. Most important changes introduced in the Metasploit 5.0 include new database and automation APIs, evasion modules and libraries, language support, improved performance.

Penetration Testing 112

Penetration Testing Advertising Hacking 112

Threatpost

JANUARY 18, 2019

A default configuration allows full admin access to unauthenticated attackers.

Small Business 85

Small Business 85

Dark Reading

JANUARY 17, 2019

Data appears to be from multiple breaches over past few years, says researcher who discovered it.

Passwords 91

Passwords 91

WIRED Threat Level

JANUARY 12, 2019

A German hack confession, unencrypted government sites, and more security news this week.

Government 85

Government Hacking 85

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JANUARY 12, 2019

The American hacktivist Martin Gottesfeld (34) has been sentenced to 10 years in prison for carrying out DDoS attacks against two healthcare organizations in the US in 2014. The alleged Anonymous member, Martin Gottesfeld, was accused of launching DDoS attacks against the two US healthcare organizations in 2014, the Boston Children’s Hospital and the Wayside Youth and Family Support Network.

DDOS 111

DDOS Healthcare Advertising Cyber Attacks 111

Threatpost

JANUARY 16, 2019

Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.

Hacking 84

Hacking Accountability 84

Dark Reading

JANUARY 14, 2019

In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.

Phishing 89

Phishing Cybercrime Ransomware 89

WIRED Threat Level

JANUARY 16, 2019

From potential nation state hacks to a brain drain, the shutdown has done nothing good for cybersecurity.

Government 83

Government Risk Hacking Cybersecurity 83

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JANUARY 12, 2019

Z-WASP attack: Phishers are using a recently fixed flaw in Office 365 that allows them to bypass protections using zero-width spaces and deliver malicious messages to recipients. Microsoft recently fixed a vulnerability in Office 365 that was exploited by attackers to bypass existing phishing protections and deliver malicious messages to victims’ inboxes.

Phishing 111

Phishing Advertising Banking Internet 111

Threatpost

JANUARY 17, 2019

Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen.

Data breaches 80

Data breaches 80

Dark Reading

JANUARY 18, 2019

87

87

Thales Cloud Protection & Licensing

JANUARY 17, 2019

Modern encryption can trace its root back to before WWII when Alan Turing built a modern computer in order to break the Enigma. Much has changed since then but the core goals remain the same: limit who has access to certain information and prove the authenticity of who sent a message. 25 years of evolution and coming into the mainstream. The last 25 years has primarily been evolutionary with advances in symmetric and asymmetric cryptography focused on increasing key sizes and developing newer an

Encryption 79

Encryption Artificial Intelligence Technology Data privacy 79

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity