Troy Hunt

SEPTEMBER 8, 2022

Captivating stuff, apart from infosec, you really feel as though you’ve been taken on a journey with Troy through the years of living in paradise a.k.a. Troy Hunt takes us on his life journey, ups and downs, explaining how haveIbeenpwned came to be, raising awareness of the world’s poor password and online security habits.

InfoSec 363

InfoSec Password Management Passwords IoT 363

SC Magazine

MARCH 2, 2021

House Oversight and Homeland Security committees last week, SolarWinds’s former and current CEOs blamed an intern for creating a weak FTP server password and leaking it on GitHub – an act which may or may not have contributed to a supply chain hack that impacted users of the tech firm’s Orion IT performance monitoring platform.

Passwords 129

Passwords Password Management CISO InfoSec 129

Security Affairs

AUGUST 10, 2022

The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account.” cybersecurity #infosec #ransomware pic.twitter.com/kwrfjbwbkT — CyberKnow (@Cyberknow20) August 10, 2022. Pierluigi Paganini.

Ransomware 134

Ransomware Hacking VPN Phishing 134

Security Affairs

FEBRUARY 18, 2020

Artifacts extracted from the FW analysis: Smartlock Passwords & User’s Logs. But it saves my time while hacking (I)IoT targets. SecurityAffairs – hacking IoT, Focaccia board). The post Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

IoT 126

IoT Hacking Firmware Advertising 126

Security Affairs

NOVEMBER 11, 2022

An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on Telegram. A threat actor ( 0x_dump ) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online. SecurityAffairs – hacking, Deutsche Bank).

Banking 98

Banking Hacking InfoSec Insurance 98

The Last Watchdog

JANUARY 28, 2019

The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. Xbash gets rolling by infecting one device, which then serves as the launch pad for deeper hacking forays limited only by the attacker’s initiative. Use a password manager. Everyone should be using one.

Passwords 196

Passwords Password Management Internet Internet 196

Security Boulevard

NOVEMBER 10, 2024

The episode also covers a notable Okta vulnerability that allowed someone to login without […] The post Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password appeared first on Shared Security Podcast.

Passwords 104

Passwords Cybersecurity Data privacy Data breaches 104

SecureWorld News

OCTOBER 6, 2021

Strong passwords make all the difference in a hacker's ability to breach your device or network.unless the sticky note with your super-strength password is taped to your computer. We all need a strong password to prevent being hacked! Linux #infosec pic.twitter.com/lzUlaxOVNJ — Security_Nerd (@itssecuritynerd).

InfoSec 98

InfoSec Passwords Cybersecurity Media 98

Security Affairs

JULY 13, 2020

Records of 45 Million+ travelers to Thailand and Malaysia Leaked on #Darkweb (Blog Link) [link] #infosec #leaks #CyberSecurity pic.twitter.com/zHOujQ8CMm — Cyble (@AuCyble) July 12, 2020. SecurityAffairs – hacking, travelers). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mobile 145

Mobile InfoSec Data breaches Advertising 145

Security Affairs

JANUARY 19, 2020

This is the biggest leak of Telnet passwords even reported. According to ZDNet that first published the news, the list was leaked on a popular hacking forum by the operator of a DDoS booter service. The list includes the IP address, username and password for the Telnet service for each device. ” reported ZDNet.

IoT 118

IoT DDOS InfoSec Internet 118

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. It emerges that email marketing giant Mailchimp got hacked. ” SEPTEMBER.

Cryptocurrency 298

Cryptocurrency Cybercrime Computers and Electronics Scams 298

Security Boulevard

FEBRUARY 5, 2023

The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors.

Password Management 98

Password Management Passwords Accountability Phishing 98

Security Affairs

OCTOBER 17, 2021

An alleged member of the @HotarusCorp leaked on a hacking forum a link to a file containing 6500 records (Email, Identity Card numbers, and passwords) that claims to Ministry of Finance. breach #infosec #deepwebnews @FinanzasEc @EcuCERT_EC pic.twitter.com/WTbXz8EYLx — Security Chronicle (@SecurChronicle) February 23, 2021.

Banking 123

Banking InfoSec Cyber Attacks Cybercrime 123

Troy Hunt

NOVEMBER 21, 2017

Obviously, the work I've been doing with Have I Been Pwned (HIBP) has given me a heap of insight into this specific area of infosec over the last 4 years and the folks from DC felt my views on things might be helpful. That was all great and I was happy to share my thoughts from the other side of the world.

Data breaches 232

Data breaches InfoSec Backups IoT 232

SiteLock

AUGUST 27, 2021

One year ago in February, the major eBay hack was in progress, eventually resulting in over 233 million passwords being stolen. 10 Million Passwords Leaked Online. Security consultant Mark Burnett leaked 10 million usernames and passwords online through his personal blog last week, in a very risky move.

Passwords 95

Passwords Cybersecurity Internet Internet 95

Security Boulevard

AUGUST 15, 2021

Over $600 million stolen in the largest DeFi cryptocurrency hack in history, attackers are getting around $10k for stolen network access credentials, and why your identity is trapped inside a social network and what this means for the next potential evolution of the Internet…the metaverse! ** Links mentioned on the show ** Apple to refuse […].

Cryptocurrency 105

Cryptocurrency Hacking Internet Internet 105

Troy Hunt

JUNE 30, 2024

An email address, handle or password used somewhere else that links to their identity. It's not just the hacking itself, this is often accompanied by a ransom demand which piles on yet another criminal activity that needs to be referred to the authorities. A dropped VPN connection.

Data breaches 277

Data breaches Government InfoSec Passwords 277

Security Affairs

SEPTEMBER 12, 2023

cybersecurity #infosec pic.twitter.com/ZvqtEUTBQn — CyberKnow (@Cyberknow20) September 9, 2023 The attack on Telegram does not appear to be politically motivated like other offensives conducted by the hacker group. Its these type of spiteful, vengeful attacks that put doubt on the state controlled narrative of the group.

DDOS 131

DDOS Accountability InfoSec Hacking 131

Security Boulevard

OCTOBER 6, 2024

Also covered are NIST’s updated password guidelines, eliminating complexity rules and […] The post Kia Security Flaw Exposed, NIST’s New Password Guidelines appeared first on Shared Security Podcast. The post Kia Security Flaw Exposed, NIST’s New Password Guidelines appeared first on Security Boulevard.

Passwords 64

Passwords Authentication Data privacy Cyber threats 64

Troy Hunt

JANUARY 3, 2019

Of the ones I can talk about, they included: Microsoft in Copenhagen: Thanks @troyhunt , fun and interesting talk in copenhagen today #happyaussieday #infosec #haveibeenpwned pic.twitter.com/vrNQNb6Po5 — Finn Strand (@finnstrand) January 26, 2018. SSW in Sydney: How safe is your #password ?! troyhunt is here to help.

Passwords 214

Passwords Technology Government InfoSec 214

Security Affairs

JANUARY 28, 2021

AddressIntel is actively tracking malicious #phishing #malware address [link] #Italy since 2021-01-25 #cybersecurity #infosec Follow trends and statistics on [link] — AddressIntel (@AddressIntel) January 25, 2021. SecurityAffairs – hacking, Intel). ” read the advisory published by Italy’s CERT-AGID (Italian language).

Malware 130

Malware Phishing InfoSec Cryptocurrency 130

Security Affairs

OCTOBER 9, 2022

Everest ransomware operators claimed to have hacked South Africa state-owned company ESKOM Hld SOC Ltd. At the same time, the Everest Ransom gang posted a claim about the hack of the South African state-owned electricity company. SecurityAffairs – hacking, ESKOM). Is having some server issues. Price 200,000 $.

Energy and Utilities 102

Energy and Utilities Ransomware InfoSec Hacking 102

Hot for Security

FEBRUARY 16, 2021

Because modern seismic stations are now implemented as an Internet-of-Things (IoT) station – and just as insecure as any other IoT device – Samios and his colleagues were able to identify threats to the equipment that infosec pros typically find in common IoT gear, from smart doorbells to security cams.

IoT 128

IoT InfoSec Data collection Encryption 128

Security Affairs

APRIL 21, 2020

. “The IDRM Linux virtual appliance was analysed and it was found to contain four vulnerabilities, three critical risk and one high risk: Authentication Bypass Command Injection Insecure Default Password Arbitrary File Download. The latest version Agile InfoSec has access to is 2.0.3, ” the expert wrote on GitHub.

Risk 137

Risk Authentication Advertising InfoSec 137

Security Affairs

MARCH 13, 2023

More at: [link] #cybersecurity #InfoSec #VulnerabilityManagement pic.twitter.com/hNwDHFaPtt — CISA Cyber (@CISACyber) March 10, 2023 “This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. .”

Media 98

Media InfoSec Password Management Engineering 98

Daniel Miessler

MAY 19, 2020

Verizon’s Breach Report is one of the best infosec reports out there, and I’m always excited when I hear it’s been released. 45% of breaches involved Hacking. Hacking, social, and malware have fallen the most. The top malware type is Password Dumper, because it really is about getting those creds.

Data breaches 130

Data breaches Phishing Malware Hacking 130

SecureWorld News

APRIL 17, 2022

As a simple example, consider the idea of passwords. It was once the case that passwords were a cornerstone of the role of humans in cybersecurity. You would choose a password that only you knew, and without that password, no one could get access to your account. There is also the idea of password management software.

Cybersecurity 96

Cybersecurity Passwords Technology Password Management 96

Security Affairs

JULY 8, 2020

infosec #CVE pic.twitter.com/IqmtfZ8WER — TeamAres (@TeamAresSec) July 7, 2020. ” Threat actors exploited the CVE-2020-5902 flaw to obtain passwords, create web shells, and infect systems with various malware. SecurityAffairs – hacking, BIG-IP). Pierluigi Paganini.

Advertising 145

Advertising InfoSec Government Healthcare 145

Security Boulevard

OCTOBER 16, 2022

Former Uber CSO Joe Sullivan was found guilty of obstructing a federal investigation in connection with the attempted cover-up of a 2016 hack at Uber, NIST and Microsoft say that mandatory password expiration is no longer needed but many organizations are still doing it, and how fake executive profiles are becoming a huge problem for […].

Passwords 52

Passwords CSO Hacking Accountability 52

Security Affairs

MAY 7, 2021

HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. Passive Recon & OSINT: First of all (even without attempting to open the token) we can immediately notice our best-hardware-hacking-friend: the FCC ID.

Firmware 105

Firmware Passwords Password Management Encryption 105

Security Boulevard

FEBRUARY 27, 2023

If supermarkets can apply this type of thinking and control, how does this align with infosec & cybersecurity? This is why we have so many different usernames and passwords for all sorts of businesses and services. The post If Infosec Was a Supermarket Business appeared first on Security Boulevard. Download it on Github.

InfoSec 52

InfoSec Cybersecurity Risk Technology 52

The State of Security

MARCH 21, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 14, 2022. I’ve also included some comments on these stories.

InfoSec 94

InfoSec Cybersecurity Passwords Ransomware 94

The Security Ledger

MAY 8, 2019

Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock. Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock. The Persistence of Passwords.

Passwords 40

Passwords Password Management Authentication InfoSec 40

ForAllSecure

MARCH 8, 2023

Booth babes and rampant sexism were more of a problem in infosec in the past. It’s about challenging our expectations about the people who hack for a living. I know there was a period when several InfoSec people, myself included, said we will not be on panels unless there's diversity represented on said panel.

InfoSec 40

InfoSec Engineering CSO Technology 40

Thales Cloud Protection & Licensing

SEPTEMBER 27, 2022

Can you get hacked if you hide your computer?". Here are two of our favorites by Infosec blogger John Oppdenaker on Twitter: My password was hacked. I was going to change my password to one of my favorite places in France, but is it Toulon (too long!)? How do I change my password?". Phishing season!

Cybersecurity 71

Cybersecurity Passwords InfoSec Data privacy 71

The Security Ledger

SEPTEMBER 26, 2019

Also: Breaking Bad Security Habits Spotlight Podcast: Security Automation is (and isn’t) the Future of Infosec Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy. I think there’s a difference between the password going away – so not having a password – and us not caring that we have a password anymore.

Passwords 40

Passwords Authentication InfoSec Accountability 40

Security Through Education

JANUARY 18, 2023

Perhaps we thought, who would want to hack a completely unknow person like me? The Cybersecurity & Infrastructure Security Agency , lists the following 4 steps to protect yourself: Implement multi-factor authentication on your accounts and make it significantly less likely you’ll get hacked. Update your software.

Cybersecurity 98

Cybersecurity Social Engineering Scams IoT 98