Troy Hunt

JULY 12, 2019

So "Plan A" was to publish Pwned Passwords V5 on Tuesday but a last-minute check showed control characters had snuck in due to the quality (or lack thereof) of the source data. References Scott will be running my Hack Yourself First workshop in Glasgow next week (this is the last stop on the UK tour, get in while you still can!)

Data breaches 207

Data breaches Passwords Accountability Hacking 207

Security Affairs

AUGUST 8, 2020

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. The experts said that they did not manage to hack any critical safety functions of the tested vehicles. SecurityAffairs – hacking, Mercedes). ” continues the research.

Hacking 145

Hacking Advertising Mobile Engineering 145

Notice Bored

AUGUST 5, 2022

A glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning.

CISO 63

CISO Risk Artificial Intelligence Marketing 63

Troy Hunt

JANUARY 3, 2019

So yes, travel went up but I also did a bunch of remote workshops which helped keep that down, as well sending Scott Helme to run in-person ones that contributed to keeping me on Aussie soil. SSW in Sydney: How safe is your #password ?! TECHpalooza on the Gold Coast: We’ve got a password problem. troyhunt is here to help.

Passwords 232

Passwords Technology Government InfoSec 232

Security Through Education

MARCH 3, 2021

Malicious actors use emotions in human hacking with a high success rate. For example, a phony email stating that your online bank account has been compromised and requires a new password will elicit fear in most people. Learn More About Emotions and Human Hacking. The Human Hacking Conference is happening March 11-13, 2021.

Social Engineering 64

Social Engineering Hacking Engineering Banking 64

Adam Levin

AUGUST 21, 2019

Capital One’s announcement of a hack that affected more than 100 million people should have you asking not what, but who’s in your wallet. Bob from accounting goes on vacation with his laptop, and the next thing you know, millions of customers get hacked. Ever heard about a tortoise getting hacked? Attacks happen.

Phishing 138

Phishing Accountability Hacking Cybersecurity 138

Troy Hunt

DECEMBER 20, 2017

It was being sold for 5 Bitcoins: That's over US$80k in today's money but back then, it was only a couple of grand (which actually, seems like pretty good value for 167 million accounts and passwords stored as unsalted SHA1 hashes). When I run workshops , at the end of the second day I like to talk about automating security.

Data breaches 148

Data breaches Marketing Penetration Testing Government 148

Troy Hunt

NOVEMBER 25, 2020

I can't blame this on the teddy bears themselves, rather the fact that the MongoDB holding all the collected data was left publicly facing without a password. It made it easy for all the existing devices to jump onto the new network (I used the same password from the v1 network) and it gives me the option to segment traffic later on.

IoT 363

IoT Firmware Risk Manufacturing 363

CyberSecurity Insiders

SEPTEMBER 24, 2021

The Internet network is vulnerable as cybercriminals are lurking online, waiting to intercept loopholes for hacking systems. Therefore, you need to invest in your employees by conducting cybersecurity workshops and training regularly. Let your staff know about the significance of maintaining strong and unique passwords.

Cybersecurity 90

Cybersecurity Data breaches Backups Firewall 90

CyberSecurity Insiders

MARCH 25, 2021

Although this does take time, with training and upskilling programs , insightful workshops, and “Hacker Fridays” (where employees can try to hack a specific smart device), team members will become more capable of dealing with the new diagnostics support work, as well as any general IoT problems.

IoT 100

IoT Authentication Passwords Data collection 100

Troy Hunt

MARCH 2, 2020

My boss was an arsehole (there was broad consensus on that noun), but I stuck it out and dealt with it until circumstances were such that there was a better path forward; ultimately, a redundancy with a nice payout (I cover this in my Hack Your Career talk ). Many of them felt wrong. I spoke at CERN.

Data breaches 363

Data breaches Marketing Cyber Insurance InfoSec 363

Krebs on Security

AUGUST 12, 2022

The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system. It had the username and password for the system printed on the machine.

Firmware 241

Firmware Manufacturing Passwords Software 241

Troy Hunt

NOVEMBER 8, 2021

They'd left a MongoDB instance exposed to the public without a password and someone had snagged all their data. Maybe on hack-yourself-first.com 🤣 Clearly, I didn't forget and I also didn't forgive and he probably should have expected me (sorry, couldn't help myself!) But I can make mistakes.

Scams 72

Scams Data breaches InfoSec Social Engineering 72

Troy Hunt

JANUARY 3, 2020

NewPassword: passw0rd ConfirmPassword: passw0rd This is a real request from my Hack Yourself First website I use as part of the workshops Scott Helme and I run. You can go and create an account there then try to change the password and watch the request that's sent via your browser's dev tools. Why is this possible?

Passwords 333

Passwords Accountability Hacking Risk 333

ForAllSecure

SEPTEMBER 21, 2021

The FTC claims that spy phones secretly harvested and shared data on people's physical movements phone news online activities through a hidden hack. It's about challenging our expectations about the people who hack for a living. It doesn't take leet hacking skills. It's an important topic, with real human consequences.

Technology 52

Technology Software Surveillance Media 52

Krebs on Security

OCTOBER 5, 2018

But here’s the thing: Even if you identify which technology vendors are guilty of supply-chain hacks, it can be difficult to enforce their banishment from the procurement chain. A belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories.

Computers and Electronics 264

Computers and Electronics IoT Technology Manufacturing 264