Troy Hunt

APRIL 24, 2020

References The COVID19 Australia Twitter account is a great source of empirical data (we're weathering the pandemic exceptionally well down here) The next workshop I'll be doing is "in" Oslo for NDC in June (this will be my 7th NDC Oslo, just the first one, well, not actually in Oslo!) Nanoleaf is kinda cool ?? (I

Passwords 197

Passwords Accountability 197

Notice Bored

AUGUST 5, 2022

A glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning.

CISO 63

CISO Risk Artificial Intelligence Marketing 63

Hacker's King

OCTOBER 26, 2024

Activities during this week include engaging workshops, informative webinars, and community events, all designed to empower individuals with the knowledge and skills necessary to navigate today’s cyber threats effectively. Change them regularly and avoid reusing passwords across different accounts.

Cybersecurity 59

Cybersecurity Cyber threats Education Passwords 59

Troy Hunt

MAY 11, 2018

We cover off a bunch of bits and pieces related to things we're working on together (workshops and Report URI) as well as some (mostly) commonly held views about HTTPS, EV certs and visual indicators. Oh - and I forgot to mention killing off the non-anonymous endpoints for Pwned Passwords last week so that's in here this week too.

Passwords 126

Passwords 126

Troy Hunt

FEBRUARY 23, 2019

Along with a private Sydney workshop earlier on, I'm talking about some free upcoming NDC meetup events in Brisbane and Melbourne and I'd love to get a great turnout for. In other news, there was old news appearing as new news about how hosed you are if your machine is compromised with the level of hosing extending to your password manager.

Password Management 169

Password Management Passwords Risk 169

Troy Hunt

JANUARY 27, 2018

I talk about that below including the preceding days involving some pretty full on sledding in Norway, workshops, talks, ice, slush and snow. LastPass is sponsoring my blog this week (if you don't already have a password manager, you're doing it wrong!). iTunes podcast | Google Play Music podcast | RSS podcast.

InfoSec 135

InfoSec Password Management Passwords 135

Troy Hunt

DECEMBER 17, 2017

Let me demonstrate precisely the problem: have a look at this code from a blog post about how to build a password reset feature (incidentally, read the comment from me and you'll understand why I'm happy sharing this here): There are two SQL statements here: the first one is resilient to SQL injection. "god rights").

Data breaches 236

Data breaches Education Passwords Penetration Testing 236

Troy Hunt

JANUARY 3, 2019

So yes, travel went up but I also did a bunch of remote workshops which helped keep that down, as well sending Scott Helme to run in-person ones that contributed to keeping me on Aussie soil. SSW in Sydney: How safe is your #password ?! TECHpalooza on the Gold Coast: We’ve got a password problem. troyhunt is here to help.

Passwords 225

Passwords Technology Government InfoSec 225

Troy Hunt

JUNE 10, 2019

Increasingly, I was writing about what I thought was a pretty fascinating segment of the infosec industry; password reuse across Gawker and Twitter resulting in a breach of the former sending Acai berry spam via the latter. And while I'm on Sony, the prevalence with which their users applied the same password to their Yahoo!

Data breaches 279

Data breaches Passwords InfoSec Accountability 279

Troy Hunt

MARCH 1, 2018

My congressional testimony in the US was a very public example of that, less so are the dozens of conversations I've had in all sorts of settings including during conferences, workshops and over coffees and beers.

Government 226

Government Data breaches Passwords Authentication 226

CyberSecurity Insiders

JUNE 13, 2023

Learn about strong password creation, multi-factor authentica-tion, secure browsing habits, and data encryption. Implement Strong Password Practices: Passwords serve as the first line of defense against unauthorized access to your online accounts. Utilize a password manager to securely store and generate strong passwords.

Cybersecurity 93

Cybersecurity Education Cyber threats Passwords 93

Security Affairs

AUGUST 8, 2020

The analysis of the file system of the vehicle’s Telematics Control Unit (TCU), to which they gained access by obtaining an interactive shell with root privileges, they uncovered passwords and certificates for the backend server. ” continues the research. ” the paper concluded.

Hacking 145

Hacking Advertising Mobile Engineering 145

Thales Cloud Protection & Licensing

APRIL 7, 2022

The reputation is well-deserved when you consider that we (the cybersecurity team) tell users to create a unique password for each account to increase security. According to Gartner, 20 – 50% of help desk calls are for password reset – which is an expensive burden for any help desk.

Passwords 71

Passwords Password Management Authentication Social Engineering 71

Duo's Security Blog

OCTOBER 6, 2023

Shrink the attack surface by reducing password usage with passwordless SSO and make it faster and more convenient for users to get to the apps they need – whether SaaS-based or private. For strategic guidance and access to hands-on labs, register for one of our free Zero Trust Workshops. ZTNA) – regardless of location or protocol.

Authentication 144

Authentication Risk Social Engineering InfoSec 144

Adam Levin

AUGUST 21, 2019

A non-profit called the National Cyber Security Alliance offers a series of in-person, highly interactive and easy-to-understand workshops based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Make sure employees know what good password practices look like. For-profit choices are legion.

Phishing 138

Phishing Accountability Hacking Cybersecurity 138

SecureWorld News

AUGUST 7, 2024

The annual Black Hat conference, happening this week in Las Vegas, is renowned not only for its cutting-edge presentations and workshops but also for its robust cybersecurity measures that protect the large event from malicious threat actors.

Firewall 117

Firewall Cybersecurity Threat Detection Cyber threats 117

Troy Hunt

DECEMBER 20, 2017

It was being sold for 5 Bitcoins: That's over US$80k in today's money but back then, it was only a couple of grand (which actually, seems like pretty good value for 167 million accounts and passwords stored as unsalted SHA1 hashes). When I run workshops , at the end of the second day I like to talk about automating security.

Data breaches 140

Data breaches Marketing Penetration Testing Government 140

Troy Hunt

JANUARY 10, 2018

Much of this is simply due to lack of awareness; I must have taught 50 security workshops where the vast majority of attendees had simply never heard of CSP before. This is poor form as it can break tools that encourage good security practices such as password managers. Let them paste passwords! Why do websites do this?

Hacking 279

Hacking Government Encryption Risk 279

CyberSecurity Insiders

SEPTEMBER 24, 2021

Therefore, you need to invest in your employees by conducting cybersecurity workshops and training regularly. Let your staff know about the significance of maintaining strong and unique passwords. Create awareness about the IT policies surrounding data protection and loss. .

Cybersecurity 90

Cybersecurity Data breaches Backups Firewall 90

Jane Frankland

OCTOBER 17, 2023

Then there’s the promise of free content, software, and products; and using unsecured public wi-fi networks, or weak passwords. Alternatively, reusing passwords, sharing passwords; and simply ignoring browser software updates. Provide access to relevant training courses, certifications, workshops, or conferences.

Security Awareness 124

Security Awareness Education Cybersecurity Data breaches 124

CyberSecurity Insiders

MARCH 25, 2021

Although this does take time, with training and upskilling programs , insightful workshops, and “Hacker Fridays” (where employees can try to hack a specific smart device), team members will become more capable of dealing with the new diagnostics support work, as well as any general IoT problems. 5 Be aware of your operating landscape.

IoT 100

IoT Authentication Passwords Data collection 100

Troy Hunt

MARCH 2, 2020

How HIBP runs across the various Azure services, the Cloudflare dependencies, how I recover if things go wrong and then how that's managed across different autonomous parts of the project such as the HIBP website, the Pwned Passwords service etc etc. I spoke at CERN.

Data breaches 361

Data breaches Marketing Cyber Insurance InfoSec 361

Troy Hunt

NOVEMBER 25, 2020

I can't blame this on the teddy bears themselves, rather the fact that the MongoDB holding all the collected data was left publicly facing without a password. It made it easy for all the existing devices to jump onto the new network (I used the same password from the v1 network) and it gives me the option to segment traffic later on.

IoT 363

IoT Firmware Risk Encryption 363

Pen Test Partners

FEBRUARY 19, 2024

credit unions, internal notes, and clients’ full names, home and email addresses, and plaintext passwords. Leverage trusted external partners for Risk Assessments, Team Training Workshops, TTX, bi-annual Penetration Tests, etc. Establish a continuous security mentality Security can’t simply be a point in time (e.g.,

Banking 72

Banking Penetration Testing Small Business Accountability 72

eSecurity Planet

APRIL 9, 2024

Is there cybersecurity training on best practices, including setting strong passwords in accordance with the organization’s policy? Encourage strong password practices: Provide tips on how to create complex passwords and use password management tools. Teach them how to verify the sender’s address and URL.

Risk 108

Risk Threat Detection Data breaches Encryption 108

Security Through Education

MARCH 3, 2021

For example, a phony email stating that your online bank account has been compromised and requires a new password will elicit fear in most people. In addition, the emotion of fear can be elicited by a phony email stating that your online bank account has been compromised and requires the password. Still on the fence about attending?

Social Engineering 64

Social Engineering Hacking Engineering Banking 64

Hackology

NOVEMBER 15, 2023

The bedrock of these controls is enforcing password complexity requirements, ensuring that all users have unique, hard-to-crack passwords. While ensuring the set conditions are not so stringent that users start making sequential passwords which are even easier to brute-force. Yet, password measures alone may not suffice.

Network Security 49

Network Security Firewall Cyber threats Passwords 49

CyberSecurity Insiders

JUNE 17, 2023

These authentication factors can range from something you know (like a password), something you have (like a hardware token or a mobile device), to something you are (biometric data like fingerprint or face recognition). This makes unauthorized access exponentially more challenging, thereby offering enhanced protection against identity theft.

Identity Theft 59

Identity Theft Authentication Architecture Mobile 59

Responsible Cyber

JULY 13, 2024

Workshops and Seminars : Attending industry conferences, workshops, and seminars provides exposure to the latest trends and practices. This can include workshops, seminars, and hands-on labs that cover current cybersecurity threats, tools, and best practices.

Education 52

Education Cybersecurity Cyber threats Technology 52

McAfee

FEBRUARY 3, 2020

Global single sign-on services can ensure that users’ access is removed from all services when they leave the organization, as well as reduce the risk of data loss from password reuse. In a non-SSO service, users often call the helpdesk team when they’ve forgotten their passwords , so SSO has the added benefit of reducing call volume.

Technology 52

Technology Marketing Passwords Data collection 52

BH Consulting

AUGUST 9, 2022

The ongoing campaign has targeted more than 10,000 Office 365 organisations since September 2021, using ‘adversary in the middle’ (AiTM) sites to steal passwords and hijack login sessions. The two-year part-time course will mainly be delivered through distance learning, with occasional one-day workshops on campus.

Cybercrime 52

Cybercrime Accountability Phishing Authentication 52

eSecurity Planet

APRIL 12, 2024

Customize training materials to address these specific concerns, including data handling protocols, password management , and phishing attempt identification. Encourage regular talks, training, and awareness workshops to help integrate DLP practices into the organization’s culture.

Backups 134

Backups Encryption Data breaches Risk 134

Identity IQ

JUNE 1, 2023

Phishing attacks refer to fraudulent attempts, usually through email or messaging platforms, to deceive individuals into revealing sensitive information like passwords, credit card details, or Social Security numbers. Use a password manager to securely store and manage your passwords. Phishing attacks.

Social Engineering 52

Social Engineering Scams Engineering Identity Theft 52

eSecurity Planet

APRIL 14, 2023

By requiring users to provide two forms of authentication, such as a password and a security token , 2FA can significantly reduce the risk of unauthorized access to online accounts and other resources. Bot protection requires a multi-layered approach that involves a combination of these techniques and measures.

Software 109

Software DDOS Accountability Firewall 109

Duo's Security Blog

MARCH 3, 2021

The annals of cybersecurity are particularly filled with attacks that were facilitated by devices that didn’t have their data stores encrypted, devices that didn’t have their firewalls enabled, and devices that didn’t even have a viable password. Learn more by visiting Duo Zero Trust Security.

Architecture 52

Architecture Authentication CISO Risk 52

Krebs on Security

AUGUST 12, 2022

The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system. It had the username and password for the system printed on the machine.

Firmware 240

Firmware Manufacturing Passwords Software 240

Troy Hunt

NOVEMBER 8, 2021

They'd left a MongoDB instance exposed to the public without a password and someone had snagged all their data. When someone passed me hundreds of thousands of records on kids taken from CloudPets a few years ago , I had a nightmare of a time getting in touch with the company. But I can make mistakes. Coding mistakes.

Scams 72

Scams Data breaches InfoSec Social Engineering 72