Consumer security website and email alert system
POPULARITY
Drex covers three critical cybersecurity stories in healthcare: Kettering Health Network's ransomware crisis affecting 14 hospitals with patient data at risk, a landmark $700,000 civil penalty against Breach Forums founder Connor Fitzpatrick, and the release of Have I Been Pwned (HIBP) 2.0 with enhanced breach monitoring capabilities. Stay informed on the latest healthcare security threats and solutions.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer
Malaysian Government on HIBP; The HIBP Partner Ecosystem; The Final Day of Coding Before Relaunch; WE’RE DOING MERCH!!! ; Sponsored by 1Password https://www.troyhunt.com/weekly-update-452/See omnystudio.com/listener for privacy information.
Welcome to another episode, where we are thrilled to have Troy Hunt, a renowned cyber security expert and the creator of Have I Been Pwned (HIBP), join us. With over 20 years of experience in the technology industry, Troy has become a leading voice in the field, sharing his knowledge through his blog, speaking engagements, and media appearances. Troy's journey as an independent researcher and consultant has earned him a reputation for his deep understanding of data breaches and his ability to communicate complex cyber security concepts to a wide audience. His work on HIBP has been instrumental in raising awareness about the importance of online security, helping countless individuals and organisations protect their personal information.
Hey there, tech detectives and cyber sleuths! Grab your headphones and get ready for another wild ride through the digital jungle with Erich and Javvad. This week, we're diving into a hot mess at Hot Topic (pun totally intended) that's left 57 million people saying 'Uh-oh!' Plus, we'll take you on a typhoon-fueled adventure as China's notorious Volt Typhoon crew makes a shocking comeback. It's like a cyber soap opera, but with way more zeroes and ones! So, buckle up, buttercup – it's time to unravel these tangled webs of tech drama! Stories from the show: HIBP notifies 57 million people of Hot Topic data breach https://www.bleepingcomputer.com/news/security/hibp-notifies-57-million-people-of-hot-topic-data-breach/ China's Volt Typhoon crew and its botnet surge back with a vengeance https://www.theregister.com/2024/11/13/china_volt_typhoon_back/ Amazon MOVEit Leaker Claims to Be Ethical Hacker https://www.infosecurity-magazine.com/news/amazon-moveit-leaker-claims/
US Travel Updates; Cloudflare and Pwned Passwords; Cloudflare and security.txt; HIBP's Massive Edge Caching Project; Sponsored by Lithnet https://www.troyhunt.com/weekly-update-419/See omnystudio.com/listener for privacy information.
In Folge 9 von Passwort reden Christopher und Sylvester über eine Reihe von Security-News der letzten Tage: Die weltgrößte Zertifizierungsstelle Let's Encrypt will das Open Certificate Status Protocol (OCSP) loswerden und Secure Boot kämpft, mal wieder, mit Problemen und Schlampereien. Außerdem reden die Hosts über einen neuen Passwort-Check bei GMX und Web.de und die Security von Blockchain- Projekten – anlässlich eines aktuellen besonders teuren Malheurs. Das Urgestein GhostScript macht mit einen Sicherheitsproblem auf sich selbst und vor allem auf den interessanten Charakter des Formats PostScript aufmerksam. * c't-Artikel über Zertifikatswiderrufe: https://heise.de/-9642194 * Folge der c't Auslegungssache zum Thema „Datenlecks verhindern“: https://heise.de/-9762321 * c't-Artikel zu Mailpasswörtern im neuen Outlook: https://www.heise.de/select/ct/2023/28/2331715395648017635 * https://www.web3isgoinggreat.com
Authorities unmask criminals behind malware loaders 3 billion records stolen from background check firm Creds for 361 million accounts added to HIBP Thanks to today's episode sponsor, Conveyor What are infosec teams measuring these days? More often than not, their impact on the business through revenue. A director of GRC told us the most direct value for their CEO was showing the efficiencies and the dollars that security has been able to bring in from enabling sales through the security review. See how best in class infosec teams measure their performance in Conveyor's ultimate guide to the security review KPIs that matter. Go to www.conveyor.com and click the banner at the top. For the stories behind the headlines, visit CISOseries.com.
German Government on HIBP; WoTLabs Breach; Онлайн Трейд Breach; HIBP DB Rollover Updates; HIBP UX Work; Sponsored by Kolide https://www.troyhunt.com/weekly-update-390/See omnystudio.com/listener for privacy information.
The Trello Scrape; MOAB (Mother of all Beat-ups); Clarifying Product Tiers on HIBP; Cyber Security MP HIBP Shout-out; Sponsored by Report URI https://www.troyhunt.com/weekly-update-384/See omnystudio.com/listener for privacy information.
In thie episode, Erich and Javvad are talking about the SEC Twitter/x/whateveritis account getting hacked, a vulnerability in Bosch thermostats, the NCA director getting sacked over using personal accounts for sensitive info, and more! Check us out on LinkedIn, YouTube or as an audio-only podcast on all of your favorite platforms Some stories from the show: Have I Been Pwned adds 71 million emails from Naz.API stolen account list https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-71-million-emails-from-nazapi-stolen-account-list/ Bosch thermostats vulnerable to malware attacks https://www.scmagazine.com/brief/bosch-thermostats-vulnerable-to-malware-attacks Senators Want Better SEC Cybersecurity After EFT-Related Hack https://www.pymnts.com/cybersecurity/2024/senators-want-better-sec-cybersecurity-after-eft-related-hack/ NCA director sacked after WhatsApp and email security breaches https://www.computerweekly.com/news/366566272/NCA-director-sacked-after-WhatsApp-and-email-security-breaches
Chinese drones considered national security threat PixieFail could spell trouble for cloud providers Have I Been Pwned adds “statistically significant” data leak Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy's automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That's Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines.
Scammers, Spammers and ChatGPT; Data Breach Misattribution; HIBP and API Domain Searches; Twitter Subscription for Breach Insights; Sponsored by Kolide https://www.troyhunt.com/weekly-update-344/See omnystudio.com/listener for privacy information.
The WA Cyber Security Innovation Hub is excited to be delivering the second CyberWest Summit, 10-11 May, 2023 at the Pan Pacific, Perth WA. CyberWest Summit is WA's flagship event providing cyber security education and awareness to key sectors and highlighting WA cyber security capabilities.The conference will deliver three content streams: Critical Infrastructure & Supply Chain Cyber Uplift, Securing Local & State Government, and Cyber Skills & Education Pathways.Troy Hunt, a world leading security researcher and commentator, will deliver a top-rated keynote on security and other technology concepts from around the world.Troy Hunt created HIBP as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.For more information visithttps://www.cyberwestsummit.com.au/https://haveibeenpwned.com/https://www.troyhunt.com/#haveIbeenpwned #troyhunt #cyberwest2023 #cyberwestsummit2023Recorded 8 March, 2023 for MySec.TV
Live from Copenhagen with Scott Helme; Oslo Wedding Celebrations; HIBP's 9th Birthday; Medibank Ransom; Data Breach Fines; Sponsored by Kolide https://www.troyhunt.com/weekly-update-324/See omnystudio.com/listener for privacy information.
Episode #25 with Troy Hunt! Quarter of a century, in this episode Ben is joined by the legendary Troy Hunt, founder of #haveibeenpwned, now leveraged by billions of people worldwide including over 30 international governments and plenty of agencies with 3 letter acronyms. Troy and Ben go deep into digital Identities, #passwords, haveibeenpwned, the Optus breach from Troy's eyes and try to unravel what needs to change to prevent our numerical string that represents us digitally from being #pwned in the future. Show Notes; 00:00 Who is Troy Hunt (Wikipedia Style) 05:35 The origin story 12:00 haveibeenpwned (HIBP) 25:39 API Economy + HIBP use cases 37:00 Future of Digital Identities 47:00 Optus Breach 57:00 The final Q Troy Hunt's book; https://bigmachine.io/products/pwned/ Troy's Blog; https://www.troyhunt.com/ Biography Troy Hunt is an Australian Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security. Whilst Troy doesn't work for Microsoft, they recognise Troy through his distinguished community contributions like many other awards he has recieved over the years. Troy is found regularly at industry and non-industry events as the keynote speaker and even testifying before US Congress on issues relating to data breaches. Troy Hunt, founded the community data breach notification service haveibeenpwned (HIBP), a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web. As well as being a useful service for the community, HIBP is leveraged by over 30+ federal governments, even more 3 letter acronym'd organisations, globally and billions of people. --- Send in a voice message: https://anchor.fm/dark-mode-podcast/message
Rickrolling Content Scrapers; Shanghai Police Breach; HIBP's Use of SHA-1 and k-Anonymity Explained; Polish Gov on HIBP; MVP 12; Sponsored by CrowdSec https://www.troyhunt.com/weekly-update-303/ See omnystudio.com/listener for privacy information.
Upcoming Events; 7 Years Independent; Bought a Drone; Password Brute Force Chart; RaidForums Takedown; North Macedonia Gov on HIBP; Sponsored by Detack https://www.troyhunt.com/weekly-update-291/ See omnystudio.com/listener for privacy information.
IoT'ing the Kids' Showers; Twitter Psych Thread; CafePress Breach and the FTC; Unique Email Addresses; Questionable Govs on HIBP; Sponsored by CrowdSec https://www.troyhunt.com/weekly-update-287/ See omnystudio.com/listener for privacy information.
Back in Sydney (and a Live Audience); DigiCert and Website Identity Verification Insanity; The New Zealand Government is Now on HIBP; Sponsored by Varonis https://www.troyhunt.com/weekly-update-283/ See omnystudio.com/listener for privacy information.
¿Si no usamos Radar Covid para qué sirve? / Navegador web para Android Automotive / Más gobiernos se suman a HIBP / TikTok dominio más popular del mundo / AirPods de Lidl / Cortana casi se llama Bingo Patrocinador: Descubre los nuevos Xiaomi 11T y Xiaomi 11T Pro https://www.mi.com/es/product/xiaomi-11t/, dos móviles de cine que tienen todo lo que necesitas: una pantalla de 120 Hz para el disfrute permanente de tus ojos, y una carga ultra-rápida de 120W que permite recargar tu móvil por completo en tan solo 17 minutos. https://www.mi.com/es/product/xiaomi-11t-pro ¿Si no usamos Radar Covid para qué sirve? / Navegador web para Android Automotive / Más gobiernos se suman a HIBP / TikTok dominio más popular del mundo / AirPods de Lidl / Cortana casi se llama Bingo
New Elgato Key Lights; #pwnedmas Books Shipped; In-Person Talk; Ubiquiti (Insider) Breach; Explicit Breach Descriptions in HIBP; Sponsored by 1Password https://www.troyhunt.com/weekly-update-272/ See omnystudio.com/listener for privacy information.
I Bought AirTags; My COVID in Australia Thread; The Czech Republic is on HIBP; Burning of Your Fingertips and Biometrics See omnystudio.com/listener for privacy information.
Apple & Child Abuse Material; AirTags Tracking for Good & Evil; Turkish Gov on HIBP; Firefox 91 and HTTPS; Why No HTTPS? Sponsored by Varonis https://www.troyhunt.com/weekly-update-256/ See omnystudio.com/listener for privacy information.
The COVID Situation Here; IoT Additions & Problems; REvil Ransomware; Dutch Gov on HIBP; 11th MVP Award; Sponsored by Varonis https://www.troyhunt.com/weekly-update-251/ See omnystudio.com/listener for privacy information.
The COVID Situation Here; LinkedIn Scraped Data; IoT This Week; Network Flakiness; The Slovak Republic on HIBP; Sponosred by Axonius https://www.troyhunt.com/weekly-update-249/ See omnystudio.com/listener for privacy information.
Queensland Holiday; Spam Still Sucks; McAfee Dead; Charlotte's New Lenovo X1 Extreme; IoT Button Panels; Jamaican Gov on HIBP; Sponsored by ANY.RUN https://www.troyhunt.com/weekly-update-249/ See omnystudio.com/listener for privacy information.
Ask Me Anything; iFixit Kit; Shelly Dimmers & Zigbee Downlights; NordLocker & “Nameless Malware”; Finnish Gov on HIBP; Sponsored by Axonius https://www.troyhunt.com/weekly-update-248/ See omnystudio.com/listener for privacy information.
It's Winter; Pwned Passwords & 1B; Heaps of HIBP Pull Requests; Dominican Republic on HIBP; Belgium on HIBP; Sponsored by safepass.me https://www.troyhunt.com/weekly-update-246/ See omnystudio.com/listener for privacy information.
In der 57. Ausgabe des Sevencast feiern Jonas und Jan den 3. Geburtstag der DSGVO. Passend dazu werden Themen rund um den Datenschutz besprochen, wie bspw. die Cookie-Banner. Darüber hinaus gibt es eine Vereinbarung zwischen HIBP und dem FBI. Wenn Sie zudem erfahren möchten, bei welchem Spiel Sie Jonas und Jan in einem Spielcasino treffen würden, sollten Sie unbedingt einschalten. Viel Spaß! --- Send in a voice message: https://anchor.fm/aware7/message
The fascinating tale of a bug that's baked into Apple's latest chip. Why the Aussie data breach warning site HIBP is partnering with the FBI. And a coronavirus tracking toolkit that fell foul of privacy rules. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity
S3 Ep35: Apple chip flaw, Have I Been Pwned, and Covid tracker trouble The fascinating tale of a bug that's baked into Apple's latest chip. Why the Aussie data breach warning site HIBP is partnering with the FBI. And a coronavirus tracking toolkit that fell foul of privacy rules. https://nakedsecurity.sophos.com/unpatchable-vuln-in-apples-new-mac-chip https://nakedsecurity.sophos.com/have-i-been-pwned-breach-site-partners-with-the-fbi https://nakedsecurity.sophos.com/regulator-fines-covid-19-tracker With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
What does cybersecurity look like today? Richard talks with Troy Hunt about the recent news around the Hafnium exploits. The FBI utilized the vulnerability created in Exchange servers to patch the servers and remove the exploit. Is this a good idea? Is it legal? The actions of the FBI lead to a broader conversation about modern cybersecurity - when time is of the essence, should the so-called white hats be able to get legal authority to act to protect people, companies, and property? What's the alternative?Links:The HAFNIUM ExploitsFBI BotNet TestimonyVastaamo Ransomware PodcastThe Hafnium Podcast EpisodeApollo Breach on HIBP
This week we covered: News Intel urges gamers to ditch Mac for Windows - come on like serious gamers use Macs! Assistive Apple Watch controls destined for Apple Glasses - amazing gesture controls! Silicon shortage - why did the car manufacturers pause when PC makers didn't? - money talks and car makers umm walk? Nvidia RTX 3080 Ti and RTX 3070 Ti price, specs and release date are official - so that's going to help with the shortages I guess Roundup of nine things we learned from the EPIC trial - money money money makes the game's world go round! HIBP goes open source and the FBI lends a hand - Troy Hunt leading the way in bringing security awareness to the masses Amazon buys MGM for $8.45 billion - The names Bezos, Jeff Bezos! Games MSFS 2020 latest patch cuts install size in half! - finally, my SSD can breathe! As always we'd love to hear your comments Find us on Twitter @WeeklyTechRant
Our reaction to the new Freenode developments, and Audacity's latest shock to the community. Plus Pwned Passwords goes open source, the public release of Fuchsia, and Valve's rumored Linux handheld.
Our reaction to the new Freenode developments, and Audacity's latest shock to the community. Plus Pwned Passwords goes open source, the public release of Fuchsia, and Valve's rumored Linux handheld.
Our reaction to the new Freenode developments, and Audacity's latest shock to the community. Plus Pwned Passwords goes open source, the public release of Fuchsia, and Valve's rumored Linux handheld.
Pwned Passwords + .NET Foundation + FBI; This Week in IoT; 3D Printed HIBP Logos; Trinidad & Tobago Gov on HIBP; Sponsored by Probely https://www.troyhunt.com/weekly-update-245/ See omnystudio.com/listener for privacy information.
Gapless Multi-Monitors; Coinghive Traffic; WeLeakInfo Jail Time; Optional Security Breach; IIMJobs Breach; Swedish Gov on HIBP; Sponsored by Probely https://www.troyhunt.com/weekly-update-244/ See omnystudio.com/listener for privacy information.
Washington Police Ransom, Living off the Land, Hacking Labs Welcome back to another episode of the HackableYou Podcast. In this episode we mention the Washington Police Dept Babuk Ransomware attack, Passwordstate password manager breached and stolen passwords and the Emotet stolen emails that have been uploaded to HIBP. Our topic of the week is one of Ed's favorites as we discuss "Living off the Land" and provide a great Red .vs Blue insight. In our exclusive segment, Secrets from The SOC we show and tell our 1st and current hacking labs all stuff that you can do at home for FREE! We hope you enjoy it! === TIMESTAMPS === Cyber News: 01:22 Topic of the Week: 14:33 SFTS: 27:06
Signal luchará activamente contra la extracción de datos de Cellebrite. El fundador de Signal recibe un equipo forense de Cellebrite, usado para extraer datos de iPhone y Android, descubre en el software múltiples vulnerabilidades y anuncia que empezarán a incrustar ficheros que interfieran con ese análisis. La historia tiene mucha miga, la comentaré en el podcast. Filtran datos personales de 5 millones de españoles tras hackear The Phone House. Los atacantes llevan unos días amenazando a la empresa con publicar los datos, incluyendo cuentas bancarias, emails, documentos de identidad, números de teléfono, e incluso dirección y nombre. Los datos ya están dando vueltas. Están cargados en HIBP, así que podéis poner vuestro número de teléfono o email y ver si sale The Phone House en la lista de filtraciones. Queda por ver qué decide la Agencia de Protección de Datos, y de momento los afectados podrían iniciar un procedimiento civil. Stack Overflow revela cuántas veces copiamos código de sus páginas. Durante las últimas semanas, el código de las webs de Stack Exchange ha incluido una porción de Javascript que analizaba cuándo y dónde los visitantes ejecutaban el comando de copia de contenido, y nos cuentan qué código se copia más, y por quién. Analizamos todo lo presentado por Apple el lunes en el nuevo episodio de Cupertino, nuestro podcast semanal sobre Apple. Hay muchas cosas curiosas sobre los AirTags y los nuevos iMac que la compañía no comentó durante la presentación que deberíais saber antes de comprarlos. Apple planea expandir su negocio de publicidad. Ahora que las nuevas restricciones de iOS harán más difícil a empresas tecnológicas que no sean Apple recoger datos, Apple va a ofrecer nuevos servicios publicitarios a empresas, con más anuncios en la App Store, y llevarse ellos el dinero. Básicamente, lo que Mark Zuckerberg decía en este caso es verdad: que Apple ha cambiado las normas de privacidad ahora porque estaba a punto de lanzar más herramientas propias de publicidad. Los programas con interfaz gráfica de Linux ya corren Windows con las nuevas versiones de WSL, que están disponibles en las versiones de prueba de Windows 10. Un lujazo que permitirá tener aplicaciones de ambos sistemas integradas de forma completa sin complicaciones ni emulaciones. Linux pilla a la Universidad de Minnesota enviando parches con bugs para el Kernel. Aparentemente estaban haciendo un trabajo de campo que consistía en enviar este tipo de mejoras con fallos de software creados a propósito para evaluar cual era el mecanismo de revisión. Los encargados no están nada contentos y han prohibido contribuir a toda la institución. Excelente resumen sobre la situación a largo plazo de las fábricas de baterías. EE.UU. solo tiene tres fábricas, Europa algunas más, pero la inmensa mayoría siguen en China. Se corre el riesgo de que se repitan los mismos errores que con el suministro de petróleo, dependiendo de una serie de países más o menos autocráticos para su suministro, y volvamos a la casilla de salida. Ni RISC-V ni MIPS, en China busca otra arquitectura de procesadores desde cero. LoongArch en China ha anunciado una nueva arquitectura para sus procesadores, en vez de usar RISC-V o MIPS, el mayor estándar libre internacional, porque no pueden irse con ARM o x86. Será interesante ver si en unos años, surge alto de todo este dinero invertido en reinventar la rueda por motivos legales.
UK Anonymity Petition; Coinhive Feedback; The Facebook Breach / Scrape; My Book With Rob Conery; Ukrainian Gov on HIBP; Sponsored by safepass.me https://www.troyhunt.com/weekly-update-238/ See omnystudio.com/listener for privacy information.
Pwned Passwords in Home Assistant; SuperVPN & GeckoVPN Breach; Oxfam Breach; Ticketcounter Breach; Gab Breach; Portuguese Gov on HIBP; Sponsored by MEGA https://www.troyhunt.com/weekly-update-233/ See omnystudio.com/listener for privacy information.
The Ledger Breach and Protection Emails; Storing Additional Data Attributes in HIBP; Far North Queensland Holiday Activities; Sponsored by 1Password https://www.troyhunt.com/weekly-update-223/ See omnystudio.com/listener for privacy information.
Making Recording Gear Work Outdoors; The Cit0day Breach Collection; Additional Data Attributes in HIBP; 2FA is a Pain in the Arse; Sponsored by Microsoft Reactor https://www.troyhunt.com/weekly-update-218/ See omnystudio.com/listener for privacy information.
NDC Sydney; GoPro Footage; More IoT Progress; The Chowbus Breach; Porn Data Retention; IoT Chastity Lock; Grindr Vuln; Canada & HIBP; Varonis Sponsoring https://www.troyhunt.com/weekly-update-212/ See omnystudio.com/listener for privacy information.
I recently caught up with security legend Troy Hunt and got to discuss cyber attack vectors in the COVID era, VPNs, IoT Security and why he decided to opensource HIBP. You don't want to miss this one! The virtual bartender securely transfers a Blue Monday.
Alex, Kacey, and Charles host this week’s ShadowTalk, bringing you the latest in threat intelligence. In this episode they cover: - Defaced subreddits - which accounts were impacted and what was the cause? - An Intel Leak was exposed by a Twitter user - what was exposed and how did it happen? - Troy Hunt's announcement on open-sourcing HIBP - our take on how it will improve the community at large Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-14-august-2020 ***Resources from this week’s podcast*** Reddit: https://www.reddit.com/r/ModSupport/comments/i5hhtf/ongoing_incident_with_compromised_mod_accounts/ https://www.bleepingcomputer.com/news/security/reddit-hit-by-coordinated-hack-promoting-trumps-reelection/ Twitter Intel Leak: https://www.infosecurity-magazine.com/news/intel-investigates-20gb-internal/ HIBP: https://www.troyhunt.com/im-open-sourcing-the-have-i-been-pwned-code-base/ Escrow Systems On Cybercriminal Forums Blog: https://www.digitalshadows.com/blog-and-research/escrow-systems-on-cybercriminal-forums/
10B HIBP Records; BeerAdvocate Breach; Ari’s Website; Messages of Support on Stress; HIBP on Netflix; The PC Build is Done; Sponsored by Varonis https://www.troyhunt.com/weekly-update-201/
不運な一人の情報システム担当者が、本人が断じて希望しない方法で、Have I Been Pwned サービス( HIBP )が彼の情報提供への依頼に回答したのを発見した ―― SQL 文を含む侵害報告メールが会社のヘルプデスクシステムをたたきのめした後で。
The Privacy Impact of Returning to Restaurants Post COVID-19; HIBP “Fan Mail”; 6 New Data Breaches in HIBP; Sponsored by NordVPN https://www.troyhunt.com/weekly-update-193/
Spiders Everywhere; Zoom Credential Stuffing; Coronavirus Tracking App Tweet Storm; Ubiquiti Network Progress; Iceland Gov on HIBP; Sponsored by Varonis https://www.troyhunt.com/weekly-update-187/
Has your information ever been compromised in a data breach? There are security measures you can implement to lessen the effects. Troy Hunt shares about the frequency and increasing size of data breaches of personal information. Don’t miss the end where we share lots of strategies you can put in place today to better protect your information. Troy Hunt is an Australian Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security. He doesn’t work for Microsoft, but they're kind enough to recognize his community contributions by way of their award programs which he’s been a part of since 2011. You'll regularly find him in the press talking about security and even testifying before the US Congress on the impact of data breaches. Troy is a Pluralsight author of many top-rating courses on web security and other technologies with more than 30 courses published to date. There's no better way to get up to speed on a topic quickly than through professional training that you can take at your own pace. As both an author and a student, Troy has nothing but positive things to say about the breadth and quality of Pluralsight courses. One of the key projects Troy is involved in today is Have I Been Pwned (HIBP), a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web. As well as being a useful service for the community, HIBP has given him an avenue to ship code that runs at scale on Microsoft's Azure cloud platform, one of the best ways we have of standing up services on the web today. Troy regularly speaks around the world and runs developer-focused security workshops. You'll regularly find him at major technology events.
I dagens avsnitt diskuterar vi nya problem i SMB, ger er en uppdatering om HIBP, går igenom två nya sårbarheter som drabbat Intel och AMD, och mycket mer!
Global Roaming Data Routing; Danish Government on HIBP; Baby’s First Data Breach; We Leak Info Takedown; Shape Sponsoring https://www.troyhunt.com/weekly-update-174/
Bad Sophos Messaging Made Good; Bad GoGetSSL Messaging... Still Bad; Turkish Crime Family Sentence; Factual Data in HIBP; Sponsored by Varonis https://www.troyhunt.com/weekly-update-171/
Kangaroos! Norwegian Goverment & HIBP; Banks Looking Like Phishers; “Data Enrichment” Services & Data Breaches; Sponsored by IVPN https://www.troyhunt.com/weekly-update-166/
Pending HIBP API Changes; Chegg Data Breach in HIBP; EV is *REALLY* Dead; DigiCert and Cert Lifespans; Sectigo Leaking Personal Info; Sponsored by strongDM https://www.troyhunt.com/weekly-update-152/
I’m in Las Vegas with Scott; Insights on the Vegas Events; Updates on Project Svalbard; Irish Gov on HIBP; Screwy Sectigo Certificate Statements; Sponsored by strongDM https://www.troyhunt.com/weekly-update-150/
I’m Back in Oslo; Gender in Tech Discusison; Austrian Government and HIBP; Renewed MVP Status; HIBP Usage Stats; Shape Security Sponsoring https://www.troyhunt.com/weekly-update-146/
School is out. Apple updates the Enterprise App Agreement and will send unknowns calls to voicemail. Package dependencies continue to be a problem. HIBP is looking for a home. Vim has a bug. Android supply chain issues. Rambleed. Eric relates a story about his ISP and Jon relates a remote VS Code story. (All in way less than an hour.) 0:00 - Intro 7:24 - Apple Enterprise Changes 10:18 - Spam -> Voicemail 13:48 - Package Dependencies 17:15 - Project Svalbard 19:45 - Vim Bug 21:48 - Android Supply Chain 25:12 - Rambleed 31:20 - Eric's ISP Adventures 37:23 - Remote VS Code on RPi
This week, Rafal is joined by the man, the myth, the Aussie legend - Troy Hunt. We basically talk about whatever is on his mind - which, as it turns out is a lot. Take a listen, we may publish an English translation later (joking, Troy!). Highlights from this week's show include... Troy gives a run-down on HaveIBeenPwned We talk through some of the interesting use-cases for HaveIBeenPwned data Troy gives perspective on usernames, passwords, and other important things technology/security related Guest Troy Hunt ( @TroyHunt ) - Troy is a Microsoft Regional Director and Most Valuable Professionalawardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight. I created HIBP as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community. Short of the odd donation, all costs for building, running and keeping the service currently come directly out of my own pocket. Fortunately, today's modern cloud services like Microsoft Azure make it possible to do this without breaking the bank!
Past & Future Events; Infosecurity Hall of Fame; Another Week of Data Breaches; Future of HIBP; Bad Sites Using Cloudflare; Sponsored by Varonis https://www.troyhunt.com/weekly-update-132/
More Than Just Code podcast - iOS and Swift development, news and advice
We follow up on the Saturn V and pronouncing Roman Numerals. Why 'ji32k7au4a83' Is a Remarkably Common Password. Surprises in the TIOBE Index 2019. We chat about Apple's "It's Show Time" announcement. Is is Apple working on smart glasses? US Sales Tax Changes for software companies. Apple buys AI company, Laserlike. Picks: Safely supporting new versions of Swift, Senator Hawling vs Google Free Services. Apple UK's Why iPhone. Aftershow: Boeing 737 Max 8 _and _MCAS, Captain Marvel? and college admissions.
Jon scares security guards, Eric teaches Python, and we have an open slack invite on mostlysecurity.com. The Ring article from last week never got much traction, beware the Facebook challenge, ancient vulnerabilities unearthed, and Troy Hunt loads another massive breach into HIBP. Eric's going to build a Pi calendar, measuring programming language efficiencies, and what are Fourier transforms anyway? Intro Join Our Slack If you Want... Ring Videos 10 Year Challenge SCP Client Vulnerabilities 773 Million Breached Records Pi Family Calendar Language Energy Efficiency Fourier Transforms
Travel & Speaking; The example.com Cert; New Data Aggregator Breach With 44M Records; The York City Council Debacle; HIBP’s 5th Birthday; DigiCert Sponsoring https://www.troyhunt.com/weekly-update-115/
Threatpost's Lindsey O'Donnell speaks with Troy Hunt, a web security expert and the owner of Have I Been Pwned (HIBP). Hunt talks about HIBP's partnership with Mozilla Firefox and Cloudflare; trends he's seeing with data breaches; and how the view of responsibilities behind strong passwords is changing.
The Secure Transportation and Executive Protection News for Thursday, September 27th, 2018 This podcast is brought to you by the International Security Driver Association. Whether you are exploring a career in executive protection, new to the profession, honing your expertise, or an established security executive, ISDA offers its Members benchmark educational, networking, and marketing programs. For more information about the ISDA membership, articles related to secure transportation, security, and executive protection, go to isdacenter.org. ====================== In Terrorism News From the Wall Street Journal State Department Records Drop in Global Terror in 2017 in Annual Report The State Department reported a drop in terrorist attacks around the world in 2017 in an annual report released earlier this month, a decline that was largely driven by the rout of Islamic State in Iraq. The report said Afghanistan and Iraq, countries that remain in turmoil after nearly two decades of U.S. invasion and occupation, remained at the top of the list for attacks and deaths linked to terrorism. The State Department recorded the highest numbers of terrorism-linked deaths world-wide in Afghanistan, where a growing Taliban-led insurgency is fighting the U.S.-backed government. The total number of deaths rose to 4,672 there, a slight increase from the previous year. https://www.wsj.com/articles/state-department-records-drop-in-global-terror-in-2017-in-annual-report-1537393613 ====================== In Vehicle News From ZD Net How automakers are tackling connected vehicle vulnerability management A car was once simply a way to go from A to B and whether or not you purchased a cheap runaround or a luxury model, they all simply had one purpose: travel. However, our vehicles are now becoming smarter. Rear-view cameras, GPS-based map assistants, mobile apps, self-driving features and always-on connectivity are becoming common, such as through Apple CarPlay and Google's Android Auto. Vehicle connectivity provides a new channel for the collection of data, a valuable commodity for automakers and technology vendors. However, this conduit requires Internet access -- and this, in turn, has created a channel in which attacks can be performed. https://www.zdnet.com/article/how-automakers-are-tackling-the-connected-vehicle-cyberthreat-landscape/ ====================== In Cyber Technology News From Mashable Facebook allows advertisers to sell you stuff based on your shadow profile So, you've restricted the information advertisers can see on your Facebook profile, but you're still getting served near-perfect ads? It could be down to your shadow profile. https://mashable.com/article/facebook-advertisers-shadow-profile/ ====================== In Technology News From Naked Security by Sophos Firefox Monitor starts tracking breached email addresses After a summer of testing, Mozilla has formally launched Firefox Monitor, a privacy-engineered website that hooks up to Troy Hunt’s Have I Been Pwned? (HIBP) breach notification database. The site – which despite the Firefox tag is open to anyone – can be used either to check an email address against known breaches or to register for breach notification should that address be detected in future breaches logged by HIBP. https://nakedsecurity.sophos.com/2018/09/27/firefox-monitor-starts-tracking-breached-email-addresses/ ====================== Links to all news stories mentioned in this podcast are available at the archive website securitydrivernews.libsyn.com. You can also listen to past podcast episodes and leave comments. As a reminder, the Secure Transportation and Executive Protection News Podcast is available on all variations of Apple and Google Play podcast apps, Spotify, Spreaker, and Stitcher. ====================== Thanks for listening to the Secure Transportation and Executive Protection News podcast. Have a great weekend everybody. This podcast is brought to you by the International Security Driver Association ISDA is a valuable resource for all practitioners working in the protection profession. We offer benchmark educational, networking, and marketing programs. The ISDA Membership ISDA Members represent all facets and levels of the protective services profession. The membership can be defined as a group of practitioners from different disciplines within the profession and with years of experience coming together to assist ISDA Members. Read more about our members Here is a collection of Books, and Articles authored by ISDA Members. Learn More about the ISDA Advantage and Become a Member Today
Logitech BRIO; Kids Learning HTML; Firefox & HIBP; Namecheap Bullshit; Crazy HTTPS Views; Pwned Passwords as NTLM Hashes; DigiCert Sponsoring https://www.troyhunt.com/weekly-update-102/
When we create new technologies, we want security and privacy, economic prosperity and sustainability, accountability but insist on confidentiality. The reality is that it is difficult to embed all of these values in one pass. As technologies get built, it also elucidates some values we hold to a higher regard than others. To cope with moral overload, some have suggested that we start designing security and privacy controls as a gradient. Or perhaps certain controls get a toggle on/off switch. We’re also seeing this moral dilemma in AI – is the technology too volatile or perhaps proper data governance is the answer? Other articles discussed: Facebook gives scholars a petabyte of anonymized data to research Firefox Monitor: Users input their email address and the service will run it by the HIBP database Security firm sued Panelists: Cindy Ng, Mike Buckbee, Kris Keyser, Mike Thompson
New Data Breaches; HTTPS Naysayers; Fridge Full of Beer; Passwords in Plain Text (and MD5); Granting Access to Your Gmail; MVP Renewal; HIBP and Azure Functions; Sponsored by Gold Security https://www.troyhunt.com/weekly-update-94/
Coding With My 5-year Old Daughter; The Real Cost of Pwned Passwords; Firefox, 1Password, HIBP and k-Anonymity; HTTPS Is Easy! Sponsored by DigiCert https://www.troyhunt.com/weekly-update-93/
Eric sees Ready Player One opening day. Boeing is hit by WannaCry and researchers demonstrate spoofing facial recognition using IR emitters in a ball cap. Someone built a game using HIBP passwords ("My Little Pwnage"). A personal VPN hotspot and a glowing meteorite ring. Links: Ready Player One - http://readyplayeronemovie.com/ Boeing + WannaCry - https://www.seattletimes.com/business/boeing-aerospace/boeing-hit-by-wannacry-virus-fears-it-could-cripple-some-jet-production/ Invisible Mask Attack - https://arxiv.org/pdf/1803.04683.pdf My LIttle Pwnage - https://mylittlepwnage.eu/ Amplifi Teleport - https://amplifi.com/teleport/ Carbon Fiber and Meteorite Glowstone Ring - https://youtu.be/K2VWLT63_cI
Microsoft Most Valued Professional (MVP) (https://mvp.microsoft.com/en-us/PublicProfile/4031649?fullName=Troy%20Hunt) specializing in online security and cloud development. Prior to becoming an independent security consultant, Troy worked at Pfizer with the last seven years being responsible for application architecture in the Asia Pacific region. This time spent in a large corporate environment gave him huge exposure to all aspects of technology as well as the diverse cultures his role spanned. Many of the things he teaches in post-corporate life are based on these experiences, particularly as a result of working with a large number of outsourcing vendors across the globe. Troy is most famously know for creating the the Have I been pwned? (HIBP) website (https://haveibeenpwned.com/About) , a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web. As well as being a useful service for the security community, HIBP has given him an avenue to ship code that runs at scale on Microsoft's Azure cloud platform. Troy has been featured in a number of articles with publications including Forbes, TIME magazine, Mashable, PCWorld, ZDNet and Yahoo! Tech. In this episode we discuss teaching developers security, learning on your own, becoming an instructor, cyber security in enterprise organizations, budgeting for security, building a personal brand, and so much more. Where you can find Troy: TroyHunt.com (https://www.troyhunt.com/) LinkedIn (https://www.linkedin.com/in/troyhunt) Twitter (https://twitter.com/troyhunt) YouTube (https://www.youtube.com/channel/UCD6MWz4A61JaeGrvyoYl-rQ) Pluralsight (https://www.pluralsight.com/authors/troy-hunt) Have I been pwned? (https://haveibeenpwned.com/)