What is network vulnerability scanning? Network vulnerability scanning is the process of inspecting and reporting potential vulnerabilities and security loopholes […]
What is network vulnerability scanning? Network vulnerability scanning is the process of inspecting and reporting potential vulnerabilities and security loopholes […]
What is BYOI (bring your own identity)? BYOI (bring your own identity) is an approach to digital authentication in which […]
In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points), and other data related to learning progress on Duolingo. Whilst some of the data attributes are intentionally public, the ability to map private email addresses to them presents an ongoing risk to user privacy.
In April 2021, “Japan’s largest e-mail friend search site” Atmeltomo suffered a data breach that was later sold on a popular hacking forum. The breach exposed 1.3M records with 580k unique email addresses along with usernames, IP addresses and unsalted MD5 password hashes.
n this blog post, we provide specific steps that can be taken to significantly improve your organization’s cloud incident response efficiency and efficacy. We focused on expanding cloud logging capabilities, providing access and resources to responders, and developing an understanding of your cloud environment. This list is by no means exhaustive, and is instead meant to provide a starting point for your cloud DFIR journey, and strengthen your organization’s overall security posture.
In approximately late 2022, 3.4M customer records from iMenu360 (“The world’s #1 most trusted online ordering platform”) were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and longitudes, names and phone numbers. Numerous attempts were made to contact iMenu360 about the incident between April and August 2023, but no response was received.
In July 2023, Perception Point reported on a phishing operation dubbed “Manipulated Caiman”. Targeting primarily the citizens of Mexico, the campaign attempted to gain access to victims’ bank accounts via spear phishing attacks using malicious attachments. Researchers obtained almost 40M email addresses targeted in the campaign and provided the data to HIBP to alert potential victims.
In April 2023, data from the Israeli jobs website Jobzone was posted online. The data included 30k records of email addresses, names, social security numbers, genders, dates of birth, fathers’ names and physical addresses.
By What is a message authentication code (MAC)? A message authentication code (MAC) is a cryptographic checksum applied to a […]
The SANS Security Culture course has been significantly updated – everything from the name of the course to the content, labs, and handouts.