Reddit recently warned their users that they suffered a data breach, losing a significant amount of data involving users that had accounts between 2004 and 2007. More interestingly, the breach succeeded because attackers were able to intercept SMS-based (text) one-time-passwords (OTP). In today's Byte, learn a bit more about this breach and how some multi-factor products, like … [Read more...]
Learning from Gentoo – Daily Security Byte
Late last month, an attacker broke into Gentoo's Github repository, removed all the developers and started adding malicious changes and defacements. Gentoo quickly recovered their Github account, but had to keep it down for five days to recover. However, today's video isn't about this breach per say, but what we all can learn from it. This week, Gentoo released a very … [Read more...]
The Fish Tank Casino Heist – Daily Security Byte
According to a Darktrace, hackers stole a casino's database through a fancy Internet of Things (IoT) fish tank. While the report doesn't really share much technical detail, it does suggest the hacker found some hole in the cloud-connected thermometer the fish tank used. Watch the YouTube video below for more detail, and to hear what you should do to better protect your IoT … [Read more...]
Two Major Data Breaches – Daily Security Byte
Over the past few weeks, a number of organizations have disclosed big data breaches, including Under Armour, Saks Fifth Avenue and Lord & Taylor. These breaches resulted in the loss of various types of personally identifying information (PII), from password hashes to credit card track data. Watch the video below to learn much more about these breaches, and what you should … [Read more...]
1.4 Billion Passwords Leaked – Daily Security Byte
Credential leaks seem like they are a "dime a dozen" these days, but this one is significant. A security organization, 4iQ, found a now publicly accessible and searchable database with 1.4 billion leaked user credentials on the Dark Web this week. Though it appears this database aggregates many old breaches, it also contains a significant amount of new credentials as well. … [Read more...]