Tag Archives: Data breach

TaoBao Account Hijack – Daily Security Byte EP. 211

TaoBao, China’s Ebay, suffered a major account hijack where attackers accessed over 20M user accounts. However, the attack wasn’t the fault of the e-commerce site itself. Watch today’s video to learn how this happened, why it should concern everyone in the world, and what you can do about it.

(Episode Runtime: 2:47)

Direct YouTube Link: https://www.youtube.com/watch?v=DVFmSIz4ITQ

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

#OpNasaDrones Hack – Daily Security Byte EP. 210

A hacking group calling themselves AnonSec claims to have hacked NASA’s network, and shared a 250GB dump of NASA drone data to back up the claim. Meanwhile, NASA says the data is public, and claims they can’t find evidence of a breach. Whether or not AnonSec’s story is fiction, I think you can learn from it. Watch today’s Byte episode to learn how.

(Episode Runtime: 3:44)

Direct YouTube Link: https://www.youtube.com/watch?v=f0DABSVg5rA

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Two Phishing Breaches – Daily Security Byte EP. 208

This week, two different organization’s in two different industry verticals suffered security incidents that either lost them tons of money, or tons of time. What do they both have in common, and what can we learn from them? Watch today’s video to find out!

(Episode Runtime: 3:26)

Direct YouTube Link: https://www.youtube.com/watch?v=crBB4CU-cTs

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Vtech Update Proves SQLi – Daily Security Byte EP. 184

 

On Monday, I highlighted the Vtech breach. A hacker was able to steal millions of records from an online kid’s toy manufacturer, which including information about children. Over the past day, we’ve learned two new updates about this story. One increases the scope of the breach, and the other explains how it happened (Spoiler: my hunch was correct). Watch today’s for these updates, and to learn how to protect your web site from the flaw that allowed this attack.

Show note: This is Wednesday’s episode, but technical issues delayed my posting until today. 

(Episode Runtime: 3:23)

Direct YouTube Link: https://www.youtube.com/watch?v=BGngzbhBE-A

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Vtech Leaks Kids Data – Daily Security Byte EP. 182

What’s worse than the average data breach? A breach that involves our childrens’ private information!

In Monday’s episode, I talk about how a “greyhat” hacker stole over 190GBs of data from a company that makes an Internet-connected kid’s toy. Luckily, he doesn’t seem to plan on using the data with malicious intent. Nonetheless, it’s still an eye-opening hack. Watch the vlog to learn more about this attack, and why we all need to think about what types of data we share online.

Show note: This is Monday’s episode, but technical issues delayed my posting until today. 

(Episode Runtime: 2:50)

Direct YouTube Link: https://www.youtube.com/watch?v=WL3c_cXOZQA

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Visibility: The Missing Layer of Information Security

No one wants an attacker or malware in their systems. That’s why the information security community spends so much time and effort on prevention. We try our best to implement defenses that stop today’s threats, while imagining new safeguards to catch future ones.

The problem is, complete prevention is simply an infeasible goal. We’re all human. No matter their competence, engineers will occasionally make mistakes that expose new vulnerabilities. Furthermore, even if we had that unattainable “perfect security system,” users would still mess up and introduce new threats. Meanwhile, crafty hackers continue to find new holes to exploit. No matter how great your defense, it’ll never be perfect.

Visibility: The Missing Layer of InfosecThat’s why visibility should play an important role in your information security strategy. Since you can’t stop every attack, you need to have mechanisms that help you detect them. That way, you may be able to respond before it’s too late.

Recently at Gartner’s ITxpo Symposium, I gave a presentation called Visibility: The Missing Layer of InformationSecurity. In this talk, I share how data breaches have increased, while at the same time, it takes us to longer to identify them. I also share a detailed timeline covering four major breaches from the headlines, and illustrate how long the attackers were in these organizations before the breach was even discovered. Next, I show how visibility tools can help you discover breaches more quickly, perhaps even allowing you to mitigate them before the attackers make off with your data. Finally, I offer six things we can learn from these breaches.

If any of this sounds interesting to you, Garter has made my presentation available on-demand. Click here to learn how visibility tools, such as WatchGuard Dimension, can plug the missing gap in your information security program. — Corey Nachreiner, CISSP (@SecAdept)

Corey Nachreiner, CTO, speaking at Gartner IT Expo

000Webhost has 000 Security – Daily Security Byte EP. 169

A popular hosting company suffered a network breach and lost over 13M user records. Not only did the company not know about the breach until five months later, the stolen records included clear text passwords. Watch today’s video to see what you can learn from this web hoster’s mistakes; of which they made many.

(Episode Runtime: 2:23)

Direct YouTube Link: https://www.youtube.com/watch?v=ILnyVCV3spA

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

TalkTalk Hacked by Teenager? – Daily Security Byte EP. 166

Last week, TalkTalk’s suffered a data breach for the third time this year. It took awhile for the details to surface, but it looks like the attackers exploited a SQL injection flaw in TalkTalk’s website to steal 4M customers’ personally identifying information. Watch today’s information to learn the latest news about this breach, and what you should do if you’re a victim.

(Episode Runtime: 3:32)

Direct YouTube Link: https://www.youtube.com/watch?v=IQhwPq24khk

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Data Breachapalooza – Daily Security Byte EP.153

It’s bad enough that we seem to learn about a new data breach every week, but today we learned about four new data breaches, including one that leaked 15M customer record. Watch today’s video to learn which companies were affected, what data was stolen, and what users should do about it. I also discuss how businesses might protect themselves.

(Episode Runtime: 5:24)

Direct YouTube Link: https://www.youtube.com/watch?v=Ayba0H2PjY0

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Backdoors and Watering Holes – WSWiR Episode 162

Cyber security has become mainstream. Nowadays, there’s more information security (infosec) stories each week than the average IT professional can keep up with. If you find yourself falling behind, let our daily and weekly videos keep you informed. If you watch my Daily Security Bytes, you can probably skip this weekly summary. However, if you prefer to recap the week in one go, this video is for you.

This week’s episode includes surprising new updates to the Ashley Madison hack, a backdoor in a bunch of consumer routers, and a watering hole attack targeting the EFF. Watch the video below for the scoop, and check out the references section for more.

(Episode Runtime: 8:41)

Direct YouTube Link: https://www.youtube.com/watch?v=DkcT9sFEfWc

Show Note: A couple notes this episode. First, while I posted last week’s summary video to YouTube, I was not able to blog about it due to my early week travel. If you missed it, you can view it here, or just subscribe to my YouTube channel to see my videos right when they come out. 

Also, I will be traveling in Europe all week to attend WatchGuard partner conferences. I will try to post some videos, but I probably won’t get to one every day, and will post them at unusual times. 

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 8,238 other followers

%d bloggers like this: