Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Weekly Update 399

published on 2024-05-12 05:22:22 UTC by Troy Hunt
Content:

Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

Weekly Update 399

The Post Millennial breach in this week's video is an interesting one, most notably because of the presence of the mailing lists. Now, as I've said in every piece of communication I've put out on this incident, the lists are what whoever defaced the site said TPM had and they certainly posted that data in the defacement message, but we're yet to hear a statement from the company itself. Taking it at face value, where does their responsibility lie as it relates to individuals in this data set? I mean, let's say you signed a petition aligned to your political ideals many years ago and agreed to the terms and conditions (which you didn't read, because you're a normal human) then your data pops up somewhere like TPM. Is it their responsibility to let you know? Or the service that sold your data to them? Or... something else? It's messy, real messy, and the only thing I'm confident in saying is that the most likely thing to happen is the same as every other time we see this pattern: nothing.

Weekly Update 399
Weekly Update 399
Weekly Update 399
Weekly Update 399

References

  1. Sponsored by: Kolide believes that maintaining endpoint security shouldn’t mean compromising employee privacy. Check out our manifesto: Honest Security.
  2. LockBitSupp got seriously pwned by the NCA and friends (crimes include running an international ransomware syndicate and wearing AirPods in a weird way)
  3. Dell got themselves breached and data is being sold online (that link is to a story I saw after recording this video that says there was an enumerable API accessible from their partner portal)
  4. Tappware had a breach that leaked a whole bunch of national ID card pics (also, have we ever seen a national CERT post a screen cap with the PII of breach victims before? 🤔)
  5. The Post Millennial got very breached (site defacement, editor PII, subscriber PII and a large trove of mailing list data)
Article: Weekly Update 399 - published 6 months ago.

https://www.troyhunt.com/weekly-update-399/   
Published: 2024 05 12 05:22:22
Received: 2024 06 02 12:43:50
Feed: Troy Hunt's Blog
Source: Troy Hunt's Blog
Category: Cyber Security
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor