The LAPSUS$ cybercrime group which deleted 50TB of patient data from Brazil’s Ministry of Health have this week disclosed breaches on both Microsoft and Okta. LAPSUS$ are threatening to publish leaked data from Microsoft (source code) and Okta (clients) unless a ransom is paid. LAPSUS$ claim NVIDIA, Samsung, and Vodafone as targets that they have… Continue reading SIM Swapping Prevention
Category: Security
My Personal Experience of Working on 5G with Huawei
My personal experiences of working with Huawei at the UK's largest mobile operator.
Security Best Practice for Protecting Against Memory Scraping Malware in Target & Home Depot
Credit and debit cards stolen from bricks-and-mortar stores sell on the black market for at least ten times the price of cards stolen from online merchants. There are plenty of TOR accessible card shops that will happily buy the cards from hackers and resell them on the open market. A card stolen from a bricks-and-mortar… Continue reading Security Best Practice for Protecting Against Memory Scraping Malware in Target & Home Depot
Some Identity Standard Factoids
The following are some interesting security factoids that point towards the benefit of a mobile 2FA (Over the Air or Wireless Public Key Infrastructure) federated identity model: The most commonly used password in the English speaking world is '123456'. Previously it was 'password' An average UK internet user has five different username and password combinations… Continue reading Some Identity Standard Factoids
Single Identity Repository for Internal Staff, Partners & Customers and Security Zones of Control
It is not impossible to have a single user directory tree for internal users / staff, partners and customers. All that is required is unique identifiers and different levels of permission normally managed through group membership. However pretty much every organisation quite rightly separates these groups as independent trees. These independent trees are normally realised… Continue reading Single Identity Repository for Internal Staff, Partners & Customers and Security Zones of Control
4.5 billion CyberVor records and Trusted Identity Federation
Hold Security have announced that the CyberVor gang (dubbed by Hold Security with “vor” meaning “thief” in Russian) has amassed over 4.5 billion records, mostly consisting of stolen credentials. 1.2 billion of these credentials appear to be unique, belonging to over half a billion e-mail addresses. To get such an impressive number of credentials, the CyberVors robbed… Continue reading 4.5 billion CyberVor records and Trusted Identity Federation
API Crazy 