You may have read about the recent attack affecting motoring powerhouse General Motors (GM), that resulted in significant numbers of GM’s customers having their accounts compromised. Wedding planning company Zola was also impacted by a similar attack in the same week of May 2022, with the attackers using the compromised accounts to redeem gift cards. […]
This week is the first week of National Cyber Security Awareness Month (NCSAM), which runs from October 1 to October 31. Throughout the month, Digital Shadows (now ReliaQuest) will be releasing a series of blogs that will cover important topics that aim to increase your cyber awareness. This first week we will start with simple, […]
With an enticing array of viral dance moves, tough weekly challenges and fresh skins, people are going bananas for Fortnite. The number of players increased from 30 million in December 2017 to 125 million in June 2018. For those who are (somehow) unfamiliar, Fortnite is an online video game made by Epic Games. Last month, […]
Not a week goes by without an example where credential stealing, credential reuse, or poor password practices contributed heavily to a successful attack. With this in mind, Dr Richard Gold and Simon Hall join Rafael Amado to discuss the age-old problem of credential hygiene. In this week’s ShadowTalk we covered the ways in which attackers […]
Not a week goes by without a new case of cryptocurrency fraud making headlines. The most recent example concerned the BitGrail exchange, which suffered an attack that resulted in the loss of 17 million Nano Tokens ($170 million). Although BitGrail responded by announcing new security measures – highlighting the need for better security practices by […]
In May 2017, an amalgamation of over 1 billion credentials was uploaded to the Have I Been Pwned database. One of the lists has been dubbed “Anti-Public”, and contained 457,962,538 unique email addresses. This list has reportedly previously been widely circulated and used for credential stuffing attacks, whereby attackers seek to identify instances of password […]
In our first blog, we outlined a number of specific factors that can be used to determine a dataset’s desirability, from the perspective of a malicious cyber actor. This second blog looks at the specific ways that threat actors are using this data – referred to as industrialization – and how these factors of desirability […]
Data breaches and credential compromise are not new. After all, 2014 was known as the “year of the data breach”. Last year was similarly dubbed the “year of the breach”. In 2016, we have witnessed even yet more data breaches made public, including LinkedIn, MySpace and Dropbox. Data breaches are no longer an aberration; they […]