Data Breaches

Posts on data breaches — and how they could have been prevented — by Teri Radichel

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: GitHub Security | Application Security | Secure Code

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A data breach led me to cybersecurity. I started off my official cybersecurity career analyzing a data breach. I continue to analyze breaches on this blog and explain to people how they can be prevented.

My First Data Breach

I had someone abuse a misconfigured FTP share early on when I started my e-commerce company back in 1998. I often use that story to explain how cloud misconfigurations happen.

However, I consider my first real data breach and exposure to what attackers can do with vulnerabilities to be this breach of a booking system I wrote for a hostel on Manly Beach near Sydney, Australia. This story also shows you how network traffic can show you if you’ve been breached or not.

Capital One Data Breach

What caused the Capital One breach and how it could be prevented.

Data Breach Prevention

xz utils

Oktapus

How a different kind of encryption might have prevented access to the text messages on Twilio that led to the Signal customer compromise.

Okta Support Breach — October, 2023

APT-10 attacks

How network controls help stop breaches.

Databases Exposed Directly to the Internet

Why you should care about network security.

Real World Cloud Compromise

or how I am going to hack your cloud — 2020. I have more methods now :-)

Solar Winds Breach

Multiple stories about how malware infiltrated a product and contributed to the largest breach of US government systems at the time.

Colonial Pipeline Attack

What happened and what might have prevented it?

The Kaseya Breach

How Chinese Laws Contribute May Facilitate Data Breaches

And related — are the devices you bring into your environment providing access?

Home Routers as Accomplices in Internet Crimes

Change your password and update your device. Reset it to factory default and re-update if you think it may be infected.

Log4J

Container Escape on AWS (Patched)

Zoom RCE

Zoom has a history of egregious security flaws. They now have a bug bounty and are trying to improve. Time will tell.

Twitch Breach

Triangulation

Target Breach

One of the first breaches I looked at in detail and wrote a white paper about for SANS Institute was the Target Breach. This was one of the first highly publicized breaches with enough detail to understand what happened — and how to prevent it.

Data Breach Reports Need More Detail

In order to perform an analysis on a data breach such as the Capital One or Target Breach — we need more detail than is typically provided in the empty words provided in most data breach reports.

BGP Hijacking and DDoS

This post covers stolen cryptocurrency and outages caused by BGP misconfigurations and attacks.

Biggest Breaches of 2022

The Cuckoo’s Egg

One of the greatest books on security incident response I’ve read. An early breach of a university and US Government systems. Oh, and a love story. ❤️

AWS Data Breaches and Incidents in 2023

Azure and Microsoft Data Breaches and Incidents in 2023

Sandworm

How kremlin hackers infiltrate systems for the purpose of disruption, destruction, and misinformation.

Dark Territory

The US governments use of cyber breaches for the purposes of national security. Are the tactics always warranted? Decide for yourself.

Cyber Spies

How spies infiltrate systems ~ a British perspective. The British were initially the best in the world at spying and working with the Chinese government. Super interesting read.

Blast Radius and Risk Management

I wrote about how data breaches happen, how to prevent them, and lower the impact of a data breach in my book on Cybersecurity for Executive in the Age of Cloud at the bottom of this post. This is one of the series of draft posts that went into an expanded book (with less typos!)

Attack Vectors

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab