Welcoming the Trinidad & Tobago Government to Have I Been Pwned

Today I'm very happy to welcome the first Caribbean government to Have I Been Pwned, Trinidad & Tobago. As of today, the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has full and free access to query their government domains and gain visibility into where they've impacted by data breaches. This brings the number of governments to be onboarded to HIBP to 17 and I look forward to welcoming more in the near future....

Weekly Update 244

For a week where I didn't think I had much to talk about, I was surprised by what I ended up with by the time I sat down to broadcast. Turns out there's always a lot to discuss, and that's before questions from the live audience as well. As I allude to at the end of this update, next week I'm going to have something really, really cool to announce that has been a long time in the works so keep an eye out for that one 😎 ReferencesGaps between screens in a multi-monitor setup really bugs me (looks like I'm going the velcro route)Traffic to the Coinhive domain is down 39% on the previous month (I'll keep updating stats...

Welcoming the Swedish Government to Have I Been Pwned

Today I'm very happy to welcome the 16th government to Have I Been Pwned, Sweden. The Swedish National Computer Security Incident Response Team CERT-SE now has full and free access to query all government domains via HIBP's API and gain insights into the impact of data breaches on their government departments. Sweden is now the 4th Scandinavian country I've welcomed onto HIBP and I hope to see many more from other parts of the world join in the future....

Weekly Update 243

This one is a real short intro as right now, it hurts to type (copy and paste is earlier 😊): I’m Back at a *REAL* Conference; Dealing with RSI; Shellies and MQTT; My IoT Aircon Hack; Drowning in Data Breaches. ReferencesI've been at a real conference this week, with people and all! (that's a tweet with pics of the environment)I've also been dealing with some pretty unpleasant RSI (link to the blog post on my ergonomic setup, do invest early in this folks)My automated IoT aircon integration is complete! (yes, it's a little mechanical arm pushing a button but it works beautifully 😎)What you see on the HIBP timeline is only a tiny slice of the data breaches...

Weekly Update 242

A fairly hectic week this one, in a large part due to chasing down really flakey network issues that are causing devices (namely Shelly relays) to be inaccessible. I suspect it's ARP related and as of now, it's still not fully resolved. You know how much shit breaks in a connected house when devices become inaccessible? Lots. But hey, at least I've finally automated my aircon! ReferencesI've had a heap of issues with my Shellys on my Ubiquiti network (thought I had it fixed after recording this but now, not so much...)I joined the Phil DeFranco show this week (I really enjoyed this and apparently, heaps of other people did too)My aircon woes are almost over, courtesy of...

Weekly Update 241

What. A. Week. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I still found time to put even more IP addresses into the house courtesy of even more IoT. I'm not sure if the latter gives me a break from the more professional tech stuff or just compounds the amount of stuff I've already got on my plate, but I'm having fun doing it anyway 😊 All that and more in this week's update. ReferencesHere's the thread on the ~250M US people data set (at 51.6% for the negative, this won't be going into HIBP)The FBI in conjunction with efforts from the Dutch NHTCU and German BKA grabbed a bunch of data from the...

Welcoming the Romanian Government to Have I Been Pwned

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP. You can read more about government access in the initial post from 2018....

Welcoming the Luxemburg Government CERT to Have I Been Pwned

Continuing my efforts to make more breach data available to governments after data breaches impact their domains, I'm very happy to welcome Luxemburg aboard Have I Been Pwned. More specifically, the CERT of the Grand Duchy of Luxemburg (govcert.lu) now has free API level access to query their national government domains. This now brings the government count to 14 and I look forward to welcoming more national CERTs in the future....

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet. This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware. Emotet was extremely destructive and wreaked havoc across the globe before eventually being brought to a halt in February. Following the takedown, the FBI reached out and asked if Have I Been Pwned (HIBP) might be a viable means of alerting impacted individuals and companies that their...

Weekly Update 240

Lots of bit and pieces this week, most of which is self-explanatory based on the references below. One thing to add though is the outcome of the ClearVoice Surveys breach I live-tweeted during the stream: someone from there did indeed get in touch with me. We spoke on the phone, they confirmed the legitimacy of the breach and acknowledged they'd seen it posted to a hacking forum where it's now spreading broadly. They're working on their disclosure but as I said to them on the call, the fact it's now spread so broadly means I'm notifying my HIBP subscribers ASAP, which I've just done. 15M more record are now in there and based on the backlog I'm currently working through,...