This notification from HIPB about the Not SOCRadar breach made me think how damn hard of a job @troyhunt is doing.

My first reaction was "why would he load this" but after reading the #socradar report I think I understand.

But if my understanding is correct there is so many levels of infosec-meta here.

I think (correct me if I'm wrong) that this breach is actually a indication of the email being in a stealer log.

Which is bad.

And nither the SOCRadar writeup nor Troy's description of the breach explain this.

So I thought I would write up a suggestion for how to improve the description to include this.

But I very quickly got stuck because there is actually very little known about this and assumption and guesses are likely to add to the confusion.

We have no idea if the email/credentials was stolen last month, or five years ago, or if it was just in some random compilation of public emails in a telegram channel.

So in the end, I think keeping it to "known" facts like Troy does makes sense.

But... what is the value then? If the goal is to help people know if they are breached, knowing that it was in this report gives absolutely zero info to anyone.

Except if this is the ONLY breach the email was in. Because that might indicate the breach is actually recent.

But figuring this out is again so many levels down that I doubt many can draw that conclusion.

So was it worth loading this or not? I don't know. The fact that there was 19% new emails seems to indicate it was indeed worth it as those people have not previously received any notification. But for the 81% that were already in, the additional notification seems to provide very little value.

So in the end, I think where I'm ending up is that it would be useful if the notification email had a bit more information. That would save me having to HIPB, send verification, log-in, Ctrl+F the new breach and try to figure out if this is a new breach or a repacking.

#HIPB #SOCRADAR #stealerlogs #altertfatigue

https://infosec.exchange/@haveibeenpwned/112931402069232920

The correct name for #SOCRadar disclosure isn't “Not SOCRadar” but rather “Scrap SOCRadar”, as it involved a #scraping operation on the SOCRadar platform, as they themselves admitted. 😉

ℹ️ Also, let's be clear: this so-called leak contains no sensitive data, just emails.

Tiens, ce matin certains de mes domaines perso beepent chez haveibeenpwned

Apparemment quelqu'un aurait agregé des identifiants en utilisant la solution CTI de SOCRadar

(entre autres des extractions de collections Telegram)
⬇️
"In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format."
👇
https://haveibeenpwned.com/

"The investigation revealed that SOCRadar’s internal systems were not breached. The threat actor acquired a license from SOCRadar under a legitimate company name, providing access to the platform similar to any other customer. With this account, the actor could search for well-known domain names, collect Telegram channel names, and crawl these channels to harvest email addresses."
👇
https://socradar.io/socradars-response-to-the-usdods-claim-of-scraping-330-million-emails/

#CyberVeille #SOCRadar #aveibeenpwned #infosec

Would you like to map your company's digital assets and identify potential security risks with #SOCRadar's External #AttackSurface Management?

https://t.co/FyseB3OaFw

#OSINT #ThreatIntel #intelligence #CyberSecurity #infosec #CTI #BlueTeam #vulnerability

Why do #APT groups prefer to use Open Source RATs?

You can check #SOCRadar's blog.

Link: https://socradar.io/open-source-rats-leveraged-by-apt-groups/

#OSINT #ThreatIntel #intelligence #CTI #infosec #cybersecurity #malware #threathunting #TTPs #IoCs

Need to stay ahead of the threats affecting the #healthcare sector?

Check out the Healthcare Threat Landscape report.

Link: https://socradar.io/the-state-of-cybersecurity-in-healthcare-a-review-of-socradars-healthcare-threat-landscape-report/

#SOCRadar #OSINT #ThreatIntel #DarkWeb #DeepWeb #Ransomware #Phishing #vulnerability #intelligence #CTI

Sensitive Data of 65,000+ Entities in 111 Countries Leaked due to a Single Misconfigured Data Bucket

https://socradar.io/sensitive-data-of-65000-entities-in-111-countries-leaked-due-to-a-single-misconfigured-data-bucket

https://msrc-blog.microsoft.com/2022/10/19/investigation-regarding-misconfigured-microsoft-storage-location-2/

#azure #leak #socradar