<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>breaches &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/breaches/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Mon, 20 Oct 2025 16:58:59 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Serious F5 Breach</title>
		<link>https://noise.getoto.net/2025/10/23/serious-f5-breach/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 23 Oct 2025 11:04:48 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[disclosure]]></category>
		<category><![CDATA[Network security]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=71041</guid>

					<description><![CDATA[<p><a href="https://arstechnica.com/security/2025/10/breach-of-f5-requires-emergency-action-from-big-ip-users-feds-warn/">This</a> is bad:</p>
<blockquote><p>F5, a Seattle-based maker of networking software, <a href="https://my.f5.com/manage/s/article/K000154696">disclosed the breach</a> on Wednesday. F5 said a “sophisticated” threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a “long-term.” Security researchers who have responded to similar intrusions in the past took the language to mean the hackers were inside the F5 network <a href="https://cyberplace.social/@GossiTheDog/115378445416288653">for years</a>.</p>
<p>During that time, F5 said, the hackers took control of the network segment the company uses to create and distribute updates for BIG IP, a line of server appliances that F5 ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>DOGE as a National Cyberattack</title>
		<link>https://noise.getoto.net/2025/02/13/doge-as-a-national-cyberattack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 13 Feb 2025 12:03:26 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69910</guid>

					<description><![CDATA[<p>In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound.</p>
<p>First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had <a href="https://bsky.app/profile/wyden.senate.gov/post/3lh5ejpwncc23">accessed</a> <a href="https://www.nytimes.com/2025/02/01/us/politics/elon-musk-doge-federal-payments-system.html">the</a> <a href="https://nymag.com/intelligencer/article/elon-musk-doge-treasury-access-federal-payments.html">US</a> <a href="https://therecord.media/union-groups-sue-treasury-over-giving-doge-access-to-data">Treasury</a> computer system, giving them the ability to collect data on and potentially control the department’s roughly ...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Former Uber CISO Appealing His Conviction</title>
		<link>https://noise.getoto.net/2023/10/19/former-uber-ciso-appealing-his-conviction/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 19 Oct 2023 11:08:36 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[ftc]]></category>
		<category><![CDATA[regulation]]></category>
		<category><![CDATA[uber]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67968</guid>

					<description><![CDATA[<p>Joe Sullivan, Uber’s CEO during their 2016 data breach, is <a href="https://www.darkreading.com/attacks-breaches/former-uber-ciso-appeals-conviction-over-2016-data-breach">appealing</a> his conviction.</p>
<blockquote><p>Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. The government argued that Sullivan should have informed the FTC of the 2016 incident, but instead went out of his way to conceal it from them.</p>
<p>Prosecutors also accused Sullivan of attempting to conceal the breach itself by paying $100,000 to buy the silence of the two hackers behind the compromise. Sullivan had characterized the payment as a bug bounty similar to ones that other companies routinely make to researchers who report vulnerabilities and other security issues to them. His lawyers pointed out that Sullivan had made the payment with the full knowledge and blessing of Travis Kalanick, Uber’s CEO at the time, and other members of the ride-sharing giant’s legal team...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>How Attorneys Are Harming Cybersecurity Incident Response</title>
		<link>https://noise.getoto.net/2023/06/07/how-attorneys-are-harming-cybersecurity-incident-response/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 07 Jun 2023 11:06:33 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[breaches]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[incident response]]></category>
		<category><![CDATA[insurance]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67426</guid>

					<description><![CDATA[<p>New paper: “<a href="https://www.usenix.org/system/files/sec23fall-prepub-292-woods.pdf">Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys</a>“:</p>
<blockquote><p><b>Abstract:</b> Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers. This paper explores these impacts via a multi-stage, mixed methods research design that involved 69 expert interviews, data on commercial relationships, and an online validation workshop. The first stage of our study established 11 stylized facts that describe how cyber insurance sends work to a small numbers of IR firms, drives down the fee paid, and appoints lawyers to direct technical investigators. The second stage showed that lawyers when directing incident response often: introduce legalistic contractual and communication steps that slow-down incident response; advise IR practitioners not to write down remediation steps or to produce formal reports; and restrict access to any documents produced...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>SolarWinds Detected Six Months Earlier</title>
		<link>https://noise.getoto.net/2023/05/03/solarwinds-detected-six-months-earlier/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 03 May 2023 10:13:58 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[intrusion detection]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67299</guid>

					<description><![CDATA[<p><a href="https://www.wired.com/story/solarwinds-hack-public-disclosure/">New reporting</a> from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandiant detected it in December 2020, but didn’t realize what it detected—and so ignored it.</p>
<blockquote><p>WIRED can now confirm that the operation was actually discovered by the DOJ six months earlier, in late May 2020­—but the scale and significance of the breach wasn’t immediately apparent. Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The software, used by system administrators to manage and configure networks, was communicating externally with an unfamiliar system on the internet. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked. It also engaged Microsoft, though it’s not clear why the software maker was also brought onto the investigation...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>SolarWinds and Market Incentives</title>
		<link>https://noise.getoto.net/2023/02/08/solarwinds-and-market-incentives/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 08 Feb 2023 11:46:43 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[economics of security]]></category>
		<category><![CDATA[essays]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66762</guid>

					<description><![CDATA[<p>In early 2021, <em>IEEE Security and Privacy</em> asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response.</p>
<p>The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the board. The lessons are many, but I want to focus on one important one we’ve learned: the software that’s managing our critical networks isn’t secure, and that’s because the market doesn’t reward that security.</p>
<p>SolarWinds is a perfect example. The company was the initial infection vector for much of the operation. Its trusted position inside so many critical networks made it a perfect target for a supply-chain attack, and its shoddy security practices made it an easy target...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>LastPass Breach</title>
		<link>https://noise.getoto.net/2022/12/26/lastpass-breach/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 26 Dec 2022 12:06:18 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[cloud computing]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[Password Safe]]></category>
		<category><![CDATA[passwords]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66411</guid>

					<description><![CDATA[<p>Last August, LastPass <a href="https://www.schneier.com/blog/archives/2022/12/lastpass-security-breach.html">reported</a> a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story <a href="https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/">is worse</a>:</p>
<blockquote><p>While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service.</p>
<p>[…]</p>
<p>To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>LastPass Security Breach</title>
		<link>https://noise.getoto.net/2022/12/02/lastpass-security-breach/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 02 Dec 2022 12:09:45 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[passwords]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66298</guid>

					<description><![CDATA[The company was hacked, and customer information accessed. No passwords were compromised.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Twitter Exposes Personal Information for 5.4 Million Accounts</title>
		<link>https://noise.getoto.net/2022/08/12/twitter-exposes-personal-information-for-5-4-million-accounts/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 12 Aug 2022 14:13:25 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[twitter]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65771</guid>

					<description><![CDATA[<p>Twitter <a href="https://privacy.twitter.com/en/blog/2022/an-issue-affecting-some-anonymous-accounts">accidentally exposed</a> the personal information—including phone numbers and email addresses—for 5.4 million accounts. And someone was trying to sell this information.</p>
<blockquote><p>In January 2022, we received a report through our <a href="https://help.twitter.com/en/rules-and-policies/reporting-security-vulnerabilities">bug bounty program</a> of a vulnerability in Twitter’s systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any. This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability. ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Excellent Write-up of the SolarWinds Security Breach</title>
		<link>https://noise.getoto.net/2021/08/30/excellent-write-up-of-the-solarwinds-security-breach/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 30 Aug 2021 11:24:06 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=63616</guid>

					<description><![CDATA[Robert Chesney wrote up the Solar Winds story as a case study, and it&#8217;s a really good summary.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Details of the Recent T-Mobile Breach</title>
		<link>https://noise.getoto.net/2021/08/27/details-of-the-recent-t-mobile-breach/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 27 Aug 2021 13:37:12 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[cell phones]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[T-Mobile]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=63614</guid>

					<description><![CDATA[Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security.
I&#8217;ve lost count of how many times T-Mobile has been hacked.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>More on the SolarWinds Breach</title>
		<link>https://noise.getoto.net/2020/12/17/more-on-the-solarwinds-breach/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 17 Dec 2020 20:18:42 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[russia]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60612</guid>

					<description><![CDATA[<p>The <i>New York Times</i> has <a href="https://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html">more details</a>.</p>
<blockquote><p>About 18,000 private and government users downloaded a Russian tainted software update &#8211;&#173; a Trojan horse of sorts &#173;&#8211; that gave its hackers a foothold into victims&#8217; systems, according to SolarWinds, the company whose software was compromised.</p>
<p>Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies. While the presence of the software is not by itself evidence that each network was compromised and information was stolen, investigators spent Monday trying to understand the extent of the damage in what could be a significant loss of American data to a foreign attacker...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>How the SolarWinds Hackers Bypassed Duo&#8217;s Multi-Factor Authentication</title>
		<link>https://noise.getoto.net/2020/12/15/how-the-solarwinds-hackers-bypassed-duos-multi-factor-authentication/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 15 Dec 2020 20:13:01 +0000</pubDate>
				<category><![CDATA[authentication]]></category>
		<category><![CDATA[breaches]]></category>
		<category><![CDATA[Network security]]></category>
		<category><![CDATA[two-factor authentication]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60605</guid>

					<description><![CDATA[<p>This is <a href="https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/">interesting</a>:</p>
<blockquote><p>Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. This was unexpected for a few reasons, not least of which was the targeted mailbox was protected by MFA. Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo. The logs from the Duo authentication server further showed that no attempts had been made to log into the account in question. Volexity was able to confirm that session hijacking was not involved and, through a memory dump of the OWA server, could also confirm that the attacker had presented cookie tied to a Duo MFA session named ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>FireEye Hacked</title>
		<link>https://noise.getoto.net/2020/12/09/fireeye-hacked/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 09 Dec 2020 12:36:14 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[Network security]]></category>
		<category><![CDATA[russia]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60553</guid>

					<description><![CDATA[<p>FireEye was <a href="https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html">hacked</a> by &#8212; they believe &#8212; &#8220;a nation with top-tier offensive capabilities&#8221;:</p>
<blockquote><p>During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers&#8217; security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers. None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 39/217 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-10 04:33:24 by W3 Total Cache
-->