SwiftOnSecurity

Last updated

SwiftOnSecurity is a pseudonymous computer security expert and influencer on Twitter, Mastodon, and Bluesky, [1] inspired by Taylor Swift. [2] [3] [4] As of May 2024, they have over 405,400 followers. [5] The account was originally created to post Taylor Swift-related memes about the Heartbleed bug. The name was chosen due to Swift's caution with regard to digital security, and the account's original focus on cybersecurity. [6] The account has been cited in news articles about computer security. [7] [8] They are a Microsoft MVP, and work as an endpoint monitoring lead for a Fortune 500 company. [9] Their blog contains general computer security advice, with a large amount dedicated to Windows and phishing. [10]

Contents

Atlassian vulnerability

In December 2019, SwiftOnSecurity tweeted about an issue in Atlassian software that embedded the private key of a domain. This turned out to be a security vulnerability, and was assigned CVE - 2019-15006. [11]

Related Research Articles

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of cybercrime.

<span class="mw-page-title-main">Jira (software)</span> Issue-tracking product developed by Atlassian

Jira is a proprietary product developed by Atlassian that allows bug tracking, issue tracking and agile project management. Jira is used by a large number of clients and users globally for project, time, requirements, task, bug, change, code, test, release, sprint management.

LastPass is a password manager application. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.

<span class="mw-page-title-main">Atlassian</span> American-Australian software company

Atlassian Corporation is an Australian software company that specializes in collaboration tools designed primarily for software development and project management. The company is globally headquartered in Sydney, Australia, with a US headquarters in San Francisco, and over 12,000 employees across 14 countries. Atlassian currently serves over 300,000 customers in over 200 countries across the globe.

Cyberwarfare by China is the aggregate of cyberattacks attributed to the organs of the People's Republic of China and various related advanced persistent threat (APT) groups.

<span class="mw-page-title-main">Elie Bursztein</span> French computer scientist and hacker (born 1980)

Elie Bursztein, is a French computer scientist and software engineer. He is Google and DeepMind AI cybersecurity technical and research lead.

Identity-based security is a type of security that focuses on access to digital information or services based on the authenticated identity of an entity. It ensures that the users and services of these digital resources are entitled to what they receive. The most common form of identity-based security involves the login of an account with a username and password. However, recent technology has evolved into fingerprinting or facial recognition.

Cozy Bear is a Russian advanced persistent threat hacker group believed to be associated with Russian foreign intelligence by United States intelligence agencies and those of allied countries. Dutch signals intelligence (AIVD) and American intelligence had been monitoring the group since 2014 and was able to link the hacker group to the Russian foreign intelligence agency (SVR) after compromising security cameras in their office. CrowdStrike and Estonian intelligence reported a tentative link to the Russian domestic/foreign intelligence agency (FSB). Various groups designate it CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452 with a tentative connection to Russian hacker group YTTRIUM. Symantec reported that Cozy Bear had been compromising diplomatic organizations and national governments since at least 2010. Der Spiegel published documents in 2023 purporting to link Russian IT firm NTC Vulkan to Cozy Bear operations.

The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

<span class="mw-page-title-main">Troy Hunt</span> Australian web security expert

Troy Adam Hunt is an Australian web security consultant known for public education and outreach on security topics. He created and operates Have I Been Pwned?, a data breach search website that allows users to see if their personal information has been compromised. He has also authored several popular security-related courses on Pluralsight, and regularly presents keynotes and workshops on security topics. He created ASafaWeb, a tool that formerly performed automated security analysis on ASP.NET websites.

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.

<span class="mw-page-title-main">OurMine</span> Hacker group

OurMine is a hacker group that is known for hacking popular accounts and websites, such as Jack Dorsey and Mark Zuckerberg's Twitter accounts. The group often causes cybervandalism to advertise their commercial services, which is among the reasons why they are not widely considered to be a "white hat" group.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

<span class="mw-page-title-main">Petya (malware family)</span> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the users make a payment in Bitcoin in order to regain access to the system.

Charming Kitten, also called APT35, Phosphorus or Mint Sandstorm, Ajax Security, and NewsBeef, is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

<span class="mw-page-title-main">Bluesky</span> Social media service

Bluesky is a microblogging social media service. Similar to Twitter, users can share short text messages, images, and videos in short posts colloquially known as "skeets". It is owned by Bluesky Social PBC, a public benefit corporation based in the United States.

References

  1. "SwiftOnsecurity: 'Oh lord'". Bluesky . November 13, 2024. Retrieved November 13, 2024.
  2. Conger, Kate (September 5, 2019). "The Work Diary of Parisa Tabriz, Google's 'Security Princess'". The New York Times . ISSN   0362-4331 . Retrieved February 23, 2020.
  3. Whittaker, Zack. "When security meets sarcasm: Taylor Swift brings infosec to the masses". ZDNet . Retrieved February 23, 2020.
  4. Zimmerman, Jess (June 18, 2015). "Parody Twitter accounts have more freedom than you and I ever will | Jess Zimmerman". The Guardian . ISSN   0261-3077 . Retrieved February 23, 2020.
  5. "SwiftOnSecurity (@SwiftOnSecurity) | Twitter". Twitter . Retrieved December 27, 2022.
  6. Hern, Alex (January 29, 2019). "How Taylor Swift became a cybersecurity icon". The Guardian. ISSN   0261-3077 . Retrieved February 23, 2020.
  7. "Password expiration is dead, long live your passwords". TechCrunch . June 2, 2019. Retrieved February 23, 2020.
  8. "Google Busy Removing More Malicious Chrome Extensions from Web Store". threatpost.com. October 13, 2017. Retrieved February 23, 2020.
  9. "About this site". Decent Security. Retrieved February 23, 2020.
  10. "Decent Security". Decent Security. Retrieved February 23, 2020.
  11. Thomas, Claburn. "Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter". The Register . Retrieved February 23, 2020.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.