My colleague, 1Password Senior Security Specialist (and all round stand-up guy) Chris Butler, and I recently chatted about a trend that’s emerged over the past few years: attempts to capitalize on cybersecurity incidents through self-promotion.

The Uber data breach began with the purchase of stolen credentials belonging to an Uber employee from a dark web marketplace. The hacker tried to log into Uber’s network with these credentials but was unsuccessful because the account was protected by MFA. To overcome this security barrier, the hacker contacted the employee and, while pretending to be a member of Uber’s security team, asked them to accept the MFA push notification sent to their phone.

Read also: An FBI-wanted leader of the “Zeus” gang arrested in Geneva, hundreds of Amazon RDS instances leak personal data, and more.

Cloud storage misconfigurations continue to become more prevalent and problematic for organizations as they expand their cloud infrastructure, driving the importance of technologies such as cloud security posture management (CSPM) as crucial tools for protectors everywhere. Consider the recently reported public exposure of data associated with some Microsoft customers and prospects.

‍Dark web monitoring is the process of tracking your organization’s information on the dark web. Dark web monitoring solutions can scan through billions of pages on the internet to find leaked or stolen information, such as compromised passwords, credentials, intellectual property, and other sensitive data being shared and sold among cybercriminals operating on the dark web.

In this post, the three major cyber threats facing businesses impacted by the Optus breach are discussed. Security responses for each threat are also mentioned to help you reduce the potential of these risks developing into breaches.

The Medibank hack began with the theft of credentials belonging to an individual with privileged access to Medibank’s internal systems. These credentials were sold and purchased on the dark web by an unconfirmed buyer who used them to gain access to Medibank’s internal system.

When a data breach appears in the news (which has happened a lot recently), many of us picture a hacker in a black hoodie, trawling through reams of code on a custom-built PC. We often imagine them finding a single mistake – a zero that should be a one, or vice versa – that lets them slip through a company’s defenses.

Note: This report was previously published in InfoWorld When developing the recently announced JFrog Advanced Security, our Research team decided to try out its new “Secrets Detection” feature. Our goal was to test our vulnerability detection on as much real world data as possible, to make sure we eliminate false positives and catch any bugs in our code.