A former quality assurance employee of National Computer Systems (NCS) was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired. Nagaraju Kandula, 39, pleaded guilty to deleting the virtual servers in an attempt to sabotage the firm’s systems out of spite for getting fired from NCS,…
Read MoreThe Scattered Spider gang has started to steal data from software-as-a-service (SaaS) applications and establish persistence through creating new virtual machines. Also tracked as a.k.a. Octo Tempest, 0ktapus, Scatter Swine, and UNC3944, the gang typically engages in social engineering attacks that use SMS phishing, SIM swapping, and account hijacking for on-premise access. Scattered Spider is the name given…
Read MoreCheck out the NCSC’s call for software vendors to make their products more secure. Plus, why the Treasury Department is looking at how financial institutions are using AI. And the latest on the cybersecurity skills gap in the U.S. And much more! Dive into six things that are top of mind for the week ending…
Read MoreAmerican financial services holding company Globe Life says attackers may have accessed consumer and policyholder data after breaching one of its web portals. The incident was discovered on Thursday, June 13, while reviewing potential vulnerabilities related to access permissions and user identity management for the web portal following an inquiry from a state insurance regulator.…
Read MoreJun 14, 2024The Hacker News Data is growing faster than ever. Remember when petabytes (that’s 1,000,000 gigabytes!) were only for tech giants? Well, that’s so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn’t just about storage anymore. This data is ALIVE—it’s constantly accessed, analyzed, shared, and even used to…
Read MoreJun 14, 2024The Hacker NewsCybersecurity / Regulatory Compliance As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage. Which is why many highly regulated sectors, from finance to utilities, are…
Read MoreDemo of AES GCM Misuse Problems This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode. Tags: AES, algorithms, cryptanalysis, encryption Posted on June 14, 2024 at 7:05 AM • 0 Comments Sidebar photo of Bruce Schneier by Joe MacInnis. Source link lol
Read MoreJun 14, 2024NewsroomDevice Security / Authentication An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. “By adding random user data to the database or using a fake QR code,…
Read MoreThreat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country’s emergence as an influential power has drawn the attention of cyber espionage groups. “North Korean government-backed actors have targeted the Brazilian government and Brazil’s aerospace, technology, and financial services sectors,” Google’s Mandiant and…
Read MoreESET researchers have identified five campaigns targeting Android users with trojanized apps. Most probably carried out by the Arid Viper APT group, these campaigns started in 2022 and three of them are still ongoing at the time of the publication of this blogpost. They deploy multistage Android spyware, which we named AridSpy, that downloads first-…
Read More