Booz Allen Hamilton | Breaking Cybersecurity News | The Hacker News

Sensitive files linked to the United States intelligence agency were reportedly left on a public Amazon server by one of the nation's top intelligence contractor without a password, according to a new report. UpGuard cyber risk analyst Chris Vickery discovered  a cache of 60,000 documents from a US military project for the National Geospatial-Intelligence Agency (NGA) left unsecured on Amazon cloud storage server for anyone to access. The documents included passwords to a US government system containing sensitive information, and the security credentials of a senior employee of Booz Allen Hamilton, one of the country's top defense contractors. Although there wasn't any top secret file in the cache Vickery discovered, the documents included credentials to log into code repositories that could contain classified files and other credentials. Master Credentials to a Highly-Protected Pentagon System were Exposed Roughly 28GB of exposed documents included the privat...

Another Edward Snowden? The FBI has secretly busted another National Security Agency (NSA) contractor over a massive secret data theft. The United States Justice Department charged Harold Thomas Martin , 51, with theft of highly classified government material, including " source codes " developed by the NSA to hack foreign government, according to a court complaint ( PDF ) unsealed on Wednesday. According to the DoJ's chief national security prosecutor John Carlin, Martin was employed by Booz Allen Hamilton , the same consulting firm that employed whistleblower Edward J. Snowden when he disclosed the global surveillance conducted by the NSA. Currently, the FBI is investigating whether Martin stole and leaked highly classified computer source codes developed to hack into the networks of Russia, China, Iran, North Korea and other United States adversaries, the New York Times reports . If stolen, this would be the second time in last 3 years when someone with ...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...