#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

NSA | Breaking Cybersecurity News | The Hacker News

Category — NSA
Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

May 01, 2024 National Security / Insider Threat
A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust,"  said  FBI Director Christopher Wray. Jareh Sebastian Dalke, 32, of Colorado Springs was employed as an Information Systems Security Designer between June 6 to July 1, 2022, during which time he had access to sensitive information. Despite his short tenure at the intelligence agency, Dalke is said to have made contact with a person he thought was a Russian agent sometime between August and September of that year. In reality, the person was an undercover agent working for the Federal Bureau of Investigation (FBI). To demonstrate his "legitimate access and willingness to share," he the...
NSA Admits Secretly Buying Your Internet Browsing Data without Warrants

NSA Admits Secretly Buying Your Internet Browsing Data without Warrants

Jan 29, 2024 Surveillance / Data Privacy
The U.S. National Security Agency (NSA) has admitted to buying internet browsing records from data brokers to identify the websites and apps Americans use that would otherwise require a court order, U.S. Senator Ron Wyden said last week. "The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans' privacy are not just unethical, but illegal," Wyden  said  in a letter to the Director of National Intelligence (DNI), Avril Haines, in addition to urging the government to take steps to "ensure that U.S. intelligence agencies only purchase data on Americans that has been obtained in a lawful manner." Metadata about users' browsing habits can pose a serious privacy risk, as the information could be used to glean personal details about an individual based on the websites they frequent. This could include websites that offer resources related to mental health, assistance for survivors of sexual assault or do...
How AI Is Transforming IAM and Identity Security

How AI Is Transforming IAM and Identity Security

Nov 15, 2024Machine Learning / Identity Security
In recent years, artificial intelligence (AI) has begun revolutionizing Identity Access Management (IAM), reshaping how cybersecurity is approached in this crucial field. Leveraging AI in IAM is about tapping into its analytical capabilities to monitor access patterns and identify anomalies that could signal a potential security breach. The focus has expanded beyond merely managing human identities — now, autonomous systems, APIs, and connected devices also fall within the realm of AI-driven IAM, creating a dynamic security ecosystem that adapts and evolves in response to sophisticated cyber threats. The Role of AI and Machine Learning in IAM AI and machine learning (ML) are creating a more robust, proactive IAM system that continuously learns from the environment to enhance security. Let's explore how AI impacts key IAM components: Intelligent Monitoring and Anomaly Detection AI enables continuous monitoring of both human and non-human identities , including APIs, service acc...
Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government

Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government

Oct 03, 2022
A former U.S. National Security Agency (NSA) employee has been arrested on charges of attempting to sell classified information to a foreign spy, who was actually an undercover agent working for the Federal Bureau of Investigation (FBI). Jareh Sebastian Dalke, 30, was employed at the NSA for less than a month from June 6, 2022, to July 1, 2022, serving as an Information Systems Security Designer as part of a temporary assignment in Washington D.C. According to an  affidavit  filed by the FBI, Dalke was also a member of the U.S. Army from about 2015 to 2018 and held a Secret security clearance, which he received in 2016. The defendant further held a Top Secret security clearance during his tenure at the NSA. "Between August and September 2022, Dalke used an encrypted email account to transmit excerpts of three classified documents he had obtained during his employment to an individual Dalke believed to be working for a foreign government," the Justice Department (DoJ) ...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Warning: PyPI Feature Executes Code Automatically After Python Package Download

Warning: PyPI Feature Executes Code Automatically After Python Package Download

Sep 02, 2022
In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb  said  in a technical report published this week. "Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates." One of the ways by which packages can be installed for Python is by executing the " pip install " command, which, in turn, invokes a file called "setup.py" that comes bundled along with the module. "setup.py," as the name implies, is a  setup script  that's used to specify metadata associated wit...
Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

Apr 21, 2022
The Five Eyes nations have released a  joint cybersecurity advisory  warning of increased  malicious attacks  from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks," authorities from Australia, Canada, New Zealand, the U.K., and the U.S.  said . "Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners." The  advisory  follows  another alert  from the U.S. government cautioning of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and su...
Expert Insights / Articles Videos
Cybersecurity Resources