#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

cyber forensics | Breaking Cybersecurity News | The Hacker News

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

Jan 23, 2024 Cyber Crime / Dark Web
Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias "pompompurin," was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a $300,000 bond, and in July 2023, he pleaded guilty to the charges. BreachForums was a major cyber crime marketplace that facilitated the trafficking of stolen data since March 2022. Prior to its shutdown exactly a year later, the website boasted of over 340,000 members. Among the stolen items commonly sold on the platform were bank account information, Social Security numbers, personally identifying information (PII), hacking tools, breached databases, and account login information for compromised online accounts with service providers and merchants. BreachForums also advertised servic
The Incident Response Challenge 2020 — Results and Solutions Announced

The Incident Response Challenge 2020 — Results and Solutions Announced

Jul 08, 2020
In April 2020, Cynet launched the world's first Incident Response Challenge to test and reward the skills of Incident Response professionals. The Challenge consisted of 25 incidents, in increasing difficulty, all inspired by real-life scenarios that required participants to go beyond the textbook solution and think outside of the box. Over 2,500 IR professionals competed to be recognized as the top incident responders. Now that the competition is over (however, the challenge website is still open for anyone who wants to practice solving the challenges), Cynet makes the detailed solutions available as a free resource for knowledge and inspiration. Providing the thought process and detailed steps to solve each of the challenges will serve as a training aid and knowledge base for incident responders. The Fine Art of Forensic Investigation The core of any IR processes is the forensic investigation. It uncovers the critical path from the initial stage of suspicion or l
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Feb 13, 2024SaaS Security / Data Breach
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and vulnerabilities in third-party app integrations demonstrate the complex security challenges facing IT systems. In the case of Midnight Blizzard, password spraying against a test environment was the initial attack vector. For Cloudflare-Atlassian, threat actors initiated the attack via compromised  OAuth tokens  from a prior breach at Okta, a SaaS identity security provider.  What Exactly Happened? Microsoft Midnight Blizzard Breach Microsoft was targeted by the Russian "Midnight Blizzard" hackers (also known as Nobelium, APT29, or Cozy Bear) who are linked to the SVR, the Kremlin's forei
The Incident Response Challenge 2020 — Win $5,000 Prize!

The Incident Response Challenge 2020 — Win $5,000 Prize!

Apr 21, 2020
Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges that were built by top researchers and analysts. The challenge is available on https://incident-response-challenge.com/ and is open to anyone willing to test his or her investigation skills, between April 21st and May 15th. What's more interesting is that there's a USD 5000 prize for the first-place winner of the challenge. Forensic investigation is at the core of any IR processes and provides the critical path from the initial stage of suspicion or limited attack view to the concrete and actionable knowledge on the attack's root cause and the impact that is essential for recovery and restore operations. The challenge of the incident responder is to identify and collect the scattered traces the attackers have left them and connect the dots to understand the how, what, and where of the atta
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
WikiLeaks Reveals 'Marble' Source Code that CIA Used to Frame Russia and China

WikiLeaks Reveals 'Marble' Source Code that CIA Used to Frame Russia and China

Mar 31, 2017
WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran. Dubbed " Marble ," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer used to hide the true source of CIA malware. The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation. The leaked files indicate that the Marble's source code includes Chinese, Russian, Korean, Arabic and Farsi languages, as well as English, which shows that the CIA has engaged in clever hacking games. "Marble is used to hamper[ing] forensic investigators and anti-virus companies from attributin
Cybersecurity Resources