#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

cyber weapon | Breaking Cybersecurity News | The Hacker News

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents
Feb 02, 2024 National Security / Data Breach
A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York (SDNY) for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally charged in June 2018. He was  found guilty  in July 2022. On September 13, 2023, he was  convicted  on charges of receiving, possessing, and transporting child pornography. In addition to the prison term, Schulte has been sentenced to a lifetime of supervised release. "Schulte's theft is the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information in the history of the U.S.," the U.S. Department of Justice (DoJ)  said . The sensitive information shared by Schulte included a tranche of  hacking tools and exploits  that were denominated as  Vault 7  and 

Activities in the Cybercrime Underground Require a New Approach to Cybersecurity

Activities in the Cybercrime Underground Require a New Approach to Cybersecurity
Jun 16, 2023
As Threat Actors Continuously Adapt their TTPs in Today's Threat Landscape, So Must You Earlier this year, threat researchers at Cybersixgill released the annual report,  The State of the Cybercrime Underground .  The research stems from an analysis of Cybersixgill's collected intelligence items throughout 2022, gathered from the deep, dark and clear web. The report examines the continuous evolution of threat actors' tactics, tools, and procedures (TTPs) in the Digital Age – and how organizations can adapt to reduce risk and maintain business resilience. This article summarizes a few of the report's findings, including trends in credit card fraud, observations about cryptocurrency, AI developments and how they're lowering barriers to entry to cybercrime, and the rise of cybercriminal "as-a-service" activities. Further below, I also discuss the need for a new security approach, combining attack surface management (ASM) and cyber threat intelligence (CTI) to

SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework
Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a

Classified U.S. Defense Network Outage Hits Air Force's Secret Drone Operations

Classified U.S. Defense Network Outage Hits Air Force’s Secret Drone Operations
Oct 13, 2016
U.S. drones are again in news for killing innocent people. The Air Force is investigating the connection between the failure of its classified network, dubbed SIPRNet, at Creech Air Force Base and a series of high-profile airstrikes that went terribly wrong in September this year. Creech Air Force Base is a secret facility outside Las Vegas, where military and Air Force pilots sitting in dark and air-conditioned rooms, 7100 miles from Syria and Afghanistan, remotely control their " targeted killing " drone campaign in a video-game-style warfare. From this ground zero, Air Force pilots fire missiles just by triggering a joystick on a targeted areas half a world away, as well as operate drones for surveillance and intelligence gathering. Drone operation facility at Creech Air Force Base -- a key base for worldwide drone and targeted killing operations -- has been assigned as ' Special Access Programs ', to access SIPRnet. What is SIPRnet? SIPRNet, or Secret Int

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

cyber security
websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.

New BlackEnergy Crimeware Enhanced to Target Linux Systems and Cisco Routers

New BlackEnergy Crimeware Enhanced to Target Linux Systems and Cisco Routers
Nov 05, 2014
Security researchers at Kaspersky Lab have unearthed new capabilities in the BlackEnergy Crimeware weapon that has now ability to hacking  routers , Linux systems and Windows, targeting industry through Cisco network devices. The antivirus vendor's Global Research & Analysis Team released a report Monday detailing some of the new " relatively unknown " custom plug-in capabilities that the cyber espionage group has developed for BlackEnergy to attack Cisco networking devices and target ARM and MIPS platforms. The malware was upgraded with custom plugins including Ciscoapi.tcl which targets The Borg's kit, and According to researchers, the upgraded version contained various wrappers over Cisco EXEC-commands and " a punchy message for Kaspersky , " which reads, " F*uck U, Kaspersky!!! U never get a fresh B1ack En3rgy. So, thanks C1sco 1td for built-in backd00rs & 0-days. " BlackEnergy malware program was originally created and used by cy

Obama Lets NSA Use Zero-Day Exploits by labeling it as 'National Security Need'

Obama Lets NSA Use Zero-Day Exploits by labeling it as 'National Security Need'
Apr 14, 2014
On Saturday, the Senior Administration Officials cast light on the subject of Internet Security and said President Obama has clearly decided that whenever the U.S. Intelligence agency like NSA discovers major vulnerabilities, in most of the situations the agency should reveal them rather than exploiting for national purpose, according to The New York Times . OBAMA's POLICY WITH LOOPHOLE FOR NSA Yet, there is an exception to the above statement, as Mr. President carved a detailed exception to the policy " Unless there is a clear national security or law enforcement need, " which means that the policy creates a loophole for the spying agencies like NSA to sustain their surveillance programs by exploiting security vulnerabilities to create Cyber Weapons. After three-month review of recommendations [ PDF-file ], the Final Report of the Review Group on Intelligence and Communications Technologies was submitted to Mr. Obama on last December, out of which one of the recommendation on pa
Cybersecurity Resources