#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

data breach | Breaking Cybersecurity News | The Hacker News

Category — data breach
Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China

Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China

Mar 07, 2024 Artificial Intelligence / Corporate Espionage
The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who was arrested on March 6, 2024, "transferred sensitive Google trade secrets and other confidential information from Google's network to his personal account while secretly affiliating himself with PRC-based companies in the AI industry," the DoJ  said . The defendant is said to have pilfered from Google over 500 confidential files containing artificial intelligence (AI) trade secrets with the goal of passing them on to two unnamed Chinese companies looking to gain an edge in the ongoing AI race. "While Linwei Ding was employed as a software engineer at Google, he was secretly working to enrich himself and two companies based in the People's Republic of China," sa...
Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams

Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams

Mar 05, 2024 Cybercrime / Malware
A new DNS threat actor dubbed  Savvy Seahorse  is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. "Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to a personal account, and then transfers those deposits to a bank in Russia," Infoblox  said  in a report published last week. Targets of the campaigns include Russian, Polish, Italian, German, Czech, Turkish, French, Spanish, and English speakers, indicating that the threat actors are casting a wide net in their attacks. Users are lured via ads on social media platforms like Facebook, while also tricking them into parting with their personal information in return for alleged high-return investment opportunities through fake ChatGPT and WhatsApp bots. The financial scam campaigns are notable for using DNS canonical name (CNAME) records to create a traffic distribution system ( TDS ), thereb...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Nov 22, 2024Google Workspace / SaaS Backup
Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamless digital transformation that's both scalable and adaptable. As companies shift from traditional, on-premises setups focused on device security, to more user-centered, hybrid models, Google Workspace is perfectly positioned to support this evolution. Now, the user account itself is the central hub, allowing access from any device or location — a game changer in today's remote and distributed work environments. However, with all this connectivity and flexibility comes a challenge. Google Workspace connects to countless apps and touches every user in the organization, making it an appealing target for cybercriminals. The platform's internet accessibility opens up additional entry points, raisi...
U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

Mar 02, 2024 Spyware / Privacy
A U.S. judge has ordered NSO Group to hand over its source code for  Pegasus  and other remote access trojans to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which  filed the lawsuit  in October 2019 for using its infrastructure to  distribute the spyware  to approximately 1,400 mobile devices between April and May. This also  included  two dozen Indian activists and journalists. These attacks leveraged a then zero-day flaw in the instant messaging app ( CVE-2019-3568 , CVSS score: 9.8), a critical  buffer overflow bug  in the voice call functionality, to deliver Pegasus by merely placing a call, even in scenarios where the calls were left unanswered. In addition, the attack chain included steps to erase the incoming call information from the logs in an attempt to sidestep detection. Court documents released late last month show t...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI

How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI

Feb 29, 2024 Attack Surface / Incident Response
As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organization safe. But with threats coming from all around — and hackers dreaming up new exploits every day — how do you create proactive, agile cybersecurity strategies? And what cybersecurity approach gives you the most bang for your buck, mitigating your risks and maximizing the value of your cybersecurity investments? Let's take a closer look at the trends that are impacting organizations today, including the growing reach of data breaches and the increase in cybersecurity spending, and explore how you can get the most out of your cybersecurity resources, effectively securing your digital assets and maintaining your organization's integrity in the face of ever-evolving cyber threats. Successful data breaches In 2022, the number of people affected by data breaches increased significantly. According to the  Identity Theft Resource Center's 2022 Data Breach Report , more than ...
LockBit Ransomware Group Resurfaces After Law Enforcement Takedown

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown

Feb 26, 2024 Dark Web / Threat Intelligence
The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise  seized control  of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TOR network, listing 12 new victims as of writing. The administrator behind LockBit, in a  lengthy follow-up message , said some of their websites were confiscated by most likely exploiting a critical PHP flaw tracked as CVE-2023-3824, acknowledging that they didn't update PHP due to "personal negligence and irresponsibility." "I realize that it may not have been this CVE, but something else like 0-day for PHP, but I can't be 100% sure, because the version installed on my servers was already known to have a known vulnerability, so this is most likely how the victims' admin and chat panel servers and the blog server were accessed," they noted. They also cla...
Cybersecurity for Healthcare—Diagnosing the Threat Landscape and Prescribing Solutions for Recovery

Cybersecurity for Healthcare—Diagnosing the Threat Landscape and Prescribing Solutions for Recovery

Feb 21, 2024 Endpoint Security / Healthcare
On Thanksgiving Day 2023, while many Americans were celebrating, hospitals across the U.S. were doing quite the opposite. Systems were failing. Ambulances were diverted. Care was impaired. Hospitals in three states were  hit by a ransomware attack , and in that moment, the real-world repercussions came to light—it wasn't just computer networks that were brought to a halt, but actual patient care itself.  Cybercriminals are more brazen than ever, targeting smaller healthcare organizations for big payouts. Sure, it would be nice to believe thieves once lived by a code of conduct, but if one ever existed, it's been torn to shreds and tossed into the wind. Sophisticated hacker groups are now more than happy to launch cyberattacks on medical clinics, nursing homes, and other health service providers. Small- to mid-sized healthcare organizations have, unfortunately, become vulnerable targets from which cybercriminals can easily steal sensitive data, extort heavy ransoms, and, wors...
LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

Feb 20, 2024 Ransomware / Data Protection
The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called  Operation Cronos . "Some of the data on LockBit's systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it does not guarantee that data will be deleted, despite what the criminals have promised," the agency  said . It also announced the arrest of two LockBit actors in Poland and Ukraine. Over 200 cryptocurrency accounts linked to the group have been frozen. Indictments and sanctions have also been unsealed in the U.S. against two other Russian nationals who are alleged to have carried out LockBit attacks. Artur Sungatov and Ivan Gennadievich Kondratiev (aka Bassterlord) have been accused of deploying LockBit against numerous victims throughout the U.S., including businesses nationw...
How Businesses Can Safeguard Their Communication Channels Against Hackers

How Businesses Can Safeguard Their Communication Channels Against Hackers

Feb 17, 2024 Cybersecurity / Risk Mitigation
Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer experience and higher satisfaction.  However, business communication channels are also a major target for cybercriminals. In recent years, especially since the pandemic, the number of cyberattacks has skyrocketed.  Statistics show  that last year alone, the number of hacks shot up by 38%. Worse, it still takes a business 277 days on average to identify a breach, causing a loss of $4.35 on average. So, how can businesses safeguard their communication channels against hackers, while still providing the best possible experience for customers and maintaining team productivity? Here's everything you need to know – and which  mistakes you need to avoid . Use Secure Platforms  ...
U.S. State Government Network Breached via Former Employee's Account

U.S. State Government Network Breached via Former Employee's Account

Feb 16, 2024 Cybersecurity / Data Breach
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee. "This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point," the agency  said  in a joint advisory published Thursday alongside the Multi-State Information Sharing and Analysis Center (MS-ISAC). "The threat actor connected to the [virtual machine] through the victim's VPN with the intent to blend in with legitimate traffic to evade detection." It's suspected that the threat actor obtained the credentials following a separate data breach owing to the fact that the credentials appeared in publicly available channels containing leaked account information. The admin account, which had access to a virtualized SharePoint server, also enabled the attackers to access another set ...
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024 Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl...
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Feb 13, 2024 SaaS Security / Data Breach
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and vulnerabilities in third-party app integrations demonstrate the complex security challenges facing IT systems. In the case of Midnight Blizzard, password spraying against a test environment was the initial attack vector. For Cloudflare-Atlassian, threat actors initiated the attack via compromised  OAuth tokens  from a prior breach at Okta, a SaaS identity security provider.  What Exactly Happened? Microsoft Midnight Blizzard Breach Microsoft was targeted by the Russian "Midnight Blizzard" hackers (also known as Nobelium, APT29, or Cozy Bear) who are linked to the SVR, the Kremlin's forei...
Expert Insights / Articles Videos
Cybersecurity Resources