#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for government | Breaking Cybersecurity News | The Hacker News

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps

May 18, 2021
In July 2018, when Guizhou-Cloud Big Data (GCBD)  agreed to a deal  with state-owned telco China Telecom to move iCloud data belonging to Apple's China-based users to the latter's servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Now, according to a  deep-dive report  from The New York Times, Apple's privacy and security concessions have "made it nearly impossible for the company to stop the Chinese government from gaining access to the emails, photos, documents, contacts and locations of millions of Chinese residents." The revelations stand in stark contrast to Apple's commitment to privacy, while also highlighting a pattern of  conceding  to the  demands  of the Chinese government in order to continue its operations in the country. Apple, in 2018, announced iCloud data of users in mainland China would move to a new data center in Guizhou province as part of a partnership with GCBD. The transition was neces
CASPER Surveillance Malware Linked to French Government

CASPER Surveillance Malware Linked to French Government

Mar 05, 2015
Last month, cyber security researchers spotted a new strain of french surveillance malware, dubbed " Babar ," which revealed that even French Government and its spying agency the General Directorate for External Security (DGSE) is dedicatedly involved in conducting surveillance operation just like the United States — NSA and United Kingdom — GCHQ . A powerful piece of surveillance malware, known as " Casper ," has recently been discovered by the Canadian security researchers that once again point fingers at the French government. CASPER SURVEILLANCE MALWARE LINKED TO FRANCE The newly discovered sophisticated Casper surveillance malware is believed to be developed by France based hacking group suspected to have ties with the French government, according to the report published by Motherboard . Report suggests that French hacking group have developed ' Swiss Army knife of spying tools ' which has been used by French government to conduct multipl
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
China Bans Microsoft Windows 8 for Government Computers

China Bans Microsoft Windows 8 for Government Computers

May 20, 2014
While US government is always prohibiting the purchase of Huawei products due to suspected backdoors from the Chinese government, China also keep itself totally apart from the US productions. China is a bit famous for using its own operating systems, smartphone application services and lots more, rather than using the US developed Operating Systems, and now China has reportedly banned the installation of Microsoft Corporation's latest operating system, Windows 8 on any of its government computers. The Central Government Procurement Center issued a notice that was posted on its website last week prohibiting the use of Microsoft's latest operating system and the reason behind it is to support the use of energy-saving products, the report said. But the state news agency ' Xinhua ' pointed out a different reason for the ban saying the country wants to avoid any further losing of the support for an operating system like it did recently by pulling out its support from t
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Deleting WhatsApp Messages Before 90 Days Could Land you in Jail

Deleting WhatsApp Messages Before 90 Days Could Land you in Jail

Sep 22, 2015
While the Indian people continue to struggle for Net Neutrality, a new problem surrounded them with the release of the latest policy for ' National Encryption Policy ' by the Indian Government. If you delete your WhatsApp Messages or Emails that you receive or send before 90 days, it might be a crime and you can End-up In Jail. If the new National Encryption Policy implements that come up with weird suggestions — one should not delete WhatsApp conversation, Gmail or any email for 90 days, it would be an Internet Disaster. With the aim to 'provide confidentiality of information' and ensure 'protection of sensitive or proprietary information', the draft policy, proposed by an so-called ' expert panel ' from the Department of Electronics and Information Technology ( DeitY ) , requires: Access to your Private Data The government wants to have access to all your encrypted information including your personal emails, text and voice messages, and data stored in a privat
Researchers Detail New Malware Campaign Targeting Indian Government Employees

Researchers Detail New Malware Campaign Targeting Indian Government Employees

Nov 04, 2022
The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach . "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications," Zscaler ThreatLabz researcher Sudeep Singh  said  in a Thursday analysis. The cybersecurity company said the advanced persistent threat group has also conducted low-volume credential harvesting attacks in which rogue websites masquerading as official Indian government portals were set up to lure unwitting users into entering their passwords. Transparent Tribe, also known by the monikers APT36, Operation C-Major, and Mythic Leopard, is a suspected Pakistan  adversarial collective  that has a  history  of striking Indian and Afghanistan entities. The latest attack chain is not the first time the threat actor has set its sights o
Fear of NSA PRISM : Indian Government may ban US email services for official communication

Fear of NSA PRISM : Indian Government may ban US email services for official communication

Aug 30, 2013
The Indian Government is planning to ban the use of US based email services like Gmail for official communications to increase the security of confidential government information. The recent disconcerting reports that that India was being spied upon by American intelligence agencies has opened an all new chapter in the cyber security space. As leaked by former US National Security Agency contractor Edward Snowden, that NSA involved in widespread spying and surveillance activities across the globe. The Government plans to send a formal notification to about 500,000 employees across the country, asking them to stick to the official email service provided by India's National Informatics Centre, Time of India Reported. The fact that several government officers in top positions use their Gmail IDs for official communications i.e. Several senior government officials in India, including ministers of state for communications & IT Milind Deora and Kruparani Killi, have t
NSA's PRISM spy program, mining data from nine biggest Internet companies

NSA's PRISM spy program, mining data from nine biggest Internet companies

Jun 07, 2013
The National Security Agency , part of the U.S. military reportedly has a direct line into the systems of some of the world's biggest Web and tech companies, i.e Microsoft, Google, Facebook, Skype. The NSA access is part of a previously undisclosed program called PRISM , 6-year-old program which allows officials to collect real-time information and as well as stored material including search history, the content of emails, file transfers and live chats, according to reports in the Washington Post . Project PRISM may be the first of its kind and also  GCHQ , Britain's equivalent of the NSA, also has been secretly gathering intelligence from the same internet companies through an operation set up by the NSA. Later confirmed by the White House and members of Congress as saying that the government routinely seeks information in its fight to thwart domestic and international terrorism. Other services that are reportedly part of PRISM include PalTalk, Skype, and AOL.
Russian Government Offers $111,000 For Cracking Tor Anonymity Network

Russian Government Offers $111,000 For Cracking Tor Anonymity Network

Jul 26, 2014
The Russian government is offering almost 4 million ruble which is approximately equal to $111,000 to the one who can devise a reliable technology to decrypt data sent over the Tor , an encrypted anonymizing network used by online users in order to hide their activities from law enforcement, government censors, and others. The Russian Ministry of Internal Affairs (MVD) issued a notice on its official procurement website, originally posted on July 11, under the title " шифр «ТОР (Флот)» " ;which translates as " cipher 'TOR' (Navy) " an open call for Tor-cracking proposals whose winner will be chosen by August 20. The MIA specifically wants researchers to " study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network, " according to a translated version of the Russian government's proposal. Only Russian nationals and companies are allowed to take part in the competition " in o
Software Supply-Chain Attack Hits Vietnam Government Certification Authority

Software Supply-Chain Attack Hits Vietnam Government Certification Authority

Dec 17, 2020
Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, the "SignSight" attack involved modifying software installers hosted on the CA's  website  ("ca.gov.vn") to insert a spyware tool called  PhantomNet  or Smanager. According to ESET's telemetry, the breach happened from at least July 23 to August 16, 2020, with the  two installers  in question — "gca01-client-v2-x32-8.3.msi" and "gca01-client-v2-x64-8.3.msi" for 32-bit and 64-bit Windows systems — tampered to include the backdoor. "The compromise of a certification authority website is a good opportunity for APT groups, since visitors are likely to have a high level of trust in a state organization responsible for digital signatures
SOPA in US and Censorship in India: A cocktail to destroy Internet Freedom !

SOPA in US and Censorship in India: A cocktail to destroy Internet Freedom !

Jan 19, 2012
SOPA in US and Censorship in India : A cocktail to destroy Internet Freedom ! As US senators mull over the SOPA(Stopping Online Piracy Act) and PIPA(Protecting Intellectual Property Act) bills, the world stands witness to a historic moment. Almost all big IT companies like Google, Wikipedia, Facebook, Mozilla, Godaddy, etc are speaking in one unanimous voice against SOPA and Internet Censorship. The draconian provisions of SOPA/PIPA are bound to create the deathbed of internet freedom and free speech, and if a careful reading of the proposed legislation is done, one realizes that it is likely to have the same impact on India. In the disguise of protecting copyrights and stopping piracy its completely clear that the US government is trying to assert its control over the free flow of information on internet which is some time uncomfortable to them. Giving power to Attorney General to direct search engines like Google to filter particular search results, or asking an ISP to manipulat
Israel's Verint Systems get a contract from Indian government for interception program

Israel's Verint Systems get a contract from Indian government for interception program

Jul 28, 2013
Soon in December this year, India's new surveillance program - Centralized Monitoring System (CMS) will be able to analyze all telecommunications and Internet communications in India by the government and its agencies.  This means that everything we say or text over the phone, write, post or browse over the Internet will be centrally monitored by Indian authorities. Law enforcement and government agencies intercept, monitor, and analyze communications in order to uncover leads and build the evidence needed to neutralize terrorism and crime. Few days back, BlackBerry has given the necessary permissions for the Indian government to intercept messages sent from BlackBerry devices . According to latest reports - Verint Systems , Israel's cyber intelligence solutions provider , are soon to get a contract from the Indian government to track encrypted communication services such as Gmail, Yahoo . mail, BlackBerry services, Skype and so on. " Verint's leade
India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First

Aug 14, 2023 Data Protection / Privacy
The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill ( DPDPB ) after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto," the Indian government  said . The  long-awaited data protection law  comes months after the Ministry of Electronics and Information Technology (MeitY) released a  draft version  of the bill in November 2022. It has been in the making for over five years, with a first draft released in July 2018. A year before, India's Supreme Court  upheld  privacy as a  fundamental right . The legislative framework, which applies to personal data coll
We Are Being Held in Cyber Handcuffs

We Are Being Held in Cyber Handcuffs

Oct 09, 2012
Hello my Princes of Peace, Warriors of the Revolution, Princesses of the cause, I want you to take two minutes and watch this video: This video is the epitome of the ignorance and arrogance of governments all over the world in response to our cyber war revolution. As you will see, the power people all gathered to warn themselves and the world of the "threat" of the hackers gangs of teenagers running wild on the internet hacking into governments and threatening our safety. EXCUSE ME?? Just who is threatening who here? The most important thing I want you to know is that this type of whining is happening all over the world, and how it is translating is into cybercrime laws and in the case of the United States, Executive Orders that give the government and law enforcement the right to suppress and deny your right to public information, the right to free speech and the right to protest against the corruption and destruction of government secrecy and shenanigans. Why do you think they ha
UK government planning to ditch Microsoft for Open Source alternatives

UK government planning to ditch Microsoft for Open Source alternatives

Jan 31, 2014
Downfall in the monopoly of propriety software like Microsoft and Apple accelerated after the Snowden revelations of NSA spying, where technology giants like Microsoft, Google, Apple are sharing a bed with the NSA. The UK government is again planning to ditch Microsoft for Open Source and Free alternatives. Cabinet Office minister Francis Maude announced yesterday that they are move away from Microsoft Office, towards open source softwares like  OpenOffice & LibreOffice suites, in an effort to drive down costs and foster greater innovation. UK has spent about £200 million in the last three years for Microsoft's ubiquitous software suite, but now this migration will save large revenue of the kingdom, according to The Guardian . The cabinet Office minister said, " We know the best technology and digital ideas often come from small businesses, but too often in the past they were excluded from government work. In the civil service there was a sense that if you hired a
Fuck CISPA - Stop censoring Internet !

Fuck CISPA - Stop censoring Internet !

Apr 21, 2012
Fuck CISPA - Stop censoring Internet ! -  By:    Patti Galle, Executive Editor The Cyber Intelligence Sharing and Protection Act (CISPA) H.R. 3532 is a new bill being introduced in Congress that is gunning to blast the ongoing cyber attacks that have occurred since internet users figured out the keyboard could be an effective weapon. If passed through Congress, the bill would allow the government access to personal correspondence of any person of their choosing. Once again, we are being fucked by those nosey neighbors in our government. You should be very mad and very afraid because CISPA is far worse than SOPA and PIPA in its effects on the internet. The wording of this bill is mumbo jumbo, vague and broad. Reading through the nonsense, basically the act would allow Congress to circumvent existing exemptions to online privacy laws, and would allow the monitoring and censorship of any user of the internet. Peeping Toms will be wetting their pants. The real kicker (in our asses) is
Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

May 04, 2022
A  growing number of threat actors  are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links," Google Threat Analysis Group's (TAG) Billy Leonard  said  in a report. "Financially motivated and criminal actors are also using current events as a means for targeting users," Leonard added. One notable threat actor is Curious Gorge, which TAG has attributed to China People's Liberation Army Strategic Support Force (PLA SSF) and has been observed striking government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia. Attacks aimed at Russia have singled out several governmental entiti
Cybersecurity Resources