Search results for investigation | Breaking Cybersecurity News | The Hacker News

Facebook has been fined £500,000 ($664,000) in the U.K. after the country's data protection watchdog concluded that its data-sharing scandal broke the law, making it as the social network's first fine over the Cambridge Analytica scandal . Yes, £500,000—that's the maximum fine allowed by the UK's Data Protection Act 1998, and equals to what Facebook earns every 8 minutes. Facebook has been under scrutiny since earlier this year when it was revealed that personal data of 87 million users was improperly gathered and misused by political consultancy firm Cambridge Analytica, who reportedly helped Donald Trump win the US presidency in 2016. According to the social media giant, a Cambridge University lecturer named Aleksandr Kogan collected the users' data legitimately through a quiz app but then violated its terms by sharing the data with Cambridge Analytica, which was then hired by the Trump presidential campaign. The UK's Information Commissioner's...

Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges that were built by top researchers and analysts. The challenge is available on https://incident-response-challenge.com/ and is open to anyone willing to test his or her investigation skills, between April 21st and May 15th. What's more interesting is that there's a USD 5000 prize for the first-place winner of the challenge. Forensic investigation is at the core of any IR processes and provides the critical path from the initial stage of suspicion or limited attack view to the concrete and actionable knowledge on the attack's root cause and the impact that is essential for recovery and restore operations. The challenge of the incident responder is to identify and collect the scattered traces the attackers have left them and connect the dots to understand the how, what, and where of the atta...

An Olympia-area man has been arrested in what the Thurston County Sheriff’s Office says is the largest identity-theft case in the county’s history. More than 1,000 victims statewide had their driver’s licenses, credit cards and Social Security numbers stolen, according to the Sheriff’s Office. Detectives served a search warrant at a Johnson Point Road home Thursday morning and arrested Anthony Eugene Vaughn, 30, on suspicion of 1,000 counts of second-degree identity theft and two counts of first-degree identity theft. During a hearing Friday, Thurston County Superior Court Judge Lisa Sutton ordered Vaughn held at the Thurston County Jail with bail set at $500,000. The case remained under investigation, and more arrests might be coming, sheriff’s Sgt. Jim Dunn said Friday. Detectives think Vaughn had accomplices who stole identification documents during car prowls and residential burglaries and that he used the documents to open fraudulent bank accounts in the victims’ names. He t...

The National Security Agency has been called in to help investigate recent hack attacks against the company that runs the Nasdaq stock market, according to a news report. The agency’s precise role in the investigation hasn’t been disclosed, but its involvement suggests the October 2010 attacks may have been more severe than Nasdaq OMX Group has admitted, or it could have involved a nation-state, according to sources that spoke with Businessweek. “By bringing in the NSA, that means they think they’re either dealing with a state-sponsored attack or it’s an extraordinarily capable criminal organization,” Joel Brenner, former head of U.S. counterintelligence in the Bush and Obama administrations, told the publication. He added that the agency rarely gets involved in investigations of company breaches. Last year, the NSA was called in by Google to help the company secure its network after it was targeted in a sophisticated attack. Regarding the Nasdaq breach, in addition to the Secr...

Pakistan’s Federal Investigation Agency (FIA) has arrested a Pakistani Hacker allegedly involved in hacking into a telecom company and uploading their database on his website. With the help of the National Response Center for Cyber Crime (NR3C) of Pakistan’s Federal Investigation Agency, the local authorities were able to trace and arrest the hacker suspected of infiltrating into the systems of Warid Telecom, an Abu-Dhabi-based telecoms company that provides services in Congo, Pakistan and Uganda. The suspect, Mubashar Shahzad , a resident of Kasur, is believed to have downloaded Warid Telecom’s customer information from the company’s databases and exposed it online, which was published on earlysms.com , a site hosted with HosterPK . Investigation started after one of the senior manager of a cellular company filed a complaint saying the ‘ information of its consumers till 2006 had been exposed over the internet. ’ “ A technical/forensic analysis found that the...

Global e-commerce business PayPal has disclosed a data breach that may have compromised personally identifiable information for roughly 1.6 million customers at a payment processing company PayPal acquired earlier this year. PayPal Holdings Inc. said Friday that a review of its recently acquired company TIO Networks showed evidence of unauthorized access to the company's network, including some confidential parts where the personal information of TIO's customers and customers of TIO billers stored. Acquired by PayPal for US$233 Million in July 2017, TIO Network is a cloud-based multi-channel bill payment processor and receivables management provider that serves the largest telecom, wireless, cable and utility bill issuers in North America. PayPal did not clear when or how the data breach incident took place, neither it revealed details about the types of information being stolen by the hackers, but the company did confirm that its platform and systems were not affecte...

In the past, the autonomous breach protection company Cynet announced that it is making Cynet 360 threat detection and response platform available at no charge for IR (incident response) service providers and consultants. Today Cynet takes another step and announces a $500 grant for Incident Responders for each IR engagement in which Cynet 360 was used, with an additional $1,000 grant if the customer if the customer purchases an annual Cynet 360 subscription after the IR process is concluded. Learn about this new offering here . Incident response investigations come in a thousand different variations, but most can be broken down into two main parts. The first is discovering the few suspicious machines, user accounts, and network connections out of the mass activities within the attacked environment. The second part follows these discoveries and involves a surgical-like collection and analysis of forensic artifacts to refute or validate the suspicion and if validated to disclo...

A suspect hacker ' Shih ' was arrested by Taiwan Criminal Investigation Bureau (CIB)  last week for hacking into a popular local classic music website. The police raided the apartment of the suspect and seized his computer. The investigation was launched by the bureau after it received a report from the website's operator who said its site was hacked in March. During initial investigations, Shih confessed to the police that he hacked into the website's customer database and made unauthorized changes to customer data. Shih also confessed that he has used a hacking technique called SQL injection to attack the website's database . SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application. The  Criminal Investi...

Chinese hackers associated with the Chinese government have successfully infiltrated the computer systems of U.S. defense contractors working with the government agency responsible for the transportation of military troops and goods across the globe, a Senate investigators have found. The Senate Armed Services Committee has been investigating the issue for the past year and found that the U.S. Military's Transportation Command (TRANSCOM) has been infiltrated at least 20 times in a single year, out of which only two were detected. This is probably the most serious allegation yet against China. The successful intrusions attributed to an “advanced persistent threat,” a term used to designate sophisticated threats commonly associated with governments. All of those intrusions were attributed to China, the report stated. The investigation was conducted in the 12 months period from June 2012 to June 2013 based on information provided by the Federal Bureau of Investigat...

The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the  latest research  from SentinelOne. The findings come a day after the U.S. telecom company  disclosed  that it was the target of a multifaceted and deliberate" cyberattack against its KA-SAT network, linking it to a "ground-based network intrusion by an attacker exploiting a misconfiguration in a VPN appliance to gain remote access to the trusted management segment of the KA-SAT network." Upon gaining access, the adversary issued "destructive commands" on tens of thousands of modems belonging to the satellite broadband service that "overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable." But SentinelOne said it uncovered a new piece of malware (...

Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage.  The root cause of slow MTTR is almost never "not enough analysts." It is almost always the same structural problem: threat intelligence that exists outside the workflow. Feeds that require manual lookup. Reports that live in a shared drive. Enrichment that happens in a separate tab. Every handoff costs minutes; over the course of a workday, those minutes become hours. Mature SOCs have collapsed those handoffs. Their intelligence is embedded in the workflow itself at the exact moment a decision needs to be made. Below are the five places where separation matters most. 1. Detection: Catching Threats Before They Become Incidents In many SOCs, detection begins only when an alert fires. By that point, the attacker may already have a foothol...

A new sensational discovered has been announced by Kaspersky Lab’s Global Research & Analysis Team result of an investigation after several attacks hit computer networks of various international diplomatic service agencies. A new large scale cyber-espionage operation has been discovered, named Red October , name inspired by famous novel The Hunt For The Red October (ROCRA) and chosen because the investigation started last October. The campaign hit hundreds of machines belonging to following categories: Government Diplomatic / embassies Research institutions Trade and commerce Nuclear / energy research Oil and gas companies Aerospace Military The attackers have targeted various devices such as enterprise network equipment and mobile devices (Windows Mobile, iPhone, Nokia), hijacking files from removable disk drives, stealing e-mail databases from local Outlook storage or remote POP/IMAP server and siphoning files from local network FTP servers. Accordin...

In Brief For the second time in past five months, a Brazil court ordered local telecommunications companies to block the popular messaging app WhatsApp for 72 hours, afterFacebook-owned WhatsApp company refused to hand over information requested in a drug trafficking investigation. The WhatsApp's shutdown is affecting more than 100 million users throughout the country. Moreover, if Brazilian telecommunications companies do not comply, they could face a fine of $143,000 per day. Brazil just blocked its roughly 100 Million citizens from using WhatsApp, the popular messaging service owned by Facebook, for 72 hours (3 days). A Brazilian Judge ordered the blackout after WhatsApp failed to comply with a court order asking the company to help a branch of civil police access WhatsApp data tied to a criminal investigation. This is for the second time in last five months when a Brazil court ordered local telecommunications companies to block access to the popular messaging servi...

Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange. The discovery was made after the breach was notified by Microsoft, the London-based company  said in an alert  posted on its website, adding it's reached out to the impacted organizations to remediate the issue. The company didn't elaborate on what type of certificate was compromised, but Mimecast offers  seven different digital certificates  based on the geographical location that must be uploaded to M365 to create a server Connection in Mimecast. "Approximately 10 percent of our customers use this connection," the company said. "Of those that do, there are indications that a low single digit number of our customers' M365 tenants were targeted." Mimecast is a cloud-based email management service for Microsoft Exchange and Microsoft Office 365...

In April 2020, Cynet launched the world's first Incident Response Challenge to test and reward the skills of Incident Response professionals. The Challenge consisted of 25 incidents, in increasing difficulty, all inspired by real-life scenarios that required participants to go beyond the textbook solution and think outside of the box. Over 2,500 IR professionals competed to be recognized as the top incident responders. Now that the competition is over (however, the challenge website is still open for anyone who wants to practice solving the challenges), Cynet makes the detailed solutions available as a free resource for knowledge and inspiration. Providing the thought process and detailed steps to solve each of the challenges will serve as a training aid and knowledge base for incident responders. The Fine Art of Forensic Investigation The core of any IR processes is the forensic investigation. It uncovers the critical path from the initial stage of suspicion or l...

The Georgia Institute of Technology, well known as Georgia Tech, has confirmed a data breach that has exposed personal information of 1.3 million current and former faculty members, students, staff and student applicants. In a brief note published Tuesday, Georgia Tech says an unknown outside entity gained "unauthorized access" to its web application and accessed the University’s central database by exploiting a vulnerability in the web app. Georgia Tech traced the first unauthorized access to its system to December 14, 2018, though it's unclear how long the unknown attacker(s) had access to the university database containing sensitive students and staff information. The database contained names, addresses, social security numbers, internal identification numbers, and date of birth of current and former students, faculty and staff, and student applicants. However, the University has launched a forensic investigation to determine the full extent of the breach. ...

Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users . The fine has been imposed by the UK's Information Commissioner's Office ( ICO ) and was calculated using the UK's old Data Protection Act 1998 which can levy a maximum penalty of £500,000 — ironically that’s equals to the amount Facebook earns every 18 minutes. The news does not come as a surprise as the U.K.'s data privacy watchdog already notified the social network giant in July this year that the commission was intended to issue the maximum fine. For those unaware, Facebook has been under scrutiny since earlier this year when it was revealed that the personal data of 87 million users was improperly gathered and misused by political consultancy firm Cambridge Analytica , who reportedly helped Donald Trump win the US presidency in 2016. The ICO, who launched an investigation...

Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consuming, and high-stakes, leaving SOCs under constant pressure to keep up, yet often struggling to stay ahead of emerging threats. That combination of inefficiency, elevated risk, and a reactive operating model is exactly where AI-powered SOC capabilities are starting to make a difference. Why AI SOC is gaining traction now The recent Gartner Hype Cycle for Security Operations 2025 (download a complimentary copy ) recognizes AI SOC Agents as an innovation trigger, reflecting a broader shift in how teams approach automation. Instead of relying solely on static playbooks or manual investigation workflows, AI SOC capabilities bring reasoning, adaptability, and context-aware decision-making into the mix. SOC teams r...

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Early phishing detection closes that gap. It helps teams move from uncertainty to evidence faster, reduce response delays, and stop one missed link from turning into account exposure, remote access, or operational disruption. Why Phishing Creates Bigger Risk for Security Leaders Now Phishing has become harder to manage because it no longer creates one clear, easy-to-contain event. A single click can turn into identity exposure, remote access, data access, or a wider investigation before the team has a clear picture. What makes it a bigger concern now: Puts identity at the center of the attack: Stolen credentials can expose email, SaaS apps, cloud platforms, and internal systems. Weak...

Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo's LexiCom, VLTransfer, and Harmony software, concerns a case of unauthenticated remote code execution. The security hole is tracked as CVE-2024-50623 (CVSS score: 9.8), with Cleo noting that the flaw is the result of an unrestricted file upload that could pave the way for the execution of arbitrary code. The Illinois-based company, which has over 4,200 customers across the world, has since issued another advisory (CVE-2024-55956), warning of a separate "unauthenticated malicious hosts vulnerability that could lead to remote code execution." The development comes after Huntress said the pat...