menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Coinpedia

2M

read

419

img
dot

Image Credit: Coinpedia

Aura CEO Exposed for Unlicensed Crypto Money Laundering Scheme

  • Christopher Scanlon, CEO of Aurae Lifestyle and Club Swann, is accused of running an unlicensed money-remitting business.
  • Scanlon facilitated traditional and cryptocurrency transactions for wealthy clients without proper registration.
  • This case highlights the risks of unregistered crypto financial services and the need for stricter regulations.
  • Scanlon faces up to five years' imprisonment and fines for his alleged schemes.

Read Full Article

like

25 Likes

share

5 Shares

source image

Securityaffairs

2M

read

183

img
dot

Image Credit: Securityaffairs

Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement

  • Irish Data Protection Commission fined LinkedIn €310M for violating user privacy by using behavioral data analysis for targeted advertising.
  • The DPC’s inquiry was launched following an initial complaint to the French Data Protection Authority.
  • LinkedIn’s reliance on user consent was deemed insufficiently informed, and its interests were found to override user rights and freedoms.
  • The authority gave LinkedIn three months to ensure GDPR compliance, requiring clear, freely given, informed consent and fair, transparent data processing.

Read Full Article

like

11 Likes

share

2 Shares

source image

Bitcoinist

2M

read

344

img
dot

Image Credit: Bitcoinist

US Gov’t Loses $20 Million As Crypto Wallets Fall Victim To Major Hack

  • A crypto wallet owned by the US government has been hacked, resulting in a loss of $20 million worth of digital assets.
  • Arkham Intelligence tracked the movement of funds from the government-controlled wallet, which had been inactive for eight months, to another address linked to DEX traders and a MetaMask swapper.
  • The funds were eventually transferred to Binance, raising concerns about the security measures in place for government-controlled cryptocurrencies.
  • The incident is being investigated by US authorities, who are trying to determine the extent of the hack and track down the attackers.

Read Full Article

like

20 Likes

share

4 Shares

source image

Securityaffairs

2M

read

303

img
dot

Image Credit: Securityaffairs

Change Healthcare data breach impacted over 100 million people

  • The Change Healthcare data breach in February 2024 impacted over 100 million people, making it the largest-ever healthcare data breach in the US.
  • UnitedHealth Group confirmed that the cyber attack disrupted IT operations of Change Healthcare, affecting more than 100 applications and impacting thousands of pharmacies and healthcare providers.
  • Compromised data in the breach includes names, addresses, dates of birth, phone numbers, Social Security numbers, medical records, and more.
  • The Alphv/BlackCat ransomware gang claimed responsibility for the attack, with reports suggesting that UnitedHealth paid a $22 million ransom.

Read Full Article

like

18 Likes

share

4 Shares

source image

Hackingblogs

2M

read

275

img
dot

Image Credit: Hackingblogs

Apple Will Pay Up To $ 1 Million To Anyone Who Hacks there Private AI Cloud

  • Apple will pay up to $1 million to security experts for identifying flaws in its private AI cloud.
  • Researchers can receive up to $250,000 for privately reporting flaws that compromise user data.
  • Apple announced the Virtual Research Environment to allow analysis of its private cloud compute.
  • Source code for certain components of Private Cloud Compute will be made public.

Read Full Article

like

16 Likes

share

3 Shares

source image

Cryptopotato

2M

read

390

img
dot

Image Credit: Cryptopotato

Suspected Hacker Steals $20M in Crypto From US Government Bitfinex Wallet: Data

  • A suspected hacker has stolen $20 million in cryptocurrency from the US government Bitfinex wallet, raising concerns about a potential theft.
  • The funds were moved from the government-controlled Bitfinex Hack Wallet, which held part of the funds recovered from a 2016 attack on the Bitfinex crypto exchange.
  • Blockchain security firm Arkham Intelligence flagged the suspicious activity, initially blaming government authorities for the fund movements.
  • The alleged thief transferred the stolen funds to instant exchanges, and most blockchain security analysts deem the transfers as suspicious.

Read Full Article

like

23 Likes

share

5 Shares

source image

Securityaffairs

2M

read

275

img
dot

Image Credit: Securityaffairs

OnePoint Patient Care data breach impacted 795916 individuals

  • US hospice pharmacy OnePoint Patient Care experienced a data breach that impacted approximately 800,000 individuals.
  • The breach resulted in the exposure of personal information, including names, residence info, medical records, and Social Security numbers.
  • OnePoint Patient Care detected suspicious network activity on August 8, 2024, prompting an internal investigation and engagement of a forensic security firm.
  • The breach was attributed to the INC RANSOM ransomware group, which leaked stolen data after the company refused to pay the ransom.

Read Full Article

like

16 Likes

share

3 Shares

source image

Securityaffairs

2M

read

335

img
dot

Image Credit: Securityaffairs

From Risk Assessment to Action: Improving Your DLP Response

  • Data loss prevention (DLP) is an essential part of a cybersecurity strategy that helps in identifying, evaluating, and mitigating risks related to data loss or unauthorized access. DLP risk assessments work towards detecting and protecting sensitive information including personally identifiable information (PII), intellectual property, and financial data. It helps in identifying potential vulnerabilities, mapping data flows, reviewing security policies, and enhancing DLP strategies, such as updating DLP tools, refining data classification rules. These assessments ensure compliance with several data protection regulatory standards like GDPR, HIPAA, and PCI DSS. The key takeaway is that DLP risk assessments are crucial, but they mean nothing unless implemented properly and conducted regularly.
  • Risk assessments for each organization will slightly differ based on organizational needs and differences in IT infrastructures. IT teams and data protection officers should conduct a planned, methodical approach based on eight steps. The first essential step is the identification and classification of data based on its sensitivity and regulatory requirements, followed by the evaluation of existing DLP tools and assessing data flows. Another crucial stage is ensuring your security policies align with regulatory requirements and establish best practices for data protection.
  • By simulating attacks like phishing attempts, malware infections, and unauthorized data transfers, organizations can evaluate the effectiveness of their DLP solutions and incident response plans. Regularly conducting assessments, monitoring data flows and security measures are equally crucial. The gist is a DLP risk assessment is only useful when implemented correctly and conducted routinely to ensure continuous protection.
  • According to Josh Breaker-Rolfe, DLP is key in cybersecurity due to the continuous refinement required for effective cybersecurity because of cyber criminals' adaptation to evolving and sophisticated tactics. Organizations must conduct DLP risk assessments and identify the types of data that need protection, the threats they face, and the necessary measures to safeguard them.
  • These assessments can help safeguard against cyberattacks and inadvertent data exposure, comply with data protection regulations and enhance data protection strategies such as updating DLP tools, refining data classification rules, streamlining communication channels, or implementing employee awareness training programs.
  • It is crucial to set up a regular DLP risk assessment timeline, including all stages to ensure comprehensive protection from a variety of cyber threats. Failure to do so could result in legal and financial consequences. In summary, DLP risk assessments are a continuous process that helps you keep pace with changing IT environments and ever-evolving cybercriminal tactics.
  • Josh Breaker-Rolfe holds a degree in Journalism and has a background in cybersecurity PR. He is a Content writer at Bora and has written on a wide range of topics, from AI to zero trust and particularly interested in the impact of cybersecurity on the wider economy.

Read Full Article

like

20 Likes

share

4 Shares

source image

Securityaffairs

2M

read

87

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

  • U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog.
  • CISA added CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability and CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability to the KEV catalog.
  • Cisco addressed multiple vulnerabilities in ASA, FMC, and FTD products, including the actively exploited CVE-2024-20481, which causes a denial of service.
  • RoundCube Webmail vulnerability CVE-2024-37383 was actively exploited in phishing campaigns aimed at stealing user credentials.

Read Full Article

like

5 Likes

share

1 Share

source image

Medium

2M

read

41

img
dot

Image Credit: Medium

The Dark Side of AI: How Data Poisoning Jeopardizes Technology and Society

  • Data poisoning occurs when attackers inject malicious data into the training datasets of AI models, compromising their learning process.
  • This can lead to skewed outputs, decreased accuracy, and even system failure.
  • The rise of generative AI technologies has increased concerns about data poisoning, posing threats to the reliability and safety of AI applications.
  • Efforts to combat data poisoning include implementing robust training protocols, continuous monitoring, and enhanced security measures to protect AI systems.

Read Full Article

like

2 Likes

share

Share

source image

Securityaffairs

2M

read

413

img
dot

Image Credit: Securityaffairs

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

  • On the second day of Pwn2Own Ireland 2024, researchers demonstrated an exploit for the Samsung Galaxy S24.
  • Hackers demonstrated attacks against 51 zero-day vulnerabilities, earning a total of $358,625.
  • The total payout at the event organized by Trend Micro’s Zero Day Initiative is nearly $850,000.
  • Ken Gannon of NCC Group earned $50,000 and 5 Master of Pwn points by chaining five vulnerabilities to hack a Samsung Galaxy S24 device.

Read Full Article

like

24 Likes

share

5 Shares

source image

Hackingblogs

2M

read

33

img
dot

Image Credit: Hackingblogs

Samsung Galaxy S24 , Cannon, HP and Sonos Era Were Hacked In Pwn2Own Ireland

  • Samsung Galaxy S24 was hacked by Ken Gannon, earning $50,000 and 5 Master of Pwn points.
  • Sonos Era 300 was hacked by dungdm from Viettel Cyber Security, earning $30,000 and 6 Master of Pwn points.
  • Canon imageCLASS MF656Cdw printer was hacked by ExLuck and Pham Tuan Son, earning $10,000 and 2 Master of Pwn points.
  • Pwn2Own Ireland 2024 witnessed successful exploits on phones, cameras, printers, and smart speakers.

Read Full Article

like

1 Like

share

Share

source image

Securityaffairs

2M

read

386

img
dot

Image Credit: Securityaffairs

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

  • The recently disclosed Fortinet FortiManager flaw, known as FortiJump (CVE-2024-47575), has been exploited in zero-day attacks since June 2024.
  • Over 50 servers have been impacted by these attacks, according to a report by Mandiant.
  • The vulnerability allows an attacker to execute arbitrary code or commands through specially crafted requests, due to a missing authentication issue in FortiManager and FortiManager Cloud versions.
  • Attackers have automated the exfiltration of files containing IPs, credentials, and configurations of managed devices from FortiManager.

Read Full Article

like

23 Likes

share

5 Shares

source image

Hackersking

2M

read

397

img
dot

Image Credit: Hackersking

Are Cybersecurity Bootcamps Worth It?

  • Cybersecurity boot camps offer a quick and focused way to enter the field.
  • Advantages include fast-track learning, practical experience, expert instructors, networking opportunities, and job placement support.
  • Disadvantages include cost considerations, variation in quality, limited curriculum depth, and a competitive job market.
  • Choosing a cybersecurity boot camp requires considering career goals, learning preferences, and financial investment.

Read Full Article

like

23 Likes

share

5 Shares

source image

TheNewsCrypto

2M

read

354

img
dot

Image Credit: TheNewsCrypto

Radiant Capital Hackers Bridge $52M to Ethereum After Exploit

  • Hackers behind the Radiant Capital exploit have successfully bridged nearly $52 million worth of stolen funds from Arbitrum and BNB Chain to Ethereum.
  • The exploit involved advanced malware injections that compromised devices of reputable contributors, allowing attackers to validate malicious transactions and drain funds.
  • Blockchain security firms detected the suspicious activity and confirmed losses of $52 million across multiple tokens.
  • This incident highlights the ongoing security challenges faced by decentralized finance protocols and raises concerns about the vulnerabilities of cross-chain DeFi platforms.

Read Full Article

like

21 Likes

share

4 Shares

Prev

20
21
22
23
24
25
26
27
28

Next

For uninterrupted reading, download the app