A Trojan SDK snuck past Google Play protections to infest 101 Android applications, bent on exfiltrating infected device data. Read More
Related Posts
Pentagon IT Service Provider Hacked: U.S. Government Secrets Exposed
Pentagon IT Service Provider Hacked: U.S. Government Secrets Exposed
Leidos Holdings Inc., one of the largest IT services providers to the U.S. government, experienced a significant cybersecurity breach. Hackers leaked internal documents, raising concerns about the security of sensitive government data managed by third-party contractors.
Leidos, known for its extensive work with the Pentagon and other federal agencies, was the largest federal IT contractor in the 2022 fiscal year, with $3.98 billion in contract obligations.
The company’s clients include the Defense Department, the Department of Homeland Security, NASA, other U.S. and foreign agencies, and commercial businesses. Contracts with the U.S. government constitute 87% of Leidos’ revenue.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
The leaked documents are believed to have been stolen as part of two breaches of Diligent Corp. in 2022, a platform Leidos used. The nature and sensitivity of the stolen documents remain unclear, but the leak underscores vulnerabilities in the cybersecurity frameworks of companies handling critical government information.
Leaked documents were found on a cybercrime forum. Bloomberg News reviewed some of the files but couldn’t verify their authenticity due to obscured details. The exact content and nature of these documents have not been publicly disclosed.
According to Bloomberg News, Leidos recently became aware of the issue and is actively investigating the extent of the breach. The company has not yet made a public statement regarding the specifics of the leaked documents or the steps it is taking to mitigate the impact. Leidos has declined to comment on the stolen information.
The threat actor responsible for the breach has indicated plans to sell the data in two different types, further exacerbating concerns over the potential misuse of sensitive information. This incident has prompted a broader discussion on government contractors’ security measures and protocols.
The consequences of such data breaches are far-reaching, including financial losses, reputational damage, operational disruptions, and legal complications.
Cybersecurity experts warn that breaches like this can seriously damage consumer trust and make organizations face intense scrutiny from regulators and customers.
BREAKING: Hackers have breached the security of Leidos Holdings.
They are a major IT services provider for government agencies such as the Pentagon, Homeland Security, and NASA, and have leaked internal documents.
This breach has raised concerns about the security of… pic.twitter.com/St3Bis3kEl
— Larry (@LarryDJonesJr) July 23, 2024
Well isn’t this convenient.
Pentagon.
Homeland Security.
NSA.
What can these potentially reveal?
The P•d◇ph︎lë networks across the world that possess the blackmail honeypot that most public figures are under. All of the people at the top of these agencies… https://t.co/K7ftqezELm
— Ariel (@Prolotario1) July 23, 2024
Leidos, formed in 2013 and later acquiring Lockheed Martin Corp.’s information technology business, plays a crucial role in national security through its IT services and solutions.
The recent security breach has prompted the company to take immediate action to evaluate the extent of the damage and to strengthen its defenses against future attacks.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
The post Pentagon IT Service Provider Hacked: U.S. Government Secrets Exposed appeared first on Cyber Security News.
New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits
New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits
A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation.
Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader’s icon and name masquerades as the legitimate CherryTree note-taking application to dupe potential victims Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Spanish police make 34 arrests, dismantling cybercriminal gang that stole 4 million people’s data
Spanish police make 34 arrests, dismantling cybercriminal gang that stole 4 million people’s data
Spanish police have arrested 34 suspected members of a criminal gang that are alleged to have run a variety of scams to steal data from over four million people.
Law enforcement agents across the country took part in 16 searches that not only seized electronic equipment and computer databases, four expensive vehicles, and $80,000 Euros but also confiscated a baseball bat, a katana, and two firearms.
Read more in my article on the Hot for Security blog. Read More
Graham Cluley