Google Play announces a new chapter and evolution: AI, gaming, rewards and more

0
[ad_1]

Sam Bright, VP & GM of Google Play, briefing the media on the new Google Play features | Photo Credit — Stephen Bondio for Google

Enhanced discovery and personalized recommendations

Google Play is going all in on AI and is leveraging it to simplify app discovery. As such, Google Play will now include AI-generated app reviews and FAQs which offer concise summaries of user feedback and frequently asked questions. Additionally, a new AI-powered feature helps users compare apps in similar categories, streamlining decision-making.

Google Play’s multi-select interest filters | Image credit — Google

Personalized recommendations are a key focus. To address this, Google has introduced multi-select interest filters allows users to manually specify their preferences, ensuring more relevant game suggestions based on individual gaming interests.


Curated spaces and comics in Japan

Curated spaces in Google Play cater to specific interests, offering a centralized hub for content exploration. Following a pilot for cricket enthusiasts in India, Google Play has partnered with Japanese comic publishers to launch a dedicated space for comics in Japan. Users can access comics-related content, including free previews, events, trailers, and reviews, all in one place.

Sample of “Chainsaw Man” manga in Google Play | Image credit — Google

Unfortunately, this experience is currently only available in Japan and in Japanese. During the briefing, the question came up several times on whether this would eventually expand to other regions. However, Google had no further information to share on that at this time. Hopefully, this is something that can be made possible in the future.

Enhanced gaming experience

Play Pass, Google’s subscription service, provides access to over 1,000 games and apps without ads or in-app purchases. However, Play Pass will now expand its offerings by including new deals in Asphalt Legends Unite, Call of Duty: Mobile, Candy Crush Saga, and the upcoming addition of Kingdom Rush 5: Alliance. New subscribers in select regions will be able to enjoy a significant discount for their first three months.

However, the highlight of the changes across gaming is the expansion of Google Play Games on PC, which will now allow users to enjoy mobile games on multiple devices seamlessly.

Multiscreen and multi-game experience on Google Play Games | Images credit — Google

These changes will allow you to start a game on your mobile device, and then seamlessly switch it over to your PC if you wanted. The upcoming multi-game capabilities will enable PC gamers to play multiple titles simultaneously, enhancing the overall gaming experience.


Rewarding loyalty

Google Play Points, one of the world’s largest rewards programs, is stepping up its offerings. Super Weekly Prizes will give Diamond, Platinum, and Gold members a chance to win enticing prizes like Pixel devices, Razer gaming products, and merchandise. The program also offers exclusive experiences, such as a recent Pokémon GO Fest event and an upcoming Marvel Games event at San Diego Comic-Con.

Google Play super weekly prizes can get you some very nice new tech | Images credit — PhoneArena

Personalized content and privacy controls

The new Collections experience in the U.S. will curate relevant content from various apps directly on the home screen. Automatically organized categories like Shop, Watch, and Listen simplify content discovery and resumption.

Google Play’s personalized content into categories | Images credit — Google

Google Play prioritizes transparency and control, so users can now manage their app data preferences through “Personalization in Play,” ensuring a tailored experience while respecting privacy choices.

With these new features and enhancements, Google Play is striving to become a more engaging and personalized platform, helping users discover, enjoy, and get rewarded for their favorite apps, games, and content.

[ad_2]
Source link

Google Chrome 127 Released with a fix for 24 Security Vulnerabilities

0
[ad_1]

Google has unveiled the latest version of its Chrome browser, Chrome 127, which is now available on the Stable channel.

The update, identified as version 127.0.6533.72/73 for Windows and Mac, and 127.0.6533.72 for Linux, will be rolled out over the coming days and weeks.

This release addresses 24 security vulnerabilities, enhancing the browser’s security and stability. This update includes numerous security fixes as part of Google’s commitment to user safety.

According to Google reports, external researchers were rewarded for contributing several of these fixes.

Access to bug details and links may be temporarily restricted until most users have updated their browsers. This precaution ensures that vulnerabilities are not exploited before users are protected.

High Severity Vulnerabilities

  1. CVE-2024-6988: Use after free in Downloads, reported by lime(@limeSec_) from TIANGONG Team of Legends at QI-ANXIN Group, rewarded $11,000.
  2. CVE-2024-6989: Use after free in Loader, reported by Anonymous, rewarded $8,000.
  3. CVE-2024-6991: Use after free in Dawn, reported by wgslfuzz.
  4. CVE-2024-6992: Out-of-bounds memory access in ANGLE, reported by Xiantong Hou of Wuheng Lab and Pisanbao.
  5. CVE-2024-6993: Inappropriate implementation in Canvas, reported by Anonymous.

Medium Severity Vulnerabilities

  1. CVE-2024-6994: Huang Xilin of Ant Group Light-Year Security Lab reported heap buffer overflow in Layout, rewarded $8,000.
  2. CVE-2024-6995: Inappropriate implementation in Fullscreen, reported by Alesandro Ortiz, rewarded $6,000.
  3. CVE-2024-6996: Race in Frames, reported by Louis Jannett (Ruhr University Bochum), rewarded $5,000.
  4. CVE-2024-6997: Use after free in Tabs, reported by Sven Dysthe (@svn-dys), rewarded $3,000.
  5. CVE-2024-6998: Use after free in User Education, reported by Sven Dysthe (@svn-dys), rewarded $2,000.
  6. CVE-2024-6999: Inappropriate implementation in FedCM, reported by Alesandro Ortiz, rewarded $2,000.
  7. CVE-2024-7000: Use after free in CSS, reported by Anonymous, rewarded $500.
  8. CVE-2024-7001: Inappropriate implementation in HTML, reported by Jake Archibald.

Low Severity Vulnerabilities

  1. CVE-2024-7003: Inappropriate implementation in FedCM, reported by Alesandro Ortiz, rewarded $2,000.
  2. CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing, reported by Anonymous.
  3. CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing, reported by Umar Farooq.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Google also acknowledged the efforts of security researchers who collaborated during the development cycle to prevent security bugs from reaching the stable channel.

Many security bugs were detected using advanced tools such as AddressSanitizer, MemorySanitizer, and libFuzzer.

For users interested in switching release channels or reporting new issues, Google provides resources and a community help forum.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo


[ad_2]
Source link

Best Samsung Galaxy Z Fold 6 Deals

0
[ad_1]

The Samsung Galaxy Z Fold 6 is finally out, and the pre-order period is over. This does mean that a lot of those great promos that were going on are now over. However, Samsung and the carriers are still offering some pretty sweet deals to get you a new foldable.

In this article, we are rounding up the very best deals on the Galaxy Z Fold 6, and we will be updating this quite frequently so you can get the best deals on Samsung’s latest foldables. Who doesn’t want to save money?

The Galaxy Z Fold 6 is a pretty impressive smartphone to be quite honest. Despite its $100 price increase this year, Samsung has made it more durable, reduced the crease, reduced the size of the hinge, and improved screen brightness, among a few other changes. Of course, durability is probably the most important part here, as it now has dust resistance at IP48. The Galaxy Z Fold 5 was IPX8, which means it had no dust resistance.

At $1,899, this is a pretty expensive phone. However, you can get it for far less than that. Check out the latest Galaxy Z Fold 6 deals down below.


[ad_2]
Source link

Huawei Mate 70 reportedly delayed; HarmonyOS NEXT to blame

0
[ad_1]

A new report claims that the launch of the Huawei Mate 70 series has been delayed. The company was expected to announce these devices in October. However, it seems that we will have to wait a little longer, and the reason would be HarmonyOS NEXT.

HarmonyOS NEXT is Huawei’s next big move in the mobile software segment. Unlike the current HarmonyOS, NEXT gets rid of APK support. This means that it is not compatible with Android apps, completely betting on its own software ecosystem.

Huawei Mate 70 series’ HarmonyOS NEXT needs more development time

The Huawei Mate 70 series is expected to bring the first devices with HarmonyOS NEXT pre-installed. However, it seems that this is exactly the reason for the possible delay in the launch. According to RODENT950 on X/Twitter and Digital Chat Station on Weibo, Harmony OS 5 (NEXT) “needs more development time.” So, Huawei would still have work to do to get the new OS ready.

According to the report, the brand’s new mobile flagships will arrive in mid-to-late Q4 of 2024. In any case, the launch expected for October already fell in that time range. Therefore, the Huawei Mate 70 series could have been delayed until November-December.

Until now, no news had emerged about potential problems in the development of HarmonyOS NEXT. However, it is already an important milestone to have developed a completely new OS in just a few years. The original HarmonyOS with AOSP core was born out of Huawei’s need to gradually disengage from North American technology after trade restrictions were set in 2019.

Huawei pushing forward its own software ecosystem

Currently, HarmonyOS NEXT is estimated to have 4,000 native apps. Huawei hopes to raise this figure to 500,000 in the coming years. Regarding the Mate 70 series, the leaks have revealed some important improvements in key sections. The devices are said to bring a solvent Kirin 9100 chip, a curved LTPO OLED display (1.5K), and an OmniVision OV50K main camera (1-inch) with variable aperture.

Lastly, Huawei seems to have suffered problems in manufacturing the new flagship Kirin chip. Initially, it was expected to use SMIC’s 5nm process. However, SMIC wafers were not up to par, resulting in low-yield rates, so the Kirin 9100 would resort to the 7nm process. That said, they would apply the N+3 variant for production, so the transistor density will be higher than that of other 7nm Kirin chips (like the 9010 of the Huawei Pura 70 series).


[ad_2]
Source link

Meta presents open-source Llama 3.1, Zuckerberg draws parallels with the Linux revolution

0
[ad_1]
Meta, Mark Zuckerberg’s conglomerate, has announced Llama 3.1 405B (“the first frontier-level open source AI model”) and parallels have been drawn with the Linux revolution.


– Meta blog, July 23, 2024


Llama 3.1 405B is “the first openly available model that rivals the top AI models” when it comes to state-of-the-art capabilities in general knowledge, steerability, math, tool use, and multilingual translation, Meta claims.With the release of the 405B model, Zuck’s team is promising to “supercharge innovation”.

As part of this latest release, Meta also introduced upgraded versions of the previous Llama 8B and 70B parameter sizes. “This enables our latest models to support advanced use cases, such as long-form text summarization, multilingual conversational agents, and coding assistants”, the article reads.

The team claims they’ve evaluated performance on over 150 benchmark datasets encompassing a wide range of languages. Additionally, extensive human evaluations were conducted to compare Llama 3.1 with competing models in real-world scenarios. The experimental evaluation suggests that the new flagship model is competitive with leading foundation models, including GPT-4, GPT-4o, and Claude 3.5 Sonnet, across various tasks.

Mark Zuckerberg: Open Source AI Is the Path Forward


In addition to the announcement, there’s an open letter from Mark Zuckerberg that’s titled: “Open Source AI Is the Path Forward“.He takes the long way around and brings us back to the early days of high-performance computing: that’s when major tech companies “invested heavily in developing their own closed source versions of Unix”. Unix is a family of multitasking, multi-user computer operating systems.

Then, Zuck argues, Linux emerged as a game-changer due to its open source nature, allowing extensive customization, affordability, and ecosystem growth.

A game changer, if you will!

That’s why open source AI, (as Meta’s new Llama model), will follow a similar trajectory of rapid advancement and adoption, Meta’s CEO argues.

– Mark Zuckerberg, July 23, 2024


His point is that the importance of open source for a positive AI future cannot be overstated. That’s because AI has, in theory, immense potential to boost human productivity, creativity, quality of life, and economic growth, while advancing medical and scientific research. Open source ensures broader access to AI benefits, prevents power from concentrating in a few companies.Safety concerns fall into two categories: unintentional harm, where AI systems cause damage without intending to, and intentional harm, where bad actors use AI maliciously. Most worries center on unintentional harm, which open source could, in theory, mitigate through transparency and widespread scrutiny.

When it comes to intentional harm, distinguishing between individual bad actors and resource-rich nation-states is crucial, Zuck argues and talks about “how the US and democratic nations should handle the threat of states with massive resources like China”.

– Mark Zuckerberg, July 23, 2024

What side are you on? Would you like to see more or less open source US AI models?


[ad_2]
Source link

Researchers Detail on How Defenders Eliminate Detection in AWS

0
[ad_1]

As enterprises increasingly migrate their workloads to cloud infrastructure, the need for robust security measures becomes more pressing.

Unlike traditional data centers, cloud environments offer business agility at a reduced cost, making them attractive targets for cybercriminals.

Defending cloud infrastructure, particularly within Amazon Web Services (AWS), is complex and requires a nuanced understanding of security controls and threat detection.

This article explores how defenders can address detection gaps in AWS environments by leveraging a combination of Mitigant Cloud Attack Emulation and the Sekoia Security Operations Center (SOC) Platform.

The integration of these tools demonstrates a Threat-Informed Defense strategy that enhances an organization’s ability to detect and respond to threats effectively.

Enterprises are increasingly adopting cloud infrastructure to benefit from its agility and cost-effectiveness. However, this shift has not gone unnoticed by cybercriminals, who now target cloud workloads with sophisticated attacks.

Defending cloud environments is inherently more complex than on-premises infrastructure, necessitating a comprehensive approach to security.

The Sekoia report provides a use-case scenario demonstrating how defenders can address detection gaps in AWS environments by combining Mitigant Cloud Attack Emulation and the Sekoia SOC Platform.

It also discusses how organizations can adopt a Threat-Informed Defense strategy by integrating security measures, Cyber Threat Intelligence (CTI), and evaluation/testing.

This strategy enables organizations to detect and respond effectively to threats within their AWS infrastructure.

Threat Model

The threat model features Acme, a fictitious Fintech company hosting its banking system on AWS cloud infrastructure. John Doe, Acme’s Chief Information Security Officer (CISO), is concerned about the increasing threat Scattered Spider poses.

After attending an MITRE ATT&CK Workshop, John decides to implement a Threat-Informed Defense Strategy (TIDS) to enhance Acme’s cyber-resilience.

He incorporates the following cybersecurity products to align with TIDS:

  • Defensive Measures: Sekoia Defend is a leading SOC platform that provides threat detection and incident response capabilities.
  • Cyber Threat Intelligence: Sekoia Intelligence, a structured and actionable CTI service.
  • Testing & Evaluation: Mitigant Cloud Attack Emulation, a comprehensive cloud-native adversary emulation platform.

The Threat-Informed Defense Triad combines security measures, CTI, and security evaluation/testing to create a robust defense strategy.

Mitigant Cloud Attack Emulation implements several MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs) Scattered Spider uses.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

These attacks are orchestrated against Acme’s AWS environment to mimic Scattered Spider, and the Sekoia SOC Platform is used to detect these attacks.

Cloud Attack Phases and Detection

The threat scenario is emulated to illustrate real attacks, which are typically multi-step and captured via attack kill chains. The MITRE ATT&CK framework groups these attacks into Tactics and Techniques. The attacks against Acme are categorized as follows:

Initial Access

The attacker gains access to Acme’s corporate AWS account using stolen credentials obtained through phishing. Bob from Acme’s finance department receives a malicious email containing a link to a fake corporate website.

The user’s workstation logs this activity, and Sekoia.io’s Intelligence Feed rule detects suspicious IP access.

The “Serial Console Access” attack Implemented in Mitigant is a Common Technique Used By Scattered Spider.
The “Serial Console Access” attack Implemented in Mitigant is a Common Technique Used By Scattered Spider.

Execution

The attacker enables serial console access to EC2 instances, bypassing network security controls. This action is detected by the Sekoia.io rule “AWS CloudTrail EC2 Enable Serial Console Access.”

Insert image of AWS CloudTrail log showing serial console access here.
Insert image of AWS CloudTrail log showing serial console access here.

Persistence

The attacker creates new IAM users and backdoors existing IAM users, raising the “CreateAccessKey” and “CreateUser” events. Specific detection rules tailored to the environment can help identify these activities.

Privilege Escalation

The attacker weakens IAM password policies to facilitate further attacks, triggering the “UpdateAccountPasswordPolicy” event. The Sekoia.io rule “AWS CloudTrail IAM Password Policy Updated” monitors this event.

Insert image of IAM password policy update event here.
Insert image of IAM password policy update event here.

Defense Evasion

The attacker deletes VPC subnets and disables domain transfer locks to hide their activities. These actions are detected by the Sekoia.io rules “AWS CloudTrail EC2 Subnet Deleted” and “AWS CloudTrail Route 53 Domain Transfer Lock Disabled.”

Insert image of VPC subnet deletion and domain transfer lock disablement events here.
Insert image of VPC subnet deletion and domain transfer lock disablement events here.

Credential Access

The attacker compromises Lambda credentials, raising the “ListFunctions20150331” event. Due to their frequency, creating effective detection rules for these events can be challenging.

“Malicious Bucket Replication” Attack Launched from Mitigant Showing the Corresponding MITRE Tactic & Techniques
“Malicious Bucket Replication” Attack Launched from Mitigant Showing the Corresponding MITRE Tactic & Techniques

Collection

The attacker replicates S3 buckets and exfiltrates sensitive data, triggering the “PutBucketReplication” event. The Sekoia.io rule “AWS CloudTrail S3 Bucket Replication” detects this action.

Insert image of S3 bucket replication event here.
Insert image of S3 bucket replication event here.

The integration of CTI helps detect and contextualize attacks, providing a better understanding for further investigation. Alert fatigue is a significant challenge for SOC teams, and triaging rules by effort level can help manage this issue.

Sometimes, customers should create their own rules to reduce false positives. Attack emulation is essential for testing rules and ensuring comprehensive coverage. Context is crucial, and security teams must add context to reduce false positives.

Emulating attacks in the environment provides an excellent approach for deriving the precise context. As cloud infrastructure adoption increases, so do the associated security risks.

Security teams must adopt approaches that allow precise threat optimizations with minimal alert fatigue and false positives. A Threat-Informed Defense strategy provides a meaningful approach, aligning with real attacks.

This article presents an instructive scenario based on the Scattered Spider threat actor, offering valuable lessons for improving cloud security posture.

By adopting a Threat-Informed Defense strategy and leveraging tools like Mitigant Cloud Attack Emulation and the Sekoia SOC Platform, organizations can effectively eliminate detection gaps in AWS environments and safeguard their cloud infrastructure against sophisticated cyber threats.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo


[ad_2]
Source link

Facebook, Instagram feel the heat from the EU: an ad-free plan still shows ads

0
[ad_1]

If paying for an ad-free experience makes you squirm, imagine how you’d feel if you still see some ads even after paying for the said “ad-free experience”.

This isn’t funny to EU watchdogs and Meta’s “consent or pay” policy is causing ongoing tensions. The European Data Protection Board (EDPB) previously recommended that Meta offer users more choices, but the company’s paid “ad-free” tier is now under investigation and could face sanctions.

In some regions on the Old Continent, Meta provides a paid option for users who prefer not to see targeted ads based on their activity. So far, so good. This tier was created to align with EU privacy regulations, but it still offers limited choices, requiring users to either pay or leave the service.

However, this doesn’t fly with the EU, as the block regulators remain unsatisfied. They want to see more free options without activity tracking. If Meta is found in violation, it could face penalties up to 10% of its annual gross revenue.

What’s more, the Consumer Protection Cooperation (CPC) network has also launched a separate investigation, sending a letter to Meta about potential legal violations.

The letter points out that while Meta’s terms suggest no ads with the paid tier, users might still see ads through content shared by others.

CPC authorities identified several practices in the context of Meta’s roll-out of its business model that “raise concern” and could potentially be considered “unfair and contrary” to various commercial practices directives and legislations.

Here are some key takeaways from the CPC network’s letter:

  • Misleading consumers by using the word “free” while, for users who do not want to subscribe against a fee, Meta requires them to accept that Meta can make revenue from using their personal data to show them personalised ads.
  • Confusing users by requiring them to navigate through different screens in the Facebook/Instagram app or web-version and to click on hyperlinks directing them to different parts of the Terms of Service or Privacy Policy to find out how their preferences, personal data, and user-generated data will be used by Meta to show them personalised ads;
  • Using imprecise terms and language, such as “your info” to refer to consumers’ “personal data” or suggesting that consumers who decide to pay will not see ads at all, while they might still see ads when engaging with content shared via Facebook or Instagram by other members of the platform;
  • Pressurising consumers who have always used Facebook/Instagram free of charge until the new business model was introduced, and for whom Facebook/Instagram often constitute a significant part of their social lives and interactions to make an immediate choice, without giving them a pre-warning, sufficient time, and a real opportunity to assess how that choice might affect their contractual relationship with Meta, by not letting them access their accounts before making their choice.

Ah, don’t you just love it when big government regulators fight big corporations?

Jokes aside, ads on Facebook can be a bit pesty, to put it mildly. Maybe now it’s a good time to tone them down a bit?


[ad_2]
Source link

YouTube Music artist pages finally get a cleaner design with latest update

0
[ad_1]

YouTube Music is now rolling out a redesign of artist pages on Android and iOS, following the updates on Mark as played for podcasts and Sound Search. The redesign includes a left-aligned artist name position, subscriber count, and a proper pill-shaped button for following.

Across from those, we have the option to start radio and shuffle, with YouTube Music testing “play” earlier this month as well. We also get circular buttons for smaller touch targets and an overall better look.

The Latest Release card remains available before you get to the Top songs sections, and then you get the rest of the feed after that.


The visual tweaks allow for a more modern and compact look. The new design matches the redesign of the album and playlist pages from 2022. The previous artist page dated back to 2019 (with a Material 3 tweak a bit later on), so it was in dire need of refreshments.

The update is a server-side one, and it is now starting to roll out both on Android and iOS.

I personally love the new design – it looks more minimalistic and clean and gives more free, resting space. Having resting space is great, especially when we’re talking about a relatively small screen (like on the phone) where if you have too many items and too big of buttons, the space looks cluttered and less enjoyable.


[ad_2]
Source link

Samsung explains why Google Messages is becoming the default on Galaxy phones

0
[ad_1]

as the default messaging app on its latest devices. This change starts with the new

and will be rolled out to future Galaxy phones as well.

Z Fold 6: up to $1,200 of; Z Flip 6: up to $650 off

The Galaxy Z Fold 6 and Z Flip 6 are available at Samsung.com. Right now, you can get the 512GB Galaxy Z Fold 6 for up to $1,200 off its list price with eligible phone trade-ins. The Z Flip 6 is available with 512GB of storage and can be yours for up to $650 off its price tag with trade-ins.

$1850 off (57%)

Galaxy Z Fold 6: $300 Gift Card + Free storage upgrade

The Samsung Galaxy Z Fold 6 is available at Amazon. Right now, you can save $120 on the smartphone in the form of a FREE storage upgrade. The offer includes a $300 Gift Card as well.

$420 off (18%)


Samsung says why it is switching from Samsung Messages to Google Messages


The tech media outlet Android Authority recently got the scoop from Samsung on why it is ditching its own messaging app in favor of Google’s.

– Samsung, July 2024


RCS, or Rich Communication Services, is the next-gen messaging standard designed to take over from SMS and MMS. It offers a richer experience with internet-based messaging, allowing for high-quality media sharing, voice notes, typing indicators, and more. While Google Messages hasn’t yet matched Samsung’s app for high-quality image sharing, that is set to change soon. Google Messages is expected to start supporting high-resolution photo sharing via RCS soon.

On the other hand, Google Messages supports RCS across all carriers, while Samsung Messages’ RCS capabilities depend on the mobile network. So, switching to Google Messages could offer a more seamless and user-friendly experience for Galaxy users.

Galaxy phone owners can still use Samsung Messages if they prefer, even with the switch. Samsung also mentioned that users can download Samsung Messages from the Galaxy Store if they want to continue using it.

For a while now, Google has been pushing hard to make RCS the new standard for messaging, and it is making significant progress.

Recent reports suggest that Google Messages is set to upgrade older cross-platform chats—like those with iPhone users—to the RCS standard. This comes on the heels of Apple’s decision to finally embrace RCS for iMessage, ending years of reluctance.


[ad_2]
Source link

Pentagon IT Service Provider Hacked: U.S. Gov. Secrets Exposed

0
[ad_1]

A massive breach in cybersecurity has occurred at Leidos Holdings Inc., which is a key provider of information technology services to the United States government.

Hackers have released internal information, which has raised significant worries regarding the safety of sensitive government data managed by third-party contractors.

During the fiscal year 2022, Leidos secured $3.98 billion in contract commitments, making it the top federal information technology contractor. Leidos is well-known for its substantial work with the Pentagon and other government agencies.

The company’s clients include the Department of Defense, the Department of Homeland Security, the National Aeronautics and Space Administration, other agencies from the United States and other countries, and commercial organizations.

Eighty-seven percent of Leidos’ revenue comes from contracts with the United States government.

The documents disclosed are suspected to have been taken during two breaches that occurred in 2022 at Diligent Corp., a platform Leidos uses.

Claim of leaked data
Claim of leaked data

There is still a lack of clarity regarding the precise type and level of sensitivity of the data that were taken; however, the leak has brought to light vulnerabilities in the cybersecurity frameworks of businesses that manipulate sensitive government information.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Document nature
Document nature


On a site dedicated to cybercrime, the documents that had been leaked were found. Bloomberg News examined some of the files, but they could not verify their legitimacy because the details were disguised.

No information regarding the nature or specifics of these documents has been made available to the general public.

A report from Bloomberg News indicates that Leidos has recently become aware of the problem and is investigating to determine the breach’s scope.

Therefore, the corporation has not yet issued a public comment regarding the particulars of the leaked documents or the actions it is taking to lessen the impact of the document breach. Leidos has chosen not to comment on the information that was stolen publicly.

Concerns regarding the potential misuse of sensitive information have been further exacerbated by the threat actor responsible for the breach’s indication that they intend to sell the data in two distinct categories.

Due to this occurrence, the security standards and precautions that government contractors take have been the subject of a more extensive discussion.

A data breach of this nature can have a wide range of repercussions, including financial losses, damage to reputation, disruptions to operations, and legal issues.

Cybersecurity experts warn that breaches such as this can significantly harm customers’ trust and subject firms to harsh scrutiny from regulators and customers.

Through its information technology services and solutions, Leidos, which was established in 2013 and later acquired Lockheed Martin Corporation’s information technology business, plays an essential part in protecting the nation’s security.

The latest security breach has forced the organization to take urgent action to determine the extent of the damage and strengthen its defenses against future assaults.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo


[ad_2]
Source link