Shakeeb Ahmed, a cybersecurity engineer convicted of stealing around $12 million in crypto, was sentenced on Friday to three years in prison.
In a press release, the U.S. Attorney for the Southern District of New York announced the sentence.
Ahmed was accused of hacking into two cryptocurrency exchanges, and stealing around $12 million in crypto, according to prosecutors.
While the name of one of his victims was never disclosed, Ahmed reportedly hacked into Crema Finance, a Solana-based crypto exchange, in early July 2022.
In the case of Nirvana Finance, the stolen funds “represented approximately all the funds possessed by Nirvana,” which led Nirvana Finance to shut down, according to the press release.
Streaming giant Roku has confirmed a second security incident in as many months, with hackers this time able to compromise more than half a million Roku user accounts.
In a statement Friday, the company said about 576,000 user accounts were accessed using a technique known as credential stuffing, where malicious hackers use usernames and passwords stolen from other data breaches and reuse the logins on other sites.
Roku said in fewer than 400 account breaches, the malicious hackers made fraudulent purchases of Roku hardware and streaming subscriptions using the payment data stored in those users’ accounts.
Two-factor authentication prevents credential stuffing attacks by adding an additional layer of security to online accounts.
By prompting a user to enter a time-sensitive code along with their username and password, malicious hackers cannot break into a user’s account with just a stolen password.
U.S. cybersecurity agency CISA is warning Sisense customers to reset their credentials and secrets after the data analytics company reported a security incident.
CISA said it urges Sisense customers to “reset credentials and secrets potentially exposed to, or used to access, Sisense services” and to report any suspicious activity involving the use of compromised credentials to the agency.
Founded in 2004, Sisense develops business intelligence and data analytics software for big companies, including telcos, airlines and tech giants.
Companies like Sisense rely on using credentials, such as passwords and private keys, to access a customer’s various stores of data for analysis.
With access to these credentials, an attacker could potentially also access a customer’s data.
After leaving Nvidia in 2010, Kumar pivoted to cybersecurity, eventually co-founding Fortanix, a cloud data security platform.
Leveraging AI, Simbian can automatically orchestrate and operate existing security tools, finding the right configurations for each product by taking into account a company’s priorities and thresholds for security, informed by their business requirements.
A separate study found that organizations now juggle on average 76 different security tools, leading IT teams and leaders to feel overwhelmed.
In addition to automatically configuring a company’s security tools, the Simbian platform attempts to respond to “security events” by letting customers steer security while taking care of lower-level details.
But that assumes Simbian’s AI doesn’t make mistakes, a tall order, given that it’s well established that AI is error-prone.
Google VidsLeveraging AI to help customers develop creative content is something Big Tech is looking for, and Tuesday, Google introduced its version.
Read moreImagen 2In February, Google announced an image generator built into Gemini, Google’s AI-powered chatbot.
“Vertex AI Agent Builder allows people to very easily and quickly build conversational agents,” Google Cloud CEO Thomas Kurian said.
Read moreNvidia’s Blackwell platformOne of the anticipated announcements is Nvidia’s next-generation Blackwell platform coming to Google Cloud in early 2025.
This, Kyle Wiggers writes, is “Google’s most capable generative AI model,” and is now available in public preview on Vertex AI, Google’s enterprise-focused AI development platform.
AT&T has begun notifying U.S. state authorities and regulators of a security incident after confirming that millions of customer records posted online last month were authentic.
According to AT&T the records contained valid data on more than 7.9 million current AT&T customers.
AT&T took action some three years after a subset of the leaked data first appeared online, which prevented any meaningful analysis of the data.
The full cache of 73 million leaked customer records was dumped online last month, allowing customers to verify that their data was genuine.
AT&T eventually acknowledged that the leaked data belongs to its customers, including about 65 million former customers.
Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet.
The Azure storage server housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems.
Yoleri told TechCrunch that the exposed data could potentially help malicious actors identify or access other places where Microsoft stores its internal files.
The researchers notified Microsoft of the security lapse on February 6, and Microsoft secured the spilling files on March 5.
Microsoft did not say if it had reset or changed any of the exposed internal credentials.
Don’t have time to catch the Google Cloud Next livestream?
Here’s whyNvidia’s Blackwell platformOne of the anticipated announcements is Nvidia’s next-generation Blackwell platform coming to Google Cloud in early 2025.
Read moreImagen 2In February, Google announced an image generator built into Gemini, Google’s AI-powered chatbot.
Read moreChrome Enterprise PremiumMeanwhile, Google is expanding its Chrome Enterprise product suite with the launch of Chrome Enterprise Premium.
This, Kyle Wiggers writes, is “Google’s most capable generative AI model,” and is now available in public preview on Vertex AI, Google’s enterprise-focused AI development platform.
Sprinto, a security compliance and risk platform, has raised a $20 million Series B round to build more automation into its compliance management platform and widen its customer base to include the wide gamut of companies that operate digitally but aren’t tech-first.
Sprinto is working to automate this aspect of security compliance management, which involves vendor risk management, vulnerability assessment, access control, evidence collection and other filing tasks.
Sprinto uses a mix of AI, GPTs and its own internal large language model to offer efficiencies in compliance management.
The market for automated compliance management solutions already has players such as Vanta and Drata, which Sprinto considers its key competitors.
However, Redekar said Sprinto primarily focuses on automating the entire compliance management process and helping businesses build trust.
U.S. consulting firm Greylock McKinnon Associates disclosed a data breach in which hackers stole as many as 341,650 Social Security numbers.
The data breach was disclosed on Friday on Maine’s government website, where the state posts data breach notifications.
A spokesperson for the Justice Department did not respond to a request for comment.
We received confirmation of which individuals’ information was affected and obtained their contact addresses on February 7, 2024,” the firm wrote.
GMA told victims that “your personal and Medicare information was likely affected in this incident,” which includes names, dates of birth, home address, some medical information and health insurance information, and Medicare claim numbers, which included Social Security Numbers.
