#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

traffic monitoring | Breaking Cybersecurity News | The Hacker News

They Named it — Einstein, But $6 Billion Firewall Fails to Detect 94% of Latest Threats

They Named it — Einstein, But $6 Billion Firewall Fails to Detect 94% of Latest Threats

Feb 02, 2016
The US government's $6 Billion firewall is nothing but a big blunder. Dubbed EINSTEIN , the nationwide firewall run by the US Department of Homeland Security (DHS) is not as smart as its name suggests. An audit conducted by the United States Government Accountability Office (GAO) has claimed that the firewall used by US government agencies is failing to fully meet its objectives and leaving the agencies open to zero-day attacks. EINSTEIN, which is officially known as the US' National Cybersecurity Protection System (NCPS) and has cost $5.7 Billion to develop, detects only 6 percent of today's most common security vulnerabilities and failed to detect the rest 94 percent. How bad is EINSTEIN Firewall in reality? In a series of tests conducted last year, Einstein only detected 29 out of 489 vulnerabilities across Flash, Office, Java, IE and Acrobat disclosed via CVE reports published in 2014, according to a report [ PDF ] released by the GAO late las
Popular Navigation App hijacked with Fake Bots to Cause Traffic Jam

Popular Navigation App hijacked with Fake Bots to Cause Traffic Jam

Apr 04, 2014
Beware! Hackers can cause Traffic jams with just a navigation Smartphone application. Two Israeli students were assigned by college to hack Google-owned Waze GPS app , an Israeli-made Smartphone app that provides directions and alerts drivers to traffic and accidents. Shir Yadid and Meital Ben-Sinai , fourth-year students at Technion-Israel Institute of Technology, with the help of two advisers created a virtual program that successfully caused the popular navigation application Waze to report fake traffic jams,  Haaretz  reported. They successfully launched a demo cyber attack against the popular navigation app, with no evil intention to cause any damage to the app, instead it was a simple assignment handed over to these students to demonstrate up to what a malicious hacker could do by creating a fake traffic jam on any popular app, like Waze that provides real-time traffic updates and notifications to users on the road. HOW TO JAM TRAFFIC? To carry out their proje
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Israeli Road Control System hacked, caused Traffic jam on Haifa Highway

Israeli Road Control System hacked, caused Traffic jam on Haifa Highway

Oct 28, 2013
Israel is considered one of the most advanced country in cyber security, but at the same time is a privileged target for hostile governments intent in sabotage and cyber espionage on his technology. Yesterday, Cybersecurity experts revealed that a major artery in Israel's national road network located in the northern the city of Haifa suffered a cyber attack, that caused massive traffic congestion in the City. Isreal military officials are aware of cyber threats that could hit the infrastructure of the country and they afraid the possible effect of a cyber attack on a large scale. Israeli government websites suffer thousands of cyberattacks each day according Ofir Ben Avi, head of the government's website division. The Israel Electric Corp. confirmed that its servers register about 6,000 unique computer attacks every second. In June, Prime Minister Benjamin Netanyahu stated that Iran militia, Hezbollah and Hamas have targeted in numerous occasions Israel
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability

Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability

May 29, 2013
ModSecurity is an open source web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. ModSecurity developers team recently fixed a vulnerability ( CVE-2013-2765 ) which could be exploited by attackers to crash the firewall . The vulnerability is caused due to an error when processing the " forceRequestBodyVariable " action and can be exploited to cause a NULL pointer dereference via specially crafted HTTP requests.  Flaw was reported by Younes Jaaidi, according to him an attacker can exploit this issue using a web browser. He also released an Exploit for this flaw, which is publicly available at  Github  for download. Through the program to upgrade to version 2.7.4 fixes this problem, this version also fixes some minor bug and lib injection used to identify SQL injection attacks, while the development team also announced its portable version of Nginx has
Cybersecurity Resources