#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Amazon Web Services | Breaking Cybersecurity News | The Hacker News

Category — Amazon Web Services
Multiple Flaws Exposed in Pocket Add-on for Firefox

Multiple Flaws Exposed in Pocket Add-on for Firefox

Aug 21, 2015
With providing easy accessibility, the battle is not won! Server-side Vulnerabilities have been reported by a security researcher in the popular Pocket add-on that comes attached with the Firefox browser. The security flaws could have allowed hackers to exfiltrate data from the company's servers as well as populate reading lists with malicious links. The Pocket button in the Firefox browser allows you to save links, videos, web pages, or articles to your Pocket account with just a click, making it easier for you to read them later, usually offline. However, the vulnerabilities discovered by security researcher Clint Ruoho was such that it could allow hackers to get an unrestricted root access to the server hosting the application, the researcher wrote in his blog post . For this to be done, a hacker only needs: A browser The Pocket Mobile app Access to an Amazon EC2 Server which costs 2 cents an hour The researcher, with the goal of exploiting the service's main functionality ...
Understanding the Shared Security Model in Amazon Web Services

Understanding the Shared Security Model in Amazon Web Services

May 21, 2015
Security in the Amazon EC2 environment is a responsibility shared by both the end user and Amazon. This is because within this environment there are specific parts that Amazon has control of and specific parts that are controlled by the end user. For the end user, they are responsible for securing the operating systems running on their instances, as well as the applications running on those operating systems. On the other hand, physical security and security of the hypervisor is Amazon's responsibility. When it comes to the network, security of that layer is a shared responsibility between the user and Amazon. Implications of the Shared Security Model Huge operational efficiencies can be gained in a shared security model, however this comes at the cost of the flexibility to have total control over an environment. In the past, significant security issues have occurred as organizations move to the shared model. During this transition, it's key that organizations under...
Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Jan 09, 2025AI Security / SaaS Security
As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI.  Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a customer support person using Agentic AI to automate tasks – without going through the proper channels. When these tools are used without IT or the Security team's knowledge, they often lack sufficient security controls, putting company data at risk. Shadow AI Detection Challenges Because shadow AI tools often embed themselves in approved business applications via AI assistants, copilots, and agents they are even more tricky to discover than traditional shadow IT. While traditional shadow apps can be identified through network monitoring methodologies that scan for unauthorized connections based on...
Beware: Fake 'The Interview' App Affects Android Users

Beware: Fake 'The Interview' App Affects Android Users

Dec 28, 2015
" The Interview ", the controversial North Korean-baiting film which appeared to be the root cause of the cyber mishap occurred at Sony Pictures Entertainment that threatened terror attack at theaters showing the movie, now threatens to expose users of Android phones to a malware attack. Since its release, everyone is talking about "The Interview" — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un. Because cybercriminals are known to take advantage of major events where there is a high level of public interest, The Interview became their target. In a joint investigation, Security researchers of McAfee and Technische Universität Darmstadt and the Center for Advanced Security Research Darmstadt (CASED) has discovered an Android app claiming to download 'The Interview' comedy on their smartphone devices actually infects users' devices with banking trojan in ...
cyber security

Secure Your Azure: Proactive Tips for Cloud Protection

websiteWizCloud Security
Discover how to boost your Azure cloud security with practical steps to help you maintain control and visibility.
WikiLeaks.org Down After EveryDNS.net Termination Due to DDOS Attacks

WikiLeaks.org Down After EveryDNS.net Termination Due to DDOS Attacks

Dec 07, 2010
WikiLeaks' main website became inaccessible on Friday via its WikiLeaks.org domain after EveryDNS.net, a subsidiary of Dynamic Network Services, terminated its domain name service. EveryDNS.net terminated the WikiLeaks.org domain due to repeated Distributed Denial of Service (DDOS) attacks. These attacks threatened the stability of EveryDNS.net's infrastructure, which supports nearly 500,000 other websites. This information was stated on EveryDNS.net's website. EveryDNS.net notified WikiLeaks via email, Twitter, and the chat function on the WikiLeaks.org website that its domain name service would be terminated within 24 hours. This period ended on Dec. 2 at 10 p.m. Eastern Standard Time in the U.S. EveryDNS.net remarked, "Any downtime of the Wikileaks.org website has resulted from its failure to use another hosted DNS service provider." In response, WikiLeaks tweeted, "WikiLeaks.org domain killed by U.S. EveryDNS.net after claimed mass attacks," urging su...
Expert Insights / Articles Videos
Cybersecurity Resources