#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security Posture Management

CloudSEK | Breaking Cybersecurity News | The Hacker News

Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users

Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users
May 30, 2023 Mobile Security / Android
A new open source remote access trojan (RAT) called  DogeRAT  targets Android users primarily located in India as part of a sophisticated malware campaign. The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGPT, and Premium versions of YouTube, Netflix, and Instagram. "Once installed on a victim's device, the malware gains unauthorized access to sensitive data, including contacts, messages, and banking credentials," cybersecurity firm CloudSEK  said  in a Monday report. "It can also take control of the infected device, enabling malicious actions such as sending spam messages, making unauthorized payments, modifying files, and even remotely capturing photos through the device's cameras." DogeRAT, like many other malware-as-a-service ( MaaS ) offerings, is promoted by its India-based developer through a Telegram channel that has more than 2,100 subscribers since it wa

Swachh City Platform Suffers Data Breach Leaking 16 Million User Records

Swachh City Platform Suffers Data Breach Leaking 16 Million User Records
Sep 29, 2022
A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform. Leaked details include usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among others, according to a report shared by security firm CloudSEK with The Hacker News. The  website  is currently inaccessible. The Swachhata Platform is part of the Indian government's  Swachh Bharat Mission  (translated as Clean India Mission) nationwide initiative to "achieve universal sanitation coverage." According to  Cyble , the database comprises 101,718 unique email addresses and 15,835,111 unique mobile numbers, putting users at risk of phishing, smishing, social engineering, and identity theft. The cybersecurity firm said that the breach possibly leveraged compromised credentials belonging to administrator and non-administ

Cracking the Code to Vulnerability Management

SaaS
websitewiz.ioVulnerability Management / Cloud Security
Vulnerability management in the cloud is no longer just about patches and fixes. In this latest report, the Wiz Security Research team put vulnerability management theory into practice using recently identified vulnerabilities as examples. Get the FREE report.

Transform Your Data Security Posture – Learn from SoFi's DSPM Success

Transform Your Data Security Posture – Learn from SoFi's DSPM Success
Nov 28, 2023Data Security / Posture Management
As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and unauthorized data breaches. Sentra's DSPM (Data Security Posture Management) emerges as a comprehensive solution, offering continuous discovery and accurate classification of sensitive data in the cloud. This informative webinar, " Securing Sensitive Data Starts with Discovery and Classification: SoFi's DSPM Story " unveils the success story of SoFi, a pioneering cloud-native financial services provider, and its journey with Sentra's DSPM. It explores the challenges and triumphs in securing cloud data and a roadmap to implementing effective DSPM strategies in your organization. Expert Panel: Aviv Zisso:  As Director of Customer Success at Sentra, Aviv brings deep insights into data security needs and solutions. Pritam H Mungse:  SoFi's Director of Product Security, Pr

Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys

Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys
Aug 01, 2022
Researchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm CloudSEK said in a report exclusively shared with The Hacker News. "Out of 3,207, 230 apps are leaking all four authentication credentials and can be used to fully take over their Twitter Accounts and can perform any critical/sensitive actions," the researchers said.  This can range from reading direct messages to carrying out arbitrary actions such as retweeting, liking and deleting tweets, following any account, removing followers, accessing account settings, and even changing the account profile picture. Access to the Twitter API  requires  generating secret keys and access tokens, which act as the usernames and
Cybersecurity Resources