#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Connected devices | Breaking Cybersecurity News | The Hacker News

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
Dec 04, 2019
Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take control over them. The first vulnerability resides in the way multi-part/form-data requests are processed within the base GoAhead web server application, affecting GoAhead Web Server versions v5.0.1, v.4.1.1, and v3.6.5. According to the researchers at Cisco Talos, while processing a specially crafted HTTP request, an attacker exploiting the vulnerability can cause use-after-free condition on the server and corrupt heap structures, leading to code execution attacks. The second vulnerability, assigned as CVE-2019-5097, also resides in the same component of the GoAhead Web Server and can be

Thousands of Google Chromecast Devices Hijacked to Promote PewDiePie

Thousands of Google Chromecast Devices Hijacked to Promote PewDiePie
Jan 03, 2019
A group of hackers has hijacked tens of thousands of Google's Chromecast streaming dongles, Google Home smart speakers and smart TVs with built-in Chromecast technology in recent weeks by exploiting a bug that's allegedly been ignored by Google for almost five years. The attackers, who go by Twitter handles @HackerGiraffe and @j3ws3r, managed to hijack Chromecasts' feeds and display a pop-up, spreading a security warning as well as controversial YouTube star PewDiePie propaganda. The hackers are the same ones who hijacked more than 50,000 internet-connected printers worldwide late last year by exploiting vulnerable printers to print out flyers asking everyone to subscribe to PewDiePie YouTube channel. This time, the hackers remotely scanned the internet for compatible devices, including Chromecasts, exposed to the internet through poorly configured routers that have Universal Plug and Play [UPnP] enabled by default. The hackers then exploited a design flaw in Chrome

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

Prison Inmates Built PCs from e-Waste and Connected Online Using Prison Network

Prison Inmates Built PCs from e-Waste and Connected Online Using Prison Network
Apr 12, 2017
Can you imagine your world without the Internet? I know it's hard to imagine your life without the Internet, and the same was the case of two Ohio prisoners who built personal computers from parts from e-waste, hid them in the ceiling, and connected those PCs to the Internet via the prison's network. The incident occurred in 2015 but has now been made public by the State of Ohio's Office of the Inspector General, which published a 50-page report [ PDF ] on Tuesday, following almost a year-long investigation. According to the report, a prison work program has backfired two inmates of Marion Correctional Institution in Ohio, Florida, who smuggled computer parts from an e-waste recycling workshop and built two clandestine computers out of them. The unsupervised inmates later hid the computers behind a plywood board in the ceiling of a training room, and then connected those working PCs to the Ohio Department of Rehabilitation and Correction (ODRC) network to access

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Court Documents Reveal How Feds Spied On Connected Cars For 15 Years

Court Documents Reveal How Feds Spied On Connected Cars For 15 Years
Jan 16, 2017
It's not always necessary to break into your computer or smartphone to spy on you. Today all are day-to-day devices are becoming more connected to networks than ever to add convenience and ease to daily activities. But here's what we forget: These connected devices can be turned against us because we are giving companies, hackers, and law enforcement a large number of entry points to break into our network. These connected devices can also be a great boon for law enforcement that can listen and track us everywhere. Let's take the recent example of 2016 Arkansas murder case where Amazon was asked to hand over audio recordings from a suspect's Echo. However, that was not the first case where feds asked any company to hand over data from a suspect's connected device, as they have long retrieved such information from connected cars. According to court documents obtained by Forbes , United States federal agencies have a 15-year history of " Cartapping &qu

Hackers take Remote Control of Tesla's Brakes and Door locks from 12 Miles Away

Hackers take Remote Control of Tesla's Brakes and Door locks from 12 Miles Away
Sep 20, 2016
Next time when you find yourself hooked up behind the wheel, make sure your car is actually in your control. Hackers can remotely hijack your car and even control its brakes from 12 miles away. Car hacking is a hot topic. Today many automobiles companies have been offering vehicles with the majority of functions electronically controlled, from instrument cluster to steering, brakes, and accelerator. These auto-control electronic systems not only improve your driving experience but at the same time also increase the risk of getting hacked. The most recent car hacking has been performed on Tesla Model S by a team of security researchers from Keen Security Lab, demonstrating how they were able to hijack the Tesla car by exploiting multiple flaws in the latest models running the most recent software. The team said the hacks worked on multiple models of Tesla and believed they would work across all marques. "We have discovered multiple security vulnerabilities and suc

Google's Devices and Activity Dashboard — A New Account Security Wizard

Google's Devices and Activity Dashboard — A New Account Security Wizard
Nov 25, 2014
We access our Google account from so many devices that we our self forget on how many devices our account is still connected and perhaps we don't use that device anymore. To make this problem easy for you, Google has come up with its new security dashboard which will help you keep better control over the devices that can access your account. The Internet giant on Monday launched a new " Devices and Activity dashboard " with additional insight over the devices which will allow Google Apps users to identify every single active device that has been used to access their account in the last 28 days as well as those currently signed in. Users will now be able to monitor a comprehensive set of details including the last time their account was accessed, location from where their account was accessed, as well as the web browser that was used to open their account. Eran Feigenbaum , security director at the Google for Work team, said admins could quickly change pass
Cybersecurity Resources