#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

DNS Vulnerability | Breaking Cybersecurity News | The Hacker News

InvisiMole Hackers Target High-Profile Military and Diplomatic Entities

InvisiMole Hackers Target High-Profile Military and Diplomatic Entities
Jun 18, 2020
Cybersecurity researchers today uncovered the modus operandi of an elusive threat group that hacks into the high-profile military and diplomatic entities in Eastern Europe for espionage. The findings are part of a collaborative analysis by cybersecurity firm ESET and the impacted firms, resulting in an extensive look into InvisiMole's operations and the group's tactics, tools, and procedures (TTPs). "ESET researchers conducted an investigation of these attacks in cooperation with the affected organizations and were able to uncover the extensive, sophisticated tool-sets used for delivery, lateral movement, and execution of InvisiMole's backdoors," the company said in a report shared with The Hacker News. Cooperation with the Gamaredon Group First discovered in 2018 , InvisiMole has been active at least since 2013 in connection with targeted cyber-espionage operations in Ukraine and Russia. After slipping under the radar, the threat actor returned late

Microsoft Issues Patches For Severe Flaws, Including Office Zero-Day & DNS Attack

Microsoft Issues Patches For Severe Flaws, Including Office Zero-Day & DNS Attack
Oct 11, 2017
As part of its "October Patch Tuesday," Microsoft has today released a large batch of security updates to patch a total of 62 vulnerabilities in its products, including a severe MS office zero-day flaw that has been exploited in the wild. Security updates also include patches for Microsoft Windows operating systems, Internet Explorer, Microsoft Edge, Skype, Microsoft Lync and Microsoft SharePoint Server. Besides the MS Office vulnerability, the company has also addressed two other publicly disclosed (but not yet targeted in the wild) vulnerabilities that affect the SharePoint Server and the Windows Subsystem for Linux. October patch Tuesday also fixes a critical Windows DNS vulnerability that could be exploited by a malicious DNS server to execute arbitrary code on the targeted system. Below you can find a brief technical explanation of all above mentioned critical and important vulnerabilities. Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826) T

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Cybersecurity Resources