#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Dedicated Hosting | Breaking Cybersecurity News | The Hacker News

5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws

5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws
Jan 16, 2019
A security researcher has discovered multiple one-click client-side vulnerabilities in the some of the world's most popular and widely-used web hosting companies that could have put millions of their customers as well as billions of their sites' visitors at risk of hacking. Independent researcher and bug-hunter Paulos Yibelo, who shared his new research with The Hacker News, discovered roughly a dozen serious security vulnerabilities in Bluehost, Dreamhost, HostGator, OVH, and iPage, which amounts to roughly seven million domains. Some of the vulnerabilities are so simple to execute as they require attackers to trick victims into clicking on a simple link or visiting a malicious website to easily take over the accounts of anyone using the affected web hosting providers. Critical Flaws Reported in Popular Web Hosting Services Yibelo tested all the below-listed vulnerabilities on all five web hosting platforms and found several account takeover, cross-scripting, and in

Web Hosting Company Pays $1 Million to Ransomware Hackers to Get Files Back

Web Hosting Company Pays $1 Million to Ransomware Hackers to Get Files Back
Jun 19, 2017
South Korean web hosting provider has agreed to pay $1 million in bitcoins to hackers after a Linux ransomware infected its 153 servers, encrypting 3,400 business websites and their data, hosted on them. According to a blog post published by NAYANA, the web hosting company, this unfortunate event happened on 10th June when ransomware malware hit its hosting servers and attacker demanded 550 bitcoins (over $1.6 million) to unlock the encrypted files. However, the company later negotiated with the cyber criminals and agreed to pay 397.6 bitcoins (around $1.01 million) in three installments to get their files decrypted. The hosting company has already paid two installments at the time of writing and would pay the last installment of ransom after recovering data from two-third of its infected servers. According to the security firm Trend Micro , the ransomware used in the attack was Erebus that was first spotted in September last year and was seen in February this year with Win

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities
Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat

Anonymous Hacker took down over 10,000 Dark Web Sites; Leaked User Database

Anonymous Hacker took down over 10,000 Dark Web Sites; Leaked User Database
Feb 05, 2017
Dark Web is right now going through a very rough time. Just two days ago, a hacker group affiliated with Anonymous broke into the servers of Freedom Hosting II and took down more than 10,000 Tor-based .onion dark websites with an alarming announcement to its visitors, which said: " Hello, Freedom Hosting II, you have been hacked. " Freedom Hosting II is the single largest host of underground websites accessible only through Tor anonymising browser that hosts somewhere between 15 and 20 percent of all sites on the Dark Web, anonymity and privacy researcher Sarah Jamie Lewis estimated . Besides defacing all Dark Web sites hosted on Freedom Hosting II with the same message and stealing its database, the hackers also demanded a ransom for 0.1 Bitcoin (just over $100) to return the compromised data to the hosting service. Now, it has been reported that the stolen database from Freedom Hosting II has publicly been released online to a site hosted on the Tor network, wh

The Critical State of AI in the Cloud

cyber security
websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.

Dutch Hacker Who Almost Broke The Internet Escapes Jail

Dutch Hacker Who Almost Broke The Internet Escapes Jail
Nov 15, 2016
The Dutch hacker, who in 2013 was accused of launching the biggest cyberattack to date against the anti-spam group Spamhaus, escaped prison Monday even after he was sentenced to nearly 8 months in jail because most of his term was suspended. Sven Olaf Kamphuis , 39, was arrested in April 2013 by Spanish authorities in Barcelona based on a European arrest warrant for launching massive distributed denial of service (DDoS) attack against Spamhaus that peaked at over 300 Gbps. Spamhaus is a non-profit group based in Geneva and London that tracks spam and cyber-related threats, creates blacklists of those sites and then sells them to Internet Service Providers. However, the DDoS attacks on the company were so sustained that put "the proper functioning of the Internet at risk and thus the interests of many individuals, businesses and institutions," said the court. Kamphuis was initially sentenced to a total of 240 days, but he has already served 55 days in on remand aft

World's largest 1 Tbps DDoS Attack launched from 152,000 hacked Smart Devices

World's largest 1 Tbps DDoS Attack launched from 152,000 hacked Smart Devices
Sep 28, 2016
Do you know — Your Smart Devices may have inadvertently participated in a record-breaking largest cyber attack that Internet has just witnessed. If you own a smart device like Internet-connected televisions, cars, refrigerators or thermostats, you might already be part of a botnet of millions of infected devices that was used to launch the biggest DDoS attack known to date, with peaks of over 1 Tbps of traffic. France-based hosting provider OVH was the victim to the record-breaking Distributed Denial of Service (DDoS) attacks that reached over one terabit per second (1 Tbps) over the past week. As the Internet of Things (IoT) or connected devices are growing at a great pace, they continue to widen the attack surface at the same time, giving attackers a large number of entry points to affect you some or the other way. 1 Tbps DDoS Attack Hits OVH IoTs are currently being deployed in a large variety of devices throughout your home, businesses, hospitals, and even entire cities (

5 Biggest Hosting Companies hacked by Syrian Electronic Army

5 Biggest Hosting Companies hacked by Syrian Electronic Army
Mar 30, 2015
Once again, Syrian Electronic Army (SEA) has gain media attention by compromising a number of popular web hosting brands of one of the leading web-hosting companies Endurance International Group INC that manages over 60 different hosting brands. SEA, a pro-hacker group supposed to be aligned with Syrian President Bashar al-Assad, is famous for hacking high-profile websites and targeting leading organisation with its advanced phishing attacks. This time the group hacked Endurance Group wings, including Bluehost, Justhost, Hostgator, Hostmonster and FastDomain, which are some of the world's leading web hosting companies. The official Twitter account linked to SEA group claimed responsibility for the hack. The group has posted the screenshots of the hacked panels of all the respective web hosting companies. REASON BEHIND HACK According to SEA group, Endurance Group's BlueHost, JustHost, HostGator and HostMonster were hosting terrorists web sites on their se

Cyber Attack On 'Code Spaces' Puts Hosting Service Out of Business

Cyber Attack On 'Code Spaces' Puts Hosting Service Out of Business
Jun 21, 2014
Code Spaces , a code-hosting and software collaboration platform used by different organizations for project management and development needs, was forced to shut down operations after an attacker compromised its internal system and deleted its customer's data and backups as well. This is really a nightmare for the code-hosting company based in Coventry, UK that claimed to offer " Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management. " Codespaces.com homepage shows a lengthy explanation on the attack and an apology from its customer. " Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility, " read the note. " As such at this point in time we have no alternative but to cease trading and concentra

Adult Magazine Sued LeaseWeb for Hosting Pirated Websites, claiming $188M in Damages

Adult Magazine Sued LeaseWeb for Hosting Pirated Websites, claiming $188M in Damages
Cybersecurity Resources