#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

DefCon | Breaking Cybersecurity News | The Hacker News

ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability

ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability

Aug 13, 2018
Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday. Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application installed in the targeted system to virtually "click" objects without any user interaction or consent. To know, how dangerous it can go, Wardle explains : "Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? Click...allowed. Authorize keychain access? Click...allowed. Load 3rd-party kernel extension? Click...allowed. Authorize outgoing network connection? click ...allowed." Wardle described his research into "synthetic" interactions with a user interface (UI) as "The Mouse is Mightier than the Sword,"
Silk Road 2.0 Dark-Web Admin Pleads Guilty

Silk Road 2.0 Dark-Web Admin Pleads Guilty

Apr 05, 2016
An admin of Silk Road 2 , named Brian Farrell , who helped maintain the notorious dark web site by providing customer and technical support, approving and suspending vendors, and promoting staff members, has pleaded guilty and could face 8 years in prison. The 28-year-old man, who used the moniker " DoctorClu ," had been accused last year of being the right-hand to the creator of Silk Road 2.0, the copycat website inspired by the notorious online illegal drug marketplace. Silk Road 2.0 was shuttered in November 2014 after its creator Blake Benthall aka "Defcon" was arrested whose own criminal case is pending in federal court in New York. Silk Road has been described as "one of the most extensive, sophisticated, and widely-used illegal marketplaces on the internet today."  According to the Department of Justice, Silk Road 2.0 had generated "sales of at least approximately $8 Million in the United States currency per month" s
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Car Hacking ? Scary, But Now it’s REALITY!

Car Hacking ? Scary, But Now it's REALITY!

Jul 25, 2015
Next time you find yourself hooked up behind the wheel, make sure that your car is actually in your control. Hackers are now able to break into hundreds of thousands of vehicles on the road. Car hacking is a hot topic today and until now it was performed only while researchers were hard-wired into a car's electrical system. However, the most recent hack performed by two computer hackers, who have spent years developing ways to crack the digital safeguards of Internet-connected vehicles, is rather more Disturbing. Researchers Charlie Miller and Chris Valasek recently demonstrated their abilities to control a Jeep Cherokee remotely from miles away by exploiting the car's entertainment system that was connected to the mobile data network. The duo was able to move laterally into other electronic parts of the vehicle, like the air conditioning, transmission, and even the car's steering controls. 1.4 Million Car Models Vulnerable Not just Jeep Cherokee, but the rest of
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
How to Anonymously Access Wi-Fi from 2.5 Miles Away Using This Incredible Device

How to Anonymously Access Wi-Fi from 2.5 Miles Away Using This Incredible Device

Jul 02, 2015
Anonymity is something that seems next to impossible in this era of government surveillance. Even Tor and VPNs are no longer seem to be enough to protect user privacy. Once your IP address is discovered, your Game Over! However, a method have been devised that not only allow users to anonymously connect to public Wi-Fi network, but also let them connect from about 2.5 Miles away . Security researcher Benjamin Caudill has developed a device that adds an extra layer of anonymity to whistleblowers, journalists, dissidents and, of course, criminals. Dubbed ProxyHam , it's a " hardware proxy " that allows users to connect to a long-distance public Wi-Fi network over an unidentifiable low-frequency radio channels, making it more difficult for government agencies and spies to unearth the real identity and source of the Internet traffic. How Proxyham is made?  Proxyham is comprised of a WiFi-enabled Raspberry Pi computer , along with a three antennas setu
Cybersecurity Resources