#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Disinformation | Breaking Cybersecurity News | The Hacker News

Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks

Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks

Feb 21, 2024 Phishing Attack / Information Warfare
Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related disinformation. The activity has been linked to Russia-aligned threat actors by Slovak cybersecurity company ESET, which also identified a spear-phishing campaign aimed at a Ukrainian defense company in October 2023 and a European Union agency in November 2023 with an aim to harvest Microsoft login credentials using fake landing pages. Operation Texonto, as the entire campaign has been codenamed, has not been attributed to a specific threat actor, although some elements of it, particularly the spear-phishing attacks, overlap with  COLDRIVER , which has a history of harvesting credentials via bogus sign-in pages. The disinformation operation took place over two waves in November and December 2023, with the email messages bearing PDF attachments and content related to heating interruptions, drug shortages, and food shortages. The November wave tar
Russia's AI-Powered Disinformation Operation Targeting Ukraine, U.S., and Germany

Russia's AI-Powered Disinformation Operation Targeting Ukraine, U.S., and Germany

Dec 05, 2023 Brandjacking / Artificial Intelligence
The Russia-linked influence operation called Doppelganger has targeted Ukrainian, U.S., and German audiences through a combination of inauthentic news sites and social media accounts. These campaigns are designed to amplify content designed to undermine Ukraine as well as propagate anti-LGBTQ+ sentiment, U.S. military competence, and Germany's economic and social issues, according to a new Recorded Future report shared with The Hacker News. Doppelganger ,  described  by Meta as the "largest and the most aggressively-persistent Russian-origin operation," is a  pro-Russian network  known for spreading anti-Ukrainian propaganda. Active since at least February 2022, it has been linked to two companies named Structura National Technologies and Social Design Agency. Activities associated with the influence operation are known to leverage manufactured websites as well as those impersonating authentic media – a technique called brandjacking – to disseminate adversarial narrat
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia

Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia

Sep 05, 2023 Social Media / Disinformation
Meta has disclosed that it disrupted two of the largest known covert influence operations in the world from China and Russia, blocking thousands of accounts and pages across its platform. "It targeted more than 50 apps, including Facebook, Instagram, X (formerly Twitter), YouTube, TikTok, Reddit, Pinterest, Medium, Blogspot, LiveJournal, VKontakte, Vimeo, and dozens of smaller platforms and forums," Guy Rosen, chief information security officer at Meta, said last week, describing the Chinese disinformation group. The network, which included 7,704 Facebook accounts, 954 Pages, 15 Groups and 15 Instagram accounts, is said to have been run by "geographically dispersed operators" across China, posting content about China and its province Xinjiang, criticism of the U.S, Western foreign policies, and critics of the Chinese government. Central to the activity is the sharing of spammy links, the origins of which trace back to a cluster named Spamouflage (aka DRAGONBRIDGE ) that has been
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality

From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality

Mar 06, 2023 Disinformation / Deep Fakes
Deep fakes are expected to become a more prominent attack vector. Here's how to identify them. What are Deep Fakes? A deep fake is the act of maliciously replacing real images and videos with fabricated ones to perform information manipulation. To create images, video and audio that are high quality enough to be used in deep fakes, AI and ML are required. Such use of AI, ML and image replacement are unlike other types of information manipulation, which use less extreme manipulation techniques, like misrepresentation of information, isolating parts of the information or editing it in a deceptive manner. Etay Maor, Senior Director of Security Strategy at Cato Networks adds "To add complications, the recent advancements and accessibility to AI generated text, such as GPT3, have already been used in combination with deepfakes (as a proof of concept) to create interactive, human looking conversation bots" What Do Deep Fakes Look Like? Deep fakes come in all shapes and siz
Cybersecurity Resources