#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security Posture Management

GoDaddy Hosting | Breaking Cybersecurity News | The Hacker News

GoDaddy Vulnerability Allows Domain Hijacking

GoDaddy Vulnerability Allows Domain Hijacking

Jan 21, 2015
An Internet domain registrar and web hosting company GoDaddy has patched a Cross-Site Request Forgery ( CSRF or XSRF) vulnerability that allowed hackers and malicious actors to hijack websites registered with the domain registration company. The vulnerability was reported to GoDaddy on Saturday by Dylan Saccomanni, a web application security researcher and penetration testing consultant in New York. Without any time delay, the company patched the bug in less than 24 hours after the blog was published. While managing an old domain registered on GoDaddy, Saccomanni stumbled across the bug and noticed that there was absolutely no protection against CSRF vulnerability at all on many GoDaddy DNS management actions. Cross-Site Request Forgery (CSRF) is a method of attacking a website in which an attacker need to convince the victim to click on a specially crafted HTML exploit page that will make a request to the vulnerable website on their behalf. This common but rathe
Syrian Electronic Army Hacks UK based Media Websites

Syrian Electronic Army Hacks UK based Media Websites

Nov 27, 2014
Syrian Electronic Army (SEA) , a pro-hacker group supposed to be aligned with Syrian President Bashar al-Assad has again gain media attention by compromising a number of popular news websites and displayed a Thanksgiving popups informing people that they've been hacked. The Forbes, The Independent, The Chicago Tribune , The Daily Telegraph , The London Evening Standard, broadcaster CNBC, PC World and the US National Hockey League were among those popular websites affected by the group. This time they apparently targeted a third-party widget that is used by all those compromised websites. It is being reported that the hacker group found a way into registrar GoDaddy to compromise DNS records for the Gigya , a customer identity management platform used by all the sites. Although all site visitors were not affected by the attack, but some visitors using a line of Javascript were redirected to SEA web pages with the message " You've been hacked by the Syrian Elec
cyber security

Cracking the Code to Vulnerability Management

websitewiz.ioVulnerability Management / Cloud Security
Vulnerability management in the cloud is no longer just about patches and fixes. In this latest report, the Wiz Security Research team put vulnerability management theory into practice using recently identified vulnerabilities as examples. Get the FREE report
Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

Dec 04, 2023SaaS Security / Data Security
As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn't have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how you can start the new year with a clean user list.  How Offboarded Users  Still  Have Access to Your Apps When employees leave a company, they trigger a series of changes to backend systems in their wake. First, they are removed from the company's identity provider (IdP), which kicks off an automated workflow that deactivates their email and removes access to all internal systems. When enterprises use an SSO (single sign-on), these former employees lose access to any online properties – including SaaS applications – that require SSO for login.  However, that doesn't mean that former employee
Cybersecurity Resources