#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

IT security | Breaking Cybersecurity News | The Hacker News

Category — IT security
Threat Prevention & Detection in SaaS Environments - 101

Threat Prevention & Detection in SaaS Environments - 101

Jul 16, 2024 SaaS Security / Identity Management
Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.  According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and insider threats, and it becomes quite clear that identity is a primary attack vector. To make matters worse, it's not just human accounts that are being targeted. Threat actors are also hijacking non-human identities, including service accounts and OAuth authorizations, and riding them deep into SaaS applications.  When threat actors get through the initial defenses, having a robust Identity Threat Detection and Response (ITDR) system in place as an integral part of Identity Security can prevent massive breaches. Last month's Snowflake breach is a perfect example. Threat actors took advanta...
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

Jul 12, 2024 Malware / Cyber Attack
Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. Targets included North America, Europe, and parts of Asia. "This was a relatively short-lived campaign that illustrates how threat actors can creatively abuse legitimate tools and services to distribute their malware," security researchers Vishwa Thothathri, Yijie Sui, Anmol Maurya, Uday Pratap Singh, and Brad Duncan said . DarkGate, which first emerged in 2018, has evolved into a malware-as-a-service (MaaS) offering used by a tightly controlled number of customers. It comes with capabilities to remotely control compromised hosts, execute code, mine cryptocurrency, launch reverse shells, and drop addit...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Crowdstrike Named A Leader In Endpoint Protection Platforms

Nov 22, 2024Endpoint Security / Threat Detection
CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.
Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

Jul 12, 2024 Digital Security / Online Safety
In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don't realize their credentials have been compromised until the damage is done. Imagine waking up to drained bank accounts, stolen identities, or a company's reputation in tatters. This isn't just a hypothetical scenario – it's the harsh reality faced by countless individuals and organizations every day. Recent data reveals that compromised credentials are the single biggest attack vector in 2024. That means stolen passwords, not exotic malware or zero-day exploits, are the most common way hackers breach systems and wreak havoc. To help you navigate this critical issue, we invite you to join our exclusive webinar, " Compromised Credentials in 2024: What to Know About the World's #1 Attack Vector. " What You...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

Jul 12, 2024 Vulnerability / Software Security
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability , tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users," according to a description shared on the U.S. National Vulnerability Database (NVD). Exim is a free, mail transfer agent that's used in hosts that are running Unix or Unix-like operating systems. It was first released in 1995 for use at the University of Cambridge.  Attack surface management firm Censys said 4,830,719 of the 6,540,044 public-facing SMTP mail servers are running Exim. As of July 12, 2024, 1,563,085 internet-accessible...
TeamViewer Detects Security Breach in Corporate IT Environment

TeamViewer Detects Security Breach in Corporate IT Environment

Jun 28, 2024 Data Breach / Enterprise Security
TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures," the company said in a statement. It further noted that its corporate IT environment is completely cut off from the product environment and that there is no evidence to indicate that any customer data has been impacted as a result of the incident. It did not disclose any details as to who may have been behind the intrusion and how they were able to pull it off, but said an investigation is underway and that it would provide status updates as and when new information becomes available. TeamViewer, based in Germany, is the maker of remote monitoring and management (RMM) software that allows managed service providers (MSPs) and IT departments to mana...
Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

Jun 14, 2024
Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed, analyzed, shared, and even used to train the next wave of AI. This creates a huge challenge: how do you secure such a vast, ever-changing landscape? That's why we've brought together a powerhouse panel of industry experts who have not only faced these challenges but conquered them. Join us for an exclusive webinar, " Data Security at the Petabyte Scale ," and gain insights from the best in the field: Shaun Marion: Former CISO of McDonald's, a global brand with data security demands on a massive scale. Robert Bigman: Former CISO at the CIA, where protecting classified information at the highest levels is paramount. Asaf Kochan: Former head of Unit 8200 ...
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

Jun 14, 2024 Device Security / Authentication
An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake QR code, a nefarious actor can easily bypass the verification process and gain unauthorized access," Kaspersky said . "Attackers can also steal and leak biometric data, remotely manipulate devices, and deploy backdoors." The 24 flaws span six SQL injections, seven stack-based buffer overflows, five command injections, four arbitrary file writes, and two arbitrary file reads. A brief description of each vulnerability type is below - CVE-2023-3938 (CVSS score: 4.6) - An SQL injection flaw when displaying a QR code into the device's camera by passing a specially crafted request containing a quotation mark, thereby allowing an attacker to authenticate as any user in th...
Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw

Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw

Jun 12, 2024 Ransomware / Endpoint Security
Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve SYSTEM privileges. It was patched by Microsoft in March 2024. "Analysis of an exploit tool deployed in recent attacks revealed evidence that it could have been compiled prior to patching, meaning at least one group may have been exploiting the vulnerability as a zero-day," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. The financially motivated threat cluster is being tracked by the company under the name Cardinal. It's also monitored by the cybersecurity community under the names Storm-1811 and UNC4393 . It's known to mon...
10 Critical Endpoint Security Tips You Should Know

10 Critical Endpoint Security Tips You Should Know

Apr 26, 2024 Endpoint Security / IT Security
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your ...
Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

Mar 11, 2024 Network Security / Vulnerability
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as  CVE-2024-1403 , the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It impacts OpenEdge versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0.  "When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS local authentication provider to grant user-id and password logins on operating platforms supported by active releases of OpenEdge, a vulnerability in the authentication routines may lead to unauthorized access on attempted logins," the company  said  in an advisory released late last month. "Similarly, when an AdminServer connection is made by OpenEdge Explorer (OEE) and OpenEdge Management (OEM),...
Are We Ready to Give Up on Security Awareness Training?

Are We Ready to Give Up on Security Awareness Training?

Dec 19, 2023 Cybersecurity Training / IT Security
Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people still engaging in insecure behaviors at the workplace. Besides, social engineering remains one of the most prevalent attacks, followed by a successful data breach.  Microsoft found  that a popular form of video-based training reduces phish-clicking behavior by about 3%, at best. This number has been stable over the years, says Microsoft, while phishing attacks are increasing yearly.  Regardless, organizations have faith in training and tend to increase their security investments in employee training after attacks. It comes second in the priority list for 51% of organizations, right after incident response planning and testing, according to the IBM Security  "Cost of the Data Breach Report 2023" ....
Guide: Alert Overload and Handling for Lean IT Security Teams

Guide: Alert Overload and Handling for Lean IT Security Teams

Feb 09, 2022
Alarming research reveals the stress and strains the average cybersecurity team experiences on a daily basis. As many as  70% of teams  report feeling emotionally overwhelmed by security alerts. Those alerts come at such high volume, high velocity, and high intensity that they become an extreme source of stress. So extreme, in fact, that people's home lives are negatively affected. Alert overload is bad for those who work in cybersecurity. But it's even worse for everyone who depends on cybersecurity.  This is a gigantic issue in the industry, yet few people even acknowledge it, let alone deal with it. Cynet aims to correct that in this guide ( download here ), starting by shining a light on the cause of the problem and the full extent of its consequences and then offering a few ways lean security teams can pull their analysts out of the ocean of false positives and get them back to shore. It includes tips on how to reduce alerts using automation and shares guidance for...
Keeping the Bots at Bay: How to Detect Brute Force Attacks

Keeping the Bots at Bay: How to Detect Brute Force Attacks

Nov 20, 2014
Thanks to recent events involving certain celebrities' stolen pictures, "brute-force attack" is now one of the hot buzz words making its rounds. As an IT professional - do you know what a brute force attack is, how to spot one when it happens, and how to prevent it? A brute-force attack is, simply, an attack on a username, password, etc. that systematically checks all possible combinations until the correct one is found. Scripts are usually used in these attacks to automate the process of arriving at the correct username/password combination. This is why time is of the essence when it comes to detecting and stopping a brute force attack – the more time the attacker has, the more passwords can be tried. Brute force attacks are one of the few hacks detectable by their volume, rather than their type. In your web (or proprietary app) logs, you'll usually see a crazy amount of failed login attempts, usually originating from the same IP address. You might even see the same accoun...
'The Hacker News' Celebrating its 4th Anniversary

'The Hacker News' Celebrating its 4th Anniversary

Nov 01, 2014
Dear THN Readers, ' The Hacker News ' is celebrating its 4th Anniversary today and we would like to thank every single Hacker, Researcher, Journalist, Enthusiast who has contributed to our phenomenal growth. When we began our journey 4 years back as a Small Local Community of few Hackers and Security Researchers, we had a dream of providing the Hacking Community with World's not first but best Hacking and IT Security News Platform. We wanted to gift hacking community members and security researchers their own trusted and an unique News platform, which is run by Hackers and dedicated to Hackers, a platform which is free from Censorship, Conventions, Governments and Borders. Now, we have been Internationally recognized as a leading news source dedicated to promoting awareness for cyber security experts and hackers. We are happy to announce that this project is now Supported and endorsed by thousands of Security Experts, administrators and members of vario...
Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange™ (OTX)

Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange™ (OTX)

Jul 14, 2014
For years, the systems and networks that run our businesses have been secured by the efforts of IT and security practitioners acting on their own. We continue to deploy the latest countermeasures, always trying to keep up with adversaries. Criminal attackers, on the other hand, have shared information quite successfully to facilitate their exploits. Couple this with the "attacker's advantage" of choosing where, when and how to launch attacks, and it is no surprise that collaborative hackers appear to be winning against even the largest companies, despite generous spending on security tools. As an industry, we need a threat-sharing solution that is open and available to everyone for the mutual benefit of all who contribute. With this goal in mind, AlienVault created the Open Threat Exchange™ (OTX) . What is the Open Threat Exchange (OTX)? OTX is an open information sharing and analysis network that provides real-time, actionable threat information submitted by over 8,...
Expert Insights / Articles Videos
Cybersecurity Resources