#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

India | Breaking Cybersecurity News | The Hacker News

Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers

Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers

Feb 11, 2022
A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant "incriminating digital evidence." Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as " ModifiedElephant ," an elusive threat actor that's been operational since at least 2012, whose activity aligns sharply with Indian state interests. "ModifiedElephant operates through the use of commercially available remote access trojans (RATs) and has potential ties to the commercial surveillance industry," the researchers  said . "The threat actor uses spear-phishing with malicious documents to deliver malware, such as  NetWire ,  DarkComet , and simple keyloggers." The primary goal of ModifiedElephant is to facilitate long-term surveillance of targeted individuals, ultimately leading to the delivery of "evidence" on the victim
WhatsApp Sues Indian Government Over New Internet Regulations

WhatsApp Sues Indian Government Over New Internet Regulations

May 26, 2021
WhatsApp on Wednesday fired a legal salvo against the Indian government to block new regulations that would require messaging apps to trace the "first originator" of messages shared on the platform, thus effectively breaking encryption protections. "Requiring messaging apps to 'trace' chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people's right to privacy," a WhatsApp spokesperson told The Hacker News via email. "We have consistently joined civil society and experts around the world in opposing requirements that would violate the privacy of our users." With over 530 million active users, India is WhatsApp's biggest market by users.  The lawsuit, filed by the Facebook-owned messaging service in the Delhi High Court, seeks to bar new internet rules that come into force effective May 26. Called the Intermediary Guide
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Cybersecurity Resources