Remote Work | Breaking Cybersecurity News | The Hacker News

The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. "To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a spear-phishing email with an [sic] PDF attachment," the Microsoft Threat Intelligence team said in a series of posts shared on X. To read the purported PDF document, victims are persuaded to click a URL containing a list of steps to register their Windows system. The registration link urges them to launch PowerShell as an administrator and copy/paste the displayed code snippet into the terminal, and execute it. Should the victim follow through, the malicious code downloads and installs a browser-based remote desktop tool, along with a certificate file with a hardcoded PIN from a rem...

As more people work remotely, IT departments must manage devices distributed over different cities and countries relying on VPNs and remote monitoring and management (RMM) tools for system administration.  However, like any new technology, RMM tools can also be used maliciously. Threat actors can establish connections to a victim's device and run commands, exfiltrate data, and stay undetected.  This article will cover real-world examples of RMM exploits and show you how to protect your organization from these attacks.  What are RMM tools?  RMM software simplifies network management, allowing IT professionals to remotely solve problems, install software, and upload or download files to or from devices.  Unfortunately, this connection is not always secure, and attackers can use malicious software to connect their servers to a victim's device. As these connections become easier to detect, however,  ransomware-as-a-service (RaaS) groups have had to adjus...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud.  These applications contain a wealth of data, from minimally sensitive general corporate information to highly sensitive intellectual property, customer records, and employee data. Threat actors have noted this shift, and are actively working to breach apps to access the data. Here are the top trends influencing the state of SaaS Security for 2024 — and what you can do about it.  Democratization of SaaS  SaaS apps have transformed the way organizations purchase and use software. Business units purchase and onboard the SaaS tools that best fit their needs. While this is empowering for business units that have long been frustrated by delays in procuring and onboardi...