#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Scanning tool | Breaking Cybersecurity News | The Hacker News

Yahoo! Launches Free Web Application Security Scanner

Yahoo! Launches Free Web Application Security Scanner
Sep 26, 2015
Yahoo! has open-sourced Gryffin – a Web Application Security Scanner – in an aim to improve the safety of the Web for everyone. Currently in its beta, Project Gryffin has made available on Github under the BSD-style license that Yahoo! has been using for a number of its open-sourced projects. Gryffin is basically a Go & JavaScript platform that helps system administrators scan URLs for malicious web content and common security vulnerabilities, including SQL Injection and Cross-Site Scripting (XSS) . Yahoo! describes Gryffin as a large-scale Web security scanning platform, which is more than just a scanner, as it is designed to address two specific problems: Coverage Scale Scale is obviously implied for large Web, while Coverage has two dimensions – Crawl and Fuzzing . Crawl's ability is to find as much of the Web application's footprint as possible, whereas Fuzzing involves testing each part of the application's components for an applied se

Android Privilege Escalation Flaws leave Billions of Devices vulnerable to Malware Infection

Android Privilege Escalation Flaws leave Billions of Devices vulnerable to Malware Infection
Mar 24, 2014
Android -  a widely used Smartphone platform offered by Google is once again suspected to affect its users with malicious software that puts their android devices at risk. This time the vulnerabilities occur in the way Android handle the updates to add new flavors to your device. Researchers from Indiana University and Microsoft have discovered [ Paper PDF ] a new set of Android vulnerabilities that is capable to carry out privilege escalation attacks because of the weakness in its Package Management Service (PMS) that puts more than one billion Android devices at risk. The researchers dubbed the new set of security-critical vulnerabilities as Pileup flaws which is a short for privilege escalation through updating, that waylays inside the Android PMS and intensifies the permissions offered to malicious apps whenever an android update occurs, without informing users. The research was carried out by Indiana University Bloomington researchers, Luyi Xing, Xiaorui Pan, Ka

Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution
Apr 15, 2024Active Directory / Attack Surface
To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to  privileged identity management  aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when necessary, rather than providing users with continuous high-level privileges. By adopting this strategy, organizations can enhance security, minimize the window of opportunity for potential attackers and ensure that users access privileged resources only when necessary.  What is JIT and why is it important?   JIT privileged access provisioning  involves granting privileged access to users on a temporary basis, aligning with the concept of least privilege. This principle provides users with only the minimum level of access required to perform their tasks, and only for the amount of time required to do so. One of the key advantages of JIT provisioning

Malicious Russian Tor Exit Relays Intercepting encrypted Traffic of Facebook Users

Malicious Russian Tor Exit Relays Intercepting encrypted Traffic of Facebook Users
Jan 24, 2014
Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes , which can be anywhere in the world. An exit relay is the final relay that Tor traffic passes through before it reaches its destination. According to a recent report ' Spoiled Onions: Exposing Malicious Tor Exit Relays ', published by security researchers Phillip Winter and Stefan Lindskog revealed that almost 20 exit relays in the Tor anonymity network that attempted to spy on users' encrypted traffic using man-in-the-middle techniques. Both Researchers spent more than four months studying on the Tor exit nodes using their own scanning software called " exitmap " and detected su

WATCH: The SaaS Security Challenge in 90 Seconds

cyber security
websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
Cybersecurity Resources