#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security Posture Management

Wi-Fi HotSpot | Breaking Cybersecurity News | The Hacker News

WikiLeaks Reveals How CIA Malware Tracks Geo-Location of its Targeted

WikiLeaks Reveals How CIA Malware Tracks Geo-Location of its Targeted
Jun 28, 2017
WikiLeaks has just published a new batch of the ongoing Vault 7 leak , and this time the whistleblowing website has unveiled a classified malware for that tracks geo-location of targeted PCs and laptops running the Microsoft Windows operating system. In short, the malware does it by capturing the IDs of nearby public hotspots and then matching them with the global database of public Wi-Fi hotspots' locations. Dubbed ELSA , the alleged CIA's project consists of two main elements: the processing component (Operator Terminal) and the implant (Windows Target) which is typically being deployed on a target Windows host. Here's How the CIA's ELSA Malware Works The Elsa system first installs the malware on a targeted WiFi-enabled machine using separate CIA exploits to gain persistent access on the device. The malware then uses Wi-Fi hardware of the infected computer to scan nearby visible WiFi access points (AP) and records their ESSID – stands for Extended Service Se

Multiple Backdoors found in D-Link DWR-932 B LTE Router

Multiple Backdoors found in D-Link DWR-932 B LTE Router
Sep 29, 2016
If you own a D-Link wireless router, especially DWR-932 B LTE router , you should get rid of it, rather than wait for a firmware upgrade that never lands soon. D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues, including backdoor accounts, default credentials, leaky credentials, firmware upgrade vulnerabilities and insecure UPnP (Universal Plug-and-Play) configuration. If successfully exploited, these vulnerabilities could allow attackers to remotely hijack and control your router, as well as network, leaving all connected devices vulnerable to man-in-the-middle and DNS poisoning attacks. Moreover, your hacked router can be easily abused by cybercriminals to launch massive Distributed Denial of Service (DDoS) attacks, as the Internet has recently witnessed record-breaking 1 Tbps DDoS attack that was launched using more than 150,000 hacked Internet-connected smart devices. Security researcher Pierre Kim has discovered  multiple vulnerabilities in the D-Li

Cracking the Code to Vulnerability Management

SaaS
websitewiz.ioVulnerability Management / Cloud Security
Vulnerability management in the cloud is no longer just about patches and fixes. In this latest report, the Wiz Security Research team put vulnerability management theory into practice using recently identified vulnerabilities as examples. Get the FREE report.

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk
Dec 04, 2023SaaS Security / Data Security
As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn't have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how you can start the new year with a clean user list.  How Offboarded Users  Still  Have Access to Your Apps When employees leave a company, they trigger a series of changes to backend systems in their wake. First, they are removed from the company's identity provider (IdP), which kicks off an automated workflow that deactivates their email and removes access to all internal systems. When enterprises use an SSO (single sign-on), these former employees lose access to any online properties – including SaaS applications – that require SSO for login.  However, that doesn't mean that former employee

Facebook to Launch Commercial Express Wi-Fi Service In India

Facebook to Launch Commercial Express Wi-Fi Service In India
Aug 08, 2016
After the failure of Facebook's Free Basics -- an initiative to provide free Internet access -- in India due to the violation of Net Neutrality principles, Facebook has reintroduced its plan to provide Internet access in rural India, but this time: The social networking giant is planning to launch a commercial WiFi service in India. Facebook is testing a WiFi service in rural India, allowing people with no internet connection to buy affordable data packages from their local internet service providers (ISPs) in order to access the Internet via local hotspots. Dubbed Express Wi-Fi , the program is in sync with Mark Zuckerberg's Internet.org -- the platform Facebook used for its Free Basics to bring the Internet to all. India banned Free Basics in the country on net neutrality grounds. Net Neutrality advocates argued that by offering some websites and services for free, people are discouraged from visiting other sites. Now, Facebook has partnered with state-owned

iOS 8 Vulnerability Lets Hackers Crash Any iPhone and iPad Within Wi-Fi Range

iOS 8 Vulnerability Lets Hackers Crash Any iPhone and iPad Within Wi-Fi Range
Apr 22, 2015
Security researchers have uncovered a zero-day vulnerability in iOS 8 that could repeatedly crash users' Apple iPhones, iPads and iPods when the devices connect to a malicious wireless hotspot. It's like Denial of Service (DoS) attack on Apple's iOS devices that results in crashing either individual iOS apps or users' entire iPhones. NO iOS ZONE Adi Sharabani and Yair Amit of Mobile security firm Skycure presented their latest research, titled " No iOS Zone ", at the RSA security conference in San Francisco on Tuesday. The duo showed: It is possible for an attacker to create malicious Wi-Fi networks in order to crash nearby users' mobile devices with incredible accuracy. Also, even the "No iOS Zone" attack is capable to make iOS things within the range completely unusable by triggering constant numbers of reboots. It is nothing but a DoS attack… ...that makes the device inaccessible by its users, just like in the ca
Cybersecurity Resources