#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

corporate espionage | Breaking Cybersecurity News | The Hacker News

Microsoft Kept Secret That Its Bug-Tracking Database Was Hacked In 2013

Microsoft Kept Secret That Its Bug-Tracking Database Was Hacked In 2013

Oct 17, 2017
It was not just Yahoo among "Fortune 500" companies who tried to keep a major data breach incident secret. Reportedly, Microsoft had also suffered a data breach four and a half years ago (in 2013), when a " highly sophisticated hacking group " breached its bug-reporting and patch-tracking database, but the hack was never made public until today. According to five former employees of the company, interviewed separately by Reuters , revealed that the breached database had been " poorly protected with access possible via little more than a password. " This incident is believed to be the second known breach of such a corporate database after a critical zero-day vulnerability was discovered in Mozilla's Bugzilla bug-tracking software in 2014. As its name suggests, the bug-reporting and patch-tracking database for Windows contained information on critical and unpatched vulnerabilities in some of the most widely used software in the world, includ
SEC Discloses Hackers Broke Into Edgar Corporate Filing System Last Year

SEC Discloses Hackers Broke Into Edgar Corporate Filing System Last Year

Sep 21, 2017
This month has been full of breaches. Now, the Securities and Exchange Commission (SEC), the top U.S. markets regulator, has disclosed that hackers managed to hack into its financial document filing system and may have illegally profited from the stolen information. On Wednesday, the SEC announced that its officials learnt last month that a previously detected 2016 cyber attack, which exploited a "software vulnerability" in the online EDGAR public-company filing system, may have "provided the basis for illicit gain through trading." EDGAR , short for Electronic Data Gathering, Analysis, and Retrieval, is an online filing system where companies submit their financial filings, which processes around 1.7 million electronic filings a year. The database lists millions of filings on corporate disclosures—ranging from quarterly earnings to sensitive and confidential information on mergers and acquisitions, which could be used for insider-trading or manipulating
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Cybersecurity Resources