#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

data security | Breaking Cybersecurity News | The Hacker News

From 500 to 5000 Employees - Securing 3rd Party App-Usage in Mid-Market Companies

From 500 to 5000 Employees - Securing 3rd Party App-Usage in Mid-Market Companies

Mar 04, 2024 SaaS Security / Vulnerability Assessment
A company's lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either experiencing or have experienced rapid growth. As requirements and tasks continue to accumulate and malicious actors remain active around the clock, budgets are often stagnant at best. Yet, it is crucial to keep track of the tools and solutions that employees are introducing, the data and know-how shared through these tools, and to ensure that these processes are secure. This need is even more pronounced in today's dynamic and interconnected world, where third-party applications and solutions can be easily accessed and onboarded. The potential damage of losing control over the numerous applications with access and permissions to your data requires no explanation. Security leaders in mid-market companies face a unique set of challenges that demand a distinct approach to overcome.  To begin
4 Instructive Postmortems on Data Downtime and Loss

4 Instructive Postmortems on Data Downtime and Loss

Mar 01, 2024 Data Security / Disaster Recovery
More than a decade ago, the concept of the  'blameless'  postmortem changed how tech companies recognize failures at scale. John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident, which is to point fingers: "One option is to assume the single cause is incompetence and scream at engineers to make them 'pay attention!' or 'be more careful!' Another option is to take a hard look at how the accident actually happened, treat the engineers involved with respect, and learn from the event." What can we, in turn, learn from some of the most honest and blameless—and public—postmortems of the last few years? GitLab: 300GB of user data gone in seconds What happened : Back in 2017, GitLab experienced a painful 18-hour outage. That story, and GitLab's subsequent honesty and transparency, has significantly impacted how organizations handle data security today. The incident began when GitLab's secondary datab
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

Feb 27, 2024 Supply Chain Attack / Data Security
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. "It's possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository on the platform, as well as hijack any models that are submitted through the conversion service," HiddenLayer  said  in a report published last week. This, in turn, can be accomplished using a hijacked model that's meant to be converted by the service, thereby allowing malicious actors to request changes to any repository on the platform by masquerading as the conversion bot. Hugging Face is a popular collaboration platform that helps users host pre-trained machine learning models and datasets, as well as build, deploy, and train them. Safetensors is a  format  devised by the company to store  tensors  keeping security in mind, as oppo
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data

FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data

Feb 23, 2024 Privacy / Regulatory Compliance
The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or licensing any web browsing data for advertising purposes. It will also have to notify users whose browsing data was sold to third-parties without their consent. The FTC, in its complaint,  said  Avast "unfairly collected consumers' browsing information through the company's browser extensions and antivirus software, stored it indefinitely, and sold it without adequate notice and without consumer consent." It also accused the U.K.-based company of deceiving users by claiming that the software would block third-party tracking and protect users' privacy, but failing to inform them that it would sell their "detailed, re-identifiable browsing data" to more than 100 third-partie
Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

Feb 22, 2024 Network Security / Penetration Testing
A recently open-sourced network mapping tool called  SSH-Snake  has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel Hernández  said . "The worm automatically searches through known credential locations and shell history files to determine its next move." SSH-Snake was first released on GitHub in early January 2024, and is described by its developer as a "powerful tool" to carry out  automatic network traversal  using SSH private keys discovered on systems. In doing so, it creates a comprehensive map of a network and its dependencies, helping determine the extent to which a network can be compromised using SSH and SSH private keys starting from a particular host. It also supports  resolution of domains  which have multiple IPv4 addresses. "It's comp
LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

Feb 20, 2024 Dark Web / Cybercrime
Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details . An international law enforcement operation has led to the seizure of multiple darknet domains operated by  LockBit , one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While the full extent of the effort, codenamed  Operation Cronos , is presently unknown, visiting the group's .onion website displays a seizure banner containing the message "The site is now under the control of law enforcement." Authorities from 11 countries, Australia, Canada, Finland, France, Germany, Japan, the Netherlands, Sweden, Switzerland, the U.K., and the U.S., alongside Europol participated in the joint exercise. Malware research group VX-Underground, in a  message  posted on X (formerly Twitter), said the websites were taken down by exploiting a critical security flaw impacting PHP ( CVE-2023-3824 , CVSS score: 9.8
Rhysida Ransomware Cracked, Free Decryption Tool Released

Rhysida Ransomware Cracked, Free Decryption Tool Released

Feb 12, 2024 Vulnerability / Data Recovery
Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). "Through a comprehensive analysis of Rhysida Ransomware, we identified an implementation vulnerability, enabling us to regenerate the encryption key used by the malware," the researchers  said . The development marks the first successful decryption of the ransomware strain, which first made its appearance in May 2023. A  recovery tool  is being distributed through KISA. The study is also the latest to achieve data decryption by exploiting implementation vulnerabilities in ransomware, after  Magniber v2 , Ragnar Locker,  Avaddon , and  Hive . Rhysida , which is known to share overlaps with another ransomware crew called Vice Society, leverages a ta
Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services

Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services

Feb 06, 2024 Vulnerability / Cloud Security
Three new security vulnerabilities have been discovered in Azure HDInsight's Apache  Hadoop ,  Kafka , and  Spark  services that could be exploited to achieve privilege escalation and a regular expression denial-of-service ( ReDoS ) condition. "The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie," Orca security researcher Lidor Ben Shitrit  said  in a technical report shared with The Hacker News. The list of flaws is as follows - CVE-2023-36419  (CVSS score: 8.8) - Azure HDInsight Apache Oozie Workflow Scheduler XML External Entity (XXE) Injection Elevation of Privilege Vulnerability CVE-2023-38156  (CVSS score: 7.2) - Azure HDInsight Apache Ambari Java Database Connectivity (JDBC) Injection Elevation of Privilege Vulnerability Azure HDInsight Apache Oozie Regular Expression Denial-of-Service (ReDoS) Vulnerability (no CVE) The two privilege escalation flaws could be exploited by an authenticate
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

Jan 20, 2024 Cyber Espionage / Emails Security
Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as  Midnight Blizzard  (formerly Nobelium), which is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes. It further said that it immediately took steps to investigate, disrupt, and mitigate the malicious activity upon discovery on January 12, 2024. The campaign is estimated to have commenced in late November 2023. "The threat actor used a  password spray attack  to compromise a legacy non-production test tenant account and gain a foothold, and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team a
Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators

Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators

Jan 19, 2024 Regulatory Compliance / Data Security
In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It's the lifeblood of any organization in today's interconnected and digital world. Thus, safeguarding the data is of paramount importance. Its importance is magnified in on-premises Exchange Server environments where vital business communication and emails are stored and managed.  In this article, you will learn about the evolving threats of data loss, the shift in responsibilities of administrators, and key backup and recovery strategies for preventing data loss in the Exchange Server environment. Data Loss Scenarios in Exchange Servers Data loss in on-premises Exchange Server environment has become increasingly common. Cybersecurity threats, like ransomware attacks, have emerged as a significant cause of data loss in recent years, with many financially motivated threat actors increasingly targeting the vulnerabilities in Exchange Servers. These attackers try to exploit
This Free Discovery Tool Finds and Mitigates AI-SaaS Risks

This Free Discovery Tool Finds and Mitigates AI-SaaS Risks

Jan 17, 2024 SaaS Security / Machine Learning
Wing Security announced today that it now offers  free discovery and a paid tier for automated control  over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage. SaaS applications seem to be multiplying by the day, and so does their integration of AI capabilities. According to Wing Security, a SaaS security company that researched over 320 companies, a staggering 83.2% use GenAI applications. While this statistic might not come as a surprise, the research showed that 99.7% of organizations use SaaS applications that leverage AI capabilities to deliver their services. This usage of GenAI in SaaS applications that are not 'pure' AI often goes unnoticed by security teams and users alike. 70% of the most popular GenAI applications may use your data to train their models, and in many cases it's completely up to you to configure it differently
FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data

FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data

Jan 10, 2024 Privacy / Regulatory Compliance
The U.S. Federal Trade Commission (FTC) on Tuesday prohibited data broker Outlogic , which was previously known as X-Mode Social , from sharing or selling any sensitive location data with third-parties. The ban is part of a  settlement  over allegations that the company "sold precise location data that could be used to track people's visits to sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters." The  proposed order  also requires it to destroy all the location data it previously gathered unless it obtains consumer consent or ensures the data has been de-identified or rendered non-sensitive as well as maintain a comprehensive list of sensitive locations and develop a comprehensive privacy program with a data retention schedule to prevent abuse. The FTC accused X-Mode Social and Outlogic of failing to establish adequate safeguards to prevent the misuse of such data by downstream customers. The dev
Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe

Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe

Jan 09, 2024 Data Security / Cyber Attack
Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. "The analyzed threat campaign appears to end in one of two ways, either the selling of 'access' to the compromised host, or the ultimate delivery of ransomware payloads," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a technical report shared with The Hacker News. The campaign, linked to actors of Turkish origin, has been codenamed  RE#TURGENCE  by the cybersecurity firm. Initial access to the servers entails conducting brute-force attacks, followed by the use of  xp_cmdshell configuration option  to run shell commands on the compromised host. This activity mirrors that of a prior campaign dubbed  DB#JAMMER  that came to light in September 2023. This stage paves the way for the retrieval of a PowerShell script from a remote server that's responsible f
Cybersecurity Resources