#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

hacker IRC | Breaking Cybersecurity News | The Hacker News

Ruby on Rails exploit could hijack unpatched servers for botnet

Ruby on Rails exploit could hijack unpatched servers for botnet

May 31, 2013
Server Administrators are being urged to update their Ruby on Rails servers following the discovery of an active malware campaign targeting vulnerable versions of the web development framework. According to security researcher Jeff Jarmoc , Hackers are exploiting a known and patched vulnerability in coding language Ruby on Rails, which allows a remote user to edit the web server's crontab to download a file to the /tmp directory where it is compiled and executed. The exploit that is currently being used by attackers adds a custom cron job (a scheduled task on Linux machines) that executes a sequence of commands. " Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers ," Jarmoc blogged. " There's no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands ." The original fla
Why you should try to join some of the underground hacker forums that are out there

Why you should try to join some of the underground hacker forums that are out there

Dec 05, 2012
Even if you are considered to be a white hat hacker, you are always still walking a fine line between being a bad guy and a good guy in many people eyes. There are a lot of people out there who believe that there should be no hacking at all being done and everyone who does it should be considered a criminal. Of course that is a very small myopic view of how being a white hat hacker really works but there is always going to be an element of that kind of thought out there. There are just a lot of people out there who believe that if you ban hacking outright that it will never be done. And that is simply just not true and is a pure fantasy. But if you really want to be a good and effective white hat hacker, then there are some elements about the other side that you should really get to know. If you want to be able to beat your enemies then you should be able to figure out how they operate. It is not enough for you to be able to take a look at their attacks and try to study their patterns
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Cybersecurity Resources