#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

network security | Breaking Cybersecurity News | The Hacker News

Here's How SIEM Can Protect Your Privileged Accounts in the Enterprise

Here's How SIEM Can Protect Your Privileged Accounts in the Enterprise

Oct 20, 2015
It's inevitable. Most security threats eventually target privileged accounts. In every organization each user has different permissions, and some users hold the metaphorical keys to your IT kingdom. If the privileged accounts get compromised, it can lead to theft or sabotage. Because these accounts control delicate parts of your IT operations, and it is important to know who has privileges, what privileges they have, when they received access, and what activity they've done. This is where Security Information and Event Management (SIEM) software comes in handy. SIEM Monitors and Alerts on Privileged Account Activity Comprehensive monitoring of privileged accounts can be challenging because you need to monitor users who are administrators, users with root access, and users with access to firewalls, databases, services, automated processes, etc. With every additional user, group, and policy monitoring account activity gets increasingly difficult. On top of mo
Hackers Backdooring Cisco WebVPN To Steal Customers’ Passwords

Hackers Backdooring Cisco WebVPN To Steal Customers' Passwords

Oct 09, 2015
Virtual Private Networks (VPNs) , which is widely used by many businesses and organisations to provide secure access to their workers, are being abused to pilfer corporate user credentials. Researchers from security firm Volexity discovered a new attack campaign that targets a widely used VPN product by Cisco Systems to install backdoors that collect employees' usernames and passwords used to login to corporate networks. The product in question is Cisco Systems' Web-based VPN – Clientless SSL VPN . Once an employee is authenticated, Clientless SSL VPNs allows him/her to access internal web resources, browse internal file shares, and launch plug-ins, which let them access internal web resources through telnet, SSH, or similar network protocols. The backdoor contains malicious JavaScript code that attackers used to inject into the login pages. Once injected, the backdoor is hard to detect because the malicious JavaScript is hosted on an external compromised
Pentera's 2024 Report Reveals Hundreds of Security Events per Week

Pentera's 2024 Report Reveals Hundreds of Security Events per Week

Apr 22, 2024Red Team / Pentesting
Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac
This Secure Operating System Can Protect You Even if You Get Hacked

This Secure Operating System Can Protect You Even if You Get Hacked

Oct 07, 2015
Hackers, Government Agencies and sophisticated malware, are collecting every piece of Digital data that we transmit through our Computers, Smartphones or Internet-enabled Gadgets. No matter how secure you think you might be, something malicious can always happen. Because, " With the right tools and Talent, a Computer is an open book. " Many people ask, How to stay safe and secure online? And, Answer is... ...Knowledge of Cyber threats, little Smartness and a Secure Operating System. Which Operating System is the Most Secure? Nearly every Operating System is designed with Security as a requirement, but believe me… there can't be a truly Secure Operating System. If you are Interested in Security and Hacking, you have probably already heard of various security-focused Operating Systems like Tails , Whonix and Kali Linux . All these operating systems, including Windows, Linux, BSD, even OSX, are all based on a Monolithic Kernels, and it requir
cyber security

SaaS Security Buyers Guide

websiteAppOmniSaaS Security / Threat Detection
This guide captures the definitive criteria for choosing the right SaaS Security Posture Management (SSPM) vendor.
Windows Updates Can be Intercepted to Inject Malware into Corporate Networks

Windows Updates Can be Intercepted to Inject Malware into Corporate Networks

Aug 07, 2015
If you think that the patches delivered through Windows update can not be laced with malware, think again. Security researchers have shown that Hackers could intercept Windows Update to deliver and inject malware in organizations. Security researchers from UK-based security firm ' Context ' have discovered a way to exploit insecurely configured implementations of Windows Server Update Services (WSUS) for an enterprise. What is WSUS in Windows? Windows Server Update Services (WSUS) allows an administrator to deploy the Windows software update to servers and desktops throughout the organization. These updates come from the WSUS server and not Windows server. Once the updates are with the administrator on the server, he can limit the privilege for the clients in a corporate environment to download and install these updates. As the admin is the owner of the distribution of these updates. Intercepting WSUS to Inject Malware into Corporate Networks By def
SSL Encryption — Securing Internet of Things (IoT)

SSL Encryption — Securing Internet of Things (IoT)

Aug 06, 2015
Internet of Things (IoT) with the purpose of providing convenience to the users enabled every object in the universe to be as smart as a whip. By assigning IP address to all sorts of devices, ranging from household appliances, machines, medical devices and sensors to other day-to-day objects, and putting them all together on a standardised network is a common Internet of Things (IoT) practice. Is Internet of Things Secure? In my previous articles, I gave you a glance of the most vulnerable smart cities that are increasingly adopting devices connected to the Internet in an attempt to add convenience and ease to daily activities. By 2020, there will be more than 45 Billion Internet-connected devices that will transform the way we live and work. The bottom line: As the number of IoT enabled systems increases, the complexity of handling them increases; leading to an introduction of new risk and vulnerabilities associated with them. Security of Internet of
Windows 10 Wi-Fi Sense Explained: Actual Security Threat You Need to Know

Windows 10 Wi-Fi Sense Explained: Actual Security Threat You Need to Know

Jul 31, 2015
Just one day after Microsoft released its new operating system, over 14 Million Windows users  upgraded their PCs to Windows 10 . Of course, if you are one of the Millions, you should aware of Windows 10's Wi-Fi Sense feature that lets your friends automatically connects to your wireless network without providing the Wi-Fi password. Smells like a horrible Security Risk! It even triggered a firestorm among some security experts, who warned that Wi-Fi Sense is a terrible and dangerous feature and that you should disable it right away. Even some researchers advised Windows 10 users to rename their Wi-Fi access points. Before discussing the risks of Wi-Fi Sense, let's first know how it works. Also Read:  How to Fix 35+ Windows 10 Privacy Issues With Just One Click . How Windows 10 Wi-Fi Sense works? Windows 10 Wi-Fi Sense feature allows you to share your Wi-Fi password with your friends or contacts, as well as lets you automatically connect to networ
United Airlines Hacked by Sophisticated Hacking Group

United Airlines Hacked by Sophisticated Hacking Group

Jul 30, 2015
A group of China-backed hackers believed to be responsible for high-profile data breaches, including the U.S. Office of Personnel Management and the insurance giant Anthem , has now hit another high-profile target –  United Airlines . United detected a cyber attack into its computer systems in May or early June; Bloomberg reported , citing some unnamed sources familiar with the matter. The same sources say that the hackers responsible for the data breach in United's systems are the same group of China-backed hackers that successfully carried out several other large heists, including the United States' Office of Personnel Management and the health insurer Anthem Inc. Dangerous Intentions: United Airlines Data Breach The stolen data includes manifests, which contain information on flights' passengers and their origins and destinations, meaning that the hackers have " data on the movements of Millions of Americans ." Since United Airlines
Introducing 93Gbps High-Speed Tor-Like Encrypted Anonymous Network

Introducing 93Gbps High-Speed Tor-Like Encrypted Anonymous Network

Jul 24, 2015
I think you'll agree with me when I say: It's quite hard to maintain anonymity on the Internet using the slow Tor network. Or is it? Well, it turns out, you may soon boost your online anonymity dramatically with the help of a new high-speed anonymity network. A group of six academics have developed a Tor network alternative for users that allows high-speed anonymous web surfing, reinforcing the privacy of Internet users worldwide. The network is dubbed: HORNET: High-speed Onion Routing at the Network Layer Many anonymising networks, including The Onion Router (or TOR) network, are often slow because the data passing through the networks is encrypted a many numbers of times. However, the high-speed onion routing network HORNET is capable of handling anonymous traffic at speeds of more than 93 Gbps  while maintaining privacy. The new anonymous network is built by researcher Chen Chen of Carnegie Mellon University , along with Daniele Enri
Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

May 14, 2015
Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing Millions of plain-text passwords. But don't panic. Though the recent vulnerability has a more terrific name than HeartBleed , it is not going to cause as much danger as HeartBleed did. Dubbed VENOM , stands for Virtualized Environment Neglected Operations Manipulation , is a virtual machine security flaw uncovered by security firm CrowdStrike that could expose most of the data centers to malware attacks, but in theory. Yes, the risk of Venom vulnerability is theoretical as there is no real-time exploitation seen yet, while, on the other hand, last year's HeartBleed bug was practically exploited by hackers unknown number of times, leading to the theft of critical personal information. Now let's know more about Ven
USB Defense: Stop Data Walking Out The Door

USB Defense: Stop Data Walking Out The Door

Apr 17, 2015
The bad news is that internal data breaches are on the rise. And one of the biggest culprits? USB devices. In the past few years, there has been many organizations tracking down the loss of sensitive/confidential information due to the usage of USB drives and other mass storage media. Cyber-security breaches and data theft are making more and more IT leaders paranoid about security than ever before. Why are USB devices dangerous? USB devices can hold a lot of information. For example, a 128 GB USB flash drive can store 60,000 photos, 20,000 songs, 100+ videos, and more. Just imagine how many protected corporate files could fit on one drive. Also, the storage capacity of USB devices is only going to increase. USB devices are super portable. Some USB storage devices are the size of a small coin. This makes them very difficult to visually detect when plugged into an open port. USB devices are cheap and easy to find. If you're in the market for a USB storage device, there
Cisco IP Phones Vulnerable To Remote Eavesdropping

Cisco IP Phones Vulnerable To Remote Eavesdropping

Mar 23, 2015
A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned. LISTEN AND MAKE PHONE CALLS REMOTELY The vulnerability ( CVE-2015-0670 ) actually resides in the default configuration of certain Cisco IP phones is due to " improper authentication ", which allows hackers to remotely eavesdrop on the affected devices by sending specially crafted XML request. Moreover, the vulnerability could be exploited by hackers to make phone calls remotely from the vulnerable phones as well as to carry out other attacks by making use of the information gathered through the audio interception activity. AFFECTED DEVICES The devices affects the Cisco's small business SPA300 and SPA500 Internet Protocol (IP) phones running firmware version 7.5.5, however, Cisco alerts that later versions of these
Tor — How to Protect Your Digital Environment?

Tor — How to Protect Your Digital Environment?

Mar 17, 2015
Are you aware of everything that your users are accessing from your environment? While most of the time, non-work-related Internet browsing is harmless (looking at pictures of cats, online shopping, social media, etc.) there are some instances where you could be an unknowing and unwilling participant in criminal activity. That is, when users hide that activity via the Tor network , or the Dark Net . The Onion Router , better known as " Tor ", an open source project, launched in 2002, is designed to allow a user to browse the Internet anonymously via a volunteer network of more than 5000 relays. It doesn't share your identifying information like your IP address and physical location with websites or service providers. A user that navigate Internet using Tor , it's quite difficult to trace its activities ensuring his online privacy. There are arguably legitimate uses for this technology, such as providing Internet access in repressively regulated countri
How to Diagnose Network Fault with Log & Event Manager

How to Diagnose Network Fault with Log & Event Manager

Feb 18, 2015
Diagnosing network fault is one of the toughest questions for an IT Pro to answer because there is no single or best way. IT infrastructures are multi-layered and integrate many different systems which makes identifying the cause of network fault a difficult task. At a high level, the process of handling a fault breaks down into four steps: Find it Fix it Diagnose the root cause Prevent the fault from happening again A highly recommended solution to make fault identification and prevention simple is using Security Information and Event Management (SIEM) technology. The log and event analysis features of a SIEM can provide a comprehensive strategy for fault diagnosis and prevention. SolarWinds Log & Event Manager is a fully-functional SIEM designed to make diagnosing network fault a quick and easy task. Log & Event Manager automates collecting, analyzing, and diagnosing log data to help you find, fix, diagnose, and prevent network fault. You can downloa
How to Detect Exploits of the GHOST Buffer Overflow Vulnerability

How to Detect Exploits of the GHOST Buffer Overflow Vulnerability

Feb 12, 2015
The GHOST vulnerability is a buffer overflow condition that can be easily exploited locally and remotely, which makes it extremely dangerous. This vulnerability is named after the GetHOSTbyname function involved in the exploit. Attackers utilize buffer overflow vulnerabilities like this one by sending specific packets of data to a vulnerable system. The attack allows the attacker to execute arbitrary code and take control of the victim's vulnerable machine. Unfortunately, the vulnerability exists in the GNU C Library (glibc) , a code library originally released in 2000, meaning it has been widely distributed. Many derivative programs utilize the glibc to carry out common tasks. Although an update released by Linux in 2013 mitigated this vulnerability, most systems and products have not installed the patch. What Can I Do About GHOST Vulnerability? Like with any vulnerability, the best way to mitigate GHOST vulnerability is to identify vulnerable systems, prioritize th
Data Loss Prevention – Log & Event Manager

Data Loss Prevention – Log & Event Manager

Jan 14, 2015
In today's world your network is subject to a multitude of vulnerabilities and potential intrusions and it seems like we see or hear of a new attack weekly. A data breach is arguably the most costly and damaging of these attacks and while loss of data is painful the residual impact of the breach is even more costly. The loss or leakage of sensitive data can result in serious damage to an organization, including: Loss of intellectual property Loss of copyrighted information Compliance violations Damage to corporate reputation/brand Loss of customer loyalty Loss of future business opportunities Lawsuits and ongoing litigation Financial and criminal penalties To help you protect sensitive data and reduce the risk of data loss, we recommend using a Security Information and Event Management ( SIEM ) technology such as SolarWinds® Log & Event Manager . If you're not familiar with Log & Event Manager (LEM), it's a comprehensive SIEM product, packaged in an ea
Cybersecurity Resources