#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

software development kit | Breaking Cybersecurity News | The Hacker News

FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data

FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data

Jan 10, 2024 Privacy / Regulatory Compliance
The U.S. Federal Trade Commission (FTC) on Tuesday prohibited data broker Outlogic , which was previously known as X-Mode Social , from sharing or selling any sensitive location data with third-parties. The ban is part of a  settlement  over allegations that the company "sold precise location data that could be used to track people's visits to sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters." The  proposed order  also requires it to destroy all the location data it previously gathered unless it obtains consumer consent or ensures the data has been de-identified or rendered non-sensitive as well as maintain a comprehensive list of sensitive locations and develop a comprehensive privacy program with a data retention schedule to prevent abuse. The FTC accused X-Mode Social and Outlogic of failing to establish adequate safeguards to prevent the misuse of such data by downstream customers. The dev
Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data

Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data

Dec 19, 2022 Software Security / Supply Chain
Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne, a major cybersecurity company, as part of a campaign dubbed  SentinelSneak . The package, named  SentinelOne  and now taken down, is said to have been published between December 8 and 11, 2022, with nearly two dozen versions pushed in quick succession over a period of two days. It claims to offer an easier method to access the  company's APIs , but harbors a malicious backdoor that's engineered to amass sensitive information from development systems, including access credentials, SSH keys, and configuration data. What's more, the threat actor has also been observed releasing two more packages with similar naming variations –  SentinelOne-sdk  and  SentinelOneSDK  – underscoring the  continued threats  lurking in open source repositories. "The SentinelOne imposter package is just the lat
6 Ways to Simplify SaaS Identity Governance

6 Ways to Simplify SaaS Identity Governance

Feb 21, 2024SaaS Security / Identity Management
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can't possibly become experts in the nuances of the native security settings and access controls for hundreds (or thousands) of apps. And, even if they could, the sheer volume of tasks would easily bury them. Modern IT teams need a way to orchestrate and govern SaaS identity governance by engaging the application owners in the business who are most familiar with how the tool is used, and who needs what type of access.  Nudge Security is a  SaaS security and governance solution  that can help you do just that, with automated workflows to save time and make the process manageable at scale. Read on to learn how it works. 1 . Discover all SaaS apps used b
Hacker Leaks Xbox One SDK that could let Developers make Homebrew Apps

Hacker Leaks Xbox One SDK that could let Developers make Homebrew Apps

Jan 03, 2015
Just a week ago on Christmas, the massive Distributed Denial of Service (DDoS) attack from the notorious hacking group Lizard Squad knocked Sony's PlayStation Network and Microsoft's Xbox Live offline, but as if it wasn't the end of disaster for Microsoft. This time it isn't a case of services being taken down — instead, the software development kit (SDK) for the Xbox Live is being freely circulated over the Internet. Another group calling itself H4LT has apparently managed to leak the Microsoft's official Xbox One developer SDK , potentially opening the door for homemade applications and allowing unapproved developers to create unofficial software for the system. The group announced the Xbox One leak via its official Twitter account, and also provided some screenshots of the November's release of the Durango XDK (Xbox Development Kit) files, including the accompanying development tools, device firmware and its documentation. H4LT group states noble reasons f
cyber security

NIST Cybersecurity Framework: Your Go-To Cybersecurity Standard is Changing

websiteArmorPointCybersecurity / Risk Management
Find everything you need to know to prepare for NIST CSF 2.0's impending release in this guide.
Cybersecurity Resources