#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

technology | Breaking Cybersecurity News | The Hacker News

From Alert to Action: How to Speed Up Your SOC Investigations

From Alert to Action: How to Speed Up Your SOC Investigations

Feb 27, 2024 Threat Intelligence / Malware
Processing alerts quickly and efficiently is the cornerstone of a Security Operations Center (SOC) professional's role. Threat intelligence platforms can significantly enhance their ability to do so. Let's find out what these platforms are and how they can empower analysts. The Challenge: Alert Overload The modern SOC faces a relentless barrage of security alerts generated by SIEMs and EDRs. Sifting through these alerts is both time-consuming and resource-intensive. Analyzing a potential threat often requires searching across multiple sources before finding conclusive evidence to verify if it poses a real risk. This process is further hampered by the frustration of spending valuable time researching artifacts that ultimately turn out to be false positives. As a result, a significant portion of these events remain uninvestigated. This highlights a critical challenge: finding necessary information related to different indicators quickly and accurately. Threat data platforms o
Three Tips to Protect Your Secrets from AI Accidents

Three Tips to Protect Your Secrets from AI Accidents

Feb 26, 2024 Data Privacy / Machine Learning
Last year, the Open Worldwide Application Security Project (OWASP) published multiple versions of the " OWASP Top 10 For Large Language Models ," reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly evolving nature of Large Language Models, but the evolving ways in which they can be attacked and defended. We're going to talk in this article about four items in that top 10 that are most able to contribute to the accidental disclosure of secrets such as passwords, API keys, and more. We're already aware that LLMs can reveal secrets because it's happened. In early 2023, GitGuardian reported it found over 10 million secrets in public Github commits. Github's Copilot AI coding tool was trained on public commits, and in September of 2023, researchers at the University of Hong Kong published a paper on how they created an algorithm that generated 900 prompts designed to get Copilot to reveal secrets from
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability

Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability

Feb 23, 2024 Data Privacy / iOS Security
Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent. The vulnerability, tracked as  CVE-2024-23204  (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of  iOS 17.3, iPadOS 17.3 ,  macOS Sonoma 14.3 , and  watchOS 10.3 . "A shortcut may be able to use sensitive data with certain actions without prompting the user," the iPhone maker said in an advisory, stating it was fixed with "additional permissions checks." Apple Shortcuts is a  scripting application  that allows users to create personalized workflows (aka macros) for  executing   specific tasks  on their devices. It comes installed by default on iOS, iPadOS, macOS, and watchOS operating systems. Bitdefender security researcher Jubaer Alnazi Jabin, who discovered and reported the Shortcuts bug, said it could be weaponized to create a
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers Private

Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers Private

Feb 21, 2024 Secure Communication / Anonymity
End-to-end encrypted (E2EE) messaging app Signal said it's piloting a new feature that allows users to create unique usernames (not to be confused with profile names) and keep the phone numbers away from prying eyes. "If you use Signal, your phone number will no longer be visible to everyone you chat with by default," Signal's Randall Sarafa  said . "People who have your number saved in their phone's contacts will still see your phone number since they already know it." Setting a new username requires account holders to provide two or more numbers at the end of it (e.g., axolotl.99) in an effort to keep them "egalitarian and minimize spoofing." Usernames can be changed any number of times, but it's worth noting that they are not logins or handles. Put differently, a username is an anonymous way to initiate conversations on the chat platform without having to share phone numbers. The feature is opt-in, although Signal said it's also taking steps to hide by default users' phone numb
Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks

Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks

Feb 14, 2024 Artificial Intelligence / Cyber Attack
Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations. The findings come from a report published by Microsoft in collaboration with OpenAI, both of which  said  they disrupted efforts made by five state-affiliated actors that used its AI services to perform malicious cyber activities by terminating their assets and accounts. "Language support is a natural feature of LLMs and is attractive for threat actors with continuous focus on social engineering and other techniques relying on false, deceptive communications tailored to their targets' jobs, professional networks, and other relationships," Microsoft  said  in a report shared with The Hacker News. While no significant or novel attacks employing the LLMs have been detected to date, adversarial exploration of AI technologies has transcended various phases of the at
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024 Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
Microsoft Introduces Linux-Like 'sudo' Command to Windows 11

Microsoft Introduces Linux-Like 'sudo' Command to Windows 11

Feb 12, 2024 Operating System / Technology
Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administrator privileges. "Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session," Microsoft Product Manager Jordi Adoumie  said . "It is an ergonomic and familiar solution for users who want to elevate a command without having to first open a new elevated console." Sudo, short for superuser do, is a  program  for  Unix-like computer operating systems  that allows users to run programs with the security privileges of another user, usually a user with elevated permissions (e.g., administrator). The feature is available for Windows 11 builds 26045 and later. It can be enabled by heading to Settings > System > For Developers, and setting "Enable sudo" to On. Sudo for Windows comes with three options: run applications in a new elevated console window, run the elevated
New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

Feb 09, 2024 Endpoint Security / Cryptocurrency
Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called  Coyote . "This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection," Russian cybersecurity firm Kaspersky  said  in a Thursday report. What makes Coyote a different breed from  other banking trojans  of its kind is the use of the open-source  Squirrel framework  for installing and updating Windows apps. Another notable departure is the shift from Delphi – which is prevalent among banking malware families targeting Latin America – to an uncommon programming language like Nim. In the attack chain documented by Kaspersky, a Squirrel installer executable is used as a launchpad for a Node.js application compiled with Electron, which, in turn, runs a Nim-based loader to trigger the execution of the malicious Coyote payload by means of
Stealthy Zardoor Backdoor Targets Saudi Islamic Charity Organization

Stealthy Zardoor Backdoor Targets Saudi Islamic Charity Organization

Feb 09, 2024 Cyber Espionage / Threat Intelligence
An unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop a previously undocumented backdoor called  Zardoor . Cisco Talos, which discovered the activity in May 2023, said the campaign has likely persisted since at least March 2021, adding it has identified only one compromised target to date, although it's suspected that there could be other victims. "Throughout the campaign, the adversary used living-off-the-land binaries (LoLBins) to deploy backdoors, establish command-and-control (C2), and maintain persistence," security researchers Jungsoo An, Wayne Lee, and Vanja Svajcer  said , calling out the threat actor's ability to maintain long-term access to victim environments without attracting attention. The intrusion targeting the Islamic charitable organization involved the periodic exfiltration of data roughly twice a month. The exact initial access vector used to infiltrate the
Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

Feb 07, 2024 Spyware / Zero-Day Vulnerability
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the  Pall Mall Process , aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by establishing guiding principles and policy options for States, industry, and civil society in relation to the development, facilitation, purchase, and use of such tools. The declaration stated that "uncontrolled dissemination" of spyware offerings contributes to "unintentional escalation in cyberspace," noting it poses risks to cyber stability, human rights, national security, and digital security. "Where these tools are used maliciously, attacks can access victims' devices, listen to calls, obtain photos and remotely operate a camera and microphone via 'zero-click&
Cloudzy Elevates Cybersecurity: Integrating Insights from Recorded Future to Revolutionize Cloud Security

Cloudzy Elevates Cybersecurity: Integrating Insights from Recorded Future to Revolutionize Cloud Security

Feb 02, 2024 Threat Intelligence / Cloud Security
Cloudzy, a prominent cloud infrastructure provider, proudly announces a significant enhancement in its cybersecurity landscape. This breakthrough has been achieved through a recent consultation with Recorded Future, a leader in providing real-time threat intelligence and cybersecurity analytics. This initiative, coupled with an overhaul of Cloudzy's cybersecurity strategies, represents a major leap forward in our commitment to digital safety and infrastructure integrity. Key Enhancements in Cybersecurity Comprehensive Threat Intelligence from Recorded Future Recorded Future provides critical security reports, spotlighting potential security breaches and malicious activities. This sophisticated intelligence, allows us to act promptly against threats like Ransomware, APT(Advanced Persistent Threats), C2 (Command and Control) servers, malware, and more Upon thorough evaluation of these reports and confirmation that the implicated accounts are indeed conducting illegal activities a
Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations

Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations

Jan 30, 2024 Generative AI / Data Privacy
Italy's data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region. "The available evidence pointed to the existence of breaches of the provisions contained in the E.U. GDPR [General Data Protection Regulation]," the Garante per la protezione dei dati personali (aka the Garante)  said  in a statement on Monday. It also said it will "take account of the work in progress within the ad-hoc  task force  set up by the European Data Protection Framework (EDPB) in its final determination on the case." The development comes nearly 10 months after the watchdog imposed a  temporary ban  on ChatGPT in the country, weeks after which OpenAI  announced  a number of privacy controls, including an  opt-out form  to remove one's personal data from being processed by the large language model (LLM). Access to the tool was subsequently reinstated in late April 2023. The Italian DPA said the latest findings, which h
Case Study: The Cookie Privacy Monster in Big Global Retail

Case Study: The Cookie Privacy Monster in Big Global Retail

Jan 16, 2024 Data Security / Privacy Compliance
Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn't anything malicious, but with modern web environments being so complex, mistakes can happen, and non-compliance fines can be just an oversight away. Download the full case study here . As a child, did you ever get caught with your hand in the cookie jar and earn yourself a telling-off? Well, even if you can still remember being outed as a cookie monster, the punishments for today's thieving beasts are worse. Millions of dollars worse. Cookies are an essential part of modern web analytics. A cookie is a small piece of text data that records website visitor preferences along with their behaviors, and its job is to help personalize their browsing experience. Just as you needed parental consent to access the cookie jar all those years ago, your business now needs to obtain user consent before i
Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims

Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims

Jan 16, 2024 Cryptocurrency / Cyber Threat
The operators behind the now-defunct  Inferno Drainer  created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme "leveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers' infrastructure that spoofed Web3 protocols to trick victims into authorizing transactions," Singapore-headquartered Group-IB  said  in a report shared with The Hacker News. Inferno Drainer, which was active from  November 2022 to November 2023 , is estimated to have reaped over  $87 million in illicit profits  by scamming more than 137,000 victims. The malware is part of a broader set of similar offerings that are available to affiliates under the scam-as-a-service (or drainer-as-a-service) model in exchange for a 20% cut of their earnings. What's more, customers of Inferno Drainer could either upload the malware to their own phishing sites, or make use of the developer's service for creatin
Cybersecurity Resources