#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

unauthorized access | Breaking Cybersecurity News | The Hacker News

Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Unauthorized Access

Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Unauthorized Access

Jan 17, 2023 Cloud Security / Bug Report
Four different Microsoft Azure services have been found vulnerable to server-side request forgery ( SSRF ) attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, have since been addressed by Microsoft. "The discovered Azure SSRF vulnerabilities allowed an attacker to scan local ports, find new services, endpoints, and sensitive files - providing valuable information on possibly vulnerable servers and services to exploit for initial entry and the location of sensitive information to target," Orca researcher Lidor Ben Shitrit  said  in a report shared with The Hacker News. Two of the vulnerabilities affecting Azure Functions and Azure Digital Twins could be abused without requiring any authentication, enabling a threat actor to seize control of a server without eve
D-Link Releases Router Firmware Updates for backdoor vulnerability

D-Link Releases Router Firmware Updates for backdoor vulnerability

Dec 02, 2013
In October, A Security researcher ' Craig Heffner ' discovered a backdoor vulnerability ( CVE-2013-6027 ) with certain D-Link routers that allow cyber criminals to alter a router setting without a username or password. Last week, D-Link has released new version of Firmware for various vulnerable router models, that patches the unauthorized administrator access backdoor. Heffner  found that the web interface for some D-Link routers could be accessed if the browser's user agent string is set to xmlset_roodkcableoj28840ybtide . From last month, D-Link was working with Heffner and other security researchers, to find out more about the backdoor and now the Company has released the updates for the following models: DIR-100 DIR-120 DI-524 DI-524UP DI-604UP DI-604+ DI-624S TM-G5240 The company advised users to do not enable the Remote Management feature, since this will allow malicious users to use this exploit from the internet and also warned t
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
Facebook OAuth flaw allows gaining full control over any Facebook account

Facebook OAuth flaw allows gaining full control over any Facebook account

Feb 21, 2013
Facebook OAuth is used to communicate between Applications & Facebook users, to grant additional permissions to your favorite apps. To make this possible, users have to ' allow or accept ' the application request so that app can access your account information with required permissions. As a normal Facebook user we always think that it is better than entering your Facebook credentials, we can  just allow specific permissions to an app in order to make it work with your account. Today whitehat Hacker ' Nir Goldshlager ' reported ' The Hacker News ' that he discovered a very critical vulnerability in Facebook's OAuth system, that allowed him to get full control over any Facebook account easily even without ' allow or accept ' options. For this purpose he hunt the flaw in a very mannered way i.e Step 1) Understanding the OAuth URL Step 2) Finding a way to use custom parameters in URL Step 3) Bypassing OAuth ' Allow '
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Hackers breach Twitter and 250,000 accounts compromised

Hackers breach Twitter and 250,000 accounts compromised

Feb 02, 2013
In recent The Hacker News updates, we have reported about some major hacking events and critical vulnerabilities i.e Cyber attack and spying on The New York Times and Wall Street Journal by Chinese Hackers,  Security Flaws in UPnP protocol , Botnet attack hack 16,000 Facebook accounts, 700,000 accounts hacked in Africa and new android malware that infect more that 620,000 users . Today Twitter also announced that they have recorded some unusual access patterns that is identified as unauthorized access attempts to Twitter user data. Unknown hackers breach Twitter this week and may have gained access to passwords and other information for as many as 250,000 user accounts " the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords " said Bob Lord ,Director of Information Security, at Twitter. For security reasons twitter have reset passwords and revoked session tokens
Cybersecurity Resources