The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Software-as-a-service (SaaS) applications have gone from novelty to business necessity in a few short years, and its positive impact on organizations is clear. It's safe to say that most industries today run on SaaS applications, which is undoubtedly positive, but it does introduce some critical new challenges to organizations.  As SaaS application use expands, as well as the number of touchpoints they create, the attack surface also becomes significantly larger. As an answer to this emerging challenge, XDR provider Cynet has added a new SaaS Security Posture Management (SSPM) tool to its existing platform ( you can learn more here ). Regardless of the size of an organization or its security team, managing the security policy and posture of dozens to hundreds of SaaS applications is a complex task, and one that requires the right tools to expedite and optimize. Using SSPM can centralize many of the management and logistics requirements and offer a more unified way to establish s...

Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The malicious packages in question — named  okhsa ,  klow , and  klown  — were published by the same developer and falsely claimed to be JavaScript-based user-agent string parsers designed to extract hardware specifics from the " User-Agent " HTTP header. But unbeknownst to the victims who imported them, the author hid cryptocurrency mining malware inside the libraries. The bad actor's NPM account has since been deactivated, and all the three libraries, each of which were downloaded 112, 4, and 65 times respectively, have been removed from the repository as of October 15, 2021. Attacks involving the three libraries worked by detecting the current operating system, before p...

The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security (NS) and anti-terrorism (AT) reasons. The  mandate , which is set to go into effect in 90 days, will forbid the export, reexport and transfer of "cybersecurity items" to countries of "national security or weapons of mass destruction concern" such as China and Russia without a license from the department's Bureau of Industry and Security (BIS). "The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fueling authoritarian practices," BIS  said  in a press release. The rule does not cover "intrusion software" itself, but rather the following — Systems, equipment, and components specially designed or...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder. That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting the video platform with cookie theft malware. The actors behind the infiltration have been attributed to a group of hackers recruited in a Russian-speaking forum. "Cookie Theft, also known as 'pass-the-cookie attack,' is a session hijacking technique that enables access to user accounts with session cookies stored in the browser," TAG's Ashley Shen  said . "While the technique has been around for decades, its resurgence as a top security risk could be due to a wider adoption of multi-factor authentication (MFA) making it difficult to conduct abuse, and shif...

Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015. Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, have been each sentenced to 24 months and 48 months in prison, respectively, for their roles in the scheme. Court documents showed that both the individuals worked as administrators for an unnamed bulletproof hosting service provider that rented out IP addresses, servers, and domains to cybercriminal clients to disseminate malware such as Zeus, SpyEye, Citadel, and the Blackhole Exploit kit that were used to gain access to victims' machines, co-opt them to a botnet, and siphon banking credentials. The development comes months after Stassi and Shorodumov, along with the service's Russian founders Aleksandr Grichishkin and Andrei Skvort...

A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability ( CVE-2021-0186 , CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National University of Defense Technology in early May 2021, who used it to stage a confidential data disclosure attack called " SmashEx " that can corrupt private data housed in the enclave and break its integrity. Introduced with Intel's Skylake processors, SGX (short for Software Guard eXtensions) allows developers to run selected application modules in a completely isolated secure compartment of memory, called an enclave or a Trusted Execution Environment (TEE), which is designed to be protected from processes running at higher privilege levels like the operating system. SGX ensures that data is secure ...

Code injection attacks, the infamous king of vulnerabilities, have lost the top spot to broken access control as the worst of the worst, and developers need to take notice. In this increasingly chaotic world, there have always been a few constants that people could reliably count on: The sun will rise in the morning and set again at night, Mario will always be cooler than Sonic the Hedgehog, and code injection attacks will always occupy the top spot on the Open Web Application Security Project (OWASP) list of the  top ten most common  and dangerous vulnerabilities that attackers are actively exploiting. Well, the sun will rise tomorrow, and Mario still has "one-up" on Sonic, but code injection attacks have fallen out of the number one spot on the infamous OWASP list, refreshed in 2021. One of the oldest forms of attacks,  code injection vulnerabilities  have been around almost as long as computer networking. The blanket vulnerability is responsible for a wide rang...