#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for security | Breaking Cybersecurity News | The Hacker News

Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

Feb 14, 2024 Patch Tuesday / Vulnerability
Microsoft has released patches to address  73 security flaws  spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to  24 flaws  that have been fixed in the Chromium-based Edge browser since the release of the January 2024 Patch Tuesday updates . The two flaws that are listed as under active attack at the time of release are below - CVE-2024-21351  (CVSS score: 7.6) - Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-21412  (CVSS score: 8.1) - Internet Shortcut Files Security Feature Bypass Vulnerability "The vulnerability allows a malicious actor to inject code into  SmartScreen  and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both," Microsoft said a
Improve Your Online Privacy And Security Using NordVPN

Improve Your Online Privacy And Security Using NordVPN

Sep 29, 2016
Today, most users surf the web unaware of the fact that websites collect their data and track their locations – and if this is not enough, then there are hackers and cyber criminals who can easily steal sensitive data from the ill-equipped. In short, the simple truth is that you have no or very little privacy when you're online. So, if you're worried about identity thieves, or ISPs spying on or throttling your traffic, the most efficient way to secure your privacy on the Internet is to avoid using public networks; use a Virtual Private Network (VPN) instead. When it comes to digital security, the first thing most users probably think of is a good Antivirus for protecting their sensitive data on their systems. But, what they forget is that the data they send over the Internet needs protection, too. That's where Virtual Private Network (VPN) services come in. VPN allows you to access a private network securely and to share data remotely through public networks,
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch

Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch

Jul 18, 2022
With global cybercrime costs expected to reach $10.5 trillion annually by 2025, according to Cybersecurity Ventures, it comes as little surprise that the risk of attack is companies' biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an (over)abundance of solutions available.  But beware, they may not give you a full and continuous view of your weaknesses if used in isolation. With huge financial gains to be had from each successful breach, hackers do not rest in their hunt for flaws and use a wide range of tools and scanners to help them in their search. Beating these criminals means staying one step ahead and using the most comprehensive and responsive vulnerability detection support you can.  We'll go through each solution and explain how you can maintain your vigilance. Of course, vulnerability management is just one step businesses must take to prevent a breach; there's also proper
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
PECB Certified Lead Ethical Hacker: Take Your Career to the Next Level

PECB Certified Lead Ethical Hacker: Take Your Career to the Next Level

Dec 27, 2022
Cybercrime is increasing exponentially and presents devastating risks for most organizations. According to Cybercrime Magazine, global cybercrime damage is predicted to hit $10.5 trillion annually as of 2025. One of the more recent and increasingly popular forms of tackling such issues by identifying is ethical hacking. This method identifies potential security vulnerabilities in its early stages. Certified ethical hackers use advanced tools and strategies to prevent cyberattacks and help organizations strengthen their cybersecurity. Why Companies Should Hire Ethical Hackers As cyberattacks constantly evolve and improve, organizations must ensure that their defense systems and approach can keep up with the level and complexity of cyberattacks. In today's business era, organizations cannot afford to operate without identifying the vulnerabilities in their system and taking preventive measures. As such, ethical hackers provide several advantages: they offer a unique outsider's persp
Yahoo Email Spying Scandal — Here's Everything that has Happened So Far

Yahoo Email Spying Scandal — Here's Everything that has Happened So Far

Oct 08, 2016
Today Yahoo! is all over the Internet, but in a way the company would never have expected. It all started days ago when Reuters cited some anonymous sources and reported that Yahoo built a secret software to scan the emails of hundreds of millions of its users at the request of a U.S. intelligence service. At this point, we were not much clear about the intelligence agency: the National Security Agency or the FBI? The news outlet then reported that the company installed the software at the behest of Foreign Intelligence Surveillance Act (FISA) court order. Following the report, the New York Times reported that Yahoo used its system developed to scan for child p*rnography and spam to search for emails containing an undisclosed digital "signature" of a certain method of communication employed by a state-sponsored terrorist organization. Although Yahoo denied the reports, saying they are "misleading," a series of anonymous sources, therefore, unaccounta
New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS

New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS

Sep 12, 2019
Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. Dubbed " SimJacker ," the vulnerability resides in a particular piece of software, called the S@T Browser (a dynamic SIM toolkit), embedded on most SIM cards that is widely being used by mobile operators in at least 30 countries and can be exploited regardless of which handsets victims are using. What's worrisome? A specific private company that works with governments is actively exploiting the SimJacker vulnerability from at least the last two years to conduct targeted surveillance on mobile phone users across several countries. S@T Browser , short for SIMalliance Toolbox Browser, is an application that comes installed on a variety of SIM cards, including eSIM, as part of SIM Tool Kit (STK) and has been designed to let mobile
WannaCry Kill-Switch(ed)? It’s Not Over! WannaCry 2.0 Ransomware Arrives

WannaCry Kill-Switch(ed)? It's Not Over! WannaCry 2.0 Ransomware Arrives

May 13, 2017
Update —  After reading this article, if you want to know, what has happened so far in past 4 days and how to protect your computers from WannaCry, read our latest article " WannaCry Ransomware: Everything You Need To Know Immediately . "  If you are following the news, by now you might be aware that a security researcher has activated a "Kill Switch" which apparently stopped the WannaCry ransomware from spreading further. But it's not true, neither the threat is over yet. However, the kill switch has just slowed down the infection rate. Updated:  Multiple security researchers have claimed that there are more samples of WannaCry out there, with different 'kill-switch' domains and without any kill-switch function, continuing to infect unpatched computers worldwide (find more details below). So far, over 237,000 computers across 99 countries around the world have been infected, and the infection is still rising even hours after the kill swit
Top 5 Cybersecurity and Cybercrime Predictions for 2020

Top 5 Cybersecurity and Cybercrime Predictions for 2020

Dec 03, 2019
We distilled 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020 and compiled the top 5 most interesting findings and projections in this post. Compliance fatigue will spread among security professionals Being a source of ongoing controversy and debate, the California Consumer Privacy Act (CCPA) was finalized on 11th January 1, 2019. Driven by laudable objectives to protect Californians' personal data, prevent its misuse or unconsented usage by unscrupulous entities, the law imposes formidable monetary penalties of up to $7,500 per intentional violation and $2,500 per unintentional violation. The Act is enforceable against organizations that process or handle personal data of California residents, regardless of the geographical location of the former. Akin to the EU GDPR, data subjects are empowered with a bundle of rights to control their personal data and its eventual usage. The pitfall is that if every US state introduces its own s
Data Loss Prevention – Log & Event Manager

Data Loss Prevention – Log & Event Manager

Jan 14, 2015
In today's world your network is subject to a multitude of vulnerabilities and potential intrusions and it seems like we see or hear of a new attack weekly. A data breach is arguably the most costly and damaging of these attacks and while loss of data is painful the residual impact of the breach is even more costly. The loss or leakage of sensitive data can result in serious damage to an organization, including: Loss of intellectual property Loss of copyrighted information Compliance violations Damage to corporate reputation/brand Loss of customer loyalty Loss of future business opportunities Lawsuits and ongoing litigation Financial and criminal penalties To help you protect sensitive data and reduce the risk of data loss, we recommend using a Security Information and Event Management ( SIEM ) technology such as SolarWinds® Log & Event Manager . If you're not familiar with Log & Event Manager (LEM), it's a comprehensive SIEM product, packaged in an ea
What's Wrong with Manufacturing?

What's Wrong with Manufacturing?

Mar 16, 2023
In last year's edition of the  Security Navigator  we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also the most represented Industry in our CyberSOC dataset – contributing more Incidents than any other sector.  We found this trend confirmed in 2023 – so much in fact that we decided to take a closer look. So let's examine some possible explanations.  And debunk them. Hunting for possible explanations Manufacturing is still the most impacted industry in our Cyber Extortion dataset in 2023, as tracked by monitoring double-extortion leak sites. Indeed, this sector now represents more than 20% of all victims since we started observing the leak sites in the beginning of 2020. Approximately 28% of all our clients are from Manufacturing, contributing with an overall share of 31% of all p
Cybersecurity Resources