#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Under the hood of recent DDoS Attack on U.S. Banks

Under the hood of recent DDoS Attack on U.S. Banks

Jan 10, 2013
Incapsula security study reveals how a simple neglect in managing the administrative password of a small UK site was quickly exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. If you've been following the news, you are probably aware of a wave of DDoS attacks that recently hit several major U.S. banks. Izz ad-Din al-Qassam, a hacker group that claimed responsibility for these attacks, declared them to be a retaliation for an anti-Islam video that mocked the Prophet Muhammad and a part of the on-going "Operation Ababil." As the reports of the attack started to roll in, Incapsula security team was able to uncover one of the secret foot-soldiers behind the assault: a compromised general-interest UK-based website that was trying to hurl large chunks of junk traffic at three of the world's largest financial institutions (PNC, HSBC and Fifth Third Bank). At On the eve of the attack, this website sud
5 Checks You Must Run To Ensure Your Network Is Secure

5 Checks You Must Run To Ensure Your Network Is Secure

Jan 10, 2013
Twenty-four hours a day, seven days a week, 365 days each year – it's happening. Whether you are awake or asleep, in a meeting or on vacation, they are out there probing your network, looking for a way in. A way to exploit you; a way to steal your data, a place to store illegal content, a website they can deface, or any of a hundred other ways to mess with you for the simple joy of it all. And they can do this with relative ease, even in an automated fashion, with simple tools that are readily available to all. I'm talking about network scanners. The bad guys use them all day every day to assess networks around the world because a network scanner is one of the easiest and most efficient ways to find the cracks in your armor. If you want to see your network the same way an attacker would, then you want to use a network scanner. Network scanners perform automated tests of systems over the network. They don't require agents or any other software to be installed on the "target"
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Outdated version of WordPress leads to MasterCard Hack

Outdated version of WordPress leads to MasterCard Hack

Jan 09, 2013
On tip of a readers, yesterday we came across a new MasterCard hack, performed by  Syrian Electronic Army . Hackers was able to breach MasterCard Blog ( https://insights.mastercard.com ) and make a new blog post on the website with title " Hacked By Syrian Electronic Army " on January 5, 2013. For now MasterCard deleted that post, but readers can check Google cache . Today we tried to contact the hacker, but may be they are busy in Hacking Next Target , I started my investigation that how they can hack such a big economic website's blog. Starting from very first step, Information gathering about your target. Simple by reviewing the source code we found that MasterCard blog is using Wordpress. We all know, WordPress is particular a popular attack vector for cyber criminals. To know this, I just tried to access the readme.html file of CMS , that's it - MasterCard #fail ! They are using an old  Wordpress 3.3.2  version, instead of the current version 3.
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Official Debian and Python Wiki Servers Compromised

Official Debian and Python Wiki Servers Compromised

Jan 09, 2013
Administration from Debian and Python project official websites confirmed that their WIKI servers were compromised by some unknown hackers recently. Hackers was able to hack because of several vulnerabilities in " moin " package. According to  Brian Curtin at Python Project , Hacker user some unknown remote code exploit on Python Wiki server (https://wiki.python.org/) and was able to get shell access. The shell was restricted to "moin" user permissions, where but no other services were affected. Attacker deleted all files owned by the "moin" user, including all instance data for both the Python and Jython wikis. Python Software Foundation encourages all wiki users to change their password on other sites if the same one is in use elsewhere. For now, Python Wiki is down and team is investigating more about breach. Where as in Debian Wiki (https://wiki.debian.org/) security breach, user use some known vulnerabilities Directory traversal ( CVE-20
Warm up your keyboard for Facebook Hacker Cup 2013

Warm up your keyboard for Facebook Hacker Cup 2013

Jan 09, 2013
Dear Hackers, Warm up your keyboards! Because Facebook open Registration for third Hacker Cup 2013, an annual worldwide programming competition where hackers compete against each other for fame, fortune, glory and a shot at the title of world champion, with $5,000 top prize. The qualification round begins on January 25th. So Participate and enhance your programming competency. The dates have been set for Facebook Hacker Cup 2013 Jan 7 — Jan 27 — Registration Jan 25 — Jan 27 — Online Qualification Round Feb 2 — Online Elimination Round 1 Feb 9 — Online Elimination Round 2 Feb 16 — Online Elimination Round 3 March 22 -23 — Onsite Finals at Facebook Registrations Page -  https://www.facebook.com/hackercup/register This is your chance to compete against the world's best programmers for awesome prizes and the title of World Champion.
Running Desktop Apps on Windows RT, The Hackers Way!

Running Desktop Apps on Windows RT, The Hackers Way!

Jan 08, 2013
A hacker claims to have found a method in the code integrity mechanism in Windows RT, that allow one to bypass security mechanism preventing unauthorized software running on ARM-powered Windows RT tablets. Lets see, How to Run traditional desktop apps on Windows RT in a Hackers  Way! A hacker called ' C. L. Rokr ' explain about the Windows RT exploit on his blog , which requires manipulating a part of Windows RT's system memory that governs whether unsigned apps can run. Windows RT is a special version of Microsoft Windows designed for lightweight PCs and tablets that are based on the ARM architecture, including Microsoft's Surface tablet.  Clrokr said Windows RT inherited a flaw from Windows 8 that makes the workaround possible. " Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible, ". Specifically, one needs to inject a blob of ARM code into a safe
Cybersecurity Resources