#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Why You need to Stop using WhatsApp?

Why You need to Stop using WhatsApp?

Feb 24, 2014
If you haven't heard by now, Facebook just made its biggest move ever, buying the messaging service WhatsApp in a deal worth some $19 billion. That's 19 times what Facebook paid for Instagram two years ago. The WhatsApp Service run by the team of just 32 engineers, handles more than 50 Billion messages daily, and approx 385 million active users. WhatsApp acquisition has also brought out fresh criticism over security for the billions of messages delivered on the platform. Security Researcher at Praetorian Labs identified several SSL-related security issues in WhatsApp application using Project Neptune , a mobile application security testing platform. " WhatsApp communication between your phone and our server is fully encrypted. We do not store your chat history on our servers. Once delivered successfully to your phone, chat messages are removed from our system ." Company said in a blog post . But researchers found that WhatsApp is vulnerable to Man-in-theMiddl
Apple's iOS vulnerable to Man-in-the-middle Attack, Install iOS 7.0.6 to Patch

Apple's iOS vulnerable to Man-in-the-middle Attack, Install iOS 7.0.6 to Patch

Feb 22, 2014
Apple's latest 35.4 MB update of  iOS 7.0.6  doesn't seem important at first, but it contains a critical security patch that addresses a flaw with SSL encryption. Yes, a very critical security vulnerability that could allow hackers to intercept email and other communications that are meant to be encrypted in iPhone, iPad and Mac computer. Apple provides very little information when disclosing security issues, ' For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. ' said in the security advisory . Cryptography experts immediately tried to figure out what was wrong with Apple's implementation of Secure Sockets Layer (SSL) and the details are: Impact:  The vulnerability assigned CVE-2014-1266 and  affects both the iOS and OS X operating systems , describes as ' Secure Transport failed to validate the authent
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Learn How to Hide WhatsApp 'Last seen at' Time and Profile Picture from Other Users

Learn How to Hide WhatsApp 'Last seen at' Time and Profile Picture from Other Users

Feb 22, 2014
WhatsApp for Android added most awaited privacy option for all who do not want to display information about when they last used the app. This is the first impressive update of the  WhatsApp after acquisition by Facebook , who   has paid a lot of money in cash and stock to acquire it. The Popular Smartphone messaging application  WhatsApp version 2.11.169 will provide you more ability and control over privacy options i.e. Hiding ' last seen at ' time, Profile picture, status updates from others, which are currently visible for all WhatsApp users. Currently, these options are set to  'everyone'  by default, that allows any WhatsApp user to find out exactly when you used WhatsApp for the last time, also reveals your image and Status message. Most of the times we don't want it to be shown to anyone or to non-contact users. How to hide WhatsApp 'last seen at' time and Profile Picture? WhatsApp now allows you to Modify your Privacy settings in three wa
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Android iBanking Trojan Source Code Leaked Online

Android iBanking Trojan Source Code Leaked Online

Feb 22, 2014
Smartphone  is the need of everyone today and so the first target of most of the Cyber Criminals . Malware authors are getting to know their market and are changing their way of operations. Since last year we have seen a rise in the number of hackers moving from the Blackhat into the Greyhat. The Head of knowledge delivery and business development for  RSA's FraudAction Group ,  Daniel Cohen  warned users about the new threat via a company  blog  on Thursday, that explains everything about the malware app, called  iBanking . iBanking , a new mobile banking  Trojan app which impersonates itself as an Android ' Security App ', in order to deceive its victims, may intimidate a large number of users as now that its source code has been leaked online through an underground forum. It will give an opportunity to a larger number of cybercriminals to launch attacks using this kind of ready-made mobile malware in the future. Since many banking sites use  two-fac
Adobe releases another Emergency Security Patch for Flash Player

Adobe releases another Emergency Security Patch for Flash Player

Feb 22, 2014
Security Firm FireEye has uncovered yet another critical zero-day vulnerability in widely used Adobe Flash Software and Adobe has been forced to issue a second emergency patch update  in less than a month. All versions of Adobe Flash Player released before today's patch are vulnerable to the zero-day exploit and the patch addresses a critical vulnerability  CVE-2014-0502 , being used in a watering hole attack -dubbed " Operation Greedywonk",  that allows attackers to remotely take control of infected systems. The vulnerability affects the latest versions of Flash, is reported to be targeting the websites of three non-profit institutions, being redirected to an malicious server hosting the zero-day exploit. " Visitors to the Peter G. Peterson Institute for International Economics (www.piie[.]com) were redirected to an exploit server hosting this Flash zero-day through a hidden iframe ." FireEye said. Security updates tackle a number of flaws includi
Cybersecurity Resources