#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Worst Day for eBAY, Multiple Flaws leave Millions of Users vulnerable to Hackers

Worst Day for eBAY, Multiple Flaws leave Millions of Users vulnerable to Hackers

May 23, 2014
It's not been more than 36 hours since eBay revealed it was hacked and we just come to know about three more critical vulnerabilities in eBay website that could allow an attacker to compromise users' account once again, even if you have already reset your account password after the last announcement. Yesterday eBay admitted to the massive data breach that affected 145 million registered users worldwide after its database was compromised. eBay urged its 145 million users to change their passwords after the cyber attack, but are passwords enough? eBay Data breach happened mainly because of their vulnerable infrastructure, not weak passwords. I think eBay's morning just going to be bad to worse as today, three Security researchers came forward with three more different types of critical flaws in eBay website that leave its 145 million users vulnerable to hackers. HACKER UPLOADED SHELL ON eBAY SERVER (UNPATCHED) A critical security flaw in the eBay website for i
SNMP Reflection DDoS Attacks on the Rise

SNMP Reflection DDoS Attacks on the Rise

May 23, 2014
The DDoS techniques have massively increased with the attackers becoming more skillful at working around the network security. A massive 300Gbps DDoS attack launched against Spamhaus website almost broke the Internet a year ago and also earlier this year, hackers have succeeded in reaching new heights of the massive DDoS attack targeting content-delivery and anti-DDoS protection firm CloudFlare, reaching more than 400Gbps at its peak of traffic. Akamai's Prolexic Security Engineering and Response Team (PLXsert) issued a threat advisory on Thursday reporting a significant surge in DDoS attacks last month abusing the Simple Network Management Protocol (SNMP) interface in network devices. Simple Network Management Protocol (SNMP) is a UDP-based protocol which is commonly known and often used to manage network devices. SNMP is typically used in devices such as printers, routers and firewalls that can be found in the home and enterprise environments as well. Just as D
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Samsung Plans to add Eye Scanner to its Upcoming Smartphones

Samsung Plans to add Eye Scanner to its Upcoming Smartphones

May 22, 2014
After introducing the Fingerprint scanner to its new release, Samsung next plans to add IRIS scanning technology to its future smartphones to better improve the security of smartphones and for being more innovative too. According to a report released by The Wall Street Journal, Samsung senior Vice President Rhee In-jong told analysts and investors at a forum in Hong Kong that the company is planning to incorporate biometric sensors such as eye scanners into more of its products as a part of its enterprise security software. " We're looking at various types of biometric mechanisms and one of things that everybody is looking at is iris detection, " Rhee said. The move is no doubt in order to bring an added layer of security to its devices. A Smartphone with an eye-scanning feature would most likely to be used in the front-facing camera to scan the unique patterns of the user's iris and once the pattern get matched with the already stored user's iris image in the phon
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Microsoft Outlook App for Android Devices Stores Emails Unencrypted on File System

Microsoft Outlook App for Android Devices Stores Emails Unencrypted on File System

May 22, 2014
If you have an account with Microsoft's popular free email service Outlook.com, and using Outlook app for Android, then there is a bad news for you. Microsoft's Android app for Outlook.com,  provides users to access their Outlook emails on their Android devices, fails to provide security and encryption. LOOPHOLES DISCOVERED Researchers from ' Include Security ' firm claims to have found multiple vulnerabilities in Microsoft's Outlook app for Android, that leaves users' email data vulnerable to hackers and other malicious third party apps. By default, Email attachments are stored into easily accessible folders on the Android filesystem Email Database ( Body, Subject ) is stored locally in an unencrypted manner App's 'Pin Code' feature doesn't protect or encrypt email data. EMAIL ATTACHMENTS ARE ACCESSIBLE TO ANY OTHER APPS Today almost every applications available at Google Play Store generally ask for  READ_EXTERNAL_STORA
Apple iCloud and Activation Lock Hacked; Allows Hackers to Unlock Stolen Devices

Apple iCloud and Activation Lock Hacked; Allows Hackers to Unlock Stolen Devices

May 22, 2014
A Dutch-Moroccan team of hackers calling itself " Team DoulCi " have reportedly claimed to hack a protective feature on Apple 's iCloud system, that could leverage an attacker to remove security measures on lost or stolen iPhone devices. According to a report from Dutch news organization De Telegraaf , the hackers purchased locked iPhone devices for $50 to $150 each and then bypassed Apple's iCloud activation lock through a serious security vulnerability Apple has failed to patch with its most recent updates. The critical vulnerability in the Apple's iCloud allowed them to unlock stolen iPhones in an instant, which could then be sold for a large profit in the Blackmarket. This is the first time when any hacker group has managed to compromise the highly secured Apple's iCloud service. iCloud is a cloud storage and cloud computing service provided by the Apple Inc. to its users since October 2011 with more than 320 million users across the world. The service all
New Internet Explorer Zero-Day Vulnerability Publicly Disclosed; Identified in October 2013

New Internet Explorer Zero-Day Vulnerability Publicly Disclosed; Identified in October 2013

May 21, 2014
Oh Microsoft, How could you do this to your own Internet Explorer? Microsoft had kept hidden a critical Zero-Day vulnerability of Internet explorer 8 from all of us, since October 2013. A Critical zero-day Internet Explorer vulnerability ( CVE-2014-1770 ), which was discovered by Peter 'corelanc0d3r' Van Eeckhoutte in October 2013 just goes public today by the Zero Day Initiative (ZDI) website . Zero Day Initiative is a program for rewarding security researchers for responsibly disclosing vulnerabilities. ZDI reportedly disclosed the vulnerability to Microsoft when it was first identified by one of its researchers, on which Microsoft responded 4 month later on February 2014 and confirmed the flaw, but neither the Microsoft patch the vulnerability nor it disclosed any details about it. But due to ZDI's 180 days public notification policy, they are obligated to publicly disclosed the details of a Zero-Day vulnerability. ZDI warned Microsoft several days ago ab
eBay Hacked, Change your Account Password Now

eBay Hacked, Change your Account Password Now

May 21, 2014
If you have an eBay Account then you should change your password immediately, because the World's biggest E-commerce company with 128 million active users announced today in a press release that it had been Hacked. eBay revealed that attackers compromised customers' database including emails, physical addresses, encrypted passwords and dates of birth, in a hacking attack between late February and early March, but financial information like credit card numbers, as well as PayPal information were stored separately and were not compromised. ' After conducting extensive tests on its networks ,' They also said they've found no evidence of unauthorized access or activity by registered eBay users, but as precaution, eBay is resetting everyone's passwords that ' will help enhance security for eBay users. ' Why did eBay wait so long to tell everyone? because just two weeks ago they discovered data breach . They conducted a forensic investigation of its compu
To Tackle Cyber Crime, FBI Could Hire Hackers Who Smoke Weed

To Tackle Cyber Crime, FBI Could Hire Hackers Who Smoke Weed

May 21, 2014
Federal Bureau of Investigation (FBI) has been authorized by U.S Congress to hire 2,000 new employees this year, and many of those will be young hackers and Programmers in order to built-up its cyber crime division, but FBI's Director 'James B. Comey' is facing some difficulties. Apparently, FBI's Strict Anti-Drug Policy is making it very difficult for them to go after real criminals because most of the hackers have a fondness of smoking weeds, illicit drug. According to US agency policy, they won't hire anyone who used marijuana in the last three years, but it seems that now the law enforcement agency has to think about deviating from its own policy to get right talent to tackle cybercrimes over the Internet which has become a first priority for the agency. Recently, During an annual conference held at Manhattan's New York City Bar Association, One attendee asked James B. Comey that -- One of his friend who considered an FBI job but ultimately did not apply becaus
Netflix Users Targeted by Microsoft Silverlight Exploits

Netflix Users Targeted by Microsoft Silverlight Exploits

May 21, 2014
Netflix, the world's largest Internet Video Subscription service with more than 35.7 million customers in U.S alone, that runs on the Microsoft Silverlight platform, has now become a popular target for cybercriminals, as public awareness of Java and Flash flaws is increasing. Silverlight is a Microsoft's plug-in for streaming media on browsers, similar to Adobe Flash Player , that handles multimedia contents on Microsoft Windows and Mac OS X Web Browsers, and is popularly known for being used in Netflix's streaming video service. But, Netflix isn't the only service that works on Silverlight, many other multimedia services supports Silverlight. Malware and Exploit Kit developers are targeting Silverlight users as they aren't aware of the increasing proliferation of malware for the platform. Silverlight vulnerabilities are mostly exploited using drive-by download attacks to compromise victim's computers with malware, especially through malicious ads. A recent
China Bans Microsoft Windows 8 for Government Computers

China Bans Microsoft Windows 8 for Government Computers

May 20, 2014
While US government is always prohibiting the purchase of Huawei products due to suspected backdoors from the Chinese government, China also keep itself totally apart from the US productions. China is a bit famous for using its own operating systems, smartphone application services and lots more, rather than using the US developed Operating Systems, and now China has reportedly banned the installation of Microsoft Corporation's latest operating system, Windows 8 on any of its government computers. The Central Government Procurement Center issued a notice that was posted on its website last week prohibiting the use of Microsoft's latest operating system and the reason behind it is to support the use of energy-saving products, the report said. But the state news agency ' Xinhua ' pointed out a different reason for the ban saying the country wants to avoid any further losing of the support for an operating system like it did recently by pulling out its support from t
Pre-Play Vulnerability Allows Chip-and-PIN Payment Card Cloning

Pre-Play Vulnerability Allows Chip-and-PIN Payment Card Cloning

May 20, 2014
In March this year, we reported that the major card distributor companies, VISA and Mastercard are migrating to EMV chip cards , also known as PIN-and-Chip cards. Unlike traditional magnetic stripe payment cards, EMV chip cards generates a unique code for every transaction, making it nearly* impossible for criminals to use the card for counterfeit fraud. But Nothing is perfectly secure, even not the PIN-and-Chip based payment cards. All anti-cloning theories were already proven wrong, when a group of researchers found a way to hack the Credit and Debit cards based on the latest Chip-and-Pin technology. Back in 2012, we reported about a research paper entitled " Chip and Skim: cloning EMV cards with the pre-play attack " published ( old paper ) by team of researchers from the University of Cambridge, UK, who demonstrated that Chip and PIN payment card systems are also vulnerable to Card Cloning. The same team of researchers presented their EVM related research last Mond
'Anonymous Philippines' hacks Hundreds of Chinese Government Websites

'Anonymous Philippines' hacks Hundreds of Chinese Government Websites

May 20, 2014
A Philippine Hacker group claiming ties with the hacktivist collective Anonymous defaced early Monday several Chinese Government websites. " Anonymous Philippines " claimed responsibility for defacing more than 200 Chinese websites in retaliation for Beijing's aggressive actions in the West Philippine Sea, according to the messages posted on their Facebook page . " The operation was a success, we might not have brought China to it's knees but we gave hope to our brothers and sisters, because hope is what we need right now. Hope that someday people will stand-up and fight back! " Anonymous Philippines said. At the time of writing, More than 145 Chinese Government ( list 1 ) and 45 Commercial websites ( list 2 ) were displaying the following defacement message: " China's alleged claim on maritime territories and oppressive poaching can no longer be tolerated. Stand against Oppression! It's time to fight back! Say NO to China'
Cybersecurity Resources