#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Understanding the Shared Security Model in Amazon Web Services

Understanding the Shared Security Model in Amazon Web Services

May 21, 2015
Security in the Amazon EC2 environment is a responsibility shared by both the end user and Amazon. This is because within this environment there are specific parts that Amazon has control of and specific parts that are controlled by the end user. For the end user, they are responsible for securing the operating systems running on their instances, as well as the applications running on those operating systems. On the other hand, physical security and security of the hypervisor is Amazon's responsibility. When it comes to the network, security of that layer is a shared responsibility between the user and Amazon. Implications of the Shared Security Model Huge operational efficiencies can be gained in a shared security model, however this comes at the cost of the flexibility to have total control over an environment. In the past, significant security issues have occurred as organizations move to the shared model. During this transition, it's key that organizations under
Google to Introduce New Photo-Sharing Platform to Kill Instagram

Google to Introduce New Photo-Sharing Platform to Kill Instagram

May 21, 2015
Google is reportedly going to launch a new online photo-sharing service and storage option at its developer conference later this month, which Bloomberg says , will not be a part of its Google+ social network. At the moment, Google offers a photo sharing service known as " Google+ Photos ," which comes pre-installed with every Android device. Google+ Photos automatically backs up photos in the device to Google cloud storage. However, the new photo service will not be a part of Google+ network . It seems like the company's attempts to bolster its product lineup and compete with the increasingly popular rivals like Facebook or Twitter to grow its user base. Just the way like Facebook, who acquired the popular mobile photo-sharing service Instagram in 2012 and increased its user base to more than 300 Million users in one shot. There aren't many details about How the new Google photo service will work? Whether the online photo storage part of the service
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
LogJam — This New Encryption Glitch Puts Internet Users at Risk

LogJam — This New Encryption Glitch Puts Internet Users at Risk

May 20, 2015
After HeartBleed , POODLE and FREAK  encryption flaws, a new encryption attack has been emerged over the Internet that allows attackers to read and modify the sensitive data passing through encrypted connections, potentially affecting hundreds of thousands of HTTPS-protected sites, mail servers, and other widely used Internet services. A team of security researchers has discovered a new attack, dubbed Logjam , that allows a man-in-the-middle (MitM) to downgrade encrypted connections between a user and a Web or email server to use extremely weaker 512-bit keys which can be easily decrypted. Johns Hopkins crypto researcher Matthew Green along with security experts from the University of Michigan and the French research institute Inria has discovered LogJam a few months ago and published a technical report that details the flaw. Logjam — Cousin of FREAK Logjam encryption flaw sounds just like FREAK vulnerability disclosed at the beginning of March.  The FREA
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
NetUSB Driver Flaw Exposes Millions of Routers to Hacking

NetUSB Driver Flaw Exposes Millions of Routers to Hacking

May 20, 2015
A simple but shockingly dangerous vulnerability has been uncovered in the NetUSB component, putting Millions of modern routers and other embedded devices across the globe at risk of being compromised by hackers. The security vulnerability, assigned CVE-2015-3036 , is a remotely exploitable kernel stack buffer overflow flaw resides in Taiwan-based KCodes NetUSB . NetUSB is a Linux kernel module that allows for users to flash drives, plug printers and other USB-connected devices into their routers so that they can be accessed over the local network. NetUSB component is integrated into modern routers sold by some major manufacturers including D-Link, Netgear, TP-Link, ZyXEL and TrendNet. The security flaw, reported by Stefan Viehbock of Austria-based SEC Consult Vulnerability Lab, can be triggered when a client sends the computer name to the server deployed on the networking device (TCP port 20005) in order to establish a connection. However, if a connecting comp
Gamification of Facebook Messenger... New feature Coming Soon

Gamification of Facebook Messenger... New feature Coming Soon

May 19, 2015
Good news for Gamers! Users of Facebook Messenger may soon be able to play games on the messaging platform . Nearly two months ago, Facebook launched its Messenger platform , inviting developers to create apps that allow you to send and receive GIFs, sound clips, and other artistic creations within Messenger, but the social network giant don't want the fun for users to end here. Facebook has confirmed that the company is actively discussing plans with several game developers to create games that work on its Messenger platform, to make its users' experience a lot more fun and potentially more lucrative. More user engagement, More Revenue: First reported on Monday by The Information , Facebook's plan for gamification is a way to get more user engagement and more revenue. Although there are not many details about Facebook's gaming initiative, the idea sounds really interesting, as we already have our social network established over Messenger that could make
Apple Safari Browser Vulnerable to URL Spoofing Vulnerability

Apple Safari Browser Vulnerable to URL Spoofing Vulnerability

May 19, 2015
A serious security vulnerability has been uncovered in Apple's Safari web browser that could trick Safari users into visiting a malicious website with the genuine web address. A group of researchers, known as Deusen , has demonstrated how the address spoofing vulnerability could be exploited by hackers to fool victim into thinking they are visiting a trusted website when actually the Safari browser is connected to an entirely different address. This flaw could let an attacker lead Safari users to a malicious site instead of a trusted website they willing to connect to install malicious software and steal their login credentials. The vulnerability was discovered by the same group who reported a Universal Cross Site Scripting (XSS) flaw in all the latest patched versions of Microsoft's Internet Explorer in February this year that put IE users' credentials and other sensitive information at risk. The group recently published a proof-of-concept exploit code that makes
UK Government Rewrites Laws to Let GCHQ Hack Into Computers Legally

UK Government Rewrites Laws to Let GCHQ Hack Into Computers Legally

May 17, 2015
The UK Government has quietly changed the Anti-Hacking Laws quietly that exempt GCHQ , police, and other electronic intelligence agencies from criminal prosecution for hacking into computers and mobile phones and carrying out its controversial surveillance practices. The details of the changes were disclosed at the Investigatory Powers Tribunal , which is currently hearing a challenge to the legality of computer hacking by UK law enforcement and its intelligence agencies. About a year ago, a coalition of Internet service providers teamed up with Privacy International to take a legal action against GCHQ for its unlawful hacking activities. However, the Government amended the Computer Misuse Act (CMA) two months ago to give GCHQ and other intelligence agencies more protection through a little-noticed addition to the Serious Crime Bill. The change was introduced on June 6, just weeks after the complaint was filed by Privacy International that GCHQ had conducted compu
FBI: Banned Security Researcher Admitted to Hacking Plane In-Flight

FBI: Banned Security Researcher Admitted to Hacking Plane In-Flight

May 17, 2015
A security researcher who was pulled out from a United Airlines flight last month had previously admitted to Federal Bureau of Investigation (FBI) that he had taken control of an airplane and made it fly briefly sideways. Chris Roberts, the founder of One World Labs , was recently detained, questioned and had his equipment taken by federal agents after he landed on a United flight from Chicago to Syracuse, New York following his tweet suggesting he might hack into the plane's in-flight entertainment system. In that particular tweet, Roberts joked: " Find me on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? 'PASS OXYGEN ON' Anyone? :) " The federal agents addressed the tweet immediately and took it seriously following the Roberts' capabilities of such hacking tactics. In the FBI affidavit first made public Friday - first obtained by APTN National News - Roberts told the FBI earlier this year about not once, b
Simple Fingerprint Test is Enough to Know Cocaine Use

Simple Fingerprint Test is Enough to Know Cocaine Use

May 16, 2015
If you are one of those using cocaine, law enforcement officials may soon catch you by simply examining your fingerprints. Scientists have developed a new type of drug test that can tell whether you have taken cocaine by analyzing chemical traces left behind in your fingerprint. A team of scientists led by the University of Surrey discovered a test that makes use of the Mass spectrometry chemical analysis technique – a method proved more accurate than those currently used saliva, blood or urine samples relied on by authorities. " When someone has taken cocaine, they excrete traces of benzoylecgonine and methylecgonine as they metabolize the drug, and these chemical indicators are present in fingerprint residue ," said Dr. Melanie Bailey, the lead researcher from the University of Surrey. How is it all done? A person's fingerprint sample is treated with a mixture of methanol and water in an attempt to locate the traces. A mass spectrometer is then used to
This 3D Printed Robot Cracks Combination Locks in Less than 30 Seconds

This 3D Printed Robot Cracks Combination Locks in Less than 30 Seconds

May 16, 2015
Be careful while leaving your important and valuable stuff in your lockers. A 3D printed robot has arrived that can crack a combination lock in as little as 30 seconds. So, it's time to ditch your modern combination locks and started keeping your valuable things in a good old-fashioned locker with keys. A well-known California hacker Samy Kamkar who is expert in cracking locks has built a 3D-printed machine, calling his gadget the " Combo Breaker ," that can crack Master Lock combination padlocks – used on hundreds of thousands of school lockers – in less than 30 seconds. A couple of weeks ago, Kamkar introduced the world how a manufacturing flaw in Master Lock combination locks can easily reveal the full combination by carefully measuring the dial interaction with the shackle in eight or fewer attempts. However, it requires some software and things to do, and who has that much of time? So to make it simple for everyone – On Thursday, the hacker showe
Cybersecurity Resources