#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

New Rules Require FBI to Get Warrant for Spying With ‘Stingrays’ Cell Phone Trackers

New Rules Require FBI to Get Warrant for Spying With 'Stingrays' Cell Phone Trackers

Sep 04, 2015
Remember StingRays ? The controversial cell phone spying tool , known as " Stingrays " or " IMSI catchers ," has been used by authorities to track criminal suspects most of the times without obtaining court orders. But now, the Federal law agencies will have to be more transparent about their use of Stingrays to spy on cell phones. Thanks to the new policy announced Thursday by the US Department of Justice. For years, local police and federal authorities have used and spent over $350,000 on Stingrays , which essentially mimic mobile phone tower, to track cell phones in countless investigations. What is Stingray? Stingrays , made by the Harris Corporation, has capabilities to access user's unique IDs and phone numbers, track and record locations, and sometimes even intercept Internet traffic and phone calls, send fake texts and install spyware on phones. The authorities used these tracking tools for years to breach people's privacy
Popular Belkin Wi-Fi Routers vulnerable to Hackers

Popular Belkin Wi-Fi Routers vulnerable to Hackers

Sep 03, 2015
US-CERT has outlined about Wireless routers developed by Belkin supposedly containing several vulnerabilities. CERT in their Vulnerability Note VU#201168 (Vulnerability ID) said, that Belkin's N600 DB Wireless Dual-Band N+ Router, model F9K1102 v2 with firmware version 2.10.17 and very likely earlier versions are packed with multiple and critical vulnerabilities. The targeted router is the fastest long-range router with speeds up to 300Mbps + 300Mbps** allows a great multi-device coverage and with its dual-band operating speed empowering and prioritizing exhaustive activities like video streaming and online gaming. Few months back, The Hacker News (THN)  reported about vulnerabilities in routers capable of hijacking user's data at different instances. Belkin router is accused of loopholes that allow an attacker to spoof DNS, conduct man-in-the-middle attack, perform privilege escalation and implement Cross Site Request Forgery(CSRF). CERT lists out the multi
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
26 Android Phone Models Shipped with Pre-Installed Spyware

26 Android Phone Models Shipped with Pre-Installed Spyware

Sep 03, 2015
Bought a brand new Android Smartphone? Don't expect it to be a clean slate. A new report claims that some rogue retailers are selling brand-new Android smartphones loaded with pre-installed software. Security firm G Data has uncovered more than two dozens of Android smartphones from popular smartphone manufacturers — including Xiaomi , Huawei and Lenovo — that have pre-installed spyware in the firmware. G Data is a German security firm that disclosed last year the Star N9500 Smartphone's capability to spy on users, thereby comprising their personal data and conversations without any restrictions and users knowledge. Removal of Spyware Not Possible The pre-installed spyware, disguised in popular Android apps such as Facebook and Google Drive , can not be removed without unlocking the phone since it resides inside the phone's firmware. "Over the past year, we have seen a significant [growth] in devices that are equipped with firmware-level [m
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Using AppLock for Android to Hide Apps and Photos? — It's Useless

Using AppLock for Android to Hide Apps and Photos? — It's Useless

Sep 03, 2015
Widely popular AppLock for Android by DoMobile Ltd. is claimed to be vulnerable to hackers. Having an applock for iPhone or Android device is useful. It is suitable for security and keeping people out of your business. But when it comes to how to password protect apps on Android? How to put passwords on apps? — the one app that comes to mind is AppLock. What is AppLock? AppLock is a lightweight Android app that enables users to apply a lock on almost any type of file or app on their devices, preventing access to your locked apps and private data without a password. The most basic functionality of the security feature is to lock your Android apps so that nobody can access or uninstall them, but applock can hide pictures and videos, and even contacts and individual messages. For example, if you have an app lock on WhatsApp, one of your friends borrow your phone to play games cannot get into your WhatsApp app without a password you have set for the locked app. App Lock si
Critical OS X Flaw Grants Mac Keychain Access to Malware

Critical OS X Flaw Grants Mac Keychain Access to Malware

Sep 03, 2015
Back in July, a security researcher disclosed a zero-day vulnerability in Mac OS X that allowed attackers to obtain unrestricted root user privileges with the help of code that even fits in a tweet . The same vulnerability has now been upgraded to again infect Mac OS X machines even after Apple fixed the issue last month. The privilege-escalation bug was once used to circumvent security protections and gain full control of Mac computers. Thanks to the environment variable DYLD_PRINT_TO_FILE Apple added to the code of OS X 10.10 Yosemite. The vulnerability then allowed attackers to install malware and adware onto a target Mac, running OS X 10.10 (Yosemite), without requiring victims to enter system passwords. However, the company fixed the critical issue in the Mac OS X 10.11 El Capitan Beta builds as well as the latest stable version of Mac OS X – Version 10.10.5 . Mac Keychain Flaw Now, security researchers from anti-malware firm MalwareBytes spotted t
FBI’s Cyber Task Force Identifies Stealthy FF-RATs used in Cyber Attack

FBI's Cyber Task Force Identifies Stealthy FF-RATs used in Cyber Attack

Sep 02, 2015
In both April and June this year, a series of cyber attacks was conducted against the United States Office of Personnel Management (OPM) . These attacks resulted in 21 million current and former Federal government employees' information being stolen. After months of investigation, the FBI's Cyber Task Force identified several Remote Access Tools (RATs) that were used to carry out the attack. One of the more effective tools discovered is named ' FF-RAT '. FF-RAT evades endpoint detection through stealth tactics, including the ability to download DLLs remotely and execute them in memory only. Hackers use RATs to gain unlimited access to infected endpoints. Once the victim's access privilege is acquired, it is then used for malware deployment, command and control (C&C) server communication, and data exfiltration. Most Advanced Persistent Threat (APT) attacks also take advantage of RAT functionality for bypassing strong authentication, reconnaissance, spreading
Cybersecurity Resources