#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

An Army of Million Hacked IoT Devices Almost Broke the Internet Today

An Army of Million Hacked IoT Devices Almost Broke the Internet Today

Oct 22, 2016
A massive Distributed Denial of Service (DDoS) attack against Dyn , a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify. But how the attack happened? What's the cause behind the attack? Exact details of the attack remain vague, but Dyn reported a huge army of hijacked internet-connected devices could be responsible for the massive attack. Yes, the same method recently employed by hackers to carry out record-breaking DDoS attack of over 1 Tbps against France-based hosting provider OVH. According to security intelligence firm Flashpoint , Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS. Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of
Massive DDoS Attack Against Dyn DNS Service Knocks Popular Sites Offline

Massive DDoS Attack Against Dyn DNS Service Knocks Popular Sites Offline

Oct 21, 2016
UPDATE — How an army of million of hacked Internet-connected smart devices almost broke the Internet today. Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one such attacks that cause a massive damage to any service. Recently, the Internet witnessed a record-breaking largest DDoS attack of over 1 Tbps against France-based hosting provider OVH, and now the latest victim of the attack is none other than Dyn DNS provider. A sudden outage of popular sites and services, including Twitter, SoundCloud, Spotify, and Shopify, for many users, is causing uproar online. It's because of a DDoS attack against the popular Domain Name System (DNS) service provider Dyn, according to a post on Ycombinator . DNS act as the authoritative reference for mapping domain names to IP addresses. In other words, DNS is simply an Internet's phone book that resolves human-readable web addresses, like thehackerne
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild

Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild

Oct 21, 2016
A nine-year-old critical vulnerability has been discovered in virtually all versions of the Linux operating system and is actively being exploited in the wild. Dubbed " Dirty COW ," the Linux kernel security flaw (CVE-2016-5195) is a mere privilege-escalation vulnerability, but researchers are taking it extremely seriously due to many reasons. First, it's very easy to develop exploits that work reliably. Secondly, the Dirty COW flaw exists in a section of the Linux kernel, which is a part of virtually every distro of the open-source operating system, including RedHat, Debian, and Ubuntu, released for almost a decade. And most importantly, the researchers have discovered attack code that indicates the Dirty COW vulnerability is being actively exploited in the wild. Dirty COW potentially allows any installed malicious app to gain administrative (root-level) access to a device and completely hijack it within just 5 seconds. Earlier this week, Linus Torvalds admi
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Ex-NSA Contractor Stole 50 TB of Classified Data; Includes Top-Secret Hacking Tools

Ex-NSA Contractor Stole 50 TB of Classified Data; Includes Top-Secret Hacking Tools

Oct 21, 2016
Almost two months ago, the FBI quietly arrested NSA contractor Harold Thomas Martin III for stealing an enormous number of top secret documents from the intelligence agency. Now, according to a court document filed Thursday, the FBI seized at least 50 terabytes of data from 51-year-old Martin that he siphoned from government computers over two decades. The stolen data that are at least 500 million pages of government records includes top-secret information about "national defense." If all data stolen by Martin found indeed classified, it would be the largest NSA heist, far bigger than Edward Snowden leaks. According to the new filing, Martin also took "six full bankers' boxes" worth of documents, many of which were marked "Secret" and "Top Secret." The stolen data also include the personal information of government employees. The stolen documents date from between 1996 through 2016. "The document appears to have been printed by the
Over 43 Million Weebly Accounts Hacked; Foursquare Also Hit By Data Breach

Over 43 Million Weebly Accounts Hacked; Foursquare Also Hit By Data Breach

Oct 20, 2016
2016 is the year of data breaches that has made almost every major companies victims to the cyber attacks, resulting in compromise of over billion of online users accounts. Weebly and Foursquare are the latest victims of the massive data breach, joining the list of "Mega-Breaches" revealed in recent months, including LinkedIn , MySpace , VK.com , Tumblr , Dropbox , and the biggest one -- Yahoo . Details for over 43 Million users have been stolen from the San Francisco-based website building service Weebly, according to breach notification site LeakedSource, who had already indexed a copy of the stolen data that it received from an anonymous source. In addition, LeakedSource posted details of the cyber attack in its blog post on Thursday explaining what happened. The attack believed to have been carried out in February 2016. "Unlike nearly every other hack, the Co-founder and CTO of Weebly Chris Fanini fortunately did not have his head buried deeply in the san
Cybersecurity Resources