#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Faulty Firmware Auto-Update Breaks Hundreds of 'Smart Locks'

Faulty Firmware Auto-Update Breaks Hundreds of 'Smart Locks'

Aug 15, 2017
More features, more problems! Today, we are living in a digital age that is creating a digital headache for people by connecting every other unnecessary home appliance to the Internet. Last week, nearly hundreds of Internet-connected locks became inoperable after a faulty software update hit some models. Users of remotely accessible smart locks made by Colorado-based company LockState have taken to social media platforms including Twitter to complain that their $469 Lockstate 6000i locks started to fail from last Monday, leaving the keypad entirely useless. LockState's RemoteLock 6i (6000i) is an Internet-connected smart lock that connects to your home Wi-Fi network for remote control and monitoring as well as firmware updates. LockState is even a partner with Airbnb, allowing Airbnb hosts' to give their guests entry code in order to get into hotel properties without having to share physical keys. However, last week many Airbnb customers were unable to use the bu
Warning: Two Dangerous Ransomware Are Back – Protect Your Computers

Warning: Two Dangerous Ransomware Are Back – Protect Your Computers

Aug 15, 2017
Ransomware has been around for a few years but has become an albatross around everyone's neck—from big businesses and financial institutions to hospitals and individuals worldwide—with cyber criminals making millions of dollars. In just past few months, we saw a scary strain of ransomware attacks including WannaCry , Petya and LeakerLocker , which made chaos worldwide by shutting down hospitals, vehicle manufacturing, telecommunications, banks and many businesses. Before WannaCry and Petya , the infamous Mamba full-disk-encrypting ransomware and the Locky ransomware had made chaos across the world last year, and the bad news is—they are back with their new and more damaging variants than ever before. Diablo6: New Variant of Locky Ransomware First surfaced in early 2016, Locky has been one of the largest distributed ransomware infections, infecting organisations across the globe. By tricking victims into clicking on a malicious attachment, Locky ransomware encrypt
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
How Just Opening A Malicious PowerPoint File Could Compromise Your PC

How Just Opening A Malicious PowerPoint File Could Compromise Your PC

Aug 14, 2017
A few months back we reported how opening a simple MS Word file could compromise your computer using a critical vulnerability in Microsoft Office . The Microsoft Office remote code execution vulnerability (CVE-2017-0199) resided in the Windows Object Linking and Embedding (OLE) interface for which a patch was issued in April this year, but threat actors are still abusing the flaw through the different mediums. Security researchers have spotted a new malware campaign that is leveraging the same exploit, but for the first time, hidden behind a specially crafted PowerPoint (PPSX) Presentation file. According to the researchers at Trend Micro, who spotted the malware campaign, the targeted attack starts with a convincing spear-phishing email attachment, purportedly from a cable manufacturing provider and mainly targets companies involved in the electronics manufacturing industry. Researchers believe this attack involves the use of a sender address disguised as a legitimate ema
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Gmail for iOS Adds Anti-Phishing Feature that Warns of Suspicious Links

Gmail for iOS Adds Anti-Phishing Feature that Warns of Suspicious Links

Aug 14, 2017
Phishing — is an older style of cyber-attack but remains one of the most common and efficient attack vectors for attackers, as a majority of banking malware and various ransomware attacks begin with a user clicking on a malicious link or opening a dangerous attachment in an email. Phishing has evolved than ever before in the past few years – which is why it remains one of those threats that we have been combating for many years. We have seen phishing campaigns that are so convincing and effective that even tech-savvy people can be tricked into giving away their credentials to hackers. And some that are " almost impossible to detect " and used to trick even the most careful users on the Internet. To help combat this issue, Google has introduced a security defence for it's over a billion users that will help users weed out phishing emails from their Gmail inbox. Google has rolled out new anti-phishing security checks for its Gmail app for iPhone users that will
Facebook Covertly Launches A Photo-Sharing App In China

Facebook Covertly Launches A Photo-Sharing App In China

Aug 14, 2017
The Chinese market is no doubt a pot of gold for big technology giants with over 700 million internet users, but the Chinese government heavily controls the Internet within its borders through its Golden Shield project – the Great Firewall of China . The Great Firewall has blocked some 171 out of the world's leading websites, including Google, Facebook, Instagram, Twitter, Tumblr, Dropbox, and The Pirate Bay in the country. But tech giants like Facebook and Google always try alternative ways to infiltrate the market. Now it seems like Facebook is trying to secretly enter the largest populous market by releasing an all new social networking app in China that does not carry its brand. Dubbed Colorful Balloons , the photo-sharing app appears to mimic the look and feel of Facebook's Moments, an app that allows its users to share photos with their friends and family members. According to The New York Times, Facebook approved the release of Colorful Balloons back in M
IPS as a Service Blocks WannaCry Spread Across the WAN

IPS as a Service Blocks WannaCry Spread Across the WAN

Aug 14, 2017
One of the most devastating aspects of the recent WannaCry ransomware attack was its self-propagating capability exploiting a vulnerability in the file access protocol, SMB v1. Most enterprises defences are externally-facing, focused on stopping incoming email and web attacks. But, once attackers gain a foothold inside the network through malware, there are very few security controls that would prevent the spread of the attack between enterprise locations in the Wide Area Network (WAN). This is partly due to the way enterprises deploy security tools, such as IPS appliances, and the effort needed to maintain those tools across multiple locations. It's for those reasons Cato Networks recently introduced a context-aware Intrusion Prevention System (IPS) as part of its secure SD-WAN service . There are several highlights in this announcement that challenge the basic concept of how IT security maintains an IPS device and sustains the effectiveness of its protection. Cato Network
Microsoft Launches Ethereum-Based 'Coco Framework' to Speed Up Blockchain Network

Microsoft Launches Ethereum-Based 'Coco Framework' to Speed Up Blockchain Network

Aug 14, 2017
A growing number of enterprises are showing their interest in blockchains , but the underlying software fails to meet key enterprise requirements like performance, confidentiality, governance, and required processing power. However, Microsoft wants to help solve these issues and make it easier for the enterprises to build their networks using any distributed ledger. Microsoft has unveiled a framework called " Coco " — short for " Confidential Consortium " — a new open-source foundation for enterprise blockchain networks . Coco is an Ethereum-based protocol which has been designed to help commercial companies and large-scale enterprises process information on the Ethereum Blockchain with increased privacy. "Coco presents an alternative approach to Ledger construction, giving enterprises the scalability, distributed governance and enhanced confidentiality they need without sacrificing the inherent security and immutability they expect," Mark Russi
Cybersecurity Resources