#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

PayPal Subsidiary Data Breach Hits Up to 1.6 Million Customers

PayPal Subsidiary Data Breach Hits Up to 1.6 Million Customers

Dec 04, 2017
Global e-commerce business PayPal has disclosed a data breach that may have compromised personally identifiable information for roughly 1.6 million customers at a payment processing company PayPal acquired earlier this year. PayPal Holdings Inc. said Friday that a review of its recently acquired company TIO Networks showed evidence of unauthorized access to the company's network, including some confidential parts where the personal information of TIO's customers and customers of TIO billers stored. Acquired by PayPal for US$233 Million in July 2017, TIO Network is a cloud-based multi-channel bill payment processor and receivables management provider that serves the largest telecom, wireless, cable and utility bill issuers in North America. PayPal did not clear when or how the data breach incident took place, neither it revealed details about the types of information being stolen by the hackers, but the company did confirm that its platform and systems were not affecte
Here's the NSA Employee Who Kept Top Secret Documents at Home

Here's the NSA Employee Who Kept Top Secret Documents at Home

Dec 02, 2017
A former employee—who worked for an elite hacking group operated by the U.S. National Security Agency—pleaded guilty on Friday to illegally taking classified documents home , which were later stolen by Russian hackers. In a press release published Friday, the US Justice Department announced that Nghia Hoang Pho , a 67-year-old of Ellicott City, Maryland, took documents that contained top-secret national information from the agency between 2010 and 2015. Pho, who worked as a developer for the Tailored Access Operations (TAO) hacking group at the NSA, reportedly moved the stolen classified documents and tools to his personal Windows computer at home, which was running Kaspersky Lab software. According to authorities, the Kaspersky Labs' antivirus software was allegedly used, one way or another, by Russian hackers to steal top-secret NSA documents and hacking exploits from Pho's home PC in 2015. "Beginning in 2010 and continuing through March 2015, Pho removed an
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
After 27-Year Sentence, Russian Hacker Faces Another 14 Years in Prison

After 27-Year Sentence, Russian Hacker Faces Another 14 Years in Prison

Dec 01, 2017
Roman Valerevich Seleznev , the son of a prominent Russian lawmaker who's already facing a 27-year prison sentence in the United States, has been handed another 14-year prison sentence for his role in an "organized cybercrime ring" that caused $59 Million in damages across the US. In April this year, Seleznev, the 33-year-old son of a Russian Parliament member of the nationalist Liberal Democratic Party (LDPR), was sentenced to 27 years in prison for payment card fraud, causing nearly $170 million in damages to small business and financial institutions in the US. The sentence was so far the longest sentence ever imposed in the United States for a hacking-related case. Now, after pleading guilty in two criminal cases stemming from a hacking probe in September, Seleznev Thursday  received another 14-year prison sentence for racketeering in Nevada and another 14 years for conspiracy to commit bank fraud charges in Georgia. The sentences will run concurrently to
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Google to Block Third-Party Software from Injecting Code into Chrome Browser

Google to Block Third-Party Software from Injecting Code into Chrome Browser

Dec 01, 2017
To improve performance and reduce crashes caused by third-party software on Windows, Google Chrome, by mid-2018, will no longer allow outside applications to run code within its web browser. If you are unaware, many third-party applications, like accessibility or antivirus software, inject code into your web browser for gaining more control over your online activities in order to offer some additional features and function properly. However, Google notes that over 15 percent of Chrome users running third-party applications on their Windows machines that inject code into their web browsers experience crashes—and trust me it's really annoying. But don't you worry. Google now has a solution to this issue. In a blog post published Thursday on Chromium Blog, Google announced its plan to block third-party software from injecting code into Chrome—and these changes will take place in three steps: April 2018 — With the release of Chrome 66, Google will begin informing use
HP Silently Installs Telemetry Bloatware On Your PC—Here's How to Remove It

HP Silently Installs Telemetry Bloatware On Your PC—Here's How to Remove It

Nov 30, 2017
Do you own a Hewlett-Packard (HP) Windows PC or laptop? Multiple HP customers from around the world are reporting that HP has started deploying a "spyware" onto their laptops—without informing them or asking their permission. The application being branded as spyware is actually a Windows Telemetry service deployed by HP, called "HP Touchpoint Analytics Client," which was first identified on November 15. According to reports on several online forums, the telemetry software—which the HP customers said they never opted to have installed and had no idea was continually running in the background—was pushed out in a recent update. However, it's not yet clear whether the software has come with the latest Microsoft's Windows updates, or via HP's support assistant processes. An official description of the software says that the program "harvests telemetry information that is used by HP Touchpoint's analytical services." HP Touchpoint
Cybersecurity Resources