#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

How to Start a Career in Cybersecurity: All You Need to Know

How to Start a Career in Cybersecurity: All You Need to Know

Oct 08, 2018
Cybersecurity is one of the most dynamic and exciting fields in tech, combining cutting-edge information technology with crime fighting. It's also an industry in serious need of qualified professionals. Estimates show that there are over one million unfilled cybersecurity jobs. The U.S. Bureau of Labor Statistics projects that employment of information security analysts will grow 28 percent from 2016 to 2026, "much faster than the average for all occupations." This presents a massive opportunity for people looking to break into the industry. If you want to join the next generation of cybersecurity professionals, Springboard has done all of the research for you in building the Cybersecurity Career Track . Here's what you need to know: Key Roles in Cybersecurity First, we have to drill down to the different roles and specialties within cybersecurity so you know which might be the best fit for you. There are three broad categories of roles here, analysts, engineers and archite
Silk Road Admin Pleads Guilty – Could Face Up to 20 Years in Prison

Silk Road Admin Pleads Guilty – Could Face Up to 20 Years in Prison

Oct 06, 2018
An Irish national who helped run the now-defunct dark web marketplace Silk Road pleaded guilty on Friday to drug trafficking charges that carry a maximum sentence of 20 years in prison. Gary Davis , also known as Libertas, was one of the site administrators and forum moderators for Silk Road, then-largest underground marketplace on the Internet used by thousands of users to sell and buy drugs and other illegal goods and services. Silk Road went down after the law enforcement raided its servers in 2013 and arrested its founder Ross William Ulbricht , who has been sentenced to life in prison after being convicted on multiple counts related to the underground drug marketplace. The FBI also seized Bitcoins (worth about $33.6 million, at the time) from the website. Those Bitcoins were later sold in a series of auctions by the United States Marshals Service (USMS). According to a press release published by US Department of Justice, Davis helped the black market website "r
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Chinese Spying Chips Found Hidden On Servers Used By US Companies

Chinese Spying Chips Found Hidden On Servers Used By US Companies

Oct 04, 2018
A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state. According to a lengthy report published today by Bloomberg, a tiny surveillance chip, not much bigger than a grain of rice, has been found hidden in the servers used by nearly 30 American companies, including Apple and Amazon. The malicious chips, which were not part of the original server motherboards designed by the U.S-based company Super Micro, had been inserted during the manufacturing process in China. The report, based on a 3-year-long top-secret investigation in the United States, claims that the Chinese government-affiliated groups managed to infiltrate the supply chain to install tiny surveillance chips to motherboards which ended up in servers deployed by U.S. military, U.S. intelligence agencies, and many U.S. companies like Apple and Amazon. "Apple made its discovery of suspi
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Wi-Fi Gets Simplified Version Numbers and Next Version is Wi-Fi 6

Wi-Fi Gets Simplified Version Numbers and Next Version is Wi-Fi 6

Oct 03, 2018
Do you know what is the latest version of Wi-Fi? It's okay if you don't know. It is — Wi-Fi is 802.11ac. I am sure many of us can't answer this question immediately because the Wi-Fi technology doesn't have a traditional format of version numbers… at least until yesterday. The Wi-Fi Alliance—the group that manages the implementation of Wi-Fi—has today announced that the next version of WiFi standard, which is 802.11ax, will use a simpler naming scheme and will be called WiFi 6. Wi-Fi 6, based on the IEEE 802.11ax standard, will offer higher data rates, increased capacity, good performance—even in dense environments (such as stadiums or public venues) and improved power efficiency, making it perfect choice for smart home and IoT uses). Of course, the updated version names of all previous Wi-Fi standards will now be: 802.11b → Wi-Fi 1 802.11a → Wi-Fi 2 802.11g → Wi-Fi 3 802.11n → Wi-Fi 4, 802.11ac (current) → Wi-Fi 5 This new straightforward approach
Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

Oct 03, 2018
The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra . Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations, aerospace, financial and critical infrastructure sectors across the world. The group had also reportedly been associated with the WannaCry ransomware menace that last year shut down hospitals and big businesses worldwide, the SWIFT Banking attack in 2016, as well as the Sony Pictures hack in 2014. Now, the FBI, the Department of Homeland Security (DHS), and the Department of the Treasury have released details about a new cyber attack, dubbed " FASTCash ," that Hidden Cobra has been using since at least 2016 to cash out ATMs by compromising the bank server. FASTCash Hack
Facebook Finds 'No Evidence' Hackers Accessed Connected Third-Party Apps

Facebook Finds 'No Evidence' Hackers Accessed Connected Third-Party Apps

Oct 03, 2018
When Facebook last weekend disclosed a massive data breach—that compromised access tokens for more than 50 million accounts —many feared that the stolen tokens could have been used to access other third-party services, including Instagram and Tinder, through Facebook login. Good news is that Facebook found no evidence "so far" that proves such claims. In a blog post published Tuesday, Facebook security VP Guy Rosen revealed that investigators "found no evidence" of hackers accessing third-party apps with its "Login with Facebook" feature. "We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login," Rosen says. This does not mean that the stolen access tokens that had already been revoked by Facebook do not pose any threat to thousands of third-party services using Face
Google Announces 5 Major Security Updates for Chrome Extensions

Google Announces 5 Major Security Updates for Chrome Extensions

Oct 02, 2018
Google has made several new announcements for its Chrome Web Store that aims at making Chrome extensions more secure and transparent to its users. Over a couple of years, we have seen a significant rise in malicious extensions that appear to offer useful functionalities, while running hidden malicious scripts in the background without the user's knowledge. However, the best part is that Google is aware of the issues and has proactively been working to change the way its Chrome web browser handles extensions. Earlier this year, Google banned extensions using cryptocurrency mining scripts and then in June, the company also disabled inline installation of Chrome extensions completely. The company has also been using machine learning technologies to detect and block malicious extensions. To take a step further, Google announced Monday five major changes that give users more control over certain permissions, enforces security measures, as well as makes the ecosystem more t
New iPhone Passcode Bypass Hack Exposes Photos and Contacts

New iPhone Passcode Bypass Hack Exposes Photos and Contacts

Oct 02, 2018
Looking for a hack to bypass the passcode or screen lock on iPhones? Jose Rodriguez, an iPhone enthusiast, has discovered a passcode bypass vulnerability in Apple's new iOS version 12 that potentially allows an attacker to access photos and contacts, including phone numbers and emails, on a locked iPhone XS and other recent iPhone models. Rodriguez, who also discovered iPhone lock screen hacks in the past, has posted two videos (in Spanish) on his YouTube channel under the account name Videosdebarraquito demonstrating a complicated 37-step iPhone passcode bypass process. The iPhone authorization screen bypass flaw works on the latest iPhones, including the iPhone XS, running Apple's latest iOS 12 beta and iOS 12 operating systems. Video Demonstrations: Here's How to Bypass iPhone Passcode As you can watch in the video demonstrations, the iPhone hack works provided the attacker has physical access to the targeted iPhone that has Siri enabled and Face ID either disa
13 Free Movie Download Sites 2020 — Watch HD Movies Online

13 Free Movie Download Sites 2020 — Watch HD Movies Online

Oct 01, 2018
When you search for free movie download or watch free movies online, search engines serve you a long list of best free movie websites. But you need to beware, as most free movies files and free movie site could end you up into downloading links to nasty computer viruses. They could infect or, at worst case, take control over your computer. One more thing I have learned in these years is that most top torrent sites, including  Kickass Torrents and Pirate Bay , are illegal as they violate copyright laws. So, before downloading movies, make sure those movies are legal to download. But, there are hundreds of torrents available on the Internet, which are legal to download. We receive emails from our readers on a daily basis who ask for legal sites like Tubi TV to download free movies and TV series. The query is fair enough because it is no easy to get free streaming sites or free movie download websites without breaking laws. Best Free Movie Download Websites (Legally) So in
GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

Oct 01, 2018
Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed GhostDNS , the campaign has many similarities with the infamous DNSChanger malware that works by changing DNS server settings on an infected device, allowing attackers to route the users' internet traffic through malicious servers and steal sensitive data. According to a new report from cybersecurity firm Qihoo 360's NetLab, just like the regular DNSChanger campaign, GhostDNS scans for the IP addresses for routers that use weak or no password at all, accesses the routers' settings, and then changes the router's default DNS address to the one controlled by the attackers. GhostDNS System: List of Modules and Sub-Modules The GhostDNS system mainly includes four modules:
Cybersecurity Resources