#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

10 Most Impactful PAM Use Cases for Enhancing Organizational Security

10 Most Impactful PAM Use Cases for Enhancing Organizational Security

Nov 21, 2024 Privileged Access / Password Management
Privileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team.  As an established provider of a PAM solution , we've witnessed firsthand how PAM transforms organizational security. In this article, we aim to show you how PAM can secure your company in real, impactful ways.  1. Enforcing the principle of least privilege Giving users just enough access to perform their duties is fundamental to maintaining a robust security posture. PAM solutions enable you to grant minimum permissions to employees essential for their work, helping you prevent privilege misuse and potential security incidents. For example, with PAM, you can securely grant access to sensitive payment systems exclusively for your finance department. When you enforce the principle of least privilege at t...
North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs

North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs

Nov 21, 2024 Malware / Cyber Fraud
Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and managing payments," SentinelOne security researchers Tom Hegel and Dakota Cary said in a report shared with The Hacker News. North Korea's network of IT workers, both in an individual capacity and under the cover of front companies, is seen as a technique to evade international sanctions imposed on the country and generate illicit revenues. The global campaign, which is also tracked as Wagemole by Palo Alto Networks Unit 42, entails using forged identities to obtain employment at various companies in the U.S. and elsewhere, and send back a huge portion of their wages bac...
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

Jan 14, 2025SaaS Security / Generative AI
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025. What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third-party risk. And, this growing attack surface, much of which is unknown or unmanaged in most orgs, has become an attractive target for attackers. So, why should you prioritize securing your SaaS attack surface in 2025? Here are 4 reasons. ‍ 1. Modern work runs on SaaS. When's the last time you used something other than a cloud-based app to do your work? Can't remember? You're not alone.  Outside of ...
Cyber Story Time: The Boy Who Cried "Secure!"

Cyber Story Time: The Boy Who Cried "Secure!"

Nov 21, 2024 Threat Detection / Pentesting
As a relatively new security category, many security operators and executives I've met have asked us "What are these Automated Security Validation (ASV) tools?" We've covered that pretty extensively in the past, so today, instead of covering the " What is ASV?" I wanted to address the " Why ASV?" question. In this article, we'll cover some common use cases and misconceptions of how people misuse and misunderstand ASV tools daily (because that's a lot more fun). To kick things off, there's no place to start like the beginning. Automated security validation tools are designed to provide continuous, real-time assessment of an organization's cybersecurity defenses. These tools are continuous and use exploitation to validate defenses like EDR, NDR, and WAFs. They're more in-depth than vulnerability scanners because they use tactics and techniques that you'll see in manual penetration tests. Vulnerability scanners won't relay hashes or combine vulnerabilities to further attacks, whic...
cyber security

2024: A Year of Identity Attacks | Get the New eBook

websitePush SecurityIdentity Security
Prepare to defend against identity attacks in 2025 by looking back at identity-based breaches in 2024.
Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

Nov 21, 2024 ICS Security / IoT Security
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis , which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America, and 0.5% in Africa. The countries with the most ICS service exposures include the U.S. (more than 48,000), Turkey, South Korea, Italy, Canada, Spain, China, Germany, France, the U.K., Japan, Sweden, Taiwan, Poland, and Lithuania. The metrics are derived from the exposure of several commonly-used ICS protocols like Modbus, IEC 60870-5-104, CODESYS, OPC UA, and others. One important aspect that stands out is that the attack surfaces are regionally unique: Modbus, S7, and IEC 60870-5-104 are more widely observed in Europe, while Fox, BACnet, ATG, and C-more are more commonly found in North Ame...
5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

Nov 21, 2024 Cryptocurrency / Identity Theft
Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft. They include - Ahmed Hossam Eldin Elbadawy, 23, aka AD, of College Station, Texas Noah Michael Urban, 20, aka Sosa and Elijah, of Palm Coast, Florida Evans Onyeaka Osiebo, 20, of Dallas, Texas Joel Martin Evans, 25, aka joeleoli, of Jacksonville, North Carolina; and Tyler Robert Buchanan, 22, aka tylerb, of the U.K. While the name Scattered Spider  is not directly referenced in the indictment document, it has been described as "a loosely organized financi...
Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

Nov 21, 2024 Artificial Intelligence / Software Security
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets," Google's open-source security team said in a blog post shared with The Hacker News. The OpenSSL vulnerability in question is CVE-2024-9143 (CVSS score: 4.3), an out-of-bounds memory write bug that can result in an application crash or remote code execution. The issue has been addressed in OpenSSL versions 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, and 1.0.2zl. Google, which added the ability to leverage large language models (LLMs) to improve fuzzing coverage in OSS-Fuzz in August 2023, said the vulnerability has likely been present in the codebase for two decades and that it "wo...
NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

Nov 21, 2024 Financial Fraud / Data Breach
Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher Jan Michael Alcantara said in a report shared with The Hacker News. "New techniques used by NodeStealer include using Windows Restart Manager to unlock browser database files, adding junk code, and using a batch script to dynamically generate and execute the Python script." NodeStealer , first publicly documented by Meta in May 2023, started off as JavaScript malware before evolving into a Python stealer capable of gathering data related to Facebook accounts in order to facilitate their takeover. It's assessed to be developed by Vietnamese threat actors, who...
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Nov 20, 2024 Payment Security / Cybercrime
Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. "Criminals can now misuse Google Pay and Apple Pay to transmit your tap-to-pay information globally within seconds," the Dutch security company told The Hacker News in a statement. "This means that even without your physical card or phone, they can make payments from your account anywhere in the world." These attacks typically work by tricking victims into downloading mobile banking malware that can capture their banking credentials and one-time passwords using an overlay attack or a keylogger. Alternatively, it can involve a voice phishing component. Once in possession of the card details, the threat actors m...
NHIs Are the Future of Cybersecurity: Meet NHIDR

NHIs Are the Future of Cybersecurity: Meet NHIDR

Nov 20, 2024 Identity Security / Cyber Defense
The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take months to detect and contain such breaches, rapid detection and response can stop an attack in its tracks. The Rise of Non-Human Identities in Cybersecurity By 2025, non-human identities will rise to be the primary attack vector in cybersecurity. As businesses increasingly automate processes and adopt AI and IoT technologies, the number of NHIs grows exponentially. While these systems drive efficiency, they also create an expanded attack surface for cybercriminals. NHIs differ fundamentally from human users, making traditional security tools like multi-factor authentication and user behavior...
Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Nov 20, 2024 Linux / Vulnerability
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that users move quickly to apply the fixes. The vulnerabilities are believed to have existed since the introduction of interpreter support in needrestart 0.8 , which was released on April 27, 2014. "These needrestart exploits allow Local Privilege Escalation (LPE) which means that a local attacker is able to gain root privileges," Ubuntu said in an advisory, noting they have been addressed in version 3.8. "The vulnerabilities affect Debian, Ubuntu, and other Linux distributions." Needrestart is a utility that scans a system to determine the services that need to be restarted a...
Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Nov 20, 2024 Endpoint Security / AI Research
Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech giant said, is to avoid incidents like that of CrowdStrike's earlier this July, enable more apps and users to be run without admin privileges, add controls surrounding the use of unsafe apps and drivers, and offer options to encrypt personal data. One of the most important features is Quick Machine Recovery that's expected to be available to the Windows Insider Program community in early 2025. "This feature will enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC," David Weston, vice president of enterprise and OS security at Microsoft, said . "This remote recovery will unblock your employees from broad issues much faster than what has been possible in the past." ...
China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Nov 20, 2024 Cyber Espionage / Telecom Security
A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda , describing it as possessing deep knowledge about telecommunications networks, the protocols that undergird telecommunications, and the various interconnections between providers. The threat actor's malware portfolio includes bespoke tools that facilitate clandestine access, command-and-control (C2), and data exfiltration. "Liminal Panda has used compromised telecom servers to initiate intrusions into further providers in other geographic regions," the company's Counter Adversary Operations team said in a Tuesday analysis. "The adversary conducts elements of their intrusion activity using protocols that support mobile telecommunicati...
Expert Insights / Articles Videos
Cybersecurity Resources