Nov 02, 2023The Hacker NewsSaaS Security / Software This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique "freemium" model Securing employees' SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches and … [Read more...] about SaaS Security is Now Accessible and Affordable to All
cyber attacks
LayerX’s Enterprise Browser Security Extension
The browser has become the main work interface in modern enterprises. It's where employees create and interact with data, and how they access organizational and external SaaS and web apps. As a result, the browser is extensively targeted by adversaries. They seek to steal the data it stores and use it for malicious access to organizational SaaS apps or the hosting machine. … [Read more...] about LayerX’s Enterprise Browser Security Extension
Malicious NuGet Packages Caught Distributing SeroXen RAT Malware
Oct 31, 2023NewsroomSoftware Security / Malware Cybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment. Software supply chain security firm ReversingLabs described the campaign as coordinated and ongoing since August 1, 2023, while linking it to a host of rogue NuGet … [Read more...] about Malicious NuGet Packages Caught Distributing SeroXen RAT Malware
5 Must-Know Trends Impacting AppSec
Oct 30, 2023The Hacker NewsWebinar / Web App Security Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public … [Read more...] about 5 Must-Know Trends Impacting AppSec
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
Oct 28, 2023NewsroomPrivacy / Data Security New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany. "The attacker has issued several new TLS certificates using Let's … [Read more...] about Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws
Oct 27, 2023NewsroomCyber Attack / Malware The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and … [Read more...] about N. Korean Lazarus Group Targets Software Vendor Using Known Flaws
How to Keep Your Business Running in a Contested Environment
When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats. At the heart of your business lies your operational technology and critical systems. This places them at the forefront of … [Read more...] about How to Keep Your Business Running in a Contested Environment
The Danger of Forgotten Pixels on Websites: A New Case Study
Oct 26, 2023The Hacker NewsWeb Security / Data Protection While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases. Download the full case study here. It's a scenario that could … [Read more...] about The Danger of Forgotten Pixels on Websites: A New Case Study
Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software
Oct 25, 2023NewsroomThreat Intelligence / Vulnerability The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou … [Read more...] about Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software
34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online Scams
Oct 24, 2023NewsroomCyber Fraud / Cyber Crime Spanish law enforcement officials have announced the arrest of 34 members of a criminal group that carried out various online scams, netting the gang about €3 million ($3.2 million) in illegal profits. Authorities conducted searches across 16 locations Madrid, Malaga, Huelva, Alicante, and Murcia, seizing two simulated firearms, a … [Read more...] about 34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online Scams