Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user's base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of … [Read more...] about Getting Permissions All in One Place
software vulnerability
Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator
The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury's Office of Foreign Assets Control … [Read more...] about Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator
Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution
May 06, 2024NewsroomVulnerability / Server Security More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free … [Read more...] about Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution
Microsoft Outlook Flaw Exploited by Russia’s APT28 to Hack Czech, German Entities
Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic's Ministry of Foreign Affairs (MFA), in a statement, said some … [Read more...] about Microsoft Outlook Flaw Exploited by Russia’s APT28 to Hack Czech, German Entities
Expert-Led Webinar – Uncovering Latest DDoS Tactics and Learn How to Fight Back
May 03, 2024The Hacker NewsLive Webinar / Server Security In today's rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent … [Read more...] about Expert-Led Webinar – Uncovering Latest DDoS Tactics and Learn How to Fight Back
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications
May 03, 2024NewsroomCloud Security / Threat Intelligence Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a … [Read more...] about Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications
Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw
May 02, 2024NewsroomVulnerability / Android Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory. "The implications of this vulnerability pattern include arbitrary code execution and token … [Read more...] about Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw
Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds
May 01, 2024NewsroomFinancial Crime / Forensic Analysis A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet market. The findings come from … [Read more...] about Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds
Millions of Malicious ‘Imageless’ Containers Planted on Docker Hub Over 5 Years
Apr 30, 2024NewsroomDocker Hub / Supply Chain Attack Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositories in Docker Hub are … [Read more...] about Millions of Malicious ‘Imageless’ Containers Planted on Docker Hub Over 5 Years
China-Linked ‘Muddling Meerkat’ Hijacks DNS to Map Internet on Global Scale
A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely affiliated with the People's Republic of China … [Read more...] about China-Linked ‘Muddling Meerkat’ Hijacks DNS to Map Internet on Global Scale