SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave…
Tag: The Hacker News
Discover Latest Ransomware Tactics and Zero Trust Strategies in This Expert Webinar
Ransomware is no longer just a threat; it’s an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there’s good news: you don’t have to…
New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities
Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved capabilities to conduct device takeover (DTO) and perform fraudulent transactions. The new version has been codenamed Octo2 by the malware author, Dutch…
Telegram Agrees to Share User Data With Authorities for Criminal Investigations
In a major policy reversal, the popular messaging app Telegram has announced it will give users’ IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform.…
Why ‘Never Expire’ Passwords Can Be a Risky Decision
Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy.…
THN Cybersecurity Recap: Last Week’s Top Threats and Trends (September 16-22)
Hold on tight, folks, because last week’s cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling “dream jobs” to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the…
Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls
Popular social messaging platform Discord has announced that it’s rolling out a new custom end-to-end encrypted (E2EE) protocol to secure audio and video calls. The protocol has been dubbed DAVE, short for Discord’s audio and video end-to-end encryption (“E2EE A/V”).…
Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of…
New PondRAT Malware Hidden in Python Packages Targets Software Developers
Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit…
Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware
A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools. The intrusion activity, which…