THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps

THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps,

Any app that can improve business operations is quickly added to the SaaS stack. However, employees don’t realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk.
Whether employees connect through Microsoft 365, Google Workspace, Slack, Salesforce, or any other app, security teams have no way to quantify their

,

Any app that can improve business operations is quickly added to the SaaS stack. However, employees don’t realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk.
Whether employees connect through Microsoft 365, Google Workspace, Slack, Salesforce, or any other app, security teams have no way to quantify their

, ,
https://thehackernews.com/2023/03/thn-webinar-inside-high-risk-of-3rd.html

GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations,

Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations « out of an abundance of caution » after it was briefly exposed in a public repository.
The activity, which was carried out at 05:00 UTC on March 24, 2023, is said to have been undertaken as a measure to prevent any bad actor from impersonating the service or

,

Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations « out of an abundance of caution » after it was briefly exposed in a public repository.
The activity, which was carried out at 05:00 UTC on March 24, 2023, is said to have been undertaken as a measure to prevent any bad actor from impersonating the service or

, ,
https://thehackernews.com/2023/03/github-swiftly-replaces-exposed-rsa-ssh.html

Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies

Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies

,

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions.
The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich.
Attack chains mounted by the group commence with a

,

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions.
The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich.
Attack chains mounted by the group commence with a

, ,
https://thehackernews.com/2023/03/researchers-uncover-chinese-nation.html

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites,

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites.
The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1.
Put differently, the issue could permit

,

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites.
The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1.
Put differently, the issue could permit

, ,
https://thehackernews.com/2023/03/critical-woocommerce-payments-plugin.html

Comment la police a utilisé un AirTag pour piéger des trafiquants de drogue

Comment la police a utilisé un AirTag pour piéger des trafiquants de drogue,

Les AirTags, d'Apple.

N’en déplaise à Apple, la police fédérale américaine s’est servie d’un AirTag pour enquêter sur un trafic de drogues.

,

Les AirTags, d'Apple.

N’en déplaise à Apple, la police fédérale américaine s’est servie d’un AirTag pour enquêter sur un trafic de drogues.

, ,
https://www.01net.com/actualites/comment-police-utilise-airtag-pieger-trafiquants-drogues.html

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts,

Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI’s ChatGPT service to harvest Facebook session cookies and hijack the accounts.
The « ChatGPT For Google » extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal. It was originally

,

Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI’s ChatGPT service to harvest Facebook session cookies and hijack the accounts.
The « ChatGPT For Google » extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal. It was originally

, ,
https://thehackernews.com/2023/03/fake-chatgpt-chrome-browser-extension.html

Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps

Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps,

An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud.
« Nexus appears to be in its early stages of development, » Italian cybersecurity firm Cleafy said in a report published this week.
« Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and

,

An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud.
« Nexus appears to be in its early stages of development, » Italian cybersecurity firm Cleafy said in a report published this week.
« Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and

, ,
https://thehackernews.com/2023/03/nexus-new-rising-android-banking-trojan.html

2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks

2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks,

In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions introduced into the market. With this rise in threats, budgets, and solutions, how prepared are industries

,

In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions introduced into the market. With this rise in threats, budgets, and solutions, how prepared are industries

, ,
https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html

Bitcoin : des pirates ont dépouillé des distributeurs automatiques de cryptos

Bitcoin : des pirates ont dépouillé des distributeurs automatiques de cryptos,

hack bitcoin atm

Des hackers ont découvert une faille de sécurité dans certains distributeurs automatiques de Bitcoin. En exploitant la brèche, ils ont volé 1,5 million de dollars en cryptomonnaies à l’insu du fabricant, General Bytes.

,

hack bitcoin atm

Des hackers ont découvert une faille de sécurité dans certains distributeurs automatiques de Bitcoin. En exploitant la brèche, ils ont volé 1,5 million de dollars en cryptomonnaies à l’insu du fabricant, General Bytes.

, ,
https://www.01net.com/actualites/bitcoin-pirates-depouille-distributeurs-automatiques-cryptos.html

Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers

Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers,

Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023.
The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell based on tooling overlaps.
« The initial attack phase involves infiltrating Internet-facing Microsoft Exchange servers to deploy

,

Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023.
The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell based on tooling overlaps.
« The initial attack phase involves infiltrating Internet-facing Microsoft Exchange servers to deploy

, ,
https://thehackernews.com/2023/03/operation-soft-cell-chinese-hackers.html