This Free Solution Provides Essential Third-Party Risk Management for SaaS

Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management (TPRM) and what companies should do to ensure a proper SaaS-TPRM process is in place. In this article we will share 5 tips to manage the third-party risks associated with SaaS, but first... 
What

https://thehackernews.com/2023/11/this-f...ntial.html

North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Threat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country.
"Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the

https://thehackernews.com/2023/11/north-...-in-3.html

Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in Gmail.
"RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and more," according to the&

https://thehackernews.com/2023/11/google...s-new.html

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploi

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software.
The vulnerabilities, both of which reside in the WebKit web browser engine, are described below -

CVE-2023-42916 - An out-of-bounds read issue that could be exploited to

https://thehackernews.com/2023/12/zero-d...t-ios.html

Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection.
The three vulnerabilities are listed below -

CVE-2023-35138 (CVSS score: 9.8) - A command injection vulnerability that could allow an

https://thehackernews.com/2023/12/zyxel-...flaws.html

U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign-Based Agents

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents who are alleged to have facilitated sanctions evasion.
The agents, the Treasury said, helped in "revenue generation and missile-related technology procurement that support the DPRK's

https://thehackernews.com/2023/12/us-tre...orean.html

WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform.
The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else."
Secret Code builds on another feature

https://thehackernews.com/2023/12/whatsa...-lets.html

Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks

The most recent Gcore Radar report and its aftermath have highlighted a dramatic increase in DDoS attacks across multiple industries. At the beginning of 2023, the average strength of attacks reached 800 Gbps, but now, even a peak as high as 1.5+ Tbps is unsurprising. To try and break through Gcore’s defenses, perpetrators made two attempts with two different strategies.

https://thehackernews.com/2023/12/discov...erful.html

Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan

A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called SugarGh0st RAT.
The activity, which commenced no later than August 2023, leverages two different infection sequences to deliver the malware, which is a customized variant of Gh0st RAT 

https://thehackernews.com/2023/12/chines...at-to.html

Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats

The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath of the takedown, provides mitigation

https://thehackernews.com/2023/12/qakbot...tions.html