The Hacker News Daily Updates
[Newsletter]( [cover]( [THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps]( Don't be a victim of 3rd-Party SaaS App breaches - Learn how to protect your business! [Download Now]( Sponsored LATEST NEWS Mar 27, 2023 [Where SSO Falls Short in Protecting SaaS]( Single sign-on (SSO) is an authentication method that allows users to authenticate their identity for multiple applications with just one set of credentials. From a security standpoint, SSO is the gold standard. It ensures access without forcing users to remember multiple passwords and can be further secured with MFA. Furthermore, an estimated 61% of attacks stem from stolen credentials. ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords]( A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs. "MacStealer has ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [Automate compliance, simplify security, build trust]( To close and grow major customers, you have to earn trust. But demonstrating security and compliance can be time-consuming and expensive. Unless you use Vanta. See if Vanta is right for your business with a free trial of our SOC 2 compliance framework and Access Reviews ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools]( Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals]( In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers]( Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident]( OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users' conversations from the chat history sidebar, prompting the company ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data]( A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. It has since been taken down, but not before ... [Read More](
[Twitter]( [Facebook]( [LinkedIn]( [cover]( [THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps]( Don't be a victim of 3rd-Party SaaS App breaches - Learn how to protect your business! [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com
[Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India