Link Search Menu Expand Document
BSafes Library

Education

April 23, 2025

Cookie-Bite: How Your Digital Crumbs Let Threat Actors Bypass MFA and Maintain Access to Cloud Environments Full Text

Abstract A new proof-of-concept attack dubbed Cookie-Bite demonstrates how a malicious Chrome extension can steal Azure Entra ID session cookies to bypass multi-factor authentication (MFA) and maintain unauthorized access to Microsoft cloud services.

Varonis

December 12, 2024

Preventing Data Leakage in Low-Node/No-Code Environments Full Text

Abstract Low-code/no-code (LCNC) platforms enable application development by citizen developers, often generating “shadow engineering” projects that evade security oversight. While they foster agility and innovation, they also bring risks like data leakage.

Help Net Security

September 12, 2024

Cybersecurity is a Fundamental Component of Patient Care and Safety Full Text

Abstract A multipronged cybersecurity approach is necessary for the healthcare sector, involving technology investments, staff training, and collaboration between stakeholders to develop industry-wide standards and best practices.

Help Net Security

September 11, 2024

AI Cybersecurity Needs to be as Multi-Layered as the System it’s Protecting Full Text

Abstract LLMs can be manipulated to generate harmful outputs through malicious prompts, posing risks to enterprises. To counter these attacks, companies must focus on the design, development, deployment, and operation of their AI systems.

Help Net Security

August 27, 2024

Two Strategies to Protect Your Business From the Next Large-Scale Tech Failure Full Text

Abstract Diversifying suppliers and systems can help minimize risks, as shown by corporations that purchase networking equipment from multiple vendors to prevent total network failure in case of vendor issues.

Help Net Security

August 17, 2024

Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities - Check Point Research Full Text

Abstract Server-Side Template Injection (SSTI) vulnerabilities are a growing concern in web applications, allowing attackers to inject malicious code into templates and gain control over servers.

Check Point

August 14, 2024

How CIOs, CTOs, and CISOs View Cyber Risks Differently Full Text

Abstract C-suite executives face the challenge of balancing technological innovation with cybersecurity resilience. A report by LevelBlue highlighted the complexities of their roles and the need for strategic cybersecurity approaches.

Help Net Security

August 7, 2024

The Role of AI in Cybersecurity Operations Full Text

Abstract AI can analyze data quickly, detect patterns of malicious behavior, and automate routine tasks like alert triaging and log analysis. However, human oversight is still necessary to ensure the accuracy and relevance of AI-generated insights.

Help Net Security

August 2, 2024

Threat Intelligence: A Blessing and a Curse? Full Text

Abstract Access to timely and accurate threat intelligence is essential for organizations, but it can be overwhelming to navigate the vast amount of available data and feeds. Balancing comprehensive information with relevance is crucial.

Help Net Security

July 22, 2024

Analyzing Container Escape Techniques in Cloud Environments Full Text

Abstract While containers offer efficiency, they are vulnerable to attacks exploiting misconfigurations. Attackers can execute code or escalate privileges, endangering organizational security.

Palo Alto Networks

July 10, 2024 – Phishing

Regional Transport Office Themed Phishing Campaign Targets Android Users In India Full Text

Abstract Phishing messages impersonating the Regional Transport Office have been circulating since 2024, claiming traffic violations and prompting users to download a malicious APK named "VAHAN PARIVAHAN.apk".

Cyble As CISOs Grapple with the C-Suite, Job Satisfaction Takes a Hit Full Text

Abstract Research shows that 75% of CISOs are considering a job change due to various challenges and pressures. CISOs often face accountability for cyber incidents and compliance failures, leading to discontent.

Cybersecurity Dive

May 20, 2024

The Importance of Access Controls in Incident Response Full Text

Abstract Adequate IAM policies are essential for incident management tooling to ensure the right people can quickly address issues without being blocked. Authentication verifies a person's identity, while authorization manages permissions and access levels.

Help Net Security

May 14, 2024

Why Tokens are Like Gold for Opportunistic Threat Actors Full Text

Abstract Tokens are valuable assets for threat actors, as they can be easily obtained through various attack methods and provide unauthorized access to corporate systems without requiring multi-factor authentication.

Dark Reading

April 2, 2024

How to Design and Deliver an Effective Cybersecurity Exercise Full Text

Abstract Armed forces have always utilized war-gaming exercises for battlefield training to prepare for times of conflict. With today’s digital transformation, the same concept is being applied in the form of cybersecurity exercises.

Help Net Security

March 11, 2024

How New and Old Security Threats Keep Persisting Full Text

Abstract New research by Cymulate highlights the correlation between threat exposures, vulnerabilities, misconfigurations, and security controls. It emphasizes the importance of proactive security measures to prevent cyberattacks.

Cyware

February 07, 2024

New Webinar: 5 Steps to vCISO Success for MSPs and MSSPs Full Text

Abstract 2024 will be the year of the vCISO. An incredible 45% of MSPs and MSSPs are  planning to start offering  vCISO services in 2024. As an MSP/MSSP providing vCISO services, you own the organization's cybersecurity infrastructure and strategy. But you also need to position yourself as a reliable decision-maker, navigating professional responsibilities, business needs and leadership requirements. A  new webinar by Cynomi , vCISO platform leader, hosting CISO and vCISO veteran Jesse Miller from PowerPSA Consulting, provides MSPs and MSSPs with an effective 100-day plan to build themselves up for success. The webinar provides a tangible five-step 100-day action plan that any MSP/MSSP can follow when they engage with a new vCISO client. It also provides guidance on vCISO goals and pitfalls to avoid. By watching the webinar, you can position yourself as a strategic and long-term partner for your clients. They will see you as capable of driving security transformation and managing security con

The Hacker News

February 06, 2024

How a $10B Enterprise Customer Drastically Increased their SaaS Security Posture with 201% ROI by Using SSPM Full Text

Abstract SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration – can also be exploited by threat actors. Recently, Adaptive Shield commissioned a Total Economic Impact™ (TEI) study conducted by Forrester Consulting. The study demonstrates the impactful ROI achieved by a multimedia company with an annual revenue of $10 billion. While the quantitative ROI is significant, at 201%, the qualitative security ROI improvements were substantial.  Figure 1: Summary of the TEI Study In this article, we'll examine the study's findings of how Adaptive Shield's SaaS Security Posture Management (SSPM) platform impacted this global enterprise.  Learn how a $10B media firm dramatically improved their security posture with SSPM The Organization's Top SaaS Challenges

The Hacker News

January 29, 2024

493 Companies Share Their SaaS Security Battles – Get Insights in this Webinar Full Text

Abstract In today's digital world, security risks are more prevalent than ever, especially when it comes to Software as a Service (SaaS) applications. Did you know that an alarming 97% of companies face serious risks from unsecured SaaS applications? Moreover, about 20% of these organizations are struggling with internal data threats. These statistics aren't just numbers; they're a wake-up call. We're excited to invite you to a not-to-be-missed webinar, " Critical SaaS Security Do's and Don'ts: Insights from 493 Companies ," with Ran Senderovitz , the Chief Operating Officer of Wing Security. Ran isn't just going to talk about the problems; he's going to dive deep into the realities of SaaS security, backed by extensive research and data analysis from almost 500 companies using SaaS. Here's What This Webinar Offers: Insights Across Data, SaaS Applications, Users, and AI: Explore a comprehensive analysis of the statistics about SaaS security, di

The Hacker News

January 29, 2024

493 Companies Share Their SaaS Security Battles – Get Insights in this Webinar Full Text

Abstract In today's digital world, security risks are more prevalent than ever, especially when it comes to Software as a Service (SaaS) applications. Did you know that an alarming 97% of companies face serious risks from unsecured SaaS applications? Moreover, about 20% of these organizations are struggling with internal data threats. These statistics aren't just numbers; they're a wake-up call. We're excited to invite you to a not-to-be-missed webinar, " Critical SaaS Security Do's and Don'ts: Insights from 493 Companies ," with Ran Senderovitz , the Chief Operating Officer of Wing Security. Ran isn't just going to talk about the problems; he's going to dive deep into the realities of SaaS security, backed by extensive research and data analysis from almost 500 companies using SaaS. Here's What This Webinar Offers: Insights Across Data, SaaS Applications, Users, and AI: Explore a comprehensive analysis of the statistics about SaaS security, di

The Hacker News

January 25, 2024

Organizations need to switch gears in their approach to email security Full Text

Abstract According to Egress, email security incidents continue to have severe impacts on organizations, with 94% experiencing security incidents in the past year, including data loss, exfiltration, and phishing attacks.

Cyware

January 19, 2024

Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators Full Text

Abstract In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It's the lifeblood of any organization in today's interconnected and digital world. Thus, safeguarding the data is of paramount importance. Its importance is magnified in on-premises Exchange Server environments where vital business communication and emails are stored and managed.  In this article, you will learn about the evolving threats of data loss, the shift in responsibilities of administrators, and key backup and recovery strategies for preventing data loss in the Exchange Server environment. Data Loss Scenarios in Exchange Servers Data loss in on-premises Exchange Server environment has become increasingly common. Cybersecurity threats, like ransomware attacks, have emerged as a significant cause of data loss in recent years, with many financially motivated threat actors increasingly targeting the vulnerabilities in Exchange Servers. These attackers try to exploit

The Hacker News

January 18, 2024

MFA Spamming and Fatigue: When Security Measures Go Wrong Full Text

Abstract In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an additional layer of protection against unauthorized access. However, cybercriminals are relentless in their pursuit of finding ways to  bypass MFA systems . One such method gaining traction is MFA spamming attacks, also known as MFA fatigue, or  MFA bombing . This article delves into MFA spamming attacks, including the best practices to mitigate this growing threat. What is MFA spamming? MFA spamming refers to the malicious act of inundating a target user's email, phone, or other registered devices with numerous MFA prompts or confirmation codes. The objective behind this tactic is to o

The Hacker News

January 17, 2024

Webinar: The Art of Privilege Escalation - How Hackers Become Admins Full Text

Abstract In the digital age, the battleground for security professionals is not only evolving, it's expanding at an alarming rate. The upcoming webinar, " The Art of Privilege Escalation - How Hackers Become Admins ," offers an unmissable opportunity for IT security experts to stay ahead in this relentless cyber war. Privilege escalation - the term might sound benign, but in the hands of a skilled hacker, it's a devastating tactic. It's a method where cyber attackers, starting as standard users, clandestinely climb the ladder of access, eventually gaining root-level control. This isn't just a breach; it's a systematic takeover of your entire network. Picture a scenario where cybercriminals roam freely through your network, turning your layers of defense into mere spectators. It's a chilling thought, but it's a reality faced by organizations across the globe. What if you could anticipate and counter these threats? Expertly delivered by Joseph Carson , Ch

The Hacker News

January 16, 2024

Three Ways to Combat Rising OAuth SAAS Attacks Full Text

Abstract OAuth attacks are on the rise, and organizations must implement strong access controls, fortify identity security for user accounts, and monitor third-party app activity to prevent unauthorized access to SaaS resources.

Cyware

January 09, 2024

Why Public Links Expose Your SaaS Attack Surface Full Text

Abstract Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork that helps create stronger campaigns and projects by encouraging collaboration among employees dispersed across regions and departments.  At the same time, the openness of data SaaS platforms can be problematic. A  2023 survey  by the Cloud Security Alliance and Adaptive Shield found that 58% of security incidents over the last two years involved data leakage. Clearly, sharing is good, but data sharing must be put in check. Most SaaS applications have mechanisms to control sharing. These tools are quite effective in ensuring that company resources aren't open for display on the public web. This article will look at three common data leakage scenarios and recommend best practices for safe sh

The Hacker News

January 08, 2024

Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface Full Text

Abstract Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access to execute their attacks. In fact,  Gartner  identified attack surface expansion as a major trend to watch. So, it is not surprising that External Attack Surface Management (EASM) is a growing priority for organizations. But traditional castle-and-moat-based security architectures are ineffective at protecting enterprises against today's sophisticated attacks, which increasingly leverage AI and as-a-service models to maximize speed and damage. Zero trust security is the best way to minimize the attack surface, prevent compromise, eliminate lateral movement, and stop data loss. Register here  and join Apoorva Ravikrishnan, Senior Manager of P

The Hacker News

January 05, 2024

Exposed Secrets are Everywhere. Here’s How to Tackle Them Full Text

Abstract Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, lacking the necessary context, you're left pondering the optimal steps to take. What's the right path forward in this situation? Secrets management is an essential aspect of any organization's security strategy. In a world where breaches are increasingly common, managing sensitive information such as API keys, credentials, and tokens can make all the difference. Secret scanners play a role in identifying exposed secrets within source code, but they have one significant limitation:  they don't provide context. And without context, it's impossible to devise an appropriate response plan. Con

The Hacker News

January 04, 2024

Three Ways To Supercharge Your Software Supply Chain Security Full Text

Abstract Section four of the " Executive Order on Improving the Nation's Cybersecurity " introduced a lot of people in tech to the concept of a "Software Supply Chain" and securing it. If you make software and ever hope to sell it to one or more federal agencies, you  have  to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and learning how to secure it will pay dividends in a stronger security footing and the benefits it provides. This article will look at three ways to supercharge your  Software Supply Chain Security . What is your Software Supply Chain? It's essentially everything that goes into building a piece of software: from the IDE in which the developer writes code, to the third-party dependencies, to the build systems and scripts, to the hardware and operating system on which it runs. Instabilities and vulnerabilities can be introduced, maliciously or not, from inception to deployment and even beyond.  1: Ke

The Hacker News

December 18, 2023

Fortifying Cyber Defenses: A Proactive Approach to Ransomware Resilience Full Text

Abstract Investing in cutting-edge cybersecurity tools not only enhances defensive capabilities but also stimulates innovation and fosters public-private partnerships to strengthen the nation's cyber defenses.

Cyware

December 14, 2023

Reimagining Network Pentesting With Automation Full Text

Abstract Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making.  This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in today's security landscape.  What is network penetration testing? Network penetration testing  is a proactive approach to cybersecurity in which security experts simulate cyberattacks to identify gaps in an organization's cyberdefense. The key objective of this process is to identify and rectify weaknesses before hackers can exploit them. This process is sometimes called "pentesting" or "ethical hacking."  Network pentesting checks for chinks in an organization's armor to help mitigate cyber-risks and protect against data, financial and reputational losses.  Differe

The Hacker News

December 12, 2023

Unveiling the Cyber Threats to Healthcare: Beyond the Myths Full Text

Abstract Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR),  which commands the highest price on a dark web forum?   Surprisingly, it's the EHR, and the difference is stark: according to a  study , EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social security number. The reason is simple: while a credit card can be canceled, your personal data can't. This significant value disparity underscores why the healthcare industry remains a prime target for cybercriminals. The sector's rich repository of sensitive data presents a lucrative opportunity for profit-driven attackers. For 12 years running, healthcare has faced the highest average costs per breach compared to any other sector.  Exceeding an average of $10 million per breach , it surpasses even the financial sector, which incurs an average cost of around $6 million. The severity of this iss

The Hacker News

December 11, 2023

Playbook: Your First 100 Days as a vCISO - 5 Steps to Success Full Text

Abstract In an increasingly digital world, no organization is spared from cyber threats. Yet, not every organization has the luxury of hiring a full-time, in-house CISO. This gap in cybersecurity leadership is where you, as a vCISO, come in. You are the person who will establish, develop, and solidify the organization's cybersecurity infrastructure, blending strategic guidance with actionable cybersecurity services. As an organizational leader, you will be required to navigate professional duties, business needs, diverse organizational personas and leadership demands. Your success relies on your ability to build trust and establish yourself as a strategic decision-maker that can protect the organization.  As such,  your first 100 days in a new organization are key to your success . They will lay the groundwork for your long-term achievements. To aid you in this critical phase, we introduce a comprehensive guide: a five-step, 100-day action plan,  "Your First 100 Days as a vCISO - 5

The Hacker News

December 11, 2023

Webinar — Psychology of Social Engineering: Decoding the Mind of a Cyber Attacker Full Text

Abstract In the ever-evolving cybersecurity landscape, one method stands out for its chilling effectiveness – social engineering. But why does it work so well? The answer lies in the intricate dance between the attacker's mind and human psychology. Our upcoming webinar,  " Think Like a Hacker, Defend Like a Pro ,"  highlights this alarming trend. We delve deep into social engineering, exploring its roots in human psychology and why it remains a formidable weapon in the cyber attacker's arsenal. What Will You Learn? Understanding Social Engineering : An in-depth look at the evolution and continued effectiveness of social engineering in cyberattacks. Human Psychology in Cybersecurity : Insights into how social engineers twist psychological principles for nefarious purposes. Tactical Awareness : Learn to identify both used and unused tactics by social engineers, and understand the misinformation leveraged in their campaigns. Strategic Defense : Arm yourself with the knowl

The Hacker News

December 07, 2023

Hacking the Human Mind: Exploiting Vulnerabilities in the ‘First Line of Cyber Defense’ Full Text

Abstract Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for attackers. Over the years, these attackers have developed their expertise in exploiting various human qualities, sharpening their skills to manipulate biases and emotional triggers with the objective of influencing human behaviour to compromise security whether it be personal and organisational security.  More than just a 'human factor' Understanding what defines our humanity, recognizing how our qualities can be perceived as vulnerabilities, and comprehending how our minds can be targeted provide the foundation for identifying and responding when we inevitably become the target. The human mind is a complex landscape that evolved over years of exposure to the natural environment, interactions with others, and lessons drawn from past experiences. As humans, our minds set us apart, marke

The Hacker News

December 07, 2023

Building a Robust Threat Intelligence with Wazuh Full Text

Abstract Threat intelligence refers to gathering, processing, and analyzing cyber threats, along with proactive defensive measures aimed at strengthening security. It enables organizations to gain a comprehensive insight into historical, present, and anticipated threats, providing context about the constantly evolving threat landscape. Importance of threat intelligence in the cybersecurity ecosystem Threat intelligence is a crucial part of any cybersecurity ecosystem. A robust cyber threat intelligence program helps organizations identify, analyze, and prevent security breaches. Threat intelligence is important to modern cyber security practice for several reasons: Proactive defense:  Organizations can enhance their overall cyber resilience by integrating threat intelligence into security practices to address the specific threats and risks that are relevant to their industry, geolocation, or technology stack. Threat intelligence allows organizations to identify potential threats in advanc

The Hacker News

December 06, 2023

Scaling Security Operations with Automation Full Text

Abstract In an increasingly complex and fast-paced digital landscape, organizations strive to protect themselves from various security threats. However, limited resources often hinder security teams when combatting these threats, making it difficult to keep up with the growing number of security incidents and alerts. Implementing automation throughout security operations helps security teams alleviate these challenges by streamlining repetitive tasks, reducing the risk of human error, and allowing them to focus on higher-value initiatives. While automation offers significant benefits, there is no foolproof method or process to guarantee success. Clear definitions, consistent implementation, and standardized processes are crucial for optimal results. Without guidelines, manual and time-consuming methods can undermine the effectiveness of automation.  This blog explores the challenges faced by security operations teams when implementing automation and the practical steps needed to build a stro

The Hacker News

December 05, 2023

Generative AI Security: Preventing Microsoft Copilot Data Exposure Full Text

Abstract Microsoft Copilot has been called one of the most powerful productivity tools on the planet. Copilot is an AI assistant that lives inside each of your Microsoft 365 apps — Word, Excel, PowerPoint, Teams, Outlook, and so on. Microsoft's dream is to take the drudgery out of daily work and let humans focus on being creative problem-solvers. What makes Copilot a different beast than ChatGPT and other AI tools is that it has access to everything you've ever worked on in 365. Copilot can instantly search and compile data from across your documents, presentations, email, calendar, notes, and contacts. And therein lies the problem for information security teams. Copilot can access all the sensitive data that a user can access, which is often far too much. On average, 10% of a company's M365 data is open to all employees. Copilot can also rapidly generate  net new  sensitive data that must be protected. Prior to the AI revolution, humans' ability to create and share data

The Hacker News

December 4, 2023

Bridging the Gap Between Cloud vs On-Premise Security Full Text

Abstract It is crucial to maintain unified visibility, control, and management across both cloud-based and on-premise security measures to bridge the gap and create a comprehensive and future-proof security stack.

Cyware

December 01, 2023

Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats Full Text

Abstract The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath of the takedown, provides mitigation strategies, and offers guidance on determining past infections. The Takedown and Its Limitations During the takedown operation, law enforcement secured court orders to remove Qakbot malware from infected devices remotely. It was discovered that the malware had infected a substantial number of devices, with 700,000 machines globally, including 200,000 computers in the U.S., being compromised at the time of the takedown. However, recent reports suggest that Qakbot is still active but in a diminished state. The absence of arrests during the takedown operation indicates that only the command-and-cont

The Hacker News

November 28, 2023

Stop Identity Attacks: Discover the Key to Early Threat Detection Full Text

Abstract Identity and Access Management (IAM) systems are a staple to ensure only authorized individuals or entities have access to specific resources in order to protect sensitive information and secure business assets. But did you know that today over 80% of attacks now involve identity, compromised credentials or bypassing the authentication mechanism? Recent breaches at MGM and Caesars have underscored that, despite best efforts, it is not "if" but "when" a successful attack will have bypassed authentication and authorization controls. Account takeover, when an unauthorized individual gains access to a legitimate user account, is now the number one attack vector of choice for malicious actors. With so much focus on controls for prevention, the necessary detection and rapid response to identity-based attacks is often overlooked. And since these attacks use stolen or compromised credentials, it can be difficult to distinguish from legitimate users without a layer of detection. Dive deep i

The Hacker News

November 27, 2023

How to Handle Retail SaaS Security on Cyber Monday Full Text

Abstract If forecasters are right, over the course of today, consumers will spend  $13.7 billion . Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information.  SaaS applications supporting retail efforts will host nearly all of this behind-the-scenes activity. While retailers are rightfully focused on sales during this time of year, they need to ensure that the SaaS apps supporting their business operations are secure. No one wants a repeat of one of the biggest retail cyber-snafus in history, like when one U.S.-based national retailer had 40 million credit card records stolen.  The attack surface is vast and retailers must remain vigilant in protecting their entire SaaS app stack. For example, many often use multiple instances of the same application. They may use a different Salesforce tenant for eve

The Hacker News

November 23, 2023

6 Steps to Accelerate Cybersecurity Incident Response Full Text

Abstract Modern security tools continue to improve in their ability to defend organizations' networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That's why it's essential that these teams not only have the right tools but also understand how to effectively respond to an incident. Resources like an  incident response template  can be customized to define a plan with roles and responsibilities, processes and an action item checklist. But preparations can't stop there. Teams must continuously train to adapt as threats rapidly evolve. Every security incident must be harnessed as an educational opportunity to help the organization better prepare for — or even prevent — future incidents. SANS Institute defines a framework with six steps to a successful IR. Preparation Identification Containment Eradication Recovery Lessons learned While these p

The Hacker News

November 20, 2023

Why Defenders Should Embrace a Hacker Mindset Full Text

Abstract Today's security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On top of that, today's attackers are indiscriminate and every business - big or small - needs to be prepared. It is no longer enough for security teams to  detect and respond ; we must now also  predict and prevent . To handle today's security environment, defenders need to be agile and innovative. In short, we need to start thinking like a hacker.  Taking the mindset of an opportunistic threat actor allows you to not only gain a better understanding of potentially exploitable pathways, but also to more effectively prioritize your remediation efforts. It also helps you move past potentially harmful biases, su

The Hacker News

November 17, 2023

Discover 2023’s Cloud Security Strategies in Our Upcoming Webinar - Secure Your Spot Full Text

Abstract In 2023, the cloud isn't just a technology—it's a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone. In collaboration with the esteemed experts from Lacework Labs, The Hacker News proudly presents an exclusive webinar: ' Navigating the Cloud Attack Landscape: 2023 Trends, Techniques, and Tactics .' Join us for an insightful session led by Jose Hernandez of Lacework Labs, where we dissect and analyze the year's most pressing cloud security issues. This webinar is not just about theory; it's a practical guide filled with actionable strategies to shield your organization from advanced threats in the cloud.  Highlights include: Kubernetes Security Breaches:  Explore the surge in Kubernetes-related vulnerabilities and the concerning increase in administrative plane abuses. Zenbleed in Focus:  Understand the far-reaching impact of the Zenbleed vulnerability and how Lacework Labs is

The Hacker News

November 16, 2023

How to Automate the Hardest Parts of Employee Offboarding Full Text

Abstract According to recent research on  employee offboarding , 70% of IT professionals say they've experienced the negative effects of incomplete IT offboarding, whether in the form of a security incident tied to an account that wasn't deprovisioned, a surprise bill for resources that aren't in use anymore, or a missed handoff of a critical resource or account. This is despite an average of five hours spent per departing employee on activities like finding and deprovisioning SaaS accounts. As the SaaS footprint within most organizations continues to expand, it is becoming exponentially more difficult (and time-consuming) to ensure all access is deprovisioned or transferred when an employee leaves the organization.  How Nudge Security can help Nudge Security is a  SaaS management platform  for modern IT governance and security. It discovers every cloud and SaaS account ever created by anyone in your organization, including generative AI apps, giving you a single source of truth for depa

The Hacker News

November 14, 2023

The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy Full Text

Abstract In 2023, the global average cost of a data breach reached  $4.45 million . Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are skyrocketing, organizations are coming face-to-face with a harsh reality: traditional cybersecurity measures might not be cutting it anymore.  Against this backdrop, businesses must find ways to strengthen their measures to safeguard precious data and critical assets. At the heart of this shift lies a key strategy: continuous monitoring. Understanding Continuous Security Monitoring in Cybersecurity Continuous monitoring is a dynamic approach that encompasses several techniques to fulfil a multi-layered defense strategy. These techniques can include:  Risk-Based Vulnerability Management (RBVM): Continuous vulnerability assessments across your network with remediation prioritization based on

The Hacker News

November 08, 2023

Guide: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks Full Text

Abstract Download the free guide , "It's a Generative AI World: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks." ChatGPT now boasts anywhere from 1.5 to 2 billion visits per month. Countless sales, marketing, HR, IT executive, technical support, operations, finance and other functions are feeding data prompts and queries into generative AI engines. They use these tools to write articles, create content, compose emails, answer customer questions and generate plans and strategies.  However, gen AI usage is happening far in advance of efforts to implement safeguards and cybersecurity constraints. Three primary areas of security concern associated with generative AI are: sensitive data included in gen AI scripts, outcomes produced by these tools that may put an organization at risk, and potential hazards related to utilizing third-party generative AI tools. Unchecked AI usage in organizations can lead to:  Major data breaches.  Compromised identities

The Hacker News

November 08, 2023

Webinar: Kickstarting Your SaaS Security Strategy & Program Full Text

Abstract SaaS applications make up 70% of total company software usage, and as businesses increase their reliance on SaaS apps, they also increase their reliance on those applications being secure. These SaaS apps store an incredibly large volume of data so safeguarding the organization's SaaS app stack and data within is paramount. Yet, the path to implementing an effective SaaS security program is  not  straightforward.  There are numerous potential attack vectors. Security teams need to handle the challenge of gaining control over a diverse range of applications, each having its own unique characteristics. Additionally, the SaaS app environments are dynamic and the proactive configurations needing adjustments from updates, onboarding, deprovisioning, changing roles and permissions and much more, is endless.  If that's not enough complexity, these applications are managed by various business departments, making it impractical for the security team to exercise complete control.  Jo

The Hacker News

October 30, 2023

New Webinar: 5 Must-Know Trends Impacting AppSec Full Text

Abstract Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other persistent threats. We surveyed organizations responsible for securing critical web applications used by healthcare, financial services, technology, and other critical infrastructure verticals to learn how they tackle the most destructive threats and summarized our findings in the OPSWAT 2023 State of Web Application Security Report. The survey report revealed that: 97% of organizations use or will deploy containers in their web hosting environments. 75% use cloud storage access solutions and want to prevent malware, secure sensitive data, and mitigate security compliance risks. 94% c

The Hacker News

October 27, 2023

How to Keep Your Business Running in a Contested Environment Full Text

Abstract When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats. At the heart of your business lies your operational technology and critical systems. This places them at the forefront of cybercriminal interest, as they seek to exploit vulnerabilities, compromise your data, and demand ransoms. In today's landscape, characterized by the ever-present risk of ransomware attacks and the challenges posed by fragmented security solutions, safeguarding your organization is paramount. This is where  The National Institute of Standards and Technology (NIST) advocates  for the development of resilient, reliable security systems capable of foreseeing, enduring, and rebounding from cyberattacks.  In this guide, we'll explore strategies to fortify your defenses against cyber threats and ensure

The Hacker News

October 26, 2023

What Is Operational Risk and Why Should You Care? Assessing SEC Rule Readiness for OT and IoT Full Text

Abstract The newly released SEC cyber incident disclosure rules have raised concerns about whether public companies are prepared to fully define operational risk and disclose material business risk from cyber incidents.

Cyware

October 26, 2023

The Danger of Forgotten Pixels on Websites: A New Case Study Full Text

Abstract While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases.  Download the full case study here . It's a scenario that could have affected any type of company, from healthcare to finance, e-commerce to insurance, or any other industry. Recently, Reflectiz, an advanced website security solution provider, released a  case study  focusing on a forgotten and misconfigured pixel that had been associated with a leading global healthcare provider. This overlooked piece of code surreptitiously gathered private data without user consent, potentially exposing the company to substantial fines and damage to its reputation. Nowadays, it has become common practice for companies to embed such pixels into their websites. For instance, the TikTok Pixel is a typical example, added to websites to track

The Hacker News

October 24, 2023

Make API Management Less Scary for Your Organization Full Text

Abstract While application development has evolved rapidly, the API management suites used to access these services remain a spooky reminder of a different era. Introducing new API management infrastructure with these legacy models still poses challenges for organizations as they modernize. Transitioning from monolithic architectures to agile microservices empowers developers to make quick changes. Using serverless technologies and containers enables rapid scalability. Adopting cloud-native API management further enhances developer productivity and leaves the ghosts of outdated operations behind. This blog uncovers the risks of neglecting API modernization and highlights how Gloo Gateway enhances upstream projects like Envoy with essential enterprise features like security, observability, and API controls. What's more, as a Kubernetes-native solution, Gloo Gateway seamlessly integrates with the Kubernetes API for easy deployment. Gloo Gateway adds enterprise capabilities to upstream open sou

The Hacker News

October 17, 2023

Webinar: Locking Down Financial and Accounting Data — Best Data Security Strategies Full Text

Abstract Financial data is much more than just a collection of numbers; it is a crucial component of any business and a prime target for cybercriminals. It's important to understand that financial records can be a veritable treasure trove for digital pirates. A security breach not only puts customers' personal information in jeopardy but also enables fraudsters to drain company funds and exploit clients. Data threats can arise from a variety of sources, ranging from malicious actors with harmful intentions to simple mistakes, such as sending a confidential email to the wrong recipient. The methods used to compromise data are diverse and constantly evolving, including ransomware attacks and inadvertent leaks in cloud storage. Navigating this complex landscape can be daunting, but knowledge is empowering. We're excited to announce that we are hosting an exclusive webinar in collaboration with experts from Win Zip. Titled " Locking Down Financial and Accounting Data — Best Dat

The Hacker News

October 17, 2023

Quantum Risk is Real Now: How to Navigate the Evolving Data Harvesting Threat Full Text

Abstract Data transmission faces a looming threat from Harvest Now, Decrypt Later (HNDL) attacks, where encrypted data is collected and stored with the intention of decrypting it in the future using advancements in computing or quantum technologies.

Cyware

October 12, 2023

How to Guard Your Data from Exposure in ChatGPT Full Text

Abstract ChatGPT has transformed the way businesses generate textual content, which can potentially result in a quantum leap in productivity. However, Generative AI innovation also introduces a new dimension of data exposure risk, when employees inadvertently type or paste sensitive business data into ChatGPT, or similar applications. DLP solutions, the go-to solution for similar challenges, are ill-equipped to handle these challenges, since they focus on file-based data protection. A new report by LayerX, "Browser Security Platform: Guard your Data from Exposure in ChatGPT" ( Download here ), sheds light on the challenges and risks of ungoverned ChatGPT usage. It paints a comprehensive picture of the potential hazards for businesses and then offers a potential solution: browser security platforms. Such platforms provide real-time monitoring and governance over web sessions, effectively safeguarding sensitive data. ChatGPT Data Exposure: By the Numbers Employee usage of GenAI apps has surge

The Hacker News

October 11, 2023

Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords Full Text

Abstract Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong and unique password for each account, they resort to easy-to-remember passwords, or use the same password for every account and application.  Password reuse is both common and risky.  65% of users  admit to reusing their credentials across multiple sites. Another analysis of identity exposures among employees of Fortune 1000 companies found a  64% password reuse rate  for exposed credentials. Pair these findings with the fact that a vast majority  (80%) of all data breaches  are sourced from lost or stolen passwords, and we have a serious problem. In short, a breached password from one system can be used to compromise another. So, what does this all mean for your organization?  The real risk o

The Hacker News

October 09, 2023

Webinar: How vCISOs Can Navigating the Complex World of AI and LLM Security Full Text

Abstract In today's rapidly evolving technological landscape, the integration of Artificial Intelligence (AI) and Large Language Models (LLMs) has become ubiquitous across various industries. This wave of innovation promises improved efficiency and performance, but lurking beneath the surface are complex vulnerabilities and unforeseen risks that demand immediate attention from cybersecurity professionals. As the average small and medium-sized business leader or end-user is often unaware of these growing threats, it falls upon cybersecurity service providers – MSPs, MSSPs, consultants and especially vCISOs - to take a proactive stance in protecting their clients. At Cynomi, we experience the risks associated with generative AI daily, as we use these technologies internally and work with MSP and MSSP partners to enhance the services they provide to small and medium businesses. Being committed to staying ahead of the curve and empowering virtual vCISOs to swiftly implement cutting-edge secur

The Hacker News

October 5, 2023

Why Stream-Jacking is Taking Over YouTube: A Comprehensive Analysis Full Text

Abstract Stream-jacking attacks on YouTube are increasing, targeting popular channels to spread deceptive content. Cybercriminals hijack these channels, often impersonating famous figures or brands like Elon Musk and Tesla, promoting scams like crypto doubling. Viewers should be cautious of videos with ... Read More

Cyware

October 03, 2023

API Security Trends 2023 – Have Organizations Improved their Security Posture? Full Text

Abstract APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their own applications. However, this increased reliance on APIs has also made them attractive targets for cybercriminals. In recent years, the rise of API breaches has become a growing concern in the world of cybersecurity. One of the main reasons behind the rise of API breaches is inadequate security measures implemented by developers and organizations. Many APIs are not properly secured, leaving them vulnerable to attacks. Moreover, hackers have developed sophisticated techniques that specifically target weaknesses within APIs. For example, they may leverage malicious code injections into requests or manipulate responses from an API endpoint to gain

The Hacker News

October 02, 2023

APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries Full Text

Abstract Introduction In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitating the sharing of information and functionalities. However, as the use of APIs continues to rise, they have become an increasingly attractive target for cybercriminals and a significant cybersecurity risk across various industries. This article dives into the world of APIs, exploring why they pose substantial cybersecurity challenges and providing real-world examples of API breaches across different sectors. Download  API Security Guide . The API Revolution The proliferation of cloud computing, mobile apps, and the Internet of Things (IoT) has accelerated the adoption of APIs. They serve as the building blocks of modern software applications, enabling developers to integrate third-party services, enhance functionalities, and c

The Hacker News

October 2, 2023

How Should Organizations Navigate the Risks and Opportunities of AI? Full Text

Abstract As AI technology evolves rapidly, organizations need to stay vigilant, monitor the AI landscape, and adapt their cybersecurity programs to effectively defend against new threats posed by cybercriminals.

Cyware

September 28, 2023

Are Developers Giving Enough Thought to Prompt Injection Threats When Building Code? Full Text

Abstract Prompt injection attacks manipulate LLMs by introducing malicious commands into free text inputs, posing a significant threat to cybersecurity and potentially leading to unauthorized activities or data leaks.

Cyware

September 26, 2023

Essential Guide to Cybersecurity Compliance Full Text

Abstract SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert's head spin. If you're embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance. What is cybersecurity compliance? Cybersecurity compliance means you have met a set of agreed rules regarding the way you protect sensitive information and customer data. These rules can be set by law, regulatory authorities, trade associations or industry groups.  For example, the GDPR is set by the EU with a wide range of cybersecurity requirements that every organization within its scope must comply with, while ISO 27001 is a voluntary (but internationally recognized) set of best practices for information security management. Customers increasingly expect the assurance that compliance brings, because breaches and data disclosure will

The Hacker News

September 25, 2023

Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks Full Text

Abstract Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer experience, to engineering. That's on the one hand.  On the other end of this fencing match: risk. From IP leakage and data privacy risks to the empowering of cybercriminals with AI tools, generative AI presents enterprises with concrete concerns. For example, the mass availability of AI tools was the second most-reported Q2 risk among senior enterprise risk executives — appearing in the top 10 for the first time — according to a  Gartner survey .  In this escalating AI arms race, how can enterprises separate fact from hype and comprehensively manage generative AI risk while accelerating productivity?  Register here and join Zscaler's Will Seaton, Product Marketing Manager, ThreatLabz, to: Uncover the  tangible risks of generative AI  — both for employee AI usage and by threat actors b

The Hacker News

September 25, 2023

For Security to Benefit From AI, Companies Need to Shore up Their Data Full Text

Abstract CISOs and cybersecurity practitioners should focus on addressing the challenges of data structure, management, and curation to fully leverage the benefits of AI for cyber defense.

Cyware

September 22, 2023

How to Interpret the 2023 MITRE ATT&CK Evaluation Results Full Text

Abstract Thorough, independent tests are a vital resource for analyzing provider's capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual  MITRE Engenuity ATT&CK Evaluation .  This testing is critical for evaluating vendors because it's virtually impossible to evaluate cybersecurity vendors based on their own performance claims. Along with vendor reference checks and proof of value evaluations (POV) — a live trial — the MITRE results add additional objective input to holistically assess cybersecurity vendors. Let's dive into the 2023 MITRE ATT&CK Evaluation results. In this blog, we'll unpack MITRE's methodology to test security vendors against real-world threats, offer our interpretation of the results and identify top takeaways emerging from Cynet's evaluation. How does MITRE Engenuity test vendors during the evaluation? The MITRE ATT&CK Evaluation is performed by MITRE Engenuity

The Hacker News

September 21, 2023

Balancing Budget and System Security: Approaches to Risk Tolerance Full Text

Abstract Organizations should prioritize revisiting their security readiness and up-leveling their cyber vulnerability and risk management programs by learning from data breaches and understanding the potential impact of compromised data.

Cyware

September 21, 2023

Never Use Your Master Password as a Password on Other Accounts Full Text

Abstract One in three Americans now use password managers, up from one in five in 2022, according to an online poll by Security.org that quizzed 1,051 American adults on how they use passwords and password managers.

Cyware

September 19, 2023

Live Webinar: Overcoming Generative AI Data Leakage Risks Full Text

Abstract As the adoption of generative AI tools, like ChatGPT, continues to surge, so does the risk of data exposure. According to Gartner's "Emerging Tech: Top 4 Security Risks of GenAI" report, privacy and data security is one of the four major emerging risks within generative AI.  A new webinar  featuring a multi-time Fortune 100 CISO and the CEO of LayerX, a browser extension solution, delves into this critical risk. Throughout the webinar, the speakers will explain why data security is a risk and explore the ability of DLP solutions to protect against them, or lack thereof. Then, they will delineate the capabilities required by DLP solutions to ensure businesses benefit from the productivity GenAI applications have to offer without compromising security.  The Business and Security Risks of Generative AI Applications GenAI security risks occur when employees insert sensitive texts into these applications. These actions warrant careful consideration, because the inserted data b

The Hacker News

September 18, 2023

Think Your MFA and PAM Solutions Protect You? Think Again Full Text

Abstract When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) solutions are almost never deployed comprehensively enough to provide resilience to identity threats. As well, service accounts – which are typically beyond the scope of protection of these controls – are alarmingly exposed to malicious compromise. These findings and many more can be found in  "The State of the Identity Attack Surface: Insights Into Critical Protection Gaps ,"  the first report that analyzes organizational resilience to identity threats.  What is the "Identity Attack Surface"?  The identity attack surface is any organizational resource that can be accessed via username and password. The main way that attackers target this attack surface is through the use of compromi

The Hacker News

September 14, 2023

Avoid These 5 IT Offboarding Pitfalls Full Text

Abstract Employee offboarding is no one's favorite task, yet it is a critical IT process that needs to be executed diligently and efficiently. That's easier said than done, especially considering that IT organizations have less visibility and control over employees' IT use than ever. Today, employees can easily adopt new cloud and SaaS applications whenever and wherever they want, and the old IT offboarding playbook of "disable AD account, forward email, recover and wipe device, and call it a day" is no longer enough.  Here, we'll cover five of the most common pitfalls of  IT offboarding  in a SaaS-first world, along with advice on how to navigate around them. ‍ Pitfall #1: Suspending or deleting the email account before completing other critical steps It may seem logical to suspend or delete the employees' Google Workspace or Microsoft 365 account as the first step in the offboarding process. However, this will make the account inaccessible to everyone, even admins, which could interfere w

The Hacker News

September 13, 2023

How Cyberattacks Are Transforming Warfare Full Text

Abstract There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in 2007, when Estonia was hit by hackers targeting its government and commercial sector, has evolved into cyber warfare that is being waged constantly worldwide. Today, cyberattacks have become the norm, transforming how we think about war and international conflict as a whole.  From the 2009 South Korea DDoS attacks to the 2010 attacks on Burma and the 2016 US election interference attacks on the Democratic National Committee, the list of historical cyberwarfare incidents continues to expand. The main players? Nation-state-supported cybercriminal groups and organizations linked to Russia, North Korea, China, and several countries in the Middle East. This report dives into three top cyberwarfare trends in an effort to understand their impact. Russia: The Cyber Invasion of Ukraine  On August 31, 2023, Five Eyes Agency — an intelligence alliance network composed of agencie

The Hacker News

September 12, 2023

7 Steps to Kickstart Your SaaS Security Program Full Text

Abstract SaaS applications are the backbone of modern businesses, constituting a staggering 70% of total software usage. Applications like Box, Google Workplace, and Microsoft 365 are integral to daily operations. This widespread adoption has transformed them into potential breeding grounds for cyber threats. Each SaaS application presents unique security challenges, and the landscape constantly evolves as vendors enhance their security features. Moreover, the dynamic nature of user governance, including onboarding, deprovisioning, and role adjustments, further complicates the security equation. With great convenience comes great responsibility, as securing these SaaS applications has become a top priority for Chief Information Security Officers (CISOs) and IT teams worldwide. Effectively securing SaaS applications requires a delicate balance between robust security measures and enabling users to perform their tasks efficiently. To navigate this complex terrain, this article excerpts a  step

The Hacker News

September 11, 2023

How to Prevent API Breaches: A Guide to Robust Security Full Text

Abstract With the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly popular. If you aren't familiar with the term, APIs allow applications to communicate with each other and they play a vital role in modern software development. However, the rise of API use has also led to an increase in the number of API breaches. These breaches occur when unauthorized individuals or systems gain access to an API and the data it contains. And as victims can attest, breaches can have devastating consequences for both businesses and individuals. One of the primary concerns with API breaches is the exposure of sensitive data. APIs often contain or provide access to personal or financial information, and if this data falls into the wrong hands, it can be used for fraudulent activities or identity theft. API breaches can also lead to severe reputational damage for businesses. Customers and stakeholders expect their informatio

The Hacker News

September 06, 2023

Three CISOs Share How to Run an Effective SOC Full Text

Abstract The role of the CISO keeps taking center stage as a business enabler: CISOs need to navigate the complex landscape of digital threats while fostering innovation and ensuring business continuity. Three CISOs; Troy Wilkinson, CISO at IPG; Rob Geurtsen, former Deputy CISO at Nike; and Tammy Moskites, Founder of CyAlliance and former CISO at companies like Time Warner and Home Depot – shared their perspectives on how to run an effective SOC in 2023. 1) Prioritize Cost Efficiency While Remaining 'Secure' As a world-renowned speaker, a co-author of an Amazon Best Seller, and a trusted commentator on prominent news networks such as NBC, CBS, and Fox, Troy Wilkinson, knows a thing or two about cybersecurity. When adopting new technologies, Troy reinforces that CISOs don't have the luxury of waiting months or years to see the value of new investments; "Time to Value is critical. New solutions need to deliver value quickly." Rob Geurtsen, former Deputy CISO at Nike,  jo

The Hacker News

September 05, 2023

Way Too Vulnerable: Join this Webinar to Understand and Strengthen Identity Attack Surface Full Text

Abstract In today's digital age, it's not just about being online but how securely your organization operates online. Regardless of size or industry, every organization heavily depends on digital assets. The digital realm is where business takes place, from financial transactions to confidential data storage. While organizations have quickly adopted tools like Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and service account protection, a pressing question remains: Are these measures truly sufficient? With the rise of identity threats, the real battleground has shifted. It's no longer just about firewalls or encryptions but the very identities that access these digital assets. Every day, attackers devise new strategies to compromise user identities to find that weak link to gain malicious access. The tools we've come to rely on might not be as foolproof as we once believed. Many organizations remain unaware of vast security gaps, exposing them to pot

The Hacker News

September 1, 2023 – Breach

Data Breach Could Affect More Than 100,000 in Pima County Full Text

Abstract More than 100,000 Pima County residents could be affected by a nationwide data breach that affected the company that handled COVID-19 case investigations and contact tracing here, officials say.

Cyware

August 31, 2023

The Power of Passive OS Fingerprinting for Accurate IoT Device Identification Full Text

Abstract To effectively safeguard against the risks of IoT sprawl, continuous monitoring, and absolute control are crucial. However, that requires accurate identification of all IoT devices and operating systems (OSes) within the enterprise network.

Cyware

August 30, 2023

How to Prevent ChatGPT From Stealing Your Content & Traffic Full Text

Abstract ChatGPT and similar large language models (LLMs) have added further complexity to the ever-growing online threat landscape. Cybercriminals no longer need advanced coding skills to execute fraud and other damaging attacks against online businesses and customers, thanks to bots-as-a-service, residential proxies, CAPTCHA farms, and other easily accessible tools.  Now, the latest technology damaging businesses' bottom line is  ChatGPT . Not only have ChatGPT, OpenAI, and other LLMs raised ethical issues by  training their models  on scraped data from across the internet. LLMs are negatively impacting enterprises' web traffic, which can be extremely damaging to business.  3 Risks Presented by LLMs, ChatGPT, & ChatGPT Plugins Among the threats ChatGPT and ChatGPT plugins can pose against online businesses, there are three key risks we will focus on: Content theft  (or republishing data without permission from the original source)can hurt the authority, SEO rankings, and perceived

The Hacker News

August 25, 2023

Learn How Your Business Data Can Amplify Your AI/ML Threat Detection Capabilities Full Text

Abstract In today's digital landscape, your business data is more than just numbers—it's a powerhouse. Imagine leveraging this data not only for profit but also for enhanced AI and Machine Learning (ML) threat detection. For companies like Comcast, this isn't a dream. It's reality. Your business comprehends its risks, vulnerabilities, and the unique environment in which it operates. No generic, one-size-fits-all tool can capture this nuance. By utilizing your own data, you position yourself ahead of potential threats, enabling informed decisions and safeguarding your assets. Join our groundbreaking webinar, " Clean Data, Better Detections: Using Your Business Data for AI/ML Detections ," to unearth how your distinct business data can be the linchpin to amplifying your AI/ML threat detection prowess. This webinar will endow you with the insights and tools necessary to harness your business data, leading to sharper, more efficient, and potent threat detections. UPC

The Hacker News

August 25, 2023

Navigating Legacy Infrastructure: A CISO’s Actionable Strategy for Success Full Text

Abstract Every company has some level of tech debt. Unless you're a brand new start-up, you most likely have a patchwork of solutions that have been implemented throughout the years, often under various leadership teams with different priorities and goals. As those technologies age, they can leave your organization vulnerable to cyber threats. While replacing legacy technologies can be costly, those costs may pale in comparison to a breach – both in terms of immediate financial impact and reputational damage.  Here are three ways you can communicate risk to your leadership team as you work to replace legacy infrastructure. 1: Make the Risk Real Leadership teams are driven by quantifiable business implications. The best way to get support for updating or replacing legacy technology is to make the risk to the business real - and measurable - in a language they understand. One way to do this is to look at the list of critical vulnerabilities that you've identified, then evaluate the impact t

The Hacker News

August 18, 2023

The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack Full Text

Abstract While IT security managers in companies and public administrations rely on the concept of Zero Trust, APTS (Advanced Persistent Threats) are putting its practical effectiveness to the test. Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one's own network.  Just recently, an attack believed to be perpetrated by the Chinese hacker group  Storm-0558  targeted several government agencies. They used fake digital authentication tokens to access webmail accounts running on Microsoft's Outlook service. In this incident, the attackers stole a signing key from Microsoft, enabling them to issue functional access tokens for Outlook Web Access (OWA) and Outlook.com and to download emails and attachments. Due to a plausibility check error, the digital signature, which was only intended for private customer accounts (MSA), also worked in the Azure Active Directory for business customers.  Embracing the Zero Trust Revolution Acc

The Hacker News

August 18, 2023

Security Basics Aren’t So Basic — They’re Hard Full Text

Abstract Fundamental defenses — identity and access management, MFA, memory-safe languages, patching and vulnerability management — are lacking or nonexistent across the economy, according to cybersecurity experts.

Cyware

August 17, 2023

Why You Need Continuous Network Monitoring? Full Text

Abstract Changes in the way we work have had significant implications for cybersecurity, not least in network monitoring. Workers no longer sit safely side-by-side on a corporate network, dev teams constantly spin up and tear down systems, exposing services to the internet. Keeping track of these users, changes and services is difficult – internet-facing attack surfaces rarely stay the same for long. But a secure working network is the backbone of every modern business, and with so many different attack vectors and entry points, relying on firewalls and point-in-time scanning is no longer enough. You need to understand how your firewalls are being changed in real-time, with real-world validation of how they're configured. You need continuous network monitoring. What needs protecting in your network? There is so much sprawl in today's corporate networks with remote working, cloud computing and third-party integrations, that it's no longer just the devices or systems that you have in your off

The Hacker News

August 15, 2023

Catching the Catphish: Join the Expert Webinar on Combating Credential Phishing Full Text

Abstract Is your organization constantly under threat from credential phishing? Even with comprehensive security awareness training, many employees still fall victim to credential phishing scams. The result? Cybercriminals gaining immediate and unhindered access to sensitive data, email accounts, and other applications. But what if you could outsmart these criminals and protect your organization? Join  Graham Cluley , renowned cybersecurity expert and host of the Smashing Security podcast, and  Mike Britton , CISO at Abnormal Security, for an illuminating webinar that delves into the world of credential phishing and offers actionable insights. What Will You Learn? Understanding the Lure:  How attackers manipulate victims into submitting credentials, employing tactics such as generative AI. Why Victims Fall for the Trap:  A detailed look at why security awareness training may not always succeed in preventing employees from taking the bait. Effective Strategies to Combat Threats:  Compre

The Hacker News

August 14, 2023

Identity Threat Detection and Response: Rips in Your Identity Fabric Full Text

Abstract Why SaaS Security Is a Challenge In today's digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. The SaaS security attack surface continues to widen. It started with managing misconfigurations and now requires a holistic approach to handling the entire SaaS ecosystem. This includes the continuous monitoring and management of user access, roles and permissions, 3rd party apps installed by users, risks deriving from SaaS user devices and Identity Threat Detection & Response (ITDR). There are a variety of reasons that SaaS security is so complex today. Firstly, there are a diverse range of applications, each having its own UI and terminology. And those environments are dynamic, from SaaS vendors understanding the importance of security and continually enhancing their applications with modern security

The Hacker News

August 14, 2023

How to Handle API Sprawl and the Security Threat it Poses Full Text

Abstract With recent reports indicating that API vulnerabilities are costing businesses billions of dollars annually, it’s no wonder they are at the top of mind of many cybersecurity professionals.

Cyware

August 14, 2023

How Executives’ Personal Devices Threaten Business Security Full Text

Abstract While the cyber threat landscape has seen this major shift, security software to manage these direct personal risks has not kept up to protect public-facing individuals and leaders the way large enterprise organizations have.

Cyware

August 11, 2023

The Evolution of API: From Commerce to Cloud Full Text

Abstract API (or Application Programming Interface) is a ubiquitous term in the tech community today, and it’s one with a long history. As a concept, APIs (or Application Programming Interfaces) have been around since the 1950s. What started out as a potential...

Security Affairs

August 08, 2023

Understanding Active Directory Attack Paths to Improve Security Full Text

Abstract Introduced in 1999, Microsoft Active Directory is the default identity and access management service in Windows networks, responsible for assigning and enforcing security policies for all network endpoints. With it, users can access various resources across networks. As things tend to do, times, they are a'changin' – and a few years back, Microsoft introduced Azure Active Directory, the cloud-based version of AD to extend the AD paradigm, providing organizations with an Identity-as-a-Service (IDaaS) solution across both the cloud and on-prem apps. (Note that as of July 11th 2023, this service was renamed to  Microsoft Entra ID , but for the sake of simplicity, we'll refer to it as Azure AD in this post) Both Active Directory and Azure AD are critical to the functioning of on-prem, cloud-based, and hybrid ecosystems, playing a key role in uptime and business continuity. And with 90% of organizations using the service for employee authentication, access control and ID manag

The Hacker News

August 07, 2023

New ‘Deep Learning Attack’ Deciphers Laptop Keystrokes with 95% Accuracy Full Text

Abstract A group of academics has devised a "deep learning-based acoustic side-channel attack" that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy. "When trained on keystrokes recorded using the video conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium," researchers Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad  said  in a new study published last week. Side-channel attacks  refer  to a class of  security exploits  that aim to glean insights from a system by monitoring and measuring its physical effects during the processing of sensitive data. Some of the common observable effects include runtime behavior, power consumption, electromagnetic radiation, acoustics, and cache accesses. Although a completely side-channel-free implementation does not exist, practical attacks of this kind can have damaging consequences for user privacy and security as they could be weaponized by a ma

The Hacker News

August 04, 2023

Webinar - Making PAM Great Again: Solving the Top 5 Identity Team PAM Challenges Full Text

Abstract Privileged Access Management (PAM) solutions are widely acknowledged as the gold standard for securing critical privileged accounts. However, many security and identity teams face inherent obstacles during the PAM journey, hindering these solutions from reaching their full potential. These challenges deprive organizations of the resilience they seek, making it essential to address them effectively. Discover how you can enhance your PAM strategy in our upcoming webinar: " Solving the Top 5 PAM Pain Points Plaguing Identity Teams ," featuring Yiftach Keshet from Silverfort. Reserve your spot now [Register here] to gain invaluable insights. Gain insights into: Key Challenges: Identify the primary challenges identity teams encounter when implementing PAM solutions. Solutions & Approaches: Discover different strategies to effectively overcome these challenges and enhance your security posture. Unified Identity Protection: Learn how combining Unified Identity Protectio

The Hacker News

August 01, 2023

What is Data Security Posture Management (DSPM)? Full Text

Abstract Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture - regardless of where it's been duplicated or moved to. So, what is DSPM? Here's a quick example: Let's say you've built an excellent  security posture  for your cloud data. For the sake of this example, your data is in production, it's protected behind a firewall, it's not publicly accessible, and your IAM controls have limited access properly. Now along comes a developer and replicates that data into a lower environment. What happens to that fine security posture you've built?  Well, it's gone - and now the data is only protected by the security posture in that lower environment. So if that environment is exposed or improperly secured - so is all that sensitive data you've been trying to protect. Security postures just don't travel with their data . Data Security Posture Management ( DSPM ) was crea

The Hacker News

July 31, 2023

Webinar: Riding the vCISO Wave: How to Provide vCISO Services Full Text

Abstract Demand for Virtual CISO services is soaring. According to Gartner, the use of vCISO services among small and mid-size businesses and non-regulated enterprises was expected to grow by a whopping 1900% in just one year, from only 1% in 2021 to 20% in 2022! Offering vCISO services can be especially attractive for MSPs and MSSPs. By addressing their customers' needs for proactive cyber resilience, they can generate a growing amount of recurring revenue from existing and new customers. And all while differentiating themselves from the competition. vCISO services also enable upselling of additional products and services the MSP or MSSP specializes in. However, not all MSPs and MSSPs fully understand how to provide vCISO services . Some may be unsure about which services are expected from them. Others may not realize they are already providing vCISO services and have the potential to effortlessly broaden their offerings into a complete vCISO suite or package it differently to make it more

The Hacker News

July 28, 2023

A Data Exfiltration Attack Scenario: The Porsche Experience Full Text

Abstract As part of  Checkmarx's mission  to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy) [1] , it was considered in scope for our research, so we decided to start there, and see what we could find. What we found is an attack scenario that results from chaining security issues found on different Porsche's assets, a website and a GraphQL API, that could lead to data exfiltration. Data exfiltration is an attack technique that can impact businesses and organizations, regardless of size. When malicious users breach a company's or organization's systems and exfiltrate data, it can be a jarring and business-critical moment. Porsche has a diverse online presence - deploying several microsites, websites, and web applications. The Porsche Experience [2] is one website that allows registered users to

The Hacker News

July 27, 2023

The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left Full Text

Abstract As cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across hundreds or even thousands of technologies that make up the patchwork quilt of development and cloud environments, security processes are all too often applied in only the final phases of software development.  Placing security at the very end of the production pipeline puts both devs and security on the back foot. Developers want to build and ship secure apps; security teams want to support this process by strengthening application security. However, today's security processes are legacy approaches that once worked brilliantly for the tight constraints of on-prem production, but struggle in quasi-public, ever-shifting cloud environments. As a result, security is an afterthought, and any attempt to squeeze siloed security into agile SDLC can  swell the cost of patching by 600% . A new cloud security operating model is long overdue. Shift-le

The Hacker News

July 25, 2023

How MDR Helps Solve the Cybersecurity Talent Gap Full Text

Abstract How do you overcome today's talent gap in cybersecurity? This is a crucial issue — particularly when you find executive leadership or the board asking pointed questions about your security team's ability to defend the organization against new and current threats. This is why many security leaders find themselves turning to managed security services like MDR ( managed detection and response ), which can offer an immediate solution. The right MDR partner can act as an extension of your existing team, while offering a fast and budget-friendly option for uplevelling security at organizations of virtually any size. Here's a look at common staffing challenges that MDR helps solve: Overcoming Cybersecurity Talent Challenges From stopping ransomware to securing the attack surface of the environment, most security teams have more to do than they can manage. This leads to security gaps that increase both cyber risk and frustration for stakeholders across the business. The chall

The Hacker News

July 24, 2023

How to Protect Patients and Their Privacy in Your SaaS Apps Full Text

Abstract The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven't changed in 2023. The U.S. Government's Office for Civil Rights reported  145 data breaches  in the United States during the first quarter of this year. That follows 707 incidents a year ago, during which over 50 million records were stolen. Health records often include names, birth dates, social security numbers, and addresses. This treasure trove of data is used in identity theft, tax fraud, and other crimes. It is the high value of the data that makes healthcare applications such a promising target. The healthcare industry was hesitant to adopt SaaS applications. However, SaaS applications lead to better collaboration among medical professionals, leading to improved patient outcomes. That, combined with SaaS's ability to reduce costs and improve financial performance, has led to the industry fully embracing SaaS solutions

The Hacker News

July 21, 2023

Local Governments Targeted for Ransomware – How to Prevent Falling Victim Full Text

Abstract Regardless of the country, local government is essential in most citizens' lives. It provides many day-to-day services and handles various issues. Therefore, their effects can be far-reaching and deeply felt when security failures occur. In early 2023, Oakland, California,  fell victim to a ransomware attack . Although city officials have not disclosed how the attack occurred, experts suspect a phishing email is the most likely cause. As a result, city officials brought down their servers to contain the attack. Governments have been the target to many ransomware attacks  and breaches. As most local governments maintain a small IT staff, there is potential for shared passwords, reused credentials, and a lack of multi-factor authentication security, exposing vulnerabilities for a breach.  Oakland is Breached It was first noticed on a Wednesday evening in early February; when Oakland, California city officials quickly took most services' backend servers offline and posted a m

The Hacker News

July 19, 2023

How to Manage Your Attack Surface? Full Text

Abstract Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing threats and managing your attack surface from an attacker's perspective has never been more important. Let's look at why it's growing, and how to monitor and manage it properly with tools like  Intruder . What is your attack surface? First, it's important to understand that your attack surface is the sum of your digital assets that are 'exposed' – whether the digital assets are secure or vulnerable, known or unknown, in active use or not. This attack surface changes continuously over time, and includes digital assets that are on-premises, in the cloud, in subsidiary networks, and in third-party environments. In short, it's anything that a hacker can attack.  What is attack surface managemen

The Hacker News

July 12, 2023

The Risks and Preventions of AI in Business: Safeguarding Against Potential Pitfalls Full Text

Abstract Artificial intelligence (AI) holds immense potential for optimizing internal processes within businesses. However, it also comes with legitimate concerns regarding unauthorized use, including data loss risks and legal consequences. In this article, we will explore the risks associated with AI implementation and discuss measures to minimize damages. Additionally, we will examine regulatory initiatives by countries and ethical frameworks adopted by companies to regulate AI. Security risks  AI phishing attacks Cybercriminals can leverage AI in various ways to enhance their phishing attacks and increase their chances of success. Here are some ways AI can be exploited for phishing: -  Automated Phishing Campaigns:  AI-powered tools can automate the creation and dissemination of phishing emails on a large scale. These tools can generate convincing email content, craft personalized messages, and mimic the writing style of a specific individual, making phishing attempts appear more legit

The Hacker News

July 11, 2023

How to Apply MITRE ATT&CK to Your Organization Full Text

Abstract Discover all the ways MITRE ATT&CK can help you defend your organization. Build your security strategy and policies by making the most of this important framework. What is the MITRE ATT&CK Framework? MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a widely adopted framework and knowledge base that outlines and categorizes the  tactics, techniques, and procedures (TTPs) used in cyberattacks . Created by the nonprofit organization MITRE, this framework provides security professionals with insights and context that can help them comprehend, identify, and mitigate cyber threats effectively. The techniques and tactics in the framework are organized in a dynamic matrix. This makes navigation easy and also provides a holistic view of the entire spectrum of adversary behaviors. As a result, the framework is more actionable and usable than if it were a static list. The MITRE ATT&CK Framework can be found here:  https://attack.mitre.org/ Look Out: MI

The Hacker News

July 06, 2023

How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance Full Text

Abstract As technology advances and organizations become more reliant on data, the risks associated with data breaches and cyber-attacks also increase. The introduction of data privacy laws, such as the GDPR, has made it mandatory for organizations to disclose breaches of personal data to those affected. As such, it has become essential for businesses to protect themselves from the financial and reputational costs of cyber incidents. One solution to help organizations protect themselves is cyber insurance, despite the rising costs of cyber insurance, where the average  price in the U.S. rose 79%  in the second quarter of 2022. Also, with strict eligibility requirements that have emerged in response to risk and sharp spikes in successful breaches during and post-COVID-19, cyber insurance remains essential for organizations to protect sensitive customer information and their own data from falling into the wrong hands. While cyber insurance is not a one-size-fits-all solution and may not cover

The Hacker News

July 05, 2023

Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone Full Text

Abstract Secrets are meant to be hidden or, at the very least, only known to a specific and limited set of individuals (or systems). Otherwise, they aren't really secrets. In personal life, a secret revealed can damage relationships, lead to social stigma, or, at the very least, be embarrassing. In a developer's or application security engineer's professional life, the consequences of exposing secrets can lead to breaches of security, data leaks, and, well, also be embarrassing. And while there are tools available for detecting source code and code repositories, there are few options for identifying secrets in plain text, documents, emails, chat logs, content management systems, and more. What Are Secrets? In the context of applications, secrets are sensitive information such as passwords, API keys, cryptographic keys, and other confidential data that an application needs to function but should not be exposed to unauthorized users. Secrets are typically stored securely and access

The Hacker News

July 3, 2023

The Impacts of Data Loss on Your Organization Full Text

Abstract What are the causes of Data Loss and which are their impact on your organization? In today's digital age, data has become the lifeblood of organizations, driving critical decision-making, improving operational efficiency, and allowing for smoother...

Security Affairs

June 28, 2023

5 Things CISOs Need to Know About Securing OT Environments Full Text

Abstract For too long the cybersecurity world focused exclusively on information technology (IT), leaving operational technology (OT) to fend for itself. Traditionally, few industrial enterprises had dedicated cybersecurity leaders. Any security decisions that arose fell to the plant and factory managers, who are highly skilled technical experts in other areas but often lack cybersecurity training or knowledge. In more recent years, an uptick in cyberattacks against industrial facilities and the trend of IT/OT convergence driven by Industry 4.0 have highlighted the vacuum of ownership around OT security.  According to a new Fortinet report , most organizations are looking to Chief Information Security Officers (CISOs) to solve the problem. Fortunately, CISOs are no strangers to change or difficult challenges. The position itself is less than 20 years old, yet in those two decades CISOs have navigated some of the most disruptive cybersecurity events that were truly watershed moments in techno

The Hacker News

June 26, 2023

Researchers Find Way to Recover Cryptographic Keys by Analyzing LED Flickers Full Text

Abstract In what's an ingenious  side-channel attack , a group of academics has found that it's possible to recover secret keys from a device by analyzing video footage of its power LED. "Cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness of the device's power LED," researchers from the Ben-Gurion University of the Negev and Cornell University  said  in a study. By taking advantage of this observation, it's possible for threat actors to leverage video camera devices such as an iPhone 13 or an internet-connected surveillance camera to extract the cryptographic keys from a smart card reader­. Specifically, video-based cryptanalysis is accomplished by obtaining video footage of rapid changes in an LED's brightness and exploiting the video camera's  rolling shutter  effect to capture the physical emanations. "This is caused by the fact that the power LED is connected directly to the pow

The Hacker News

June 26, 2023

How Generative AI Can Dupe SaaS Authentication Protocols — And Effective Ways To Prevent Other Key AI Risks in SaaS Full Text

Abstract Security and IT teams are routinely forced to adopt software before fully understanding the security risks. And AI tools are no exception. Employees and business leaders alike are flocking to generative AI software and similar programs, often unaware of the major SaaS security vulnerabilities they're introducing into the enterprise. A February 2023  generative AI survey of 1,000 executives  revealed that 49% of respondents use ChatGPT now, and 30% plan to tap into the ubiquitous generative AI tool soon. Ninety-nine percent of those using ChatGPT claimed some form of cost-savings, and 25% attested to reducing expenses by $75,000 or more. As the researchers conducted this survey a mere three months after ChatGPT's general availability, today's ChatGPT and AI tool usage is undoubtedly higher.  Security and risk teams are already overwhelmed protecting their SaaS estate (which has now become the operating system of business) from common vulnerabilities such as misconfigurati

The Hacker News

June 23, 2023

The Power of Browser Fingerprinting: Personalized UX, Fraud Detection, and Secure Logins Full Text

Abstract The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of browser fingerprinting? You should! It's an online user identification technique that collects information about a visitor's web browser and its configuration preferences to associate individual browsing sessions with a single website visitor.  With browser fingerprinting, many pieces of data can be collected about a user's web browser and device, such as screen resolution, location, language, and operating system. When you stitch these pieces together, they reveal a unique combination of information that forms every user's visitor ID or "digital fingerprint." Websites can use the visitor ID in various ways, including personalizing the user's experience, improving fraud detection, and optimizing login security. This article discusses the case for browser fingerprinting and how to use it safely on your websi

The Hacker News

June 22, 2023 <br {:=”” .fs-4=”” .fw-700=”” .lh-0=”” }=”” <p=”” style=”font-weight:500; margin:0px” markdown=”1”> Generative-AI apps & ChatGPT: Potential risks and mitigation strategies Full Text

Abstract Losing sleep over Generative-AI apps? You're not alone or wrong. According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems like Slack, GitHub and Google Workspace and this number is only expected to grow. Continue reading to understand the potential risks and how to minimize them.  Book a Generative-AI Discovery session with Astrix Security's experts (free - no strings attached - agentless & zero friction) "Hey ChatGPT, review and optimize our source code"  "Hey Jasper.ai, generate a summary email of all our net new customers from this quarter"  "Hey Otter.ai, summarize our Zoom board meeting" In this era of financial turmoil, businesses and employees alike are constantly looking for tools to automate work processes and increase efficiency and productivity by connecting third party apps to core business systems such as Google workspace, Slack and GitHub

The Hacker News

June 22, 2023

Unveiling the Unseen: Identifying Data Exfiltration with Machine Learning Full Text

Abstract Why Data Exfiltration Detection is Paramount? The world is witnessing an exponential rise in ransomware and data theft employed to extort companies. At the same time, the industry faces numerous critical vulnerabilities in database software and company websites. This evolution paints a dire picture of data exposure and exfiltration that every security leader and team is grappling with. This article highlights this challenge and expounds on the benefits that Machine Learning algorithms and Network Detection & Response (NDR) approaches bring to the table. Data exfiltration often serves as the final act of a cyberattack, making it the last window of opportunity to detect the breach before the data is made public or is used for other sinister activities, such as espionage. However, data leakage isn't only an aftermath of cyberattacks, it can also be a consequence of human error. While prevention of data exfiltration through security controls is ideal, the escalating complexity a

The Hacker News

June 21, 2023

Startup Security Tactics: Friction Surveys Full Text

Abstract When we do quarterly  planning , my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security incidents Increase trust in Vanta's information security program Reduce the friction caused by information security controls Use security expertise to support the business In this article, I'm going to focus on number three: reducing friction. Declaring your intentions There is value in making "reducing friction" an explicit goal of your security program. It sets the right tone with your counterparts across the organization, and is one step toward building a positive security culture. The first time I presented those outcomes in a company-wide forum, I received a Slack message from a senior leader who had just joined the company: "fantastic to hear about the security's teams focus on removing invisible security controls. Excellent philosophy for the security team [...] its just awesome too many security teams vi

The Hacker News

June 16, 2023

Activities in the Cybercrime Underground Require a New Approach to Cybersecurity Full Text

Abstract As Threat Actors Continuously Adapt their TTPs in Today's Threat Landscape, So Must You Earlier this year, threat researchers at Cybersixgill released the annual report,  The State of the Cybercrime Underground .  The research stems from an analysis of Cybersixgill's collected intelligence items throughout 2022, gathered from the deep, dark and clear web. The report examines the continuous evolution of threat actors' tactics, tools, and procedures (TTPs) in the Digital Age – and how organizations can adapt to reduce risk and maintain business resilience. This article summarizes a few of the report's findings, including trends in credit card fraud, observations about cryptocurrency, AI developments and how they're lowering barriers to entry to cybercrime, and the rise of cybercriminal "as-a-service" activities. Further below, I also discuss the need for a new security approach, combining attack surface management (ASM) and cyber threat intelligence (CTI) to

The Hacker News

June 14, 2023

Where from, Where to — The Evolution of Network Security Full Text

Abstract For the better part of the 90s and early aughts, the sysadmin handbook said, " Filter your incoming traffic, not everyone is nice out there " (later coined by Gandalf as " You shall not pass "). So CIOs started to supercharge their network fences with every appliance they could get to protect against inbound (aka INGRESS) traffic. In the wake of the first mass phishing campaigns in the early 2010s, it became increasingly obvious that someone had to deal with the employees and, more and specifically, their stunning capacity to click on every link they'd receive. Outbound traffic filtering (aka EGRESS) became an obsession. Browser security, proxies, and other glorified antiviruses became the must-have every consulting firm would advise their clients to get their hands on ASAP. The risk was real, and the response was fairly adapted, but it also contributed to the famous " super soldier " stance. I'm alone against an army? So be it, I'll dig a t

The Hacker News

June 13, 2023

Webinar - Mastering API Security: Understanding Your True Attack Surface Full Text

Abstract Believe it or not, your attack surface is expanding faster than you realize. How? APIs, of course! More formally known as application programming interfaces, API calls are growing twice as fast as HTML traffic, making APIs an ideal candidate for new security solutions aimed at protecting customer data, according to Cloudflare. According to the "Quantifying the Cost of API Insecurity" report, US businesses incurred upwards of $23 billion in losses from API-related breaches in 2022. In fact, 76% of cybersecurity professionals admitted to experiencing an API-related security incident. This is why you can't afford to ignore your API security posture , especially when you consider that APIs don't exist in a vacuum. The infrastructure components powering those critical APIs can suffer from security misconfigurations as well, leaving you open to unexpected breaches. However, this isn't something you or your AppSec teams can take on alone, both in terms of volume and

The Hacker News

June 08, 2023

How to Improve Your API Security Posture Full Text

Abstract APIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn't come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or even take control of the entire system. Therefore, it's essential to have a robust API security posture to protect your organization from potential threats. What is API posture management? API posture management refers to the process of monitoring and managing the security posture of your APIs. It involves identifying potential vulnerabilities and misconfigurations that could be exploited by attackers, and taking the necessary steps to remediate them. Posture management also helps organizations classify sensitive data and ensure that it's compliant with the leading data compliance regulations such as GDPR, HIPAA, and PCI DSS.  As mentioned above, APIs are a popular target for attackers

The Hacker News

June 07, 2023

Winning the Mind Game: The Role of the Ransomware Negotiator Full Text

Abstract Get exclusive insights from a real ransomware negotiator who shares authentic stories from network hostage situations and how he managed them. The Ransomware Industry Ransomware is an industry. As such, it has its own business logic: organizations pay money, in crypto-currency, in order to regain control over their systems and data. This industry's landscape is made up of approximately 10-20 core threat actors who originally developed the ransomware's malware. To distribute the malware, they work with affiliates and distributors who utilize widespread  phishing attacks  to breach organizations. Profits are distributed with approximately 70% allocated to the affiliates and 10%-30% to these developers. The use of phishing renders online-based industries, like gaming, finance and insurance, especially vulnerable.  In addition to its financial motivations, the ransomware industry is also influenced by geo-political politics. For example, in June 2021, following the ransomware

The Hacker News

June 06, 2023

5 Reasons Why IT Security Tools Don’t Work For OT Full Text

Abstract Attacks on critical infrastructure and other OT systems are on the rise as digital transformation and OT/IT convergence continue to accelerate. Water treatment facilities, energy providers, factories, and chemical plants — the infrastructure that undergirds our daily lives could all be at risk. Disrupting or manipulating OT systems stands to pose real physical harm to citizens, environments, and economies. Yet the landscape of OT security tools is far less developed than its information technology (IT) counterpart. According to a recent  report from Takepoint Research and Cyolo , there is a notable lack of confidence in the tools commonly used to secure remote access to industrial environments.  Figure 1: New research reveals a large gap across industries between the level of concern about security risks and the level of confidence in existing solutions for industrial secure remote access (I-SRA). The traditional security strategy of industrial environments was isolation – isolatio

The Hacker News

June 02, 2023

The Importance of Managing Your Data Security Posture Full Text

Abstract Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do you manage it?  Data security posture management  (DSPM) became mainstream following the publication of Gartner® Cool Vendors™ in Data Security—Secure and Accelerate Advanced Use Cases. In that  report , Gartner1 seems to have kicked off the popular use of the data security posture management term and massive investment in this space by every VC. Since that report, Gartner has identified at least 16 DSPM vendors, including Symmetry Systems. What is Data Security Posture? There certainly is a lot being marketed and published about data security posture management solutions themselves, but we first wanted to dig into what is data security posture?  Symmetry Systems defines data security pos

The Hacker News

May 31, 2023

6 Steps to Effectively Threat Hunting: Safeguard Critical Assets and Fight Cybercrime Full Text

Abstract Finding threat actors before they find you is key to beefing up your cyber defenses. How to do that efficiently and effectively is no small task – but with a small investment of time, you can master threat hunting and save your organization millions of dollars. Consider this staggering statistic. Cybersecurity Ventures estimates that cybercrime will take a $10.5 trillion toll on the global economy by 2025. Measuring this amount as a country, the cost of cybercrime equals the world's third-largest economy after the U.S. and China. But with effective threat hunting, you can keep bad actors from wreaking havoc on your organization. This article offers a detailed explanation of threat hunting – what it is, how to do it thoroughly and effectively, and how cyber threat intelligence (CTI) can bolster your threat-hunting efforts. What is threat hunting? Cyber threat hunting is gathering evidence that a threat is materializing. It's a continuous process that helps you find the threats that

The Hacker News

May 30, 2023

Implementing Risk-Based Vulnerability Discovery and Remediation Full Text

Abstract In this day and age, vulnerabilities in software and systems pose a considerable danger to businesses, which is why it is essential to have an efficient vulnerability management program in place. To stay one step ahead of possible breaches and reduce the damage they may cause, it is crucial to automate the process of finding and fixing vulnerabilities depending on the level of danger they pose. This post will discuss the fundamental approaches and tools to implement and automate risk-based vulnerability management. To make this process easier, consider using an  all-in-one cloud-based solution  right from the start. Implementing a risk-based vulnerability management program A risk-based vulnerability management program is a complex preventative approach used for swiftly detecting and ranking vulnerabilities based on their potential threat to a business. By implementing a risk-based vulnerability management approach, organizations can improve their security posture and reduce the lik

The Hacker News

May 29, 2023

3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them Full Text

Abstract If you're a cybersecurity professional, you're likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day. In this article, we'll look at another trending acronym – CTEM, which stands for Continuous Threat Exposure Management – and the often-surprising challenges that come along with seeing a CTEM program through to maturity. While the concept of CTEM isn't brand spanking new, having made its in-print debut in July of 2022, we are now at the point where many organizations are starting to try to operationalize the programs that they've been setting into motion over the last few months. And as organizations start to execute their carefully designed plans, they may find themselves bumping up against some unexpected challenges which can lead to setbacks.  What is Continuous Threat Exposure Management (CTEM)? But first, to backtrack, let's just

The Hacker News

May 25, 2023

Webinar with Guest Forrester: Browser Security New Approaches Full Text

Abstract In today's digital landscape, browser security has become an increasingly pressing issue, making it essential for organizations to be aware of the latest threats to browser security. That's why the Browser Security platform LayerX is hosting  a webinar  featuring guest speaker Paddy Harrington, a senior analyst at Forrester and the lead author of Forrester's browser security report "Securing The Browser In The World Of Anywhere Work ". During this webinar, Harrington will join LayerX CEO, to discuss the emergence of the browser security category, the browser security risk and threat landscape, and why addressing browser security can wait no longer. The webinar will also cover browser security solutions, explaining their pros, cons, and differences, and how organizations can work more securely in the browser. Additionally, the session will focus on using browser security solutions as a cost-saver for security teams. Participants will also get an exclusive opport

The Hacker News

May 23, 2023

Hacking and Cybersecurity: Class 1, Practical Cybersecurity Full Text

Abstract The first class of Lawfare's cybersecurity and hacking course is now available to the public.

Lawfare

May 23, 2023

The Rising Threat of Secrets Sprawl and the Need for Action Full Text

Abstract The most precious asset in today's information age is the secret safeguarded under lock and key. Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the  2023 State of Secrets Sprawl  report, the largest analysis of public GitHub activity.  The report shows a  67% year-over-year increase  in the number of secrets found, with 10 million hard-coded secrets detected in 2022 alone. This alarming surge in secrets sprawl highlights  the need for action  and underscores the importance of secure software development. Secrets sprawl refers to secrets appearing in plaintext in various sources, such as source code, build scripts, infrastructure as code, logs, etc. While secrets like API tokens and private keys securely connect the components of the modern software supply chain, their widespread distribution among developers, machines, applications, and infrastructure systems heightens the likelihood of leaks. Cybersecurity Incidents Highlight the Danger

The Hacker News

May 22, 2023

Are Your APIs Leaking Sensitive Data? Full Text

Abstract It's no secret that data leaks have become a major concern for both citizens and institutions across the globe. They can cause serious damage to an organization's reputation, induce considerable financial losses, and even have serious legal repercussions. From the infamous Cambridge Analytica scandal to the Equifax data breach, there have been some pretty high-profile leaks resulting in massive consequences for the world's biggest brands. Breaches can also have a huge impact on individuals as well – ultimately leading to the loss of personal information, such as passwords or credit card details, which could be used by criminals for malicious purposes. Most notably victims are left vulnerable to identity theft or financial fraud.  When you think about the sheer volume of these leaks, one would imagine that the world would stop and focus on the attack vector(s) being exploited. The unfortunate reality is the world didn't stop. To make things more interesting, the most

The Hacker News

May 18, 2023

Zero Trust + Deception: Join This Webinar to Learn How to Outsmart Attackers! Full Text

Abstract Cybersecurity is constantly evolving, but complexity can give hostile actors an advantage. To stay ahead of current and future attacks, it's essential to simplify and reframe your defenses. Zscaler Deception is a state-of-the-art next-generation deception technology seamlessly integrated with the Zscaler Zero Trust Exchange. It creates a hostile environment for attackers and enables you to track the entire attack sequence. We're hosting a session where we'll demonstrate how you can set up Zscaler Deception to detect advanced attacks, investigate threats, and contain them. Join us to learn about the latest advances and best practices directly from our technical product experts. Don't let lateral threats compromise your environment. Why attend? Learn how Zscaler Deception can help you generate private threat intelligence, detect compromised users, stop lateral movement, and secure Active Directory. Discover automated deception campaigns that can be launched within

The Hacker News

May 18, 2023

How to Reduce Exposure on the Manufacturing Attack Surface Full Text

Abstract Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts. This digital transformation of the factory floor has accelerated the connection of machinery to digital systems and data. Computer systems for managing and monitoring digital systems and data have been added to the hardware and software used for managing and monitoring industrial devices and machines, connecting OT to IT. Such connectivity enhances productivity, reduces operational costs and speeds up processes. However, this convergence has also increased organizations' security risk, making manufacturers more susceptible to attacks. In fact, in 2022 alone, there were 2,337 security breaches of manufacturing systems, 338 with confirmed data disclosure (Verizon, 2022 DBIR Report).  Ransomware: A Growing Threat for Manufacturers The nature of attacks has also changed. In the past, attackers may have been espionage-driven, targeting

The Hacker News

May 10, 2023

Why Honeytokens Are the Future of Intrusion Detection Full Text

Abstract A few weeks ago, the 32nd edition of RSA, one of the world's largest cybersecurity conferences, wrapped up in San Francisco. Among the highlights, Kevin Mandia, CEO of Mandiant at Google Cloud, presented a retrospective on  the state of cybersecurity . During his keynote, Mandia stated: "There are clear steps organizations can take beyond common safeguards and security tools to strengthen their defenses and increase their chances of detecting, thwarting or minimizing attack [...] Honeypots , or fake accounts deliberately left untouched by authorized users,  are effective at helping organizations detect intrusions or malicious activities that security products can't stop ". "Build honeypots" was one of his seven pieces of advice to help organizations avoid some of the attacks that might require engagement with Mandiant or other incident response firms. As a reminder, honeypots are  decoy systems  that are set up to lure attackers and divert their attentio

The Hacker News

May 09, 2023

Product Security: Harnessing the Collective Experience and Collaborative Tools in DevSecOps Full Text

Abstract In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let's dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villains. Application security and product security Regrettably, application security teams often intervene late in the development process. They maintain the security level of exposed software, ensuring the integrity and confidentiality of consumed or produced data. They focus on securing data flows, isolating environments with firewalls, and implementing strong user authentication and access control. Product security teams aim to guarantee the intrinsic reliability of applications. They recommend tools and resources, making them available to developers and operations. In the DevSecOps approach, each team is responsible for the security of the applications they create. These teams apply secur

The Hacker News

May 08, 2023

Join Our Webinar: Learn How to Defeat Ransomware with Identity-Focused Protection Full Text

Abstract Are you concerned about ransomware attacks? You're not alone. In recent years, these attacks have become increasingly common and can cause significant damage to organizations of all sizes. But there's good news - with the right security measures in place, such as real-time MFA and service account protection, you can effectively protect yourself against these types of attacks. That's why we're excited to invite you to our upcoming webinar with Yiftach Keshet, cybersecurity expert and Chief Marketing Officer at Silverfort. During this webinar, Yiftach will share his insights on how real-time MFA and service account protection can defeat ransomware attacks, and why identity-focused protection is the only way to stop lateral movement and ransomware spread. Some of the key topics that will be covered in this webinar include: The increasing risk of lateral movement and how it's become one of the most critical risks facing organizations today. The blind spots in MFA

The Hacker News

May 08, 2023

How to Set Up a Threat Hunting and Threat Intelligence Program Full Text

Abstract Threat hunting is an essential component of your cybersecurity strategy. Whether you're getting started or in an advanced state, this article will help you ramp up your threat intelligence program. What is Threat Hunting? The cybersecurity industry is shifting from a reactive to a proactive approach. Instead of waiting for cybersecurity alerts and then addressing them, security organizations are now deploying red teams to actively seek out breaches, threats and risks, so they can be isolated. This is also known as "threat hunting."  Why is Threat Hunting Required? Threat hunting complements existing prevention and detection security controls. These controls are essential for mitigating threats. However, they are optimized for low false positive alerting. Hunt solutions, on the other hand, are optimized for low false negatives. This means that the anomalies and outliers that are considered false positives for detection solutions, are hunting solutions' leads, to b

The Hacker News

May 04, 2023

How To Create Seamless Digital Experiences For Web And Mobile Full Text

Abstract There are simple steps to follow when an organization is developing a web application or needs to lift its digital experience and match a customer's expectations. Learn more here from LambdaTest.

BleepingComputer

May 03, 2023

Download the eBook: What Does it Take to be a Full-Fledged Virtual CISO? Full Text

Abstract Almost half of MSP clients fell victim to a cyberattack within the last 12 months. In the SMB world, the danger is especially acute as only 50% of SMBs have a dedicated internal IT person to take care of cybersecurity. No wonder cybercriminals are targeting SMBs so heavily. No wonder SMBs are increasingly willing to pay a subscription or retainer to gain access to expert C-level cyber-assistance in devising and implementing strategies to prevent breaches, reduce risk, and mitigate the consequences of attacks. Hence the popularity of Virtual Chief Information Security Officer (vCISO) services. They are especially attractive to MSPs and MSSPs as:  They enable service providers to address a growing need from their SMB clients for proactive cyber resilience  They offer the potential to grow recurring revenues - expand into a new customer base or sell a new service to existing customers They help service providers differentiate themselves They are an excellent vehicle from which to u

The Hacker News

May 01, 2023

Wanted Dead or Alive: Real-Time Protection Against Lateral Movement Full Text

Abstract Just a few short years ago, lateral movement was a tactic confined to top APT cybercrime organizations and nation-state operators. Today, however, it has become a commoditized tool, well within the skillset of any ransomware threat actor. This makes real-time detection and prevention of lateral movement a necessity to organizations of all sizes and across all industries. But the disturbing truth is that there is actually no tool in the current security stack that can provide this real-time protection, creating what is arguably the most critical security weakness in an organization's security architecture.  In this article, we'll walk through the most essentials questions around the challenge of lateral movement protection, understand why multifactor authentication (MFA) and service account protection are the gaps that make it possible, and learn how Silverfort's platform turns the tables on attackers and makes lateral movement protection finally within reach. Upcoming We

The Hacker News

April 28, 2023

Why Your Detection-First Security Approach Isn’t Working Full Text

Abstract Stopping new and evasive threats is one of the greatest challenges in cybersecurity. This is among the biggest reasons why  attacks increased dramatically in the past year  yet again, despite the estimated $172 billion spent on global cybersecurity in 2022. Armed with cloud-based tools and backed by sophisticated affiliate networks, threat actors can develop new and evasive malware more quickly than organizations can update their protections.  Relying on malware signatures and blocklists against these rapidly changing attacks has become futile. As a result, the SOC toolkit now largely revolves around threat detection and investigation. If an attacker can bypass your initial blocks, you expect your tools to pick them up at some point in the attack chain. Every organization's digital architecture is now seeded with security controls that log anything potentially malicious. Security analysts pore through these logs and determine what to investigate further. Does this work? Let'

The Hacker News

April 21, 2023

14 Kubernetes and Cloud Security Challenges and How to Solve Them Full Text

Abstract Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response,  Uptycs , the first unified CNAPP and XDR platform, released a whitepaper, " 14 Kubernetes and Cloud Security Predictions for 2023 and How Uptycs Meets Them Head-On " addressing the most pressing challenges and trends in Kubernetes and cloud security for 2023. Uptycs explains how their unified CNAPP and XDR solution is designed to tackle these emerging challenges head-on.  Read on for key takeaways from the whitepaper and learn how Uptycs helps modern organizations successfully navigate the evolving landscape of Kubernetes and cloud security.  14 Kubernetes and Cloud Security Predictions for 2023 C

The Hacker News

April 21, 2023

Intro to phishing: simulating attacks to build resiliency Full Text

Abstract Phishing attacks are a major threat to organizations, they remain a perennial choice of cybercriminals when it comes to hacking their victims. Original post at https://cybernews.com/security/phishing-intro-to-build-resiliency/ While organizations...

Security Affairs

April 20, 2023

Beyond Traditional Security: NDR’s Pivotal Role in Safeguarding OT Networks Full Text

Abstract Why is Visibility into OT Environments Crucial? The significance of Operational Technology (OT) for businesses is undeniable as the OT sector flourishes alongside the already thriving IT sector. OT includes industrial control systems, manufacturing equipment, and devices that oversee and manage industrial environments and critical infrastructures. In recent years, adversaries have recognized the lack of detection and protection in many industrial systems and are actively exploiting these vulnerabilities. In response, IT security leaders have become more aware of the need to protect their OT environments with security monitoring and response capabilities. This development was accelerated by severe past cyber incidents targeting critical OT environments and even causing physical damage to infrastructures. Given the pivotal role these systems play in business operations and modern society, ensuring their security is of utmost importance. The underlying trend is clear: OT and IoT networ

The Hacker News

April 20, 2023

ChatGPT’s Data Protection Blind Spots and How Security Teams Can Solve Them Full Text

Abstract In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate productivity boosters. However, the very same technology that enables rapid production of high-quality text on demand, can at the same time expose sensitive corporate data. A recent  incident , in which Samsung software engineers pasted proprietary code into ChatGPT, clearly demonstrates that this tool can easily become a potential data leakage channel. This vulnerability introduces a demanding challenge for security stakeholders, since none of the existing data protection tools can ensure no sensitive data is exposed to ChatGPT. In this article we'll explore this security challenge in detail and show how browser security solutions can provide a solution. All while enabling organizations to fully realize ChatGPT's productivity potential and without having to compromise on data security.  The ChatGPT data protection blind spot: How can you govern

The Hacker News

April 20, 2023

Wargaming an effective data breach playbook Full Text

Abstract Foreseeing every possible twist and turn of a breach may be impossible, but through extensive wargaming, security teams can simulate diverse situations to give them a proactive edge.

Cyware

April 19, 2023

Living Off the Land (LOTL) attacks: Detecting ransomware gangs hiding in plain sight Full Text

Abstract By mimicking normal behavior, LOTL attacks make it extremely difficult for IT teams and security solutions to detect any signs of malicious activities. Experienced analysts, however, might be able to pick up on subindicate an LOTL attack.

Cyware

April 18, 2023

Introducing DevOpt: A Multifunctional Backdoor Arsenal Full Text

Abstract The malware is currently still in development and is receiving continuous improvement updates designed to make it a more potent and effective tool for attackers and a threat to defenders.

Cyware

April 18, 2023

DFIR via XDR: How to expedite your investigations with a DFIRent approach Full Text

Abstract Rapid technological evolution requires security that is resilient, up to date and adaptable. In this article, we will cover the transformation in the field of DFIR (digital forensics and incident response) in the last couple years, focusing on the digital forensics' aspect and how XDR fits into the picture. Before we dive into the details, let's first break down the main components of DFIR and define the differences between them. Digital Forensics vs Incident Response Digital forensics:  the practice of using scientific techniques and tools to identify, preserve, and analyze digital evidence from various sources, such as computers, smartphones, and other electronic devices, in a way that is admissible in a court of law. Incident response:  the process of responding to and managing the aftermath of a security breach or cyberattack. This involves identifying the nature and scope of the incident, containing the damage, eradicating the threat, and restoring the affected syst

The Hacker News

April 17, 2023

What’s the Difference Between CSPM & SSPM? Full Text

Abstract Cloud Security Posture Management (CSPM) and  SaaS Security Posture Management (SSPM)  are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are used interchangeably, this confusion is understandable. This confusion, though, is dangerous to organizations that need to secure data that exists within cloud infrastructures like AWS, Google Cloud, and Microsoft Azure, as well as data within SaaS applications like Salesforce, Microsoft 365, Google Workspace, Jira, Zoom, Slack and more. Assuming that either your CSPM or SSPM will secure your company resources that live off-premises is misplaced trust in a security tool that was only designed to secure either your cloud or your SaaS stack.  It's absolutely vital for decision makers to understand the difference between CSPM and SSPM, the value derived from each solution, and that both complement each other. What Do

The Hacker News

April 17, 2023

Tour of the Underground: Master the Art of Dark Web Intelligence Gathering Full Text

Abstract The Deep, Dark Web – The Underground – is a haven for cybercriminals, teeming with tools and resources to launch attacks for financial gain, political motives, and other causes. But did you know that the underground also offers a goldmine of threat intelligence and information that can be harnessed to bolster your cyber defense strategies? The challenge lies in continuously monitoring the right dark web sources and gathering actionable intelligence through manual methods, which can lead to analyst fatigue and delayed action. Traditional methods of unearthing dark web intelligence can be time-consuming, exhausting, and often fruitless. Discover how to pierce the veil of darkness and illuminate the path to a more secure cyber landscape in our exclusive, high-impact webinar. Register now to secure your spot ! In this enlightening session, you will: Gain practical insights on how to access the dark web Uncover the various types of underground sources that threat actors use Learn how

The Hacker News

April 14, 2023

Webinar: Tips from MSSPs to MSSPs – Building a Profitable vCISO Practice Full Text

Abstract In today's fast-paced and ever-changing digital landscape, businesses of all sizes face a myriad of cybersecurity threats. Putting in place the right people, technological tools and services, MSSPs are in a great position to ensure their customers' cyber resilience.  The growing need of SMEs and SMBs for structured cybersecurity services can be leveraged by MSPs and MSSPs to provide strategic cybersecurity services such as virtual CISO (vCISO) services, leading to recurring revenues and high margins while differentiating service provider from their competitors.  There is a consensus among MSPs and MSSPs that starting a vCISO practice poses a great business opportunity, but how can you successfully pull it off?  Cynomi has leveraged its network of top-notch vCISO service providers and invited three of them to a panel discussion, where they shared tips on how to start and scale a vCISO practice, and most importantly –  how to keep it profitable.  This panel discussion is aim

The Hacker News

April 13, 2023

Tackling Software Supply Chain Security: A Toolbox for Policymakers Full Text

Abstract Security flaws keep software and entire supply chains vulnerable. It is critical that policymakers work to set regulatory lanes for companies to build safe and secure technology.

Lawfare

April 13, 2023

Why Shadow APIs are More Dangerous than You Think Full Text

Abstract Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface (API) that isn't officially documented or supported.  Contrary to popular belief, it's unfortunately all too common to have APIs in production that no one on your operations or security teams knows about. Enterprises manage thousands of APIs, many of which are not routed through a proxy such as an API gateway or web application firewall. This means they aren't monitored, are rarely audited, and are most vulnerable.  Since they aren't visible to security teams, shadow APIs provide hackers with a defenseless path to exploit vulnerabilities. These APIs can potentially be manipulated by malicious actors to gain access to a range of sensitive information, from customer addresses to company financial records. Considering the potential

The Hacker News

April 11, 2023

[eBook] A Step-by-Step Guide to Cyber Risk Assessment Full Text

Abstract In today's perilous cyber risk landscape, CISOs and CIOs must defend their organizations against relentless cyber threats, including ransomware, phishing, attacks on infrastructure, supply chain breaches, malicious insiders, and much more. Yet at the same time, security leaders are also under tremendous pressure to reduce costs and invest wisely.  One of the most effective ways for CISOs and CIOs to make the best use of their limited resources to protect their organizations is by conducting a cyber risk assessment. A comprehensive cyber risk assessment can help: Identify vulnerabilities and threats Prioritize security investments Assess cybersecurity maturity Communicate cyber risk to executives Provide the basis for cyber risk quantification A new guide by cybersecurity optimization provider CYE ( download here ) explains how this can be accomplished. The guide outlines several approaches to cyber risk assessments and describes the necessary steps that can yield solid in

The Hacker News

April 10, 2023

How LockBit Changed Cybersecurity Forever Full Text

Abstract Operating as a Ransomware-as-a-Service, the group consists of a central team that crafts the malware and manages its website. Meanwhile, the group also grants access to its code to affiliates who help execute the cyberattacks.

Cyware

April 06, 2023

Supply Chain Attacks and Critical Infrastructure: How CISA Helps Secure a Nation’s Crown Jewels Full Text

Abstract Critical infrastructure attacks are a preferred target for cyber criminals. Here's why and what's being done to protect them. What is Critical Infrastructure and Why is It Attacked? Critical infrastructure is the physical and digital assets, systems and networks that are vital to national security, the economy, public health, or safety. It can be government- or privately-owned. According to Etay Maor, Senior Director Security Strategy at  Cato Networks , "It's interesting to note critical infrastructure doesn't necessarily have to be power plants or electricity. A nation's monetary system or even a global monetary system can be and should be considered a critical infrastructure as well." These qualities make critical infrastructure a preferred target for cyber attacks. If critical infrastructure is disrupted, the impact is significant. In some cases, such cyber attacks on critical infrastructure have become another means of modern warfare. But unlike

The Hacker News

April 05, 2023

Protect Your Company: Ransomware Prevention Made Easy Full Text

Abstract Every year hundreds of millions of malware attacks occur worldwide, and every year businesses deal with the impact of viruses, worms, keyloggers, and ransomware. Malware is a pernicious threat and the biggest driver for businesses to look for cybersecurity solutions.  Naturally, businesses want to find products that will stop malware in its tracks, and so they search for solutions to do that. But  malware protection  alone is not enough, instead what's needed is a more holistic approach. Businesses need to defend against malware entering the network, and then on top of that have systems and processes in place to restrict the damage that malware can do if it infects a user device.  This approach will not only help stop and mitigate the damage from malware, but defend against other types of threats too, such as credential theft as a result of phishing, insider threats, and supply-chain attacks.  Element 1: Malware Protection and Web Filtering The first and most sensible place to

The Hacker News

April 3, 2023

Managing the risks of unstructured data growth Full Text

Abstract Much of the data in the cloud is unstructured and highly vulnerable to cyber threats. Unstructured data can include anything from emails and FedEx receipts to sensor data and social media feeds.

Cyware

March 29, 2023

How to Build a Research Lab for Reverse Engineering — 4 Ways Full Text

Abstract Malware analysis is an essential part of security researcher's work. But working with malicious samples can be dangerous — it requires specialized tools to record their activity, and a secure environment to prevent unintended damage. However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse engineering lab, discuss how to save time, and, potentially, improve the detection rate using a cloud service, and a recommended list of tools for a comprehensive setup. What is a malware analysis lab? In essence, a malware analysis lab provides a safe, isolated space for examining malware. The setup can range from a straightforward virtual machine using VirtualBox to a more intricate network of interconnected machines and actual networking hardware. But in this article, we'll look at building a lab tailored for static analysis, so what we will need is a secure environment where we

The Hacker News

March 28, 2023

The End-User Password Mistakes Putting Your Organization at Risk Full Text

Abstract Though there are many ways to create passwords, not all are equally effective. It is important to consider the various ways a password-protected system can fail.

BleepingComputer

March 28, 2023

Balancing security risks and innovation potential of shadow IT teams Full Text

Abstract Shadow IT teams, also known as rogue IT teams, have grown in popularity in recent years due to the rise of cloud-based apps and remote work. However, this has led to operational tension and security risks within many businesses.

Cyware

March 24, 2023

THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps Full Text

Abstract Any app that can improve business operations is quickly added to the SaaS stack. However, employees don't realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk. Whether employees connect through Microsoft 365, Google Workspace, Slack, Salesforce, or any other app, security teams have no way to quantify their exposure. These 'secondary' apps can be requesting an intrusive set of permissions or be malicious. Every click authorizing access may grant the right to edit or delete company files, send emails on behalf of the user, create new files, or otherwise handle data in a way that poses a profound threat to the organization's security. To handle the SaaS Security challenges, security teams need to address the entire SaaS ecosystem.  Today's SaaS security evolution has expanded SaaS security beyond simply preventing access. It extends far beyond securing the app. Today's orga

The Hacker News

March 22, 2023

Preventing Insider Threats in Your Active Directory Full Text

Abstract Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. With this ubiquity and power comes the potential for abuse. Insider threats offer some of the most potentials for destruction. Many internal users have over-provisioned access and visibility into the internal network. Insiders' level of access and trust in a network leads to unique vulnerabilities. Network security often focuses on keeping a threat actor out, not on existing users' security and potential vulnerabilities. Staying on top of potential threats means protecting against inside and outside threats. Active Directory Vulnerabilities From the outside, a properly configured AD domain offers a secure authentication and authorization solution. But with complex social engineering and phishing email attacks, an existing AD user can become compromised. Once inside, threat actors have many options to attack Active Directory. Insecure Devices With "Bring Your Own

The Hacker News

March 22, 2023

How to combat hardware Trojans by detecting microchip manipulations Full Text

Abstract Researchers from Ruhr University Bochum, Germany, and the Max Planck Institute for Security and Privacy (MPI-SP) are pioneering innovative detection techniques to combat these hardware Trojans.

Cyware

March 17, 2023

A New Security Category Addresses Web-borne Threats Full Text

Abstract In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of threats that adversaries target the browser with. Attackers are now leveraging the browser's core functionality - rendering and executing web pages for users to access - to perform attacks. The browser is now an attack surface, as well as an attack vector for malicious access to corporate SaaS and web applications through account takeover and the use of compromised credentials. To address this issue, a new guide was recently published ( Download Here ). It analyzes what a solution to these threats would look like. The guide, "Protection from web-borne threats starts with Browser Securit

The Hacker News

March 15, 2023

The Different Methods and Stages of Penetration Testing Full Text

Abstract The stakes could not be higher for cyber defenders. With the vast amounts of sensitive information, intellectual property, and financial data at risk, the consequences of a data breach can be devastating. According to a report released by  Ponemon institute , the cost of data breaches has reached an all-time high, averaging $4.35 million in 2022. Vulnerabilities in web applications are often the primary gateway for attackers. According to  a World Economic Forum report , just one week after discovering a critical security flaw in a widely used software library (Log4j), more than 100 attempts at exploiting the vulnerability were detected every minute. This illustrates how quickly malicious actors can take advantage of vulnerabilities, highlighting the urgency of regularly assessing and monitoring your system for any vulnerabilities or weak points. The complexity of addressing security challenges in today's digital world is further compounded by the rising use of open-source compo

The Hacker News

March 13, 2023

How to Apply NIST Principles to SaaS in 2023 Full Text

Abstract The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance in the fight against cyberattacks can't be overstated. While NIST hasn't directly developed standards related to securing the SaaS ecosystem, they are instrumental in the way we approach SaaS security. NIST recently released its  Guide to a Secure Enterprise Network Landscape . In it, they discuss the transformation from on-premise networks to multiple cloud servers. Access to these servers, and the accompanying SaaS apps, is through both secure and unsecured devices and locations across disparate geography. The move to the cloud has effectively obliterated the network perimeter. As a result, companies have increased their attack surface and are experiencing an escalation of attacks that

The Hacker News

February 28, 2023

Application Security vs. API Security: What is the difference? Full Text

Abstract As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components of a comprehensive security strategy. By utilizing these practices, organizations can protect themselves from malicious attacks and security threats, and most importantly, ensure their data remains secure. Interestingly enough, despite the clear advantages these disciplines provide, businesses are struggling to understand which security approach is best for their needs. So in this article, we'll discuss the differences between application and API security, best practices that you should consider, and ultimately make the case for why you need both.  What is Application Security Application security, better known as AppSec, is a critical aspect of any organization's cybersecurity strategy.

The Hacker News

February 27, 2023

When Low-Tech Hacks Cause High-Impact Breaches – Krebs on Security Full Text

Abstract The attackers are usually careful to do nothing with the phishing domain until they are ready to initiate a vishing call to a potential victim. And when the attack or call is complete, they disable the website tied to the domain.

Cyware

February 24, 2023

How to Tackle the Top SaaS Challenges of 2023 Full Text

Abstract Are you prepared to tackle the top SaaS challenges of 2023? With high-profile data breaches affecting major companies like Nissan and Slack, it's clear that SaaS apps are a prime target for cyberattacks. The vast amounts of valuable information stored in these apps make them a goldmine for hackers. But don't panic just yet. With the right knowledge and tools, you can protect your company's sensitive data and prevent cyberattacks from wreaking havoc on your business. Join us for an  upcoming webinar  that will equip you with the insights you need to overcome the  top SaaS challenges of 2023 . Led by Maor Bin, CEO and Co-Founder of Adaptive Shield, this highly informative session will provide practical tips and actionable strategies for safeguarding your SaaS applications from potential threats. To better prepare and effectively safeguard your organization, it is crucial to have a comprehensive understanding of the potential entry points and challenges within the ever-e

The Hacker News

February 24, 2023

How to Use AI in Cybersecurity and Avoid Being Trapped Full Text

Abstract The use of AI in cybersecurity is growing rapidly and is having a significant impact on threat detection, incident response, fraud detection, and vulnerability management. According to a report by Juniper Research, the use of AI for fraud detection and prevention is expected to save businesses $11 billion annually by 2023. But how to integrate AI into business cybersecurity infrastructure without being exposed to hackers? In terms of detecting and responding to security threats in a more efficient and effective manner, AI has been helping businesses in lots of ways.  Firstly, it can analyze large amounts of data and identify patterns or anomalies much faster and with greater accuracy than humans. AI detects and responds to security threats in real-time, reducing the time it takes to identify and remediate security incidents. The algorithms can learn from past incidents and adapt to new threats as they emerge. With it, cybersecurity systems can become smarter and more effective ove

The Hacker News

February 22, 2023

3 Steps to Automate Your Third-Party Risk Management Program Full Text

Abstract If you Google "third-party data breaches" you will find many recent reports of data breaches that were either caused by an attack at a third party or sensitive information stored at a third-party location was exposed. Third-party data breaches don't discriminate by industry because almost every company is operating with some sort of vendor relationship – whether it be a business partner, contractor or reseller, or the use of IT software or platform, or another service provider. Organizations are now sharing data with an average of 730 third-party vendors, according to a  report by Osano , and with the acceleration of digital transformation, that number will only grow. The Importance of Third-Party Risk Management With more organizations sharing data with more third-party vendors, it shouldn't be surprising that more than 50% of security incidents in the past two years have stemmed from a third-party with access privileges, according to a  CyberRisk Alliance report.

The Hacker News

February 21, 2023

The Future of Network Security: Predictive Analytics and ML-Driven Solutions Full Text

Abstract As the digital age evolves and continues to shape the business landscape, corporate networks have become increasingly complex and distributed. The amount of data a company collects to detect malicious behaviour constantly increases, making it challenging to detect deceptive and unknown attack patterns and the so-called "needle in the haystack". With a growing number of cybersecurity threats, such as data breaches, ransomware attacks, and malicious insiders, organizations are facing significant challenges in successfully monitoring and securing their networks. Furthermore, the talent shortage in the field of cybersecurity makes manual threat hunting and log correlation a cumbersome and difficult task. To address these challenges, organizations are turning to predictive analytics and Machine Learning (ML) driven network security solutions as essential tools for securing their networks against cyber threats and the unknown bad. The Role of ML-Driven Network Security Solutions

The Hacker News

February 20, 2023

How to Detect New Threats via Suspicious Activities Full Text

Abstract Unknown malware presents a significant cybersecurity threat and can cause serious damage to organizations and individuals alike. When left undetected, malicious code can gain access to confidential information, corrupt data, and allow attackers to gain control of systems. Find out how to avoid these circumstances and detect unknown malicious behavior efficiently.  Challenges of new threats' detection While known malware families are more predictable and can be detected more easily, unknown threats can take on a variety of forms, causing a bunch of challenges for their detection: Malware developers use polymorphism, which enables them to modify the malicious code to generate unique variants of the same malware.  There is malware that is still not identified and doesn't have any rulesets for detection. Some threats can be Fully UnDetectable (FUD) for some time and challenge perimeter security.  The code is often encrypted, making it difficult to detect by signature-based

The Hacker News

February 20, 2023

Social engineering, deception becomes increasingly sophisticated Full Text

Abstract Social engineering techniques are becoming increasingly sophisticated and are exploiting multiple emerging means, such as deep fakes. The increasing use of videoconferencing platforms and the various forms of remote work also adopted in the post-emergency...

Security Affairs

February 16, 2023

What’s Going Into NIST’s New Digital Identity Guidelines? Full Text

Abstract These new guidelines will help set the course for best practices in handling digital identity for organizations across all sectors. The security risk around digital identities stems from verification.

Cyware

February 16, 2023

Breaking the Security “Black Box” in DBs, Data Warehouses and Data Lakes Full Text

Abstract Security teams typically have great visibility over most areas, for example, the corporate network, endpoints, servers, and cloud infrastructure. They use this visibility to enforce the necessary security and compliance requirements. However, this is not the case when it comes to sensitive data sitting in production or analytic databases, data warehouses or data lakes. Security teams have to rely on data teams to locate sensitive data and enforce access controls and security policies. This is a huge headache for both the security and data teams. It weakens the business's security and compliance putting it at risk of exposing sensitive data, large fines, reputational damages, and more. Also, in many cases, it slows down the business's ability to scale up data operations.  This article examines how Satori, a data security platform, gives control of the sensitive data in databases, data warehouses and data lakes to the security teams. Satori's  automated data security plat

The Hacker News

February 15, 2023

Webinar — A MythBusting Special: 9 Myths about File-based Threats Full Text

Abstract Bad actors love to deliver threats in files. Persistent and persuasive messages convince unsuspecting victims to accept and open files from unknown sources, executing the first step in a cyber attack.  This continues to happen whether the file is an EXE or a Microsoft Excel document. Far too often, end users have an illusion of security, masked by good faith efforts of other users and (ineffective) security controls. This creates a virality effect for ransomware, malware, spyware, and annoying grayware and adware to be spread easily from user to user and machine to machine. To stop users from saying, "I reject your reality and substitute my own!" – it's time to bust some myths about file-based attacks.  Testing in three! Two! One!   Register here and join Zscaler's Vinay Polurouthu, Principal Product Manager, and Amy Heng, Product Marketing Manager, to: Bust the 9 most common assumptions and myths about file-based threats Uncover the latest evasion trends and d

The Hacker News

February 15, 2023

Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps Full Text

Abstract In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other. Agility and security  are often at odds with each other— if a new feature is  delivered quickly but  contains security vulnerabilities, the SecOps team will need to scramble the release and patch the vulnerabilities, which can take days or weeks. On the other hand, if the SecOps team takes too long to review and approve a new feature, the development team will get frustrated with the slow pace of delivery. Security needs to move slowly and cautiously, while development wants to "move fast and break things" and release new features quickly. DevOps teams can view security as an impediment to their work instead of an important part of the process. With each team pulling in opposite directions, there is often tension and conflict between the two teams, slowing deve

The Hacker News

February 14, 2023

A CISOs Practical Guide to Storage and Backup Ransomware Resiliency Full Text

Abstract One thing is clear. The " business value"  of data continues to grow, making it an organization's primary piece of intellectual property. From a cyber risk perspective, attacks on data are the most prominent threat to organizations.  Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization data – as well as the IT infrastructure & systems that store the data. What Impact Does This Have On The Security Of Storage & Backup Systems? Just a few years ago, almost no CISO thought that storage & backups were important. That's no longer the case today.  Ransomware has pushed backup and recovery back onto the IT and corporate agenda. Cybercriminals, such as Conti, Hive and REvil, are  targeting storage and backup  systems, to prevent recovery. Some ransomwares – Locky and Crypto, for example – now bypass production systems altogether, and directly target backups. This

The Hacker News

February 11, 2023

Six Common Ways That Malware Strains Get Their Names Full Text

Abstract If a cybercriminal doesn’t name their strain themselves, a cybersecurity researcher creates the name. The primary researcher of the strain will usually come up with the name, and they sometimes assign one that seems random but usually is not.

Cyware

February 10, 2023

3 Overlooked Cybersecurity Breaches Full Text

Abstract Here are three of the worst breaches, attacker tactics and techniques of 2022, and the security controls that can provide effective, enterprise security protection for them. #1: 2 RaaS Attacks in 13 Months Ransomware as a service is a type of attack in which the ransomware software and infrastructure are leased out to the attackers. These ransomware services can be purchased on the dark web from other threat actors and ransomware gangs. Common purchasing plans include buying the entire tool, using the existing infrastructure while paying per infection, or letting other attackers perform the service while sharing revenue with them. In this attack, the threat actor consists of one of the most prevalent ransomware groups, specializing in access via third parties, while the targeted company is a medium-sized retailer with dozens of sites in the United States. The threat actors used ransomware as a service to breach the victim's network. They were able to exploit third-party creden

The Hacker News

February 09, 2023

THN Webinar – Learn How to Comply with New Cyber Insurance Identity Security Requirements Full Text

Abstract The Hacker News is thrilled to announce the launch of our new educational webinar series , in collaboration with the leading cybersecurity companies in the industry! Get ready to dive into the world of enterprise-level security with expert guests who will share their vast knowledge and provide you with valuable insights and information on various security topics. Whether you're a seasoned professional or just starting out in the cybersecurity industry, these webinars are a must-attend. So, mark your calendars and sign up today ! Have you ever stopped to think about the potential consequences of a cyberattack on your organization? It's getting more intense and destructive every day, and organizations are feeling the heat. That's why more and more businesses are turning to  cyber insurance  to find some much-needed peace of mind. Imagine, in the unfortunate event of a successful security breach or ransomware attack, the right policy can help minimize liability and contai

The Hacker News

February 9, 2023

Cyberspace and Instability: Reconceptualizing Instability Full Text

Abstract A new volume edited by Bobby Chesney and co-authors reconceptualizes instability in relation to cyberspace.

Lawfare

February 08, 2023

How to Think Like a Hacker and Stay Ahead of Threats Full Text

Abstract To succeed as a cybersecurity analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks.  During a  webinar called The Hacker Mindset,  a Red Team Researcher shared how you can use some of these tools for your own detection and prevention of breaches. He also demonstrated how an attack takes place using the  Follina exploit  as an example. So, what does "the hacker mindset" mean?  The hacker mindset can be characterized by three core values: a strong sense of curiosity, an adversarial attitude, and persistence.  3 core values of a hacker's mindset  1  —  "Curiosity might have killed the cat, but it had nine lives." Curiosity drives hackers to explore and understand systems, networks, and software in order to identify vulnerabilities. Not only are they constantly seeking new knowledge and skills to improve their abilities and stay ahead of security measures, they're cons

The Hacker News

February 06, 2023

SaaS in the Real World: Who’s Responsible to Secure this Data? Full Text

Abstract When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible for securing their data.  What's far murkier, however, is where the data responsibility lies on the organization's side. For large organizations, this is a particularly challenging question. They store terabytes of customer data, employee data, financial data, strategic data, and other sensitive data records online.  SaaS data breaches and SaaS ransomware attacks can lead to the loss or public exposure of that data. Depending on the industry, some businesses could face stiff regulatory penalties for data breaches on top of the negative PR and loss of faith these breaches bring with them.  Finding the right security model is the first step before deploying any type of SSPM or other SaaS sec

The Hacker News

February 03, 2023

The Pivot: How MSPs Can Turn a Challenge Into a Once-in-a-Decade Opportunity Full Text

Abstract Cybersecurity is quickly becoming one of the most significant growth drivers for Managed Service Providers (MSPs). That's the main insight from a  recent study  from Lumu: in North America, more than 80% of MSPs cite cybersecurity as a primary growth driver of their business. Service providers have a huge opportunity to expand their business and win new customers by developing their cybersecurity offerings. This hardly comes as a surprise since the demand for cybersecurity is in full swing among SMBs and larger enterprises. According to  Gartner , "by 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements." This means that the perception around security is transforming: from liability, it's becoming a powerful business driver. Of course, cybersecurity continues to evolve at a very rapid pace, with threats emerging every day and the stakes getting higher. This alone can fuel the

The Hacker News

February 2, 2023

API management (APIM): What It Is and Where It’s Going Full Text

Abstract Analyzing the concept of API management (APIM), its benefits, and what it will look like as the API landscape continues to evolve. There are two fundamental truths in the API landscape. First: APIs have become a strategic tool for companies to expand...

Security Affairs

February 2, 2023

Mapping Threat Intelligence to the NIST Compliance Framework Part 2 Full Text

Abstract As CTI teams prioritize the intelligence requirements of their business stakeholders, it is beneficial to provide context by mapping the impact of cybersecurity threat intelligence programs to the following NIST core functions.

Cyware

February 01, 2023

Auditing Kubernetes with Open Source SIEM and XDR Full Text

Abstract Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in monitoring Kubernetes and other components of an organization's infrastructure. What is Kubernetes? Kubernetes is an open source container management solution that automates the deployment and scaling of containers and also manages the life cycle of containers. It organizes containers into logical units for simple management and discovery. Kubernetes extends how we scale containerized applications so that we may use a truly persistent infrastructure. You can build cloud-native applications based on microservices with Kubernetes. Enthusiasts view Kubernetes as the cornerstone of application m

The Hacker News

January 26,2023

Is Once-Yearly Pen Testing Enough for Your Organization? Full Text

Abstract Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for secure web application development: Security:  Web applications are constantly evolving, and new vulnerabilities are being discovered all the time. Pen testing helps identify vulnerabilities that could be exploited by hackers and allows you to fix them before they can do any damage. Compliance:  Depending on your industry and the type of data you handle, you may be required to comply with certain security standards (e.g., PCI DSS, NIST, HIPAA). Regular pen testing can help you verify that your web applications meet these standards and avoid penalties for non-compliance. How Often Should You Pentest? Many organizations, big and small,  have once a year pen testing cycle . But what

The Hacker News

January 23,2023

SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric Full Text

Abstract The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management (IAM). After all, user identity is one of the only barriers standing between sensitive corporate data and any unauthorized access.  The tools used to define IAM make up its identity fabric. The stronger the fabric, the more resistant identities are to pressure from threat actors. However, those pressures are only increasing. Decentralized IT, evolving threats, and zero-trust tools are pushing many IAM tools to their limits.  To maintain their effectiveness, IAM are shifting to operating as an agile, interconnected identity fabric rather than just siloed IAM tools. The demands of today's IT operating environment are forcing IAM to support decentralized IT environments while still providing centralized management and governance for its users. Interestingly, many of the identity fabric principles they define are currently found in leading SSPM tools. It's important to note that identity fabr

The Hacker News

January 19,2023

6 Types of Risk Assessment Methodologies + How to Choose Full Text

Abstract An organization's sensitive information is under constant threat. Identifying those security risks is critical to protecting that information. But some risks are bigger than others. Some mitigation options are more expensive than others. How do you make the right decision? Adopting a formal  risk assessment  process gives you the information you need to set priorities. There are many ways to perform a risk assessment, each with its own benefits and drawbacks. We will help you find which of these six risk assessment methodologies works best for your organization. What is Risk Assessment? Risk assessment is the way organizations decide what to do in the face of today's complex security landscape. Threats and vulnerabilities are everywhere. They could come from an external actor or a careless user. They may even be built into the network infrastructure. Decision-makers need to understand the urgency of the organization's risks as well as how much mitigation efforts will cost. Risk as

The Hacker News

January 17,2023

4 Places to Supercharge Your SOC with Automation Full Text

Abstract It's no secret that the job of SOC teams continues to become increasingly difficult. Increased volume and sophistication of attacks are plaguing under-resourced teams with false positives and analyst burnout. However, like many other industries, cybersecurity is now beginning to lean on and benefit from advancements in automation to not only maintain the status quo, but to attain better security outcomes. Automation across multiple phases of the SOC workflow The need for automation is clear, and it is apparent that it is becoming table stakes for the industry. Of all cyber resilient organizations, IBM estimates that  62%  have deployed automation, AI and machine learning tools and processes.  Up until now, much of these advancements in automation have been focused on response, with SOAR and incident response tools playing an instrumental role in tackling the most urgent phase of the SOC workflow.  Centering the focus only on response, however, means we're treating the sym

The Hacker News

January 17, 2023

Managing Asset Risks During Healthcare M&As Full Text

Abstract How healthcare delivery organizations (HDOs) can manage the IT asset risks during a healthcare M&A process. Mergers and Acquisitions (M&A), you’ve probably heard the term before. An M&A is often associated with the “business world”;...

Security Affairs

January 11,2023

Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99 Full Text

Abstract Are you looking to take your career in the information security industry to the next level? Look no further than the 2023 Certified Technology Professional Bundle ! This unparalleled offer grants you lifetime access to nine comprehensive courses in information security, hacking, and cybersecurity at a remarkable price of just $49.99. Yes, you heard me right. Instead of paying the full price of $1,791.00, you can now get access to all of these exceptional courses for a fraction of the original price. These courses cover everything from fundamental cybersecurity concepts to advanced hacking and vulnerability assessment methods, and are taught by industry experts with years of experience. But why should you invest in this package? First, with the increasing reliance on technology and the Internet, information security has become an important issue for individuals and businesses. The bundle provides in-depth knowledge and skills to protect against cyber threats. As a result, you will

The Hacker News

January 10, 2023

How DNSChanger Changed Cybersecurity Full Text

Abstract In November 2011, the FBI-led Operation Ghost Click raided malicious servers run by the Rove Digital cyber group. This was only after it had used the DNSChanger Trojan to infect over four million computers and generate $14 million in illicit profits.

Cyware

January 09,2023

Why Do User Permissions Matter for SaaS Security? Full Text

Abstract Earlier this year, threat actors infiltrated  Mailchimp , the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious attacks against Mailchimp's customers' end users. Three months later, Mailchimp was hit with  another attack . Once again, an employee's account was breached following a successful phishing attempt. While the identity of the Mailchimp accounts that had been compromised wasn't released, it's easy to see how user permission settings could have played a role in the attack. Once threat detectors breached the system, they had the access needed to utilize an internal tool that enabled them to find the data they were looking for. The attack ended when security teams were able to terminate user access, although data which had already been downloaded remained in the threat actor's hands. Introducing user permissions, throu

The Hacker News

January 03,2023

Enforcement vs. Enrollment-based Security: How to Balance Security and Employee Trust Full Text

Abstract Challenges with an enforcement-based approach An enforcement-based approach to security begins with a security policy backed by security controls, often heavy-handed and designed to prevent employees from engaging in risky behavior or inadvertently expanding the potential attack surface of an organization.  Most organizations exclusively use enforcement-based security controls, usually carried out at the network level with a Cloud Access Security Broker (CASB) or a Security Services Edge (SSE). CASBs secure data between on-premises and cloud architectures, validate authorization rules, and access controls against the company's security policy. Some organizations also use CASBs to block SaaS applications, but like SSEs, CASBs only support  some  applications. The applications these tools  don't  support are often the riskiest because they don't meet common industry and security standards, including SAML for authentication and SCIM for user management. At Cerby, these are called "unm

The Hacker News

Dec 02, 2022

What the CISA Reporting Rule Means for Your IT Security Protocol Full Text

Abstract The new  Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)  requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than  24 months  from the enactment of CIRCIA, which the President signed into law  in March . The sessions and NPRM are steps toward creating the new rule.  CISA is  soliciting expert opinion on what to include  in a report but is taking steps to implement the change soon. Here's what that change means for businesses in the US and what you can do about it now.  Overview of the CISA reporting rule  Owners and operators of critical infrastructure must file cyber incident reports with CISA  within 72 hours . They must report ransom payments for ransomware attacks  within 24 hours . Other businesses can take part voluntarily.  The CISA Director can  subpoena  organizations in noncompliance to compel

The Hacker News

Dec 01, 2022
DevSecOps / Secure Coding

What Developers Need to Fight the Battle Against Common Vulnerabilities Full Text

Abstract Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and compliance requirements for some time, we are seeing a steady increase in attention on cybersecurity best practices at the highest levels of government, with the US, UK, and Australia all shining very recent light on the need for secure development at every stage of the SDLC.  Despite this, attackers are constantly finding new ways to bypass even the most advanced protections and defenses. For example, many have shifted their focus from delivering malware to instead compromising APIs, or launching targeted attacks  against a supply chain . And while those high-level incidents are happening with much greater frequency, so too are the more simplistic exploits like cross-site scripting and SQL i

The Hacker News

December 1, 2022

The Evolution of Business Email Compromise Full Text

Abstract While the threat has evolved, threat actors continue to use phishing attacks to steal credentials and then send fraudulent invoices soliciting payment. Thousands of organizations have lost billions of dollars.

Dark Reading

November 29, 2022

7 Cyber Security Tips for SMBs Full Text

Abstract When the headlines focus on breaches of large enterprises like the Optus breach, it's easy for smaller businesses to think they're not a target for hackers. Surely, they're not worth the time or effort?  Unfortunately, when it comes to cyber security, size doesn't matter.  Assuming you're not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple security steps in place. Few small businesses prioritise cybersecurity, and hackers know it. According to Verizon, the number of smaller businesses being hit has climbed steadily in the last few years – 46% of cyber breaches in 2021 impacted businesses with fewer than 1,000 employees.  Cyber security doesn't need to be difficult Securing any business doesn't need to be complex or come with a hefty price tag. Here are seven simple tips to help the smaller business secure their systems, people and data. 1 — Install anti-virus software everywhere Every organisation has anti-virus on the

The Hacker News

November 29, 2022

Tips for Gamifying Your Cybersecurity Awareness Training Program Full Text

Abstract In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. According to one report, 82% of data breaches involved the human element, from social attacks to misuse of technologies. These errors are not always...

Security Affairs

November 28, 2022

The 5 Cornerstones for an Effective Cyber Security Awareness Training Full Text

Abstract It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of  1,097,811 phishing attacks.  These attacks continue to target organizations and individuals to gain their sensitive information.  The hard news:  they're often successful, have a long-lasting negative impact on your organization and employees, including: Loss of Money Reputation damage Loss of Intellectual property Disruptions to operational activities Negative effect on company culture The harder news:  These often could have been easily avoided. Phishing, educating your employees, and creating a cyber awareness culture? These are topics we're sensitive to and well-versed in. So, how can you effectively protect your organization against phishing attempts? These best practices will help transform your employees' behavior and build organizational resilience to phishing attacks.  Source: APWG Plan for total workforc

The Hacker News

November 22, 2022

Here’s How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers Full Text

Abstract The best line of defense against holiday hacking schemes is a comprehensive  incident response strategy  that focuses on end-user vulnerabilities.  The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities. Because employees often use their business emails and cell phones as their primary point of contact, these scams quickly become a threat to employer computer systems. With so many people shopping online, tracking shipments, and entering sensitive data across multiple websites, holiday hackers are primed and ready to attack your networks by taking advantage of your employees' online actions and cell phone usage. According to the FBI, the two most frequent types of  holiday scams  include non-delivery and non-payment crimes – when a consumer either pays for a product or service that is never delivered or products being shipped without the seller receiving payment. Cybercriminals are also keen on gift card fraud and auction fraud, a

The Hacker News

November 21, 2022

Microsoft outlines tactics to prevent attackers from dodging multi-factor authentication Full Text

Abstract Microsoft has outlined several mitigations to protect against attacks on multi-factor authentication that will unfortunately make life more difficult for your remote workers.

ZDNet

November 21, 2022

The pros and cons of using open-source Kubernetes security software Full Text

Abstract In a survey by ARMO, 55% of respondents said they used at least some open-source tools to keep their Kubernetes clusters safe; this includes those who use purely open-source and those who mix open-source and proprietary solutions.

Help Net Security

November 15, 2022

Deep Packet Inspection vs. Metadata Analysis of Network Detection & Response (NDR) Solutions Full Text

Abstract Today, most Network Detection and Response (NDR) solutions rely on traffic mirroring and Deep Packet Inspection (DPI). Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyze the payload. While this approach provides detailed analysis, it requires large amounts of processing power and is blind when it comes to encrypted network traffic. Metadata Analysis has been specifically developed to overcome these limitations. By utilizing metadata for analysis, network communications can be observed at any collection point and be enriched by the information providing insights about encrypted communication. Network Detection and Response (NDR) solutions have become crucial to reliably monitor and protect network operations. However, as network traffic becomes encrypted and data volumes continue to increase, most traditional NDR solutions are reaching their limits. This begs the question: What detect

The Hacker News

November 14, 2022

What is an External Penetration Test? Full Text

Abstract A penetration test (also known as a pentest) is a security assessment that simulates the activities of real-world attackers to identify security holes in your IT systems or applications.  The aim of the test is to understand what vulnerabilities you have, how they could be exploited, and what the impact would be if an attacker was successful. Usually performed first, an external pentest (also known as external network penetration testing) is an assessment of your perimeter systems. Your perimeter is all the systems that are directly reachable from the internet. By definition, they are exposed and are, therefore the most easily and regularly attacked. Testing for weaknesses External pentests look for ways to compromise these external, accessible systems and services to access sensitive information and see how an attacker could target your clients, customers or users.  In a high-quality external pentest, the security professional(s) will copy the activities of real hackers, like ex

The Hacker News

November 01, 2022

Using Regex to Implement Passphrases in Your Active Directory Full Text

Abstract Passphrases provide a superior type of password for authentication as they allow you to create strong passwords you can remember. Furthermore, you can use regex (regular expression) to effectively help develop solid passphrases and ensure these do not contain weak elements. Let's see how.

BleepingComputer

October 31, 2022

Tips for Choosing a Pentesting Company Full Text

Abstract In today's world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider? The sheer number of providers can be daunting, and finding one which can deliver a high-quality test at a reasonable price is not easy. How do you know if they're any good? What level of security expertise was included in the report? Is your application secure, or did the supplier simply not find the weaknesses? There are no easy answers, but you can make it easier by asking the right questions up front. The most important considerations fall into three categories: certifications, experience, and price. Certifications Certifications are the best place to start, as they provide a quick shortcut for building trust. There's no shortage of professional certifications available, but one of t

The Hacker News

October 28, 2022

Cloud Security Made Simple in New Guidebook For Lean Teams Full Text

Abstract Cloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with  serious  side effects.  Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to scale and customize IT at will. The cloud is an asset or upgrade in almost every way. With one glaring exception: cybersecurity.  The cloud promised to make companies more secure and security more straightforward. Yet over the same time period that the cloud took over computing, cyber attacks grew steadily worse while security teams felt increasingly overwhelmed.  Why?  We will explain shortly. For lean security teams, the more important question is how to make cloud security work, especially as the cloud footprint grows (a lot) faster than security resources. Will the cloud always cast a shadow on cybersecurity? Not with the strategy outlined in a free ebook from Cynet called " Th

The Hacker News

October 28, 2022

Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks Full Text

Abstract The increased use of information technology in our everyday life and business has led to cyber-attacks becoming more sophisticated and large-scale. For organizations to thrive in this era of technology, they must develop robust security strategies to detect and mitigate attacks. Defense in depth is a strategy in which companies use multiple layers of security measures to safeguard assets. A well-implemented defense in depth can help organizations prevent and mitigate ongoing attacks.  Defense in depth uses various cutting-edge security tools to safeguard a business's endpoints, data, applications, and networks. The objective is to prevent cyber threats, but a robust defense-in-depth approach also thwarts ongoing attacks and prevents further damage. How organizations can implement defense in depth The image above shows the various layers of security that organizations must implement. Below we describe ideas that companies should consider for each layer. Governance and risk mana

The Hacker News

October 26, 2022

This 9-Course Bundle Can Take Your Cybersecurity Skills to the Next Level Full Text

Abstract If you regularly read The Hacker News, there's a fair chance that you know something about  cybersecurity . It's possible to turn that interest into a six-figure career. But to make the leap, you need to pick up some key skills and professional certifications. Featuring nine in-depth courses,  The 2022 Masters in Cyber Security Certification Bundle  helps you get ready for the next step. And in a special reader offer, you can get lifetime access for only $39.99. Special Offer —  This bundle contains nine courses with a total value of $1,800. But for a limited time, you can  get lifetime on-demand access for only $39.99 . That is a massive 97% off MSRP! From penetration testing to  threat analysis , there are thousands of vacant roles in the cybersecurity industry right now. What's more, this trend is set to continue, with experts predicting a  12% growth  within the industry in the remainder of this decade. The really exciting part is that anyone can land a highly paid job within

The Hacker News

October 26, 2022

Outpost24: How Pentesting-as-a-Service finds vulnerabilities before they’re exploited Full Text

Abstract Organizations need to continuously monitor their entire surface infrastructure to adequately reduce application risk. This is where Outpost24's Pentesting-as-a-Service (PTaaS) software comes in.

BleepingComputer

October 25, 2022

How the Software Supply Chain Security is Threatened by Hackers Full Text

Abstract Introduction In many ways, the software supply chain is similar to that of manufactured goods, which we all know has been largely impacted by a global pandemic and shortages of raw materials.  However, in the IT world, it is not shortages or pandemics that have been the main obstacles to overcome in recent years, but rather attacks aimed at using them to harm hundreds or even thousands of victims simultaneously. If you've heard of a cyber attack between 2020 and today, it's likely that the software supply chain played a role.  When we talk about an attack on the software supply chain, we are actually referring to two successive attacks: one that targets a supplier, and one that targets one or more downstream users in the chain, using the first as a vehicle. In this article, we will dive into the mechanisms and risks of the software supply chain by looking at a typical vulnerability of the modern development cycle: the presence of personal identifying information, or "

The Hacker News

October 25, 2022

How the “pizza123” password could take down an organization Full Text

Abstract The breach, the bitter taste of pizza123, and the plight of malicious push notifications demand caution when selecting and managing passwords.

BleepingComputer

October 24, 2022

Download eBook: Top virtual CISOs share 7 tips for vCISO service providers Full Text

Abstract Virtual Chief Information Security Officer (vCISO) services (also known as 'Fractional CISO' or 'CISO-as-a-Service') are growing in popularity, especially as growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. But vCISO services are labor intensive, require highly skilled experts, and are difficult to scale. So, how exactly do successful vCISO providers overcome these obstacles? When you want advice on how to overcome challenges, scale and expand, who better to go to than the people who have been there, seen it, and done it with success? In a new eBook, titled ' Top virtual CISOs share: 7 tips on how vCISO service providers can maximize services, increase revenues, and improve margins " ( Download here ), vCISO platform provider Cynomi interviewed some of America's top vCISO service providers (MS

The Hacker News

October 20, 2022

Not All Sandboxes Are for Children: How to Secure Your SaaS Sandbox Full Text

Abstract When creating a Sandbox, the mindset tends to be that the Sandbox is considered a place to play around, test things, and there will be no effect on the production or operational system. Therefore, people don't actively think they need to worry about its security. This mindset is not only wrong, but extremely dangerous.  When it comes to software developers, their version of sandbox is similar to a child's playground — a place to build and test without breaking any flows in production. Meanwhile, in the world of cybersecurity, the term 'sandbox' is used to describe a virtual environment or machine used to run suspicious code and other elements.  Many organizations use a Sandbox for their SaaS apps — to test changes without disrupting the production SaaS app or even to connect new apps (much like a software developer's Sandbox). This common practice often leads to a false sense of security and in turn a lack of thought for its security implications. This article wi

The Hacker News

October 19, 2022

A Quick Guide for Small Cybersecurity Teams Looking to Invest in Cyber Insurance Full Text

Abstract In the world of insurance providers and policies, cyber insurance is a fairly new field. And many security teams are trying to wrap their heads around it.  What is it and do they need it? And with what time will they spend researching how to integrate cyber insurance into their strategy?  For small security teams, this is particularly challenging as they contend with limited resources. Luckily, there's a  new eBook  dedicated to helping small security teams better understand cyber insurance policies and how they may impact an organization's cybersecurity measures. Background In 1997, the "Internet Security Liability" (ISL) insurance policy was launched at the International Risk Insurance Management Society's convention in Honolulu. Underwritten by AIG, ISL insurance was designed to protect ecommerce retailers like Amazon that were collecting sensitive customer data and storing it on internal networks. It is credited as one of the very first cyber insurance policies to be made ava

The Hacker News

October 13, 2022

What the Uber Hack can teach us about navigating IT Security Full Text

Abstract The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security.

BleepingComputer

October 01, 2022

Pay What You Want for This Collection of White Hat Hacking Courses Full Text

Abstract Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into  white hat hacking . That said, picking up the necessary knowledge to build a  new career  can seem like a daunting task. There is a lot to learn, after all. To help you get started, The Hacker News Deals is currently running an eye-catching offer:  pay what you want  for one video course, and get another eight courses if you beat the average price paid.  Special Offer  — For a limited time, name your price for one cybersecurity course and beat the average price paid to  get lifetime access to nine courses . The full bundle is worth $1,668! With thousands of unfilled positions, white hat hacking is a lucrative and exciting career path. This bundle provides a solid introduction to the world of penetration testing and general cybersecurity, with over 65 hours of intensive training. Through concise video tutorials, you learn how to secure your own machine with Kali Linux and

The Hacker News

September 29, 2022

Five Steps to Mitigate the Risk of Credential Exposure Full Text

Abstract Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft.  While CISOs are aware of growing identity threats and have multiple tools in their arsenal to help reduce the potential risk, the reality is that existing methodologies have proven largely ineffective. According to the  2022 Verizon Data Breach Investigations Report , over 60% of breaches involve compromised credentials.  Attackers use techniques such as social engineering, brute force, and purchasing leaked credentials on the dark web to compromise legitimate identities and gain unauthorized access to victim organizations' systems and resources.  Adversaries often leverage the fact that some passwords are shared among different users, making it easier to breach multiple accounts in the same organization. Some emp

The Hacker News

September 29, 2022

How to protect your Mac against ransomware and other cyberthreats Full Text

Abstract A popular myth says that "Mac's don't get viruses," but that's never quite been true — and today's Mac users face more cyberthreats than ever before. If you've got a friend or family member who thinks they don't have to worry at all about cybersecurity, pass along this article.

BleepingComputer

September 27, 2022

Can You Hack It? Find Out In Our Lawfare Class Full Text

Abstract We're bringing hacking and cybersecurity education to a remote cohort of Lawfare's material supporters and challenging them to become hackers themselves. There's still time to join us.

Lawfare

September 26, 2022

5 Network Security Threats And How To Protect Yourself Full Text

Abstract Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones. While traditionally, these would all live on one "corporate network," - networks today are often just made up of the devices themselves, and how they're connected: across the internet, sometimes via VPNs, to the homes and cafes people work from, to the cloud and data centres where services live. So what threats does this modern network face? Let's look at them in more detail. #1 Misconfiguration According to recent research by  Verizon , misconfiguration errors and misuse now make up 14% of breaches. Misconfiguration errors occur when configuring a system or application so that it&

The Hacker News

September 19, 2022

Microsoft Teams’ GIFShell Attack: What Is It and How You Can Protect Yourself from It Full Text

Abstract Organizations and security teams work to protect themselves from any vulnerability, and often don't realize that risk is also brought on by configurations in their SaaS apps that have not been hardened. The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been correctly set. This article takes a look at what the method entails and the steps needed to combat it.  The GifShell Attack Method Discovered by Bobby Rauch , the GIFShell attack technique enables bad actors to exploit several Microsoft Teams features to act as a C&C for malware, and exfiltrate data using GIFs without being detected by EDR and other network monitoring tools. This attack method requires a device or user that is already compromised.  Learn how an SSPM can assess, monitor and remediate SaaS misconfigurations and Device-to-SaaS user risk . The main component of this a

The Hacker News

September 14, 2022

How to Do Malware Analysis? Full Text

Abstract Based on the findings of Malwarebytes' Threat Review for 2022, 40 million Windows business computers' threats were detected in 2021. In order to combat and avoid these kinds of attacks, malware analysis is essential. In this article, we will break down the goal of malicious programs' investigation and how to do malware analysis with a sandbox. What is malware analysis?  Malware analysis is a process of studying a malicious sample. During the study, a researcher's goal is to understand a malicious program's type, functions, code, and potential dangers. Receive the information organization needs to respond to the intrusion. Results of analysis that you get: how malware works: if you investigate the code of the program and its algorithm, you will be able to stop it from infecting the whole system. characteristics of the program: improve detection by using data on malware like its family, type, version, etc. what is the goal of malware: trigger the sample's

The Hacker News

September 13, 2022

How GRC protects the value of organizations — A simple guide to data quality and integrity Full Text

Abstract Contemporary organizations understand the importance of data and its impact on improving interactions with customers, offering quality products or services, and building loyalty. Data is fundamental to business success. It allows companies to make the right decisions at the right time and deliver the high-quality, personalized products and services that customers expect. There is a challenge, though. Businesses are collecting more data than ever before, and new technologies have accelerated this process dramatically. As a result, organizations have significant volumes of data, making it hard to manage, protect, and get value from it. Here is where Governance, Risk, and Compliance (GRC) comes in. GRC enables companies to define and implement the best practices, procedures, and governance to ensure the data is clean, safe, and reliable across the board.  More importantly,  organizations can use GRC platforms like StandardFusion  to create an organizational culture around security.

The Hacker News

September 12, 2022

Why Vulnerability Scanning is Critical for SOC 2 Full Text

Abstract SOC 2 may be a voluntary standard, but for today's security-conscious business, it's a minimal requirement when considering a SaaS provider. Compliance can be a long and complicated process, but a scanner like  Intruder  makes it easy to tick the vulnerability management box. Security is critical for all organisations, including those that outsource key business operations to third parties like SaaS vendors and cloud providers. Rightfully so, since mishandled data – especially by application and network security providers – can leave organisations vulnerable to attacks, such as data theft, extortion and malware. But how secure are the third parties you've entrusted with your data? SOC 2 is a framework that ensures these service providers securely manage data to protect their customers and clients. For security-conscious businesses – and security should be a priority for every business today – SOC 2 is now a minimal requirement when considering a SaaS provider. What SOC

The Hacker News

September 12, 2022

Five ways your data may be at risk — and what to do about it Full Text

Abstract We store vast amounts of data — financial records, photos/videos, family schedules, freelance projects and more — on our personal computers and smartphones. Let's take a look at some of the most common threats to your data, and how you can step up your protection today.

BleepingComputer

September 07, 2022

4 Key Takeaways from “XDR is the Perfect Solution for SMEs” webinar Full Text

Abstract Cyberattacks on large organizations dominate news headlines. So, you may be surprised to learn that small and medium enterprises (SMEs) are actually  more frequent  targets of cyberattacks. Many SMEs understand this risk firsthand.  In a recent  survey , 58% of CISOs of SMEs said that their risk of attack was higher compared to enterprises. Yet, they don't have the same resources as enterprises – making it nearly impossible to protect their organizations from widespread and increasingly more sophisticated attacks that don't discriminate based on company size. What's their solution? Extended detection and response (XDR).  During a recent webinar, Cynet's Director of Product Strategy, George Tubin ,  and guest speaker Senior Analyst at Forrester,Allie Mellen, discussed the most serious cybersecurity challenges for SMEs and how they can benefit from XDR platforms.  Here are the four key takeaways from the  conversation .  The Biggest Cybersecurity Challenges for SME

The Hacker News

September 05, 2022

What Is Your Security Team Profile? Prevention, Detection, or Risk Management Full Text

Abstract Not all security teams are born equal. Each organization has a different objective. In cybersecurity, adopting a proactive approach is not just a buzzword. It actually is what makes the difference between staying behind attackers and getting ahead of them. And the solutions to do that do exist! Most attacks succeed by taking advantage of common failures in their target's systems. Whether new or not, known, unknown, or even unknown, attacks leverage security gaps such as  unpatched or uncharted vulnerabilities, misconfigurations, out-of-date systems, expired certificates, human errors, etc. As attackers rely on a range of automated offensive testing tools to scan their targets' attack surfaces and propagate inside their network, a purely reactive defensive stance based on detection and response is increasingly likely to be overwhelmed by an attack. The logical tactical move is to emulate attackers' TTPs and behaviors beforehand by integrating attack simulation tools to

The Hacker News

September 1, 2022

Security Culture: An OT Survival Story Full Text

Abstract A risk-based approach will help IT and OT professionals by standardizing key metrics like life, health, safety, not to mention the impact on production capacity and efficiency.

Dark Reading

August 31, 2022

A Lawfare Hacking and Cybersecurity Course Full Text

Abstract On Tuesday evenings starting on Sept. 20, you can take a live hacking class on Lawfare. Join us!

Lawfare

August 31, 2022

Lawfare Hacking and Cybersecurity Course: Instructions and Materials Full Text

Abstract The class will make use of Virtual Machines and VirtualBox. Please see this page for instructions and required files.

Lawfare

August 31, 2022

Interested in Reducing Your Risk Profile? Jamf Has a Solution for That Full Text

Abstract The threat landscape has changed dramatically over the past decade. While cybercriminals continue to look for new ways to gain access to networks and steal sensitive information, the mobile attack surface is also expanding. Mobile devices are not only becoming more powerful but also more vulnerable to cyberattacks, making mobile security an increasingly important concern for enterprises. This means that anyone accessing the Internet via their cell phone or logging into their home or work network at any time is putting both their own personal data and that of their company at risk. No matter how big or small your business is, you should always take steps to ensure the security of your employees and customers. Recent global attacks have shown us just how vulnerable businesses are to cyberattacks. There are several ways hackers can attack mobile devices. To protect their data, businesses should take a comprehensive approach that addresses both internal and external threats. Jamf Thr

The Hacker News

August 24, 2022

Guide: How Service Providers can Deliver vCISO Services at Scale Full Text

Abstract From ransomware to breaches, from noncompliance penalties to reputational damage – cyberthreats pose an existential risk to any business. But for SMEs and SMBs, the danger is compounded. These companies realize they  need  an in-house Chief Information Security Officer (CISO) – someone who can assess risks and vulnerabilities, create and execute a comprehensive cybersecurity plan, ensure compliance and safeguard business continuity. Yet unlike large enterprises, most don't have the budget to bring a full-time experienced CISO on board. To bridge this gap, managed service providers (MSPs), managed security service providers (MSSPs), and consulting firms offer virtual CISO (vCISO), or 'CISO-as-a-service' services. The model is simple: instead of hiring a full-time CISO, SMEs and SMBs pay a subscription or a retainer to gain access to expert cyber assistance in the form of a virtual CISO. Staffed by seasoned veteran executives, vCISOs offer C-level assistance in devising and

The Hacker News

August 23, 2022

The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware Full Text

Abstract Ransomware is the de facto threat organizations have faced over the past few years. Threat actors were making easy money by exploiting the high valuation of cryptocurrencies and their victims' lack of adequate preparation.  Think about bad security policies, untested backups, patch management practices not up-to-par, and so forth. It resulted in easy growth for ransomware extortion, a crime that multiple threat actors around the world perpetrate.  Something's changed, though. Crypto valuations have dropped, reducing the monetary appeal of ransomware attacks due to organizations mounting a formidable defense against ransomware. Threat actors have been searching for another opportunity – and found one. It's called data exfiltration, or exfil, a type of espionage causing headaches at organizations worldwide. Let's take a look. The threat to reveal confidential information Information exfiltration is rapidly becoming more prevalent. Earlier this year, incidents at Nvi

The Hacker News

August 23, 2022

Defending against the new ransomware landscape Full Text

Abstract The endless list of stolen credentials available online means that without basic defenses like multifactor authentication (MFA), organizations are at a disadvantage in combating ransomware’s infiltration routes before the malware deployment stage.

Microsoft

August 21, 2022

An encrypted ZIP file can have two correct passwords — here’s why Full Text

Abstract Password-protected ZIP archives are common means of compressing and sharing sets of files—from sensitive documents to malware samples to even malware (phishing "invoices" in emails). But, did you know it is possible for an encrypted ZIP file to have two correct passwords, with both producing the same outcome on extraction?

BleepingComputer

August 20, 2022

Become a Cybersecurity Expert with 18 New Online Courses @ 98% OFF Full Text

Abstract With more data stored in the cloud than ever before, now is a good time to  get into cybersecurity . Many top corporations are looking for new talent, and even junior professionals can earn $80,000 or more. The only barrier to entry is education. How do you learn about security protocols and white hat hacking? Enter the  All-In-One 2022 Super-Sized Ethical Hacking Bundle . This collection of 18 courses provides the perfect launchpad for your new career, and readers of The Hacker News can currently grab it at a massive discount. Reader Offer —  This collection of 18 courses is worth $3,284. But for a limited time, you can get lifetime access to all the training  for only $42.99 ! Knowledge is everything in the world of cybersecurity. The more skills you acquire, the more doors will open within the industry.  This bundle helps you fill your résumé, with 1,686 individual tutorials covering a wide range of topics. You don't need any technical background in order to take the course

The Hacker News

August 18, 2022

Penetration Testing or Vulnerability Scanning? What’s the Difference? Full Text

Abstract Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Both look for weaknesses in your IT infrastructure by exploring your systems in the same way an actual hacker would. However, there is a very important distinction between the two - and when each is the better option. Manual or automated? Penetration testing is a  manual  security assessment where cyber security professional attempts to find a way to break into your systems. It's a hands-on, in-depth test to evaluate security controls across a variety of systems, including web application, network and cloud environments. This kind of testing could take several weeks to complete, and due to its complexity and cost, is commonly carried out once a year. Vulnerability scanning,

The Hacker News

August 17, 2022

Lean Security 101: 3 Tips for Building Your Framework Full Text

Abstract Cobalt, Lazarus, MageCart, Evil, Revil — cybercrime syndicates spring up so fast it's hard to keep track. Until…they infiltrate  your  system. But you know what's even more overwhelming than rampant cybercrime? Building your organization's security framework.  CIS, NIST, PCI DSS, HIPAA, HITrust, and the list goes on. Even if you had the resources to implement every relevant industry standard and control to a tee, you still couldn't keep your company from getting caught up in the next SolarWinds. Because textbook security and check-the-box compliance won't cut it. You've got to be strategic ( especially when manpower is limited! ). And lean. Learn the ropes now.  3 Pro Tips for Building Your Lean Security Framework Without a framework in place, you're either navigating the cyber-risk universe with blinders on — or buried so deep in false positives you couldn't spot a complex attack until it's already laterally advancing. But why build your secu

The Hacker News

August 17, 2022

Top Five Patch Management & Process Best Practices Full Text

Abstract What does a successful patch management strategy look like? It starts with a risk-based approach to stay up-to-date with new vulnerabilities while preventing bottlenecks in security workflows.

Trend Micro

August 11, 2022

What the Zola Hack Can Teach Us About Password Security Full Text

Abstract Password security is only as strong as the password itself. Unfortunately, we are often reminded of the danger of weak, reused, and compromised passwords with major cybersecurity breaches that start with stolen credentials. For example, in May 2022, the popular wedding planning site, Zola, was the victim of a significant cybersecurity breach where hackers used an attack known as  credential stuffing . It resulted in fraudulent activity tied to customer accounts. Let's look at the Zola breach and why it emphasizes the need for organizations to bolster their password security and protect against various types of password attacks. What happened with the Zola attack? Instead of going after Zola's core business-critical infrastructure, hackers went after customer accounts with the May attack. Attackers used an age-old technique called  credential stuffing  to compromise several Zola customer accounts. With access to the compromised accounts, they attempted to purchase gift vouche

The Hacker News

August 9, 2022

Malicious file analysis – Example 01 Full Text

Abstract Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented...

Security Affairs

August 05, 2022

Resolving Availability vs. Security, a Constant Conflict in IT Full Text

Abstract Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn't always easy – though sometimes there is a novel solution that helps. In IT management there is a constant struggle between security and operations teams. Yes, both teams ultimately want to have secure systems that are harder to breach. However, security can come at the expense of availability – and vice versa. In this article, we'll look at the availability vs. security conflict, and a solution that helps to resolve that conflict. Ops team focus on availability… security teams lock down Operations teams will always have stability, and therefore availability, as a top priority. Yes, ops teams will make security a priority too but only as far as it touches on either stability or availability, never as an absolute goal. It plays out in the "five nines" uptime goal that sets an incredibly high

The Hacker News

August 04, 2022

Three Common Mistakes That May Sabotage Your Security Training Full Text

Abstract Phishing incidents are on the rise. A report from IBM shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques. The Need for Security Awareness Training  Although technical solutions protect against phishing threats, no solution is 100% effective . Consequently, companies have no choice but to involve their employees in the fight against hackers. This is where security awareness training comes into play.  Security awareness training gives companies the confidence that their employees will execute the right response when they discover a phishing message in their inbox. As the saying goes, "knowledge is power," but the effectiveness of knowledge depends heavily on how it is delivered. When it comes to phishing attacks, simulations are among the most effective forms of training because the events in training simulations directly mimic how an employee would react in the event of an actu

The Hacker News

August 3, 2022

Busting the Myths of Hardware Based Security Full Text

Abstract Many experts often overlook hardware based security and its vital importance in establishing a secure workspace. When it comes to cybersecurity, everyone likes to talk about software and the dangers that it poses. However, people often overlook hardware-based...

Security Affairs

August 03, 2022

Minimizing the security risks of Single Sign On implementations Full Text

Abstract While the use of Single Sign On resulted in some organizations adopting stronger password policies, it also created additional security risks. Learn what these risks are and how you can make SSO more secure.

BleepingComputer

August 02, 2022

Wolf in sheep’s clothing: how malware tricks users and antivirus Full Text

Abstract One of the primary methods used by malware distributors to infect devices is by deceiving people into downloading and running malicious files, and to achieve this deception, malware authors are using a variety of tricks.

BleepingComputer

August 02, 2022

What is ransomware and how can you defend your business from it? Full Text

Abstract Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat actors typically provide victims with a decryption key or tool to unlock their data or device, though this is not guaranteed. Oliver Pinson-Roxburgh, CEO of  Defense.com , the all-in-one cybersecurity platform, shares knowledge and advice in this article on how ransomware works, how damaging it can be, and how your business can mitigate ransomware attacks from occurring. What does a ransomware attack comprise? There are three key elements to a ransomware attack: Access In order to deploy malware to encrypt files and gain control, cybercriminals need to initially gain access to an organiza

The Hacker News

August 01, 2022

Two Key Ways Development Teams Can Increase Their Security Maturity Full Text

Abstract Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent global research, 67% of developers that were interviewed said they were still shipping code they knew contained vulnerabilities.  Helping your development teams progress to achieve security maturity is possible, and ultimately beneficial. It will help ensure secure software development at every stage of the software development lifecycle. But how can you help your development teams reach security maturity? We dug deep and leveraged insights from over 400 of our customers to identify traits and behaviors that occur when a development team increases its security maturity. Here we share two of them: #1: A deep understanding of your gaps Before creating any maturity program, we first need to u

The Hacker News

July 29, 2022

How to Combat the Biggest Security Risks Posed by Machine Identities Full Text

Abstract The rise of  DevOps culture  in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However,  containerization and the rise of cloud software development  are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity debt, and increasing security risks.  Let's take a look at three of the top security risks which machine identities create – and how you can combat them. Certificate renewal issues Machine identities are secured differently from human ones. While human IDs can be verified with login and password credentials, machine IDs use certificates and keys. A huge issue with these types of credentials is they have expiration dates.  Generally, certificates remain valid for two years, but the rapid pace of technological improvement has reduced some lifespans to 13 months. Given that there are

The Hacker News

July 27, 2022

Adversarial attacks can cause DNS amplification, fool network defense systems, machine learning study finds Full Text

Abstract According to a study by researchers at the Citadel, South Carolina, deep learning models trained for network intrusion detection can be bypassed through adversarial attacks, specially crafted data that fools neural networks to change their behavior.

The Daily Swig

July 27, 2022

Taking the Risk-Based Approach to Vulnerability Patching Full Text

Abstract Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation. Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or multiple reports, especially when many teams are involved in the organization. Even when a process for patching is in place, organizations still struggle to effectively patch vulnerabilities in their assets. This is generally because teams look at the severity of vulnerabilities and tend to apply patches to vulnerabilities in the following severity order: critical > high > medium > low > info. The following sections explain why this approach is flawed and how it can be improved. Why is Patching Difficult? While it is well known that vulnerability patching is extremely important, it

The Hacker News

July 25, 2022

Why Physical Security Maintenance Should Never Be an Afterthought Full Text

Abstract SecuriThings’ CEO Roy Dagan tackles the sometimes overlooked security step of physical security maintenance and breaks down why it is important.

Threatpost

July 18, 2022

Enforcing Password History in Your Windows AD to Curb Password Reuse Full Text

Abstract 65% of end-users openly admit to reusing the same password for one or more (or all!) of their accounts. Password history requirements discourage this behavior by making it more difficult for a user to reuse their old password.

BleepingComputer

July 18, 2022

Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch Full Text

Abstract With global cybercrime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies' biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an (over)abundance of solutions available.  But beware, they may not give you a full and continuous view of your weaknesses if used in isolation. With huge financial gains to be had from each successful breach, hackers do not rest in their hunt for flaws and use a wide range of tools and scanners to help them in their search. Beating these criminals means staying one step ahead and using the most comprehensive and responsive vulnerability detection support you can.  We'll go through each solution and explain how you can maintain your vigilance. Of course, vulnerability management is just one step businesses must take to prevent a breach; there's also proper asset management, employee training,

The Hacker News

July 11, 2022

How to auto block macros in Microsoft Office docs from the internet Full Text

Abstract With Microsoft temporarily rolling back a feature that automatically blocks macros in Microsoft Office files downloaded from the Internet, it is essential to learn how to configure this security setting manually. This article will explain why users should block macros and how you can block them in Microsoft Office.

BleepingComputer

July 11, 2022

Researcher discloses how ‘Dirty dancing’ in OAuth can lead to account hijacking Full Text

Abstract It is possible to perform single-click account hijacking by abusing the OAuth process flow, a security researcher has found. Attackers can abuse OAuth implementations to steal secure access tokens and perform one-click account hijacking.

The Daily Swig

June 25, 2022

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF Full Text

Abstract In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet  NIST standards . Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework — a U.S. government guideline for taking care of data. The NIST Cybersecurity & Risk Management Frameworks Course  helps you understand this topic, with over 21 hours of video instruction. The training is worth a total of $295, but readers of The Hacker News can  get the course today for only $39 . Special Offer  — Normally priced at $295, this Risk Management Framework course is  now only $39 for a limited time , with lifetime access included. That's a massive 86% discount! Designed by the United States Government, the Risk Management Framework provides a complete guide to securing sensitive data. It also ensures that cybersecurity professionals comply with the various laws, directives, executive orders, and re

The Hacker News

June 20, 2022

Do You Have Ransomware Insurance? Look at the Fine Print Full Text

Abstract Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we'll outline why, particularly given the current climate, war exclusion clauses are increasingly rendering ransomware insurance of reduced value – and why your organization should focus on protecting itself instead. What is ransomware insurance In recent years, ransomware insurance has grown as a product field because organizations are trying to buy protection against the catastrophic effects of a successful ransomware attack. Why try to buy insurance? Well, a single, successful attack can just about wipe out a large organization, or lead to crippling costs –  NotPetya alone led to a total of $10bn in damages .  Ransomware attacks

The Hacker News

June 17, 2022

Learn Cybersecurity with Palo Alto Networks Through this PCCSA Course @ 93% OFF Full Text

Abstract In the world of cybersecurity, reputation is everything. Most business owners have little understanding of the technical side, so they have to rely on credibility. Founded back in 2005, Palo Alto Networks is a cybersecurity giant that has earned the trust of the business community thanks to its impressive track record. The company now provides services to over 70,000 organizations in 150 countries. The  Palo Alto Networks Cybersecurity Fundamentals (PCCSA)  course helps you gain that same level of credibility, with 27 tutorials working towards official certification. It's normally priced at $295, but readers of The Hacker News can currently  get the training for only $19.99 . Special Offer  — The Palo Alto Networks Cybersecurity Fundamentals (PCCSA) course is worth $295, but you can  grab it today for just $19.99  with lifetime access included. That's 93% off the full price! There are many different certifications you can earn in cybersecurity today. With the backing of a respect

The Hacker News

June 16, 2022

Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning Full Text

Abstract For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in value, each bringing its own strengths to bear. However, with remote working now the norm in most if not all workplaces, it feels a lot more like agent-based scanning is a must, while network-based scanning is an optional extra. This article will go in-depth on the strengths and weaknesses of each approach, but let's wind it back a second for those who aren't sure why they should even do internal scanning in the first place. Why should you perform internal vulnerability scanning? While  external vulnerability scanning  can give a great overview of what you look like to a hacker, the information that can be gleaned without access to your systems can be limited. Some serious vulnerabilities can be discovered at this stage, so it's a must for many organizations, but that's not where hackers stop.  Techniques like phishing, targeted malware,

The Hacker News

June 16, 2022

Revisit Your Password Policies to Retain PCI Compliance Full Text

Abstract Organizations that are subject to the PCI regulations must carefully consider how best to address these new requirements. Some of the requirements are relatively easy to address. Even so, some of the new requirements go beyond what Windows native security mechanisms are capable of. Here is what you need to know.

BleepingComputer

June 14, 2022

API Security Best Practices Full Text

Abstract Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly opening their ecosystem through Application Programming Interfaces (API) by ensuring seamless access to data...

Security Affairs

June 13, 2022

Quick and Simple: BPFDoor Explained Full Text

Abstract BPFDoor isn't new to the  cyberattack  game — in fact, it's gone undetected for years — but PwC researchers discovered the piece of malware in 2021. Subsequently, the cybersecurity community is learning more about the  stealthy nature of malware , how it works, and how it can be prevented. What's BPFDoor? BPFDoor  is a piece of malware associated with China-based threat actor Red Menshen that has hit mostly Linux operating systems. It's undetected by firewalls and goes unnoticed by most detection systems — so unnoticed that it's been a work in progress over the last five years, going through various phases of development and complexity. How Does It Work? BPF stands for Berkley Packet Filters, which is appropriate given that the virus exploits packet filters. BPFDoor uses BPF " sniffers " to see all network traffic and find vulnerabilities. Packet filters are programs that analyze "packets" (files, metadata, network traffic) and permit or dec

The Hacker News

June 08, 2022

Kali Linux team to stream free penetration testing course on Twitch Full Text

Abstract Offensive Security, the creators of Kali Linux, announced today that they would be offering free access to their live-streamed 'Penetration Testing with Kali Linux (PEN-200/PWK)' training course later this month.

BleepingComputer

June 07, 2022

Hacking Scenarios: How Hackers Choose Their Victims Full Text

Abstract Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year.  May 6th, 2022 is a recent example. The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January . Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been responsible for infecting hundreds of servers with malware to gain corporate data or digital damage systems, essentially spreading misery to individuals and hospitals, businesses, government agencies and more all over the world. So, how different is a  ransomware attack  like Conti from the infamous "WannaCry" or "NotPetya"? While other Ransomware variants can spread fast and encrypt files within short time frames, Conti ransomware has demonstrated unmatched speed by which it can access victims' systems. Given the recent spate of data breaches, it is extremely challengin

The Hacker News

May 31, 2022

Learn Raspberry Pi and Arduino with 9 Online Developer Training Courses Full Text

Abstract This is an exciting time for the  Internet of Things . According to Deloitte research, the average U.S. household now has 25 connected devices — and new products are being launched every day. This rush of demand means that many tech companies are looking for developers with IoT knowledge. And even if you don't want to specialize in this field, the  programming skills  are transferable. Featuring nine full-length video courses,  The 2022 Complete Raspberry Pi & Arduino Developer Bundle  provides a really good introduction to this world. The included training is worth a total of $1,800, but readers of The Hacker News can currently pick up the bundle for  only $39.99 .  Special Offer  —  For a limited time, you can get lifetime access to nine courses on Arduino and Raspberry Pi development  for just $39.99 . That's a massive 97% off the total price. Both the Raspberry Pi and the Arduino were specifically designed to help people learn how to code. But both devices have also been us

The Hacker News

May 31, 2022

Aligning Your Password Policy enforcement with NIST Guidelines Full Text

Abstract Although most organizations are not required by law to comply with NIST standards, it is usually in an organization's best interest to follow NIST's cybersecurity standards. This is especially true for NIST's password guidelines.

BleepingComputer

May 27, 2022

The Myths of Ransomware Attacks and How To Mitigate Risk Full Text

Abstract Today's modern companies are built on data, which now resides across countless cloud apps. Therefore  preventing data loss  is essential to your success. This is especially critical for mitigating against rising ransomware attacks — a threat that  57% of security leaders expect to be compromised by within the next year .  As  organizations continue to evolve, in turn so does ransomware . To help you stay ahead, Lookout Chief Strategy Officer, Aaron Cockerill met with Microsoft Chief Security Advisor, Sarah Armstrong-Smith to discuss how  remote work  and the cloud have made it more difficult to spot a ransomware attack, as well as how deploying behavioral-anomaly-based detection can help mitigate ransomware risk.  Access the full interview .  Aaron Cockerill:  I feel like the way modern enterprises operate, which includes a combination of technologies, has allowed the ransomware to thrive. Having experienced this type of attack in my past roles, I know how many CISOs are feeling

The Hacker News

May 25, 2022

How Secrets Lurking in Source Code Lead to Major Breaches Full Text

Abstract If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: "supply chain attack".  A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the 'downstream' applications that use them. In 2021, we have seen a dramatic rise in such attacks: high profile security incidents like the SolarWinds, Kaseya, and  Codecov  data breaches have shaken enterprise's confidence in the security practices of third-party service providers. What does this have to do with secrets, you might ask? In short, a lot. Take the Codecov case (we'll go back to it quickly): it is a textbook example to illustrate how hackers leverage hardcoded credentials to gain initial access into their victims' systems and harvest more secrets down the chain.  Secrets-in-code remains one of the most overlooked vulnerabilities in the application security space, despite being a priority target in hack

The Hacker News

May 25, 2022

Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them Full Text

Abstract Malicious actors can gain unauthorized access to users' online accounts via a new technique called "account pre-hijacking," new research has found. The attack takes aim at the account creation process that's ubiquitous in websites and other online platforms, enabling an adversary to perform a set of actions before an unsuspecting victim creates an account in a target service. The study was led by independent security researcher Avinash Sudhodanan in collaboration with Andrew Paverd of the Microsoft Security Response Center (MSRC). Pre-hijacking banks on the prerequisite that an attacker is already in possession of a unique identifier associated with a victim, such as an email address or phone number, which can be obtained either from the target's social media accounts or credential dumps circulating on the web. The attacks can then play out in five different ways, including the use of the same email address during account creation by both the adversary and t

The Hacker News

May 18, 2022

How to Protect Your Data When Ransomware Strikes Full Text

Abstract Ransomware  is not a new attack vector. In fact, the  first malware of its kind  appeared more than 30 years ago and was distributed via 5.25-inch floppy disks. To pay the ransom, the victim had to mail money to a P.O. Box in Panama. Fast forward to today, affordable ransomware-as-a-service (RaaS) kits are available on the dark web for anyone to purchase and deploy and attackers have an infinite number of channels available to them to infiltrate organizations as a result of reliance on cloud and mobile technologies. Initiating a ransomware attack is all about discretely gaining access. And as employees can now access your data from anywhere, you have lost visibility into how they do so. To safeguard against these attacks, you're not just looking for malware, you need continuous insights into your users, the endpoints they use and the applications and data they access. Lookout , a leader in endpoint-to-cloud security, has published an interactive infographic to help you visualiz

The Hacker News

May 18, 2022

[eBook] Your 90-Day MSSP Plan: How to Improve Margins and Scale-Up Service Delivery Full Text

Abstract To cash in on a thriving market, a managed security service provider (MSSP) must navigate unprecedented competition and complex challenges. The good news is that demand is through the roof. 69% of organizations plan to boost spending on cybersecurity in 2022.  The bad news is that everyone wants a piece of the pie. MSSPs must outshine each other while fending off encroachments by traditional IT vendors and MSPs. As a result, some MSSPs are succumbing to the squeeze of low margins. Others are struggling to scale successfully.  The most successful MSSPs are taking action to improve their current financial position while laying a foundation for long-term growth. A new eBook, " Your 90-Day MSSP Plan: How to Improve Margins and Scale Up Service Delivery ," to help MSSPs understand the current cybersecurity landscape, their current position in it, what you they're well, and where they can improve the most.  This nine-step plan offers a clear path for MSSPs to boost profitab

The Hacker News

May 17, 2022

Best practices for healthcare delivery organizations to manage supply chain cybersecurity risks Full Text

Abstract Drafted by the Health Information Management Working Group, the report provides best practices that healthcare delivery organizations (HDOs) can use to manage the cybersecurity risks associated with their supply chains.

Help Net Security

May 14, 2022

Get Lifetime Access to 2022 Cybersecurity Certification Prep Courses @ 95% Off Full Text

Abstract Ever thought about working full-time in  cybersecurity ? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications. The 2022 Ultimate Advanced CyberSecurity Professional Certification Bundle  helps you collect the full house, with five full-length courses working towards  key exams . The included training has a total value of $1,475. But in a special deal for readers of The Hacker News, the bundle is now available for only $69.  Special Offer  —  You can currently get five top-rated cybersecurity certification courses for only $69, with lifetime access included! Whether you want to be a  penetration tester  or a cybersecurity researcher, technical recruiters want to see proof of your security expertise. NIST is required for government projects. Meanwhile, CISSP, ISACA, and CASP+ can open doors in the private sector. In this bu

The Hacker News

May 13, 2022

How to Fight Foreign Hackers With Civil Litigation Full Text

Abstract Major tech companies have begun to employ Microsoft’s strategy of suing cybercriminals who operate major botnets or engage in massive phishing schemes.

Lawfare

May 12, 2022

Everything We Learned From the LAPSUS$ Attacks Full Text

Abstract In recent months, a cybercriminal gang known as LAPSUS$ has claimed responsibility for a number of high-profile attacks against technology companies, including: T-Mobile (April 23, 2022) Globant  Okta Ubisoft Samsung Nvidia Microsoft Vodafone In addition to these attacks, LAPSUS$ was also able to successfully launch a ransomware attack against the Brazilian Ministry of Health. While high-profile cyber-attacks are certainly nothing new, there are several things that make LAPSUS$ unique. The alleged mastermind of these attacks and several other alleged accomplices were all teenagers. Unlike more traditional ransomware gangs, LAPSUS$ has a very strong social media presence. The gang is best known for data exfiltration. It has stolen source code and other proprietary information and has often leaked this information on the Internet. LAPSUS$ stolen credentials  In the case of Nvidia, for example, the  attackers gained access to hundreds of gigabytes of proprietary data ,

The Hacker News

May 12, 2022

Historic Hotel Stay, Complementary Emotet Exposure included Full Text

Abstract Historic Hotel of America serving up modern malware to their guests. Why securing your inbox with more than just anti-malware engines is needed to prevent cybercrime attacks.

BleepingComputer

May 11, 2022

[White Paper] Social Engineering: What You Need to Know to Stay Resilient Full Text

Abstract Security and IT teams are losing sleep as would-be intruders lay siege to the weakest link in any organization's digital defense: employees. By preying on human emotion, social engineering scams inflict billions of dollars of damage with minimal planning or expertise. Cybercriminals find it easier to manipulate people before resorting to technical "hacking" tactics. Recent research reveals that social engineering is leveraged in 98% of attacks. As the rapid, ongoing acceleration of remote work raises the stakes, security leaders are fighting back with education and awareness. Resources developed by experts, like this new white paper — " Social Engineering: What You Need to Know to Stay Resilient " — identify the most common tactics, track how these types of attacks are evolving, and provide tips to protect organizations and their end-users. These insights not only inform security practitioners of the latest tactics and emerging threats, but help employees unde

The Hacker News

May 9, 2022

‘A tragedy’: Closure of 150-year-old college underscores toll of ransomware attacks Full Text

Abstract A goodbye note posted to the school’s website said that it survived both World Wars, the Spanish flu and the Great Depression, but was unable to handle the combination of the Covid pandemic and a severe ransomware attack in December last year.

NBC News

May 5, 2022

Top Threats your Business Can Prevent on the DNS Level Full Text

Abstract Web-filtering solutions, a must-have for businesses of any size, will protect your corporate network from multiple origins.

Threatpost

May 05, 2022

The Importance of Defining Secure Code Full Text

Abstract The developers who create the software, applications and programs that drive digital business have become the lifeblood of many organizations. Most modern businesses would not be able to (profitably) function, without competitive applications and programs, or without 24-hour access to their websites and other infrastructure. And yet, these very same touchpoints are also often the gateway that hackers and other nefarious users employ in order to steal information, launch attacks and springboard to other criminal activities such as fraud and ransomware.  Successful attacks remain prevalent, even though spending on cybersecurity in most organizations is way up, and even though movements  like DevSecOps  are shifting security towards those developers who are the lifeblood of business today. Developers understand the importance of security, and overwhelmingly want to deploy secure and quality code, but software vulnerabilities continue to be exploited.  Why? For the 2nd year, Secure Co

The Hacker News

May 04, 2022

Using PowerShell to manage password resets in Windows domains Full Text

Abstract With breaches running rampant, it's common to force password resets on your Windows domain. This article shows how admins can use PowerShell to manage password resets and introduce software that makes it even easier.

BleepingComputer

May 2, 2022

How Can One Know When To Trust Hardware and Software? Full Text

Abstract The Lawfare Institute convened a working group of experts to answer that question. The group's report, titled "Creating a Framework for Supply Chain Trust in Hardware and Software" is available now.

Lawfare

April 28, 2022

Everything you need to know to create a Vulnerability Assessment Report Full Text

Abstract You've been asked for a Vulnerability Assessment Report for your organisation and for some of you reading this article, your first thought is likely to be "What is that?" Worry not. This article will answer that very question as well as why you need a Vulnerability Assessment Report and where you can get one from.  As it's likely the request for such a report came from an important source such as the Board, a partner, a client or an auditor, there isn't a moment to waste. So let's drive straight in. What is a Vulnerability Assessment Report and why do you need one? A Vulnerability Assessment Report is simply a document that illustrates how you are managing your organisation's vulnerabilities. It's important because, with tens of thousands of new technology flaws being discovered every year, you need to be able to prove that your organisation does its best to avoid attack if you want to be trusted by partners and customers.  A best security practi

The Hacker News

April 28, 2022

How to Attack Your Own Company’s Service Desk to spot risks Full Text

Abstract Specops Secure Service Desk is an excellent tool for keeping a help desk safe from social engineering attacks. Although Specops Secure Service Desk offers numerous features, there are three capabilities that are especially useful for thwarting social engineering attacks.

BleepingComputer

April 27, 2022

[eBook] Your First 90 Days as MSSP: 10 Steps to Success Full Text

Abstract Bad actors continuously evolve their tactics and are becoming more sophisticated. Within the past couple of years, we've seen supply chain attacks that quickly create widespread damage throughout entire industries. But the attackers aren't just focusing their efforts on supply chains. For example, businesses are becoming increasingly more reliant on SaaS apps and the cloud – creating a new avenue for attackers to steal critical data and assets. The looming threat of ransomware attacks, phishing scams, and destructive BEC campaigns has businesses wondering: do I need to increase my security? As a result, many managed service providers (MSP) are fielding questions about the level of security they can provide for their customers. In this new environment, MSPs are finding they can no longer avoid offering cybersecurity services. Fortunately,  there's an eBook  for MSPs who are expanding into the security space as managed security service providers (MSSP).  It's vital for MSPs to have a

The Hacker News

April 20, 2022

[eBook] The Ultimate Security for Management Presentation Template Full Text

Abstract Are you a CISO, CIO, or IT Director? In your role, you're responsible for breach protection – which means you oversee and govern the process of designing, building, maintaining, and continuously enhancing your organization's security program.  But getting buy-in from leadership can be difficult when they are a non-technical audience. On top of managing your organization's breach protection activity 24/7, you have to find time to figure out how to effectively articulate the risks, potential impacts, and appropriate steps necessary in a way that will convince leadership to invest in the resources required to keep your organization safe. Compounding this is the fact that, while you are focused on things like malware, exploits, and network traffic – your leadership is primarily concerned with operational loss and calculated risk.  How do you bridge the gap and help leadership understand your priorities and your team's business impact? You must identify the security i

The Hacker News

April 20, 2022

Why you shouldn’t automate your VirusTotal uploads Full Text

Abstract While there may be an occasional need to upload a file to VirusTotal, experts suggest not automating this procedure. Rather, only use it when you have no other methods of checking whether an attachment is safe to open.

Malwarebytes Labs

April 19, 2022

Protect Your Executives’ Cybersecurity Amidst Global Cyberwar Full Text

Abstract In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the company’s risk of direct or collateral damage.

Threatpost

April 19, 2022

How to protect your ADFS from password spraying attacks Full Text

Abstract Microsoft recommends a multi-tiered approach for securing your ADFS environment from password attacks. Learn how Specops can fill in the gaps to add further protection against password sprays and other password attacks.

BleepingComputer

April 16, 2022

Get Lifetime Access to This 60-Hour Java Programming Training Bundle @ 97% Discount Full Text

Abstract Java  is a very versatile programming language. From Android apps to Oracle databases, it can be used to power a wide range of software and systems. As with most  technical skills , the best way to learn Java is through building your own projects. But you can definitely speed things up with high-quality training. The Complete 2022 Java Coder Bundle  provides plenty of that — nine full-length video courses, in fact. The training comes from top-rated instructors, and you get plenty of hands-on projects to try. The included training is worth $1,791. But in a special deal for loyal readers of The Hacker News, you can pick up the bundle for just $39.99.  Special Offer — For a limited time, you can get unlimited lifetime access to over 60 hours of Java training for  just $39.99 . That's an unmissable deal! According to Indeed, the average salary for a Java developer in the US is around $115,000 a year. But even if you don't plan on becoming a specialist, learning Java is a smart move. T

The Hacker News

April 14, 2022

The top 10 password attacks and how to stop them Full Text

Abstract To better understand how to protect passwords in your environment from attacks, let's look at the top 10 password attacks and see what your organization can do to prevent them.

BleepingComputer

April 13, 2022

Webinar: How The Right XDR Can Be a Game-Changer for Lean Security Teams Full Text

Abstract Extended detection and response (XDR) is expected to be the future of cybersecurity, merging security technologies with the evolving approach to the way we do cybersecurity. And while many organizations are scrambling to integrate XDR into their cybersecurity strategies – even more are still trying to figure out what XDR really is and if it's even the right solution for their organization.  But there are some organizations that are getting lost in the debate and are wondering if there is a place for them in this new frontier of cybersecurity: organizations with lean security teams and limited resources.  Fortunately, Cynet, a cybersecurity company, is hosting an upcoming webinar in partnership with Enterprise Strategy Group (ESG) that will explore how choosing the right XDR can be impactful for companies lean security teams [ register here ]. During the webinar, Jon Oltsik, Senior Principal Analyst with ESG, and George Tubin, Director of Product Strategy at Cynet, will cover:  Lea

The Hacker News

April 6, 2022

Digital transformation requires security intelligence Full Text

Abstract It’s no surprise that many organizations are struggling with how to best manage their data and secure it, especially when data and systems reside not only in separate siloes, but within different teams, on-premises, and in the cloud.

Help Net Security

April 05, 2022

Battling Cybersecurity Risk: How to Start Somewhere, Right Now Full Text

Abstract Between a series of recent high-profile cybersecurity incidents and the heightened geopolitical tensions, there's rarely been a more dangerous cybersecurity environment. It's a danger that affects every organization – automated attack campaigns don't discriminate between targets. The situation is driven in large part due to a relentless rise in vulnerabilities, with tens of thousands of brand-new vulnerabilities discovered every year. For tech teams that are probably already under-resourced, guarding against this rising tide of threats is an impossible task. Yet, in the battle against cybercrime, some of the most effective and most sensible mitigations are sometimes neglected. In this article, we'll outline why cybersecurity risks have escalated so dramatically – and which easy wins your organization can make for a significant difference in your cybersecurity posture, right now. Recent major cyberattacks point to the danger Cyber security has arguably never been mo

The Hacker News

March 31, 2022

Thinking of a new career? Consider Cybersecurity with these free courses Full Text

Abstract Curiosity and a love of learning are definite advantages in the cybersecurity field, and reading and learning more about the subject is just a few clicks away. The world needs more people out there fighting cybercrime. Perhaps one of them could be you.

BleepingComputer

March 30, 2022

Improve Your Hacking Skills with 9 Python Courses for Just $39 Full Text

Abstract For anyone with interest in  cybersecurity , learning Python is a must. The language is used extensively in white hat hacking, and professionals use  Python  scripts to automate tests. It also has a use in the "soft" side of cybersecurity — like scraping the web for compromised data and detecting bugs.  Featuring nine full-length video courses,  The Complete 2022 Python Programmer Bundle  helps you come to grips with this powerful programming language. The included training is worth $1,791 altogether. But thanks to a special price drop, readers of The Hacker News can  get the bundle today for just $39 . Special Offer — This library of Python video training includes 46 hours of content, and you can get lifetime access today  for just $39 ! When each new year of computer science talent arrives at MIT and Stanford, one of the first languages they learn is Python.  Why? Well, it's relatively easy to read. But just as importantly, it's super versatile and plenty powerful. If you have

The Hacker News

March 29, 2022

What is credential stuffing? And how to prevent it? Full Text

Abstract This post explains what is a credential stuffing attack and which are the countermeasures to prevent them. A credential stuffing attempt can be caught as a behavioral anomaly - if you’re looking. Earmarked by the FBI as a particular threat to the financial...

Security Affairs

March 17, 2022

The Golden Hour of Incident Response Full Text

Abstract As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident. Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and actions planned out is crucial in successfully handling a security incident. This blog will elaborate on some key points to help readers facilitate better incident response procedures. Preparation is essential Before taking on any incidents, security analysts would need to know a great deal of information. To start off, incident response analysts need to familiarize themselves with their roles and responsibilities. IT infrastructure has evolved rapidly over the past years. For example, we observed increasing movement to cloud computing and data storage. The fast-changing IT environment frequently requires analysts to update their skill sets,

The Hacker News

March 10, 2022

Here’s How to Find if WhatsApp Web Code on Your Browser Has Been Hacked Full Text

Abstract Meta Platforms' WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service's web app on desktop computers. Available in the form of a Chrome and Edge  browser extension , the  open-source add-on  is designed to "automatically verif[y] the authenticity of the WhatsApp Web code being served to your browser," Facebook  said  in a statement. The goal with Code Verify is to confirm the integrity of the web application and ensure that it hasn't been tampered with to inject malicious code. The social media company is also planning to release a Firefox plugin to achieve the same level of security across browsers. The system works with Cloudflare acting as a third-party audit to compare the cryptographic hash of WhatsApp Web's JavaScript code that's shared by Meta with that of a locally computed hash of the code running on the browser client. Code Verify is also meant to be flexi

The Hacker News

March 09, 2022

The Incident Response Plan - Preparing for a Rainy Day Full Text

Abstract The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.  Just as it wasn't raining when Noah built the ark, companies must face the fact that they need to prepare - and educate the organization on - a well-thought-out response plan if a successful cyberattack does occur. Obviously, the worst time to plan your response to a cyberattack is when it happens. With so many companies falling victim to cyberattacks, an entire cottage industry of Incident Response (IR) services has arisen. Thousands of IR engagements have helped surface best practices and preparedness guides to help those that have yet to fall victim to a cyberattack.  Recently, cybersecurity company Cynet provided an  Incident Response plan Word template  to help com

The Hacker News

March 07, 2022

Understanding How Hackers Recon Full Text

Abstract Cyber-attacks keep increasing and evolving but, regardless of the degree of complexity used by hackers to gain access, get a foothold, cloak their malware, execute their payload or exfiltrate data, their attack will begin with reconnaissance. They will do their utmost to uncover exposed assets and probe their target's attack surface for gaps that can be used as entry points. So, the first line of defense is to limit the potentially useful information available to a potential attacker as much as possible. As always, the tug of war between operational necessity and security concerns needs to be taken into account, which requires a better understanding of the type of information typically leveraged. What information are hackers looking for during recon? When running recon on an organization, hackers – whether white or black hats - are "casing a joint." To plan their attack, they will try and uncover as much information as possible about: Your infrastructure The types

The Hacker News

March 03, 2022

How to Automate Offboarding to Keep Your Company Safe Full Text

Abstract In the midst of 'The Great Resignation,' the damage from employees (or contractors) leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life.  When employee counts range into the five-figure territory — and entire networks of contractors have to be accounted for as well — it's easy to lose track of who's, literally, coming and going. Oftentimes, there are "offboarding" steps that are forgotten about — disabling or removing the user from Active Directory or IAM is not sufficient as the user may have local credentials on some of the SaaS platforms or other sensitive systems.  Technically speaking, there are ways to automate offboarding using protocols such as SCIM and JIT mapping; however, it requires a high level of maturity in an IT environment and the staff to implement it. For organizations not implementing SC

The Hacker News

March 3, 2022

The Difference Between Human and Machine Identities Full Text

Abstract As digital transformation is advancing and automation is becoming an essential component of modern enterprises, collaboration between humans and machines is crucial. With this level of interaction, a new identity problem is emerging as machines operate...

Security Affairs

March 02, 2022

LIVE Webinar: Key Lessons Learned from Major Cyberattacks in 2021 and What to Expect in 2022 Full Text

Abstract With the COVID-19 pandemic continuing to impact, and perhaps permanently changing, how we work, cybercriminals again leveraged the distraction in new waves of cyberattacks. Over the course of 2021 we saw an increase in multiple attack approaches; some old, some new. Phishing and ransomware continued to grow from previous years, as expected, while new attacks on supply chains and cryptocurrencies captured our attention. We also saw an uptick in critical Windows vulnerabilities, again proving that no matter how many vulnerabilities are found, more will always exist.  As we enter 2022, we are seeing novel attacks originating from the conflict in Ukraine, which will certainly make their way into criminal attacks on worldwide businesses. In an upcoming webinar ( register here ), Cybersecurity company Cynet will provide an in-depth review of the high-profile attacks we saw in 2021 and provide guidance to cybersecurity professionals for 2022. What are the top cyberattacks in 2021 that Cyn

The Hacker News

March 1, 2022

Introducing the Golden GMSA Attack Full Text

Abstract The attack against Group Managed Service Accounts (gMSA) can allow attackers to dump Key Distribution Service (KDS) root key attributes and generate the password for all the associated gMSAs offline.

Security Boulevard

February 24, 2022

Web Filtering and Compliances for Wi-Fi Providers Full Text

Abstract Demand for public Wi-Fi is on the rise. Usually free of charge, but there is a risk of expensive losses. Learn ways to protect yourself from cyber-threats.

Threatpost

February 24, 2022

The Art of Non-boring Cybersec Training–Podcast Full Text

Abstract With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.

Threatpost

February 23, 2022

Why DevOps pipelines are under attack and how to fight back Full Text

Abstract Software developers often have high permission levels and access privileges. If the software being produced is designed for external consumption, the impact of breaches can be dramatically greater.

CSO Online

February 18, 2022

What To Expect With Cyber Surprise Full Text

Abstract The possibilities of surprise in cyberspace are almost limitless.

Lawfare

February 17, 2022

Kill Cloud Risk: Get Everybody to Stop Fighting Over App Security – Podcast Full Text

Abstract When it comes to ensuring safe cloud app rollouts, there’s flat-out animosity between business shareholders. HackerOne’s Alex Rice and GitLab’s Johnathan Hunt share tips on quashing all the squabbling.

Threatpost

February 17, 2022

4 Cloud Data Security Best Practices All Businesses Should Follow Today Full Text

Abstract These days, businesses all around the world have come to depend on cloud platforms for a variety of mission-critical workflows. They keep their CRM data in the cloud. They process their payrolls in the cloud. They even manage their HR processes through the cloud. And all of that means they're trusting the bulk of their privileged business data to those cloud providers, too. And while most major cloud providers do a decent job of keeping data secure, the majority of business users take an upload-it-and-forget-it approach to their data security needs. And that — needless to say — is dangerous. In reality, cloud providers can only protect a business's data if the business does its part by adhering to some cloud security best practices. And fortunately, they're not that complicated. Here are the four most important cloud security best practices businesses should build into their cloud operations right away. Never Skip Selection Due Diligence The first cloud security best p

The Hacker News

February 16, 2022

[Webinar] When More Is Not Better: Solving Alert Overload Full Text

Abstract The increasing volume and sophistication of cyberattacks have naturally led many companies to invest in additional cybersecurity technologies. We know that expanded threat detection capabilities are necessary for protection, but they have also led to several unintended consequences. The "more is not always better" adage fits this situation perfectly. An upcoming webinar by cybersecurity company Cynet ( register here ) sheds light on alert overload, the result of too many alerts. Beyond discussing the stress and strain placed on cybersecurity teams trying to sift through an ongoing barrage of threat alerts, Cynet shows how this situation actually degrades cybersecurity effectiveness. Then Cynet will talk about the way out – something important to almost every company suffering from alert overload. The Real Impact of Alert Overload It's interesting that threat alerts, which are so vital to protection have also become an obstacle. Cynet lays out two key reasons why this has come about

The Hacker News

February 15, 2022

The importance of implementing a zero trust strategy Full Text

Abstract Optiv has published a report based on a recent survey of cybersecurity leaders that highlights the critical importance of implementing zero trust as an effective way to reduce cyber risk.

Help Net Security

February 10, 2022

How Does An IPv6 Proxy Work & How Enterprises Can Get Benefit? Full Text

Abstract IPv6 became imperative after developers discovered that IPv4 had a finite number and addresses. How does an IPv6 Proxy work? Technological advancements have come a long way – from when internet utility was very limited to when internet connection...

Security Affairs

February 9, 2022

3 Tips for Facing the Harsh Truths of Cybersecurity in 2022, Part I Full Text

Abstract Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.

Threatpost

February 09, 2022

Guide: Alert Overload and Handling for Lean IT Security Teams Full Text

Abstract Alarming research reveals the stress and strains the average cybersecurity team experiences on a daily basis. As many as  70% of teams  report feeling emotionally overwhelmed by security alerts. Those alerts come at such high volume, high velocity, and high intensity that they become an extreme source of stress. So extreme, in fact, that people's home lives are negatively affected. Alert overload is bad for those who work in cybersecurity. But it's even worse for everyone who depends on cybersecurity.  This is a gigantic issue in the industry, yet few people even acknowledge it, let alone deal with it. Cynet aims to correct that in this guide ( download here ), starting by shining a light on the cause of the problem and the full extent of its consequences and then offering a few ways lean security teams can pull their analysts out of the ocean of false positives and get them back to shore. It includes tips on how to reduce alerts using automation and shares guidance for organ

The Hacker News

February 07, 2022

How Attack Surface Management Preempts Cyberattacks Full Text

Abstract The wide-ranging adoption of cloud facilities and the subsequent mushrooming of organizations' networks, combined with the recent migration to remote work, had the direct consequence of a massive expansion of organizations' attack surface and led to a growing number of blind spots in connected architectures. The unforeseen  results of this expanded and attack surface  with fragmented monitoring has been a marked increase in the number of successful cyber-attacks, most notoriously, ransomware, but covering a range of other types of attacks as well. The main issues are unmonitored blind spots used by cyber-attackers to breach organizations' infrastructure and escalate their attack or move laterally, seeking valuable information.  The problem lies in discovery. Most organizations have evolved faster than their ability to keep track of all the moving parts involved and to catch up to catalog all past and present assets is often viewed as a complex and resource-heavy task wit

The Hacker News

February 04, 2022

Cynet Log4Shell Webinar: A Thorough - And Clear - Explanation Full Text

Abstract Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. No one knows how long the vulnerability existed before it was discovered. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library widely used to log error messages in applications. Beyond patching, it's helpful and instructive for security practitioners to have a deeper understanding of this most recent critical vulnerability. Fortunately, Cynet Senior Security Researcher Igor Lahav is hosting a webinar [ Register here ] to provide "buzzword free" insights into Log4Shell. Based on a webinar preview provided by Cynet, the discussion will cover the software bugs in Apache Log4j that permitted the critical vulnerability, the exploits used to take advantage of the vulnerabilities and the remediation options available to protect your organization. This webinar will help make sense of the so

The Hacker News

February 2, 2022

Supply-Chain Security Is Not a Problem…It’s a Predicament Full Text

Abstract Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them.

Threatpost

February 1, 2022

Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities Full Text

Abstract LOLBins help attackers become invisible to security platforms. Uptycs provides a rundown of the most commonly abused native utilities for Windows, Linux and macOS – and advice for protection.

Threatpost

January 27, 2022

How to Secure Your SaaS Stack with a SaaS Security Posture Management Solution Full Text

Abstract SaaS Security Posture Management (SSPM) named a must have solution by Gartner. Adaptive Shields SSPM solution allows security teams full visibility and control.

Threatpost

January 26, 2022

New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense Full Text

Abstract Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.

Threatpost

January 26, 2022

Webinar: How to See More, But Respond Less with Enhanced Threat Visibility Full Text

Abstract The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond challenging. This especially rings true for small to medium-sized enterprises with limited security budgets and lean IT security teams. An upcoming webinar ( register here ) tries to help lean security teams understand how to tackle this intractable problem. While adding security solutions to cover blind spots seems logical, the webinar will argue that this just leads to more alarms and more noise. While this approach might be workable for large security teams, smaller teams simply don't have the bandwidth to handle an increase in alerts. Instead, organizations need broad threat visibility to cover the current blind spots, but then needs the ability to combine, rank and filter alarms by importanc

The Hacker News

January 26, 2022

Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox Full Text

Abstract Threat actors use bogus ‘shipping delays’ to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.

Threatpost

January 19, 2022

Cyber Threat Protection — It All Starts with Visibility Full Text

Abstract Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger. This, however, can be a double-edged sword. Too many signals with too little advanced signal processing just leads to a lot of noise. The right, diverse set of signals with highly evolved signal processing leads to survival. It therefore makes sense that broad threat visibility across the IT environment is fundamental for detecting cyberattacks. Cybersecurity company Cynet puts this in perspective in a new eBook,  The Guide for Threat Visibility for Lean IT Security Teams – link to this . The Ongoing Problem of Limited Threat Visibility The complexity of today's IT environments has made it exceedingly difficult to protect. The defensive perimeter has expanded with an expanded remote workforce, incr

The Hacker News

January 15, 2022

Get Lifetime Access to Cybersecurity Certification Prep Courses Full Text

Abstract You can't go far in professional IT without being asked for some key certifications. In particular, most  large companies  today require new hires to be well versed in the fundamentals of cybersecurity. Adding the likes of CISSP, CISM, and CompTIA CASP+ to your résumé can open the door to many opportunities — including six-figure roles. There is just a small matter of some exams to pass. To help you fly through the tests, we have teamed up with iCollege to bring you  The 2022 Ultimate Advanced CyberSec Professional Certification Bundle . This collection of five courses helps you work towards top certifications, with over 147 hours of content from expert instructors. The training would normally set you back a total of $1,475. But thanks to a special deal for readers of The Hacker News, you can get the bundle today for only $69. What's Included: NIST Cybersecurity & Risk Management Frameworks (ISC) CISSP - 2021 ISACA Certified Information Security Manager (CISM) Co

The Hacker News

January 11, 2022

A New Approach to Detect Stealthy Malware on IoT Devices Full Text

Abstract Security experts developed a three-phased approach that leverages electromagnetic field emanations to detect evasive malware on IoT devices including the unseen variants. The electromagnetic emanation calculated from the device is nearly undetectable by the malware. Thus, malware evasion tacti ... Read More

Cyware Alerts - Hacker News

January 11, 2022

Here’s REALLY How to Do Zero-Trust Security Full Text

Abstract It’s not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey.

Threatpost

January 10, 2022

US Cyber Command partners with universities to prepare graduates for military cyber roles Full Text

Abstract US Cyber Command plans to work with these academic institutions in the next nine months in order to prepare an adequate curriculum for the next educational year this fall.

The Record

December 27, 2021

How to avoid “festive fraud” during the holiday season Full Text

Abstract Online fraud peaks during the year-end holidays. Scammers know that consumers, rushing around and looking for bargains, are prone to let their guards down a bit more than usual this time of year.

Help Net Security

December 22, 2021

Understanding the Offense’s Systemwide Advantage in Cyberspace Full Text

Abstract Attackers in cyberspace have had the systemwide advantage for decades. Reversing this requires both a more nuanced understanding of the offense-defense balance and innovations with leverage that works at scale across the internet.

Lawfare

December 16, 2021

The Guide to Automating Security Training for Lean Security Teams Full Text

Abstract Cyber threats used to be less threatening. While nobody wants their customers' credit card numbers stolen in a data breach, or to see a deranged manifesto plastered over their company website, such incidents can almost seem quaint compared to ransomware attacks that bring all of your critical information systems to a dead halt. The frequency of these attacks  increased more than 150% in the U.S. last year, and in 2021 their global cost is expected to reach $20 billion. Effective, comprehensive security training is essential to mitigating these threats, many of which originate with low-profile phishing or malware attacks to get a foot in the door—attacks that can target anyone who works in your organization. A company's employees are the front line of defense against cyberattacks, and canned training videos and short quizzes are rarely sufficient to prepare them for this responsibility. The trouble with good training is that it takes not just expertise but time and other reso

The Hacker News

December 14, 2021

How Extended Security Posture Management Optimizes Your Security Stack Full Text

Abstract As a CISO, one of the most challenging questions to answer is "How well are we protected right now?" Between the acceleration of hackers' offensive capabilities and the dynamic nature of information networks, a drift in the security posture is unavoidable and needs to be continuously compensated. Therefore, answering that question implies continuously validating the security posture and being in a position to check it including, against the latest emerging threats. Yet, the bulk of cybersecurity is focused on defensive tools. The combination of the rapid evolution of technology and the multiplication of technology layers, combined with the professionalization of the threat landscape, has led to a profusion of cybersecurity tools tackling different security aspects. Checking the cybersecurity solution stack efficiency is typically done through pen-testing or, more recently, through red teaming – an exercise aimed to map possible loopholes that would lead to a data breac

The Hacker News

December 10, 2021

Next-Gen Maldocs & How to Solve the Human Vulnerability Full Text

Abstract Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.

Threatpost

December 09, 2021

Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions) Full Text

Abstract It is a time when many are thinking of their families and loved ones, time off work, and gift-giving – the holidays. However, while many have their minds outside the realm of work during the holiday season, often, this is when attackers plan their most sinister attacks.  So how can you take precautions to protect your organization during these times? Why holidays put your company at risk of cyberattack Attackers today do not have a soft spot for businesses and give companies a break at any time of the year, especially not during holidays. On the contrary, any time of the year where companies may be less prepared to fend off a cyberattack is an opportunity for successful compromise. As a result, the holidays put your company at a higher risk of cyberattack.  Most end-users do not think about cybersecurity when surfing the web or receiving emails with holiday deals during the season. As a result, many let their guard down to a certain degree and become preoccupied and distracted m

The Hacker News

December 08, 2021

[eBook] Guide to Achieving 24x7 Threat Monitoring and Response for Lean IT Security Teams Full Text

Abstract If there is one thing the past few years have taught the world, it's that cybercrime never sleeps. For organizations of any size and scope, having around-the-clock protection for their endpoints, networks, and servers is no longer optional, but it's also not entirely feasible for many. Attackers are better than ever at slipping in undetected, and threats are constantly evolving.  Teams can't afford to take a minute off, but they also can't manage the massive security necessary to defend most organizations. A new eBook by XDR provider Cynet ( download here ) breaks down this challenge and offers some solutions for lean security teams looking for ways to improve their detection and response capabilities.  The guide strikes an optimistic tone for lean IT security teams. Though the challenges are expansive – including talent shortages, an ever-expanding threat surface, and rising security tool prices – organizations can still find smart and effective ways to stay protected 24x7. Why 2

The Hacker News

December 6, 2021

How Crowd-Forecasting Might Decrease the Cybersecurity Knowledge Deficit Full Text

Abstract Can we apply the techniques of crowd-forecasting for better cybersecurity?

Lawfare

December 06, 2021

Vulnerability Scanning Frequency Best Practices Full Text

Abstract So you've decided to set up a vulnerability scanning programme, great. That's one of the best ways to avoid data breaches. How often you should run your scans, though, isn't such a simple question. The answers aren't the same for every type of organization or every type of system you're scanning. This guide will help you understand the questions you should be asking and help you come up with the answers that are right for you. How often should vulnerability scans be run A lot of the advice below depends on what exactly you're scanning. If you're not sure about that yet - check out this comprehensive  vulnerability scanning guide . Once you've decided which systems should be in scope, and what type of scanner you need, you're ready to start scanning. So how often should you ideally be running vulnerability scans? Here are five strategies to consider, and we'll discuss in which scenarios they work best: Change-based Hygiene-based Complian

The Hacker News

December 3, 2021

Cybersecurity for Idiots Full Text

Abstract One of cybersecurity’s major challenges is cyberstupidity, and regulators struggle to keep pace with rapidly changing technologies. Adopting a cybersecurity approach conceptually modeled on tort’s negligence per se doctrine, regulators can reduce widespread failures.

Lawfare

December 02, 2021

Let there be light: Ensuring visibility across the entire API lifecycle Full Text

Abstract The following article is based on a  webinar series on enterprise API security by Imvision , featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization's visibility of its APIs as a way to accelerate remediation efforts and improve the overall security posture. Centralizing security is challenging in today's open ecosystem When approaching API visibility, the first thing we have to recognize is that today's enterprises actively avoid managing all their APIs through one system. According to IBM's Tony Curcio, Director of Integration Engineering, many of his enterprise customers already work with hybrid architectures that leverage classic on-premise infrastructure while adopting SaaS and IaaS across various cloud vendors.  These architectures aim to increase resilience and flexibility, but are well aware that it complicates centralization efforts' to: 'These architectures aim to increase resilie

The Hacker News

December 1, 2021

Understanding the Adversary: How Ransomware Attacks Happen Full Text

Abstract The most common access vectors for ransomware attacks continue to be phishing, vulnerability exploitation including Exploitation of a Public-Facing Application, and External Remote Services.

Security Intelligence

November 30, 2021

How Decryption of Network Traffic Can Improve Security Full Text

Abstract Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.

Threatpost

November 29, 2021

Addressing the cybersecurity skills gap with higher education Full Text

Abstract A recent report by the ENISA takes a look into data gathered by the Cybersecurity Higher Education Database, CyberHEAD, in order to make a prediction on the future trends.

Help Net Security

November 25, 2021

If You’re Not Using Antivirus Software, You’re Not Paying Attention Full Text

Abstract Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy.  Need help picking out antivirus software? Well, we've got you covered. Below you can find our picks for the best antivirus products of 2021. But before we get to that, let's set a few things straight so we're all on the same page.  When we talk about antivirus products, we're really talking about anti- malware  products. Malware is a catchall term that refers to any malicious program created to damage, disrupt, or take charge of a computer. Types of malware include not only viruses but spyware, trojan horses, ransomware, adware, and scareware. Any good antivirus product in 2021 must be ab

The Hacker News

November 24, 2021

Securing open-source code supply chains may help prevent the next big cyberattack Full Text

Abstract Open-source components have become an essential part of development for obvious reasons. Open-source components exist in all types of software today – even proprietary software.

Help Net Security

November 24, 2021

Black Friday 2021 deal: 20% off Zero2Automated malware analysis courses Full Text

Abstract The popular Zero2Automated malware analysis and reverse-engineering course is having another Black Friday and Cyber Monday promotion this year, where you can get 20% off all courses on their site.

BleepingComputer

November 23, 2021

How to Defend Against Mobile App Impersonation Full Text

Abstract Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this.

Threatpost

November 23, 2021

What Avengers Movies Can Teach Us About Cybersecurity Full Text

Abstract Marvel has been entertaining us for the last 20 years. We have seen gods, super-soldiers, magicians, and other irradiated heroes fight baddies at galactic scales. The eternal fight of good versus evil. A little bit like in cybersecurity, goods guys fighting cybercriminals. If we choose to go with this fun analogy, is there anything useful we can learn from those movies? World-ending baddies always come with an army When we watch the different Avenger movies, the first thing we realize is that big baddies never fight alone. Think Ultron and his bot army, Thanos or Loki with the Chitauri. They all come with large, generic clone proxy armies that heroes must fight before getting to the final boss. In the same way, serious cyberattacks are planned and delivered by organized and structured groups of cybercriminals such as APT groups with sometimes hundreds of members. In real-life scenarios, attacks are coming from IPs (one or many) that have been stolen, hacked, or bought by the crimin

The Hacker News

November 19, 2021

A Simple 5-Step Framework to Minimize the Risk of a Data Breach Full Text

Abstract Today's businesses run on data. They collect it from customers at every interaction, and they use it to improve efficiency, increase their agility, and provide higher levels of service. But it's becoming painfully obvious that all of that data businesses collect has also made them an enticing target for cybercriminals. With each passing day, the evidence of that grows. In the last few months, we've witnessed massive data breaches that targeted  Neiman Marcus ,  Facebook , and the  Robinhood  stock trading app. And they're hardly alone. In recent years, the number of data breaches worldwide has averaged  close to three per day . That statistic suggests that the average business has a target on its back and is running out of time to mount a defense of its data. And doing so doesn't have to be difficult. To help, here's a simple 5-step framework businesses of all sizes can use to protect their customer data. Step One: Review and Adapt Data Collection Standards

The Hacker News

November 18, 2021

How to Build a Security Awareness Training Program that Yields Measurable Results Full Text

Abstract Organizations have been worrying about cyber security since the advent of the technological age. Today, digital transformation coupled with the rise of remote work has made the need for security awareness all the more critical. Cyber security professionals are continuously thinking about how to prevent cyber security breaches from happening, with employees and contractors often proving to be the most significant risk factor for causing cyber security incidents. Proactive cyber security professionals will find that an effective security awareness training program can significantly reduce their risk of getting exposed to a cyber incident. For a security awareness training program to be successful, it must be measurable and yield positive, actionable results over time.  The following looks at what good security awareness looks like and how vital  phishing simulations and awareness training  is in devising effective  cyber security programs.  The essentials of a cyber security awarene

The Hacker News

November 17, 2021

Managing the Cybersecurity Vulnerabilities of Artificial Intelligence Full Text

Abstract Systems based on artificial intelligence are susceptible to adversarial attack. Vulnerability disclosure and management practices can help address the risk.

Lawfare

November 17, 2021

On-Demand Webinar: Into the Cryptoverse Full Text

Abstract In the span of a few years, cryptocurrencies have gone from laughingstock and novelty to a serious financial instrument, and a major sector in high-tech. The price of Bitcoin and Ethereum has gone from single dollars to thousands, and they're increasingly in the mainstream.  This is undoubtedly a positive development, as it opens new avenues for finance, transactions, tech developments, and more. Unfortunately, no innovation is without its dark side, and the crypto industry is no exception. A new webinar from XDR provider Cynet ( you can see it here ) dives deeper into this dark corner to explore the intersection of cybersecurity and cryptocurrency.  The first question is how, exactly, cryptocurrency creates security vulnerabilities for organizations. There's no single answer, and in many cases, the results are more indirect. This bears closer inspection, and the webinar, led by Cynet  CyOps Analyst  Ronen Ahdut, studies the different ways cryptocurrencies are used by attackers.  I

The Hacker News

November 15, 2021

How to Tackle SaaS Security Misconfigurations Full Text

Abstract Whether it's Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring these apps' security settings are properly configured falls on the security team. The challenge lies within how burdensome this responsibility is — each app has tens or hundreds of security settings to configure, in addition to the continuous need for general or user updates, compounded by many compliance industry standards and frameworks that organizations need to follow. Not to mention the fact that often the SaaS app owner sits outside the outside of the security team in the department that most uses the app (think Sales has CRM app, Marketing has automation app), and they are untrained and not focused on the security upkeep of the app. It all amounts to just how unrealistic it is to expect security teams to be able to stay in control of the organization's SaaS stack.  That's why Gartner n

The Hacker News

November 12, 2021

Top 10 Cybersecurity Best Practices to Combat Ransomware Full Text

Abstract Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile.

Threatpost

November 11, 2021

Operationalizing Threat Intelligence with User-Driven Automation Full Text

Abstract To truly achieve operationalized threat intelligence, an investment must be made in an underlying threat intelligence management platform that will enable an organization to harness the power of threat intelligence and translate that threat intelligence into action.

Threatpost

November 09, 2021

Unique Challenges to Cyber-Security in Healthcare and How to Address Them Full Text

Abstract No business is out of danger of cyberattacks today. However, specific industries are particularly at risk and a favorite of attackers. For years, the healthcare industry has taken the brunt of ransomware attacks, data breaches, and other cyberattacks. Why is the healthcare industry particularly at risk for a cyberattack? What are the unique challenges to cybersecurity in healthcare, and how can healthcare organizations address these? Healthcare at risk Attackers are targeting various industries across the board. However, attackers seem to have a particular affinity for healthcare organizations. For eleven consecutive years, in the  IBM Cost of a Data Breach Report 2021 , healthcare had the highest industry cost of a breach. Additionally, Healthcare data breach costs increased from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase. However, the tremendous cost sustained by healthcare organizations for data breach events is not only due to the

The Hacker News

November 08, 2021

Types of Penetration Testing Full Text

Abstract If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. With that knowledge, you'll be better equipped to define the scope for your project, hire the right expert and, ultimately, achieve your security objectives. What is penetration testing? Penetration testing, commonly referred to as "pen testing," is a technique that simulates real-life attacks on your IT systems to find weaknesses that could be exploited by hackers. Whether to comply with security regulations such as ISO 27001, gain customer and 3rd party trust, or achieve your own peace of mind, penetration testing is an effective method used by modern organizations to strengthen their cyber security posture and prevent data breaches.  Read about the different types of penetration testing to find out which type you can benefit from the most: Network penetration testing As the name suggests, a network penetra

The Hacker News

November 5, 2021

Beyond the Basics: Tips for Building Advanced Ransomware Resiliency Full Text

Abstract Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.

Threatpost

November 4, 2021

3 Guideposts for Building a Better Incident-Response Plan Full Text

Abstract Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.

Threatpost

November 01, 2021

Securing SaaS Apps — CASB vs. SSPM Full Text

Abstract There is often confusion between Cloud Access Security Brokers (CASB) and SaaS Security Posture Management (SSPM) solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critical data. For identifying and classifying sensitive information, like Personally Identifiable Information (PII), Intellectual Property (IP), and business records, CASBs definitely help.  However, as the number of SaaS apps increase, the amount of misconfigurations and possible exposure widens and cannot be mitigated by CASBs. These solutions act as a link between users and cloud service providers and can identify issues across various cloud environments. Where CASBs fall short is that they identify breaches  after  they happen. When it comes to getting full visibility and control over the organization's SaaS apps, an SSPM solution would be the better choice, as the security team can e

The Hacker News

November 1, 2021

Financial services need to prioritize API security to protect their customers Full Text

Abstract In a recent study, 54 of the 55 mobile apps that were reverse engineered contained hardcoded API keys and tokens including usernames and passwords to third-party services.

Help Net Security

October 28, 2021

A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365 Full Text

Abstract Microsoft 365 (M365), formerly called Office 365 (O365), is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and passwords with every request, increasing the risk of attackers capturing users' credentials, particularly if not TLS protected. Basic Authentication, while necessary for companies using legacy software, is unable to enforce MFA and is superseded by Modern Authentication. The legacy settings have been on Microsoft's radar to fix for years. In 2018,  Microsoft announced  it would introduce a series of changes — and ultimately deprecation — to its authentication controls as a means to help organizations mitigate the risk. These changes were set to take place over a number of years, and in September 2021,  they announced  that they will begin to permanently disable Basic Auth in all

The Hacker News

October 28, 2021

Microsoft investing millions in community colleges to strengthen cyber workforce Full Text

Abstract Microsoft on Thursday announced a new campaign to invest millions of dollars and resources in community colleges in an effort to address the massive shortage of American workers to fill cybersecurity positions.

The Hill

October 27, 2021

Ransomware Attacks Are Evolving. Your Security Strategy Should, Too Full Text

Abstract Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti.

Threatpost

October 27, 2021

[eBook] The Guide to Centralized Log Management for Lean IT Security Teams Full Text

Abstract One of the side effects of today's cyber security landscape is the overwhelming volume of data security teams must aggregate and parse. Lean security teams don't have it any easier, and the problem is compounded if they must do it manually. Data and log management are essential for organizations to gain real-time transparency and visibility into security events.  XDR provider Cynet has offered up a new guide ( read it here ) that helps lean organizations understand the importance of centralized log management (CLM). The truth is that even the most well-stocked and staffed teams would have trouble manually handling their log management needs, which is why organizations are increasingly going the automated route.  On top of the efficiency of automation, CLM gives organizations much greater visibility into their environment and security events that impact them. However, the benefits of deploying CLM tools and reducing the level of human intervention in log management and analysis are m

The Hacker News

October 26, 2021

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure Full Text

Abstract Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there’s no guarantee that Azure or AWS are delivering services in a hardened and secure manner.

Threatpost

October 26, 2021

Prepare for 5 cybersecurity certifications with this bundle Full Text

Abstract With The Ultimate 2021 Cyber Security Survival Training Bundle, you get full prep for five top certifications. The included content is worth a total of $495, but you can get it today for only $29.99.

BleepingComputer

October 25, 2021

Defending Assets You Don’t Know About, Against Cyberattacks Full Text

Abstract No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.

Threatpost

October 21, 2021

Before and After a Pen Test: Steps to Get Through It Full Text

Abstract An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can also help validate remedial efforts and solutions put in place to overcome previously discovered security vulnerabilities.  Let's look more closely at the pen test. What is included in a penetration test? How are they performed, and by whom? What steps should be taken after a penetration test? What is a penetration test? 1 — Simulated cyberattack A penetration test is, for all practical purposes, a simulated cyberattack on your business. However, it is carried out by the "good guys." An outside resource often conducts a penetration test, whether a third-party security consulting company or another security entity. Securit

The Hacker News

October 19, 2021

A Guide to Doing Cyberintelligence on a Restricted Budget Full Text

Abstract Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.

Threatpost

October 18, 2021

Time to Build Accountability Back into Cybersecurity Full Text

Abstract Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing ‘security champions’ to help small businesses.

Threatpost

October 18, 2021

Why Database Patching Best Practice Just Doesn’t Work and How to Fix It Full Text

Abstract Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions. But anyone who's spent any amount of time maintaining systems will know that patching is often easier said than done. Yes, in some instances, you can just run a command line to install that patch, and that's it. These instances are increasingly rare though – given the complexity of the technology environment, you're more likely faced with a complex process to achieve patching best practice. In this article, we'll outline why database patching matters (yes, databases are vulnerable too!), explain what the problem is with patching databases, and point to a novel solution that takes the pain out of database patching. Watch out – your database services are vulnerable too We know that database services are critical – databases underpin IT operations in countle

The Hacker News

October 17, 2021

Is Your Data Safe? Check Out Some Cybersecurity Master Classes Full Text

Abstract Since cybersecurity is definitely an issue that's here to stay, I've just checked out the recently released first episodes of Cato Networks  Cybersecurity Master Class Series .  According to Cato, the series aims to teach and demonstrate cybersecurity tools and best practices; provide research and real-world case studies on cybersecurity; and bring the voices and opinions of top cybersecurity thought-leaders. Designed for security and IT professionals, C-level managers and security experts, each session contains both theory and hands-on examples about strategic, tactical, and operational issues on a wide range of topics.  The classes are hosted by industry-recognized cybersecurity researcher and keynote speaker, Etay Maor, who is also Senior Director of Security Strategy at Cato. Four out of the planned annual 8-10 episodes are currently available online.  Episode 1 , entitled  How (and Why) to Apply OSINT to Protect your Enterprise  takes an in-depth look at our era of data proli

The Hacker News

October 14, 2021

The Ultimate SaaS Security Posture Management (SSPM) Checklist Full Text

Abstract Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management (SSPM) category for solutions that continuously assess security risk and manage the SaaS applications' security posture. With enterprises having 1,000 or more employees relying on dozens to hundreds of apps, the need for deep visibility and remediation for SaaS security settings is only getting more critical.  The top pain points for SaaS security stem from: Lack of control  over the growing SaaS app estate Lack of governance in the lifecycle  of SaaS apps: from purchase to deployment, operation and maintenance Lack of visibility  of all the configurations in SaaS app estate Skills gap  in ever-evolving, accelerating, complex cloud security  Laborious and  overwhelming workload  to stay on top of hundreds to thousands (to tens of thousands) of settings and permissions. The capability of governance across the whole SaaS estate is both nuanced and compl

The Hacker News

October 13, 2021

Johns Hopkins to launch degree program in cybersecurity and policy Full Text

Abstract The Johns Hopkins University School of Advanced International Studies on Wednesday announced plans to launch an advanced academic program focused on the intersection of cybersecurity, technology, intelligence and international affairs.

The Hill

October 13, 2021

[eBook] The Guide for Reducing SaaS Applications Risk for Lean IT Security Teams Full Text

Abstract The Software-as-a-service (SaaS) industry has gone from novelty to an integral part of today's business world in just a few years. While the benefits to most organizations are clear – more efficiency, greater productivity, and accessibility – the risks that the SaaS model poses are starting to become visible. It's not an overstatement to say that most companies today run on SaaS. This poses an increasing challenge to their security teams.  A new guide from XDR and SSPM provider Cynet, titled The Guide for Reducing SaaS Applications Risk for Lean IT Security Teams ( download here ), breaks down exactly why SaaS ecosystems are so risky, and how security teams can mitigate those dangers.  Today, the average midsize company uses 185 SaaS apps. What this means is that the number of app-to-person connections has risen exponentially. Most midsize companies have nearly 4,406 touch points, creating an attack surface that requires significant resources to simply monitor. The risk of a digital

The Hacker News

October 11, 2021

Verify End-Users at the Helpdesk to Prevent Social Engineering Cyber Attack Full Text

Abstract Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks. Social engineering is "the art of manipulating people so they give up confidential information," according to  Webroot . There are many different types of social engineering schemes but one is area of vulnerability is how social engineering might be used against a helpdesk technician to steal a user's credentials. The Process of Gaining Access With Social Engineering The first step in such an attack is usually for the attacker to gather information about the organization that they are targeting. The attacker might start by using information that is freely available on the Internet to figure out who within the organization is most likely to have elevated permissions or access to sensitive information. An attacker can often get this information

The Hacker News

October 11, 2021

NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks Full Text

Abstract The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA...

Security Affairs

October 7, 2021

New ASEAN regional cybersecurity training centre opens in Singapore Full Text

Abstract A new ASEAN regional cybersecurity training centre that will see ASEAN member states work together to conduct research, share knowledge and train to respond to cyber threats.

Channel News Asia

October 07, 2021

Penetration Testing Your AWS Environment - A CTO’s Guide Full Text

Abstract So, you've been thinking about getting a Penetration Test done on your Amazon Web Services (AWS) environment. Great! What should that involve exactly?  There are many options available, and knowing what you need will help you make your often limited security budget go as far as possible. Broadly, the key focus areas for most penetration tests involving AWS: Your externally accessible cloud infrastructure Any application(s) you're building or hosting Your internal cloud infrastructure Your AWS configuration itself Secrets management  We'll look at each one, starting with the most important: External Infrastructure The good news here is that, by default, AWS does its best to help you stay secure. For example, the default security groups don't let your EC2 instances receive communication from the outside world unless you actively specify it by adding additional rules. That said, AWS still allows you plenty of rope to hang yourself with if you're not carefu

The Hacker News

October 7, 2021

Cybersecurity best practices lagging, despite people being aware of the risks Full Text

Abstract According to a report by National Cybersecurity Alliance and CybSafe, public response, and implementation of commonly known best practices including strong passwords, MFA and others are tepid at best.

Help Net Security

October 06, 2021

Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck Full Text

Abstract Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident response plans, and security policies. On the other, they must be able to communicate the importance of security and the value of having robust defenses to the C-level.  For CISOs and other security leaders, this latter skill is crucial but often overlooked or not prioritized. A new webinar: " How to ace your Infosec board deck ," looks to shed light on both the importance of being able to communicate clearly with management, and key strategies to do so effectively. The webinar will feature a conversation with vCISO and Cybersecurity Consultant Dr. Eric Cole, as well as Norwest Venture Partners General Partner Dave Zilberman.  More so than just talking about the dollar value of a sec

The Hacker News

October 5, 2021

How to Build an Incident-Response Plan, Before Security Disaster Strikes Full Text

Abstract Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack.

Threatpost

October 04, 2021

The Shortfalls of Mean Time Metrics in Cybersecurity Full Text

Abstract Security teams at mid-sized organizations are constantly faced with the question of "what does success look like?". At ActZero, their continued data-driven approach to cybersecurity invites them to grapple daily with measuring, evaluating, and validating the work they do on behalf of their customers.  Like most, they initially turned toward the standard metrics used in cybersecurity, built around a "Mean Time to X" (MTTX) formula, where X indicates a specific milestone in the attack lifecycle. In this formula, these milestones include factors like Detect, Alert, Respond, Recover, or even Remediate when necessary. However, as they started to operationalize their unique  AI and machine-learning approach , they realized that "speed" measures weren't giving them a holistic view of the story. More importantly, simply measuring just speed wasn't as applicable in an industry where machine-driven alerts and responses were happening in fractions of secon

The Hacker News

October 1, 2021

The Cyber Monoculture Risk Full Text

Abstract Monoculture risk is manageable for most systems, but that isn’t the case for government systems. For these systems, monoculture vulnerability is a national security risk.

Lawfare

September 29, 2021

[eBook] Your First 90 Days as CISO — 9 Steps to Success Full Text

Abstract Chief Information Security Officers (CISOs) are an essential pillar of an organization's defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much to accomplish.  Fortunately. A new guide by XDR provider Cynet ( download here ) looks to give new and veteran CISOs a durable foundation to build a successful security organization. The challenges faced by new CISOs aren't just logistical. They include securing their environment from both known and unknown threats, dealing with stakeholders with unique needs and demands, and interfacing with management to show the value of strong security.  Therefore, having clearly defined steps planned out can help CISOs seize the opportunity for change and implement security capabilities that allow organizations to grow and prosper. Security leaders can also leverage the willingness of orga

The Hacker News

September 28, 202

How to Prevent Account Takeovers in 2021 Full Text

Abstract Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers.

Threatpost

September 27, 2021

5 Steps to Securing Your Network Perimeter Full Text

Abstract Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress.

Threatpost

September 27, 2021

How Does DMARC Prevent Phishing? Full Text

Abstract DMARC  is a global standard for email authentication. It allows senders to verify that the email really comes from whom it claims to come from. This helps curb spam and phishing attacks, which are among the most prevalent cybercrimes of today. Gmail, Yahoo, and many other large email providers have implemented DMARC and praised its benefits in recent years. If your company's domain name is bankofamerica.com, you do not want a cyber attacker to be able to send emails under that domain. This puts your brand reputation at risk and could potentially spread financial malware. The DMARC standard prevents this by checking whether emails are sent from an expected IP address or domain. It specifies how domains can be contacted if there are authentication or migration issues and provides forensic information so senders can monitor email traffic and quarantine suspicious emails. What is a Phishing Attack? Phishing is an attempt by cybercriminals to trick victims into giving away sensitive

The Hacker News

September 24, 2021

Education sector has improving window of exposure despite lower remediation rates and higher than average time to fix: report Full Text

Abstract Adoption of online learning environments due to COVID-19 and higher rates of ransomware and phishing attacks against K-12 schools have increased focus on the unique cybersecurity challenges they face.

ZDNet

September 21, 2021

Emerging from uncertainty, DOD cyber war college looks to navigate the future Full Text

Abstract CIC was established in 1964 as the DoD Computer Institute. In 1981, it was incorporated into NDU located at Fort McNair, Washington, D.C., and reports to the Chairman of the Joint Chiefs of Staff.

The Record

August 30, 2021

Florida Southern College receives $250,000 cybersecurity grant Full Text

Abstract The grant will create a laboratory that includes a virtual cyber range for customized training environments in the soon-to-be-opened Carole and Marcus Weinstein Computer Sciences Center.

The Ledger

August 29, 2021

Get Lifetime Access to 24 Professional Cybersecurity Certification Prep Courses Full Text

Abstract Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers.  Sounds like an exciting career, right?  If the comic-book comparisons aren't working for you, perhaps some figures will. According to ZipRecruiter, the average salary of a cybersecurity professional is just over $100,000 a year. The Complete 2021 CyberSecurity Super Bundle  can help you get started in this niche, with 24 courses working towards top certification exams.  If you went and bought these courses separately, you would pay a total of $7,080.  To bring the price down, The Hacker News has teamed up with iCollege to offer  all the training for just $69.99 . That is 99% off the full value! You don't need a college education to get a job in cybersecurity, but you do need to pass some exams.  This bundle gives you full prep for important tests, including CISSP, and CompTIA Security+, PenTest+, CySA+, and CASP+. Picking up these certifica

The Hacker News

August 25, 2021

SolarWinds and the Holiday Bear Campaign: A Case Study for the Classroom Full Text

Abstract Interested in a detailed-but-accessible case study of the Russian cyberespionage campaign that targeted SolarWinds (among others)? I’ve got you covered.

Lawfare

August 22, 2021

Schools, colleges brace for cyberattacks as students return Full Text

Abstract Hackers are ready to pounce on schools and universities as they attempt to restart classes 18 months into the coronavirus pandemic while already dealing with controversial subjects such as mask mandates and hybrid learning.

The Hill

August 14, 2021

Learn Ethical Hacking From Scratch — 18 Online Courses for Just $43 Full Text

Abstract If you're reading this post, there is a pretty good chance you're interested in hacking. Ever thought about turning it into a career? The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches. It's open to anyone with the right skills. Featuring 18 courses from top-rated instructors,  The All-In-One 2021 Super-Sized Ethical Hacking Bundle  helps you acquire those skills.  If you went on a shopping spree, these courses would normally set you back $3,284 in total.  However, The Hacker News has teamed up with several education partners to offer  the full bundle for just $42.99 . That means you're paying less than $3 per course! Ethical hacking is all about finding the weaknesses in systems before they can be exploited by malicious hackers. Many people who work in this field earn six figures, and top experts often work for themselves. There are two things you need for building a career in ethical hacking: practical know

The Hacker News

July 08, 2021

Security Awareness Training is Broken. Human Risk Management (HRM) is the Fix Full Text

Abstract Humans are an organization's strongest defence against evolving cyber threats, but security awareness training alone often isn't enough to transform user behaviour. In this guide, usecure looks at why Human Risk Management (HRM) is the new fix for building a security-savvy workforce. Don't be fooled... Businesses are investing more than ever into strengthening their employee security awareness efforts, but a big problem still plagues SMBs and enterprises in every sector —  human-related data breaches . Even with more businesses rolling out staff security awareness training programs to combat evolving cyber threats, over 90% of data breaches still stem from human error. So, why are human-related data breaches still so prevalent? Access Now: Security Awareness Training is Broken. HRM is the Fix [Free eBook] → Security awareness training often isn't enough It's easy to think that rolling out some security awareness courses and sending a few email bulletins fro

The Hacker News

July 03, 2021

Learn to Code — Get 2021 Master Bundle of 13 Online Courses @ 99% OFF Full Text

Abstract Whether you are looking to turn into a full-time developer or simply increasing your earnings in your current niche, learning to code can be a smart move. It is a well-known fact that recruiters strive to recruit people with technical skills, and these skills are a great way to build your own startup. Featuring 13 courses,  The Master Learn to Code 2021 Certification Bundle  is a great way to get started. This bundle covers a range of popular programming languages and frameworks — and  it's now only $34.99  at The Hacker News Deals. Every large company today makes decisions based on data, whether it is financial or marketing. Moreover, they are able to predict future trends with  sophisticated algorithms  and build computer programs that automate their daily tasks. With over 119 hours of hands-on training provided in this bundle, you will learn to handle all of these projects. The instructions in these video tutorials will set you up with a thorough understanding of Python, JavaScr

The Hacker News

June 18, 2021

New alliance exposes underserved groups to cyber training, job opportunities Full Text

Abstract Nearly 30 organizations have agreed to make IBM’s skills-building platform available to the vulnerable populations they serve.

SCMagazine

June 16, 2021

Takeaways from the Colonial Pipeline Ransomware Attack Full Text

Abstract The incident showcases basic steps that organizations can take to protect themselves as ransomware gangs get smarter.

Threatpost

June 05, 2021

Break Into Ethical Hacking With 18 Training Courses For Just $42.99 Full Text

Abstract It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications.  The All-In-One 2021 Super-Sized Ethical Hacking Bundle  helps you gain both, with 18 courses covering all aspects of cybersecurity. Normally, you pay $3,284 for this training, but you can get it now for only $42.99 via The Hacker New Deals. The purpose of ethical hacking is to find weaknesses in the system that a malicious hacker may exploit. A certified expert can work either full-time or freelance, earning up to $149,000 a year, according to PayScale. This bundle would be perfect for anyone interested in the field of cybersecurity, offering the opportunity to start off on the right foot. Starting with the fundamentals, the beginner-friendly instruction will take you all the way to high-level te

The Hacker News

June 2, 2021

Cyber certification program for SMBs emphasizes leadership, reducing risk Full Text

Abstract Program will focus on challenges that small businesses have in distilling key cyber risk information “and making it relevant and accessible.”

SCMagazine

May 24, 2021

Cybersecurity Lecturer Wins Lloyd’s Science of Risk Prize Full Text

Abstract University of Plymouth lecturer scoops prize for work on maritime cybersecurity research

Infosecurity Magazine

May 20, 2021

GlobalPlatform expands TEE certification scheme Full Text

Abstract GlobalPlatform has expanded its Trusted Execution Environment (TEE) security certification scheme to enable evaluation of discrete technologies that come together to make up a complete TEE solution.

Help Net Security

May 4, 2021

Choose Your Own Adventure game animates security awareness training Full Text

Abstract Interactive modules educate employees on phishing, social engineering, securely working from home, and more. And it all comes with a dose of nostalgia.

SCMagazine

April 30, 2021

Cyber.org pilot program aims to steer minority students toward HBCU cyber degrees Full Text

Abstract Said T. Lamar Goree, superintendent of Caddo Parish Public Schools, of the program: “This is going to help us change the trajectory of black and brown children, and underserved children, from a socioeconomic perspective.”

SCMagazine

April 21, 2021

New certification program trains cyber pros in cloud, IoT and other emerging tech Full Text

Abstract Training covers the cloud, IoT, AI and blockchain technology, and the cybersecurity implications of each.

SCMagazine

April 17, 2021

What are the different roles within cybersecurity? Full Text

Abstract People talk about the cybersecurity job market like it's a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do. In fact, Cybercrime Magazine came up with a list of  50 cybersecurity job titles , while CyberSN, a recruiting organization, came up with its own list of  45 cybersecurity job categories . Similarly, OnGig.com, a company that helps firms write their job ads, analyzed 150 cybersecurity job titles and came up with its  own top 30 list . This article is based on research I did with Springboard, one of the  first cybersecurity bootcamps with a job guarantee  and 1:1 mentorship. In particular, CyberSeek.org, a joint industry initiative looking at the cybersecurity job market, offers an  interactive list  of not only the various positions within cybersecurity but offers you a career path showing how you can get promoted. The complicated part is that these titles and roles

The Hacker News

April 14, 2021

No more snack attacks? Mondelez hopes new security training will prevent the next ‘NotPetya’ Full Text

Abstract Sure, APT attacks can be destructive and even deadly, but denying the world their Oreo cookies is just plain cruel. Indeed, Nikolay Betov, information security officer at Mondelez, told SC media that the event “changed everything.”

SCMagazine

April 09, 2021

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business Full Text

Abstract For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword. Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure that all its vendors and contractors follow established best cybersecurity practices. For organizations that work along the DoD supply chain, this means adhering to a strict regulatory framework, which can be quite complex. For one, must ensure that cybersecurity processes and practices are aligned with the type and sensitivity of the information that needs to be protected. Even though the model is tiered (from "basic cybersecurity hygiene" to "advanced"), organizations will expend a significant effort to ensure they align with the compliance level appropriate for their contracts. This is why one XDR provider has created a new guide to demonstrate how it helps organizations achieve CMMC compliance ( download the whitepaper here ). T

The Hacker News

April 07, 2021

11 Useful Security Tips for Securing Your AWS Environment Full Text

Abstract Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly. Read on to learn some important AWS security tips. Use Multi-Factor authentication When setting up your AWS security settings or adding new users, you should implement multi-factor authentication (MFA). MFA relies on more than one login factor to grant you access to your account. For example, when you log in to your account, the program might send a code to your mobile phone. Then you must verify that you have that phone and enter the code to access your account. MFA is an excellent way to protect your data if someone figures out your username and password. This way, you can still have a layer of protection against the hacker. Create strong passwords Even with MFA, you should use strong, uni

The Hacker News

April 06, 2021

MITRE Madness: A Guide to Weathering the Upcoming Vendor Positioning Storm Full Text

Abstract April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The ATT&CK test measures cybersecurity platforms' abilities to detect and react to emulated, multistep attacks that can be used as a barometer of platform effectiveness.  This means that every cybersecurity vendor will be tripping over themselves to push out blog posts, webinars, press releases, and more touting how great their services are and how the results validate their products. The result is a storm of spin and PR that is hard to navigate. An upcoming webinar offered by Cynet ( register here ) aims to help industry participants differentiate the spin from the real information when it comes to MITRE ATT&CK results. The Webinar will be led by renowned cybersecurity researcher and Chief Security Strategist for Cynet, Chris Roberts, and Director of Product Marketing for Cynet, George Tubin. The conver

The Hacker News

April 1, 2021

Building a Fortress: 3 Key Strategies for Optimized IT Security Full Text

Abstract Chris Haas, director of information security and research at Automox, discusses how to shore up cybersecurity defenses and what to prioritize.

Threatpost

April 01, 2021

How to Vaccinate Against the Poor Password Policy Pandemic Full Text

Abstract Data breaches remain a constant threat, and no industry or organization is immune from the risks. From  Fortune 500  companies to startups, password-related breaches continue to spread seemingly unchecked. As a result of the volume of data breaches and cybersecurity incidents, hackers now have access to a vast swathe of credentials that they can use to power various password-related attacks. One example of this is credential stuffing attacks, which accounted for  1.5 billion  incidents in the last quarter of 2020—a staggering 90% increase from Q1 2020. The rapid pivot to digital in response to the pandemic has been a key contributor to the explosive growth in cybersecurity attacks. With organizations shifting more services online and investing in new applications that facilitate virtual interactions with employees and customers, this has changed the security landscape and presented an array of new avenues for hackers to exploit. However, in a rush to move everything online from mee

The Hacker News

March 31, 2021

New MITRE ATT&CK certification course could boost framework’s adoption Full Text

Abstract But unusual recertification process must avoid becoming burdensome for busy security professionals.

SCMagazine

March 30, 2021

Dog Helps Kids Stay Safe Online Full Text

Abstract Lacey the dog teaches children about cybersecurity awareness in new book by CISO

Infosecurity Magazine

March 29, 2021

Bumble Launches Online Safety Guide Full Text

Abstract Dating app starts Stand for Safety initiative to protect women from online abuse

Infosecurity Magazine

March 25, 2021

New certificate program teaches cloud auditing in a multi-tenant architecture Full Text

Abstract Certificate fills a gap in the knowledge-based training market, as auditing hosted cloud services differs from traditional IT audit.

SCMagazine

March 22, 2021

Securing the Super Bowl: Lessons in network lockdown during mega events Full Text

Abstract As the world opens up, words of warning: high-profile, short-term events require special preparation and a massive scaling up of network infrastructure and security resources.

SCMagazine

March 18, 2021

‘I vowed I was going to teach people’: NPower’s trauma-informed training nurtures digital talent Full Text

Abstract In Part 2 of a series looking at winners of the inaugural Gula Tech Foundation grant competition, we meet Robert Vaughn, head of the nonprofit’s National Instructors Institute, whose chance meeting with a stranger a gas station led to career transformation.

SCMagazine

March 17, 2021

CompTIA Launches Training Catalogue to Promote “Outstanding” IT Apprenticeships Full Text

Abstract Catalogue aims to facilitate more flexible learning for apprentices

Infosecurity Magazine

March 17, 2021

New UK Cyber Security Council to be official governing body on training and standards Full Text

Abstract The UK government has set up a new independent body, the UK Cyber Security Council, to boost career opportunities and professional standards for the UK’s booming cyber security sector.

Gov.UK

March 13, 2021

CompTIA Security Certification Prep — Lifetime Access for just $30 Full Text

Abstract At long last, top companies are starting to take cybersecurity seriously. As a consequence, technical recruiters are looking for people with hacking skills and certifications to prove it. CompTIA is seen as the gold standard when it comes to cybersecurity exams, with several certifications to choose from. If you would like to scoop them all,  The CompTIA Security Infrastructure Expert Bundle  is worth your attention. This collection of courses offers 111 hours of video tutorials, working towards four certifications: Security+, CySA+, CASP, and PenTest+. The content in this bundle is worth $1,180 — but The Hacker News has partnered with iCollege to bring the price crashing down.  Special Offer  — Right now, you can  get lifetime access to all four courses for just $29.99 . This is the final reduction on this bundle, so you won't get a better price! Whether you want to become a cybersecurity specialist or just build a strong technical résumé, taking CompTIA exams is a smart move.

The Hacker News

March 12, 2021

“Hacker Games” Launched to Encourage Development of Secure Coding Skills Full Text

Abstract Participants will face a series of hands-on challenges

Infosecurity Magazine

March 10, 2021

New research finds ‘record-breaking’ number of K-12 cyber incidents in 2020 Full Text

Abstract A new report released Wednesday found that K-12 schools in the United States experienced a “record-breaking” number of cyber incidents during 2020 as classes moved online and hackers moved in on vulnerable targets in the midst of the COVID-19 pandemic.

The Hill

March 5, 2021

What is the Difference Between Authentication vs Authorization? Full Text

Abstract Authentication and Authorization are two terms that are often used interchangeably in the tech world. However, both these terms are quite different...

Cyber Security News

March 5, 2021

Security starts with architecture Full Text

Abstract The way security groups are typically structured is flawed. There is an invariable disconnect between where and how security policies are framed, security is enforced, and security is audited.

Help Net Security

March 05, 2021

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount Full Text

Abstract As cloud computing continues to grow, Google Cloud is quickly becoming one of the most popular solutions.  However, relatively few engineers know this platform well. This leaves the door open for aspiring IT professionals who take the official exams. The Google Cloud Certifications Practice Tests + Courses Bundle  helps you get certified faster, with 43 hours of video content and over 1,000 practice questions. It covers seven Google exams, providing all the prep you could possibly need. You would normally expect to pay $639 for this training, but 'The Hacker News' has put together an eye-catching deal with Whizlabs Learning Center. Special Offer  —  For a limited time, you can  pick up all the content mentioned above for just $29.99  with this bundle. That means you save over $600 on the full price! As the demand for cloud computing experts grows, salaries are increasing. According to Glassdoor, engineers earn $117,785 a year on average. This bundle helps you join

The Hacker News

February 25, 2021

Educational Adaptation Required to Close the Cyber-Skills Gap Full Text

Abstract Developing cyber-skills has to start from a young age

Infosecurity Magazine

February 25, 2021

Nominet Announces Expansion of Initiative to Educate Online Users on Cybercrime Full Text

Abstract The MHRA, FCE and NCA will join the initiative to direct users to information pages

Infosecurity Magazine

February 22, 2021

How to Fight Business Email Compromise (BEC) with Email Authentication? Full Text

Abstract An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay their focus on MNCs and enterprise-level organizations. SMEs these days are just as much a target to email fraud as the larger industry players. How Can BEC Affect Organizations?  Examples of BEC include sophisticated social engineering attacks like phishing, CEO fraud, fake invoices, and email spoofing, to name a few. It can also be termed an impersonation attack wherein an attacker aims to defraud a company by posing people in authoritarian positions. Impersonating people like the CFO or CEO, a business partner, or anyone you will blindly place your trust in is what drives these attacks' success. February of

The Hacker News

February 18, 2021

Purdue University and MITRE form partnership to advance innovation and workforce development Full Text

Abstract Purdue University and MITRE are combining their expertise and capabilities to form a new public-private partnership focusing on key areas of national safety and security.

Help Net Security

February 18, 2021

How To Know if a Website Is Safe To Use Full Text

Abstract Some aspects of the web are a mystery to many users around the world. Even though we are using our computers daily,...

Cyber Security News

February 17, 2021

#DTX Tech Predictions Mini Summit: How to Build a Strong Cybersecurity Culture Full Text

Abstract Staff behaviors often cause the biggest security issues to orgs

Infosecurity Magazine

February 17, 2021

Org behind .org launches DNS Abuse Institute Full Text

Abstract Public Interest Registry (PIR), the non-profit best known for overseeing the .org top-level domain, launched a centralized resource to help stomp out domain name system (DNS) abuse.

SCMagazine

February 16, 2021

Mitre and Purdue University team up to push big ideas in cyber and tech Full Text

Abstract The partnership will allow the two organizations to share research, expertise and personnel as they explore new technologies and workforce solutions in cybersecurity, autonomous systems, microelectronics, and other areas.

SCMagazine

February 16, 2021

Learn How to Manage and Secure Active Directory Service Accounts Full Text

Abstract There are many different types of accounts in a typical Active Directory environment. These include user accounts, computer accounts, and a particular type of account called a  service account .  A service account is a special type of account that serves a specific purpose for services, and ultimately, applications in the environment. These special-purpose Active Directory accounts are also the subject of cybersecurity risks in the environment. What is a service account? What special privileges does it have on local systems? What cybersecurity risks can relate to service accounts used in the environment? How can IT admins find weak or non-expiring passwords used in Active Directory for service accounts? What is a Windows service? As mentioned at the outset, specific Active Directory accounts serve different purposes in Active Directory Domain Services (ADDS). You can assign Active Directory accounts as service accounts, a special-purpose account that most organizations create and

The Hacker News

February 16, 2021

#DTX Tech Predictions Mini Summit: Focus on Security When Expanding Digital Presence Full Text

Abstract Orgs must ensure they stay secure as they expand the use of digital technologies

Infosecurity Magazine

February 16, 2021

Managed Service Provider? Watch This Video to Learn about Autonomous XDR Full Text

Abstract As managed security service providers, you're always on the lookout for new platforms. One that can generate further business, enables you to scale easily without investing in more human resources and provides that value immediately. In the meanwhile, your clients are constantly demanding more security for a lesser cost. Cynet recently published an 8-min video detailing their platform, the Cynet 360 Autonomous XDR Platform. In their video, Cynet specifically focuses on managed service partners, showing the security and business benefits that the platform provides. The video shows the "partner view" of the system and demonstrates how the platform is used to manage multiple clients. Learn more about the Cynet 360 platform for Managed Service Providers  here . Cynet 360 natively combines several security components to reduce your operational costs. First, an XDR - Extended Detection and Response, which is a consolidated pre-integrated platform of multiple security sol

The Hacker News

February 15, 2021

UK’s Top Cyber Schools Revealed Full Text

Abstract UK’s best schools for cybersecurity instruction win National Cyber Security Centre awards

Infosecurity Magazine

February 12, 2021

Queen’s University Belfast Recognized for Role in Growing Cybersecurity Awareness Full Text

Abstract Uni recognized for cybersecurity education program and work promoting cyber-skills in local community

Infosecurity Magazine

February 11, 2021

New organization helps blind workers find their dream jobs in cybersecurity Full Text

Abstract The National Institute of the Blind’s efforts have primarily been tied to government programs and contracts. But through a new spinoff, the blind and visually impaired can take advantage of workforce development opportunities in the private sector, in such sectors as cybersecurity, banking and energy.

SCMagazine

February 10, 2021

Your security technology is only as strong as your team Full Text

Abstract In a recent CSIS survey, 82% of IT decision-makers said their organizations suffered from a shortage of cybersecurity skills, and 71% said that it had resulted in direct and measurable damage.

Help Net Security

February 9, 2021

Alison Partners with CODERED Full Text

Abstract Free online learning platform announces partnership with cybersecurity course provider

Infosecurity Magazine

February 9, 2021

New Council Will Drive UK’s Cyber-Training and Standards Full Text

Abstract UK Cyber Security Council brings profession in line with medical, legal sectors

Infosecurity Magazine

February 09, 2021

Webinar and eBook: The Dark Side of EDR. Are You Prepared? Full Text

Abstract Endpoint Detection and Response (EDR) platforms have received incredible attention as the platform for security teams. Whether you're evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need to be aware of the gaps prior already to implementation so you can best prepare how to close the gaps. It's important to understand that each company is unique, and an EDR that a large company uses might not necessarily be the technology that works best when you are leading a small security team, even if you're within the same industry vertical. Understanding your threat detection technology requirements based on your unique company characteristics will help you choose the right one.  The eBook and webinar "The Dark Side of EDR. Are You Prepared?" helps you in that requirement definition process. It points out the dark side(s) of EDR and provides guidance as to how to overcome them according to your company'

The Hacker News

February 8, 2021

TechTank: How to Protect Yourself From Cybersecurity Attacks Full Text

Abstract At the end of 2020, reporting revealed the dramatic SolarWinds hack of major American businesses and government agencies. Russia broke into leading institutions and cybersecurity experts still are gauging the scope of the damage.

Lawfare

February 8, 2021

Three ways MITRE ATT&CK can improve your organizational security Full Text

Abstract Built using real-world observations, ATT&CK provides greater depth when describing attacker techniques, enabling red teams to reproduce the behavior of various threat groups.

Help Net Security

February 6, 2021

What is SYN Attack? How the Attack works and How to Prevent the SYN Attack Full Text

Abstract TCP SYN Flood attacks are the most popular ones amongst the DDOS attacks. Here we are going to discuss in detail, the...

Cyber Security News

February 5, 2021

National Cyber League Expands HBCU Scholarship Program Full Text

Abstract Second season of support for financially disadvantaged students at historically black colleges and universities

Infosecurity Magazine

February 5, 2021

IBM Introduces $3 Million in Cybersecurity Grants for Public Schools in United States as Attacks on Education Grow Full Text

Abstract These grants will be awarded to six school districts in the United States to sponsor teams of IBM professionals to help them proactively prepare for and respond to cyberattacks.

Salamanca Press

February 4, 2021

How not to overshare when crafting social media posts, out-of-office messages Full Text

Abstract Out-of-office email messages serve an important business communications function, and a strong social media profile is a great way to network with your peers and brand yourself. So the question becomes: Where do you draw the line? What constitutes TMI?

SCMagazine

February 4, 2021

Why pseudonymisation is important to protect personal data? Full Text

Abstract The ENISA released its report on pseudonymisation for personal data protection, providing a technical analysis of cybersecurity measures in personal data protection and privacy.

Help Net Security

February 4, 2021

Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source Full Text

Abstract The security of open source software has rightfully garnered the industry’s attention, but solutions require consensus about the challenges and cooperation in the execution.

Chrome Releases

February 04, 2021

How to Audit Password Changes in Active Directory Full Text

Abstract Today's admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user is whom they claim to be. This initial layer of security is crucial for protecting one's entire infrastructure. Unfortunately, the personal nature of passwords has its shortcomings. Passwords are easily forgotten. They may also be too simplistic; many companies don't enforce stringent password-creation requirements. This is where the Active Directory Password Policy comes in. Additionally, the following is achievable: Changing user passwords Recording password changes and storing them within a history log Active Directory accounts for any impactful changes across user accounts. We'll assess why and how administrators might leverage these core features. Why change user

The Hacker News

February 2, 2021

UK ‘open banking’ efforts provide case study in risks, rewards tied to digital transformation Full Text

Abstract Much like digital transformation efforts in the U.S., open banking in the U.K. is designed to give customers and businesses ownership over their data. But regulators worry it could also be a treasure trove for fraudsters.

SCMagazine

February 01, 2021

LIVE Webinar: Major Lessons to be Learned from Top Cyber Attacks in 2020 Full Text

Abstract We likely all agree that 2020 was a year we won't soon forget - for many reasons. One area particularly impacted last year was (and continues to be) cybersecurity.  While Internet access allowed many businesses to continue functioning during the COVID-19 stay at home requirements, the unprecedented number of people accessing company assets remotely introduced many new challenges for cybersecurity professionals. With a history of leveraging societal maladies to their advantage, cyber criminals leverage the confusion and unpreparedness created by the global pandemic in their cyber attacks.  In just the last two months of 2020, several high-profile organizations and government entities were successfully attacked using clever approaches that were overlooked by cybersecurity experts. Making sense of how attacks have changed and what new defensive strategies should be taken is no easy task. Cybersecurity company Cynet will help by reviewing the 2020 high profile attacks in depth and

The Hacker News

January 29, 2021

Apprenticeships Could Solve Cyber-Skills Crisis, Say Experts Full Text

Abstract Infosecurity Europe poll offers backing for on-the-job training

Infosecurity Magazine

January 28, 2021

Schneider Partners with Immersive Labs to Launch Virtual Training Platform Full Text

Abstract Training platform offers realistic battle-test scenarios

Infosecurity Magazine

January 28, 2021

#RSAC365: How to Achieve Next Level Security Automation Full Text

Abstract The power of end-to-end security automation

Infosecurity Magazine

January 19, 2021

New Educational Video Series for CISOs with Small Security Teams Full Text

Abstract Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities. CISOs at SMEs are increasingly relying on virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security programs across large and small organizations. Helpful Advice for CISOs with Small Security Teams Brian Haugli, a well-known vCISO in the US, recently collaborated with cybersecurity company  Cynet —which provides autonomous XDR platforms tailored to small security teams—to provide a series of educational videos for CISOs with small security teams with relevant information about their challenges and possible solu

The Hacker News

January 11, 2021

(ISC)² Offers Online Exam Proctoring Full Text

Abstract Online (ISC)² exam proctoring pilot program for cybersecurity certifications launches today

Infosecurity Magazine

December 31, 2020

What is OAuth 2.0 ? How it Works ? A Detailed Explanation of Authorization Framework Full Text

Abstract OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 supersedes the work done on the original OAuth protocol created in 2006.

Cyber Security News

December 27, 2020

Leveraging SOC 2 compliance for Cloud (SAAS) services Full Text

Abstract In a digital world where we often witness high-profile attacks, and incidents of a data breach, considering the implementation of effective security...

Cyber Security News

December 27, 2020

Relentless Hacking Is Turning All of Us Into Data Nihilists Full Text

Abstract The digital landscape is far too complex for those who rely on it—us—to monitor all the ways we’re exposed. Major factors determining whether our data will be used against us are completely out of our control.

Bloomberg Quint

December 23, 2020

SolarWinds: The Need for Persistent Engagement Full Text

Abstract The SolarWinds campaign reveals important lessons for U.S. cyber strategy.

Lawfare

December 23, 2020

Third-Party APIs: How to Prevent Enumeration Attacks Full Text

Abstract Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it.

Threatpost

December 23, 2020

Ransomware attacks could be about to get even more dangerous and disruptive Full Text

Abstract Cybercriminals lock down networks for one simple reason: it's the quickest and easiest way to make money from a compromised organization and they're unlikely to get caught.

ZDNet

December 23, 2020

CISA Releases Draft Use Case For Securing Remote, Mobile and Teleworking Connections Full Text

Abstract Federal officials dropped a holiday gift for cybersecurity managers across the government: the draft remote user use case for the latest iteration of the Trusted Internet Connection, or TIC, policy.

Nextgov

December 23, 2020

Three reasons why context is key to narrowing your attack surface Full Text

Abstract Today’s typical six-layer enterprise technology stack consists of networking, storage, physical servers, as well as virtualization, management, and application layers, which increases security challenges.

Help Net Security

December 22, 2020

The SolarWinds hack, and the danger of arrogance Full Text

Abstract As a journalist I’ve spent years reporting about both our country’s strengths and weaknesses, mostly within the tech and government space. And yet, even in my own reporting and that of my peers, there is this precept that the U.S. is among the most advanced – superior even – in most every area of consequence.

SCMagazine

December 22, 2020

Farmers get their own security advice as cyberattacks increase Full Text

Abstract With an eye on the future of agriculture and tech, the UK's NCSC has published guidance to help the farming sector respond to the same threats many other organizations face.

ZDNet

December 22, 2020

Just 8% of Firms Offer Regular Security Training Full Text

Abstract Remote workers exposed as businesses ignore cyber risk

Infosecurity Magazine

December 22, 2020

Here is what we know — and don’t know — about the suspected Russian hack Full Text

Abstract U.S. officials are deeply concerned about a massive and ongoing cyberattack targeting large companies and U.S. agencies, including the U.S. Treasury and Commerce Department.

CBS News

December 21, 2020

Breach alerts dismissed as junk? New guide for sending vital emails may help Full Text

Abstract The SolarWinds supply chain attack will likely prompt scores of compromised companies to send critical data breach notifications to their customers. But steps may be required to ensure these and other critical messages don’t get ignored, bounced or quarantined.

SCMagazine

December 21, 2020

Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat Full Text

Abstract A survey of single people found almost a third are still logging into their ex’s social-media accounts, some for revenge.

Threatpost

December 21, 2020

Defending Against State and State-Sponsored Threat Actors Full Text

Abstract Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world.

Threatpost

December 21, 2020

Simplifying Proactive Defense With Threat Playbooks Full Text

Abstract FortiGuard Labs’ Derek Manky talks about how threat playbooks can equip defense teams with the tools they need to fight back against evolving attacker TTPs.

Threatpost

December 21, 2020

How do we stop cyber weapons from getting out of control? Full Text

Abstract It's vital that all countries follow international rules and norms if deploying cyber weapons, but some nations aren't being responsible when it comes to how they use cyber powers, officials said.

ZDNet

December 21, 2020

Telemed Poll Uncovers Biggest Risks and Best Practices Full Text

Abstract What are the riskiest links in the virtual healthcare chain? Threatpost readers weigh in as part of an exclusive telemed poll.

Threatpost

December 19, 2020

NSA warns of cloud attacks on authentication mechanisms Full Text

Abstract The US National Security Agency (NSA) warns of two techniques abused by threat actors for escalating attacks from local networks to cloud infrastructure. The US National Security Agency has published a security advisory that describes two techniques...

Security Affairs

December 18, 2020

New ISAC for K–12 Schools Names National Director Full Text

Abstract Douglas Levin named national director of new information sharing & analysis center for US school districts

Infosecurity Magazine

December 18, 2020

JIBC Launches Cybercrime Analysis Certification Full Text

Abstract Justice Institute of British Columbia launches new online Graduate Certificate in Cybercrime Analysis

Infosecurity Magazine

December 18, 2020

NSA warns of hackers forging cloud authentication information Full Text

Abstract An advisory from the U.S. National Security Agency is providing Microsoft Azure administrators guidance to detect and protect against threat actors looking to access resources in the cloud by forging authentication information.

BleepingComputer

December 18, 2020

NSA warns of federated login abuse for local-to-cloud attacks Full Text

Abstract The NSA has published a security advisory on Thursday warning about two techniques hackers are using to escalate access from compromised local networks into cloud-based infrastructure.

ZDNet

December 18, 2020

All-source intelligence: reshaping an old tool for future challenges Full Text

Abstract An enhanced version of the old all-source intelligence discipline could serve the purpose. By Boris Giannetto Hybrid, interconnected and complex threats require hybrid, interconnected and complex tools. An enhanced version of the old all-source...

Security Affairs

December 17, 2020

New ISAC for K-12 school districts fills a key cyber intelligence gap Full Text

Abstract Clobbered by cybercriminals, local school districts have lacked an outlet for sharing cyber threat info that’s relevant only to them.

SCMagazine

Table of contents