πŸ”’
❌
There are new articles available, click to refresh the page.
Today β€” 8 August 2022The Hacker News

The Benefits of Building a Mature and Diverse Blue Team

8 August 2022 at 13:43
A few days ago, a friend and I were having a rather engaging conversation that sparked my excitement. We were discussing my prospects of becoming a red teamer as a natural career progression. The reason I got stirred up is not that I want to change either my job or my position, as I am a happy camper being part of Cymulate's blue team. What upset me was that my friend could not grasp the idea
Before yesterdayThe Hacker News

Resolving Availability vs. Security, a Constant Conflict in IT

5 August 2022 at 10:20
Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn’t always easy – though sometimes there is a novel solution that helps. In IT management there is a constant struggle between security and operations teams. Yes, both teams ultimately want to have secure

Who Has Control: The SaaS App Admin Paradox

4 August 2022 at 15:50
Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and don't consider the security implications, only the ease which they need for their team to use their login.Β  This CRM, however, defines MFA as a top-tier security setting; for example,

Three Common Mistakes That May Sabotage Your Security Training

4 August 2022 at 07:58
Phishing incidents are on the rise. A report from IBM shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques. The Need for Security Awareness TrainingΒ  Although technical solutions protect against phishing threats, no solution is 100% effective. Consequently, companies have no choice but to involve their

On-Demand Webinar: New CISO Survey Reveals Top Challenges for Small Cyber Security Teams

3 August 2022 at 12:13
The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis.Β  NearlyΒ 60% of enterprisesΒ can’t find the staff to protect their data (and reputations!) from new and emerging breeds of cyber-attacks, reports the Information Systems Security Association (ISSA) in its 5th annual global industry study.Β  The result?Β Heavier workloads, unfilled positions, and

What is ransomware and how can you defend your business from it?

2 August 2022 at 11:05
Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat

Two Key Ways Development Teams Can Increase Their Security Maturity

1 August 2022 at 14:05
Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent global research, 67% of developers that were interviewed said they were still shipping code they knew

Stop Putting Your Accounts At Risk, and Start Using a Password Manager

30 July 2022 at 17:20
Image via Keeper Right Now, Get 50% Off Keeper, the Most Trusted Name in Password Management. In one way or another, almost every aspect of our lives is online, so it’s no surprise that hackers target everything from email accounts to banks to smart home devices, looking for vulnerabilities to exploit. One of the easiest exploits is cracking a weak password. That’s why using a strong, unique

How to Combat the Biggest Security Risks Posed by Machine Identities

29 July 2022 at 10:05
The rise ofΒ DevOps cultureΒ in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However,Β containerization and the rise of cloud software developmentΒ are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity

Top MSSP CEOs Share 7 Must-Do Tips for Higher MSSP Revenue and Margin

28 July 2022 at 11:09
MSSPs must find ways to balance the need to please existing customers, add new ones, and deliver high-margin services against their internal budget constraints and the need to maintain high employee morale.In an environment where there are thousands of potential alerts each day and cyberattacks are growing rapidly in frequency and sophistication, this isn’t an easy balance to maintain. Customers

How to Combat the Biggest Security Risks Posed by Machine Identities

28 July 2022 at 10:58
The rise ofΒ DevOps cultureΒ in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However,Β containerization and the rise of cloud software developmentΒ are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity

Taking the Risk-Based Approach to Vulnerability Patching

27 July 2022 at 09:21
Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation.Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or

4 Steps the Financial Industry Can Take to Cope With Their Growing Attack Surface

26 July 2022 at 16:01
The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread of mobile banking apps, chat-based customer service, and other digital tools.Β Adobe's 2022 FIS Trends Report,Β for instance, found that more than half of the financial services and insurance firms surveyed experienced a notable increase in digital/mobile

Racoon Stealer is Back β€” How to Protect Your Organization

25 July 2022 at 08:52
The Racoon Stealer malware as a service platform gained notoriety several years ago for its ability to extract data that is stored within a Web browser. This data initially included passwords and cookies, which sometimes allow a recognized device to be authenticated without a password being entered. Racoon Stealer was also designed to steal auto-fill data, which can include a vast trove of

An Easier Way to Keep Old Python Code Healthy and Secure

22 July 2022 at 09:00
Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of

The New Weak Link in SaaS Security: Devices

21 July 2022 at 11:59
Typically, when threat actors look to infiltrate an organization's SaaS apps, they look to SaaS app misconfigurations as a means of entry. However, employees now use their personal devices, whether their phones or laptops, etc., to get their jobs done. If the device's hygiene is not up to par, it increases the risk for the organization and widens the attack surface for bad actors. And so,

Cynomi Automated Virtual CISO (vCISO) Platform for Service Providers

21 July 2022 at 08:23
Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don't have in-house CISO expertise – the demand for virtual CISO (vCISO) services is also growing. Yet current vCISO services models still rely on manual

Dealing With Alert Overload? There's a Guide For That

20 July 2022 at 09:23
The Great Resignation – or the Great Reshuffle as some are calling it – and the growing skills gap have been dominating headlines lately. But these issues aren't new to the cybersecurity industry. While many are just now hearing about employee burnout, security teams have faced reality and serious consequences of burnout for years.Β  One of the biggest culprits? Alert overload.Β  The average

Security Experts Warn of Two Primary Client-Side Risks Associated with Data Exfiltration and Loss

19 July 2022 at 11:23
Two client-side risks dominate the problems with data loss and data exfiltration: improperly placed trackers on websites and web applications and malicious client-side code pulled from third-party repositories like NPM.Β  Client-side security researchers are finding that improperly placed trackers, while not intentionally malicious, are a growing problem and have clear and significant privacy
❌