#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News

The Hacker News | Expert Insights

Zero Trust Security, Why It's Essential In Today's Threat Landscape

Zero Trust Security, Why It's Essential In Today's Threat Landscape

Jan 16, 2025
Coined in 2010 by Forrester Research , the term "zero trust" has long been hijacked by security vendors eager to take advantage of the hype that surrounds the concept. Today, it's so overused and misused that many see it as a meaningless buzzword—but that's far from the truth. In fact, its widespread misappropriation demonstrates the power of zero trust security. Why else would countless vendors try to capitalize on it? As they say, imitation is the sincerest form of flattery. Zero trust is not a mere label. Rather, zero trust is an architecture—though you'll also hear of a zero trust methodology, framework, paradigm, and infrastructure—and it's based on the idea of zero implicit trust, meaning no one should be trusted by default. The key zero trust principle of least-privileged access says a user should be given access only to a specific IT resource the user is authorized to access, at the moment that user needs it, and nothing more. Hence the zero trust maxim,...
Securing Open Source: Lessons from the Software Supply Chain Revolution

Securing Open Source: Lessons from the Software Supply Chain Revolution

Dec 02, 2024
The software supply chain has become a prime target for cyberattacks, with incidents like SolarWinds and Log4j demonstrating the critical vulnerabilities inherent in today's development ecosystems. The growing reliance on open source software (OSS) amplifies this risk, with recent studies showing that up to 90% of modern applications rely on open source components. This article explores how organizations can mitigate software supply chain risks while continuing to leverage the innovation and flexibility of OSS. Why Software Supply Chains Are at Risk At its core, the supply chain relies on a complex web of contributors, libraries, and dependencies—each presenting a potential attack vector. Attackers exploit this complexity by injecting malicious code into trusted packages or targeting the infrastructure itself. Key risks include: Dependency Hell: Updating software is often so complex and fraught with technical risks that many developers avoid the process altogether, leaving them...
5 Strategies to Combat Ransomware and Ensure Data Security in Microsoft 365

5 Strategies to Combat Ransomware and Ensure Data Security in Microsoft 365

Dec 02, 2024
As data breaches and cyber threats become the norm rather than the exception, the imperative to fortify cybersecurity measures has become critical. Microsoft 365, the leading enterprise productivity platform, is at the heart of many organizations' daily operations — and therefore is a prime target for cyber-attackers. Ransomware remains one of the most aggressive cyber threats to organizations. A reported 76% of businesses have experienced at least one attack within the last year , the results of which yielded disrupted operations, substantial financial losses, and reputational damage. For SaaS platforms like Microsoft 365, the threat is even more pronounced due to the vast amounts of sensitive data processed and stored daily.  Below, we will investigate the cybersecurity landscape surrounding Microsoft 365. As we do so, we will examine the prevalence of ransomware threats and identify many commonly implemented and robust strategies that are proven to enhance cyber resilience an...
Defensible Security Architecture and Engineering: Designing and Building Defenses for the Future

Defensible Security Architecture and Engineering: Designing and Building Defenses for the Future

Nov 25, 2024
As I usually say: 'attackers are lazy'. In other words, they always follow the path of least resistance. As defenders catch up with their tactics, techniques, and procedures, the asymmetric gap between offensive and defensive capability shrinks, pushing attackers to shift their battlefield strategy, perpetuating a game that repeats over and over again. Take, for example, endpoint protection. For the last few years, endpoint protection, detection, and response have been the centerpiece of security strategies. As modern endpoint security products get better at anticipating threats based on AI-based engines, providing richer visibility and more contextual detection capabilities, attackers are pivoting away from them, looking for 'blind spots' in your architecture, leveraging vulnerabilities and misconfigurations in network devices, supply chains, and even firmware embedded deep within devices, areas where security visibility is limited. This trend is particularly significant due to the ...
An Agent’s Identity: Is Your Authentication AI-Proof?

An Agent's Identity: Is Your Authentication AI-Proof?

Nov 14, 2024
Two years ago, who would have thought that Artificial Intelligence (AI) would transform how we interact with information? With the latest advancements in OpenAI and Anthropic models, breaking all limits with every new release, agents are inevitable. Last month, Anthropic released their "Computer agent," which can control a computer to perform actions based on user prompts. This raises some serious concerns: How does access control work? Imagine you have an army of agents, each specializing in a particular area. Would you be comfortable delegating all your access to these agents? Before getting to it, let's define what an AI Agent is. AWS defines an agent as "a software program that can interact with its environment, collect data, and use the data to perform self-determined tasks to meet predetermined goals." Few Facts About Agents Agents are "smart" computing units capable of performing tasks, but here are a few things to note: Humans are responsible for setting goals, and an a...
Breathing New Life into a Stagnant AppSec

Breathing New Life into a Stagnant AppSec

Nov 14, 2024
If you're like most people, your inbox overflows daily with a mix of important messages, random ads, and updates you didn't ask for. It's easy to miss what really matters. This inbox-overload mirrors what's happening in AppSec: security teams are overwhelmed with endless alerts and notifications, with only a handful pointing to actual risks. And while infrastructure and development environments have evolved radically in the past decade, AppSec tools haven't kept pace. The result? Outdated tools that can't sift out the noise, leaving teams struggling to focus on real threats amid a flood of alerts. As CEO of Backslash Security , I frequently hear from AppSec professionals who feel like they're stuck in reactive mode, juggling outdated tools that weren't designed for today's complex, cloud-native environments. These tools flood them with alerts, stretching their focus between routine notifications and the critical issues that could genuinely impact their applications. A few years ...
Beyond Castle Walls: Operational Technology and Zero Trust

Beyond Castle Walls: Operational Technology and Zero Trust

Nov 12, 2024
Throughout history, societies have protected their most valuable assets by building walls, fortresses, and moats. Whether it was a medieval castle or an ancient city-state, security meant keeping threats on the outside and creating barriers around the things that mattered most.  We took these principles with us as we moved into the digital age, designing network security with firewalls, access controls, and gated perimeters to protect digital assets. Firewalls and network devices became our virtual walls, defining trusted and untrusted zones, and keeping the "bad actors" at the gate. For years, this perimeter-based approach was the primary line of defense in the world of cybersecurity, establishing a digital fortress around systems and data. But just as history has shown us that walls and borders can be breached, so too has modern cybersecurity taught us that no perimeter is foolproof. As organizations increasingly connect their IT systems to the wider internet and integrate the...
State of SaaS Security Report: Bold Moves Required to Secure SaaS in 2024 and Beyond

State of SaaS Security Report: Bold Moves Required to Secure SaaS in 2024 and Beyond

Nov 12, 2024
The rapid adoption of SaaS solutions, accelerated by trends such as remote work, cloud computing, big data, and Generative AI (GenAI) has brought significant benefits to organizations. However, this transformation also introduces new attack surfaces and unique challenges for security teams, who must now consider how they can secure the intricate web of SaaS usage across their organization.  Today, the SaaS security landscape is characterized by several key themes and issues: Credential Theft and Stuffing: This trend is fueled by dark web marketplaces where breached credentials are bought, sold, and traded, making it easy for attackers to carry out credential stuffing attacks. Shadow SaaS: The explosion of unauthorized SaaS apps has led to a rise in employees inadvertently exposing sensitive data. Trial or demo accounts are a main source of shadow SaaS.  SaaS Sprawl: In 2023, the average number of SaaS apps used by a business reached 473. Our numbers indicate an increase ...
Cybersecurity Resources