#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News

The Hacker News | Expert Insights

How Hackers Exploit Your Attack Surface (And How to Protect Yourself)

How Hackers Exploit Your Attack Surface (And How to Protect Yourself)

Feb 17, 2025
Hackers are constantly scanning your network, often spotting vulnerabilities before you do. They're looking for misconfigurations, exposed assets, and weak points that could lead to a breach—are you seeing what they see? Every activity or interaction that your organization does online – website, social media accounts, cloud services, third-party integrations, and more – contributes to its digital footprint. This digital footprint is information attackers use to find your weaknesses and attempt to exploit them.  What if you could anticipate how hackers plan to exploit your vulnerabilities before they strike? Imagine identifying the weaknesses most enticing to an attacker—before they become exploited. Attack Surface Management (ASM) solutions help organizations continuously identify, monitor and manage aspects of public-facing IT assets, including those that may be forgotten. ASM is the tool in the battle of visibility – either you see your weaknesses first, or attackers will show ...
Solving Identity Challenges with an Extensible CIAM Solution

Solving Identity Challenges with an Extensible CIAM Solution

Feb 10, 2025
Across industries, businesses are focused on achieving key objectives such as: Driving sustainable revenue growth Reducing costs and improving efficiency Strengthening security and ensuring compliance Customer Identity and Access Management (CIAM) is central to these goals. A robust CIAM solution doesn't just enable seamless user authentication and access—it unifies identity across an organization's digital ecosystem. This ensures that customers can engage consistently across all channels while enabling sales, marketing, and support teams to leverage a single, authoritative view of each user. Moreover, outsourcing Customer Identity to an extensible CIAM platform enhances agility, freeing developers to focus on core applications. This results in faster development cycles, improved user experiences, and quicker time-to-market. From a security perspective, CIAM is critical for protecting user data, preventing identity-based threats, and meeting regulatory requirements. However, t...
Hacking in the name of

Hacking in the name of

Feb 03, 2025
Since Russia's latest escalation in 2022 with its invasion of Ukraine, hacktivism has surged, impacting both private and public sectors through DDoS attacks, defacements, and disinformation campaigns. These cyberattacks align with geopolitical events. As 2024 saw over 50 countries holding elections, this creates particularly ripe conditions for influence operations such as misinformation and propaganda campaigns. DDoS attacks have also intensified, with one pro-Russian hacktivist group alone claiming over 6,000 attacks since March 2022. Driven by political tensions and geopolitical conflicts, we saw a significant increase in both volume and intensity. Hacktivists are now more experienced, leveraging DDoS-for-hire services and sophisticated tools. To better understand the complex threat landscape, we aim to explore current hacktivism more deeply, examining its various facets and connections to geopolitical tensions, building on our previous findings. This article doesn't cover ...
Eliminate Your Attack Surface by Becoming Invisible: Hackers Can't Attack What They Can't See

Eliminate Your Attack Surface by Becoming Invisible: Hackers Can't Attack What They Can't See

Feb 03, 2025
Most IT security professionals would agree that the key ingredient for safeguarding networks is "reducing the attack surface." Fewer avenues for breaches mean reduced risk and fewer incidents for an enterprise: Hackers can't attack what they can't see. Reducing attack surface is the key to securing your network, applications, and—most importantly—your data. Calling all servers . . . The "attack surface" comprises the sum of all exposed points through various vectors that an attacker could target to compromise a computing device or network. You can group the attack vectors into three main categories: the channel (a listening TCP/UDP port), assets (which include applications, services, webpages, files, executables, etc.), and access (user credentials). Below is a breakdown of the various attack vector options available to attackers. The channel —typically an exposed-to-the-internet communications protocol like TCP or UDP—allows all entities on the internet to communicate with each ot...
Using Roles and Attributes to Protect Identities

Using Roles and Attributes to Protect Identities

Feb 03, 2025
In every industry, Active Directory (AD) and Entra ID are the de facto standard identity directories . While cloud environments are becoming more prevalent, many industries' governing bodies require sensitive and private data and the applications utilized by them to remain on the premises. The hybrid combination of AD and Entra ID creates a complex web of identities in domains and forests that are often managed from separate consoles, creating a costly and risky administrative challenge. The complexity of hybrid environments often results in vulnerabilities that can put businesses at risk. These vulnerabilities take the form of privilege sprawl as a result of mergers, acquisitions, mobility within a company, and the resulting creation or addition of new identity accounts. Each individual identity account requires specific rights to access corporate resources. How those rights are allocated and protected is critical to an organization's security and productivity. Any gaps create s...
Combat Threats to Technical Projects: 3 Hacks for Soft Skills

Combat Threats to Technical Projects: 3 Hacks for Soft Skills

Jan 27, 2025
The #1 threat to technical work at scale is poor communication. Many engineers, data scientists, and other technical professionals I've worked with are brilliant when it comes to solving hard problems, but they often struggle with the softer side of their work–the people skills—which are critical to their success. Especially since it's only a matter of time before co-pilots take over the captain's seat of technical tasks.  Communication: Catalyst or Ceiling A study conducted by Harvard University, the Carnegie Foundation, and Stanford Research Center found that 85% of job success comes from soft skills (such as people skills), whereas only 15% stems from hard skills (such as technical capabilities). Soft skills can distinguish you to help preserve or even further your career, but if they're not developed, they can create a ceiling over your growth. When you lack people skills, especially interpersonal communication, your projects suffer. This is especially true for cross-functio...
Zero Trust Security, Why It's Essential In Today's Threat Landscape

Zero Trust Security, Why It's Essential In Today's Threat Landscape

Jan 16, 2025
Coined in 2010 by Forrester Research , the term "zero trust" has long been hijacked by security vendors eager to take advantage of the hype that surrounds the concept. Today, it's so overused and misused that many see it as a meaningless buzzword—but that's far from the truth. In fact, its widespread misappropriation demonstrates the power of zero trust security. Why else would countless vendors try to capitalize on it? As they say, imitation is the sincerest form of flattery. Zero trust is not a mere label. Rather, zero trust is an architecture—though you'll also hear of a zero trust methodology, framework, paradigm, and infrastructure—and it's based on the idea of zero implicit trust, meaning no one should be trusted by default. The key zero trust principle of least-privileged access says a user should be given access only to a specific IT resource the user is authorized to access, at the moment that user needs it, and nothing more. Hence the zero trust maxim,...
Securing Open Source: Lessons from the Software Supply Chain Revolution

Securing Open Source: Lessons from the Software Supply Chain Revolution

Dec 02, 2024
The software supply chain has become a prime target for cyberattacks, with incidents like SolarWinds and Log4j demonstrating the critical vulnerabilities inherent in today's development ecosystems. The growing reliance on open source software (OSS) amplifies this risk, with recent studies showing that up to 90% of modern applications rely on open source components. This article explores how organizations can mitigate software supply chain risks while continuing to leverage the innovation and flexibility of OSS. Why Software Supply Chains Are at Risk At its core, the supply chain relies on a complex web of contributors, libraries, and dependencies—each presenting a potential attack vector. Attackers exploit this complexity by injecting malicious code into trusted packages or targeting the infrastructure itself. Key risks include: Dependency Hell: Updating software is often so complex and fraught with technical risks that many developers avoid the process altogether, leaving them...
5 Strategies to Combat Ransomware and Ensure Data Security in Microsoft 365

5 Strategies to Combat Ransomware and Ensure Data Security in Microsoft 365

Dec 02, 2024
As data breaches and cyber threats become the norm rather than the exception, the imperative to fortify cybersecurity measures has become critical. Microsoft 365, the leading enterprise productivity platform, is at the heart of many organizations' daily operations — and therefore is a prime target for cyber-attackers. Ransomware remains one of the most aggressive cyber threats to organizations. A reported 76% of businesses have experienced at least one attack within the last year , the results of which yielded disrupted operations, substantial financial losses, and reputational damage. For SaaS platforms like Microsoft 365, the threat is even more pronounced due to the vast amounts of sensitive data processed and stored daily.  Below, we will investigate the cybersecurity landscape surrounding Microsoft 365. As we do so, we will examine the prevalence of ransomware threats and identify many commonly implemented and robust strategies that are proven to enhance cyber resilience an...
Cybersecurity Resources