Email Security | Breaking Cybersecurity News | The Hacker News

The cybersecurity community has been buzzing about JPMorgan Chase CISO Pat Opet's open letter to third-party suppliers since its release right before RSA. This candid assessment from the security leader of one of the world's largest financial institutions has struck a chord, particularly his observations about SaaS security. Opet didn't mince words: " SaaS models are fundamentally reshaping how companies integrate services and data—a subtle yet profound shift eroding decades of carefully architected security boundaries ." This statement encapsulates a reality that security professionals have been grappling with—the traditional security perimeter has dissolved, replaced by a complex web of interconnected SaaS applications, each with their own configurations, access controls, and data sharing capabilities. Let's break down the key issues highlighted in Opet's letter and explore practical solutions. The New SaaS Security Challenges OAuth Vulnerabiliti...

Businesses are firmly in attackers' crosshairs. Financially motivated cybercriminals conduct ransomware attacks with record-breaking ransoms being paid by companies seeking to avoid business interruption. Others, including nation-state hackers, infiltrate companies to steal intellectual property and trade secrets to gain commercial advantage over competitors. Further, we regularly see critical infrastructure being targeted by nation-state cyberattacks designed to act as sleeper cells that can be activated in times of heightened tension. Companies are on the back foot. Leaders must be confident in their cyber posture: Are defenses up to the job of keeping attacks at bay? Does the leadership team have a complete understanding of the threats and risks the company faces? How can CEOs seize the initiative to get ahead of threats? Adoption of zero trust architectures to improve cyber defense Businesses that don't embrace true zero trust will find themselves increasingly vulnerable to br...

It's been reported that a new, generative AI worm dubbed "Morris II" has emerged. And for many, this new, generative AI worm is an understandable reason to panic.  Pushing back against hysteria, however, we discover that Morris II only targets AI apps and AI-enabled email assistants. No attack is a good one, but at least this one's very specific. More importantly, the recognition that just as AI is helping to accelerate and automate attacks, it will also drastically improve security efficacy.  While AI threatens to overwhelm reactive security teams with the pace and sophistication of its onslaught, it can likewise enable proactive prevention through predictive processes and controls. This is critical to giving security teams the chance to withstand the barrage that awaits them. Scaling alongside AI-enabled attacks There are two proactive efforts that scale well when accelerated attacks become the norm. Neither of these efforts need to be AI-powered to be effective against...

Security has always been a game of risk management, not risk elimination. Every decision to address one threat means potentially leaving another unattended. That deciding of which threat to address – and in what order – is the name of the game. In this triage process, abuse vulnerabilities,  i.e. , exploiting legitimate features of a platform in unintended ways to conduct digital misdeeds such as phishing campaigns, can get pushed down the priority list of security issues. I would like to argue that it's time we stop separating the concept of abuse vulnerabilities and security vulnerabilities.  Unlike security vulnerabilities that are, in essence, exploited loopholes or bugs in the code, fixes for abuse vulnerabilities can be slow to come. Yet these openings for abuse can easily lead to disaster if left unattended. Recent figures show that  68% of breaches  originate from these exact types of exploitations involving the human element making a mistake such as phish...