#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News

Risk Management | Breaking Cybersecurity News | The Hacker News

Category — Risk Management
Securing Open Source: Lessons from the Software Supply Chain Revolution

Securing Open Source: Lessons from the Software Supply Chain Revolution

Dec 02, 2024
The software supply chain has become a prime target for cyberattacks, with incidents like SolarWinds and Log4j demonstrating the critical vulnerabilities inherent in today's development ecosystems. The growing reliance on open source software (OSS) amplifies this risk, with recent studies showing that up to 90% of modern applications rely on open source components. This article explores how organizations can mitigate software supply chain risks while continuing to leverage the innovation and flexibility of OSS. Why Software Supply Chains Are at Risk At its core, the supply chain relies on a complex web of contributors, libraries, and dependencies—each presenting a potential attack vector. Attackers exploit this complexity by injecting malicious code into trusted packages or targeting the infrastructure itself. Key risks include: Dependency Hell: Updating software is often so complex and fraught with technical risks that many developers avoid the process altogether, leaving them...
Master Privileged Access Management: Best Practices to Implement

Master Privileged Access Management: Best Practices to Implement

Oct 14, 2024 Data Security / Risk Management
Nowadays, managing who has privileged access to your most critical data and systems is more important than ever. Privileged access serves as the key to your organization's most sensitive assets, making it a high-value target for malicious actors. Any misstep in securing this access might lead to privilege abuse and serious data breaches. But it's not just about defending against cybercriminals; poor management of privileged access can also result in operational disruptions, costly downtime, and non-compliance with industry regulations. To truly master Privileged Access Management (PAM) , you need more than just basic controls in place. You need a proactive, multi-layered approach that reduces risks without slowing down your operations. Let's discuss what best practices you can use to secure your privileged accounts and stay one step ahead of potential threats. Why is privileged access management so important? Privileged access management is an essential pillar of a robust c...
How Confident Are You That Your Critical SaaS Applications Are Secure? 

How Confident Are You That Your Critical SaaS Applications Are Secure? 

Sept 01, 2024
Software-as-a-service (SaaS) applications have become the backbone of many modern businesses. With the myriad of functionalities they offer, they maximize collaboration, agility, scalability, and ultimately, profits. So it's no wonder that companies rely on an incredible hundreds of apps today, up from dozens just a few years ago. But this rapid adoption has introduced brand-new vulnerabilities and elusive blind spots. 2024 saw many attacks originating from SaaS apps including those perpetrated by nation states . And the headlines about SaaS app attacks seem to be getting more ominous if that is even possible. The culprits behind the attacks come from outsiders, insiders, third parties, and even unintentional human errors or negligence. The need to address this snowballing trend has reached a critical point. Given the scale and speed of app development and adoption, we are creating a larger attack surface for increasingly capable adversaries every day. In such a high-stakes environm...
Exploitability is the Missing Puzzle Piece of SCA (Software Composition Analysis)

Exploitability is the Missing Puzzle Piece of SCA (Software Composition Analysis)

Jul 10, 2024
Open-source libraries allow developers to move faster, leveraging existing building blocks instead of diverting resources to building in-house. By leaning on existing open-source packages, engineers can focus on complex or bespoke elements of their products, using package managers and open-source maintainers to make it easy to pull everything together.  However, you can't deny that building software using open source makes your applications more vulnerable to security risks. In an open-source library, attackers have direct access to code, and can search for current and historical vulnerabilities, as well as any issues and tickets managed on websites such as GitHub or GitLab. This helps threat actors to quickly find packages that are vulnerable and launch an attack.  This is where Software Composition Analysis (SCA) comes in, with the purpose of scanning packages and uncovering vulnerabilities. SCA compiles and manages a catalog of software packages, alongside details such ...
Survey Reveals Compliance Professionals Seek Quality, Efficiency, Trust & Partnership

Survey Reveals Compliance Professionals Seek Quality, Efficiency, Trust & Partnership

Jun 10, 2024
Compliance professionals today are dealing with numerous challenges. At the same time, their companies face increased scrutiny and cyberthreats, and compliance teams have fewer resources and reduced headcount. It's a lot for even the most sophisticated and experienced teams to manage. As a result, compliance professionals are seeking out ways to do more with less. Sometimes the solution is utilizing technology, such as automated software tools that streamline processes or leveraging AI for greater efficiency. In other circumstances, individuals responsible for compliance are choosing an easy path to simply check the box on compliance with a flimsy, budget audit. This may be enough to get the C-suite off their back, but it leaves the company open to significant risk. Each year, A-LIGN surveys hundreds of compliance leaders to learn more about the current state of compliance and better understand the factors that impact their decisions. What are the driving forces behind their complia...
DORA – Guiding the Resilience of Digital Financial Services

DORA – Guiding the Resilience of Digital Financial Services

May 01, 2024
In today's digital age, financial institutions are tasked with the critical mission of upholding high standards of service, continuity, and resilience while combatting evolving cyber threats. The ability to innovate and enhance the security of digital financial services is essential for growth, differentiation, and for building trust with customers. To address these challenges, financial institutions must establish and maintain robust security processes and adapt their cyber defenses continuously. One key regulatory initiative designed to assist financial institutions in enhancing their operational resilience and cybersecurity posture is the Digital Operational Resilience Act (DORA). Understanding DORA The  Digital Operational Resilience Act  (Regulation (EU) 2022/2554) is a pivotal regulatory framework that focuses on digital operational resilience within financial services. Representing the EU's primary regulato...
Cybersecurity Resources