The Hacker News | Expert Insights — Index Page

Compliance professionals today are dealing with numerous challenges. At the same time, their companies face increased scrutiny and cyberthreats, and compliance teams have fewer resources and reduced headcount. It's a lot for even the most sophisticated and experienced teams to manage. As a result, compliance professionals are seeking out ways to do more with less. Sometimes the solution is utilizing technology, such as automated software tools that streamline processes or leveraging AI for greater efficiency. In other circumstances, individuals responsible for compliance are choosing an easy path to simply check the box on compliance with a flimsy, budget audit. This may be enough to get the C-suite off their back, but it leaves the company open to significant risk. Each year, A-LIGN surveys hundreds of compliance leaders to learn more about the current state of compliance and better understand the factors that impact their decisions. What are the driving forces behind their complia...

Cyberattacks are already the most significant operational and financial threat to almost every type of business. Surveys of CISOs consistently reveal phishing attacks, identity security, social engineering, and the resulting data breaches and ransomware attacks are the top concerns.  These fears are well founded. Each new day brings fresh headlines of another major breach or successful ransomware attack. The Cybersecurity and Infrastructure Security Agency (CISA), an agency of the DHS reports that 90% of ransomware attacks begin with phishing. Last quarter witnessed the first individual ransomware loss that exceeded a billion dollars of damages, and a leading news media reported nine new major breaches in a single week.  What is driving this epidemic and how much worse will it get?  The answers are both simple and complex. The simple answer is that this next generation of cyberattacks is being driven by the incredible power and innovation of generative AI, while the ...

From the moment it hits the wire—be it MISP or Mandiant—the value and efficacy of cyber threat intelligence (CTI) begins to decay for the organizations that intend to consume it. The data that was once essential for evaluating and reducing risk becomes dated and less helpful as adversaries constantly adapt their tactics, techniques, and procedures (TTPs).  We refer to this as ' threat intelligence decay .' Meanwhile, the NCSC have reported that threat actors have begun leveraging artificial intelligence, with an expectation that they will soon be using AI to evolve and enhance existing TTPs. This advent of AI is exacerbating the challenge of threat intelligence decay. Information that was once a golden nugget of defense can quickly turn into fool's gold, leaving organizations exposed to new threats. When we look at one of the most practical applications that threat intelligence has in an organization—the threat management process—it's frightening how much these problems are co...

Patching and updating is pretty much baked-in to the thinking, standards, and coming legislation of the device security community. Yet  isolation via partitioning  is another viable approach for security, and it comes with many advantages. Patching The primary advantage of patching and updating known vulnerabilities is that the vulnerabilities are usually permanently fixed. Hence the fix is demonstrable for standard and legal compliance. Some problems with this approach are: Modern IoT device firmware has tens, hundreds, even thousands of components, and components routinely come with dozens of their own dependencies [1] . Finding vulnerabilities in components of an SBOM is not an easy process. There are several databases, and component identification is not consistent [1] Achieving 100% complete and accurate SBOMs is still an elusive goal [1] . A high percentage of vulnerabilities in components are not exploitable [1] . Fixing non-ex...

Security has always been a game of risk management, not risk elimination. Every decision to address one threat means potentially leaving another unattended. That deciding of which threat to address – and in what order – is the name of the game. In this triage process, abuse vulnerabilities,  i.e. , exploiting legitimate features of a platform in unintended ways to conduct digital misdeeds such as phishing campaigns, can get pushed down the priority list of security issues. I would like to argue that it's time we stop separating the concept of abuse vulnerabilities and security vulnerabilities.  Unlike security vulnerabilities that are, in essence, exploited loopholes or bugs in the code, fixes for abuse vulnerabilities can be slow to come. Yet these openings for abuse can easily lead to disaster if left unattended. Recent figures show that  68% of breaches  originate from these exact types of exploitations involving the human element making a mistake such as phish...

There is a lot of frustration by security experts and legislators, with device OEMs not implementing security measures. Apparently, many OEMs balk at the ongoing effort and expense to create and manage a security team to verify and fix problem reports and to communicate their actions according to the requirements of various security agencies. On their side, OEMs probably prefer a one and done approach to security. I think that I have a solution for this conflict. It is not a perfect solution, but it is a half-step in the right direction. The solution is partitioning. We have found that it is possible to achieve strong isolation between software partitions for the Arm Cortex-M architecture with memory protection units. It is possible to do this without excessive memory waste or processor overhead for both the v7M and v8M architectures. Tasks in on...

From a user's perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you're seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for malicious actors to manipulate employees into giving away unintended access to corporate environments. In one of the  highest-profile examples , Pawn Storm's attacks against the Democratic National Convention and others leveraged OAuth to target victims through social engineering.  Security and IT teams would be wise to establish a practice of reviewing new and existing OAuth grants programmatically to catch risky activity or overly-permissive scopes. And, there are new solutions for  SaaS security  cropping up that can make this process easier. Let's take a look at some best practices for prioritizing and investigating your or...

In today's digital age, financial institutions are tasked with the critical mission of upholding high standards of service, continuity, and resilience while combatting evolving cyber threats. The ability to innovate and enhance the security of digital financial services is essential for growth, differentiation, and for building trust with customers. To address these challenges, financial institutions must establish and maintain robust security processes and adapt their cyber defenses continuously. One key regulatory initiative designed to assist financial institutions in enhancing their operational resilience and cybersecurity posture is the Digital Operational Resilience Act (DORA). Understanding DORA The  Digital Operational Resilience Act  (Regulation (EU) 2022/2554) is a pivotal regulatory framework that focuses on digital operational resilience within financial services. Representing the EU's primary regulato...