#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News

The Hacker News | Expert Insights — Index Page

FinTech, Healthcare & SaaS Need Non-Human Identity Management More Than Ever Before

FinTech, Healthcare & SaaS Need Non-Human Identity Management More Than Ever Before

Sept 01, 2024
Though every organization is susceptible to data breaches, those in FinTech, Healthcare, and SaaS are particularly vulnerable to attacks due to the high volume of data they possess. It's all the more necessary for these organizations to secure their digital estate end-to-end. Identity & access management (IAM), authorization policies, and observability tools are required to enforce security. But with the proliferation of microservices, distributed architectures, numerous vendor and partner integrations, as well as open-source components, the digital supply chain has become more vast and complex than ever. This requires a purpose-built security solution that addresses the new needs of organizations in these sectors, to which Non-human identity management has risen to meet. Let's dive deeper, by looking at recent data breaches in each of these three sectors, beginning with FinTech. Breach examples in FinTech The term 'FinTech' includes a range of organizations such as banks, no
Best Practices for Integrating ZTNA with Existing Security Infrastructure

Best Practices for Integrating ZTNA with Existing Security Infrastructure

Aug 15, 2024
Many organizations might not find it easy to integrate existing security infrastructure with zero-trust network access (ZTNA) solutions. At first glance, ZTNA bolsters the safety and flexibility of having a distributed staff. However, implementing such systems can be challenging as they may clash with older systems and existing security protocols. To begin with, security teams need to take into account the current architecture, potential friction points, and how user experience should be seamless when integrating ZTNA. Thankfully, there are rising tools and methodologies that make this process less complicated in order for companies to gain all the advantages of ZTNA without compromising their present state of security. To help you through this process smoothly without compromising your cybersecurity strategy, here are some best practices on how you can successfully implement ZTNA using your existing security infrastructure. Why should businesses implement ZTNA? Organizations cont
How to Modernize Your Microsoft 365 Data Protection Strategy to Ensure Business Continuity

How to Modernize Your Microsoft 365 Data Protection Strategy to Ensure Business Continuity

Aug 15, 2024
Safeguarding the sensitive information within your Microsoft 365 environment is more important than ever. From accidental deletion and ransomware attacks to costly compliance failures, the consequences of inadequate data protection can be severe. It's important to understand the Shared Responsibility Model. The Model explains that Microsoft secures and ensures the uptime of its infrastructure, while you're ultimately responsible for correctly configuring settings, protecting against accidental data loss, and ensuring compliance with relevant regulations. Microsoft 365 provides powerful services, but a comprehensive backup of your data is not included in a standard Microsoft 365 license. Having an effective data protection strategy and comprehensive data backups are your best defense against these invisible dangers. In today's digital era, the necessity of modernizing data protection solutions cannot be overstated. The 2024 Data Protection Trends Report revealed that 75% of org
7 Resources to Inform Your Next Hunt for Malicious Infrastructure

7 Resources to Inform Your Next Hunt for Malicious Infrastructure

Jul 16, 2024
So you're going on a threat hunt…and you want to catch a big (malicious) one. Identifying malicious infrastructure can be a particularly daunting threat-hunting objective. Attackers who are intent enough on setting up things like C2 networks, phishing sites, and impersonated domains, are also, not surprisingly, often very good at hiding their tracks with tactics ranging from the use of proprietary VPNs to compromised intermediary services. So even when malicious infrastructure is visible, source attribution can remain a thorny problem. That said, there are tools like Censys Search that can make the challenge of tracking and understanding malicious infrastructure more achievable. Consider the following user stories, how-to articles, and videos for insights you can use to inform, inspire, and even supercharge your next investigation into malicious infrastructure. 7 Resources Worth a Read (or Watch) 1. How to Identify Malicious Infrastructure: Demo Let's start with a quick video
Exploitability is the Missing Puzzle Piece of SCA (Software Composition Analysis)

Exploitability is the Missing Puzzle Piece of SCA (Software Composition Analysis)

Jul 10, 2024
Open-source libraries allow developers to move faster, leveraging existing building blocks instead of diverting resources to building in-house. By leaning on existing open-source packages, engineers can focus on complex or bespoke elements of their products, using package managers and open-source maintainers to make it easy to pull everything together.  However, you can't deny that building software using open source makes your applications more vulnerable to security risks. In an open-source library, attackers have direct access to code, and can search for current and historical vulnerabilities, as well as any issues and tickets managed on websites such as GitHub or GitLab. This helps threat actors to quickly find packages that are vulnerable and launch an attack.  This is where Software Composition Analysis (SCA) comes in, with the purpose of scanning packages and uncovering vulnerabilities. SCA compiles and manages a catalog of software packages, alongside details such as their
9 Customer Service Chatbots Ranked For Risk Exposure

9 Customer Service Chatbots Ranked For Risk Exposure

Jul 08, 2024
In today's dynamic web threat landscape, staying a step ahead of risk is crucial. Businesses want to keep improving their websites with the latest customer service experience while maintaining a strong security posture and complying with strict privacy rules. With the help of a new risk assessment tool - Exposure Rating - we have calculated the risk exposure for nine leading customer service chatbots compared against each other. For the full chatbot ratings report, click here . But first, what is an Exposure Rating risk assessment tool? Contextual Risk Assessment for the Web Exposure Rating goes beyond traditional website security solutions. It delves deeper, providing a comprehensive assessment of your web risk exposure, benchmarked against industry leaders. The rating system analyzes every website, application, and domain within your environment, giving you a clear picture of your threat landscape. But Exposure Rating is more than just a report card. It's a powerful to
Survey Reveals Compliance Professionals Seek Quality, Efficiency, Trust & Partnership

Survey Reveals Compliance Professionals Seek Quality, Efficiency, Trust & Partnership

Jun 10, 2024
Compliance professionals today are dealing with numerous challenges. At the same time, their companies face increased scrutiny and cyberthreats, and compliance teams have fewer resources and reduced headcount. It's a lot for even the most sophisticated and experienced teams to manage. As a result, compliance professionals are seeking out ways to do more with less. Sometimes the solution is utilizing technology, such as automated software tools that streamline processes or leveraging AI for greater efficiency. In other circumstances, individuals responsible for compliance are choosing an easy path to simply check the box on compliance with a flimsy, budget audit. This may be enough to get the C-suite off their back, but it leaves the company open to significant risk. Each year, A-LIGN surveys hundreds of compliance leaders to learn more about the current state of compliance and better understand the factors that impact their decisions. What are the driving forces behind their complia
The Democratization of Cyberattacks: How Billions of Unskilled Would-be Hackers Can Now Attack Your Organization

The Democratization of Cyberattacks: How Billions of Unskilled Would-be Hackers Can Now Attack Your Organization

Jun 10, 2024
Cyberattacks are already the most significant operational and financial threat to almost every type of business. Surveys of CISOs consistently reveal phishing attacks, identity security, social engineering, and the resulting data breaches and ransomware attacks are the top concerns.  These fears are well founded. Each new day brings fresh headlines of another major breach or successful ransomware attack. The Cybersecurity and Infrastructure Security Agency (CISA), an agency of the DHS reports that 90% of ransomware attacks begin with phishing. Last quarter witnessed the first individual ransomware loss that exceeded a billion dollars of damages, and a leading news media reported nine new major breaches in a single week.  What is driving this epidemic and how much worse will it get?  The answers are both simple and complex. The simple answer is that this next generation of cyberattacks is being driven by the incredible power and innovation of generative AI, while the primary defens
Leveraging AI as a Tool in Threat Management

Leveraging AI as a Tool in Threat Management

Jun 03, 2024
From the moment it hits the wire—be it MISP or Mandiant—the value and efficacy of cyber threat intelligence (CTI) begins to decay for the organizations that intend to consume it. The data that was once essential for evaluating and reducing risk becomes dated and less helpful as adversaries constantly adapt their tactics, techniques, and procedures (TTPs).  We refer to this as ' threat intelligence decay .' Meanwhile, the NCSC have reported that threat actors have begun leveraging artificial intelligence, with an expectation that they will soon be using AI to evolve and enhance existing TTPs. This advent of AI is exacerbating the challenge of threat intelligence decay. Information that was once a golden nugget of defense can quickly turn into fool's gold, leaving organizations exposed to new threats. When we look at one of the most practical applications that threat intelligence has in an organization—the threat management process—it's frightening how much these problems are co
Cybersecurity Resources