#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News

The Hacker News | Expert Insights — Index Page

How Confident Are You That Your Critical SaaS Applications Are Secure? 

How Confident Are You That Your Critical SaaS Applications Are Secure? 

Sept 01, 2024
Software-as-a-service (SaaS) applications have become the backbone of many modern businesses. With the myriad of functionalities they offer, they maximize collaboration, agility, scalability, and ultimately, profits. So it's no wonder that companies rely on an incredible hundreds of apps today, up from dozens just a few years ago. But this rapid adoption has introduced brand-new vulnerabilities and elusive blind spots. 2024 saw many attacks originating from SaaS apps including those perpetrated by nation states . And the headlines about SaaS app attacks seem to be getting more ominous if that is even possible. The culprits behind the attacks come from outsiders, insiders, third parties, and even unintentional human errors or negligence. The need to address this snowballing trend has reached a critical point. Given the scale and speed of app development and adoption, we are creating a larger attack surface for increasingly capable adversaries every day. In such a high-stakes environm...
Achieving Data Resilience in Microsoft 365

Achieving Data Resilience in Microsoft 365

Sept 01, 2024
In our current tech landscape, dealing with cybersecurity incidents like ransomware and other disasters is unavoidable. To keep your business running, you need to be able to take disruptions and cyberattacks in stride. This means being able to not just bounce back from an outage or data loss situation — but bounce forward each time. This is at the heart of data resilience. Read on to learn more about how to keep your organization moving forward, no matter what comes your way. Stay Ahead of the Curve As cybersecurity threats and ransomware attacks continue to increase and evolve, it's critical that you stay ahead of the curve when it comes to keeping up with cybersecurity trends. Cyber threats are evolving quickly into more sinister and dangerous variants, and they won't wait for your defenses to catch up. Some of the top cybersecurity and data protection trends this year include using zero trust principles like multi-factor authentication (MFA) systems, passkeys, and password-less...
FinTech, Healthcare & SaaS Need Non-Human Identity Management More Than Ever Before

FinTech, Healthcare & SaaS Need Non-Human Identity Management More Than Ever Before

Sept 01, 2024
Though every organization is susceptible to data breaches, those in FinTech, Healthcare, and SaaS are particularly vulnerable to attacks due to the high volume of data they possess. It's all the more necessary for these organizations to secure their digital estate end-to-end. Identity & access management (IAM), authorization policies, and observability tools are required to enforce security. But with the proliferation of microservices, distributed architectures, numerous vendor and partner integrations, as well as open-source components, the digital supply chain has become more vast and complex than ever. This requires a purpose-built security solution that addresses the new needs of organizations in these sectors, to which Non-human identity management has risen to meet. Let's dive deeper, by looking at recent data breaches in each of these three sectors, beginning with FinTech. Breach examples in FinTech The term 'FinTech' includes a range of organizations such as banks, no...
Best Practices for Integrating ZTNA with Existing Security Infrastructure

Best Practices for Integrating ZTNA with Existing Security Infrastructure

Aug 15, 2024
Many organizations might not find it easy to integrate existing security infrastructure with zero-trust network access (ZTNA) solutions. At first glance, ZTNA bolsters the safety and flexibility of having a distributed staff. However, implementing such systems can be challenging as they may clash with older systems and existing security protocols. To begin with, security teams need to take into account the current architecture, potential friction points, and how user experience should be seamless when integrating ZTNA. Thankfully, there are rising tools and methodologies that make this process less complicated in order for companies to gain all the advantages of ZTNA without compromising their present state of security. To help you through this process smoothly without compromising your cybersecurity strategy, here are some best practices on how you can successfully implement ZTNA using your existing security infrastructure. Why should businesses implement ZTNA? Organizations cont...
How to Modernize Your Microsoft 365 Data Protection Strategy to Ensure Business Continuity

How to Modernize Your Microsoft 365 Data Protection Strategy to Ensure Business Continuity

Aug 15, 2024
Safeguarding the sensitive information within your Microsoft 365 environment is more important than ever. From accidental deletion and ransomware attacks to costly compliance failures, the consequences of inadequate data protection can be severe. It's important to understand the Shared Responsibility Model. The Model explains that Microsoft secures and ensures the uptime of its infrastructure, while you're ultimately responsible for correctly configuring settings, protecting against accidental data loss, and ensuring compliance with relevant regulations. Microsoft 365 provides powerful services, but a comprehensive backup of your data is not included in a standard Microsoft 365 license. Having an effective data protection strategy and comprehensive data backups are your best defense against these invisible dangers. In today's digital era, the necessity of modernizing data protection solutions cannot be overstated. The 2024 Data Protection Trends Report revealed that 75% of org...
7 Resources to Inform Your Next Hunt for Malicious Infrastructure

7 Resources to Inform Your Next Hunt for Malicious Infrastructure

Jul 16, 2024
So you're going on a threat hunt…and you want to catch a big (malicious) one. Identifying malicious infrastructure can be a particularly daunting threat-hunting objective. Attackers who are intent enough on setting up things like C2 networks, phishing sites, and impersonated domains, are also, not surprisingly, often very good at hiding their tracks with tactics ranging from the use of proprietary VPNs to compromised intermediary services. So even when malicious infrastructure is visible, source attribution can remain a thorny problem. That said, there are tools like Censys Search that can make the challenge of tracking and understanding malicious infrastructure more achievable. Consider the following user stories, how-to articles, and videos for insights you can use to inform, inspire, and even supercharge your next investigation into malicious infrastructure. 7 Resources Worth a Read (or Watch) 1. How to Identify Malicious Infrastructure: Demo Let's start with a quick video ...
Exploitability is the Missing Puzzle Piece of SCA (Software Composition Analysis)

Exploitability is the Missing Puzzle Piece of SCA (Software Composition Analysis)

Jul 10, 2024
Open-source libraries allow developers to move faster, leveraging existing building blocks instead of diverting resources to building in-house. By leaning on existing open-source packages, engineers can focus on complex or bespoke elements of their products, using package managers and open-source maintainers to make it easy to pull everything together.  However, you can't deny that building software using open source makes your applications more vulnerable to security risks. In an open-source library, attackers have direct access to code, and can search for current and historical vulnerabilities, as well as any issues and tickets managed on websites such as GitHub or GitLab. This helps threat actors to quickly find packages that are vulnerable and launch an attack.  This is where Software Composition Analysis (SCA) comes in, with the purpose of scanning packages and uncovering vulnerabilities. SCA compiles and manages a catalog of software packages, alongside details such ...
9 Customer Service Chatbots Ranked For Risk Exposure

9 Customer Service Chatbots Ranked For Risk Exposure

Jul 08, 2024
In today's dynamic web threat landscape, staying a step ahead of risk is crucial. Businesses want to keep improving their websites with the latest customer service experience while maintaining a strong security posture and complying with strict privacy rules. With the help of a new risk assessment tool - Exposure Rating - we have calculated the risk exposure for nine leading customer service chatbots compared against each other. For the full chatbot ratings report, click here . But first, what is an Exposure Rating risk assessment tool? Contextual Risk Assessment for the Web Exposure Rating goes beyond traditional website security solutions. It delves deeper, providing a comprehensive assessment of your web risk exposure, benchmarked against industry leaders. The rating system analyzes every website, application, and domain within your environment, giving you a clear picture of your threat landscape. But Exposure Rating is more than just a report card. It's a powerful to...
Survey Reveals Compliance Professionals Seek Quality, Efficiency, Trust & Partnership

Survey Reveals Compliance Professionals Seek Quality, Efficiency, Trust & Partnership

Jun 10, 2024
Compliance professionals today are dealing with numerous challenges. At the same time, their companies face increased scrutiny and cyberthreats, and compliance teams have fewer resources and reduced headcount. It's a lot for even the most sophisticated and experienced teams to manage. As a result, compliance professionals are seeking out ways to do more with less. Sometimes the solution is utilizing technology, such as automated software tools that streamline processes or leveraging AI for greater efficiency. In other circumstances, individuals responsible for compliance are choosing an easy path to simply check the box on compliance with a flimsy, budget audit. This may be enough to get the C-suite off their back, but it leaves the company open to significant risk. Each year, A-LIGN surveys hundreds of compliance leaders to learn more about the current state of compliance and better understand the factors that impact their decisions. What are the driving forces behind their complia...
Cybersecurity Resources