#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Advanced Threat Protection | Breaking Cybersecurity News | The Hacker News

Category — Advanced Threat Protection
Anatomy of an Attack

Anatomy of an Attack

Aug 20, 2024 Threat Detection / Incident Response
In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using the infamous Log4Shell vulnerability as an example, and demonstrates how Application Detection and Response (ADR) technology effectively safeguards against such zero-day threats. View the Contrast ADR white paper The anatomy of a modern application attack: Log4Shell To illustrate the complexity and severity of modern application attacks, let's examine an attack against the infamous Log4Shell vulnerability ( CVE-2021-44228 ) that sent shockwaves through the cybersecurity world in late 2021. This attack is a prime example of attack chaining, leveraging JNDI Injection, Expression Language (EL) Injection and Command Injection. Technology note : The CVE program catalogs, which publicly...
Cynet Takes Cyber Threat Protection Automation to the Next Level with Incident Engine

Cynet Takes Cyber Threat Protection Automation to the Next Level with Incident Engine

Sep 09, 2020
We have all heard of the "cybersecurity skills gap" — firms' inability to hire and retain high-level cybersecurity talent. I see this gap manifesting in two ways. First, companies that want to hire cybersecurity talent simply cannot find candidates with sufficient skills. Second, companies that cannot afford specialized cybersecurity talent and therefore lack the necessary skills to adequately protect their organizations from the growing and increasingly sophisticated cyber threats. Both of these are real problems, and both can lead to devastating consequences. It's also fair to say that most cybersecurity teams today are overworked and understaffed. One of the primary reasons we need such high-level cybersecurity skills lies in the shortcomings of cybersecurity technologies. Due to the changing and increasingly sophisticated stream of attack techniques, the breadth and depth of cybersecurity defensive technologies used to combat these threats and protect org...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Download Guide — Advanced Threat Protection Beyond the AV

Download Guide — Advanced Threat Protection Beyond the AV

Mar 03, 2020
At a certain point, almost every organization reaches the conclusion that there is a need to move past just the standard AV and firewall stack in order to soundly protect their environment. The common practice in recent years is to gain extra protection through implementing either EDR\EPP solutions (represented by vendors like Crowdstrike and Carbon Black) or Network Traffic Analysis/NDR solutions (such as Darktrace and Vectra Networks). Fortune 500 companies who have large security teams, would usually choose to buy and implement both. A recently published guide, 'Advanced Threat Protection Beyond the AV' ( download here ) is the first resource that not only guides security executives through the pros and cons of each solution type but also outlines a best-practice approach that allows the "non-Fortune 500" companies to combine the advantages of both approaches – without actually buying both. The proliferation of advanced threats in the decade has gradually ...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

Jan 10, 2019
Security researchers have been warning about a simple technique that cybercriminals and email scammers are already being using in the wild to bypass security features of Microsoft Office 365, including Safe Links, which are originally designed to protect users from malware and phishing attacks. Safe Links has been included by Microsoft in Office 365 as part of its ATP (Advanced Threat Protection) solution that works by replacing all URLs in an incoming email with Microsoft-owned secure URLs. Therefore, every time users click on a link provided in an email, Safe Links first sends them to a Microsoft owned domain, where it immediately checks the original link for anything suspicious. If Microsoft's security scanners detect any malicious element, it then warns the users about it, and if not, it redirects them to the original link. However, researchers at the cloud security company Avanan have revealed how attackers have been bypassing both Office 365's URL reputation check a...
Expert Insights / Articles Videos
Cybersecurity Resources