Compliance | Breaking Cybersecurity News | The Hacker News

Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn't have to be that way.  Microsegmentation: The Missing Piece in Zero Trust Security   Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no longer provide sufficient protection as attackers shift their focus to lateral movement within enterprise networks. With over 70% of successful breaches involving attackers moving laterally, organizations are rethinking how they secure internal traffic.  Microsegmentation has emerged as a key strategy in achieving Zero Trust security by restricting access to critical assets based on identity rather than network location. However, traditional microsegmentation approaches—often involving VLAN reconfigurations, agent deployments, or complex firewall rules—tend to be slow, operationally disrupt...

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn't equal being secure. As Sun Tzu warned, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Two and a half millennia later, the concept still holds: your organization's cybersecurity defenses must be strategically validated under real-world conditions to ensure your business's very survival. Today, more than ever, you need Adversarial Exposure Validation (AEV) , the essential strategy that's still missing from most security frameworks. The Danger of False Confidence Conventional wisdom suggests that if you've patched known bugs, deployed a stack of well-regarded security tools, and passed the nec...

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You're not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That's why we're excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both worlds by connecting your code insights with real-time runtime data. This means you get a clear, holistic view of your application's security. Instead of reacting to threats, ASPM helps you prevent them. Imagine reducing costly retrofits and emergency patches with a proactive, shift-left strategy—saving you time, money, and stress. Join Amir Kaushansky, Director of Product Management at Palo Alto Networks, as he walks you through how ASPM is changing the game. In this free webinar , you'll learn to: Close the Security Gaps: Understand why traditional AppSec tools fall short and how ASPM fills ...

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack user accounts. Many organizations try to secure their environment by piecing together different security tools, hoping that multiple layers of protection will keep them safe.  But in reality, this patchwork approach often creates blind spots, making it harder—not easier—to defend against threats. To truly secure Google Workspace, businesses need a unified security strategy that offers complete protection without unnecessary complexity. The problem with most security solutions is that they only solve part of the puzzle. Point solutions, like tools that block malware or phishing attacks, might work well for a specific type of threat but fail to recognize suspicious user behavior, unauthori...

The U.K.'s Information Commissioner's Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it's probing how the ByteDance-owned video-sharing service uses the personal data of children in the age range to surface recommendations and deliver suggested content to their feeds. "This is in light of growing concerns about social media and video sharing platforms using data generated by children's online activity in their recommender systems, which could lead to young people being served inappropriate or harmful content," the ICO said . Separately, the data protection regulator said it's also looking into Imgur and Reddit to see how they are using children's information and the measures they are taking to assess the age of their users and tailor content based on that criteria. The ICO ...

In today's rapidly evolving digital landscape, weak identity security isn't just a flaw—it's a major risk that can expose your business to breaches and costly downtime. Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into expensive liabilities. Join us for " Building Resilient Identity: Reducing Security Debt in 2025 " and discover smart, actionable strategies to protect your business against modern cyber threats. This webinar offers you a chance to cut through the complexity of identity security with clear, practical solutions. Our seasoned experts will show you how to detect risks early, optimize your resources, and upgrade your systems to stay ahead of emerging threats. What You'll Learn: Spot Hidden Risks: Uncover how weaknesses in identity security can lead to significant breaches and extra costs. Step-by-Step Solutions: Follo...

The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory ! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. This is not an optional requirement as non-compliance may result in monetary penalties ranging from $5,000 to $100,000. Organizations can sign up for a DMARC analyzer trial to stay ahead of PCI DSS 4.0 requirements today!  For businesses of all sizes, this is their cue to strengthen domain security and prevent the next big cyber attack. With more than 94% of organizations falling victim to phishing in 2024 , the mandate has never been more critical! Many organizations turn to email authentication management solutions like PowerDMARC to simplify implementation, monitor authentication, and ensure continuous protection. On the flip side, it also presents a golden opp...

The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services—delivering high-level cybersecurity leadership without the cost of a full-time hire. However, transitioning to vCISO services is not without its challenges. Many service providers struggle with structuring, pricing, and selling these services effectively. That's why we created the Ultimate Guide to Structuring and Selling vCISO Services .  This guide, created in collaboration with Jesse Miller, a seasoned vCISO and founder of PowerPSA Consulting, offers actionable strategies to navigate these hurdles. From identifying what to offer and whom to target, to crafting compelling sales strategies, this resource provides a comprehensive roadmap for building a successful vCISO practice. Where to Begin: What to Offer and to Whom This guide outline...

South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains accessible. The agency said it commenced its own analysis of DeepSeek right after its launch and that it "identified some shortcomings in communication functions and personal information processing policies with third-party service providers." DeepSeek is said to have recently appointed a local representative, per PIPC, with the company also acknowledging it had failed to take into consideration domestic privacy laws when launching the service.  To that end, downloads of DeepSeek are being paused until the company implements the necessary improvements that bring the service in compliance...

CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren't many resources to guide them on what their role should look like or what they should bring to these meetings.  We've pulled together a framework for security leaders to help push AI teams and committees further in their AI adoption—providing them with the necessary visibility and guardrails to succeed. Meet the CLEAR framework. If security teams want to play a pivotal role in their organization's AI journey, they should adopt the five steps of CLEAR to show immediate value to AI committees and leadership: C – Create an AI asset inventory L – Learn what users are doing E – Enforce your AI policy A – Apply AI use cases R – Reuse existing frameworks If you're looking for a solution to help take advantage of GenAI securely, check out Harmonic Security .  Alright, let's break down the CLEAR framework.  Create an AI Asset Invent...

Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this prominence has made it a prime target for cybercriminals who seek access to valuable corporate identities, applications, and sensitive data. Recently, Okta warned its customers of an increase in phishing social engineering attempts to impersonate Okta support personnel. Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with how continuous monitoring of your Okta security posture helps you avoid miscon...

As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...

Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest reports, while crucial, frequently lack the depth and detail necessary to truly assess the success of the project. Even with years of experience working with cybersecurity teams and managing ethical hacking projects, we frequently encountered these same issues. Whether collaborating with external pentest providers or managing our own projects as founders of Hackrate , we often faced difficulties in ensuring that the testing was as comprehensive as it needed to be. This realization inspired us to create HackGATE , a managed gateway solution built to bring transparency and contro...