#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Cyber Insurance | Breaking Cybersecurity News | The Hacker News

Category — Cyber Insurance
Beyond Compliance: The Advantage of Year-Round Network Pen Testing

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

Nov 18, 2024 Penetration Testing / Network Security
IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here's the thing: hackers don't wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%), according to the Kaseya Cybersecurity Survey Report 2024 . Compliance-focused testing can catch vulnerabilities that exist at the exact time of testing, but it's not enough to stay ahead of attackers in a meaningful way. Why More Frequent Testing Makes Sense When companies test more often, they're not just checking a box for compliance—they're actually protecting their networks. The Kaseya survey also points out that the top drivers for network penetration testing are: Cybersecurity Control and Validation (34%) – ensuring the security controls work and vulnerabilities are minimized. Re
New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Nov 12, 2024 Cyber Attack / Cybercrime
Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said . "Threat actors leveraged an unconventional blend of memory management functions – malloc, memmove, and memcmp – to execute malicious code directly in the memory. This approach deviates from the typical sequential execution flow seen in widespread ransomware types, enhancing its stealth capabilities." Kaspersky said it observed the ransomware used in a cyber attack targeting an unnamed organization in Colombia, with the threat actors previously delivering the RustyStealer malware to gather corporate credentials. It's believed that the stolen credentials were used to gain unauthorized access to the company's n
Cyber Story Time: The Boy Who Cried "Secure!"

Cyber Story Time: The Boy Who Cried "Secure!"

Nov 21, 2024Threat Detection / Pentesting
As a relatively new security category, many security operators and executives I've met have asked us "What are these Automated Security Validation (ASV) tools?" We've covered that pretty extensively in the past, so today, instead of covering the " What is ASV?" I wanted to address the " Why ASV?" question. In this article, we'll cover some common use cases and misconceptions of how people misuse and misunderstand ASV tools daily (because that's a lot more fun). To kick things off, there's no place to start like the beginning. Automated security validation tools are designed to provide continuous, real-time assessment of an organization's cybersecurity defenses. These tools are continuous and use exploitation to validate defenses like EDR, NDR, and WAFs. They're more in-depth than vulnerability scanners because they use tactics and techniques that you'll see in manual penetration tests. Vulnerability scanners won't relay hashes or combine vulnerabilities to further attacks, whic
The ROI of Security Investments: How Cybersecurity Leaders Prove It

The ROI of Security Investments: How Cybersecurity Leaders Prove It

Nov 11, 2024 Cyber Resilience / Offensive Security
Cyber threats are intensifying, and cybersecurity has become critical to business operations. As security budgets grow, CEOs and boardrooms are demanding concrete evidence that cybersecurity initiatives deliver value beyond regulation compliance. Just like you wouldn't buy a car without knowing it was first put through a crash test, security systems must also be validated to confirm their value. There is an increasing shift towards security validation as it allows cyber practitioners to safely use real exploits in production environments to accurately assess the efficiency of their security systems and identify critical areas of exposure, at scale. We met with Shawn Baird, Associate Director of Offensive Security & Red Teaming at DTCC, to discuss how to effectively communicate the business value of his Security Validation practices and tools to his upper management. Here is a drill down into how Shawn made room for security validation platforms within his already tight budget an
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025

Sep 06, 2024 Virtual CISO / Compliance
The 2024 State of the vCISO Report continues Cynomi's tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However, service providers looking to enter the vCISO market must address challenges like technological limitations and a lack of security and compliance expertise.  For more details on the state of vCISO, read Cynomi's comprehensive report. The State of the Virtual CISO Survey Report by Global Surveyz, an independent survey company, which was commissioned by Cynomi, provides a deep understanding of the vCISO opportunities and challenges facing MSPs and MSSPs today. The report shares insights from 200 security leaders in MSPs and MSSPs that provide cybersecurity strategic services or cybersecurity con
Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024

Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024

Jun 20, 2024 Endpoint Protection / Data Security
Highlights Complex Tool Landscape : Explore the wide array of cybersecurity tools used by MSPs, highlighting the common challenge of managing multiple systems that may overlap in functionality but lack integration. Top Cybersecurity Challenges : Discuss the main challenges MSPs face, including integration issues, limited visibility across systems, and the high cost and complexity of maintaining diverse tools. Effective Solutions and Strategies : Introduce strategic approaches and solutions, such as consolidating tools into unified platforms to enhance efficiency, reduce costs, and improve overall cybersecurity management. As MSPs continue to be the backbone of IT security for numerous businesses, the array of tools at their disposal has grown exponentially. However, this abundance of options isn't without its drawbacks. The challenge isn't just in choosing the right tools but in efficiently integrating and managing them to ensure seamless security coverage and operational efficiency
Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In

Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In

Mar 19, 2024 Regulatory Compliance / Cloud Security
In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their boards.  The Strategic Importance of Cybersecurity Cybersecurity is no longer a backroom IT concern but a pivotal agenda item in boardroom discussions. The surge in cyber threats, coupled with their capacity to disrupt business operations, erode customer trust, and incur significant financial losses, underscores the strategic value of robust cybersecurity measures. Moreover, as companies increasingly integrate digital technologies into their core operations, the significance of cybersecurity in safeguarding corporate assets and reputation continues to rise. The Current State of Cybersecurity in Corpo
Getting off the Attack Surface Hamster Wheel: Identity Can Help

Getting off the Attack Surface Hamster Wheel: Identity Can Help

Jan 10, 2024 Attack Surface / Cybersecurity
IT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it.  The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify all potential entry and exit points where unauthorized access could occur. Strengthen these vulnerable points using available market tools and expertise to achieve the desired cybersecurity posture.  While conceptually straightforward, this is an incredibly tedious task that consumes the working hours of CISOs and their organizations. Both the enumeration and the fortification pose challenges: large organizations use a vast array of technologies, such as server and endpoint platforms, network devices, and business apps. Reinforcing each of these components becomes a frustrating exercise in integration with access control, logging, patching, monitoring, and more, creating a seemingly endless list of tasks.  However
Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals

Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals

Nov 21, 2023 Ransomware-as-a-service
The ransomware strain known as  Play  is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it," the cybersecurity company said in a report shared with The Hacker News. The findings are based on various Play ransomware attacks tracked by Adlumin spanning different sectors that incorporated almost identical tactics and in the same sequence. This includes the use of the public music folder (C:\...\public\music) to hide the malicious file, the same password to create high-privilege accounts, and both attacks, and the same commands. Play , also called Balloonfly and PlayCrypt, first came to light in June 2022, leveraging security flaws in Microsoft Exchange Server – i.e., 
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance

How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance

Jul 06, 2023 Penetration Testing / VAPT
As technology advances and organizations become more reliant on data, the risks associated with data breaches and cyber-attacks also increase. The introduction of data privacy laws, such as the GDPR, has made it mandatory for organizations to disclose breaches of personal data to those affected. As such, it has become essential for businesses to protect themselves from the financial and reputational costs of cyber incidents. One solution to help organizations protect themselves is cyber insurance, despite the rising costs of cyber insurance, where the average  price in the U.S. rose 79%  in the second quarter of 2022. Also, with strict eligibility requirements that have emerged in response to risk and sharp spikes in successful breaches during and post-COVID-19, cyber insurance remains essential for organizations to protect sensitive customer information and their own data from falling into the wrong hands. While cyber insurance is not a one-size-fits-all solution and may not cover
Top 10 Cybersecurity Trends for 2023: From Zero Trust to Cyber Insurance

Top 10 Cybersecurity Trends for 2023: From Zero Trust to Cyber Insurance

Apr 10, 2023 Cybersecurity / Cyber Threats
As technology advances, cyberattacks are becoming more sophisticated. With the increasing use of technology in our daily lives, cybercrime is on the rise, as evidenced by the fact that cyberattacks caused  92% of all data breaches  in the first quarter of 2022. Staying current with cybersecurity trends and laws is crucial to combat these threats, which can significantly impact business development.  In 2023, the cybersecurity market is expected to see new trends, and businesses must be adequately prepared for any developments. Andrey Slastenov, Head of Web Security at Gcore, shares his insights on these trends in this article. 1 —  Application security As businesses shifted online to stay afloat during the pandemic, the forecast for application security spending is projected to surpass $7.5 billion, according to  Statista . Source However, every application might be susceptible to hacking, zero-day attacks, and identity theft. Ensuring application security demands professionals w
Webinar: Learn How to Comply with New Cyber Insurance Identity Security Requirements

Webinar: Learn How to Comply with New Cyber Insurance Identity Security Requirements

Feb 09, 2023 Identity Protection / Cyber Insurance
Have you ever stopped to think about the potential consequences of a cyberattack on your organization? It's getting more intense and destructive every day, and organizations are feeling the heat. That's why more and more businesses are turning to  cyber insurance  to find some much-needed peace of mind. Imagine, in the unfortunate event of a successful security breach or ransomware attack, the right policy can help minimize liability and contain losses. However, skyrocketing claims in 2020 sent shockwaves through the insurance industry, forcing insurance providers to reinvent the criteria for acquiring or renewing cyber insurance. As a result, businesses are now navigating a dramatically altered terrain where they must prove their ability to defend against ransomware attacks. This includes implementing a wide range of robust security measures, particularly around identity protection requirements such as MFA coverage and service account protection. The new identity protectio
Tackling the New Cyber Insurance Requirements: Can Your Organization Comply?

Tackling the New Cyber Insurance Requirements: Can Your Organization Comply?

Feb 07, 2023 Identity Protection / Cyber Insurance
With cyberattacks around the world escalating rapidly, insurance companies are ramping up the requirements to qualify for a cyber insurance policy.  Ransomware attacks were up 80% last year , prompting underwriters to put in place a number of new provisions designed to prevent ransomware and stem the record number of claims. Among these are a mandate to enforce multi-factor authentication (MFA) across all admin access in a network environment as well as protect all privileged accounts, specifically machine-to-machine connections known as service accounts.  But identifying MFA and privileged account protection gaps within an environment can be extremely challenging for organizations, as there is no utility among the most commonly used security and identity products that can actually provide this visibility. In this article, we'll explore these identity protection challenges and suggest steps organizations can take to overcome them, including signing up for a  free identity risk a
Expert Insights / Articles Videos
Cybersecurity Resources