#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Endpoint detection | Breaking Cybersecurity News | The Hacker News

Webinar and eBook: The Dark Side of EDR. Are You Prepared?

Webinar and eBook: The Dark Side of EDR. Are You Prepared?

Nov 24, 2021
Endpoint Detection and Response (EDR) platforms have received incredible attention as the platform for security teams. Whether you're evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need to be aware of the gaps prior already to implementation so you can best prepare how to close the gaps. It's important to understand that each company is unique, and an EDR that a large company uses might not necessarily be the technology that works best when you are leading a small security team, even if you're within the same industry vertical. Understanding your threat detection technology requirements based on your unique company characteristics will help you choose the right one.  The eBook and webinar "The Dark Side of EDR. Are You Prepared?" helps you in that requirement definition process. It points out the dark side(s) of EDR and provides guidance as to how to overcome them according to your company'
Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

Apr 21, 2020
A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure. The affected premium product in question is IBM Data Risk Manager (IDRM) that has been designed to analyze sensitive business information assets of an organization and determine associated risks. According to Pedro Ribeiro from Agile Information Security firm, IBM Data Risk Manager contains three critical severity vulnerabilities and a high impact bug, all listed below, which can be exploited by an unauthenticated attacker reachable over the network, and when chained together could also lead to remote code execution as root. Authentication Bypass Command Injection Insecure Default Password Arbitrary File Download Ribeiro successfully tested the flaws against IBM Data Risk Manager version 2.0.1 to 2.0.3, which is not the la
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
How to Provide Remote Incident Response During the Coronavirus Times

How to Provide Remote Incident Response During the Coronavirus Times

Mar 24, 2020
While the Coronavirus pandemic continues to strike chaos across the global economies, threat actors keep on launching cyberattacks on organizations from all sizes and verticals. IR providers face a unique challenge when approached by these organizations since, due to the Coronavirus mass quarantine, conducting incident response engagements by arriving physically to the customers' offices is impossible. Cynet 360, a tool of choice for a number of IR providers (offered to IR providers for free), enables responders to compensate on the lack of physical access with the ability to conduct a full IR operation remotely ( learn more here ) by seamless and rapid remote deployment, complete visibility into the attacked organization's environment, automated threat detection, and integrated MDR services. Attackers always seek easy opportunities, and it's no wonder many threat actors take advantage of the current mayhem of the Coronavirus pandemic to increase their attacks'
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Download Guide — Advanced Threat Protection Beyond the AV

Download Guide — Advanced Threat Protection Beyond the AV

Mar 03, 2020
At a certain point, almost every organization reaches the conclusion that there is a need to move past just the standard AV and firewall stack in order to soundly protect their environment. The common practice in recent years is to gain extra protection through implementing either EDR\EPP solutions (represented by vendors like Crowdstrike and Carbon Black) or Network Traffic Analysis/NDR solutions (such as Darktrace and Vectra Networks). Fortune 500 companies who have large security teams, would usually choose to buy and implement both. A recently published guide, 'Advanced Threat Protection Beyond the AV' ( download here ) is the first resource that not only guides security executives through the pros and cons of each solution type but also outlines a best-practice approach that allows the "non-Fortune 500" companies to combine the advantages of both approaches – without actually buying both. The proliferation of advanced threats in the decade has gradually
Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus

Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus

Dec 10, 2019
Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection. Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services without loading most of the third-party startup programs, including antivirus software. Snatch has been active since at least the summer of 2018, but SophosLabs researchers spotted the Safe Mode enhancement to this ransomware strain only in recent cyber attacks against various entities they investigated. "SophosLabs researchers have been investigating an ongoing series of ransomware attacks in which the ransomware executable forces the Windows machine to reboot into Safe Mode before beginning the encryption process," the researchers say . "The ransomware, which calls it
How Endpoint Management Can Keep Workplace IT Secure

How Endpoint Management Can Keep Workplace IT Secure

Apr 01, 2019
Workplaces have become highly connected. Even a small business could have dozens of devices in the form of desktops, mobile devices, routers, and even smart appliances as part of its IT infrastructure. Unfortunately, each of these endpoints can now be a weak link that hackers could exploit. Hackers constantly probe networks for vulnerable endpoints to breach. For example, systems and applications that are configured using recycled user names and passwords can easily be hacked given the availability of leaked credentials online. Password management service LastPass noted that 59% of users use the same password for multiple accounts. Malware and malicious processes may also target workstations. Cybersecurity firm Symantec found a 1,000 percent increase in PowerShell script attacks in 2018. These attacks use cleverly disguised malicious processes that appear legitimate at a cursory glance. This is why IT security career is fast evolving into a huge market. However, because o
Learn How XDR Can Take Breach Protection Beyond Endpoint Security

Learn How XDR Can Take Breach Protection Beyond Endpoint Security

Feb 19, 2019
How do you know whether an attacker has infiltrated your network? Can you really rely on an Endpoint Detection and Response (EDR) solution to be your go-to technology for identifying security breaches? Endpoint detection and response (EDR) platform has been an important technology to detect cybersecurity incidents, but it provides only the view of endpoints, just a portion of the big picture. Since hackers can explore and exploit anything within reach, not just a few monitored endpoints, many security professionals are reaching the realization that the actual attack surface of their organizations is significantly wider than only endpoints. In an ideal and more effective approach to security, a broader set of attack vectors and activity data should be examined to get a more complete view of the attack operation. On top of the endpoint, security solutions must also include cloud, threat intelligence, network data, and logging information, among others. If you haven't already,
Cybersecurity Resources