#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

OPSWAT | Breaking Cybersecurity News | The Hacker News

Demystifying a Common Cybersecurity Myth

Demystifying a Common Cybersecurity Myth

Mar 13, 2024 App Security / Cyber Security
One of the most common misconceptions in file upload cybersecurity is that certain tools are "enough" on their own—this is simply not the case. In our latest  whitepaper  OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today's ever-evolving file upload security landscape, and a big part of that is understanding where the pitfalls are, and how to avoid them. The first step in that process is understanding that three commonly used tools or solutions are not enough on their own. Let's explore this concept and take a closer look at a better solution. Understanding the Challenge Modern web applications are complex, utilizing internet-connected IT systems that interface with critical OT systems, as well as leveraging a wide range of cloud providers and protocols. All these systems transfer and store highly sensitive and valuable data across government, healthcare, power, financial, and other critical sectors the world over,
Confidence in File Upload Security is Alarmingly Low. Why?

Confidence in File Upload Security is Alarmingly Low. Why?

Nov 07, 2023 Web Security / Cyber Threat
Numerous industries—including technology, financial services, energy, healthcare, and government—are rushing to incorporate cloud-based and containerized web applications.  The benefits are undeniable; however, this shift presents new security challenges.  OPSWAT's 2023 Web Application Security report  reveals: 75% of organizations have modernized their infrastructure this year. 78% have increased their security budgets. Yet just 2% are confident in their security posture. Let's explore why confidence in security lags infrastructure upgrades and how OPSWAT closes that gap. Evolving Infrastructure Outpaces Security Upgrades. The pace of security upgrades struggles to keep up with technological advancements. This gap is especially visible in file upload security. Companies are updating their infrastructure by embracing distributed, scalable applications that leverage microservices and cloud solutions—creating new avenues of attack for criminals. Cloud Hosting  Businesse
New Webinar: 5 Must-Know Trends Impacting AppSec

New Webinar: 5 Must-Know Trends Impacting AppSec

Oct 30, 2023 Webinar / Web App Security
Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other persistent threats. We surveyed organizations responsible for securing critical web applications used by healthcare, financial services, technology, and other critical infrastructure verticals to learn how they tackle the most destructive threats and summarized our findings in the OPSWAT 2023 State of Web Application Security Report. The survey report revealed that: 97% of organizations use or will deploy containers in their web hosting environments. 75% use cloud storage access solutions and want to prevent malware, secure sensitive data, and mitigate security compliance risks. 94% c
cyber security

Guide: Secure Your Privileged Access with Our Expert-Approved Template

websiteDelineaIT Security / Access Control Security
Transform your Privileged Access Management with our Policy Template—over 40 expertly crafted statements to elevate compliance and streamline your security.
A SaaS Security Challenge: Getting Permissions All in One Place

A SaaS Security Challenge: Getting Permissions All in One Place 

May 08, 2024Attack Surface / SaaS Security
Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user's base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of that are custom permissions required by an individual user.  For example, look at a sales rep who is involved in a tiger team investigating churn while also training two new employees. The sales rep's role would grant her one set of permissions to access prospect data, while the tiger team project would grant access to existing customer data. Meanwhile, special permissions are set up, providing the sales rep with visibility into the accounts of the two new employees. While these permissions are precise, however, they are also very complex. Application admins don't have a single screen within these applications th
Expert Insights
Cybersecurity Resources