Pentera | Breaking Cybersecurity News | The Hacker News

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Cybersecurity researchers have discovered a set of 11 living-off-the-land binaries-and-scripts ( LOLBAS ) that could be maliciously abused by threat actors to conduct post-exploitation activities.  "LOLBAS is an attack method that uses binaries and scripts that are already part of the system for malicious purposes," Pentera security researcher Nir Chako  said . "This makes it hard for security teams to distinguish between legitimate and malicious activities, since they are all performed by trusted system utilities." To that end, the Israeli cybersecurity company said it uncovered nine LOLBAS downloaders and three executors that could enable adversaries to download and execute "more robust malware" on infected hosts. This includes: MsoHtmEd.exe, Mspub.exe, ProtocolHandler.exe, ConfigSecurityPolicy.exe, InstallUtil.exe, Mshta.exe, Presentationhost.exe, Outlook.exe, MSAccess.exe, scp.exe, and sftp.exe.  "In a complete attack chain, a hacker will us

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts. This digital transformation of the factory floor has accelerated the connection of machinery to digital systems and data. Computer systems for managing and monitoring digital systems and data have been added to the hardware and software used for managing and monitoring industrial devices and machines, connecting OT to IT. Such connectivity enhances productivity, reduces operational costs and speeds up processes. However, this convergence has also increased organizations' security risk, making manufacturers more susceptible to attacks. In fact, in 2022 alone, there were 2,337 security breaches of manufacturing systems, 338 with confirmed data disclosure (Verizon, 2022 DBIR Report).  Ransomware: A Growing Threat for Manufacturers The nature of attacks has also changed. In the past, attackers may have been espionage-driven, targeting

If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy while you're away? More importantly – do you have the right action plan in place for a seamless return? Whether you're on the way out of – or back to – the office, our Security Validation Checklist can help make sure your security posture is in good shape. 1. Check the logs and security events of your key critical systems . Stay up-to-date on recent activities. Check for changes – and attempted changes – and any potential indicators of compromise. Planning to be gone for longer than a week? Designate a team member to perform a weekly review in your absence, reducing the chances of a critical event going undetected. 2. Check for any new security vulnerabilities that were identified on your vacation . Use your preferred scanning tool or check one of the regularly updated databases, such as  CVE Details . 3. Investigate failures o

The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread use of mobile banking apps, chat-based customer service, and other digital tools.  Adobe's 2022 FIS Trends Report ,  for instance, found that more than half of the financial services and insurance firms surveyed experienced a notable increase in digital/mobile visitors in the first half of 2020. The same report found that four out of ten financial executives say that digital and mobile channels account for more than half of their sales – a trend that's only expected to continue in the next few years. As financial institutions expand their digital footprint, they have more opportunities to better serve their customers – but are also more exposed to security threats. Every new tool increases the attack surface. A higher number of potential security gaps, may potentially lead to a higher number of security breaches. According to the  Cisco CI