#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Risk Mitigation | Breaking Cybersecurity News | The Hacker News

Category — Risk Mitigation
NHIs Are the Future of Cybersecurity: Meet NHIDR

NHIs Are the Future of Cybersecurity: Meet NHIDR

Nov 20, 2024 Identity Security / Cyber Defense
The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take months to detect and contain such breaches, rapid detection and response can stop an attack in its tracks. The Rise of Non-Human Identities in Cybersecurity By 2025, non-human identities will rise to be the primary attack vector in cybersecurity. As businesses increasingly automate processes and adopt AI and IoT technologies, the number of NHIs grows exponentially. While these systems drive efficiency, they also create an expanded attack surface for cybercriminals. NHIs differ fundamentally from human users, making traditional security tools like multi-factor authentication and user behavior...
HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities

HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities

Nov 11, 2024 Vulnerability / Risk Mitigation
Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10 - AOS-10.4.x.x: 10.4.1.4 and below Instant AOS-8.12.x.x: 8.12.0.2 and below Instant AOS-8.10.x.x: 8.10.0.13 and below The most severe among the six newly patched vulnerabilities are CVE-2024-42509 (CVSS score: 9.8) and CVE-2024-47460 (CVSS score: 9.0), two critical unauthenticated command injection flaws in the CLI Service that could result in the execution of arbitrary code. "Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211)," HPE said in an advisory for both the flaws. "Successful exp...
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Dec 04, 2024Risk Management / Zero Trust
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and poor access management.  Privileged accounts with access to your critical systems and sensitive data are among the most vulnerable elements in cloud setups. When mismanaged, these accounts open the doors to unauthorized access, potential malicious activity, and data breaches. That's why strong privileged access management (PAM) is indispensable. PAM plays an essential role in addressing the security challenges of complex infrastructures by enforcing strict access controls and managing the life cycle of privileged accounts. By employing PAM in hybrid and cloud environments, you're not...
Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models

Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models

Oct 23, 2024 Artificial Intelligence / Vulnerability
Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models (LLMs) during the course of an interactive conversation by sneaking in an undesirable instruction between benign ones. The approach has been codenamed Deceptive Delight by Palo Alto Networks Unit 42, which described it as both simple and effective, achieving an average attack success rate (ASR) of 64.6% within three interaction turns. "Deceptive Delight is a multi-turn technique that engages large language models (LLM) in an interactive conversation, gradually bypassing their safety guardrails and eliciting them to generate unsafe or harmful content," Unit 42's Jay Chen and Royce Lu said. It's also a little different from multi-turn jailbreak (aka many-shot jailbreak) methods like Crescendo , wherein unsafe or restricted topics are sandwiched between innocuous instructions, as opposed to gradually leading the model to produce harmful outpu...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Blueprint for Success: Implementing a CTEM Operation

Blueprint for Success: Implementing a CTEM Operation

Jul 05, 2024 Cloud Security / Attack Surface
The attack surface isn't what it once was and it's becoming a nightmare to protect. A constantly expanding and evolving attack surface means risk to the business has skyrocketed and current security measures are struggling to keep it protected. If you've clicked on this article, there's a good chance you're looking for solutions to manage this risk. In 2022, a new framework was coined by Gartner to address these challenges - Continuous Threat Exposure Management (CTEM). Since then, putting this framework into action has become a priority across many organizations for the profound improvement it is expected to make toward maintaining a high level of security readiness and resilience.  "By 2026 organizations that prioritize their security investments based on a continuous exposure management program will be three times less likely to suffer a breach." Gartner, "How to Manage Cybersecurity Threats, Not Episodes," August 21, 2023 CTEM provides a continuous and comprehensive view of...
SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

May 13, 2024 Threat Detection / SoC / SIEM
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts are overwhelmed with alerts. The knock-on effect of this is that fatigued analysts are at risk of missing key details in incidents, and often conduct time-consuming triaging tasks manually only to end up copying and pasting a generic closing comment into a false positive alert.  It is likely that there will always be false positives. And many would argue that a false positive is better than a false negative. But for proactive actions to be made, we must move closer to the heart of an incident. That requires diving into how analysts conduct the triage and investigation process. SHQ R...
Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

Apr 10, 2024 Webinar / Identity Security
We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems? Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think. Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers exploit these weaknesses to steal login information, gain sneaky access, and move around your systems unnoticed, whether they're in the cloud or on-site. This upcoming webinar,  " Today's Top 4 Identity Security Threat Exposures: Are You Vulnerable? "  isn't just for tech experts—it's about protecting your business.  We'll use real-world examples and insights from Silverfort's latest report to show you the hidden dangers of ITEs. You'll learn about: The Top 4 Identity Threats You Might Be Overlooking:  We'll name them and explain why they're ...
Human vs. Non-Human Identity in SaaS

Human vs. Non-Human Identity in SaaS

Mar 07, 2024 Identity Management / Threat Detection
In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more.  Not surprisingly, security efforts have mainly been human-centric. Configuration options include tools like MFA and SSO for human authentication. Role-based access control (RBAC) limits the level of access; password complexity guidelines block unauthorized humans from accessing the application. Yet, in the world of SaaS, there is no shortage of access granted to non-human actors, or in other words, 3rd party connected apps.  Service accounts, OAuth authorizations, and API keys are just a few of the non-human identities that require SaaS access. When viewed through the lens of the application, no...
How Businesses Can Safeguard Their Communication Channels Against Hackers

How Businesses Can Safeguard Their Communication Channels Against Hackers

Feb 17, 2024 Cybersecurity / Risk Mitigation
Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer experience and higher satisfaction.  However, business communication channels are also a major target for cybercriminals. In recent years, especially since the pandemic, the number of cyberattacks has skyrocketed.  Statistics show  that last year alone, the number of hacks shot up by 38%. Worse, it still takes a business 277 days on average to identify a breach, causing a loss of $4.35 on average. So, how can businesses safeguard their communication channels against hackers, while still providing the best possible experience for customers and maintaining team productivity? Here's everything you need to know – and which  mistakes you need to avoid . Use Secure Platforms  ...
Expert Insights / Articles Videos
Cybersecurity Resources