#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Risk management | Breaking Cybersecurity News | The Hacker News

Category — Risk management
New Research: The State of Web Exposure 2025

New Research: The State of Web Exposure 2025

Jan 23, 2025 Website Security / Data Privacy
Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks—download the full report here . New research by web exposure management specialist Reflectiz reveals several alarming findings about the high number of website vulnerabilities organizations across many industries are needlessly exposing themselves to. For instance, one standout statistic from the report is that 45% of third-party applications access sensitive user information without good reason . Although third-party apps may be essential for marketing and functionality purposes, not all of them need access to the kind of personal and financial user information that cybercriminals are hunting for. It's safer to limit apps' access to it on a need-to-know basis. For the report, Reflectiz gathere...
Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs

Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs

Jan 10, 2025 vCISO / Compliance
Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers (vCISOs). While reporting is seen as a requirement for tracking cybersecurity progress, it often becomes bogged down with technical jargon, complex data, and disconnected spreadsheets that fail to resonate with decision-makers. The result? Clients who struggle to understand the value of your work and remain uncertain about their security posture. But what if reporting could be transformed into a strategic tool for aligning cybersecurity with business goals? What if your reports empowered clients, built trust, and showcased cybersecurity as a driver of business success? That's exactly the focus of Cynomi's new guide— " Taking the Pain Out of Cybersecurity Reporting: The Guide to Mastering vCISO Reports ." This resource helps vCISOs reimagine reporting as an opportunity to create value,...
Product Walkthrough: How Satori Secures Sensitive Data From Production to AI

Product Walkthrough: How Satori Secures Sensitive Data From Production to AI

Jan 20, 2025Data Security / Data Monitoring
Every week seems to bring news of another data breach, and it's no surprise why: securing sensitive data has become harder than ever. And it's not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting stricter and more elaborate.  The problem is that while the data landscape has evolved rapidly, the usual strategies for securing that data are stuck in the past. Gone are the days when data lived in predictable places, with access controlled by a chosen few. Today, practically every department in the business needs to use customer data, and AI adoption means huge datasets, and a constant flux of permissions, use cases, and tools. Security teams are struggling to implement effective strategies for securing sensitive data, and a new crop of tools, called data security platforms, have appear...
CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation

CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation

Dec 24, 2024 Vulnerability / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that could allow an attacker to ultimately execute arbitrary code on susceptible servers. Specifically, it concerns the use of static ValidationKey and DecryptionKey values in version 7.4.0.1 and prior that could be weaponized to achieve remote code execution on the server that runs the application. That said, an attacker would have to leverage some other means to obtain the keys in the first place. "These keys are used to provide security for the application ViewState," Google-owned Mandiant said in advisory for the flaw back in December 2021. "A threat actor with knowledge ...
cyber security

2024: A year of identity attacks | Get the new ebook

websitePush SecurityIdentity Security
Identity attacks were the leading cause of breaches in 2024. Learn how tooling and techniques are evolving.
Not Your Old ActiveState: Introducing our End-to-End OS Platform

Not Your Old ActiveState: Introducing our End-to-End OS Platform

Dec 18, 2024 Software Security / DevSecOps
Having been at ActiveState for nearly eight years, I've seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the developer case, helping to get open source on platforms like Windows. Over time, our focus shifted from helping companies run open source to supporting enterprises managing open source when the community wasn't producing it in the way they needed it. We began managing builds at scale, and supporting enterprises in understanding what open source they're using and if it's compliant and safe. Managing open source at scale in a large organization can be complex. To help companies overcome this and bring structure to their open source DevSecOps practice, we're unveiling our end-to-end platform to help m...
Even Great Companies Get Breached — Find Out Why and How to Stop It

Even Great Companies Get Breached — Find Out Why and How to Stop It

Dec 17, 2024 Webinar / Risk Management
Even the best companies with the most advanced tools can still get hacked. It's a frustrating reality: you've invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, what's going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticed—even in well-prepared organizations. The good news? These cracks can be found and fixed—if you know where to look. Join John Paul Cunningham, CISO at Silverfort, for a must-attend webinar that uncovers why breaches still happen and how to close the gaps in your security. John Paul will break down complex ideas into clear, actionable steps to help you protect your company. This webinar isn't about more tools—it's about seeing the risks you've missed and learning practical ways to address them before attackers take advantage. What You'll Learn: In this webinar , you'll discover: Why breaches still happen: How attackers bypass even...
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Dec 11, 2024 Vulnerability / Network Security
Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote unauthenticated attacker to gain administrative access CVE-2024-11772 (CVSS score: 9.1) - A command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to achieve remote code execution CVE-2024-11773 (CVSS score: 9.1) - An SQL injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements CVE-2024-11633 (CVSS score: 9.1) - An argument injection vulnerability in Ivanti Con...
Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

Dec 07, 2024 Enterprise Security / Threat Prevention
Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes. Manual account discovery that's time-consuming. Weak enforcement of least privilege access. Gaps that let admins bypass controls. These flaws leave critical vulnerabilities that attackers exploit daily. But it doesn't have to be this way. In our webinar, " Preventing Privilege Escalation: Effective PAS Practices for Today's Threat Landscape , " we'll show you how to secure your privileged accounts and stay ahead of threats. What you'll gain: Close Security Gaps : Learn to find and fix vulnerabilities in your privileged accounts. Actionable Insights : Discover proven PAS strategies ...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024 Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Dec 04, 2024 Risk Management / Zero Trust
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and poor access management.  Privileged accounts with access to your critical systems and sensitive data are among the most vulnerable elements in cloud setups. When mismanaged, these accounts open the doors to unauthorized access, potential malicious activity, and data breaches. That's why strong privileged access management (PAM) is indispensable. PAM plays an essential role in addressing the security challenges of complex infrastructures by enforcing strict access controls and managing the life cycle of privileged accounts. By employing PAM in hybrid and cloud environments, you're not...
How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

Dec 04, 2024 Data Protection / Regulatory Compliance
Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy generic standards that don't address their specific security challenges. Creating a password policy that works to protect your organization in the real world requires a careful balance: it must be strict enough to protect your systems, flexible enough for daily work, and precise enough to be enforced consistently. Let's explore five strategies for building a password policy that works in the real world. 1. Build compliant password practices Is your organization in a regulated industry like healthcare, government, agriculture, or financial services? If so, one of your top priorities...
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Dec 04, 2024 Vulnerability / Software Security
A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905 , has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions. IdentityIQ "allows HTTP access to static content in the IdentityIQ application directory that should be protected," according to a description of the flaw on NIST's National Vulnerability Database (NVD). The vulnerability has been characterized as a case of improper handling of file names that identify virtual resources ( CWE-66 ), which could be abused to read otherwise inaccessible files. In an alert of its own, SailPoint said it has "released e-fixes for each impacted and supported version of IdentityIQ." The exact list of versions impacted by CVE-2024-10905 is mentioned below...
A Guide to Securing AI App Development: Join This Cybersecurity Webinar

A Guide to Securing AI App Development: Join This Cybersecurity Webinar

Dec 02, 2024 AI Security / Data Protection
Artificial Intelligence (AI) is no longer a far-off dream—it's here, changing the way we live. From ordering coffee to diagnosing diseases, it's everywhere. But while you're creating the next big AI-powered app, hackers are already figuring out ways to break it. Every AI app is an opportunity—and a potential risk. The stakes are huge: data leaks, downtime, and even safety threats if security isn't built in. With AI adoption moving fast, securing your projects is no longer optional—it's a must. Join Liqian Lim, Senior Product Marketing Manager at Snyk, for an exclusive webinar that's all about securing the future of AI development. Titled " Building Tomorrow, Securely: Securing the Use of AI in App Development ," this session will arm you with the knowledge and tools to tackle the challenges of AI-powered innovation. What You'll Learn: Get AI-Ready: How to make your AI projects secure from the start. Spot Hidden Risks: Uncover threats you might not see coming. Understand the Ma...
Protecting Tomorrow's World: Shaping the Cyber-Physical Future

Protecting Tomorrow's World: Shaping the Cyber-Physical Future

Nov 29, 2024 Enterprise Security / Cloud Computing
The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025 , we explored the different factors shaping the cyber-physical future. In an insightful conversation with industry experts, we discussed the most pressing security concerns of today and how to address them. Allison J. Taylor, the founder and CEO of Thought Marketing LLC, unveiled trends and recommended strategies businesses can employ to proactively bolster their security amidst evolving cyber challenges. Cesar Salazar, COO of Claro Enterprise Solutions, delved into innovative solutions that could propel business tech forward. He emphasized cyber-physical convergence, the use of emerging technologies, and responsive security operations. Below are the key takeaways from the webinar. These provide an overview of why businesses...
Expert Insights / Articles Videos
Cybersecurity Resources