#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Threat Assessment | Breaking Cybersecurity News | The Hacker News

How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)

How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)

Feb 19, 2024 Network Detection and Response
Did you know that Network Detection and Response (NDR) has become the most effective technology to detect cyber threats? In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false alerts and efficient threat response. Are you aware of  Network Detection and Response (NDR)  and how it's become the most effective technology to detect cyber threats?  NDR massively upgrades your security through risk-based alerting, prioritizing alerts based on the potential risk to your organization's systems and data. How? Well, NDR's real-time analysis, machine learning, and threat intelligence provide immediate detection, reducing alert fatigue and enabling better decision-making. In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false positives and efficient threat response. Why Use Risk-Based Alerting? Risk-based alerting is an approach where security alerts and responses are prioritized based on the level of risk they pose to an organization's system
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections

New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections

Jan 01, 2024 Windows Security / Vulnerability
Security researchers have detailed a new variant of a dynamic link library ( DLL ) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach "leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL search order hijacking technique," cybersecurity firm Security Joes  said  in a new report exclusively shared with The Hacker News. In doing so, it allows adversaries to eliminate the need for elevated privileges when attempting to run nefarious code on a compromised machine as well as introduce potentially vulnerable binaries into the attack chain, as  observed   in the   past . DLL search order hijacking , as the name implies, involves  gaming the search order  used to load DLLs in order to execute malicious payloads for purposes of defense evasion, persistence, and privilege escal
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia

Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia

Oct 24, 2023 Cyber Espionage / Data Safety
A former employee of the U.S. National Security Agency (NSA) has pleaded guilty to charges accusing him of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke, 31, served as an Information Systems Security Designer for the NSA from June 6, 2022, to July 1, 2022, where he had Top Secret clearance to access sensitive documents. The latest development  comes more than a year  after his arrest. "Dalke admitted that between August and September 2022, in order to demonstrate both his 'legitimate access and willingness to share,' he used an encrypted email account to transmit excerpts of three classified documents to an individual he believed to be a Russian agent," the U.S. Department of Justice (DoJ)  said  in a Monday press release. In reality, the purported agent was an online covert employee working for the U.S. Federal Bureau of Investigation (FBI). Dalke, a former U.S. Army soldier, is also alleged to have requested $85,000 in e
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
How Cyberattacks Are Transforming Warfare

How Cyberattacks Are Transforming Warfare

Sep 13, 2023 Cyberwarfare / Threat Assessment
There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in 2007, when Estonia was hit by hackers targeting its government and commercial sector, has evolved into cyber warfare that is being waged constantly worldwide. Today, cyberattacks have become the norm, transforming how we think about war and international conflict as a whole.  From the 2009 South Korea DDoS attacks to the 2010 attacks on Burma and the 2016 US election interference attacks on the Democratic National Committee, the list of historical cyberwarfare incidents continues to expand. The main players? Nation-state-supported cybercriminal groups and organizations linked to Russia, North Korea, China, and several countries in the Middle East. This report dives into three top cyberwarfare trends in an effort to understand their impact. Russia: The Cyber Invasion of Ukraine  On August 31, 2023, Five Eyes Agency — an intelligence alliance network composed of agencie
Why You Need Continuous Network Monitoring?

Why You Need Continuous Network Monitoring?

Aug 17, 2023 Network Security / Pentesting
Changes in the way we work have had significant implications for cybersecurity, not least in network monitoring. Workers no longer sit safely side-by-side on a corporate network, dev teams constantly spin up and tear down systems, exposing services to the internet. Keeping track of these users, changes and services is difficult – internet-facing attack surfaces rarely stay the same for long. But a secure working network is the backbone of every modern business, and with so many different attack vectors and entry points, relying on firewalls and point-in-time scanning is no longer enough. You need to understand how your firewalls are being changed in real-time, with real-world validation of how they're configured. You need continuous network monitoring. What needs protecting in your network? There is so much sprawl in today's corporate networks with remote working, cloud computing and third-party integrations, that it's no longer just the devices or systems that you have in your off
Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning

Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning

Jun 16, 2022
For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in value, each bringing its own strengths to bear. However, with remote working now the norm in most if not all workplaces, it feels a lot more like agent-based scanning is a must, while network-based scanning is an optional extra. This article will go in-depth on the strengths and weaknesses of each approach, but let's wind it back a second for those who aren't sure why they should even do internal scanning in the first place. Why should you perform internal vulnerability scanning? While  external vulnerability scanning  can give a great overview of what you look like to a hacker, the information that can be gleaned without access to your systems can be limited. Some serious vulnerabilities can be discovered at this stage, so it's a must for many organizations, but that's not where hackers stop.  Techniques like phishing, targeted malware,
Cynet Offers Free Threat Assessment for Mid-sized and Large Organizations

Cynet Offers Free Threat Assessment for Mid-sized and Large Organizations

Feb 18, 2020
Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment offering ( click here to learn more ) based on more than 72 hours of data collection, enabling organizations to benchmark their security posture against their vertical industry peers and take actions accordingly. Cynet Free Threat Assessment (available for organizations with 250 endpoints and above, from North America and Europe) spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment. 1.) Indication of live attacks — active malware, connection to C&C, data exfiltration, access to phishing links, user credential theft attempts, and others: 2.) Host and app attack surfaces — unpatched vulnera
Broadening the Scope: A Comprehensive View of Pen Testing

Broadening the Scope: A Comprehensive View of Pen Testing

Jan 16, 2020
Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization's IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation. However, the results are also capable of doing even more. They identify and quantify security risk, and can be used as a keystone in cybersecurity policies. The same can be said about broader penetration testing practices. Organizations gain real value from learning about others' penetration testing experiences, trends, and the role they play in today's threat landscape. The world of pen testing can be an interesting balance of open collaboration and closely guarded privacy. While pen testers may engage in teaming exercises, or happily talk technique when they attend Black Hat, most organizations are extremely reluctant when it comes to discussing their pen testing practices and results. Of course, confidentia
The Ultimate 2019 Security Team Assessment Template

The Ultimate 2019 Security Team Assessment Template

Nov 20, 2019
Assessing the performance of your security team is critical to both knowing your current posture, as well as planning ahead. ' The Ultimate 2019 Security Team Assessment Template ' is the first attempt to capture all the main KPIs of the security team main pillars, saving CIOs and CISOs the time and effort of creating such an assessment from scratch and providing them with a simple and easy-to-use tool to measure how their teams are operated in 2019, while setting up performance targets for 2020. Building such a template is challenging because security teams vary greatly in size and internal responsibility distribution. Additionally, there is little consistency in the terms used to designate the various positions across the industry – security analyst, for example, could have one meaning in a certain company and different one in another. The same goes for architects, managers, and directors. The Security Team Assessment Template ( download here ) addresses this chall
Cynet Offers Free Threat Assessment for Mid-Sized and Large Organizations

Cynet Offers Free Threat Assessment for Mid-Sized and Large Organizations

Apr 03, 2019
Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment offering based on more than 72 hours of data collection and enabling organizations to benchmark their security posture against their industry vertical peers and take actions accordingly. Cynet Free Threat Assessment (available for organizations with 300 endpoints and above) spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment: ➤ Indication of live attacks: active malware, connection to C&C, data exfiltration, access to phishing links, user credential theft attempts and others: ➤ Host and app attack surfaces: unpatched vulnerabilities rated per criticality: ➤ Benchmark comparing
Cybersecurity Resources