Threat Prevention | Breaking Cybersecurity News | The Hacker News

Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn't have to be that way.  Microsegmentation: The Missing Piece in Zero Trust Security   Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no longer provide sufficient protection as attackers shift their focus to lateral movement within enterprise networks. With over 70% of successful breaches involving attackers moving laterally, organizations are rethinking how they secure internal traffic.  Microsegmentation has emerged as a key strategy in achieving Zero Trust security by restricting access to critical assets based on identity rather than network location. However, traditional microsegmentation approaches—often involving VLAN reconfigurations, agent deployments, or complex firewall rules—tend to be slow, operationally disrupt...

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You're not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That's why we're excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both worlds by connecting your code insights with real-time runtime data. This means you get a clear, holistic view of your application's security. Instead of reacting to threats, ASPM helps you prevent them. Imagine reducing costly retrofits and emergency patches with a proactive, shift-left strategy—saving you time, money, and stress. Join Amir Kaushansky, Director of Product Management at Palo Alto Networks, as he walks you through how ASPM is changing the game. In this free webinar , you'll learn to: Close the Security Gaps: Understand why traditional AppSec tools fall short and how ASPM fills ...

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You're not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That's why we're excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both worlds by connecting your code insights with real-time runtime data. This means you get a clear, holistic view of your application's security. Instead of reacting to threats, ASPM helps you prevent them. Imagine reducing costly retrofits and emergency patches with a proactive, shift-left strategy—saving you time, money, and stress. Join Amir Kaushansky, Director of Product Management at Palo Alto Networks, as he walks you through how ASPM is changing the game. In this free webinar , you'll learn to: Close the Security Gaps: Understand why traditional AppSec tools fall short and how ASPM fills ...

In today's rapidly evolving digital landscape, weak identity security isn't just a flaw—it's a major risk that can expose your business to breaches and costly downtime. Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into expensive liabilities. Join us for " Building Resilient Identity: Reducing Security Debt in 2025 " and discover smart, actionable strategies to protect your business against modern cyber threats. This webinar offers you a chance to cut through the complexity of identity security with clear, practical solutions. Our seasoned experts will show you how to detect risks early, optimize your resources, and upgrade your systems to stay ahead of emerging threats. What You'll Learn: Spot Hidden Risks: Uncover how weaknesses in identity security can lead to significant breaches and extra costs. Step-by-Step Solutions: Follo...

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches [1] , [2] . While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of controls to reduce risk while accepting that some attacks will succeed. This methodology relies on detection, response, and recovery capabilities to minimize damage after a breach has already occurred, but it does not prevent the possibility of successful attacks.  The good news? Finally, there's a solution that marks a true paradigm shift: with modern authentication technologies, the complete elimination of identity-based threats is now within reach. This groundbreaking advancement moves us beyond the traditional focus on risk reduction, offering organizations a way to fully neutraliz...

Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes. Manual account discovery that's time-consuming. Weak enforcement of least privilege access. Gaps that let admins bypass controls. These flaws leave critical vulnerabilities that attackers exploit daily. But it doesn't have to be this way. In our webinar, " Preventing Privilege Escalation: Effective PAS Practices for Today's Threat Landscape , " we'll show you how to secure your privileged accounts and stay ahead of threats. What you'll gain: Close Security Gaps : Learn to find and fix vulnerabilities in your privileged accounts. Actionable Insights : Discover proven PAS strategies ...

The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that needs to be protected. LayerX has released a comprehensive guide titled "Kickstarting Your Browser Security Program" This in-depth guide serves as a roadmap for CISOs and security teams looking to secure browser activities within their organization; including step-by-step instructions, frameworks, and use cases. Below, we bring its main highlights. Prioritizing Browser Security Browsers now serve as the primary interface for SaaS applications, creating new malicious opportunities for cyber adversaries. The risks include: Data leakage - Browsers can expose sensitive data by allowing empl...

SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, data leaks, and significant breaches. If you understand the importance of SaaS security, and need some help explaining it internally to get your team's buy-in, this article is just for you — and covers:  Why SaaS data needs to be secured Real-world examples of SaaS apps attacks The attack surface of SaaS apps Other types of less suitable solutions including CASB or manual audit ROI of an SSPM What to look for in the right SSPM Download the full SSPM Justification Kit e-book or request the kit in presentation format with your logo! What Is in Your SaaS Data? Nearly all business operations run through SaaS. So does HR, sa...

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1) - A vulnerability in Veeam ONE that enables an attacker in possession of the Agent service account credentials to perform remote code execution on the underlying machine CVE-2024-42019 (CVSS score: 9.0) - A vulnerability in Veeam ONE that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account CVE-2024-38650 (CVSS score: 9.9) - A vulnerability in Veeam Service Provider Console (VPSC) that allows a low privileged attacker to access the NTLM hash of the service account on the server CVE-2024-39714 (CVSS score: 9.9) - A vulnerability in VPSC tha...

SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash," the company said in an advisory released last week. "This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions." The issue has been addressed in the below versions - SOHO (Gen 5 Firewalls) - 5.9.2.14-13o Gen 6 Firewalls - 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances) SonicWall said the vulnerability is ...

Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk - the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do not protect from internal data exfiltration, like employees pasting sensitive data to ChatGPT. As it turns out, browser security is also a cost-effective security solution, compared to other solutions that require much more budgets and heavy lifting. In a new report, "CISO Testimonials: 6 Real Life Stories of Cutting Costs with a Browser Security Platform" , six CISOs testify how browser security allowed them to reduce security team workloads and enhance efficiency and security, with a cost-effective browser security solution. CISO Testimonials Throughout the report, the CISOs reveal the tasks they had on their plate and how they solved them in an efficient manner. These are categorized...

Being a CISO is a balancing act: ensuring organizations are secure without compromising users' productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the  Cato SASE Cloud platform  to balance these factors without compromise. This article details how CISOs are leveraging Cato across different touchpoints of their  SASE  and SSE transition journey. It shows the top 3 achievements CISOs can accomplish: visibility, real-time threat prevention, and data sovereignty. Read and discover how it's done. Since Cato is easy to deploy, adopt and manage, you can soon benefit from these capabilities as well. To read a more in-depth explanation of these findings, click  here . Achievement #1: Comprehensive Visibility Sites can be quickly onboarded using Cato's zero-touch Socket edge SD-WAN devices or IPSEC tunnels. At the same time, remote users ca...

In a rapidly evolving digital landscape, it's crucial to reevaluate how we secure web environments. Traditional antivirus-approach solutions have their merits, but they're reactive. A new report delves into the reasons for embracing proactive web security solutions, ensuring you stay ahead of emerging threats.  To learn more, download the full report  here . The New Paradigm If you've been relying on the old-style antivirus-based approach to website security up to now, then we could summarize why you need to update to the more proactive approach simply by saying — prevention is always preferable to cure. That's the overarching rationale for adopting a proactive web security solution, but let's break it down into a few more detailed reasons for updating to the newer and more effective proactive approach.  To be clear, we're not denying that an antivirus-approach solution is ideal for detecting and responding to threats, but there's no escaping the fact that it's limit...