#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Vulnerability Detection | Breaking Cybersecurity News | The Hacker News

Category — Vulnerability Detection
Code Keepers: Mastering Non-Human Identity Management

Code Keepers: Mastering Non-Human Identity Management

Apr 12, 2024 DevSecOps / Identity Management
Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or
Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

Oct 26, 2023 Vulnerability / Network Security
Users of  Mirth Connect , an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as  CVE-2023-43208 , the vulnerability has been addressed in  version 4.4.1  released on October 6, 2023. "This is an easily exploitable, unauthenticated remote code execution vulnerability," Horizon3.ai's Naveen Sunkavally  said  in a Wednesday report. "Attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data." Called the "Swiss Army knife of healthcare integration," Mirth Connect is a cross-platform interface engine used in the healthcare industry to communicate and exchange data between disparate systems in a  standardized manner . Additional technical details about the flaw have been withheld in light of the fact that Mirth Connect versions going as far bac
Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

Oct 31, 2024Identity Security / Browser Security
In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as "the new perimeter", the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data breaches, account takeovers, and credential theft. The "Enterprise Identity Threat Report 2024" ( download here ) is based on exclusive data available only to the LayerX Browser Security platform. This data derives from LayerX's unique visibility into every user action in the browser, across industries. It provides a detailed analysis of emerging risks and uncovered hidden threats. To register to a live webinar to cover the key findings in this report, Click here . Below is a deeper dive into some of the report's most critical findings: 1. The Greatest Risk Comes from 2% of Users Security profe
Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch

Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch

Jul 18, 2022
With global cybercrime costs expected to reach $10.5 trillion annually by 2025, according to Cybersecurity Ventures, it comes as little surprise that the risk of attack is companies' biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an (over)abundance of solutions available.  But beware, they may not give you a full and continuous view of your weaknesses if used in isolation. With huge financial gains to be had from each successful breach, hackers do not rest in their hunt for flaws and use a wide range of tools and scanners to help them in their search. Beating these criminals means staying one step ahead and using the most comprehensive and responsive vulnerability detection support you can.  We'll go through each solution and explain how you can maintain your vigilance. Of course, vulnerability management is just one step businesses must take to prevent a breach; there's also proper
cyber security

AWS EKS Security Best Practices [Cheat Sheet]

websiteWiz.ioCloud Security / Kubernetes
Unlock this one-stop resource for mastering EKS security best practices and safeguarding your cloud-native applications.
Expert Insights / Articles Videos
Cybersecurity Resources