#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Zero Trust | Breaking Cybersecurity News | The Hacker News

Category — Zero Trust
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

Jan 17, 2025 Threat Detection / Zero Trust
Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access, protecting data, maintaining compliance across all geographies, and ensuring business continuity. Evolved security solutions now combine zero-trust architecture with cloud-based captive portals to enhance network protection. These systems enable organizations to implement strict access controls, verify every device's security status, and maintain network separation. Through advanced features like conditional access and device registration, businesses can now offer secure guest Wi-Fi access while maintaining complete visibility and control over their network resources. Challenges in Wi-Fi Se...
Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

Jan 07, 2025 Cybersecurity / Endpoint Security
It's time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to celebrities lost in the past year, this article will look back at a few of cybersecurity's brightest stars that went dark in the past year.  1. Legacy Multi-Factor Authentication (MFA) Cause of Death: Compromised by sophisticated phishing, man-in-the-middle (MitM), SIM-swapping, and MFA prompt bombing attacks. The superstar of access security for more than twenty years, legacy MFA solutions enjoyed broad adoption followed by almost-universal responsibility for cybersecurity failures leading to successful ransomware attacks. These outdated solutions relied heavily on SMS or email-based codes o...
The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025

The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025

Feb 06, 2025AI Security / Cybersecurity
Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions. Why is PAM climbing the ranks of leadership priorities? While Gartner highlights key reasons such as enhanced security, regulatory compliance readiness, and insurance requirements, the impact of PAM extends across multiple strategic areas. PAM can help organizations enhance their overall operational efficiency and tackle many challenges they face today. To explore more about PAM's transformative impact on businesses, read The Cyber Guardian: PAM's Role in Shaping Leadership Agendas for 2025 by a renowned cybersecurity expert and former Gartner lead analyst Jonathan Care.  What cybersecurity challenges may organizations face in 2025? The cybersecurity landsca...
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Dec 04, 2024 Risk Management / Zero Trust
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and poor access management.  Privileged accounts with access to your critical systems and sensitive data are among the most vulnerable elements in cloud setups. When mismanaged, these accounts open the doors to unauthorized access, potential malicious activity, and data breaches. That's why strong privileged access management (PAM) is indispensable. PAM plays an essential role in addressing the security challenges of complex infrastructures by enforcing strict access controls and managing the life cycle of privileged accounts. By employing PAM in hybrid and cloud environments, you're not...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Learn how CUAs like OpenAI Operator can be used by attackers to automate account takeover and exploitation.
Leveraging Wazuh for Zero Trust security

Leveraging Wazuh for Zero Trust security

Nov 05, 2024 Network Security / Zero Trust
Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after successful user authentication. Why companies adopt Zero Trust security Companies adopt Zero Trust security to protect against complex and increasingly sophisticated cyber threats. This addresses the limitations of traditional, perimeter-based security models, which include no east-west traffic security, the implicit trust of insiders, and lack of adequate visibility.  Traditional vs. Zero Trust security Zero Trust security upgrades an organization's security posture by offering: Improved security posture : Organizations can improve their security posture by continuously gathering data on...
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024 Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,...
Discover Latest Ransomware Tactics and Zero Trust Strategies in This Expert Webinar

Discover Latest Ransomware Tactics and Zero Trust Strategies in This Expert Webinar

Sep 24, 2024 Webinar / Cybersecurity
Ransomware is no longer just a threat; it's an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there's good news: you don't have to be defenseless. What if you could gain a strategic edge? Join our exclusive webinar, " Unpacking the 2024 Ransomware Landscape: Insights and Strategies from ThreatLabz ," featuring Emily Laufer, Director of Product Marketing at Zscaler. Emily will break down the latest findings from ThreatLabz and equip you with practical strategies to stay ahead of cybercriminals. In this informative session, you will: Go Beyond the Headlines : Explore the details behind recent ransomware incidents and uncover how attackers infiltrate, encrypt, and extort their victims. Discover the Latest TTPs (Tactics, Techniques, and Procedures) : Learn the newest techniques hackers use to bypass security defenses and how to counter...
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

Jul 11, 2024 Software Security / Vulnerability
GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user. Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to 17.0.4, and 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances," the company said in a Wednesday advisory. It's worth noting that the company patched a similar bug late last month ( CVE-2024-5655 , CVSS score: 9.6) that could also be weaponized to run pipelines as other users. Also addressed by GitLab is a medium-severity issue (CVE-2024-5257, CVSS score: 4.9) that allows a Developer user with admin_compliance_framework permissions to modify the URL for a group namespace. All the security shortcomings have been fi...
Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

Jun 28, 2024 Cybersecurity / Cloud Security
The modern kill chain is eluding enterprises because they aren't protecting the infrastructure of modern business: SaaS .  SaaS continues to dominate software adoption , and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven't revised their security programs or adopted security tooling built for SaaS.  Security teams keep jamming on-prem pegs into SaaS security holes  The mature security controls CISOs and their teams depended on in the age of on-prem dominance have vanished. Firewalls now protect a small perimeter, visibility is limited, and even if SaaS vendors offer logs, security teams need homegrown middleware to digest them and push into their SIEM.  SaaS vendors do have well-defined security scopes for their products, but their customers must manage SaaS compliance and data governance, identity and access management (IAM), and application controls — the areas where most incidents occur. While this SaaS shared...
Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers

Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers

Jun 10, 2024 Cloud Security / Vulnerability
Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources. "This case does highlight an inherent risk in using service tags as a single mechanism for vetting incoming network traffic," the Microsoft Security Response Center (MSRC) said in a guidance issued last week. "Service tags are not to be treated as a security boundary and should only be used as a routing mechanism in conjunction with validation controls. Service tags are not a comprehensive way to secure traffic to a customer's origin and do not replace input validation to prevent vulnerabilities that may be associated with web requests." The statement comes in response to findings from cybersecurity firm Tenable, which found that Azure customers whose firewall rules rely on Azure Service Tags could be bypassed. There is no evidence t...
Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

May 31, 2024 OT Security / Threat Intelligence
Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets," the Microsoft Threat Intelligence team said . The company noted that a cyber attack on an OT system could allow malicious actors to tamper with critical parameters used in industrial processes, either programmatically via the programmable logic controller (PLC) or using the graphical controls of the human-machine interface (HMI), resulting in malfunctions and system outages. It further said that OT systems often lack adequate security mechanisms, making them ripe for exploitation by adversaries and carry out attacks that are "relatively easy to execute," a fact compounded by the additional risks introduced by direc...
Expert Insights / Articles Videos
Cybersecurity Resources