#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

automated penetration testing | Breaking Cybersecurity News | The Hacker News

Reimagining Network Pentesting With Automation

Reimagining Network Pentesting With Automation

Dec 14, 2023 Penetration Testing / Cybersecurity
Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making.  This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in today's security landscape.  What is network penetration testing? Network penetration testing  is a proactive approach to cybersecurity in which security experts simulate cyberattacks to identify gaps in an organization's cyberdefense. The key objective of this process is to identify and rectify weaknesses before hackers can exploit them. This process is sometimes called "pentesting" or "ethical hacking."  Network pentesting checks for chinks in an organization's armor to help mitigate cyber-risks and protect against data, financial and reputational losses.  Differe
Evaluating Your Security Controls? Be Sure to Ask the Right Questions

Evaluating Your Security Controls? Be Sure to Ask the Right Questions

Jan 20, 2020
Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to the threat landscape you face at this moment? "Decide what you want to know and then choose the best tool for the job." Security teams typically use several different testing tools to evaluate infrastructure. According to SANS , 69.9% of security teams use vendor-provided testing tools, 60.2% use pen-testing tools, and 59.7% use homegrown tools and scripts. While vendor-provided tools test a specific security solution—whether it's a web application firewall (WAF), EDR solution, or something else—pen testing is frequently used to verify that controls meet compliance requirements, such as PCI DSS regulations, and by red teams as part of broader testing assessments and exercises. Automated pen test
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
Commando VM — Turn Your Windows Computer Into A Hacking Machine

Commando VM — Turn Your Windows Computer Into A Hacking Machine

Mar 29, 2019
FireEye today released Commando VM , which according to the company, is a "first of its kind Windows-based security distribution for penetration testing and red teaming." When it comes to the best-operating systems for hackers, Kali Linux is always the first choice for penetration testers and ethical hackers. However, Kali is a Linux-based distribution, and using Linux without learning some basics is not everyone's cup of tea as like Windows or macOS operating systems. Moreover, if you are wondering why there is no popular Windows-based operating system for hackers? First, because Windows is not open-source and second, manually installing penetration testing tools on Windows is pretty problematic for most users. To help researchers and cyber security enthusiasts, cybersecurity firm FireEye today released  an automated installer called  Commando VM. But don't get confused with its name. Commando VM is not a pre-configured snapshot of a virtual machine ima
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Kali Linux 2016.2 — Download Latest Release Of Best Operating System For Hackers

Kali Linux 2016.2 — Download Latest Release Of Best Operating System For Hackers

Sep 02, 2016
As promised at the Black Hat and Def Con security and hacking conferences, Offensive Security – the creators of Swiss army knife for researchers, penetration testers, and hackers – has finally released the much awaited Kali Linux 2016.2. Kali Linux is an open-source Debian-based Linux distribution designed to help ethical hackers and security professionals with a wide range of tools for penetration testing, forensics, hacking and reverse engineering together into a single package. Earlier the Kali Linux distribution was known as BackTrack . Kali Linux 2016.2 is an updated Live ISO image of the popular GNU/Linux distribution that includes the latest software versions and enhancements for those who want to deploy the operating system on new systems. What's new? Besides bringing the updated Live ISOs of Kali Linux, the Kali Linux team brings multiple variants of the GNU/Linux distribution with various Desktop Environments, specifically KDE, Xfce, MATE, LXDE, and Enlighten
DARPA Challenges Hackers to Create Automated Hacking System — WIN $2 Million

DARPA Challenges Hackers to Create Automated Hacking System — WIN $2 Million

Jul 14, 2016
Why we can't detect all security loopholes and patch them before hackers exploit them? Because... we know that humans are too slow at finding and fixing security bugs, which is why vulnerabilities like Heartbleed , POODLE and GHOST remained undetected for decades and rendered almost half of the Internet vulnerable to theft by the time patches were rolled out. Now to solve this hurdle, DARPA has come up with an idea: To build a smart Artificial Intelligence System that will automatically detect and even patch security flaws in a system. Isn't it a revolutionary idea for Internet Security? The Defense Advanced Research Projects Agency (DARPA) has selected seven teams of finalists who will face off in a historic battle, as each tries to defend themselves and find out flaws without any human control. The DARPA Cyber Grand Challenge will be held at the annual DEF CON hacking conference in Las Vegas next month. Must Read : Artificial Intelligence System that can detec
Python for Security Professionals: Free IT Security Training

Python for Security Professionals: Free IT Security Training

Jun 08, 2015
Python is an excellent programming language that has rapidly become popular among Hackers, Reverse engineers, software testers, Forensic analyst and Penetration testers. Python is a simple object-oriented and minimalistic language that is easy to learn for novice programmers as well as experienced developers. Most Python programs run on all major operating systems including Windows, Linux, Mac, etc. What makes Python such an effective platform for Security Professional and Hackers? Python supports pre-built extensive libraries that are specifically designed for penetration testing and provide some powerful functionalities. So if you are looking for a most widely used and easy to learn scripting language, go for Python. Here I'm introducing you a Free IT training from Cybrary – Python for Security Professionals . There is nothing wrong if I say that scripting languages like BASH, Perl, and Ruby can not do the same things as Python, but building those ca
New Release: Kali Linux for Docker — Deploy and Play!

New Release: Kali Linux for Docker — Deploy and Play!

May 27, 2015
The Developers of one of the most advanced open source operating system for penetration testing called ' KALI Linux ' have made the operating system available for Docker-addicted system administrators. But, What's Docker? Docker is a new open-source container technology, released in June 2014, that automates the deployment of applications inside self-sufficient software containers by providing an additional layer of abstraction and automation of operating-system-level visualization on Linux. Docker, built on top of Linux containers, is simply a way of managing multiple containers on a single machine. Nowadays, companies are adopting Docker at a remarkable rate. Docker is not just the favorite of Linux powers like RedHat and Canonical, but also big software firms, including Microsoft, which has embraced Docker. Why bringing Kali Linux for Docker? The same was happened to the developer of Offensive Security, who was requested for a Dockerised image of
Cybrary Offers Free Online Ethical Hacking and Cyber Security Training

Cybrary Offers Free Online Ethical Hacking and Cyber Security Training

Apr 15, 2015
I frequently receive emails and messages on how to hack my friend's Facebook account , how to become a hacker, how to penetrate networks , how to break into computers, and how to compromise routers? These are some of the most frequent queries I came across, and in this article I'll attempt to answer these along with a solution on how to get started as a beginner. Before we begin, first let's know… ...What is Ethical Hacking? Most people want to learn hacking just for fun to hack into their friend's Facebook account or Gmail. Remember, Hacking is a skill and if you are here for the same reason, sadly but this platform may not work for you. Ethical hacking is testing the IT resources for a good cause and the betterment of technology. Ethical hackers are none other than computer security experts and researchers who focus on penetration testing and weaknesses in the organization's information systems they associated. A way to become an ethical hacker is to get C
18-year-old Unpatched Vulnerability Affects All Versions of Microsoft Windows

18-year-old Unpatched Vulnerability Affects All Versions of Microsoft Windows

Apr 14, 2015
Security researchers have unearthed a serious security flaw in all supported versions of Windows that could let hackers steal users' credentials from computers, tablets or servers running any version of Windows operating system, including the as-yet-released Windows 10. This vulnerability in Windows was first discovered 20 Years ago : The critical bug, dubbed " Redirect to SMB ," is a variant of a vulnerability found in Windows by researcher Aaron Spangler nearly 18 years ago that caused Windows to expose a user's Windows username and password automatically. However, according to researchers at security firm Cylance who discovered the flaw, this weakness in Windows was never patched by Microsoft, as Microsoft says that this flaw is not worth focusing on, and, therefore... ...This results in a new hack that targets the SMB file sharing protocol . But, What is SMB? SMB, or Server Message Block, is a protocol that allows users to share files o
TrueCrypt Security Audit Concludes No NSA Backdoor

TrueCrypt Security Audit Concludes No NSA Backdoor

Apr 03, 2015
The Security audit of TrueCrypt disk-encryption software has been completed, with no evidence of any critical design vulnerabilities or deliberate backdoors in its code. TrueCrypt -- one of the world's most-used open source file encryption software used by Millions of privacy and security enthusiasts -- is being audited from past two years by a team of security researchers to assess if it could be easily exploited and cracked. Hopefully, it has cleared the second phase of the audit. TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition. NO NSA BACKDOORS Security Auditors and Cryptography Experts at NCC took an initiative to perform a public information security audit of TrueCrypt in response to the concerns that National Security Agency (NSA) may have tampered with it, according to a leaked cl
Cybersecurity Resources