#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

cyber security guidelines | Breaking Cybersecurity News | The Hacker News

Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits

Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits

Jul 12, 2019
Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors. IT teams are always on the lookout for new ransomware and exploit spreading in the wild, but can all these unforeseen cyber attacks be prevented proactively? That's definitely a 'NO,' which is why there's a reactive approach in place to save organisations from the aftermath of take downs, and with proper cybersecurity practices, one can reduce the chances of becoming a victim. To do that, organizations should follow specific cybersecurity frameworks that will assist them in redefining and reinforcing their IT security and staying vigilant against cyber attacks. In this article, we'll understand what is cybersecurity framework, why they are mandatory for organizations, and what are their types, strategies, benefits, and implementation in detail. What is a Cybersecurity Framework? Cybersecurity framew
End of SMS-based 2-Factor Authentication; Yes, It's Insecure!

End of SMS-based 2-Factor Authentication; Yes, It's Insecure!

Jul 27, 2016
SMS-based Two-Factor Authentication (2FA) has been declared insecure and soon it might be a thing of the past. Two-Factor Authentication or 2FA adds an extra step of entering a random passcode sent to you via an SMS or call when you log in to your account as an added layer of protection. For example, if you have 2FA enabled on Gmail, the platform will send a six-digit passcode to your mobile phone every time you sign in to your account. But, the US National Institute of Standards and Technology (NIST) has released a new draft of its Digital Authentication Guideline that says SMS-based two-factor authentication should be banned in future due to security concerns. Here's what the relevant paragraph of the latest DAG draft reads: "If the out of band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not wi
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
Cybersecurity Resources