#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

cybersecurity | Breaking Cybersecurity News | The Hacker News

Let Experts Do Their Job – Managed WAF by Indusface

Let Experts Do Their Job – Managed WAF by Indusface
Aug 13, 2019
WAF (Web Application Firewall) has been the first line of defence when it comes to application security for a while now. Many organizations have adopted WAF in one form or the other and most cases, compliance has been the driver for adoption. But unfortunately, when it comes to the efficacy of WAF in thwarting attacks, it has not lived up to the expectations. In most organizations, WAF has always remained in log mode with a little process to monitor and react, rendering the solution ineffective. The major challenge with effective deployment of WAF is: Applications are unique, and there is no silver bullet set of rules that will protect them all, Most WAF's do not try to understand the risk profile of the application; they end up providing common out of box vanilla rules that seldom works. Each application has its own intricacies and the out of the box rules that many WAF vendors provide create a lot of FPs (False Positives) or FNs (False Negatives), For proper implement

Engage Your Management with the Definitive 'Security for Management' Presentation Template

Engage Your Management with the Definitive 'Security for Management' Presentation Template
Jul 16, 2019
In every organization, there is a person who's directly accountable for cybersecurity. The name of the role varies per the organization's size and maturity – CISO, CIO, and Director of IT are just a few common examples – but the responsibility is similar in all places. They're the person who understands the risk and exposure, knows how prepared the team and most important – what the gaps are and how they can be best addressed. Apart from actually securing the organization – and losing some sleep over it – this individual has another equally important task: to communicate the security risk, needs, and status to the company's management. After all, the level of security rises in direct proportion to the amount of invested resources, and management people are the ones who decide and allocate them. Since management people are not typically cybersecurity savvy, engaging them can be challenging – one must find the balance between high-level explanations, a direct c

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits

Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits
Jul 12, 2019
Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors. IT teams are always on the lookout for new ransomware and exploit spreading in the wild, but can all these unforeseen cyber attacks be prevented proactively? That's definitely a 'NO,' which is why there's a reactive approach in place to save organisations from the aftermath of take downs, and with proper cybersecurity practices, one can reduce the chances of becoming a victim. To do that, organizations should follow specific cybersecurity frameworks that will assist them in redefining and reinforcing their IT security and staying vigilant against cyber attacks. In this article, we'll understand what is cybersecurity framework, why they are mandatory for organizations, and what are their types, strategies, benefits, and implementation in detail. What is a Cybersecurity Framework? Cybersecurity framew

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

5 Keys to Improve Your Cybersecurity

5 Keys to Improve Your Cybersecurity
Jun 18, 2019
Cybersecurity isn't easy. If there was a product or service you could buy that would just magically solve all of your cybersecurity problems, everyone would buy that thing, and we could all rest easy. However, that is not the way it works. Technology continues to evolve. Cyber attackers adapt and develop new malicious tools and techniques, and cybersecurity vendors design creative new ways to detect and block those threats. Rinse and repeat. Cybersecurity isn't easy, and there is no magic solution, but there are a handful of things you can do that will greatly reduce your exposure to risk and significantly improve your security posture. The right platform, intelligence, and expertise can help you avoid the vast majority of threats, and help you detect and respond more quickly to the attacks that get through. Challenges of Cybersecurity Effective cybersecurity is challenging for a variety of reasons, but the changing perimeter and the confusing variety of solution

GandCrab Ransomware Decryption Tool [All Versions] — Recover Files for Free

GandCrab Ransomware Decryption Tool [All Versions] — Recover Files for Free
Jun 18, 2019
Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals. GandCrab is one of the most prolific families of ransomware to date that has infected over 1.5 million computers since it first emerged in January 2018. Created by BitDefender, the new GandCrab decryption tool [ download ] can now unlock files encrypted by the latest versions of the ransomware, from 5.0 to 5.2, as well as for the older GandCrab ransomware versions. As part of the " No More Ransom " Project, BitDefender works in partnership with the FBI, Europol, London Police, and several other law enforcement agencies across the globe to help ransomware affected users. The cybersecurity company in recent months released ransomware removal tools for some older GandCrab versions that helped nearly 30,000 victims recover their data for free,

Flipboard Database Hacked — Users' Account Information Exposed

Flipboard Database Hacked — Users' Account Information Exposed
May 29, 2019
Flipboard, a popular social sharing and news aggregator service used by over 150 million people, has disclosed that its databases containing account information of certain users have been hacked. According to a public note published yesterday by the company, unknown hackers managed to gain unauthorized access to its systems for nearly 10 months—between June 2, 2018, and March 23, 2019, and then again on April 21-22, 2019. The hackers then potentially downloaded database containing Flipboard users' real name, usernames, cryptographically (salted hash) protected passwords and email addresses, including digital tokens for users who linked their Flipboard account to a third-party social media service. According to a breach notification email sent out to affected users and seen by The Hacker News, the company has now reset passwords for all users as a precautionary measure, forcing users to create a new strong password for their accounts. "You can continue to use Flipb

5 Cybersecurity Tools Every Business Needs to Know

5 Cybersecurity Tools Every Business Needs to Know
May 23, 2019
Cybersecurity experts all echo the same thing – cyber attacks are going to get more rampant, and they will continue to pose severe threats against all technology users. Businesses, in particular, have become prime targets for cybercriminals due to the nature of data and information they process and store. 2018 saw a slew of data breaches targeting large enterprises that resulted in the theft of the personal and financial records of millions of customers. Falling victim to cyber attacks can deal with a major financial blow to businesses as the cost of dealing with an attack has risen to $1.1 million on the average. It can even be more devastating for small to medium-sized businesses. 60 percent of these smaller operations close within six months after failing to recover from cyber attacks. But aside from these monetary costs, companies can also lose credibility and their customers' confidence. Needless to say, businesses must improve the protection of their infrastructures

WEBINAR: How to Get Enterprise Cyber Security for your Mid-Sized Organization

WEBINAR: How to Get Enterprise Cyber Security for your Mid-Sized Organization
May 21, 2019
High-quality cybersecurity posture is typically regarded as the exclusive domain of the large and heavy resourced enterprises – those who can afford a multi-product security stack and a skilled security team to operate it. This implies a grave risk to all organizations who are not part of this group, since the modern threat landscape applies to all, regardless of size and vertical. What is less commonly known is that by following basic and well-defined practices and wise security product choices, any organization can level up its defenses to a much higher standard. "At the end of the day it comes down to strategic planning," says Eyal Gruner, CEO and co-founder of Cynet, "rather than thinking in term of specific product or need, zoom out and breakdown the challenge to its logical parts – what do you need to do proactively on an on-going basis, while you're under attack and when you manage a recovery process." From the various frameworks of security b

US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei

US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei
May 20, 2019
Google has reportedly suspended all businesses with the world's second-biggest smartphone maker, Huawei, and revoked its Android license effective immediately—a move that will have a drastic impact on Huawei devices across the globe. Revoking Android license means Huawei future smartphones will no longer have access to Android updates and apps like Gmail or the Play Store, as well as Google technical support beyond services that are publicly available via open source licensing, Reuters report. Why? That's because last week, U.S. President Donald Trump signed an executive order declaring a national emergency banning foreign companies—over surveillance fear—from doing telecommunication business in the United States without the government's approval. About the executive order, White House Press Secretary Sarah Sanders said in a statement that President Trump "has made it clear that this Administration will do what it takes to keep America safe and prosperous, an

DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days

DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days
May 01, 2019
In recent years, we have seen how hackers prey on those too lazy or ignorant to install security patches, which, if applied on time, would have prevented some devastating cyber attacks and data breaches that happened in major organisations. The United States Department of Homeland Security (DHS) has ordered government agencies to more swiftly plug the critical security vulnerabilities found on their networks within 15 calendar days since the initial detection, a reduction from 30 days. DHS's Cybersecurity and Infrastructure Security Agency (CISA) this week issued a new Binding Operational Directive (BOD) 19-02 instructing federal agencies and departments to address "critical" rated vulnerabilities within 15 days and "high" severity flaws within 30 days of initial detection. The countdown to patch a security vulnerability will start when it was initially detected during CISA's weekly Cyber Hygiene vulnerability scanning, rather than it was the firs

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities
Apr 17, 2019
Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in third-party libraries that are included in Drupal 8.6, Drupal 8.5 or earlier and Drupal 7. One of the security flaws is a cross-site scripting (XSS) vulnerability that resides in a third-party plugin, called JQuery, the most popular JavaScript library that is being used by millions of websites and also comes pre-integrated in Drupal Core. Last week, JQuery released its latest version jQuery 3.4.0 to patch the reported vulnerability, which has not yet assigned a CVE number, that affects all prior versions of the library to that date. "jQuery 3.4.0 includes a fix for som

Get 4 Essential CyberSecurity Software For Less Than $10 Per Month

Get 4 Essential CyberSecurity Software For Less Than $10 Per Month
Mar 22, 2019
Major data breaches and cyber attacks are occurring at an alarming rate, and if you are still not using a VPN and password manager app, you are seriously out of excuses. Not just VPN software and a password manager, cybersecurity experts also recommend using antivirus and backup solutions to protect your computers and precious data stored on them. Unfortunately, to cover these bases, one would typically have to spend at least $30 per month. However, here we have great news for millions of The Hacker News readers. Cybersecurity companies partnered with THN Deal Store have exclusively launched a new subscription package called — The Vault — that slashes the price for top security apps everyone needs to use. At just $9.99 monthly subscription, you can now get licenses for four award-winning cybersecurity apps: Dashlane Password Manager Panda Antivirus Software Degoo Online Backup — 2TB of Secure Cloud Storage NordVPN — One of the best VPN service providers in 2019

Google Launches Backstory — A New Cyber Security Tool for Businesses

Google Launches Backstory — A New Cyber Security Tool for Businesses
Mar 05, 2019
Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory , a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats. Network infrastructures at most enterprises regularly generate enormous amounts of network data and logs on a daily basis that can be helpful to figure out exactly what happened when a security incident occurs. However, unfortunately, most companies either don't collect the right telemetry or even when they do, it's practically impossible for them to retain that telemetry for more than a week or two, making analysts blind if any security incident happens before that. Backstory solves this problem by allowing organizations to privately upload and store their petabytes of "internal security telemetry" on Google cloud platform and leverage machine learning and da

How to Secure Your Mid-Size Organization From the Next Cyber Attack

How to Secure Your Mid-Size Organization From the Next Cyber Attack
Jan 15, 2019
If you are responsible for the cybersecurity of a medium-sized company , you may assume your organization is too small to be targeted. Well, think again. While the major headlines tend to focus on large enterprises getting breached – such as Sony, Equifax, or Target the actual reality is that small and mid-sized companies are experiencing similar threats. According to Verizon's 2018 Data Breach Investigations Report, fifty-eight percent of malware attack victims are SMBs. Added to this is the fact that attack vectors that target small and medium-sized businesses are growing increasingly sophisticated, which makes securing them respectively challenging, and the trend of targeting ransomware campaigns on smaller organizations, as attackers assume smaller outfits are more likely to quickly pay in order to avoid damage to their business and reputation. Cisco's 2018 Security Capabilities Benchmark Study states that 44 percent of cyber attacks cost organizations over $500,000 i

Australia Passes Anti-Encryption Bill—Here's Everything You Need To Know

Australia Passes Anti-Encryption Bill—Here's Everything You Need To Know
Dec 07, 2018
Australia's House of Representatives has finally passed the "Telecommunications Assistance and Access Bill 2018," also known as the Anti-Encryption Bill , on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications. The Australian government argues the new legislation is important for national security and an essential tool to help law enforcement and security agencies fight serious offenses such as crime, terrorist attacks, drug trafficking, smuggling, and sexual exploitation of children. Since the bill had support from both major parties (the Coalition and Labor), the upper house could vote in support of the Assistance and Access Bill to make it law, which is expected to come into effect immediately during the next session of parliament in early 2019. Although the new legislation does not properly clarify specifics around the potential power that the Assistance
Cybersecurity Resources