The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: enterprise security

[eBook] Your First 90 Days as CISO — 9 Steps to Success

[eBook] Your First 90 Days as CISO — 9 Steps to Success

September 29, 2021The Hacker News
Chief Information Security Officers (CISOs) are an essential pillar of an organization's defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much to accomplish.  Fortunately. A new guide by XDR provider Cynet ( download here ) looks to give new and veteran CISOs a durable foundation to build a successful security organization. The challenges faced by new CISOs aren't just logistical. They include securing their environment from both known and unknown threats, dealing with stakeholders with unique needs and demands, and interfacing with management to show the value of strong security.  Therefore, having clearly defined steps planned out can help CISOs seize the opportunity for change and implement security capabilities that allow organizations to grow and prosper. Security leaders can also leverage the willingness of orga
Is Traffic Mirroring for NDR Worth the Trouble? We Argue It Isn't

Is Traffic Mirroring for NDR Worth the Trouble? We Argue It Isn't

September 02, 2021The Hacker News
Network Detection & Response (NDR) is an emerging technology developed to close the blind security spots left by conventional security solutions, which hackers exploited to gain a foothold in target networks. Nowadays, enterprises are using a plethora of security solutions to protect their network from cyber threats. The most prominent ones are Firewalls, IPS/IDS, SIEM, EDR, and XDR (which combines the functionality of EDR and SIEM). However, all these solutions suffer from security gaps that prevent them from stopping advanced cyber-attacks efficiently.  NDR was developed based on Intrusion Detection System (IDS). An IDS solution is installed on the network perimeter and monitors the network traffic for suspicious activities. IDS systems suffer from many downsides that make them inefficient in stopping modern cyber-attacks: IDS use signature-based detection techniques to discover abnormal activities, making them unable to spot unknown attacks. In addition, IDS systems trigger
Solution Providers Can Now Add Incident Response to Their Services Portfolio For Free

Solution Providers Can Now Add Incident Response to Their Services Portfolio For Free

August 17, 2021The Hacker News
The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house. Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider (MSP) or Security Integrator (SI) to add Incident Response to its services portfolio, without building an in-house team of incident responders, by using Cynet's IR team and technology at no cost. Managed Service providers interested to add Incident Response to their service portfolio with no investment in people or technology can apply here . As cyber threats grow in sophistication and volume, there is an increasing number of cases in which attackers succeed in compromising the environments they target. This, in turn, fuels a rapidly growing demand for IR technologies and services. Since in most cases
Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs

Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs

August 03, 2021The Hacker News
As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities. Until recently, IT integrators, VARs, and MSPs haven't participated in the growing and profitable MSSP market as it entailed massive investments in building an in-house skilled security team. However, this is beginning to change as a result of certain security vendors, like Cynet, that provide a purpose-built partner offering that enables IT integrators, VARs, and MSPs to provide managed security service with zero investment in hardware or personnel. Their offering includes a 24/7 SOC that trains and supports the partner's existing team and a security platform that consolidates and automates breach protection (including endpoint, user, and network security), making it simple to operate by any IT professional. To learn more about th
Critical Flaws Reported in Sage X3 Enterprise Management Software

Critical Flaws Reported in Sage X3 Enterprise Management Software

July 08, 2021Ravie Lakshmanan
Four security vulnerabilities have been uncovered in the  Sage X3  enterprise resource planning (ERP) product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems. These issues were discovered by researchers from Rapid7, who notified Sage Group of their findings on Feb. 3, 2021. The vendor has since rolled out  fixes  in recent releases for Sage X3 Version 9 (Syracuse 9.22.7.2), Sage X3 HR & Payroll Version 9 (Syracuse 9.24.1.3), Sage X3 Version 11 (Syracuse 11.25.2.6), and Sage X3 Version 12 (Syracuse 12.10.2.8) that were shipped in March. The list of vulnerabilities is as follows - CVE-2020-7388  (CVSS score: 10.0) - Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component CVE-2020-7389  (CVSS score" 5.5) - System "CHAINE" Variable Script Command Injection (No fix planned) CVE-2020-7387  (CVSS score: 5.3) - Sage X3 Ins
Researchers Discover First Known Malware Targeting Windows Containers

Researchers Discover First Known Malware Targeting Windows Containers

June 07, 2021Ravie Lakshmanan
Security researchers have discovered the first known malware, dubbed " Siloscope ," targeting Windows Server containers to infect Kubernetes clusters in cloud environments. "Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers,"  said  Unit 42 researcher Daniel Prizmant. "Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers such as, but not limited to, cryptojackers." Siloscape, first detected in March 2021, is characterized by several techniques, including targeting common cloud applications such as web servers to gain an initial foothold via known vulnerabilities, following which it leverages Windows container escape techniques to break out of the confines of the container and gain remote code execution on the underlying node. A container is an  isolated, lightweight silo  for running an application on the host operating system. The malware&
Download Ultimate 'Security for Management' Presentation Template

Download Ultimate 'Security for Management' Presentation Template

May 25, 2021The Hacker News
There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization. Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we'll refer to this individual as the CISO. This person is the subject-matter expert in understanding the standard set of active cyber risks, benchmarking to what degree the organization's exposure influences potential impact. They then take appropriate steps to ensure the major risks are addressed. On top of being engaged 24/7 in the organization's actual breach protection activity, the CISO has another critical task: to articulate the risks, potential impacts and appropriate steps to take to the company's management – or in other words, they must effectively translate security issues for non-security-savvy executives in a clear and busi
Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software

Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software

May 24, 2021Ravie Lakshmanan
Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention. "In a telco setting, where a telco is monitoring thousands of sites, if a customer site is fully compromised, an attacker can use the vulnerabilities to compromise the telco, and then every other monitored customer site," Adi Ashkenazy, CEO of Australian cybersecurity firm Skylight Cyber, told The Hacker News via email. Nagios is an open-source IT infrastructure tool analogous to SolarWinds Network Performance Monitor (NPM) that offers monitoring and alerting services for servers, network cards, applications, and services. The issues, which consist of a mix of authenticated remote code execution (RCE) and privilege escalation flaws, were discovered and reported to Nagios in October 2020, following which they were  remediated  in  November . Chief among them i
Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

January 23, 2021Ravie Lakshmanan
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as  CVE-2020-6207 , that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP  SolMan  is an application management and administration solution that offers end-to-end application lifecycle management in distributed environments, acting as a centralized hub for implementing and maintaining SAP systems such as ERP, CRM, HCM, SCM, BI, and others. "A successful exploitation could allow a remote unauthenticated attacker to execute highly privileged administrative tasks in the connected  SAP SMD Agents ," researchers from Onapsis  said , referring to the Solution Manager Diagnostics toolset used to analyze and monitor SAP systems. The vulnerability, which has the highest possible CVSS base score of 10.0, was addressed by SAP as part of its  March 2020  u
SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack

SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack

December 15, 2020Ravie Lakshmanan
Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was  exploited to insert malware  and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its  advisory  page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to secure their environments. The malware, dubbed SUNBURST (aka Solorigate), affects Orion app versions 2019.4 through 2020.2.1, released between March 2020 and June 2020. "Based on our investigation, we are not aware that this vulnerability affects other versions—including future versions—of Orion Platform products," the company said. "We have scanned the code of all our software products for markers similar to those used in the attack on our Orion Platform products identified above, and we have found no evidence that other versions of our Orion Platform products or our ot
Build Your 2021 Cybersecurity Plan With This Free PPT Template

Build Your 2021 Cybersecurity Plan With This Free PPT Template

November 11, 2020The Hacker News
The end of the year is coming, and it's time for security decision-makers to make plans for 2021 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced. The Definitive 2021 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an off-the-shelf tool to clearly and easily present their plans and insights to management. While many security decision-makers have the tools and expertise to build their case technologically, effectively communicating their conclusions to the organization's management is a different challenge. Management doesn't think in terms of malware, identity compromise, or zero-day exploits, but in terms of monetary loss and gain: Would investment A in a security product reduce the likelihood of cyberattack derived downtime? Would outsourcing a certain security functionality to a service
A Handy Guide for Choosing a Managed Detection & Response (MDR) Service

A Handy Guide for Choosing a Managed Detection & Response (MDR) Service

October 07, 2020The Hacker News
Every company needs help with cybersecurity. No CISO ever said, "I have everything I need and am fully confident that our organization is fully protected against breaches." This is especially true for small and mid-sized enterprises that don't have the luxury of enormous cybersecurity budgets and a deep bench of cybersecurity experts. To address this issue, especially for small and mid-sized enterprises, we've seen a sharp rise in Managed Detection and Response (MDR) services. MDR is essentially an outsourced cybersecurity expert service that monitors a company's environment and provides an improved ability to detect, investigate, and respond to threats. Think of it as augmenting your existing staff with a group of highly skilled cybersecurity experts. MDR Services Cynet recently published a new whitepaper that reviewed all of the services provided by their MDR team, which they refer to as "CyOps" [you can download the whitepaper here] . Interestin
New Report Explains COVID-19's Impact on Cyber Security

New Report Explains COVID-19's Impact on Cyber Security

September 16, 2020The Hacker News
Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks. Of course, malicious emails would contain subjects relating to Covid-19, and malicious downloads would be Covid-19 related. This is how cybercriminals operate. Any opportunity to maximize effectiveness, no matter how contemptible, is taken. While many have anecdotally suggested ways in which Covid-19 related cyberattacks would unfold, we have little data supporting the actual impact of Covid-19 on cybersecurity. Several have reported that the number of malicious emails with the subject related to Covid-19 has grown several hundred percent and that the majority of Covid-19 related emails are now malicious. Beyond the anticipated increase in Covid-19 related malicious emails, videos, and an array of downloadable files, which we all anticipated, what else is going on behind the scenes? Interestingly, cybersecurity
SMB Cybersecurity Catching Up to Enterprise… But the Human Element Still a Major Concern

SMB Cybersecurity Catching Up to Enterprise… But the Human Element Still a Major Concern

September 07, 2020The Hacker News
Cyberattacks on small to medium-sized businesses (SMBs) are continuing at a relentless pace, with the vast majority of data breaches coming from outside the organization . Some believe hackers are aggressively targeting these smaller firms because they believe SMBs lack adequate resources and enterprise-grade security tools, making them easier prey than larger businesses. A new report from Cisco, however, challenges this assumption. SMBs have made significant strides enhancing their security protocols and are closing the gap with their bigger counterparts. The report notes 87 percent of SMB business owners rank security a top priority, and more than 99 percent have a dedicated resource focusing on security. SMBs are also becoming more diligent about defining metrics to assess their security effectiveness and implementing security controls and tools at rates similar to large enterprises. No doubt, the emergence of security solutions developed specifically for SMBs is support
New Highly-Critical SAP Bug Could Let Attackers Take Over Corporate Servers

New Highly-Critical SAP Bug Could Let Attackers Take Over Corporate Servers

July 14, 2020Ravie Lakshmanan
SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287 , is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, according to cybersecurity firm Onapsis, which uncovered the flaw . "If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account, which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications," the US Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory . "The confidentiality, integr
Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets

Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets

May 05, 2020Swati Khandelwal
Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. The security advisory—about which The Hacker News learned from Dimitri van de Giessen , an ethical hacker and system engineer—is scheduled to be available publicly later today on the Citrix website . Citrix ShareFile is an enterprise-level file sharing solution for businesses using which employees can securely exchange proprietary and sensitive business data with each other. The software offers an on-premises secure cloud environment for data storage with auditing capabilities and regulatory compliance controls. For example, a company can remotely lock or wipe data from potentially compromised mobile devices, or they're when lost or stolen. The newly identified security issues ( CTX-CVE-2020-7473 ) specifically affect customer-managed o
Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

April 21, 2020Swati Khandelwal
A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure. The affected premium product in question is IBM Data Risk Manager (IDRM) that has been designed to analyze sensitive business information assets of an organization and determine associated risks. According to Pedro Ribeiro from Agile Information Security firm, IBM Data Risk Manager contains three critical severity vulnerabilities and a high impact bug, all listed below, which can be exploited by an unauthenticated attacker reachable over the network, and when chained together could also lead to remote code execution as root. Authentication Bypass Command Injection Insecure Default Password Arbitrary File Download Ribeiro successfully tested the flaws against IBM Data Risk Manager version 2.0.1 to 2.0.3, which is not the la
CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

April 17, 2020Ravie Lakshmanan
The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution (RCE) vulnerability in Pulse Secure VPN servers—even if they have already patched it. The warning comes three months after another CISA alert urging users and administrators to patch Pulse Secure VPN environments to thwart attacks exploiting the vulnerability. "Threat actors who successfully exploited CVE-2019-11510 and stole a victim organization's credentials will still be able to access — and move laterally through — that organization's network after the organization has patched this vulnerability if the organization did not change those stolen credentials," CISA said. CISA has also released a tool to help network administrators look for any indicators of compromise associated with the flaw.
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.