#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

enterprise security | Breaking Cybersecurity News | The Hacker News

Webinar: How MSSPs Can Overcome Coronavirus Quarantine Challenges

Webinar: How MSSPs Can Overcome Coronavirus Quarantine Challenges

Apr 14, 2020
The Coronavirus quarantine introduces an extreme challenge for IT and Security teams to maintain secure environments during the mass transition of employees working remotely and the surge in cyberattacks targeting its inherent security weaknesses. In a webinar for security service providers taking place on April 22nd ( register here ), a leading MSSP will share how they conquer and overcome the coronavirus quarantine challenges to grow their customer base. The webinar sheds light on the opportunities and challenges this new reality introduces to MSSPs from the perspective of a leading Canadian MSSP. While it might sound strange to discuss the opportunities Coronavirus brings, especially with the changes it imposes on the IT environment, but it does bring a shift in priorities. It turns out that cyber threats that were normally considered a reasonable risk to contain, suddenly become regarded as a critical need to address. Thus, organizations that did not have advanced threat
How to Provide Remote Incident Response During the Coronavirus Times

How to Provide Remote Incident Response During the Coronavirus Times

Mar 24, 2020
While the Coronavirus pandemic continues to strike chaos across the global economies, threat actors keep on launching cyberattacks on organizations from all sizes and verticals. IR providers face a unique challenge when approached by these organizations since, due to the Coronavirus mass quarantine, conducting incident response engagements by arriving physically to the customers' offices is impossible. Cynet 360, a tool of choice for a number of IR providers (offered to IR providers for free), enables responders to compensate on the lack of physical access with the ability to conduct a full IR operation remotely ( learn more here ) by seamless and rapid remote deployment, complete visibility into the attacked organization's environment, automated threat detection, and integrated MDR services. Attackers always seek easy opportunities, and it's no wonder many threat actors take advantage of the current mayhem of the Coronavirus pandemic to increase their attacks'
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies

U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies

Feb 14, 2020
The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year. Accusing Huawei and its affiliates of "using fraud and deception to misappropriate sophisticated technology from US counterparts," the new charges allege the company of offering bonuses to employees who obtained "confidential information" from its competitors. The indictment adds to a list of two other charges filed by the US government last year, including violating US sanctions on Iran and stealing technology from T-Mobile — called Tappy — that's used to test smartphone durability. The development is the latest salvo fired by the Trump administration in its year-long fight against the networking equipment maker, which it deems a threat to national security. "The misappropriated
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Broadening the Scope: A Comprehensive View of Pen Testing

Broadening the Scope: A Comprehensive View of Pen Testing

Jan 16, 2020
Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization's IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation. However, the results are also capable of doing even more. They identify and quantify security risk, and can be used as a keystone in cybersecurity policies. The same can be said about broader penetration testing practices. Organizations gain real value from learning about others' penetration testing experiences, trends, and the role they play in today's threat landscape. The world of pen testing can be an interesting balance of open collaboration and closely guarded privacy. While pen testers may engage in teaming exercises, or happily talk technique when they attend Black Hat, most organizations are extremely reluctant when it comes to discussing their pen testing practices and results. Of course, confidentia
Top 5 Cybersecurity and Cybercrime Predictions for 2020

Top 5 Cybersecurity and Cybercrime Predictions for 2020

Dec 03, 2019
We distilled 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020 and compiled the top 5 most interesting findings and projections in this post. Compliance fatigue will spread among security professionals Being a source of ongoing controversy and debate, the California Consumer Privacy Act (CCPA) was finalized on 11th January 1, 2019. Driven by laudable objectives to protect Californians' personal data, prevent its misuse or unconsented usage by unscrupulous entities, the law imposes formidable monetary penalties of up to $7,500 per intentional violation and $2,500 per unintentional violation. The Act is enforceable against organizations that process or handle personal data of California residents, regardless of the geographical location of the former. Akin to the EU GDPR, data subjects are empowered with a bundle of rights to control their personal data and its eventual usage. The pitfall is that if every US state introduces its own s
The Comprehensive Compliance Guide (Get Assessment Templates)

The Comprehensive Compliance Guide (Get Assessment Templates)

Nov 13, 2019
Complying with cyber regulations forms a significant portion of the CISO's responsibility. Compliance is, in fact, one of the major drivers in the purchase and implementation of new security products. But regulations come in multiple different colors and shapes – some are tailored to a specific vertical, while others are industry-agnostic. Some bare explicit consequences for failing to comply, while others have a more guidance-like nature. The Comprehensive Security Guide (download here) , for the first time, provides security executives with a single document that gathers standardized and easy to use templates of all main compliance frameworks: PCI-DSS, HIPAA, NIST Cyber Security Framework and GDPR. Employing an independent auditor is the common practice to ensure one complies with the desired regulation. However, before having an external auditor excavating through the organizations' security stack internals, it makes sense for the security stakeholders to independ
Cynet 360: The Next Generation of EDR

Cynet 360: The Next Generation of EDR

Sep 24, 2019
Many organizations regard Endpoint Detection and Response (EDR) as their main protection against breaches. EDR, as a category, emerged in 2012 and was rapidly acknowledged as the best answer to the numerous threats that legacy AV unsuccessfully struggled to overcome – exploits, zero-day malware and fileless attacks are prominent examples. While there is no dispute on EDR's efficiency against a significant portion of today's advanced threats, a new breed of "next-generation EDR" solutions are now available ( learn more here ) which on top of featuring all EDR capabilities, go beyond this to protect against prominent attack vectors that EDR does not cover such as those involving users and networks. "Many people unknowingly mix two different things – endpoint protection and breach protection," explained Eyal Gruner, co-Founder of Cynet (a next-generation EDR solution). "It's perfectly true that many attacks start at the endpoint and involve mali
How Cloud-Based Automation Can Keep Business Operations Secure

How Cloud-Based Automation Can Keep Business Operations Secure

Sep 16, 2019
The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time. Ironically, the incident, which exposed some 106 million Capital One customers' accounts , has only reinforced the belief that the cloud remains the safest way to store sensitive data. "You have to compare [the cloud] not against 'perfect' but against 'on-premises.'" Ed Amoroso, a former chief security officer at AT&T, told Fortune magazine this week. He wasn't the only voice defending cloud computing in the wake of a hack attack. In an article titled "Don't Doubt the Cloud," Fortune columnist Robert Hackett , wrote: "The cloud is undeniably convenient and, more importantly, better in terms of security than what the majority of companies can achieve alone." The problem, experts said, was not cloud computing but rather the tendency for
CISO Kit — Breach Protection in the Palm of Your Hand

CISO Kit — Breach Protection in the Palm of Your Hand

Sep 11, 2019
CISOs and CIOs need to know better than anyone the security pulse of their organizations. On the other hand, they cannot be flooded with every changing detail. Finding the right balance that enables them to clearly grasp the big picture required in making sound decisions is a task many security executives find challenging. Threat actors do not acknowledge off-hours or weekends, introducing the need for constant vigilance. Moreover, CIOs and CISOs are heavily dependent on their team for knowledge and often lack the immediate interaction with the events in real-time. This situation is also far from favorable – after all, who if not the security executive should have the ability to be in-the-know and initiate action at the heart of things? Cynet rises to this challenge with the recently launched Cynet Dashboard application, which provides 24/7 insight into the overall security posture, real-time visibility into newly detected threats, and the ability to take rapid action if the nee
Engage Your Management with the Definitive 'Security for Management' Presentation Template

Engage Your Management with the Definitive 'Security for Management' Presentation Template

Jul 16, 2019
In every organization, there is a person who's directly accountable for cybersecurity. The name of the role varies per the organization's size and maturity – CISO, CIO, and Director of IT are just a few common examples – but the responsibility is similar in all places. They're the person who understands the risk and exposure, knows how prepared the team and most important – what the gaps are and how they can be best addressed. Apart from actually securing the organization – and losing some sleep over it – this individual has another equally important task: to communicate the security risk, needs, and status to the company's management. After all, the level of security rises in direct proportion to the amount of invested resources, and management people are the ones who decide and allocate them. Since management people are not typically cybersecurity savvy, engaging them can be challenging – one must find the balance between high-level explanations, a direct c
Cynet Launches Free Offering For Incident Response Service Providers

Cynet Launches Free Offering For Incident Response Service Providers

Jul 09, 2019
More and more, organizations take the route of outsourcing incident response to Managed Security Service Providers. This trend is distinct regardless of the organization's cyber maturity level and can be found across a wide range of cyber maturity, from small companies with no dedicated security team to enterprises with a fully equipped SOC. The hands of the incident response service providers are extremely busy, and the need from their side to scale while maintaining top quality has never been greater. To address this need, Cynet offers IR service providers to collect data, analyze, investigate and remediate threats on their customers' environments with Cynet 360 platform for free, introducing unmatched speed and reliability into their operations. Any incident responder can now simply sign up to Cynet and immediately get free access to the platform. "Cynet tackles the incident response play at its most fundamental core – speed," said Eyal Gruner, co-fo
5 Keys to Improve Your Cybersecurity

5 Keys to Improve Your Cybersecurity

Jun 18, 2019
Cybersecurity isn't easy. If there was a product or service you could buy that would just magically solve all of your cybersecurity problems, everyone would buy that thing, and we could all rest easy. However, that is not the way it works. Technology continues to evolve. Cyber attackers adapt and develop new malicious tools and techniques, and cybersecurity vendors design creative new ways to detect and block those threats. Rinse and repeat. Cybersecurity isn't easy, and there is no magic solution, but there are a handful of things you can do that will greatly reduce your exposure to risk and significantly improve your security posture. The right platform, intelligence, and expertise can help you avoid the vast majority of threats, and help you detect and respond more quickly to the attacks that get through. Challenges of Cybersecurity Effective cybersecurity is challenging for a variety of reasons, but the changing perimeter and the confusing variety of solution
Cynet Free Visibility Experience – Unmatched Insight into IT Assets and Activities

Cynet Free Visibility Experience – Unmatched Insight into IT Assets and Activities

Jun 12, 2019
Real-time visibility into IT assets and activities introduces speed and efficiency to many critical productivity and security tasks organizations are struggling with—from conventional asset inventory reporting to proactive elimination of exposed attack surfaces. However, gaining such visibility is often highly resource consuming and entails manual integration of various feeds. Cynet is now offering end-users and service providers free access to its end-to-end visibility capabilities . The offering consists of 14 days access to the Cynet 360 platform, during which users can gain full visibility into their IT environment—host configurations, installed software, user account activities, password hygiene, and network traffic. "When we built the Cynet 360 platform we identified a critical need for a single-source-of-truth interface where you get all the knowledge regarding what exists in the environment and what activities take place there," said Eyal Gruner, Cynet fou
When Time is of the Essence – Testing Controls Against the Latest Threats Faster

When Time is of the Essence – Testing Controls Against the Latest Threats Faster

Jun 12, 2019
A new threat has hit head the headlines ( Robinhood anyone?), and you need to know if you're protected right now. What do you do? Traditionally, you would have to go with one of the options below. Option 1 – Manually check that IoCs have been updated across your security controls. This would require checking that security controls such as your email gateway, web gateway, and endpoint security have all been updated with the latest threats' indicators of compromise (IoCs) usually published by AV companies who detect the malware binaries first. Option 2 – Create a 'carbon copy' of your network and run the threat's binary on that copy. While safe, IT and security teams may be unaware of certain variations from the real deal. So while the attack simulation is running against an 'ideal' copy, your real network may have undergone inadvertent changes, such as a firewall running in monitoring mode, a patch not being installed on time, and other unintent
5 Cybersecurity Tools Every Business Needs to Know

5 Cybersecurity Tools Every Business Needs to Know

May 23, 2019
Cybersecurity experts all echo the same thing – cyber attacks are going to get more rampant, and they will continue to pose severe threats against all technology users. Businesses, in particular, have become prime targets for cybercriminals due to the nature of data and information they process and store. 2018 saw a slew of data breaches targeting large enterprises that resulted in the theft of the personal and financial records of millions of customers. Falling victim to cyber attacks can deal with a major financial blow to businesses as the cost of dealing with an attack has risen to $1.1 million on the average. It can even be more devastating for small to medium-sized businesses. 60 percent of these smaller operations close within six months after failing to recover from cyber attacks. But aside from these monetary costs, companies can also lose credibility and their customers' confidence. Needless to say, businesses must improve the protection of their infrastructures
Cybersecurity Resources