information technology | Breaking Cybersecurity News | The Hacker News

The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill ( DPDPB ) after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto," the Indian government  said . The  long-awaited data protection law  comes months after the Ministry of Electronics and Information Technology (MeitY) released a  draft version  of the bill in November 2022. It has been in the making for over five years, with a first draft released in July 2018. A year before, India's Supreme Court  upheld  privacy as a  fundamental right . The legislative framework, which applies ...

Attacks on critical infrastructure and other OT systems are on the rise as digital transformation and OT/IT convergence continue to accelerate. Water treatment facilities, energy providers, factories, and chemical plants — the infrastructure that undergirds our daily lives could all be at risk. Disrupting or manipulating OT systems stands to pose real physical harm to citizens, environments, and economies. Yet the landscape of OT security tools is far less developed than its information technology (IT) counterpart. According to a recent  report from Takepoint Research and Cyolo , there is a notable lack of confidence in the tools commonly used to secure remote access to industrial environments.  Figure 1: New research reveals a large gap across industries between the level of concern about security risks and the level of confidence in existing solutions for industrial secure remote access (I-SRA). The traditional security strategy of industrial environments was isolation –...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

As security professionals who have spent more than a few years in the industry, we know a good challenge when we see one. SaaS and cloud-based technologies are growing rapidly, offering organizations convenience and constant feature refreshes without the need to install and deploy software on-premises. However, even when referred to as 'a game-changer,' many organizations are still highly concerned by security breaches. Today, organizations have anywhere from 35-to literally hundreds of SaaS applications running. Slack, Office 365, Zoom, Zendesk, Salesforce, Hubspot, etc. These applications are at the core of modern enterprises, to the point where running a business without them would be nearly impossible, with the cost and time-saving benefits they provide enabling growth while conserving resources. SaaS applications are easy to use, scalable, and now, they even come with an impressive array of native security controls to secure sensitive corporate data. How to make the...

WikiLeaks' release of secret government communications should serve as a warning to the nation's biggest companies: You're next. Computer experts have warned for years about the threat posed by disgruntled insiders and poorly crafted security policies that give too much access to confidential data. WikiLeaks' release of U.S. diplomatic documents shows that the group can—and likely will—use the same methods to reveal the secrets of powerful corporations. As WikiLeaks claims it has incriminating documents from a major U.S. bank, possibly Bank of America, there's new urgency to address information security inside corporations. This situation also highlights the limitations of security measures when confronted with a determined insider. At risk are companies' innermost secrets—emails, documents, databases, and internal websites thought to be locked from the outside world. Companies create records of every decision they make, whether it's rolling out new produ...

The likelihood of an unprovoked cyberattack is low, according to extensive new legal research featured in an upcoming issue of the British journal INFO. This research explores a 150-year-old series of Geneva Conventions related to cyberwar. However, defining "cyberwar" remains elusive, and reaching a broad consensus on its definition is challenging. What is Cyberwar? The terms "cyber" and "war" have been abstract concepts for many years. After an attack, nations typically assert the right to proportional responsive measures, using all available means during warfare. International Treaty Provisions While the topic of cyberwar is widely discussed, few know that two key provisions were added to an international treaty in the 1990s. This treaty, signed and ratified by almost every country, limits the conditions under which a nation can adversely affect another nation's networks, services, and equipment. These provisions were added following major cyber...