#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

insider threat | Breaking Cybersecurity News | The Hacker News

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs
May 17, 2024 Cyber Hygiene / Attack Surface
A new report from XM Cyber has found – among other insights - a  dramatic  gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the  XM Cyber platform  during 2023. These assessments uncovered over 40 million exposures that affected millions of business-critical assets. Anonymized data regarding these exposures was then provided to the Cyentia Institute for independent analysis. To read the full report,  check it out here . Download the report to discover: Key findings on the types of exposures putting organizations at greatest risk of breach. The state of attack paths between on-prem and cloud networks. Top attack techniques seen in 2023. How to focus on what matters most, and remediate high-impact exposure risks to your critical assets. The

Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia
May 01, 2024 National Security / Insider Threat
A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust,"  said  FBI Director Christopher Wray. Jareh Sebastian Dalke, 32, of Colorado Springs was employed as an Information Systems Security Designer between June 6 to July 1, 2022, during which time he had access to sensitive information. Despite his short tenure at the intelligence agency, Dalke is said to have made contact with a person he thought was a Russian agent sometime between August and September of that year. In reality, the person was an undercover agent working for the Federal Bureau of Investigation (FBI). To demonstrate his "legitimate access and willingness to share," he then emailed the purported Russian ag

Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China

Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China
Mar 07, 2024 Artificial Intelligence / Corporate Espionage
The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who was arrested on March 6, 2024, "transferred sensitive Google trade secrets and other confidential information from Google's network to his personal account while secretly affiliating himself with PRC-based companies in the AI industry," the DoJ  said . The defendant is said to have pilfered from Google over 500 confidential files containing artificial intelligence (AI) trade secrets with the goal of passing them on to two unnamed Chinese companies looking to gain an edge in the ongoing AI race. "While Linwei Ding was employed as a software engineer at Google, he was secretly working to enrich himself and two companies based in the People's Republic of China," sa

Guide: Secure Your Privileged Access with Our Expert-Approved Template

cyber security
websiteDelineaIT Security / Access Control Security
Transform your Privileged Access Management with our Policy Template—over 40 expertly crafted statements to elevate compliance and streamline your security.

A SaaS Security Challenge: Getting Permissions All in One Place 

A SaaS Security Challenge: Getting Permissions All in One Place
May 08, 2024Attack Surface / SaaS Security
Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user's base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of that are custom permissions required by an individual user.  For example, look at a sales rep who is involved in a tiger team investigating churn while also training two new employees. The sales rep's role would grant her one set of permissions to access prospect data, while the tiger team project would grant access to existing customer data. Meanwhile, special permissions are set up, providing the sales rep with visibility into the accounts of the two new employees. While these permissions are precise, however, they are also very complex. Application admins don't have a single screen within these applications th

From 500 to 5000 Employees - Securing 3rd Party App-Usage in Mid-Market Companies

From 500 to 5000 Employees - Securing 3rd Party App-Usage in Mid-Market Companies
Mar 04, 2024 SaaS Security / Vulnerability Assessment
A company's lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either experiencing or have experienced rapid growth. As requirements and tasks continue to accumulate and malicious actors remain active around the clock, budgets are often stagnant at best. Yet, it is crucial to keep track of the tools and solutions that employees are introducing, the data and know-how shared through these tools, and to ensure that these processes are secure. This need is even more pronounced in today's dynamic and interconnected world, where third-party applications and solutions can be easily accessed and onboarded. The potential damage of losing control over the numerous applications with access and permissions to your data requires no explanation. Security leaders in mid-market companies face a unique set of challenges that demand a distinct approach to overcome.  To begin

Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks

Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks
Feb 16, 2024 Cyber Threat / Cloud Security
A malicious Python script known as  SNS Sender  is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services (AWS) Simple Notification Service ( SNS ). The SMS phishing messages are designed to propagate malicious links that are designed to capture victims' personally identifiable information (PII) and payment card details, SentinelOne  said  in a new report, attributing it to a threat actor named ARDUINO_DAS. "The smishing scams often take the guise of a message from the United States Postal Service (USPS) regarding a missed package delivery," security researcher Alex Delamotte said. SNS Sender is also the first tool observed in the wild that leverages AWS SNS to conduct SMS spamming attacks. SentinelOne said that it identified links between ARDUINO_DAS and more than 150 phishing kits offered for sale. The malware requires a list of phishing links stored in a file named links.txt in its working directory, in addition t

Exposed Secrets are Everywhere. Here's How to Tackle Them

Exposed Secrets are Everywhere. Here's How to Tackle Them
Jan 05, 2024 Threat Intelligence / Security Automation
Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, lacking the necessary context, you're left pondering the optimal steps to take. What's the right path forward in this situation? Secrets management is an essential aspect of any organization's security strategy. In a world where breaches are increasingly common, managing sensitive information such as API keys, credentials, and tokens can make all the difference. Secret scanners play a role in identifying exposed secrets within source code, but they have one significant limitation:  they don't provide context. And without context, it's impossible to devise an appropriate response plan. Con

Stop Identity Attacks: Discover the Key to Early Threat Detection

Stop Identity Attacks: Discover the Key to Early Threat Detection
Nov 28, 2023 Threat Detection / Insider Threat
Identity and Access Management (IAM) systems are a staple to ensure only authorized individuals or entities have access to specific resources in order to protect sensitive information and secure business assets. But did you know that today over 80% of attacks now involve identity, compromised credentials or bypassing the authentication mechanism? Recent breaches at MGM and Caesars have underscored that, despite best efforts, it is not "if" but "when" a successful attack will have bypassed authentication and authorization controls. Account takeover, when an unauthorized individual gains access to a legitimate user account, is now the number one attack vector of choice for malicious actors. With so much focus on controls for prevention, the necessary detection and rapid response to identity-based attacks is often overlooked. And since these attacks use stolen or compromised credentials, it can be difficult to distinguish from legitimate users without a layer of detection. Dive deep i

How to Handle Retail SaaS Security on Cyber Monday

How to Handle Retail SaaS Security on Cyber Monday
Nov 27, 2023 SaaS Security / Cyber Monday
If forecasters are right, over the course of today, consumers will spend  $13.7 billion . Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information.  SaaS applications supporting retail efforts will host nearly all of this behind-the-scenes activity. While retailers are rightfully focused on sales during this time of year, they need to ensure that the SaaS apps supporting their business operations are secure. No one wants a repeat of one of the biggest retail cyber-snafus in history, like when one U.S.-based national retailer had 40 million credit card records stolen.  The attack surface is vast and retailers must remain vigilant in protecting their entire SaaS app stack. For example, many often use multiple instances of the same application. They may use a different Salesforce tenant for eve

Three Ways Varonis Helps You Fight Insider Threats

Three Ways Varonis Helps You Fight Insider Threats
Nov 15, 2023 Insider Threat / Risk Management
What do basketball teams, government agencies, and car manufacturers have in common? Each one has been breached, having confidential, proprietary, or private information stolen and exposed by insiders. In each case, the motivations and methods varied, but the risk remained the same: insiders have access to too much data with too few controls. Insider threats  continue to prove difficult for organizations to combat because — unlike an outsider — insiders can navigate sensitive data undetected and typically without suspicion. Cybersecurity is not the first industry to tackle insider threats, however. Espionage has a long history of facing and defending against insiders by using the "CIA Triad" principles of confidentiality, integrity, and availability. Varonis' modern cybersecurity answer to insider risk is the data security triad of "sensitivity, access, and activity." Using these three dimensions of data security, you can help reduce the risk and impact of an insider attack. Sen

How to Keep Your Business Running in a Contested Environment

How to Keep Your Business Running in a Contested Environment
Oct 27, 2023 Threat Detection / Vulnerability Management
When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats. At the heart of your business lies your operational technology and critical systems. This places them at the forefront of cybercriminal interest, as they seek to exploit vulnerabilities, compromise your data, and demand ransoms. In today's landscape, characterized by the ever-present risk of ransomware attacks and the challenges posed by fragmented security solutions, safeguarding your organization is paramount. This is where  The National Institute of Standards and Technology (NIST) advocates  for the development of resilient, reliable security systems capable of foreseeing, enduring, and rebounding from cyberattacks.  In this guide, we'll explore strategies to fortify your defenses against cyber threats and ensure

5 Ways to Mitigate Your New Insider Threats in the Great Resignation

5 Ways to Mitigate Your New Insider Threats in the Great Resignation
Sep 15, 2022
Companies are in the midst of an employee  "turnover tsunami"  with no signs of a slowdown.  According to Fortune Magazine,  40% of the U.S. is considering quitting their jobs. This trend – coined the great resignation - creates instability in organizations. High employee turnover increases security risks, and companies are more vulnerable to attacks from human factors worldwide.  At  Davos 2022 , statistics connect the turmoil of the great resignation to the rise of new insider threats. Security teams are feeling the impact. It's even harder to keep up with your employee security. Companies need a fresh approach to close the gaps and prevent attacks. This article will examine what your security teams must do within the new organizational dynamics to quickly and effectively address unique challenges. Handling Your New Insider Threats  Implementing a successful security awareness program is more challenging than ever for your security team—the new blood coming in cause
Expert Insights
Cybersecurity Resources