#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

network security audit software | Breaking Cybersecurity News | The Hacker News

Top 10 — 2016 New Year's Resolutions for Cyber Security Professionals

Top 10 — 2016 New Year's Resolutions for Cyber Security Professionals

Dec 16, 2015
Billions of dollars are spent in securing business operations, and yet attackers still find ways to breach a network. With the ever increasing growth in security attacks across all threat vectors, you should consider these New Year's resolutions to help solve your security challenges in 2016: Take stock of what you have Segment your Network Setup controls with ACLs Secure protocols, network ports, & services Monitor account activity Monitor servers & databases Make sure that your applications are secured Ensure security policies are in place Measure effectiveness and ensure your security products are doing their job Add threat intelligence into your security operations As you prepare for 2016 and reflect on all the security news stories from this year, these ten resolutions need to be on your " to-do " list: 1. Take stock of what you have Knowing the genetic makeup of your environment is the key to securing your IT systems. It is critical to have an updated invento
Here's How SIEM Can Protect Your Privileged Accounts in the Enterprise

Here's How SIEM Can Protect Your Privileged Accounts in the Enterprise

Oct 20, 2015
It's inevitable. Most security threats eventually target privileged accounts. In every organization each user has different permissions, and some users hold the metaphorical keys to your IT kingdom. If the privileged accounts get compromised, it can lead to theft or sabotage. Because these accounts control delicate parts of your IT operations, and it is important to know who has privileges, what privileges they have, when they received access, and what activity they've done. This is where Security Information and Event Management (SIEM) software comes in handy. SIEM Monitors and Alerts on Privileged Account Activity Comprehensive monitoring of privileged accounts can be challenging because you need to monitor users who are administrators, users with root access, and users with access to firewalls, databases, services, automated processes, etc. With every additional user, group, and policy monitoring account activity gets increasingly difficult. On top of mo
Code Keepers: Mastering Non-Human Identity Management

Code Keepers: Mastering Non-Human Identity Management

Apr 12, 2024DevSecOps / Identity Management
Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or
Volatile Cedar — Global Cyber Espionage Campaign Discovered

Volatile Cedar — Global Cyber Espionage Campaign Discovered

May 29, 2015
Security firm Check Point has uncovered what seems to be a successful, and long-running, cyber-surveillance campaign called " Volatile Cedar ." Check Point found that targets of the attack included, but were not limited to, defense contractors, media companies, telecommunications, and educational institutions. The attack is said to have originated in Lebanon and possibly has political ties in the region. According to an article in Techworld , previous cyber-campaigns originating from Lebanon have been either extremely unsophisticated or targeted at other countries in the region. However, Volatile Cedar is different. According to the report, this campaign has been in operation since 2012 and has successfully penetrated a large number of targets across the globe. During this time it has allowed the attackers to steal data and monitor a large volume of victim's actions. The actors involved in this campaign do not appear to be using flashy mechanisms like zero day attacks
cyber security

WATCH: The SaaS Security Challenge in 90 Seconds

websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
How to Find the Details of a Network Attack

How to Find the Details of a Network Attack

May 12, 2015
Let's be honest, a network attack of any scale is inevitable in today's IT world. Do you have the ability to quickly identify the details of the attack? If your network goes down, your network monitoring tool can tell you what happened, but knowing details about who was vulnerable or why the attack happened is even more valuable. An often overlooked feature of log management software is the ability to conduct forensic analysis of events. Instead of searching for a needle in a haystack, forensic analysis tools can make drilling down to identify details a quick and easy task. SolarWinds Log & Event Manager has cutting-edge IT search for fast and easy forensic analysis. Here are six ways that the forensic analysis feature of Log & Event Manager can help you piece together what really happened. 1) Incident response Say goodbye to complex queries. Conducting forensic analysis, in general, is a quicker and simpler way to do incident response. The faster you
USB Defense: Stop Data Walking Out The Door

USB Defense: Stop Data Walking Out The Door

Apr 17, 2015
The bad news is that internal data breaches are on the rise. And one of the biggest culprits? USB devices. In the past few years, there has been many organizations tracking down the loss of sensitive/confidential information due to the usage of USB drives and other mass storage media. Cyber-security breaches and data theft are making more and more IT leaders paranoid about security than ever before. Why are USB devices dangerous? USB devices can hold a lot of information. For example, a 128 GB USB flash drive can store 60,000 photos, 20,000 songs, 100+ videos, and more. Just imagine how many protected corporate files could fit on one drive. Also, the storage capacity of USB devices is only going to increase. USB devices are super portable. Some USB storage devices are the size of a small coin. This makes them very difficult to visually detect when plugged into an open port. USB devices are cheap and easy to find. If you're in the market for a USB storage device, there
FREAK Attack: How to Protect Yourself

FREAK Attack: How to Protect Yourself

Apr 02, 2015
The recently disclosed FREAK (Factoring attack on RSA Export Keys) attack is an SSL/TLS vulnerability that is affecting major browsers, servers and even mobile devices.  FREAK vulnerability allows the attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to manipulate or steal sensitive data. Although most major hardware/software vendors and owners have patched this flaw, many are still susceptible to this kind of attack.  Instrumental in discovering FREAK flaw, the University of Michigan conducted scans and discovered that an estimated 36.7% of the 14 million websites offering browser-trusted certificates were vulnerable at the time of disclosure.  This includes some very high profile pages like nsa.gov, irs.gov and even the ubiquitous connect.facebook.com (the source of all Facebook "Like" buttons.) IMPACTS OF FREAK ATTACK Intercepts your sensitive,
Cybersecurity Resources