Search results for Security | Breaking Cybersecurity News | The Hacker News

It's been a year since the release of The Ultimate SaaS Security Posture Management (SSPM) Checklist. If SSPM is on your radar, here's the 2023 checklist edition, which covers the critical features and capabilities when evaluating a solution. The ease with which SaaS apps can be deployed and adopted today is remarkable, but it has become a double-edged sword. On the one hand, apps are quickly onboarded, employees can work from anywhere, and there is little need for operational management. On the other hand, there are pain points that stem from the explosion of SaaS app usage, explained by the "3 V" s: Volume:  Each app can have hundreds of global settings. Multiply this number by thousands – or tens (or even hundreds) of thousands – of employees. Security teams must first be able to discover all the users who are using each application, as well as familiarize themselves with  every  application's specific set of rules and configurations, and ensure they are co

Introduction In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitating the sharing of information and functionalities. However, as the use of APIs continues to rise, they have become an increasingly attractive target for cybercriminals and a significant cybersecurity risk across various industries. This article dives into the world of APIs, exploring why they pose substantial cybersecurity challenges and providing real-world examples of API breaches across different sectors. Download  API Security Guide . The API Revolution The proliferation of cloud computing, mobile apps, and the Internet of Things (IoT) has accelerated the adoption of APIs. They serve as the building blocks of modern software applications, enabling developers to integrate third-party services, enhance functionalities, and c

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

National program for Cyber army to be launched in India Increasing attacks on cyberspace in India has brought several professionals and experts from the Industry, in support with the Government of India to jointly form a national level program to identify credible and valuable information security experts. The program " National Security Database " is all set to launch this Saturday in Mumbai at a major Information security conference, MalCon. The database will include ethical hackers and programmers who can protect country's cyberspace. They will all be registered with the National Security Database, a brainchild of Information Sharing and Analysis Centre (ISAC) , a non profit foundation which works closely with the Government on the issue of cyber security. The need of such database originated after 2008 attacks in Mumbai when the cyber security professionals realised that a lot needed to be done in the area. "It is observed that some or other form of electronic n

Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach has emerged that can be  launched for $1,500 a year . If the name Wing Security (Wing) rings a bell, it is probably because earlier this year, they made waves by offering SaaS shadow IT discovery  completely for free . Today, Wing is once again aiming to disrupt the SaaS security market by offering a new tier that the company claims to be 'The essential SaaS security level that every company should achieve.'  The  new product tier  focuses on SaaS shadow IT discovery, automated vendor risk assessments, and the ability to easily perform user access reviews on dozens of critical business applications. Wing also provides the ability to generate compliance-ready access reports that customers can then send to their auditor. The c

Every SaaS app user and login is a potential threat; whether it's bad actors or potential disgruntled former associates,  identity management and   access control  is crucial to prevent unwanted or mistaken entrances to the organization's data and systems.  Since enterprises have thousands to tens of thousands of users, and hundreds to thousands of different apps, ensuring each entrance point and user role is secure is no easy feat. Security teams need to monitor all identities to ensure that user activity meets their organization's security guidelines.  Identity and Access Management (IAM) solutions administer user identities and control access to enterprise resources and applications. As identities became the new perimeter, making sure this area is governed by the security team is vital. Gartner has recently named a new security discipline called Identity Threat Detection and Response (ITDR) that incorporates detection mechanisms that investigate suspicious posture ch

The White House has recently announced a $1 billion cyber security grant program that is designed to help state and local governments improve their cyber defenses, especially about protecting critical infrastructure. The  recent executive order  stems from the $1.2 trillion infrastructure bill that was signed almost a year ago. That bill allocated $1 billion for  protecting critical infrastructure against cyber-attack  in the wake of a series of high-profile ransomware attacks such as the one that brought down the Colonial Pipeline.  Those government agencies who wish to take advantage of these funding opportunities must submit a grant proposal by mid-November. Proposals are only being accepted for the sixty days following the program's announcement. Grant recipients can use the funding to invest in new cybersecurity initiatives or to make improvements to existing defenses. Awardees are guaranteed to receive a minimum of $2 million. However, the program's requirements stipul

Imagine receiving an email from US VP Mike Pence's official email account asking for help because he has been stranded in the Philippines. Actually, you don't have to. This actually happened. Pence's email was hacked when he was still the governor of Indiana, and his account was used to attempt to defraud several people. How did this happen? Is it similar to how the DNC server was hacked? Email hacking is one of the most widespread cyber threats at present. It is estimated that around 8 out of 10 people who use the internet have received some form of phishing attack through their emails. Additionally, according to Avanan's 2019 Global Phish Report , 1 in 99 emails is a phishing attack. BitDam is aware of how critical emails are in modern communication. BitDam published a new study on the email threat detection weaknesses of the leading players in email security, and the findings command attention. The research team discovered how Microsoft's Office365

This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique "freemium" model Securing employees' SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches and technologies, leading to unnecessary confusion and complexity. Enter Wing Security's new " Essential SSPM " (SaaS Security Posture Management) tool, which aims to simplify the process of securing SaaS usage across the organization. Its business approach is simple: self-onboard, try the product, and if impressed, upgrade to unlock more vital security capabilities.  What's essential SaaS security? According to Wing, three basic yet fundamental capabilities are necessary for organizations aiming to secure their SaaS: discovery, assessment, and control. These align with regulatory security standards such as ISO 27001 and SOC, which emphasize vendo

Not all security teams are born equal. Each organization has a different objective. In cybersecurity, adopting a proactive approach is not just a buzzword. It actually is what makes the difference between staying behind attackers and getting ahead of them. And the solutions to do that do exist! Most attacks succeed by taking advantage of common failures in their target's systems. Whether new or not, known, unknown, or even unknown, attacks leverage security gaps such as  unpatched or uncharted vulnerabilities, misconfigurations, out-of-date systems, expired certificates, human errors, etc. As attackers rely on a range of automated offensive testing tools to scan their targets' attack surfaces and propagate inside their network, a purely reactive defensive stance based on detection and response is increasingly likely to be overwhelmed by an attack. The logical tactical move is to emulate attackers' TTPs and behaviors beforehand by integrating attack simulation tools to

Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential to safeguard an organization's assets, maintain customer trust, and meet regulatory requirements.  A comprehensive  Data Security Platform  is essential for full visibility and control of sensitive data. One example is Satori's Universal Data Permissions Scanner (UDPS), an open-source authorization analysis tool.   UDPS , available on GitHub, enables universal visibility into data access permissions across various data stores. With this tool, it's easier to identify who has the potential to access sensitive data, which can help organizations take a proactive approach to enhancing their security posture, streamline compliance, and ensure well-governed data access. Understanding the Need for U