Search results for essential policy solutions 2025 | Breaking Cybersecurity News | The Hacker News

The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today's complex IT ecosystems. To ensure comprehensive security and smooth operation of critical business processes, your organization needs more than periodic backups — it requires a comprehensive, proactive approach that integrates advanced backup strategies, disaster recovery (DR) capabilities and state-of-the-art ransomware protection. In this article, we'll examine the current cyberthreat landscape, how it is evolving and how you can prepare your organization to overcome unprecedented challenges in 2025 and beyond. Take a self-guided product tour of Unitrends Unified BCDR to experience effortless backup and disaste...

The Evolving Healthcare Cybersecurity Landscape   Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sector experienced a record-breaking year for data breaches in 2024, with over 133 million patient records exposed. The average cost of a healthcare data breach has now reached $11 million, making it the most expensive industry for breaches.  What's changed dramatically is the focus of attackers. No longer content with merely extracting patient records, cybercriminals are now targeting the actual devices that deliver patient care. The stakes have never been higher, with ransomware now representing 71% of all attacks against healthcare organizations and causing an average downtime of 11 days per inc...

Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes," cybersecurity firm Arctic Wolf said in an analysis published last week. The malicious activity is believed to have commenced in mid-November 2024, with unknown threat actors gaining unauthorized access to management interfaces on affected firewalls to alter configurations and extract credentials using DCSync . The exact initial access vector is currently not known, although it has been assessed with "high confidence" that it's likely driven by the exploitation of a zero-day vulnerability given the "compressed timeline across affected organizations as well as firmware versions af...

The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset analysis identified 1,337,797 unique findings (security issues) across 68,500 unique customer assets. 32,585 of them were distinct CVEs, with 10,014 having a CVSS score of 8 or higher. Among these, external assets have 11,605 distinct CVEs, while internal assets have 31,966. With this volume of CVEs, it's no surprise that some go unpatched and lead to compromises. Why are we stuck in this situation, what can be done, and is there a better approach out there? We'll explore the state of vulnerability reporting, how to prioritize vulnerabilities by threat and exploitation, examine statistical probabilities, and briefly discuss risk. Lastly, we'll consider solutions to minimize vulnerability impact while giving management ...

Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian's end-to-end NHI security platform is here to close the gap. Enterprises are Losing Track of Their Machine Identities Machine identities–service accounts, API keys, bots, automation, and workload identities–that now outnumber humans by up to 100:1 are in fact a massive blind spot in companies' security landscape: Without robust governance, NHIs become a prime target for attackers. Orphaned credentials, over-privileged accounts, and "zombie" secrets are proliferating—especially as organizations accelerate cloud adoption, integrate AI-powered agents, and automate their infrastructure . Secrets Sprawl: The New Attack Surface GitGuardian's research shows that 70% of valid secrets detected in public repositories in 2022 remained active in ...

Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were." This chaotic approach has characterized healthcare IT for decades. In a sector where lives depend on technology working flawlessly 24/7/365, security teams have traditionally functioned as gatekeepers—the "Department of No"—focused on protection at the expense of innovation and care delivery. But as healthcare continues its digital transformation journey, this approach is no longer sustainable. With 14 hospitals, hundreds of urgent care clinics, and nearly 30,000 employees serving millions of patients, MultiCare needed a different path forward – one that didn't sacrifice innovation for safety. That...