The Hacker News | Expert Insights — Index Page

Many organizations might not find it easy to integrate existing security infrastructure with zero-trust network access (ZTNA) solutions. At first glance, ZTNA bolsters the safety and flexibility of having a distributed staff. However, implementing such systems can be challenging as they may clash with older systems and existing security protocols. To begin with, security teams need to take into account the current architecture, potential friction points, and how user experience should be seamless when integrating ZTNA. Thankfully, there are rising tools and methodologies that make this process less complicated in order for companies to gain all the advantages of ZTNA without compromising their present state of security. To help you through this process smoothly without compromising your cybersecurity strategy, here are some best practices on how you can successfully implement ZTNA using your existing security infrastructure. Why should businesses implement ZTNA? Organizations cont

Safeguarding the sensitive information within your Microsoft 365 environment is more important than ever. From accidental deletion and ransomware attacks to costly compliance failures, the consequences of inadequate data protection can be severe. It's important to understand the Shared Responsibility Model. The Model explains that Microsoft secures and ensures the uptime of its infrastructure, while you're ultimately responsible for correctly configuring settings, protecting against accidental data loss, and ensuring compliance with relevant regulations. Microsoft 365 provides powerful services, but a comprehensive backup of your data is not included in a standard Microsoft 365 license. Having an effective data protection strategy and comprehensive data backups are your best defense against these invisible dangers. In today's digital era, the necessity of modernizing data protection solutions cannot be overstated. The 2024 Data Protection Trends Report revealed that 75% of org

So you're going on a threat hunt…and you want to catch a big (malicious) one. Identifying malicious infrastructure can be a particularly daunting threat-hunting objective. Attackers who are intent enough on setting up things like C2 networks, phishing sites, and impersonated domains, are also, not surprisingly, often very good at hiding their tracks with tactics ranging from the use of proprietary VPNs to compromised intermediary services. So even when malicious infrastructure is visible, source attribution can remain a thorny problem. That said, there are tools like Censys Search that can make the challenge of tracking and understanding malicious infrastructure more achievable. Consider the following user stories, how-to articles, and videos for insights you can use to inform, inspire, and even supercharge your next investigation into malicious infrastructure. 7 Resources Worth a Read (or Watch) 1. How to Identify Malicious Infrastructure: Demo Let's start with a quick video

Open-source libraries allow developers to move faster, leveraging existing building blocks instead of diverting resources to building in-house. By leaning on existing open-source packages, engineers can focus on complex or bespoke elements of their products, using package managers and open-source maintainers to make it easy to pull everything together.  However, you can't deny that building software using open source makes your applications more vulnerable to security risks. In an open-source library, attackers have direct access to code, and can search for current and historical vulnerabilities, as well as any issues and tickets managed on websites such as GitHub or GitLab. This helps threat actors to quickly find packages that are vulnerable and launch an attack.  This is where Software Composition Analysis (SCA) comes in, with the purpose of scanning packages and uncovering vulnerabilities. SCA compiles and manages a catalog of software packages, alongside details such as their

In today's dynamic web threat landscape, staying a step ahead of risk is crucial. Businesses want to keep improving their websites with the latest customer service experience while maintaining a strong security posture and complying with strict privacy rules. With the help of a new risk assessment tool - Exposure Rating - we have calculated the risk exposure for nine leading customer service chatbots compared against each other. For the full chatbot ratings report, click here . But first, what is an Exposure Rating risk assessment tool? Contextual Risk Assessment for the Web Exposure Rating goes beyond traditional website security solutions. It delves deeper, providing a comprehensive assessment of your web risk exposure, benchmarked against industry leaders. The rating system analyzes every website, application, and domain within your environment, giving you a clear picture of your threat landscape. But Exposure Rating is more than just a report card. It's a powerful to

Compliance professionals today are dealing with numerous challenges. At the same time, their companies face increased scrutiny and cyberthreats, and compliance teams have fewer resources and reduced headcount. It's a lot for even the most sophisticated and experienced teams to manage. As a result, compliance professionals are seeking out ways to do more with less. Sometimes the solution is utilizing technology, such as automated software tools that streamline processes or leveraging AI for greater efficiency. In other circumstances, individuals responsible for compliance are choosing an easy path to simply check the box on compliance with a flimsy, budget audit. This may be enough to get the C-suite off their back, but it leaves the company open to significant risk. Each year, A-LIGN surveys hundreds of compliance leaders to learn more about the current state of compliance and better understand the factors that impact their decisions. What are the driving forces behind their complia

Cyberattacks are already the most significant operational and financial threat to almost every type of business. Surveys of CISOs consistently reveal phishing attacks, identity security, social engineering, and the resulting data breaches and ransomware attacks are the top concerns.  These fears are well founded. Each new day brings fresh headlines of another major breach or successful ransomware attack. The Cybersecurity and Infrastructure Security Agency (CISA), an agency of the DHS reports that 90% of ransomware attacks begin with phishing. Last quarter witnessed the first individual ransomware loss that exceeded a billion dollars of damages, and a leading news media reported nine new major breaches in a single week.  What is driving this epidemic and how much worse will it get?  The answers are both simple and complex. The simple answer is that this next generation of cyberattacks is being driven by the incredible power and innovation of generative AI, while the primary defens

From the moment it hits the wire—be it MISP or Mandiant—the value and efficacy of cyber threat intelligence (CTI) begins to decay for the organizations that intend to consume it. The data that was once essential for evaluating and reducing risk becomes dated and less helpful as adversaries constantly adapt their tactics, techniques, and procedures (TTPs).  We refer to this as ' threat intelligence decay .' Meanwhile, the NCSC have reported that threat actors have begun leveraging artificial intelligence, with an expectation that they will soon be using AI to evolve and enhance existing TTPs. This advent of AI is exacerbating the challenge of threat intelligence decay. Information that was once a golden nugget of defense can quickly turn into fool's gold, leaving organizations exposed to new threats. When we look at one of the most practical applications that threat intelligence has in an organization—the threat management process—it's frightening how much these problems are co

Patching and updating is pretty much baked-in to the thinking, standards, and coming legislation of the device security community. Yet  isolation via partitioning  is another viable approach for security, and it comes with many advantages. Patching The primary advantage of patching and updating known vulnerabilities is that the vulnerabilities are usually permanently fixed. Hence the fix is demonstrable for standard and legal compliance. Some problems with this approach are: Modern IoT device firmware has tens, hundreds, even thousands of components, and components routinely come with dozens of their own dependencies [1] . Finding vulnerabilities in components of an SBOM is not an easy process. There are several databases, and component identification is not consistent [1] Achieving 100% complete and accurate SBOMs is still an elusive goal [1] . A high percentage of vulnerabilities in components are not exploitable [1] . Fixing non-exploitable vulnerabilities is, of course, a w