
☐ β˜† βœ‡ The Hacker News

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data

By Newsroom β€” February 6th 2024 at 10:14
Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65
☐ β˜† βœ‡ The Hacker News

Perfecting the Defense-in-Depth Strategy with Automation

By The Hacker News β€” January 26th 2024 at 11:04
Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart β€” a multi-layered approach with strategic redundancy and a blend of passive and active security
☐ β˜† βœ‡ The Hacker News

Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree

By Newsroom β€” January 26th 2024 at 05:33
40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development comes nearly two months after Dunaev pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud. "
☐ β˜† βœ‡ The Hacker News

52% of Serious Vulnerabilities We Find are Related to Windows 10

By The Hacker News β€” January 22nd 2024 at 11:22
We analyzed 2,5 million vulnerabilities we discovered in our customer’s assets. This is what we found. Digging into the data The dataset we analyze here is representative of a subset of clients that subscribe to our vulnerability scanning services. Assets scanned include those reachable across the Internet, as well as those present on internal networks. The data includes findings for network
☐ β˜† βœ‡ The Hacker News

Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team

By Newsroom β€” December 19th 2023 at 15:16
Cybersecurity researchers have shed light on the inner workings of the ransomware operation led by Mikhail Pavlovich Matveev, a Russian national who was indicted by the U.S. government earlier this year for his alleged role in launching thousands of attacks across the world. Matveev, who resides in Saint Petersburg and is known by the aliases Wazawaka, m1x, Boriselcin, Uhodiransomwar,
☐ β˜† βœ‡ The Hacker News

Reimagining Network Pentesting With Automation

By The Hacker News β€” December 14th 2023 at 11:17
Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making.  This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in
☐ β˜† βœ‡ The Hacker News

Ransomware-as-a-Service: The Growing Threat You Can't Ignore

By The Hacker News β€” December 8th 2023 at 11:08
Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals with limited technical expertise to carry out devastating attacks.
☐ β˜† βœ‡ The Hacker News

Why Defenders Should Embrace a Hacker Mindset

By The Hacker News β€” November 20th 2023 at 11:02
Today’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On top of that,
☐ β˜† βœ‡ The Hacker News

The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy

By The Hacker News β€” November 14th 2023 at 11:56
In 2023, the global average cost of a data breach reachedΒ $4.45 million. Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are skyrocketing, organizations are coming face-to-face with a harsh reality: traditional cybersecurity
☐ β˜† βœ‡ The Hacker News

PentestPad: Platform for Pentest Teams

By The Hacker News β€” October 31st 2023 at 11:21
In the ever-evolving cybersecurity landscape, the game-changers are those who adapt and innovate swiftly. Pen test solutions not only supercharge productivity but also provide a crucial layer of objectivity, ensuring efficiency and exceptional accuracy. The synergy between a skilled penetration tester and the precision of pen testing solutions are crucial for staying on top of today’s high
☐ β˜† βœ‡ The Hacker News

Unleashing the Power of the Internet of Things and Cyber Security

By The Hacker News β€” October 20th 2023 at 11:38
Due to the rapid evolution of technology, the Internet of Things (IoT) is changing the way business is conducted around the world. This advancement and the power of the IoT have been nothing short of transformational in making data-driven decisions, accelerating efficiencies, and streamlining operations to meet the demands of a competitive global marketplace. IoT At a Crossroads IoT, in its most
☐ β˜† βœ‡ The Hacker News

Vulnerability Scanning: How Often Should I Scan?

By The Hacker News β€” October 19th 2023 at 11:48
The time between a vulnerability being discovered and hackers exploiting it is narrower than ever – just 12 days. So it makes sense that organizations are starting to recognize the importance of not leaving long gaps between their scans, and the term "continuous vulnerability scanning" is becoming more popular. Hackers won’t wait for your next scan One-off scans can be a simple β€˜one-and-done'
☐ β˜† βœ‡ The Hacker News

Essential Guide to Cybersecurity Compliance

By The Hacker News β€” September 26th 2023 at 11:50
SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance. What is cybersecurity compliance?
☐ β˜† βœ‡ The Hacker News

How to Prevent API Breaches: A Guide to Robust Security

By The Hacker News β€” September 11th 2023 at 11:11
With the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly popular. If you aren’t familiar with the term, APIs allow applications to communicate with each other and they play a vital role in modern software development. However, the rise of API use has also led to an increase in the number of API breaches.
☐ β˜† βœ‡ The Hacker News

Protecting Your Microsoft IIS Servers Against Malware Attacks

By The Hacker News β€” September 8th 2023 at 11:27
Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.Β  Recently, a
☐ β˜† βœ‡ The Hacker News

A Penetration Testing Buyer's Guide for IT Security Teams

By The Hacker News β€” August 3rd 2023 at 12:47
The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result in severe financial and reputational damage.Β According to Cybersecurity Ventures, the cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to $10.5 trillion by 2025. There is also increasing public and
☐ β˜† βœ‡ The Hacker News

How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance

By The Hacker News β€” July 6th 2023 at 10:47
As technology advances and organizations become more reliant on data, the risks associated with data breaches and cyber-attacks also increase. The introduction of data privacy laws, such as the GDPR, has made it mandatory for organizations to disclose breaches of personal data to those affected. As such, it has become essential for businesses to protect themselves from the financial and
☐ β˜† βœ‡ The Hacker News

Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo

By The Hacker News β€” March 28th 2023 at 11:54
Malicious actors are constantly adapting their tactics, techniques, and procedures (TTPs) to adapt to political, technological, and regulatory changes quickly. A few emerging threats that organizations of all sizes should be aware of include the following: Increased use of Artificial Intelligence and Machine Learning: Malicious actors are increasingly leveraging AI and machine learning to
☐ β˜† βœ‡ The Hacker News

The Different Methods and Stages of Penetration Testing

By The Hacker News β€” March 15th 2023 at 09:43
The stakes could not be higher for cyber defenders. With the vast amounts of sensitive information, intellectual property, and financial data at risk, the consequences of a data breach can be devastating. According to a report released byΒ Ponemon institute, the cost of data breaches has reached an all-time high, averaging $4.35 million in 2022. Vulnerabilities in web applications are often the
☐ β˜† βœ‡ The Hacker News

Is Once-Yearly Pen Testing Enough for Your Organization?

By The Hacker News β€” January 26th 2023 at 14:21
Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for secure web application development: Security:Β Web applications are constantly evolving, and new
☐ β˜† βœ‡ The Hacker News

Top 5 Web App Vulnerabilities and How to Find Them

By The Hacker News β€” December 15th 2022 at 10:00
Web applications, often in the form of Software as a Service (SaaS), are now the cornerstone for businesses all over the world. SaaS solutions have revolutionized the way they operate and deliver services, and are essential tools in nearly every industry, from finance and banking to healthcare and education.Β  Most startup CTOs have an excellent understanding of how to build highly functional
☐ β˜† βœ‡ The Hacker News

Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike

By Ravie Lakshmanan β€” November 23rd 2022 at 05:40
A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 by a red team with a number of test emails sent using generic subject lines such as "Just checking in" and "Hope this works2." However, there
☐ β˜† βœ‡ The Hacker News

What is an External Penetration Test?

By The Hacker News β€” November 14th 2022 at 10:30
A penetration test (also known as a pentest) is a security assessment that simulates the activities of real-world attackers to identify security holes in your IT systems or applications.Β  The aim of the test is to understand what vulnerabilities you have, how they could be exploited, and what the impact would be if an attacker was successful. Usually performed first, an external pentest (also
☐ β˜† βœ‡ The Hacker News

Penetration Testing or Vulnerability Scanning? What's the Difference?

By The Hacker News β€” August 18th 2022 at 09:10
Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Both look for weaknesses in your IT infrastructure by exploring your systems in the same way an
☐ β˜† βœ‡ The Hacker News

4 Steps the Financial Industry Can Take to Cope With Their Growing Attack Surface

By The Hacker News β€” July 26th 2022 at 16:01
The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread of mobile banking apps, chat-based customer service, and other digital tools.Β Adobe's 2022 FIS Trends Report,Β for instance, found that more than half of the financial services and insurance firms surveyed experienced a notable increase in digital/mobile