Category Archives: Black Hat USA 2019

Securing the cloud: Visibility, compliance and vulnerability management

In this Help Net Security podcast recorded at Black Hat USA 2019, Hari Srinivasan, Director of Product Management for Qualys, talks about the basics of securing your cloud. Here’s a transcript of the podcast for your convenience. Hello and welcome to today’s podcast. A bunch of questions are being thrown again about cloud security. Is the cloud inherently secure? Isn’t it too chaotic and elastic that implementing a security strategy is really tough? My name … More

The post Securing the cloud: Visibility, compliance and vulnerability management appeared first on Help Net Security.

Protecting iOS and Android applications in a fully automated way

In this Help Net Security podcast recorded at Black Hat USA 2019, Dave Belt, Technology Evangelist at Irdeto, and Jaco du Plooy, VP Cloakware at Irdeto, discuss the current threat landscape, software security trends, and the importance of protecting iOS and Android applications. Here’s a transcript of the podcast for your convenience. Dave Belt: Good afternoon, my name is Dave Belt, I’m a technologist in the office of the CTO with Irdeto. And I’m here … More

The post Protecting iOS and Android applications in a fully automated way appeared first on Help Net Security.

Most IT pros find red team exercises more effective than blue team testing

More than one-third of security professionals’ defensive blue teams fail to catch offensive red teams, a study from Exabeam reveals. The survey, conducted at Black Hat USA 2019, also showed that 68% find red team exercises more effective than blue team testing, and more companies are practicing red over blue team testing. As cyberattacks become increasingly sophisticated and hack techniques become more highly targeted, organizations must learn how digital adversaries think to help identify gaps … More

The post Most IT pros find red team exercises more effective than blue team testing appeared first on Help Net Security.

A compendium of container escapes

In this Help Net Security podcast recorded at Black Hat USA 2019, Brandon Edwards, Chief Scientist at Capsule8, talks about about a compendium of container escapes, and the RunC vulnerability in particular. Here’s a transcript of the podcast for your convenience. My name is Brandon Edwards, I’m Chief Scientist at Capsule8. Today we’ll be talking about a compendium of container escapes in the podcast. We’ve previously talked about escaping containers and the sorts of vulnerabilities … More

The post A compendium of container escapes appeared first on Help Net Security.

Optimizing the patch management process

In this podcast recorded at Black Hat USA 2019, Jimmy Graham, Senior Director of Product Management at Qualys, discusses the importance of a tailored patch management process. Security obviously will have some say in a patch management process because a lot of patching is security driven, but patching is beyond just security, there’s also stability performance updates that have to be taken into account. Here’s a transcript of the podcast for your convenience. Hi, my … More

The post Optimizing the patch management process appeared first on Help Net Security.

Anomali discovers phishing campaign targeting Chinese government agencies

Anomali, a leader in intelligence-driven cybersecurity solutions, published at Black Hat USA 2019 its latest research report: Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations. The Anomali Threat Research Team discovered this new phishing attack leveraging spoof sites that appear to be designed to steal email credentials from target victims within the government of the People’s Republic of China. Although the attackers’ exact motivation is unknown, it is logical to conclude that … More

The post Anomali discovers phishing campaign targeting Chinese government agencies appeared first on Help Net Security.

Kubernetes security matures: Inside the project’s first audit

Auditing 1.5 million lines of code is a heroic undertaking. With resources provided by the Cloud Native Computing Foundation (CNCF), the Kubernetes Project leadership created the Security Audit Working Group to perform an audit in an open, transparent, and repeatable manner, while also paving the way for future Kubernetes security reviews and research. It included members from Google, Red Hat, Salesforce, InGuardians, and input from the broader security community. We felt that the two most … More

The post Kubernetes security matures: Inside the project’s first audit appeared first on Help Net Security.

Apple expands bug bounty program, opens it to all researchers, raises rewards

Three years ago at the Black Hat conference, Apple announced its first bug bounty program, which was invite-only and limited to iOS. At this year’s edition of the con, Ivan Krstić, Apple’s head of security engineering and architecture, announced changes to it. Wider scope, higher bug bounties Starting this fall, the program will be open to all researchers. Apple Bug Bounty. pic.twitter.com/jyD9UwU9pI — mikeb (@mikebdotorg) August 8, 2019 The bug bounty program has been widened … More

The post Apple expands bug bounty program, opens it to all researchers, raises rewards appeared first on Help Net Security.

Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc

Critical vulnerabilities in the Siemens S7 Simatic programmable logic controller (PLC) have been discovered by cybersecurity researchers at Tel Aviv University and the Technion Institute of Technology. Prof. Avishai Wool and M.Sc student Uriel Malin of TAU’s School of Electrical Engineering worked together with Prof. Eli Biham and Dr. Sara Bitan of the Technion to disrupt the PLC’s functions and gain control of its operations. The scientists’ rogue engineering workstation posed as a so-called TIA … More

The post Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc appeared first on Help Net Security.

Security flaw could turn load balancers into beachheads for cyber attacks

Cyber security provider F-Secure is advising organizations using F5 Networks’ BIG-IP load balancer, which is popular amongst governments, banks, and other large corporations, to address security issues in some common configurations of the product. Adversaries can exploit these insecurely configured load balancers to penetrate networks and perform a wide variety of attacks against organizations, or individuals using web services managed by a compromised device. Exploitation potential The security issue is present in the Tcl programming … More

The post Security flaw could turn load balancers into beachheads for cyber attacks appeared first on Help Net Security.

Six critical areas to focus on when integrating DevSecOps into an organization

The omnipresence of consumer electronics and computer power, alongside modern trends (i.e., DevOps, microservices, and open source) that accelerate deployment cycles continue to strain enterprises’ ability to detect and identify exploitable flaws in a timely manner. While this creates significant increases in overall security risk, organizations that build security into the software lifecycle have better outcomes. To facilitate this, CSA’s DevSecOps Working Group defined the following six areas of focus that are critical to integrating … More

The post Six critical areas to focus on when integrating DevSecOps into an organization appeared first on Help Net Security.

SentinelOne enhances container and cloud-native workload protection

SentinelOne, the autonomous endpoint protection company, announced at Black Hat USA 2019 the availability of the next generation of its server and workload protection offering. The new product, purpose-built for containers, including managed or unmanaged Kubernetes systems, delivers SentinelOne’s patented Behavioral AI and autonomous response capabilities across all major Linux platforms, physical and virtual, cloud-native workloads, and containers, providing prevention, detection, response, and hunting for today and tomorrow’s cyber threats. This includes malicious files and … More

The post SentinelOne enhances container and cloud-native workload protection appeared first on Help Net Security.

ID Experts launches new free CyberScan dark web and social media scanning product

ID Experts announced public availability of its new free CyberScan dark web and social media scanning product. Unlike other free dark web offerings, CyberScan not only perpetually scans all levels of the dark web – surface, dark and deep – for the user and provides them with ongoing monitoring and protection, but it reaches a third more of the dark web than other services. It also includes ID Experts’ innovative new SocialSentry privacy protection service … More

The post ID Experts launches new free CyberScan dark web and social media scanning product appeared first on Help Net Security.

Virtru Developer Hub integrates data protection capabilities and ensures privacy of sensitive data

Virtru, a leading data protection platform provider that stands at the intersection of security and privacy, announced at Black Hat USA 2019 the Virtru Developer Hub, a single development portal to integrate data protection capabilities and ensure the privacy of sensitive data. Now, developers can embed platform-agnostic protection into their applications or connected devices in just a few lines of code. In addition, Virtru is kicking-off a privacy-engineering challenge, inviting developers to create innovative projects … More

The post Virtru Developer Hub integrates data protection capabilities and ensures privacy of sensitive data appeared first on Help Net Security.

Code42 Next-Gen Data Loss Protection solution helps companies spot data theft when employees quit

Code42, the leader in data loss protection, announced its Code42 Next-Gen Data Loss Protection solution now includes advanced exposure dashboards and expanded alerting functionality to help companies protect data from loss when employees quit. Code42 also introduced an integrated offering for IBM Resilient, a leading platform for orchestrating and automating incident response processes. When employees depart, most companies have a regular offboarding process that includes collecting badges, cell phones and laptops. What they don’t have … More

The post Code42 Next-Gen Data Loss Protection solution helps companies spot data theft when employees quit appeared first on Help Net Security.

Photo gallery: Black Hat USA 2019, part two

Black Hat USA 2019 is underway in Las Vegas. Here are a few photos from the Business Hall and the Arsenal. Featured companies: Bugcrowd, Sumo Logic, Devo Technology, Akamai, Rapid7, Qualys, Irdeto.

The post Photo gallery: Black Hat USA 2019, part two appeared first on Help Net Security.

AttackSurfaceMapper automates the reconnaissance process

AttackSurfaceMapper, a new open source OSINT tool created by Andreas Georgiou and Jacob Wilkin, security consultants at Trustwave SpiderLabs, automates the process of collecting data that can help pentesters find a way into targets’ systems and networks. About AttackSurfaceMapper Reconnaissance is an important first step of a penetration testing engagement, but manual reconnaissance is a drag and wastes time that’s better spent on the actual attack. “AttackSurfaceMapper drastically improves pentesting and red team operations across … More

The post AttackSurfaceMapper automates the reconnaissance process appeared first on Help Net Security.

Attackers’ growing use of anti-analysis, evasion tactics pose a challenge to enterprises

Cybercriminals continue to look for new attack opportunities throughout the digital attack surface and are leveraging evasion as well as anti-analysis techniques as they become more sophisticated in their attempts, according to Fortinet. Upping the ante on evasion tactics Many modern malware tools already incorporate features for evading antivirus or other threat detection measures, but cyber adversaries are becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection. For example, a spam campaign … More

The post Attackers’ growing use of anti-analysis, evasion tactics pose a challenge to enterprises appeared first on Help Net Security.

Automation, visibility remain biggest issues for cybersecurity teams

Organizations still do not have necessary levels of automation or visibility within their cyber terrain, especially as security stacks grow and are underutilized, Fidelis Cybersecurity’s annual State of Threat Detection Report has shown. Without automation to gather data and give context to security incidents, or visibility to root out threats hiding in the network, organizations’ overall levels of risk increase while their confidence suffers. Key findings Of the 300 respondents – CISOs, CIOs, CTOs, architects, … More

The post Automation, visibility remain biggest issues for cybersecurity teams appeared first on Help Net Security.

Signal Sciences launches new application security solution for Envoy

Signal Sciences, the fastest growing web application security company in the world, announced at Black Hat USA 2019 the general availability of the industry’s first application security solution for Envoy via its award-winning next-gen web application firewall (WAF) and runtime application self-protection (RASP) solution. As organizations move to cloud-native applications and services, Signal Sciences makes it effortless to achieve advanced Layer 7 security and comprehensive visibility at scale for one of the most cutting edge … More

The post Signal Sciences launches new application security solution for Envoy appeared first on Help Net Security.

Venafi guarantees elimination of certificate-related outages within complex architectures

Venafi, the leading provider and inventor of machine identity protection, announced at Black Hat USA 2019 the industry’s first no-outage guarantee. Combining the power of the Venafi platform with a formulaic, proven process developed in conjunction with hundreds of customers, the VIA Venafi No Outages GuaranteeTM completely eliminates certificate-related outages. “We’ve worked with hundreds of the world’s largest, most sophisticated brands and we know they have struggled to eliminate outages,” said Jeff Hudson, CEO of … More

The post Venafi guarantees elimination of certificate-related outages within complex architectures appeared first on Help Net Security.

CrowdStrike CrowdScore enables CxOs to see their org’s real-time threat level

CrowdStrike, a leader in cloud-delivered endpoint protection, announced at Black Hat USA 2019 the launch of CrowdScore, a new industry innovation on the CrowdStrike Falcon platform. CrowdScore is a simple metric that enables CxOs to instantly see the real-time threat level their organizations are facing, allowing them to quickly mobilize resources to respond. Speed of detection, investigation and response are essential for effective security. CrowdStrike research on breakout time shows that security teams should strive … More

The post CrowdStrike CrowdScore enables CxOs to see their org’s real-time threat level appeared first on Help Net Security.

Onapsis Platform helps optimize and protect business-critical apps

Onapsis, the leader in business-critical application protection, announced the latest release of the Onapsis Platform, which delivers next-generation actionable insight, change assurance, automated governance and continuous monitoring capabilities to help optimize and protect business-critical applications. Organizations that run their business on SAP, Oracle E-Business Suite and leading cloud-based platforms including Concur, Ariba and SuccessFactors are facing increasing pressure to balance strategic transformation initiatives with application performance, regulatory compliance and cybersecurity requirements. This tug-of-war compounds operating … More

The post Onapsis Platform helps optimize and protect business-critical apps appeared first on Help Net Security.

Aporeto launches zero trust cloud security solution for Kubernetes multi-cluster deployments

Aporeto, the leader in Zero Trust Cloud Security, announced its cloud network security solution for seamless distributed policy management across Kubernetes multi-cluster and container environments, using a unique application identity-based approach to security instead of relying on IP addresses. Aporeto’s use of identity enables network security policies to now be managed up the stack at the application level. Unlike any other Kubernetes security solutions in the marketplace that cannot extend across clusters and IP domains, … More

The post Aporeto launches zero trust cloud security solution for Kubernetes multi-cluster deployments appeared first on Help Net Security.

ManageEngine Log360 SIEM gets automated incident response feature

ManageEngine, the IT management division of Zoho Corporation, announced that its comprehensive SIEM solution, Log360, can now launch automated response measures to security incidents. This feature dramatically reduces the workload of security teams, and can potentially contain the scale of an attack. According to the IBM-Ponemon 2019 Cost of a Data Breach Report, the average lifecycle of a data breach, or the time taken to identify and contain it, is 279 days. Once a breach … More

The post ManageEngine Log360 SIEM gets automated incident response feature appeared first on Help Net Security.

Sysdig Secure now features runtime profiling and anomaly detection with ML capabilities

Sysdig, the cloud native visibility and security company, announced new features for Sysdig Secure, including runtime profiling and anomaly detection with machine learning capabilities. The company also announced Falco Rule Builder, a new flexible user interface (UI) to create and customize runtime security policies within Sysdig Secure. Sysdig Secure is part of the Sysdig Cloud Native Visibility and Security Platform (VSP), the first and only unified view of the risk, health, and performance of Kubernetes … More

The post Sysdig Secure now features runtime profiling and anomaly detection with ML capabilities appeared first on Help Net Security.

Tenable unveils new product innovations in Tenable.sc and Tenable.io

Tenable, the Cyber Exposure company, announced at Black Hat USA 2019 new product innovations in Tenable.sc (formerly SecurityCenter) and Tenable.io to continuously discover and assess known and unknown assets across on-premises and cloud environments from a single platform at no extra charge. These innovations are based on Tenable’s industry-leading Nessus Network Monitor (NNM) for passive network monitoring, which has been a pioneer in continuous monitoring for over 10 years with one of the industry’s broadest … More

The post Tenable unveils new product innovations in Tenable.sc and Tenable.io appeared first on Help Net Security.

DFLabs enhances its IncMan SOAR platform with advanced AI features and intelligent user experience

DFLabs, the award-winning Security Orchestration, Automation and Response (SOAR) vendor, announced a series of upcoming enhancements to its IncMan SOAR platform to provide security operations (SecOps) programs with an exquisite user experience, combined with more robust capabilities to better detect, respond to and resolve security incidents. This new enhanced version of DFLabs IncMan SOAR will address the pervasive problem of duplicate alerts and false positives, which has a significant impact on the efficiency and effectiveness … More

The post DFLabs enhances its IncMan SOAR platform with advanced AI features and intelligent user experience appeared first on Help Net Security.

What’s cybercriminals’ most effective weapon in a ransomware attack?

Cybercriminals’ most effective weapon in a ransomware attack is the network itself, which enables the malicious encryption of shared files on network servers, especially files stored in infrastructure-as-a-service (IaaS) cloud providers, says Vectra. Percentage of the total number of incidents exhibiting ransomware network file encryption per industry in North America, from January-June 2019 Attackers today can easily evade network perimeter security and perform internal reconnaissance to locate and encrypt shared network files. By encrypting files … More

The post What’s cybercriminals’ most effective weapon in a ransomware attack? appeared first on Help Net Security.

Capsule8 announces multimillion-dollar investment from Intel Capital

Capsule8 announced a multimillion-dollar investment from Intel Capital. The rapidly growing company will apply the funds to drive a range of sales, marketing, product development and customer-facing initiatives. Intel joins existing investors ClearSky Security, Bessemer Venture Partners and other strategic investors, bringing the total funds raised by Capsule8 to $30 million. Capsule8 delivers high-performance attack protection for Linux production environments – whether containerized, virtualized or bare metal, deployed on-premises or in the cloud. Safe for … More

The post Capsule8 announces multimillion-dollar investment from Intel Capital appeared first on Help Net Security.

Warshipping: Attackers can access corporate networks through the mailroom

Most infosecurity professionals have heard of wardialing and wardriving, but what about warshipping? The expression has been coined by IBM X-Force Red researchers to describe a new attack vector, which consists of covertly delivering to the target’s premises small devices that can be used to gain access to the home or office wireless network and assets connected to it. The attack “IBM X-Force Red is always looking to find vulnerabilities or risks before criminals, in … More

The post Warshipping: Attackers can access corporate networks through the mailroom appeared first on Help Net Security.

Digital Guardian launches DG Wingman, a new free forensic artifact collection tool for security pros

Digital Guardian announced the immediate availability of DG Wingman, its new free forensic artifact collection tool for security professionals. During a security incident, it’s critical to collect all necessary forensic data to properly investigate and scope endpoint intrusions. Digital Guardian makes it easier for incident responders via DG Wingman, a utility for Windows which they can leverage alongside their existing tools. With DG Wingman, security professionals can instantly extract key forensic artifacts such as the … More

The post Digital Guardian launches DG Wingman, a new free forensic artifact collection tool for security pros appeared first on Help Net Security.

Kiuwan’s application security testing platform helps teams realize DevSecOps goals

Kiuwan, a provider of application security testing tools, announced the availability of free software vulnerability scan trials for the US market, with live demonstrations at Black Hat USA 2019. Kiuwan’s application security testing platform provides a complete overview and impact analysis of software architecture in minutes, reducing risk and improving change management and DevOps processes that historically required hours or days. The solution integrates with leading IDEs, build systems, bug tracking tools, and repositories to … More

The post Kiuwan’s application security testing platform helps teams realize DevSecOps goals appeared first on Help Net Security.

BlackBerry Intelligent Security enhances mobile endpoint security in zero trust environments

BlackBerry announced the launch of BlackBerry Intelligent Security, the first cloud-based solution that leverages the power of adaptive security, continuous authentication and artificial intelligence (AI) to enhance mobile endpoint security in zero trust environments. BlackBerry Intelligent Security uses a combination of contextual and behavioral factors to dynamically adapt security requirements and calculate a unique risk score for each interaction. Using this unique risk score, a mobile user can be granted access to specific device applications … More

The post BlackBerry Intelligent Security enhances mobile endpoint security in zero trust environments appeared first on Help Net Security.

Cloudentity OIDC Authorization Platform enhances data privacy and PII protection

Cloudentity, a leader in cloud Identity and enforcement for Users, Services and Things, announced the release of its next generation OIDC Authorization Platform that provides a significant leap forward in implementing Identity-based API security that helps enterprises avoid headline-making data privacy and Personally Identifiable Information (PII) security breaches. “By using Cloudentity’s next generation OIDC Authorization Platform, enterprises can have greater confidence their customers’ PII isn’t going to be abused for illicit purposes,” said Cloudentity CEO … More

The post Cloudentity OIDC Authorization Platform enhances data privacy and PII protection appeared first on Help Net Security.

Qualys bringing new prescription for security to Black Hat and DEF CON 2019

At this year’s Black Hat, Qualys is bringing a new prescription for security — the company is providing its Global IT Asset Discovery and Inventory application to businesses for free. This tool is helping businesses to understand what is going on within their global hybrid-IT environment, and to improve their overall security and compliance posture. Be sure to stop by Qualys’ booth #204 to learn more about how the application is helping businesses make better … More

The post Qualys bringing new prescription for security to Black Hat and DEF CON 2019 appeared first on Help Net Security.

Blue Hexagon’s new ability inspects encrypted traffic in real-time

Blue Hexagon, a deep learning and cybersecurity pioneer, announced an industry-first ability to detect and stop–in real-time–both known and unknown threats hidden within encrypted SSL traffic. Analyst firm Gartner believes that, “Through 2019, more than 80 percent of enterprise web traffic will be encrypted.” While encryption addresses privacy and legal requirements, security teams now face a challenge where they are blind to a large influx of traffic. In fact, Gartner also predicts that, “During 2019, … More

The post Blue Hexagon’s new ability inspects encrypted traffic in real-time appeared first on Help Net Security.

Stellar Cyber unveils Starlight 3.3, a data- and AI-based security analytics solution

Security analytics provider Stellar Cyber announced the launch of Starlight 3.3, the first Unified Security Analytics Platform with two industry-first capabilities: AI-based dynamic phishing detection and automated event correlation. Starlight 3.3, debuting at the Black Hat USA 2019 conference in Las Vegas this week, leverages data fusion, artificial intelligence (AI) and machine learning (ML) to detect and thwart sophisticated attacks that other systems miss. Serving as a SOC Command Center, this powerful solution could have … More

The post Stellar Cyber unveils Starlight 3.3, a data- and AI-based security analytics solution appeared first on Help Net Security.

LogicHub’s new capabilities assist security operations teams with codifying intelligent decision-making

LogicHub, the provider of the industry’s most complete security automation platform, announced new capabilities that assist security operations teams with codifying intelligent decision-making. The LogicHub SOAR+ platform offers what traditional SOAR tools are missing by delivering autonomous detection and response, advanced analytics and machine learning to automate decision making with extreme accuracy across historically disparate security operations. “SOAR technology is good for automating the ingestion and enrichment of data and automating incident response once analysts … More

The post LogicHub’s new capabilities assist security operations teams with codifying intelligent decision-making appeared first on Help Net Security.

SWAPGS Attack: A new Spectre haunts machines with Intel CPUs

Bitdefender researchers have uncovered yet another viable speculative execution side-channel attack that can be leveraged against Intel CPUs and the computers running on them. The SWAPGS Attack, as they call it, circumvents the protective measures that have been put in-place in response to earlier attacks such as Spectre and Meltdown. Still, there is plenty of good news: Microsoft has already released Windows patches for the flaw that makes the attack possible and, even though feasible, … More

The post SWAPGS Attack: A new Spectre haunts machines with Intel CPUs appeared first on Help Net Security.

Devo Technology defines vision for next-gen cloud SIEM

Devo Technology, the data analytics company that unlocks the full value of machine data for the world’s most instrumented enterprises, will preview its next-gen cloud SIEM at Black Hat USA 2019 in Las Vegas. Digital transformation is creating rapidly growing volumes of data, leading to new vulnerabilities and attack vectors, while adversaries are growing increasingly more sophisticated. As a result, SOCs are struggling to fulfill their critical mission of identifying and eliminating threats. With the … More

The post Devo Technology defines vision for next-gen cloud SIEM appeared first on Help Net Security.

Irdeto Trusted Software: Automated iOS and Android app protection

Irdeto has announced Trusted Software, a new service designed to offer optimal flexibility and efficiency to developers and organizations facing today’s cybersecurity challenges. Hosted in the cloud, Trusted Software automates iOS and Android app protection with a simple drag-and-drop interface. Optimized with machine learning, the new service provides organizations with assurance that apps are provided with expert-level protection against hackers and cyberthreats. The Internet of Things and “appification” have spawned digital disruption across a multitude … More

The post Irdeto Trusted Software: Automated iOS and Android app protection appeared first on Help Net Security.

Capsule8 Protect now solves production security’s data warehousing problem

Capsule8 announced Investigations, new functionality that adds full endpoint detection and response (EDR)-like investigations capabilities for cloud workloads to Capsule8 Protect, its high-performance attack protection platform for Linux production environments. An industry-first cloud investigation capability, Capsule8’s Investigations is designed to remove the manual effort required to maintain a dedicated database just for security data – enabling customers to quickly determine what transpired in an incident (who, what, when, where). By leveraging cloud native technologies, including … More

The post Capsule8 Protect now solves production security’s data warehousing problem appeared first on Help Net Security.

Spirent to demonstrate new capabilities in its CyberFlood Data Breach Assessment solution

Spirent Communications, a leading provider of test, measurement, assurance, and analytics solutions for next-generation devices and enterprise networks, announced that at Black Hat USA in Las Vegas (August 7-8) it will demonstrate a number of new capabilities in its CyberFlood Data Breach Assessment solution and preview new use cases for security assessment in 5G networks. The new Reconnaissance Mode feature in CyberFlood Data Breach Assessment mirrors the activity of an actual hacker to identify the … More

The post Spirent to demonstrate new capabilities in its CyberFlood Data Breach Assessment solution appeared first on Help Net Security.

Perimeter 81 and SentinelOne providing unified network and endpoint security

Perimeter 81, a pioneer in zero trust software-defined network access, has partnered with SentinelOne, the autonomous endpoint protection company. The partnership will provide a wide range of businesses, from midsize companies to Fortune 500s, with unified network and endpoint security, ensuring more effective threat defense for the cloud and mobile-first world. “We’re proud to have helped hundreds of clients ensure simplified, zero trust access to their on-premise and cloud environments with our Zero Trust Network … More

The post Perimeter 81 and SentinelOne providing unified network and endpoint security appeared first on Help Net Security.

Qualys is making its Global IT Asset Discovery and Inventory app available to all businesses for free

Qualys is making its Global IT Asset Discovery and Inventory app available to all businesses for free. In a world where connected devices are exploding, visibility across all devices and environments is critical. “As the recognized authority for cloud security best practices around the world, we are always advocating for strategic shifts in policies to improve the security of the global compute ecosystem. The principle of maximum IT asset visibility is a fundamental prerequisite to … More

The post Qualys is making its Global IT Asset Discovery and Inventory app available to all businesses for free appeared first on Help Net Security.

Security trends to follow at Black Hat USA 2019

Black Hat USA 2019 is just around the corner! Selecting which sessions to attend from among the conference’s jam-packed catalog of training sessions, panels and briefings can be a daunting task without a clear strategy. In the run-up to every conference, we compile a list of the most engaging content and identify the most compelling cybersecurity trends highlighted in the agenda. We have seen a telling shift in emphasis between the 2018 and 2019 Black … More

The post Security trends to follow at Black Hat USA 2019 appeared first on Help Net Security.

200 million enterprise, industrial, and medical devices affected by RCE flaws in VxWorks RTOS

Armis researchers have discovered 11 vulnerabilities (including 6 critical RCE flaws) in Wind River VxWorks, a real-time operating system used by more than two billion devices across industrial, medical and enterprise environments. Collectively dubbed “Urgent11”, they are estimated to impact ​SCADA systems, elevators, industrial controllers, patient monitors and MRI machines, as well as firewalls, routers, ​satellite modems, VOIP phones and printers​. About Wind River VxWorks VxWorks is a real-time operating system (RTOS), i.e., an OS … More

The post 200 million enterprise, industrial, and medical devices affected by RCE flaws in VxWorks RTOS appeared first on Help Net Security.

CyberSN releases its KnowMore covert job search platform

CyberSN is the leading talent acquisition firm in the U.S. focused exclusively on cybersecurity professionals. Their KnowMore platform will be making its debut at the Black Hat USA Conference. A crisis within a crisis Just how big of a problem is cybersecurity job searching? On top of the severe cybersecurity talent shortage we are facing, current professionals can’t find employment quickly or efficiently. CyberSN data indicates it takes a CISO, on average, 8 months to … More

The post CyberSN releases its KnowMore covert job search platform appeared first on Help Net Security.