Category Archives: Black Hat USA 2016

Export-Grade Crypto Patching Improves

Posted on by

A Black Hat talk this week is expected to take a deep dive into the ramifications of lingering support for export-grade cryptography and how patching levels are proceeding. Continue reading Export-Grade Crypto Patching Improves

To stop ransomware, opt for app graylisting and admin rights removal

Posted on by

CyberArk Labs tested over 23,000 ransomware samples from more than 30 prevalent malware families, including Cryptolocker, Petya and Locky, in order to better understand common infection, encryption and removal characteristics, and identify potential strategies for mitigating the impact of ransomware attacks on enterprises. They analyzed the typical path to encryption, discrepancies and commonalities in ransomware execution, tested several strategies that could mitigate the damage caused by ransomware attacks, and finally found that app control coupled … More Continue reading To stop ransomware, opt for app graylisting and admin rights removal

Security testing platform for app-aware infrastructures

Posted on by

At Black Hat USA 2016, Spirent Communications will be presenting CyberFlood, a security and performance testing platform suitable for complex testing scenarios. With CyberFlood, users can ensure that their security and performance testing addresses their unique environments by emulating realistic traffic volume, threats, and attack scenarios including fuzzing, malware, and DDoS attacks. Designed with team testing in mind, CyberFlood’s intuitive web UI extends easy-to-use best practices for faster, repeatable, and more accurate testing. Users can … More Continue reading Security testing platform for app-aware infrastructures

Going to Black Hat? You don’t want to miss the Arsenal!

Posted on by

Every August, more than 10,000 information security professionals from all over the world converge in Las Vegas to attend Black Hat USA. The event features innovative research, in-depth trainings, and a few special events. One of these is the Arsenal, offering researchers and the open source community a venue to demonstrate tools they develop and use in their daily professions – from visualization and anti-phishing to collaborative analysis and pentesting. The Arsenal is my favorite … More Continue reading Going to Black Hat? You don’t want to miss the Arsenal!

Kaspersky Lab launches public bug bounty program

Posted on by

Kaspersky Lab is asking researchers to look under the hood of two of its flagship security solutions and to report any bugs they might find. Kaspersky’s bug bounty program, which was in private beta for months, will be now be opened to all outside researchers for a period of six months. The move was announced at Black Hat USA 2016. Researchers are invited to look for security issues only in “Kaspersky Internet Security 2017 and … More Continue reading Kaspersky Lab launches public bug bounty program

IBM unveils X-Force Red security testing group

Posted on by

At Black Hat USA 2016 in Las Vegas today, IBM Security announced the formation of IBM X-Force Red, a group of security professionals and ethical hackers whose goal is to help businesses discover vulnerabilities in their computer networks, hardware, and software applications before cybercriminals do. Team leader Charles Henderson The team, part of IBM Security Services, will also examine human security vulnerabilities in daily processes and procedures that attackers often use to circumvent security controls. … More Continue reading IBM unveils X-Force Red security testing group

Managed threat hunting service evicts adversaries from enterprise networks

Posted on by

Accenture and Endgame have created a threat hunting service for clients, and will be demonstrating how it works at Black Hat USA 2016. The service is based on Endgame’s hunt platform, and the core to the offering are Accenture’s seasoned global cybersecurity hunters, whose experience enables them to identify and terminate the efforts of latent attackers targeting organizations’ intellectual property, business systems or other key assets. Clients can benefit from continuous business operation, free from … More Continue reading Managed threat hunting service evicts adversaries from enterprise networks

ThreadFix: Software vulnerability aggregation and management system

Posted on by

ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems. A view of the application portfolio Application security programs tend to involve a number of technologies and activities, and application security teams struggle managing these testing activities and all the data they are generating. “We built ThreadFix so that application security teams can create a consolidated view of their applications … More Continue reading ThreadFix: Software vulnerability aggregation and management system

Armor Anywhere: Managed security for any cloud

Posted on by

As growing businesses increasingly rely on public, private and hybrid cloud platforms in addition to internal infrastructures, at Armor is launching Armor Anywhere to keep sensitive data safe. Armor Anywhere makes it easy to balance security, cost-effectiveness and cloud agility With an official debut at Black Hat USA 2016 in Las Vegas, Armor Anywhere provides user-friendly managed security, with visibility and controls to ensure the protection of workloads, assets and applications. Compatible with popular cloud … More Continue reading Armor Anywhere: Managed security for any cloud