Black Hat Conference: Multi-Vector EDR, With Qualys

Black Hat USA went virtual this year, thanks to COVID-19. Nonetheless, as always it was chock full of compelling stuff. I had the honor of hosting a session during the weeklong event, speaking with Sumedh Thakar, president and CPO of Qualys, and Ben C… Continue reading Black Hat Conference: Multi-Vector EDR, With Qualys

Is ‘Secure Immutable Infrastructure’ a Myth? 

The trend to shift left for security, when done right, has generated some positive results. As software development teams seek to deploy software at faster speeds, security teams have concurrently been tasked with making sure that compliance is met an… Continue reading Is ‘Secure Immutable Infrastructure’ a Myth? 

Researchers flag two zero-days in Windows Print Spooler

In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach Labs. A month later, the two researchers found a way to bypass the patch and… Continue reading Researchers flag two zero-days in Windows Print Spooler

Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros

At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft’s malicious macros protections to infect MacOS users. Continue reading Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros

BluBracket updates Code Security Suite, adds stolen and leaked code detection

BluBracket introduced significant new functionality to its Code Security Suite, allowing companies for the first time to find stolen and copied source code in public repositories. In today’s digital coding environment, code can be copied and shared wit… Continue reading BluBracket updates Code Security Suite, adds stolen and leaked code detection

Security analysis of legacy programming environments reveals critical flaws

New research from Trend Micro highlights design flaws in legacy languages and released new secure coding guidelines. These are designed to help Industry 4.0 developers greatly reduce the software attack surface, and therefore decrease business disrupti… Continue reading Security analysis of legacy programming environments reveals critical flaws

Exabeam customers can now license its cloud SIEM technology by use case

Exabeam customers can now license its cloud SIEM technology by use case, beginning with licensable use cases for expedited insider threat and compromised credential detection. In addition, to simplify the process of acquiring and installing critical se… Continue reading Exabeam customers can now license its cloud SIEM technology by use case

PE Tree: Free open source tool for reverse-engineering PE files

PE Tree, a malware reverse-engineering, open source tool developed by the BlackBerry Research and Intelligence team, has been made available for free to the cybersecurity community. About PE Tree PE Tree allows malware analysts to view Portable Executa… Continue reading PE Tree: Free open source tool for reverse-engineering PE files

Analysis of 92 billion rejected emails uncovers threat actors’ motivations

Mimecast released the Threat Intelligence Report: Black Hat U.S.A. Edition 2020, which presents insights gleaned from the analysis of 195 billion emails processed by Mimecast for its customers from January through June 2020. Of those, 92 billion (47%) … Continue reading Analysis of 92 billion rejected emails uncovers threat actors’ motivations

Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes

With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com – and why they are the “holy grail” for attackers. Continue reading Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes