Welcome to Information Security Media Group's Black Hat and DEF CON 2024 Compendium featuring latest insights from the industry's top cybersecurity researchers and ethical hackers, as well as perspectives from CEOs, CISOs and government officials on the latest trends in cybersecurity and AI.
Absolute Security has strengthened its platform with the acquisition of Syxsense, adding powerful automated vulnerability management tools to its existing endpoint security capabilities. The move aims to improve security compliance and simplify complex remediation tasks for organizations.
Federal authorities are alerting healthcare entities of vulnerabilities - including older flaws - that put Apache Tomcat at risk for attacks if left unmitigated. The open-source web server is heavily used in healthcare for hosting electronic health record and other systems and applications.
HackerOne has tapped F5's longtime product leader as its next chief executive to continue expanding its portfolio beyond operating vulnerability disclosure programs. The firm tasked Kara Sprague with building on existing growth in areas including AI red teaming and penetration testing as a service.
Cobalt tapped a longtime cybersecurity product leader as its next chief executive as the company expands its footprint from penetration testing to offensive security. The vendor tasked Sonali Shah with further expanding Cobalt's platform, which now includes dynamic application security testing.
Many cybersecurity organizations hope generative artificial intelligence and large language models will help them secure the enterprise and comply with the latest regulations. But to date, commercial LLMs have big problems - hallucinations and a lack of timely data, said NYU professor Brennan Lodge.
Cato Networks Chief Security Strategist Etay Maor discusses the importance of virtual patching for defending against vulnerabilities such as Log4j, why certain enterprises struggle to patch these flaws and how visibility challenges lead to overlooked risks in critical systems.
CrowdStrike is in talks to acquire Houston-based patch management and vulnerability remediation startup Action1 for close to $1 billion, co-founder and CEO Alex Vovk told employees in an email Wednesday. This would be the largest acquisition in the endpoint security vendor's history.
CEO Yevgeny Dibrov discusses the acquisition of Silk Security and CTCI to enhance the company’s cyber risk prioritization and threat hunting capabilities. He explains why these acquisitions are crucial for addressing customer challenges and expanding Armis’ cybersecurity platform.
Software used to manage a fifth of the world's solar electricity contained flaws enabling full access to attackers, risking grid overloads and blackouts. Solar power accounts for a sliver of overall U.S. electricity generation but will make up half of domestic electricity generation by 2050.
A vulnerability in Rockwell Automation's ControlLogix 1756 devices allows attackers to bypass a critical security feature, turning the trusted slot mechanism into a hacker's secret passageway to jump between slots and gain access to industrial control systems.
BlueVoyant's Cyber Defense Platform combines proactive and reactive security measures with internal and external capabilities. CEO Jim Rosenthal explains how this comprehensive approach allows clients to manage cyber risks effectively and achieve a desired state of cyber defense readiness.
In the latest weekly update, ISMG editors discussed the massive CrowdStrike IT outage that crashed 8.5 million Windows systems and severely affected the healthcare, finance and transportation sectors. Here's what you need to know one week later about the recovery, impact and lessons learned.
A critical vulnerability in Exim Mail Transfer Agent enables threat actors to bypass email security filters and deliver malicious attachments directly to user inboxes. Nearly 5 million servers could be vulnerable, but only 82 public-facing servers have updated to the patched release, Exim 4.98.
A relatively new threat actor has compromised over 1,500 organizations worldwide since February, using open-source security tools to automate and streamline attack processes. Security researchers have tracked a significant escalation in CRYSTALRAY operations.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.