Black hat

CrowdStrike 2023 Threat Hunting Report Reveals Identity-Based Attacks and Hands-on-Keyboard Activity on the Rise as Adversaries Look to Bypass Defenses

Retrieved on: 
Tuesday, August 8, 2023
Software, Networks, Internet, Data Management, Technology, Online Privacy, Other Technology, Security, Universe, HAT, Metadata, Noise, CrowdStrike, Black hat, RMM, Intelligence, CISA, Microsoft, Active Directory, Sale, Abuse, Adversary, BLACK, Yoy, API, Environment, Risk management, Cryptocurrency, Linux

BLACK HAT USA -- CrowdStrike (Nasdaq: CRWD), today announced the release of the CrowdStrike 2023 Threat Hunting Report .

Key Points: 
  • BLACK HAT USA -- CrowdStrike (Nasdaq: CRWD), today announced the release of the CrowdStrike 2023 Threat Hunting Report .
  • Covering adversary activity between July 2022 and June 2023, the report is the first to be published by CrowdStrike’s newly unveiled Counter Adversary Operations team , which was officially announced this week at Black Hat USA 2023.
  • Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes.”
    Download your copy of the full 2023 CrowdStrike Threat Hunting Report on the CrowdStrike website.
  • Listen to the CrowdStrike Adversary Universe podcast to Know and Stop the Adversary.

eSentire's New MDR Agent Brings Unmatched Cybersecurity Value to Small and Medium Businesses

Retrieved on: 
Tuesday, August 8, 2023
Banking, Technology, Electronic Commerce, Professional Services, Small Business, Payments, Security, Other Technology, Software, Networks, Internet, Mobile, Wireless, Hardware, Data Management, Finance, Consulting, Fintech, Carbon, Software as a service, XDR, CrowdStrike, Black hat, VMware Carbon Black, Microsoft, Luigi, SOC, SentinelOne, Organization, Security operations center, Agent, MDR, Platform, Authority, Extended detection and response, SLA, Incident, Telemetry, Risk management, Medical device

eSentire, Inc. , the Authority in Managed Detection and Response (MDR), today announced the expansion of its proprietary software and services portfolio with the introduction of its new MDR Agent.

Key Points: 
  • eSentire, Inc. , the Authority in Managed Detection and Response (MDR), today announced the expansion of its proprietary software and services portfolio with the introduction of its new MDR Agent.
  • The eSentire Agent is the latest innovation of the firm's SaaS-based Extended Detection and Response (XDR) Platform, developed specifically for small and medium businesses (SMBs) seeking affordable prevention, detection, investigation, and response capabilities as part of an all-in-one 24/7 solution.
  • Over the last 24 months, eSentire has scaled its digital forensics software to also power MDR outcomes – delivering unmatched time to value and choice for SMBs.
  • That’s why we are bringing the eSentire MDR Agent to market as part of full-service bundles that offer enterprise-grade security at a fraction of the price.

Edgio Strengthens Global SOC and Security Leadership with Addition of Veteran Security Expert, Tom Gorup

Retrieved on: 
Tuesday, August 8, 2023
Data Management, Security, Technology, Audio, Video, Telecommunications, Networks, Internet, United States Department of the Army, Response, Purple Heart, Generic Security Services Application Program Interface, Wegadesk Gorup-Paul, Information security operations center, Black hat, API, Denial-of-service attack, Intelligence, Multimedia, Organization, GM, 10th Mountain Division, Risk, Entrepreneurship, Computer security, Risk management, Edgio

Edgio, Inc. (Nasdaq: EGIO), the platform of choice for speed, security, and simplicity at the edge, today announced the appointment of Tom Gorup as its Vice President of Security Services.

Key Points: 
  • Edgio, Inc. (Nasdaq: EGIO), the platform of choice for speed, security, and simplicity at the edge, today announced the appointment of Tom Gorup as its Vice President of Security Services.
  • With 15 years of experience in the cybersecurity industry, Gorup will lead the company's security managed services and operations and will report directly to Edgio CTO and GM of Security and Applications, Ajay Kapur.
  • View the full release here: https://www.businesswire.com/news/home/20230808357256/en/
    Prior to Edgio, Tom held several executive-level security positions, including Vice President of Security Operations at Alert Logic (now Fortra) where he led Alert Logic's global Security Operations Centers.
  • I look forward to collaborating with the talented team at Edgio to deliver unparalleled security solutions to our clients."

CRITICALSTART® Announces New Vulnerability Prioritization Offering

Retrieved on: 
Tuesday, August 8, 2023
Dark, Common Vulnerability Scoring System, GitHub, UI, NVD, Common Vulnerabilities and Exposures, Black hat, CVE, API, KEV, Vulnerability, Intelligence, CISA, CVSS, Web page, Information, Organization, Dark web, MDR, Risk, Euro starter kits, Environment, Computer security, Risk management, Critical Start

"Our new offering integrates seamlessly with existing supported vulnerability management tools to help organizations identify and prioritize vulnerabilities based on real-world exploit weaponization."

Key Points: 
  • "Our new offering integrates seamlessly with existing supported vulnerability management tools to help organizations identify and prioritize vulnerabilities based on real-world exploit weaponization."
  • Critical Start's Vulnerability Prioritization offering assigns a dynamic risk score to each vulnerability based on multi-vector factors including asset criticality, threat intelligence, and exploit availability.
  • Key features in Critical Start's Vulnerability Prioritization offering include:
    One-click Configuration for Existing Vulnerability Management Tools: Delivered as a new offering from Critical Start's platform, Vulnerability Prioritization seamlessly integrates via API using the vulnerability scanning results of the technologies customers already use.
  • Critical Start's new Vulnerability Prioritization offering will be available later in 2023.

SafeBreach Labs to Present at Black Hat USA and DefCon 2023 Conference

Retrieved on: 
Tuesday, August 8, 2023
Software, Technology, Security, Cloud, SafeBreach, Black hat, API, Denial-of-service attack, Microsoft, Tomer Bar, Research, EDR, BLACK, Byte, BAS, Cooking, DEFCON, City, Transport, DoubleDrive, SSL, PII, Risk management, Online shopping

BLACK HAT 2023 - SafeBreach , the pioneer in breach and attack simulation (BAS), today announced its extensive participation in the upcoming Black Hat USA 2023 and DefCon 2023 conferences.

Key Points: 
  • BLACK HAT 2023 - SafeBreach , the pioneer in breach and attack simulation (BAS), today announced its extensive participation in the upcoming Black Hat USA 2023 and DefCon 2023 conferences.
  • The researchers will go further to demonstrate Defender-Pretender, an open-source tool developed and executed as an unprivileged user to achieve multiple attack vectors.
  • “The aim of our research at SafeBreach is to protect our customers and educate the community,” said Guy Bejerano, CEO at SafeBreach.
  • To help customers stay another step ahead of their adversaries, SafeBreach is also introducing Original Attacks, created as a result of the research being presented at Black Hat and DefCon, into its Hacker’s Playbook™.

NetSPI Debuts ML/AI Penetration Testing, a Holistic Approach to Securing Machine Learning Models and LLM Implementations

Retrieved on: 
Tuesday, August 8, 2023
LLM, Paramount, Black hat, Weakness, ML, Holism, Organization, Machine learning, Ideation, Knowledge, AI, Research, Medical device

MINNEAPOLIS, Aug. 8, 2023 /PRNewswire/ -- NetSPI, the global leader in offensive security, today debuted its ML/AI Pentesting solution to bring a more holistic and proactive approach to safeguarding machine learning model implementations. The first-of-its-kind solution focuses on two core components: Identifying, analyzing, and remediating vulnerabilities on machine learning systems such as Large Language Models (LLMs) and providing grounded advice and real-world guidance to ensure security is considered from ideation to implementation.

Key Points: 
  • MINNEAPOLIS, Aug. 8, 2023 /PRNewswire/ -- NetSPI , the global leader in offensive security, today debuted its ML/AI Pentesting solution to bring a more holistic and proactive approach to safeguarding machine learning model implementations.
  • As adoption of ML and AI accelerates, organizations must understand the unique threats that accompany this technology to better identify areas of weakness and build more secure models.
  • NetSPI's testing methodology is rooted in adversarial machine learning – the study of adversarial attacks on ML and corresponding defenses.
  • NetSPI will be available to discuss the new ML/AI Penetration Testing solution onsite at Black Hat USA from August 9-10.

runZero Expands Leadership Team with Proven Go-to-Market Experts

Retrieved on: 
Tuesday, August 8, 2023
Data Management, Security, Technology, Other Technology, Software, Networks, Internet, HAT, AT&T, Software as a service, AT&T Cybersecurity, H. D. Moore, General counsel, AT, Marketing, Black hat, SolarWinds, CMO, BMC Software, Organization, Asana, Philosophy, BLACK, DEF, Growth, GTM, Insight, E2open, Cybereason, Insight Partners, Management

Julie Albright joins the leadership team as Chief Marketing Officer (CMO) and Bill Strogis as Chief Revenue Officer (CRO).

Key Points: 
  • Julie Albright joins the leadership team as Chief Marketing Officer (CMO) and Bill Strogis as Chief Revenue Officer (CRO).
  • These appointments follow the recent hiring of Dan Forth as Chief Financial Officer and Fallon Neuvert as General Counsel as the company rounds out its executive leadership team.
  • “As the demand for our cyber asset management solutions continues to rapidly grow, we have assembled a world-class leadership team to scale our business.
  • She previously held senior leadership and advisory roles at Resolve Systems, SolarWinds, AlienVault (acquired by AT&T), Asana, E2open, and Syncsort (now Precisely), among others.

OCSF Celebrates First Anniversary with the Launch of a New Open Data Schema

Retrieved on: 
Tuesday, August 8, 2023
Software, Technology, Data Management, Security, IDC, Amazon Web Services, CrowdStrike, Risk, API, IBM Secure Service Container, SVP, Environment, Telemetry, Business development, Wolf, Headache, GRC, Peter Head (civil engineer), Hope, SentinelOne, Language, Organization, Akamai Technologies, Growth, Entrepreneurship, XDR, Black hat, Trust, SOC, Wiz, Semantics, Sigma, IBM, Partnership, Additive manufacturing file format, IO, Secop, Security and Trust Services API for J2ME, Intelligence, State Street Bank and Trust Company, EDR, Trend Micro, Translation, AWS, Product strategy, Risk management, Cryptocurrency, Online shopping, Information technology, Medical device, SIEM, Splunk, Torc, Atlassian, Broadcom Inc.

Security solutions that utilize the OCSF schema produce data in the same consistent format, so security teams can save time and effort on normalizing the data and get to analyzing it sooner, accelerating time-to-detection.

Key Points: 
  • Security solutions that utilize the OCSF schema produce data in the same consistent format, so security teams can save time and effort on normalizing the data and get to analyzing it sooner, accelerating time-to-detection.
  • Additionally, a growing number of Fortune 500 enterprises and public sector agencies have adopted the OCSF schema for internal use.
  • "The OCSF open framework removes a long-standing obstacle to data exchange that has plagued the security industry for years," said Paul Agbabian, vice-president of security technology leadership at Splunk.
  • “Without a common language, organizations have to analyze security-relevant telemetry and log data using multiple tools, technologies, and vendors.

SecurityScorecard Launches Managed Cyber Risk Services to Mitigate Zero-Day and Critical Supply Chain Vulnerabilities

Retrieved on: 
Monday, August 7, 2023
Data Management, Security, Technology, Logistics, Supply Chain Management, Transport, Software, Internet, Workforce, Communication, Professional services, Streamline, Senior, MSSP, Partner, Black hat, API, Risk management, Intelligence, Research, Organization, Acquisition, BLACK, Risk, SecurityScorecard, Architecture, Entrepreneurship, Ecosystem, Mandiant, Cryptocurrency

BLACK HAT 2023 – SecurityScorecard today announced new partner-focused Managed Cyber Risk Services designed to help customers of all types and sizes operationalize third-party cyber risk management.

Key Points: 
  • BLACK HAT 2023 – SecurityScorecard today announced new partner-focused Managed Cyber Risk Services designed to help customers of all types and sizes operationalize third-party cyber risk management.
  • SecurityScorecard Managed Cyber Risk Services are directly connected to the SecurityScorecard Platform, allowing drill down into specific portfolios, companies, findings, and issues.
  • Organizations interested in SecurityScorecard Managed Cyber Risk Services can sign up for an invitation by clicking here and scheduling time with SecurityScorecard at Black Hat USA 2023.
  • Partners interested in SecurityScorecard Managed Cyber Risk Services should contact the alliances' team by clicking here or contact their partner relationship manager.

Cado Security Experts Introducing New Varc Capability and Cloud-Focused Malware Campaigns at Black Hat USA and BSides Las Vegas 2023

Retrieved on: 
Monday, August 7, 2023
Software, Technology, Networks, Security, Cloud, Security BSides, TTP/A, Arsenal, Black hat, Policy, Research, YARA, IP, Connecticut Business Hall of Fame, Philosophy, Cador, Collection, Doman, Motivation, Artifact, Video game, Medical device

Chris Doman, CTO and Co-founder, and Matt Muir, Threat Intelligence Researcher, are presenting at two of cybersecurity's most prestigious events this August in Las Vegas.

Key Points: 
  • Chris Doman, CTO and Co-founder, and Matt Muir, Threat Intelligence Researcher, are presenting at two of cybersecurity's most prestigious events this August in Las Vegas.
  • Cado Security will present Introducing varc: Volatile Artifact Collector at Black Hat on Wednesday, August 9 at, 10:00-11:30 am PT in the Business Hall, Arsenal Station 2, to showcase Cado Security's open-source volatile artifact collection tool.
  • Cado Security Labs Threat Intelligence Researcher Matt Muir will present The Ever-shifting Habits of Cloud-focused Malware Campaigns on the Breaking Ground track on Wednesday, August 9, at 5:00-5:45 pm PT at BSides Las Vegas.
  • The talk will analyze recent cloud-focused malware campaigns, including those which have diversified from the common objective of cryptojacking.