Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

Uncategorized

 

News alert: p0 launches from stealth, leverages Generative AI to improve software integrity

New York City, New York – Jan. 30, 2024; In an increasingly competitive and malicious environment vulnerabilities in enterprise codebases can lead to catastrophic security failures.

Many times these can be fatal for businesses built on a foundation of customer trust and reliability. Data security is the most fundamental promise that a business can make to its users. Despite this, we have grown accustomed to hearing about massive data exploits on an almost daily basis. It is logical that recent research has found that 71% of software engineers are concerned about software reliability at their workplace.

p0 has launched from stealth and today announces that it has raised $6.5m from Lightspeed Venture Partners with participation from Alchemy Ventures to help stop catastrophic software failures.

p0’s proprietary technology leverages Large Language Models (LLMs) to identify safety and security issues in software before it is ever run in a production environment. p0’s technology provides a single-click solution with no need for additional user configuration.

News alert: NCA’s Data Privacy Week webinars highlight data protection for consumers, businesses

Washington D.C. Jan. 22, 2024 – Today, the National Cybersecurity Alliance (NCA), announced the program for its third annual Data Privacy Week campaign, which will take place from January 22nd to January 27th.

Throughout the week, NCA will emphasize the critical significance of digital privacy for both consumers and businesses through a series of educational webinars featuring experts from various industries.

“Knowing how to safeguard your personal information has never been more important than it is today. Between social media, mobile apps, internet-connected devices and the rise of artificial intelligence vast amounts of personal data is being gathered constantly, putting individuals’ privacy at risk,” said Lisa Plaggemier, Executive Director at NCA. “As innovation continues to outpace regulation, individuals and businesses alike need to make concerted efforts to educate themselves and take a proactive role in preserving the privacy of sensitive data.

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

Tel Aviv, Israel – Jan. 23, 2024 — Sternum, the pioneer in embedded IoT security and observability, today announced enhanced security for the ChargePoint Home Flex.

In a comprehensive research project, Sternum identified a potential vulnerability involving the reverse SSH tunnel and deprecated NTP client and HTTP servers. ChargePoint, with its last firmware update, has disabled the HTTP server and updated the NTP client to address the issues.

Thanks to the analysis and help of Sternum IoT, ChargePoint was able to correct weaknesses in CPH50, reduce the attack surface and thus improve the security of the product.

News alert: Incogni study reveals overwhelming majority of spam calls originate locally

Los Angeles, Calif., Jan. 17, 2024 – Spam calls continue to be a major nuisance in the US, and advice on how to avoid them abound.

Incogni’s latest research challenges prevalent assumptions about spam calls, revealing that traditional advice on avoiding specific area codes is largely ineffective. The study, based on the latest data from the Federal Trade Commission (FTC), demonstrates that, contrary to popular belief, a staggering 59.81% of all unwanted calls originate from local numbers within the recipient’s state.

An in-depth study of the FTC data debunks the notion that certain area codes reliably signify spam. Incogni’s researchers found that spam area codes vary widely from state to state, discrediting the widely circulated lists suggesting specific area codes to avoid. Even well-known recommendations like area code 216 for Cleveland, Ohio, or 469 for Dallas, Texas, do not align with the data

News alert: Trimarc launches Active Directory security posture tool for enterprise, M&A

Washington, DC, Jan. 12, 2024 – Trimarc Security, the professional services company with extensive expertise in securing Active Directory for enterprise organizations, today announced the early access availability of its new product, Trimarc Vision.

Trimarc Vision is a powerful security posture analysis product that provides visibility into the most important security components of Active Directory. With Trimarc Vision, organizations gain continuous monitoring of security issues attackers leverage to compromise Active Directory (AD).

With dozens to hundreds of thousands of AD users often spread across multiple domains and forests, maintaining a strong security posture can be a daunting task. This is especially true when performing

News alert: Salvador Technologies raises $6M to empower cyber resilience in critical systems

Rehovot, Israel Dec. 18, 2023 – Salvador Technologies, the pioneering cyber-attack recovery platform provider for critical infrastructures and industrial organizations, today announced that it has secured $6m in funding.

Salvador Technologies’ investment round was led by Pico Venture Partners with participation from existing investors, such as Pitango VC and Sarona Partners, who continue to play an essential role in shaping the company.

Salvador Technologies has built its market-leading cyber-attack recovery platform with its patented security failover technology to prevent downtime damage and ensure ongoing operational continuity for Operational Technology (OT) and Industrial Control Systems (ICS). With the average downtime period after a cyber-attack being up to three weeks and leading to the majority of direct and indirect damages, Salvador Technologies’ platform bypasses standard recovery protocols and allows critical infrastructure operators and industrial enterprises to

News alert: Detectify’s EASM research reveals top overlooked vulnerabilities from 2023

Stockhom, Sweden & Boston, Mass., Dec. 12, 2023 – Detectify, the External Attack Surface Management platform powered by elite ethical hackers, has today released its “State of EASM 2023” report.

The research incorporates insights from Detectify’s customer base and provides a snapshot of the threat landscape faced by core industries and regions that Detectify serves. Findings reveal that organizations’ most prominent threats during 2023 are vulnerabilities not covered by common disclosure processes, like CVEs, and demonstrate the risks associated with an overly reliant approach to established methods.

Noteworthy findings from the report include:

•100% of the top three vulnerabilities found across all industries were not covered by a CVE. Additionally, 75% of the total vulnerabilities regularly scanned by Detectify, primarily crowdsourced from its community of ethical hackers, don’t have a CVE assigned. Over-reliance on frameworks like the CVE program weakens