Looking back at Black Hat 2023

From AI to the evolving threat landscape, Black Hat 2023 spotlighted the security industrys latest and greatest innovations...

Three tips for building your CISO career in today’s evolving security industry

CISOs share how to build effective, collaborative teams and land your next role...

Wiz and SentinelOne announce exclusive partnership to deliver end to end cloud security

Leading cybersecurity companies partner to increase customer value and disrupt the enterprise security industry...

U.S. Government Spending Billions on Cybersecurity

In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills provide funding for a vast array of government programs and agencies, there was one thing that really stands out. Collectively, the bills that are makin...

Microsoft Zero-Days Sold and then Used

Yet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. Theres an entire industry devoted to undermining all of our security. It needs to be stopped...

Beijing Netnifty Security Gateway has a weak password vulnerability

Beijing Netnifty Information Technology Company is a leading enterprise in the domestic information security industry, specializing in the research and development, production and sales of information security products, and providing hierarchical overall security solutions and security profession...

Women in Security Part 5: Meet Lavine Oluoch, Threat Analyst

This post is part of our Women’s History Month series - follow along with us on Twitter @VMwareCarbonBlack In continued celebration of Women’s History Month, we are excited to bring you our next featured security expert as a part of our six-part Women in Security series. Throughout March, we are...

Microsoft Edge, Google Chrome Roll Out Password Protection Tools

Two major browsers –Microsoft Edge and Google Chrome – are rolling out default features, which they say will better help notify users if their password has been compromised as part of a breach or database exposure. Edge and Chrome’s moves signify a bigger push by browsers to solve the big “passwo...

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, remediation guidance, and product detections and...

Advance Your Career: Life as a Rapid7 Belfast Software Engineer

At Rapid7, we believe that by hiring a diverse team with different levels of experience and varying backgrounds, we can ChallengeConvention as OneMoose, push the boundaries of our thinking, and pursue our goals of continuous innovation to achieve secure advancement for all. As we continue to buil...

Threat Source newsletter for June 25, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We recently decided to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly in use in the security industry, we will not go along with casually assigning...

Cisco Talos replacing all mentions of 'blacklist,' 'whitelist'

There are many ways to respond to injustice, both large and small, but each response is important. While we acknowledge it is a small change, Cisco Talos is moving to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly ...

Trend Micro’s Top Ten MITRE Evaluation Considerations

The introduction of the MITRE ATT&CK evaluations is a welcomed addition to the third-party testing arena. The ATT&CK framework, and the evaluations in particular, have gone such a long way in helping advance the security industry as a whole, and the individual security products serving the market...

Beers with Talos Ep. #74: Impacting civil society

Beers with Talos BWT Podcast episode No. 74 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded March 2, 2020 We open up the show with a sugary sweet poem before talking about RSA and our annual trip through...

The New Year Calls for a Change in the OT Industry’s State of Security

In 2014, a Western European steel mill suffered serious damage from a phishing attack that penetrated its IT and Operational Technology OT networks the software and hardware dedicated to monitoring and controlling physical devices where attackers gained control of plant equipment. In 2018, 74% of...

The Next Chapter in Our Story: VMware + Carbon Black

I am excited to share with you a significant milestone in Carbon Black’s history. Earlier today, Carbon Black entered into a merger with VMware, who as of moments ago announced its intention to acquire Carbon Black. You can also read the press release with more details here, but first I’d like to...

Kraken Ransomware Upgrades Distribution with RaaS Model

The Kraken ransomware author has released a second version of the malicious code, along with a unique affiliate program on the Dark Web. According to research into Kraken v.2 the new version is being promoted in a ransomware-as-a-service RaaS model to underground forum customers, via a video...

More industry awards for our portfolio

Wallarm is pleased to have been selected as a finalist in the Cyber Security Startup of the Year and Innovative Product of the Year- Cloud Based categories for the 2018 Cyber Security Awards. The Cyber Security Awards were established in 2014, to reward the best individuals, teams and companies...

Mobile Menace Monday: re-emergence of a fake Android AV

Back in early 2013, a new mobile antivirus AV company called Armor for Android emerged into the mobile security software industry that had everyone perplexed. It seemed eerily like malware known as a Fake AV, and some even gave it that label. As a younger mobile researcher, I was one of those who...

How public-private partnerships can combat cyber adversaries

For several years now, policymakers and practitioners from governments, CERTs, and the security industry have been speaking about the importance of public-private partnerships as an essential part of combating cyber threats. It is impossible to attend a security conference without a keynote...