August 14, 2024 at 10:05AM Palo Alto Networks faced criticism after hiring only women dressed as lampshades at a Black Hat networking event, deeming it misogynistic. CMO Unnikrishnan KP and CEO Nikesh Arora publicly apologized for the “tone-deaf” decision, emphasizing commitment to diversity and inclusion. The incident sparked backlash from cybersecurity professionals and received widespread … Read more
August 7, 2024 at 10:07PM Symantec’s threat hunters have observed an increase in state-sponsored cyber spies and criminals using legitimate cloud services for attacking victims. The criminals are making use of platforms like Google Drive and Microsoft for free accounts, along with encryption to avoid detection. Symantec has identified several campaigns and published a list … Read more
August 6, 2024 at 08:48PM RAD Security aims to address cloud-native platform challenges by citing statistics and offering a behavioral cloud detection and response solution. The company’s “behavioral workload fingerprinting” approach detects anomalous activity and drift events, and it is being positioned as the standard for cloud security detection and response. As a Black Hat … Read more
August 5, 2024 at 01:15PM Public generative AI tools have gained immense popularity, leading to new chat capabilities and features by many applications. However, connecting these large language models to internal knowledge repositories poses risks of oversharing sensitive information. Knostic addresses this with per-user need-to-know control and aims to expand its solutions to various software-as-a-service … Read more
July 31, 2024 at 10:51AM Newly discovered vulnerabilities in hosted email services can allow threat actors to spoof sender identities and bypass security measures. The flaws, CVE-2024-7208 and CVE-2024-7209, enable authenticated attackers to send emails from different domains, potentially affecting over 20 million domains and numerous vendors. Measures to address the vulnerabilities include enhanced identity … Read more
December 1, 2023 at 11:26AM LogoFAIL vulnerabilities, found within UEFI code’s image-parsing components, could let attackers hijack the boot process and deliver bootkits on various devices using ESP image file injection. Hundreds of devices across major vendors and architectures are at risk, with the full impact yet to be determined. Meeting Takeaways: 1. LogoFAIL refers … Read more