Interactive hacks went up 400% in the past two years
The numbers provide a needed counterweight to the argument that automated hacking (or defense) can be a tonic for everything in the cyber realm.
The numbers provide a needed counterweight to the argument that automated hacking (or defense) can be a tonic for everything in the cyber realm.
While they’re easy for attackers to set up, web shells can be difficult for defenders to detect, since they’re often targeted to specific servers and can hide in the noise of internet traffic, scanning, probing and unsuccessful attacks that most organizations see on a daily basis.
Walmart has been one of the leading pioneers in developing purple teams. Today’s columnists, Timothy Nary and Clayton Barlow-Wilcox of Booz Allen, offer insight into how purple teams can boost overall security efforts.
At the core of the document is this message: a threat model that can’t be understood outside of the security team doesn’t make any company safer.
Why nomintated: Ben Seri’s work in the IoT space specifically around BlueBorne, the first airborne IoT vulnerabilities impacting more than five billion devices globally, and BLEEDINGBIT, chip- level vulnerabilities used in the fabric of internet infrastructure. Seri has fought against the fast-paced creation and adoption of IoT devices that are created and deployed with security…
Why Nominated: Under Ben Herzberg’s leadership, Imperva’s threat research team has uncovered key vulnerabilities in Facebook, Google Photos, Drupal and other online services and platforms. Profile: Herzberg and his Imperva research team are charged with identifying and evaluating software flaws that undermine application and data security. In November 2018, Imperva disclosed a significant Facebook vulnerability that…
Why Nominated: A top security consultant who has dedicated himself to improving security for over 15 years, Alejandro Hernández was responsible for uncovering major security flaws in stock trading technologies. Profile: Alejandro Hernández, who presented new, ground-breaking research regarding security flaws in stock trading technologies during the 2018 Black Hat conference, also discovered significant stock trading…
Why nominated: Erez Yalon’s he has put his talents and tools he had previously developed as an independent security researcher to work at Checkmarx to help find vulnerabilities at wide range of websites. This includes Tinder where he found security flaws could have allowed an attacker to monitor a user’s interaction with the app and…
Why Nominated: Elisa Costante conducts research on critical infrastructure and industrial systems and then applies her findings toward the development of important technology solutions. She recently developed a specialization in business automation systems, last year revealing five vulnerabilities in popular BAS devices. Profile: Costante’s nearly 20 years of career research has led to discoveries on how…