In the ever-evolving landscape of cybersecurity, zero authority is giving defenders a new perspective on security and business enablement, said Jake Seid, general partner at Ballistic Ventures. "Zero authority is an architectural change that affects every area of security," he said.
In encryption-less attacks, ransomware gangs steal large volumes of sensitive data, including terabytes of information, without locking up systems. Attackers leverage the value of the stolen data as a means to coerce organizations into paying ransoms to avert data release.
The cybersecurity industry remains resilient in the face of recession fears, said Alberto Yépez, co-founder and managing director of Forgepoint Capital. Amid economic shifts and technological advancements, the market is adapting to new challenges and opportunities.
Conventional wisdom recommends to never negotiate with ransomware actors. They can't be trusted. But Mark Lance at GuidePoint Security recently made the case that organizations can gather important information through negotiations, slow down the process and even lower the ransom demand.
This year's massive exploitation of managed file transfer products such as Fortra's GoAnywhere and Progress Software's MOVEit proves that MFTs are a hacker's paradise. Research by John Dwyer of IBM Security X-Force shows why and also reveals a path toward protecting MFTs in the future.
Large enterprises may have hundreds or thousands of APIs. Concerns over API vulnerabilities have been around for years, but most organizations outside of highly regulated industries such as banking have not taken the steps to understand the threats they face, said Richard Bird, CSO at Traceable.
The cyber insurance landscape has evolved significantly over the last 10 to 15 years. Initially, renewals were relatively straightforward, but with the rise of cyberthreats such as ransomware, the market has shifted dramatically to reduce risk exposure.
Browser security and microsegmentation play critical roles in stemming the bleeding from ransomware attacks, as "almost always the attacks come from a point-based browser vector," said Spencer Tall, managing director, AllegisCyber Capital. He shared two approaches to ensure secure browser adoption.
The C-suite and boards are more involved in cybersecurity decisions than ever before, but executive leaders still have a huge disconnect between perceptions and operational realities. This gap leads to miscommunication and missed expectations that could pose great risks to the enterprise.
DDoS attacks often disrupt the normal functioning of a targeted server, service or network by overwhelming it with a flood of traffic. KillNet, a collective of Russian-aligned hacktivists known for its DDoS attacks, gained attention by successfully taking down several U.S. government websites.
As the potential harm posed by technology increases, the cybersecurity stakes are changing, warned speakers at Black Hat Europe. With governments taking a greater interest in regulating cybersecurity - and perhaps practitioners - experts urged practitioners to collectively guide their own destiny.
"Who here thinks your network or environment will become more complex next year?" a cybersecurity veteran asked the audience at Black Hat Europe this week in London. As attackers' capabilities continue to improve, Jeff Moss said defenders must learn to succeed or fail faster.
Black Hat Europe returns to London, offering deep dives into the latest cybersecurity research and trends, including how to build an open, transparent, but also secure internet; harvesting zero-day flaws before attackers; what we can learn from "metaparasitical" scammers who scam scammers; and more.
Security executives at Black Hat USA 2022 discuss the latest cybersecurity trends from confidential computing and unified threat hunting languages to attack surface management and recovery services, social engineering campaigns and blockchain vulnerabilities.
Black Hat USA 2022 opened with somber warnings from Chris Krebs about why application developers, vendors and the government need to solve major industry challenges. Key security executives also discussed DNS visibility, cloud security, patch management, APT strategies and supply chain woes.