Tag Archive for: annual

Discover the Future of Cybersecurity at the 4th Annual Open Source Security Summit

/in


Join Brian Krebs, Rachel Tobac, and Zack Kass at the forefront of open source development with security industry leaders

SANTA BARBARA, Calif., November 27, 2023–(BUSINESS WIRE)–Bitwarden, the credential management leader, today announced the fourth annual Open Source Security Summit will take place on December 7, 2023. Headline speakers for this event include Brian Krebs, cybersecurity reporter and author of popular security and investigation site Krebs on Security, Zack Kass, AI advisor and the former Head of GTM at OpenAI, and Rachel Tobac, white hat hacker and CEO of SocialProof Security. The Summit brings together business leaders, industry visionaries, and technology users to chart a path forward and highlight the future of open source security solutions.

About the Open Source Security Summit

The free and virtual Open Source Security Summit is a forum to explore the intersection of open source and security. Building on the previous three Summits, this year’s event will continue the conversation with cross-industry experts and dive deeper into why open source solutions lead to better security outcomes, as well as how using open source tools can build trust with customers and consumers.

The event kicked off in 2020, with the conversation centered around cybersecurity and credential management – a critical first line of defense for individuals and companies to mitigate cyberattacks. Subsequent events expanded to cover the topic in-depth, with attendees and business stakeholders discussing their open source strategies, challenges, and efforts to make open source security understandable to both software developers and users.

About the Speakers

Brian Krebs, independent investigative journalist and founder of popular in-depth security and investigation site Krebs on Security, is the author of ‘Spam Nation’ and a former Washington Post reporter. During his time with the newspaper, he authored more than 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for washingtonpost.com and The Washington Post newspaper. His knowledge about computers and internet security is self-taught, which he credits to having direct access to some of the smartest minds on the…

Source…

DOD Annual Report Details China’s Growing Cyber Capabilities

/in


The report says Beijing is looking to create a “highly informatized force capable of dominating all networks.”

South China Sea, Feb. 11, 2023. Photo credit: DVIDS / Seaman Carson Croom

A recently released report on the People’s Republic of China lays out an array of military and security developments, drawing attention to the increasing pressure campaign against Taiwan and the continued advancement of the country’s cyber capabilities.  

The annual unclassified report to Congress details the current and probable future course of the People’s Liberation Army, Chinese military and security strategy and organizations supporting military goals and developments for the next 20 years.  

As Beijing is growing its military arsenal, it is also expanding and investing in its cyber capabilities as it moves toward a “highly informatized force capable of dominating all networks and expanding the country’s security and development interests.” 

“The PRC has publicly identified cyberspace as a critical domain for national security and declared its intent to expedite the development of its cyber forces,” the report states. 

The threat landscape is becoming increasingly complex and widespread, the report reads, as China’s focus is expanding beyond cyber espionage on other governments and private companies. It is diversifying its focus toward the U.S. defense sector, key critical infrastructure sectors and influence operations campaigns. 

“The PRC seeks to create disruptive and destructive effects – from denial-of-service attacks to physical disruptions of critical infrastructure – to shape decision-making and disrupt military operations beginning in the initial stages and throughout a conflict. The PRC can launch cyberspace attacks that, at a minimum, can cause localized, temporary disruptions to critical infrastructure within the United States, and the PRC believes these capabilities are even more effective against military superior adversaries that depend on information technologies,” the report reads.  

“As a result, the PRC is advancing its cyberspace attack capabilities and has the ability to launch cyberspace attacks – such as disruption of natural gas pipelines for days to…

Source…

Conference registration opens for Lawfire readers for Duke’s 28th Annual National Security Law Conference! – Lawfire

/in


I’m pleased to announce that registration is now open for Duke’s 28th Annual National Security Law Conference!  presented by Duke Law’s Center on Law, Ethics and National Security (LENS)Because seats are very limited we wanted to make an announcement specifically for you as a Lawfire® reader before we opened the portal on the conference website and other public venues. If you’d like to attend (in-person only this year), please register ASAP on the registration portal is found here.

What you will experience…

There’s lots of variety in the ‘ripped-from the-headlines’ topics the conference’s world-class speakers will be addressing.  I think you’ll agree if you check out the agenda found here.

An “Early Arrival” session co-sponsored with Duke Law’s National Security Law Society will take place on Thursday, February 23 from 12:30 to 1:30 p.m. in Room 3041 at Duke Law.  Practitioners from the military, government, private industry, and ‘big law’ will discuss “Careers in National Security Law.”  They’ll explain to students, young attorneys, and others how national security law can be involved in a number of different practice venues. (Conference registration for this event is not required).

On Friday morning, the LENS Conference officially begins with Professor Nita Farahany’s keynote entitled, “The Battle for Your Brain: Neurotechnology and National Security.”  You should expect a presentation that gives new meaning to the term ‘eye-opening’.  She’ll reflect on the national security implications of neurotechnology, and share insights from her new book, “The Battle for Your Brain:Defending the Right to Think Freely in the Age of Neurotechnology.”  (You may also have a chance to purchase a copy of her book that she’ll autograph.)

It won’t come as a surprise to readers that we’ll have a panel of top experts addressing The Russo-Ukraine Conflict and the Law of War.”  You’ll hear from such renowned scholars as professors Geoff Corn, Laurie Blank, and Rob Lawless in a discussion moderated by retired Army judge advocate (and legendary law of armed conflict expert!) Colonel Dave Graham.

In a separate but…

Source…

Insight – Horizon3.ai Annual Review Snapshot 2022

/in


As Horizon3.ai wraps up the year with our highly anticipated Horizon3.ai Year in Review (2021-2022): Through the Eyes of the Attacker coming soon, we want to ensure our customers are continuing to think through:

  • What does my environment look like?
  • Are my security tools effective?
  • Did we detect the right activity?
  • Are we logging the right things?
  • Are my crown jewels and keys to the kingdom– sensitive data and privileged credentials– reachable and exploitable?

Find Fix and Verify with NodeZeroWhile looking through the eyes of an attacker, Horizon3.ai empowers our customers to gain perspective to answer these questions honestly and accurately, staying relevant to how attackers view their environment. This helps our customers find what is exploitable, fix what matters, and consequentially verify those fix actions.

Over the past year, Horizon3.ai pentests revealed cybersecurity vulnerability trends across multiple industry sectors around the globe. Specifically, the top 3 systematic issues NodeZero surfaced are:

  1. Credential Policies Are Weak, Or Often Not Enforced
  2. Patching Is Rare, Misconfiguration Fixes Are Even Rarer
  3. Security Tools Require Oversight and Fine Tuning to be Effective

Our Annual Review focuses on these 3 themes and show you how the top weaknesses NodeZero found and exploited over the past year led to critical impacts, deeper implications, and ultimately positive action by the customer to remediate vulnerabilities and weaknesses. Additionally, the 3 themes presented align with CISA’s Top 15 Routinely Exploited Vulnerabilities list and their Known Exploited Vulnerabilities List (KEVL) catalog. The list below highlights the top 10 vulnerabilities and weaknesses that NodeZero enumerated and exploited over the last year:

Horizon3.ai Top Exploitable Weaknesses of 2022

1) Credential Policies Are Weak, Or Often Not Enforced

Attackers don’t “hack” in, they log in. Regardless of what the headlines in our newsfeeds may say, cyber threat actors do not often use sophisticated hacking tools and techniques like zero-day exploits to gain access to a network; they simply log in with legitimate user credentials. Our customers are keenly aware of the risks that credential-based attacks pose to their organizations because NodeZero allows them to safely…

Source…