Security News

Black Hat security conference returns to Las Vegas – complete with hacks to quiet the hotel guest from hell
2021-08-09 04:02

After a year off due to a certain virus, the Black Hat and DEF CON security conferences returned to Las Vegas last week, just in time for the US government's attempts to foster more collaboration across the infosec industry. The newly appointed Security Director of the Cybersecurity and Infrastructure Agency Jen Easterly took to the virtual Black Hat stage last week and announced the Joint Cyber Defense Collaborative, which she claimed would be a true public/private partnership to try to lock down security incidents by sharing data and skills.

CIS Secure expands portfolio of TSG devices with Poly 8300 conference phone
2021-07-30 00:00

CIS Secure received approval from the National Telecommunications Security Working Group for its new Poly 8300 TSG conference phone. The Poly 8300 conference phone is designed to transform any small conference room hub into a TSG-protected secure collaboration space.

Respect in Security initiative aims to build reporting lines for infosec bods suffering harassment at work, conferences and online
2021-07-22 15:30

A new initiative aims to make it easier to report personal abuse and harassment within the information security industry - without the involvement of social media mobs. Respect in Security, launched today with support from Trend Micro's veep of security research Rik Ferguson, Lisa Forte, a partner at Red Goat Cyber Security and other notable folk from the UK infosec scene, aims to set up a "Vulnerability style" reporting scheme for infosec professionals to flag up harassment and abuse to abusers' employers.

Respect in Security initiative aims to build reporting lines for infosec bods suffering harassment at work, conferences and online
2021-07-22 15:30

A new initiative aims to make it easier to report personal abuse and harassment within the information security industry - without the involvement of social media mobs. Respect in Security, launched today with support from Trend Micro's veep of security research Rik Ferguson, Lisa Forte, a partner at Red Goat Cyber Security and other notable folk from the UK infosec scene, aims to set up a "Vulnerability style" reporting scheme for infosec professionals to flag up harassment and abuse to abusers' employers.

Flaws in STEM Conference Room Speakerphone Can Be Exploited to Spy on Users
2021-06-16 10:05

Vulnerabilities identified in the STEM Audio Table conference room speakerphone could be exploited by hackers for various purposes, including to eavesdrop on conversations, according to cybersecurity research firm GRIMM. The first identified issue is a stack-based buffer overflow in the function responsible for handling user requests for the device's "Local server" configuration option. GRIMM's researchers discovered a command injection bug in the firmware update mechanism of the device, which is handled by a Python script that accepts user-supplied arguments.

How a conference room speakerphone might let attackers into your company network
2021-06-14 12:24

Several egregious vulnerabilities affecting the Stem Audio Table conference room speakerphone could be exploited by attackers to eavesdrop on what's being discussed in its proximity, download malicious firmware, achieve and maintain network persistence, and more, GRIMM researchers have discovered. Stack buffer overflow and command injection flaws that could allow attackers to execute arbitrary code as root on the device.

One step closer to quantum-secure conference calls
2021-06-11 03:30

The world is one step closer to ultimately secure conference calls, thanks to a collaboration between Quantum Communications Hub researchers and their German colleagues, enabling a quantum-secure conversation to take place between four parties simultaneously. This advance in quantum secured communications could lead to conference calls with inherent unhackable security measures, underpinned by the principles of quantum physics.

Resilience: RSA Conference 2021
2021-05-28 14:37

Whether bolstering or enhancing corporate security posture, creating awareness for formerly office-based employees now working from home or responding to the damage caused by an unfortunate breach or attack, we have learned the importance of resilience and the need to learn from success or failure. The pandemic produced new challenges for security teams in addition to their existing workload. They not only found themselves working remotely - but with a workforce doing the same, threats that could be spotted on the corporate network were now starting to hide on a home WiFi.

RSA Conference 2021 - Summary of Vendor Announcements
2021-05-21 12:36

Arctic Wolf announced Managed Security Awareness, a new solution that it described as a security awareness and training program delivered as a concierge service. The new solution includes security awareness microlearning, automated phishing simulations, and account takeover monitoring.

RSA Conference 2021 - Product Announcement Summary (Day 1)
2021-05-18 11:20

Cisco announces XDR, SASE and network security improvements. Cisco unveiled improvements for its extended detection and response solutions, including enhanced vulnerability management capabilities as a result of the acquisition of Kenna Security, better device visibility via SecureX, simplified transition from EDR to XDR, and expanded investigation and threat hunting capabilities.