#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

cybersecurity conference | Breaking Cybersecurity News | The Hacker News

Category — cybersecurity conference
High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

Sep 12, 2022
A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first  revealed details  of the issues at the  Black Hat USA conference  in mid-August 2022, said the vulnerabilities "can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement." Firmware flaws can have serious implications as they can be abused by an adversary to achieve long-term persistence on a device in a manner that can survive reboots and evade traditional operating system-level security protections. The high-severity weaknesses identified by Binarly affect HP EliteBook devices and concern a case of memory corruption in the System Management Mode (SMM) of the firmware, thereby enabling the execution of arbitrary code with the highest privileges - CVE-2022-23930  (CVSS score: 8.2) - Stack-based buffer
Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

Aug 05, 2020
A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to HTTP request smuggling even after 15 years since they were first documented. What is HTTP Request Smuggling? HTTP request smuggling (or HTTP Desyncing) is a technique employed to interfere with the way a website processes sequences of HTTP requests that are received from one or more users. Vulnerabilities related to HTTP request smuggling typically arise when the front-end (a load balancer or proxy) and the back-end servers interpret the boundary of an HTTP request differently, thereby allowing a bad actor to send (or "smuggle") an ambiguous request that gets prepended to the next le
cyber security

Earn a Master's in Cybersecurity Risk Management

websiteGeorgetown UniversityCyber Security
Lead the future of cybersecurity risk management with an online Master's from Georgetown.
Top 10 Most Innovative Cybersecurity Companies After RSA 2020

Top 10 Most Innovative Cybersecurity Companies After RSA 2020

Mar 04, 2020
The RSA Conference , the world's leading information security conference and exposition, held its 29th annual event in San Francisco last week. According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss privacy, Machine Learning, and AI, policy and government, applied crypto and blockchain, and, new for the RSA Conference 2020, open source tools, product security and anti-fraud. Despite several large vendors including Verizon and IBM canceling their presence in light of the spiraling panic around coronavirus, the event was one of the brightest and innovative, according to numerous stakeholders expressing their excitement in the media and on social networks. We decided to gather some feedback from the attendees, journalists, and security experts involved in RSA 2020 to understand the most recent cybersecurity trends after this milestone event. Below is our selection of 10 most innovative cybersecurity com
cyber security

Permiso Security's 2024 State of Identity Security Report

websitePermisoThreat Detection / Identity Security
More than 90% of respondents expressed concern over their team and tooling's ability to detect identity-based attacks. Learn about critical gaps in security programs and what environments pose the most risk to security teams. Download the Report.
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources