#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

cybersecurity conference | Breaking Cybersecurity News | The Hacker News

Category — cybersecurity conference
High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

Sep 12, 2022
A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first  revealed details  of the issues at the  Black Hat USA conference  in mid-August 2022, said the vulnerabilities "can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement." Firmware flaws can have serious implications as they can be abused by an adversary to achieve long-term persistence on a device in a manner that can survive reboots and evade traditional operating system-level security protections. The high-severity weaknesses identified by Binarly affect HP EliteBook devices and concern a case of memory corruption in the System Management Mode (SMM) of the firmware, thereby enabling the execution of arbitrary code with the highest privileges - CVE-2022-23930  (CVSS score: 8.2) - Stack-based b...
Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

Aug 05, 2020
A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to HTTP request smuggling even after 15 years since they were first documented. What is HTTP Request Smuggling? HTTP request smuggling (or HTTP Desyncing) is a technique employed to interfere with the way a website processes sequences of HTTP requests that are received from one or more users. Vulnerabilities related to HTTP request smuggling typically arise when the front-end (a load balancer or proxy) and the back-end servers interpret the boundary of an HTTP request differently, thereby allowing a bad actor to send (or "smuggle") an ambiguous request that gets prepended to the next le...
Top 10 Most Innovative Cybersecurity Companies After RSA 2020

Top 10 Most Innovative Cybersecurity Companies After RSA 2020

Mar 04, 2020
The RSA Conference , the world's leading information security conference and exposition, held its 29th annual event in San Francisco last week. According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss privacy, Machine Learning, and AI, policy and government, applied crypto and blockchain, and, new for the RSA Conference 2020, open source tools, product security and anti-fraud. Despite several large vendors including Verizon and IBM canceling their presence in light of the spiraling panic around coronavirus, the event was one of the brightest and innovative, according to numerous stakeholders expressing their excitement in the media and on social networks. We decided to gather some feedback from the attendees, journalists, and security experts involved in RSA 2020 to understand the most recent cybersecurity trends after this milestone event. Below is our selection of 10 most innovative cybersecurity com...
cyber security

SaaS Security Made Simple

websiteAppomniSaaS Security / SSPM
Simplify SaaS security with a vendor checklist, RFP, and expert guidance.
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

Jun 26, 2025Data Protection / Compliance
SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...
Expert Insights Articles Videos
Cybersecurity Resources