Tag Archive for: meet

Meet the Leadership Team | Absolute

/in


Charles Blauner is an internationally recognized expert independent advisor on
Cyber Resiliency, Information Security Risk Management and Data Privacy.

Charles is a Partner and CISO in Residence at Team8 Ventures and a Venture Advisor
at the Cyber Mentors Fund. Charles is also the President of Cyber Aegis, a boutique
cyber risk management consultancy.

Previously, Charles had a distinguished career working on Information Security for
over 30 years, 25 years in Financial Services, including being the Chief Information
Security Officer (CISO) at JP Morgan and Deutsche Bank, and most recently the Global
Head of Information Security at Citi.

During this time, Charles held numerous industry leadership roles including Chair of
the Financial Services Sector Coordinating Council (FSSCC), founding Director of the
Financial Services Information Sharing and Analysis Center (FS-ISAC), and the Chair
of the OpenGroup’s Security Program.

Charles has worked closely with banking regulators around the world (OCC, FRB, BoE,
MAS, and HKMA) to help reduce the risk posed by cyber threats to the financial sector
at large.

Charles is a regular conference speaker and has had the honor of appearing in front
of US House and Senate committees.

In 2015, Charles was recognized by his peers, winning the Wasserman Award, which
recognizes outstanding career achievement and contribution to the Information
Systems Audit, Control, Security, Risk Management, and/or Governance professions.

Charles has a M.S. in Computer Science from the University of Southern California
(USC) and a B.S. in Computer Science from Rensselaer Polytechnic Institute (RPI).

Security investor and advisor
Executive Chairman (retired)
RSA, The Security Division of Dell technologies (EMC)

Art Coviello is an active investor and advisor in the security industry, guiding a number of security startups as a private investor and in his roles as a Venture Partner at Rally Ventures (an early stage investor in business technologies), as an adviser to ClearSky Security Fund, and as a Senior Advisor to Blackstone’s Tactical Opportunities Group.

Art Coviello served as Executive Chairman of RSA and Executive Vice President of EMC. Mr. Coviello has…

Source…

Meet teler-waf: Security-focused HTTP middleware for the Go framework

/in


Protection against XSS, SQLi, and more web attacks for Go-based web applications

the teler-waf tool offers software developers a means to uncover web-based vulnerabilities in Go-based applications

A developer has released a new tool for Go applications that is designed to combat web-based attacks.

Developer and security engineer Dwi Siswanto revealed the open source teler-waf software on January 2. The 24-year-old said on Twitter that the technology was designed to “improve the security of Go-based web applications”.

Available on GitHub, teler-waf acts as HTTP middleware, with an interface for integrating intrusion detection system (IDS) functionality into existing applications.

Teler-waf’s security functions include protection against common web-based threats, such as cross-site scripting (XSS) attacks and SQL injections.

Furthermore, the tool will detect bad IP addresses linked to known threat actors and botnets; malicious HTTP referers, crawlers, and scrapers suspected of causing performance issues or performing illicit data scraping; and locations associated with directory-based brute-force attacks.

Under the bonnet

Speaking to The Daily Swig, Siswanto, who developed teler-waf independently, said the software has several benefits.

A key feature, for example, is the use of datasets updated daily that track known vulnerabilities and malicious patterns of attack. External resources include information from the PHPIDS project, CVE lists from the Project Discovery team, and collections sourced from the Nginx Ultimate Bad Bot Blocker and Crawler Detect.

WIN SWAG Complete our reader survey to be in with a chance of winning Burp Suite merchandise

In addition, teler-waf comes with a net/http handler for integration with application routing functionality, which Siswanto said “makes it easy to integrate into any framework and [is] also highly configurable, allowing it to be tailored to the specific needs of a given web application.

“When a client makes a request to a route protected by teler-waf, the request is first checked against the teler IDS to detect known malicious patterns,“ the developer says. “If no malicious patterns are detected, the request is then passed through for further processing.”

Show and teler

Siswanto is also the creator of teler, a…

Source…

Meet the Windows servers that have been fueling massive DDoSes for months

/in


Meet the Windows servers that have been fueling massive DDoSes for months

Aurich Lawson / Getty

A small retail business in North Africa, a North American telecommunications provider, and two separate religious organizations: What do they have in common? They’re all running poorly configured Microsoft servers that for months or years have been spraying the Internet with gigabytes-per-second of junk data in distributed-denial-of-service attacks designed to disrupt or completely take down websites and services.

In all, recently published research from Black Lotus Labs, the research arm of networking and application technology company Lumen, identified more than 12,000 servers—all running Microsoft domain controllers hosting the company’s Active Directory services—that were regularly used to magnify the size of distributed-denial-of-service attacks, or DDoSes.

A never-ending arms race

For decades, DDoSers have battled with defenders in a never-ending arms race. Early on, DDoSers simply corralled ever-larger numbers of Internet-connected devices into botnets and then used them to simultaneously send a target more data than it could handle. Targets—be they games, new sites, or even crucial pillars of Internet infrastructure—often buckled at the strain and either completely fell over or slowed to a trickle.

Companies like Lumen, Netscout, Cloudflare, and Akamai then countered with defenses that filtered out the junk traffic, allowing their customers to withstand the torrents. DDoSers responded by rolling out new types of attacks that temporarily stymied those defenses. The race continues to play out.

One of the chief methods DDoSers use to gain the upper hand is known as reflection. Rather than sending the torrent of junk traffic to the target directly, DDoSers send network requests to one or more third parties. By choosing third parties with known misconfigurations in their networks and spoofing the requests to give the appearance that they were sent by the target, the third parties end up reflecting the data at the target, often in sizes that are tens, hundreds, or even thousands of times bigger than the original payload.

Some…

Source…

President calls for national strategy to meet conventional, cyber warfare challenges

/in


President calls for national strategy to meet conventional, cyber warfare challenges

President Dr Arif Alvi has called for outlining a national strategy securing the domains of both traditional and non-traditional security including cyber warfare. 

Addressing the inaugural session of a two-day conference on ‘Challenges and Opportunities Evolving Global Order’ in Islamabad on Wednesday, the President said the renewed world order demands sustainable conditions ensuring internal and external opportunities for all citizens for a prosperous future.

Source…