Latest news with #DEFCON
Business Wire
14 hours ago
- Business Wire
SafeBreach Labs to Showcase Original Research in Four Talks across Black Hat USA 2025 and DEF CON 33 Conferences
LAS VEGAS--(BUSINESS WIRE)-- SafeBreach, the leader in enterprise exposure validation, today announced that members of its SafeBreach Labs research team will present three pieces of groundbreaking original research across four sessions at the Black Hat USA 2025 and DEF CON 33 conferences in Las Vegas next week. This year's sessions further cement the reputation of the SafeBreach Labs team as recognized experts and thought leaders in cybersecurity research. Over the past seven years, team members have consistently earned speaking slots at both Black Hat USA and DEF CON simultaneously, while presenting more than 50 additional talks at conferences around the world. In addition, the SafeBreach Labs team has discovered 50+ zero-day vulnerabilities and been nominated twice for the Pwnie Awards for Most Innovative Research and Best Privilege Escalation. The team's research this year will demonstrate significant vulnerabilities in AI-powered workplace systems and Windows operating system components that impact enterprise security: Invitation Is All You Need! Invoking Gemini for Workspace Agents with a Simple Google Calendar Invite At Black Hat on Wednesday, August 6 at 4:20 pm PT At DEF CON on Sunday, August 10 at 10:00 am PT SafeBreach Security Research Team Lead Or Yair, cybersecurity expert Ben Nassi, and PhD Student Stav Cohen will present their discovery of a new variant of Promptware called Targeted Promptware Attacks that allows Gemini for Workspace agents to be hacked through simple Google Calendar invitations, revealing 15 different exploitations across Gemini's web interface, mobile application, and Google Assistant. The session will explain how attackers can generate toxic content, perform spamming and phishing, delete calendar events, control home appliances, video stream and geolocate victims, and more. Their findings indicate that more than 70% of identified Promptware risks are high/critical and require immediate mitigations. You Snooze, You Lose: RPC-Racer Winning RPC Endpoints against Services At DEF CON on Friday, August 8 at 2 pm PT SafeBreach Security Researcher Ron Ben Yizhak will present how he discovered the ability for unprivileged users to impersonate trusted RPC servers—and how SafeBreach's new RPC-Racer toolset identifies and exploits these vulnerabilities. From racing services at boot time to tricking high-integrity processes into trusting malicious fake servers, this session dives deep into manipulation of RPC clients and demonstrates the real-world risks. Win-DoS Epidemic: A crash course in abusing RPC for Win-DoS & Win-DDoS At DEF CON on Sunday, August 10 at 12:30 pm PT Building on original LDAPNightmare research released earlier this year, SafeBreach Security Research Team Lead Or Yair and Research Lead Shahak Morag will discuss how they exploited security gaps in Microsoft Windows RPC to develop a novel DDoS technique—dubbed Win-DDoS—that can harness the power of tens of thousands of public domain controllers around the world to create a malicious botnet with vast resources. The presentation will also demonstrate how they discovered four new DoS vulnerabilities along the way, with abilities ranging from crashing an individual domain controller to crashing any Windows computer within a domain. The presentation raises implications for enterprise resilience, risk modeling, and defense strategies, while providing new insights for OS-level hardening. "The SafeBreach Labs team has established a remarkable history of presenting original research at both Black Hat USA and DEF CON—this year is no different,' said Tomer Bar, VP of Security Research at SafeBreach. "The team's work reveals critical vulnerabilities across both AI-powered workplace systems and traditional Windows infrastructure, showcasing the critical need for organizations to continuously validate their security posture against emerging attack vectors. We're proud of the impact this research has not only in strengthening the SafeBreach exposure validation platform, but also in helping the broader security community understand and defend against these sophisticated threats." The SafeBreach exposure validation platform is utilized by some of the largest financial services, healthcare, manufacturing, and transportation organizations in the world to validate security control performance, identify gaps, and take remedial action to strengthen security posture and reduce overall business risk. SafeBreach maintains a 24-hour service-level agreement (SLA) to add new attacks to its Hacker's Playbook based on critical US-CERT and FBI Flash alerts, so customers can immediately test against the latest threats. With the industry's most advanced threat research team, SafeBreach is able to ensure its playbook boasts an unmatched collection of 30,000+ attacks. For more information about the sessions or to schedule a time to connect with SafeBreach experts at Black Hat USA 2025 on August 5-9 and DEF CON on August 7-10, stop by our booth #5416 or visit About Black Hat Founded in 1997, Black Hat is an internationally recognized cybersecurity event series providing the most technical and relevant information security research. Grown from a single annual conference to the most respected information security event series internationally, these multi-day events provide the security community with the latest cutting-edge research, developments, and trends. Today Black Hat Briefings and Trainings are held annually in the United States, Europe, and Asia, providing premier venues for elite security researchers and trainers to find their audience. About SafeBreach SafeBreach is the leader in enterprise-grade exposure validation, providing the world's largest brands with safe and scalable capabilities to understand, measure and remediate threat exposure and associated cyber risk. The award-winning SafeBreach exposure validation platform combines pioneering breach and attack simulation and innovative attack path validation capabilities to help enterprise security teams measure and address security gaps at the perimeter and beyond. Backed by a world-renowned original threat research team and world-class support, SafeBreach helps enterprises transform their security strategy from reactive to proactive safely and at scale. To learn more about how SafeBreach helps enterprises with end-to-end exposure visibility, visit
Daily Tribune
23-07-2025
- Business
- Daily Tribune
DEF CON Villages Debut
TDT | Manama Bahrain is set to become the region's new epicentre for cybersecurity innovation, with the third Arab International Cybersecurity Conference & Exhibition (AICS 2025) unveiling the launch of the Arab world's first DEF CON Villages. The announcement was made yesterday at a press conference held under the patronage of His Royal Highness Prince Salman bin Hamad Al Khalifa, the Crown Prince, Deputy Supreme Commander of the Armed Forces, and Prime Minister. The event, scheduled for 5 to 6 November at Exhibition World Bahrain, is organised for the third consecutive year by Faalyat. DEF CON Villages debut The National Cyber Security Centre (NCSC), in collaboration with DEF CON, one of the world's most iconic hacker communities, confirmed that the Villages will focus on artificial intelligence, space, cloud security, and industrial control systems. Interactive Demo Labs will accompany the Villages, offering hands-on tech experiences to researchers, startups, and students. H.E. Shaikh Salman bin Mohammed Al Khalifa, CEO of the NCSC, said the collaboration with DEF CON represented a leap forward in positioning Bahrain as a global cybersecurity hub. 'It's a platform to exchange global expertise, showcase innovation, and prepare the region for evolving cyber threats,' he said. Youth front and centre The event will include a youth empowerment programme, mentorship initiatives, and a Capture the Flag (CTF) cyber contest to spotlight local and international talent. The NCSC also announced a strategic partnership with the Bahrain Institute of Banking and Finance (BIBF) to deliver specialised training for emerging cybersecurity professionals. A new local community initiative, DEF CON Group Bahrain, was also launched to unite experts, students, and enthusiasts focused on defensive cybersecurity practices and digital resilience. Building cyber leadership More than 10,000 participants from 50 countries are expected to attend, alongside 100 international speakers and experts. The programme includes pavilions, technical workshops, cyber competitions, and a global tech exhibition. H.E. Shaikh Salman praised the ongoing collaboration with Faalyat, which continues to bring world-class stakeholder engagement and experiential design to the region's most prominent cyber event. The third edition of AICS builds on Bahrain's commitment to secure digital transformation and cyber innovation, reinforcing its vision to lead the Arab world in shaping future cyber ecosystems.
Biz Bahrain
23-07-2025
- Business
- Biz Bahrain
NCSC announces third edition of Arab International Cybersecurity Conference and Exhibition (AICS 2025)
On Tuesday morning, a press conference was held to announce the launch of the third edition of the Arab International Cybersecurity Conference and Exhibition (AICS 2025), under the patronage of His Royal Highness Prince Salman bin Hamad Al Khalifa, Crown Prince, Deputy Supreme Commander of the Armed Forces, and Prime Minister. The event is scheduled to take place from November 5 to 6 at the Bahrain International Exhibition Centre, officially organised by Faalyat, a leading company in international event management. The National Cyber Security Centre (NCSC) will host the third edition of the conference and exhibition in collaboration with the global DEF CON conference, one of the most prominent and specialised cybersecurity conferences worldwide. His Excellency Shaikh Salman bin Mohammed Al Khalifa, Chief Executive Officer of the NCSC, expressed pride in hosting the third edition of AICS under the patronage of His Royal Highness the Crown Prince, which reflects the Kingdom of Bahrain's continued commitment to consolidating its position as a leading global centre in the field of cybersecurity. HE emphasised that the partnership between the NCSC and DEF CON provides an opportunity for exchanging international expertise and establishing strategic partnerships, in addition to showcasing the latest solutions and technologies that play a pivotal role in enhancing cybersecurity readiness both regionally and internationally to address escalating and evolving cyber threats. HE also commended the ongoing cooperation with the official organising company, Faalyat, recognising its deep expertise in stakeholder engagement, strategic communications, and experiential design, which reflects a shared commitment to positioning Bahrain as a global leader in cybersecurity. The CEO pointed out that the previous two editions achieved remarkable success in terms of participation numbers and the diversity and richness of training workshops and panel discussions led by distinguished cybersecurity experts from the region and worldwide, reflecting growing regional and international confidence in Bahrain's ability to host and organise specialised international technology events. HE added that the third edition aligns with the NCSC's vision to enable secure digital transformation, foster innovation, develop future defence mechanisms against rising cyber threats, and strengthen regional and international cooperation to enhance Bahrain's cybersecurity ecosystem. During the press conference, a partnership agreement was signed between the National Cyber Security Centre and the global DEF CON conference, announcing the regional launch of the specialised DEF CON Villages focusing on artificial intelligence, space, cloud security, and industrial control systems, alongside interactive Demo Labs offering innovative technical and practical experiences. This initiative aims to provide researchers, students, and startups with opportunities to showcase their innovations and projects before a global group of experts in an engaging environment. Additionally, a cooperation agreement was signed between the NCSC and the Bahrain Institute of Banking and Finance (BIBF) to enhance efforts and collaboration in cybersecurity capacity building through specialised training programmes to prepare current and future national talents for the upcoming conference. The press conference also announced the formation of DEF CON Group Bahrain, a community bringing together leading experts, students, and those interested in digital safety and cyber resilience, focusing on discussing key defensive cybersecurity practices within Bahrain. It is expected that the third edition of AICS will attract over 10,000 participants from 50 countries to attend specialised panel discussions featuring more than 100 global cybersecurity experts. The event will also include international pavilions and youth empowerment programmes aimed at preparing the next generation of cybersecurity leaders through mentorship, training, and practical experience. The conference will include DEF CON Villages and interactive Demo Labs presented by distinguished cybersecurity experts from around the world, technical workshops, and training programmes tailored to the needs of professionals and institutions. Furthermore, it will feature a Capture the Flag (CTF) competition and other exciting cybersecurity contests designed to showcase local and international cybersecurity skills and talents. The event will also host a technology exhibition displaying the latest global solutions and innovations. BNA(R)
Politico
21-07-2025
- Business
- Politico
Time's running out on a key cyber info-sharing law
Driving the day — Despite widespread support from bipartisan members of Congress, the private sector and the Trump administration, the Cybersecurity and Information Sharing Act is in danger of expiring at the end of September. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! Another week closer to Black Hat and DEF CON. I'm excited to see many of you there! Drop me a line at dnickel@ if you want to connect at either conference — or if you have any Las Vegas recommendations for a first-timer like me. Follow POLITICO's cybersecurity team on X at @RosiePerper, @johnnysaks130, @delizanickel and @magmill95, or reach out via email or text for tips. You can also follow @POLITICOPro on X. Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories. CYBER POLICY EXPIRATION DATE INCOMING — Lawmakers have until Sept. 30 to reauthorize the Cybersecurity Information Sharing Act, a 10-year-old law that's been described as 'the most successful piece of cyber legislation' in the country. But despite widespread support from the Trump administration, the private sector and bipartisan members of Congress, the law often referred to as 'CISA 2015' faces an uncertain future as lawmakers stare down the start of the month-long August recess. As leaders in the private sectorurge lawmakers to renew it before it's too late, the ranking member of the House Homeland Security Committee expressed frustration at the slow movement. 'We have known for ten years the CISA 2015 would expire this September,' Rep. Bennie Thompson (D-Miss.) said in a statement Sunday. 'The time to begin discussing and circulating potential changes to CISA 2015 was six months ago, if not earlier.' — Conflicting priorities: The law, which incentivizes information-sharing on cyber threats between the private sector and the federal government through legal safeguards, saw ramped-up renewal efforts earlier this year in the private and public sectors. But in the House, Thompson said that former Rep. Mark Green (R-Tenn.) — the chair of the House Homeland Security Committee, who resigned from Congress earlier this month — did not prioritize renewing the cyber law. 'He held four markups and didn't see fit to include a CISA 2015 extension in any of them,' Thompson said. 'Instead, he has left us with fewer than 20 legislative days to get an extension out of Committee, through the House, and over to the Senate or, more likely, find a way to attach an extension to a [continuing resolution].' Across chambers, Senate Homeland Security Chair Rand Paul (R-Ky.) hasn't signaled that renewal is a priority. Maggie reported last month that Paul vowed to make sure the law's reauthorization includes a clause that would prevent disinformation work at the Cybersecurity and Infrastructure Security Agency. But Paul — who didn't support the legislation in 2015 — isn't among the senators who sponsored legislation to renew the law earlier this year. A spokesperson for Paul did not respond to a request for comment. — Legislative movement: In April, Sens. Mike Rounds (R-S.D.), the chair of the Senate Armed Services Committee's cyber panel, and Gary Peters (Mich.), the top Democrat on the Senate Homeland Security Committee, introduced a bill that would pass a clean reauthorization of the law. 'Allowing this authority to lapse would weaken our cybersecurity defenses and send the wrong message to foreign adversaries, cybercriminals, and hacktivists looking to exploit vulnerabilities,' Peters said in a statement Sunday. A spokesperson for Rounds did not respond to a request for comment. But momentum could pick up on the House Homeland Security Committee. With Green's resignation, cyber panel Chair Andrew Garbarino (R-N.Y.) threw his hat in the ring last week for full committee chairship. In a letter to colleagues laying out his priorities if selected as chair, he vowed to work with committee Democrats in the House and with his Senate counterparts to renew the law. 'This will remain a priority in the weeks and months ahead,' Garbarino said in a statement Friday, adding that he has held meetings with fellow lawmakers and industry experts to 'identify the best legislative vehicle to get it done.' — An industry without CISA 2015? As the clock runs down, industry leaders, including trade organizations and cybersecurity companies, warned your host that crucial information-sharing could be lost if the law is allowed to lapse. '[The law] remains one of the most effective methods for enabling real-time collaboration between the government and the private sector in the face of evolving cyber threats,' said James Hayes, senior vice president of global government affairs at cyber firm Tenable. He added that letting it lapse would be 'a step backward.' John Miller, senior vice president of the Information Technology Industry Council, told your host that the law is 'arguably the most successful cyber law we've ever passed in this country. And so to just let it lapse for no reason would just be unfortunate, to say the least.' On The Hill FIRST IN MC: CYBER HEALTH — Sen. Ron Wyden (D-Ore.) is urging the Trump administration to address gaps in cybersecurity in rural hospitals caused by Medicaid funding cuts in the One Big Beautiful Bill. In a letter sent on Friday and shared exclusively with your host, Wyden asked Health and Human Services Secretary Robert F. Kennedy, Jr. and Centers for Medicare and Medicaid Administrator Mehmet Oz about their plans to help hospitals protect themselves in cyberspace. 'As rural and small hospitals confront even lower operating margins due to Republican health care cuts, they will be less likely to prioritize spending on cybersecurity infrastructure,' Wyden wrote. Wyden also asked Kennedy and Oz if HHS and CMS plan to provide resources, such as grant funding, to small and rural hospitals to meet Cybersecurity Performance Goals — a voluntary guideline by HHS to help the health care sector bolster cybersecurity practices. At the Agencies PENTAGON DEALS UNDER REVIEW — The Defense Department is looking into cloud contracts amid a report from ProPublica last week that revealed that Microsoft has bypassed a Pentagon policy that bans foreign citizens from accessing highly sensitive data. Defense Secretary Pete Hegseth ordered the review on Friday in response to the investigation, which detailed Microsoft's use of Chinese engineers to work on U.S. military cloud computing systems under the supervision of American 'digital escorts' who have security clearances but often lacked the skills to determine whether the Chinese engineers' work posed a cybersecurity risk. On Friday, Microsoft spokesperson Frank Shaw said in a post on X that 'in response to concerns raised earlier this week,' the firm 'made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services.' SHAREPOINT VULNERABILITY — CISA is warning about an active exploitation of a remote code execution vulnerability impacting Microsoft's on-site SharePoint servers. The cyber agency issued an alert on Sunday, warning that the exploitation publicly known as 'ToolShell' provides unauthorized access to systems and enables hacker access to SharePoint content, like internal configurations and file systems. Chris Butera, CISA's acting executive assistant director for cybersecurity, said in a statement that the agency is working with Microsoft to inform potentially affected groups about mitigation efforts. Quick Bytes 'HONKERS' — WIRED's Kim Zetter breaks down how an early wave of Chinese hackers became the backbone of Beijing's espionage apparatus. YOU'RE BREAKING UP — Cellphone internet shutdowns — which officials say are necessary to foil Ukrainian drones — have hit dozens of Russian regions, writes Dasha Litvinova for the Associated Press. CYBER SCHOOL IN SESSION — a cyber workforce development group for K-12 students, is launching a new program in D.C. schools. Chat soon. Stay in touch with the whole team: Rosie Perper (rperper@ John Sakellariadis (jsakellariadis@ Maggie Miller (mmiller@ and Dana Nickel (dnickel@
Business Wire
16-07-2025
- Business
- Business Wire
Social Engineering Expert and Hacker Rachel Tobac to Deliver Keynote at CyberSheath's CMMC CON 2025
RESTON, Va.--(BUSINESS WIRE)--With federal contractors facing mandatory CMMC compliance deadlines and sophisticated social engineering attacks on the rise, defense industrial base (DIB) organizations need proven strategies to protect sensitive data from human-centered threats. CyberSheath, the largest CMMC managed service vendor in the DIB, will host its sixth annual free virtual conference, CMMC CON 2025: Compliance Blueprint – Plan. Execute. Certify., on Sept. 24-25, 2025. Rachel Tobac, renowned hacker and CEO of SocialProof Security, will deliver the keynote on the event's first day. She'll break down recent cyberattacks in the news and how to defend against the latest hacking methods, even when criminals are using AI. Her tales from the field and live hacking demonstrations throughout the presentation are sure to keep you and your team 'politely paranoid' to catch the next human hacker in the act. 'Rachel's hands-on experience exposing vulnerabilities through social engineering gives her a unique perspective on the threats our DIB contractors face daily,' said Eric Noonan, CEO of CyberSheath. 'Her ability to demonstrate how attackers exploit human psychology makes her the perfect speaker to help our attendees understand why CMMC compliance is so crucial and defend against these sophisticated tactics.' Tobac gained recognition in DEF CON's Social Engineering Competition, establishing her as a formidable expert in the field. As CEO of SocialProof Security, she helps organizations strengthen their security posture through targeted training and penetration testing focused on social engineering threats. Her cybersecurity expertise has been sought after at the highest levels of government. Tobac served on the CISA Technical Advisory Council under Director Jen Easterly, where she contributed to national cybersecurity initiatives. Beyond her professional achievements, Tobac serves as Chair of the Board for Women in Security and Privacy (WISP), where she works to advance women leaders in cybersecurity fields. CMMC CON 2025 will feature sessions from leading experts covering compliance strategies, threat mitigation, legal insights, and practical steps for achieving and maintaining CMMC certification. The two-day virtual event runs from 9 a.m. to 1 p.m. EDT each day, providing attendees with actionable insights to enhance their cybersecurity posture and meet Department of Defense requirements. Learn more about CMMC CON 2025 and register to join the two-day event. About CyberSheath Established in 2012, CyberSheath is one of the most experienced and trusted IT security services partners for the U.S. defense industrial base. From CMMC compliance to strategic security planning to managed security services, CyberSheath offers a comprehensive suite of offerings tailored to clients' information security and regulatory compliance needs. Learn more at
