Connect with us

Black Hat MEA

Cybersecurity Experts Warn “Everything is Vulnerable” to Hackers



As the world becomes increasingly reliant on the Internet of Things (IoT) and digital services, so too must step be taken to minimize the vulnerabilities that allow hackers to take advantage, visitors to day two of Black Hat MEA were told. The world is rapidly shifting towards a digital future as everything from banking to health services, agriculture and vehicles become more reliant on the Cloud and other IoT services. This brings a variety of benefits including convenience, flexibility, and ease of use. However, this also provides cybercriminals with far more vulnerabilities they can exploit to steal sensitive data, commit fraud, and more.

The second day of Black Hat MEA took the attendance since the start of the event to 20,000 and saw experts highlight threats while providing solutions that can be implemented to protect organizations and individuals from harm. Dr. Alissa ‘Dr. Jay’ Abdullah, Deputy Chief Security Officer at Mastercard highlighted the key areas of risk during a session related to mitigating cyber risks, focusing on technology, tactics, and talent. She mentioned, “Evolution is key, and we need to keep up with the pace of technology and evolve our infrastructure.” She also noted key tactics used by adversaries such as MFA (Multi-factor authentication) fatigue and the mimicking of user voice patterns, while highlighting the importance of upscaling talent, to build a more robust organization.

Caleb Sima, Chief Security Officer, Robinhood, hosted a session titled ‘Assume Breach’, with a key focus on a company’s crown jewels and how to protect them from hacking threats. “Crown jewels are anything that an attacker can take with them, including customer or employee data, tokens, and keys or even systems to modify financial transactions without repercussions.” He highlighted that much like our physical health; safety hygiene is key for any company.

During a panel discussion focused on the global laws related to the regulation, collection, use, retention, and disposal of personal information, Zaki Abbas, Chief Information Security Officer, Brookfield Asset Management said: “While it’s not exciting, data regulations play an important part and helps security programs mature. 70 percent of the world has some sort of data security regulation or legislation implemented.” Vikas Yadav, Chief Security Officer, Nyka, continued: “On a global scale a unified framework for compliance and fundamentals of privacy is the key to data protection. However, it should be implemented with customer trust at the heart of it all.” The panel also included Flavio Aggio, and Jon Staniforth, the Chief Information Security Officers of the World Health Organization (WHO) and Royal Mail respectively, and was moderated by Jaya Baloo, Chief Information Security Officer of Avast.

Taking a unique spin on things, Chris Roberts, Chief Information Security Officer, Boom Supersonic, showcased how connected livestock management and tracking platforms can be hijacked, referring to a previous experiment he had conducted. The session showed how data can be manipulated on platforms that use GPS trackers to show a completely different location, which in this case ‘relocated’ the camels from Riyadh’s deserts to snow-capped regions in Mongolia. “Our digital and physical worlds are colliding, and what you see isn’t always what you get. It is important to have a physical presence and not always depend on the digital,” said Roberts.

During the event, hacking experts showcased vulnerabilities in today’s connected environment where we are surrounded by connected devices including electric cars such as a Tesla. The demonstration showed that is possible to exploit system vulnerabilities where the car’s functions could be controlled remotely including lights, doors, and even the onboard infotainment systems. The three-day conference concludes on 17 November at the Riyadh Front Exhibition Center and features more than 250 exhibitors and over 200 speakers this year. It features international tech giants such as Cisco, IBM, Spire, Infoblox, and others that have a significant presence showcasing new technology and services.

The event was organized as part of a strategic partnership between Informa Markets, the largest events company in the world, and the Saudi Federation for Cybersecurity, Programming and Drones (SAFCSP) to highlight the Kingdom’s investments and growth in cybersecurity and the digital space.

Black Hat MEA

SentinelOne to Exhibit Autonomous XDR Cybersecurity Platform and Identity Protection Solution at Black Hat MEA



SentinelOne will highlight its autonomous extended detection and response (XDR) platform, and identity and credential protection solutions, through its second participation at Black Hat MEA (Middle East and Africa), one of the largest infosec events in the world. Having participated at the Riyadh-based exhibition once before, and identifying a growing appetite for technology in the region, the company is returning in an upgraded capacity, as a Silver Sponsor of the event. SentinelOne has several goals for the three-day event, which includes engaging with regional channel partners and potential customers, as part of its regional growth aspirations.

Black Hat MEA will take place in Riyadh, Saudi Arabia from 15-17 November 2022, and has an extensive conference and workshop agenda. As part of its participation, Tamer Odeh, Regional Sales Director at SentinelOne will give a presentation on ‘The Importance of Identity Security Modernization’ at 13:55 on Tuesday, 15 November. He will be joined by Milad Aslaner, Head of Technology Advisory Group, SentinelOne, who will present on three topics: ‘Scaling SOC and IR Teams to Defend Kubernetes Based Workloads’ at 18:10 on Tuesday, 15 November; ‘Supply Chain Attacks are the New High Watermark’ at 14:20 on Wednesday, 16 November and, ‘Takedown 365- Using Microsoft 365 for Defense Evasion and Lateral Movements’ at 13:55 on Thursday, 17 November.

“Black Hat MEA has become a keystone infosec event within the region and globally, and we are excited to confirm our participation once again and look forward to demonstrating our market-leading Singularity XDR and Singularity for Identity autonomous cybersecurity solutions. As the global threat landscape evolves unabated, powerful enterprise-focused cybersecurity solutions such as what we offer are an absolute must – they offer autonomous, comprehensive, and responsive protection that can protect firms from security breaches and the potential business-ending damage they can cause,” explained Tamer Odeh, Regional Sales Director, SentinelOne.

“Over the last few years, governments and companies across the Middle East have increasingly been discussing and investing in digital transformation, as a way to better serve customers, find new efficiencies and boost profitability. Data from a recent IDC study revealed that digital transformation spending across the Middle East, Turkey, and Africa (META) will top $58 billion in 2025 and account for 40% of all ICT investments made that year,” the company said.

“While digital transformation has already proven a worthwhile investment in a number of scenarios across the globe, it comes with challenges as both governments and businesses also then become potential targets by global threat actors. This means the need for proven cybersecurity solutions has become a critical item on the agenda for technology adopters who are just beginning their digital journeys, as well as those who have already been reaping the benefits of technology,” the company added,

“As technology permeates every corner of an enterprise, it’s vital that cybersecurity solutions also boast the ability to see across the entire enterprise and offer efficient and effective protection, as well as an automated response across the connected security ecosystem. SentinelOne’s Singularity XDR was designed to respond to these requirements comprehensively; it can autonomously supercharge, fortify, automate and extend protection from the endpoint to beyond, with unfettered visibility, proven protection, and industry-leading responsiveness,” the company added.

SentinelOne says its engineers designed the Singularity XDR solution to be better, faster, and more autonomous; this has set the solution apart as a comprehensively better approach to cybersecurity when compared to traditional approaches. In addition, the class-leading cybersecurity solution was designed keeping the security analyst experience in mind from the start, which means it actually empowers users with richer data, smarter workflows, and powerful tools at every step of the threat lifecycle.

“Taking into account that identity-based infrastructure has become a core function of scaling business, ‘identity’ cybersecurity has also become a critical part of the cybersecurity mix in recent years. In fact, cybersecurity experts are increasingly warning that this surface has become a primary attack vector for threat actors, with weaknesses and misuse of Active Directory playing a significant part in recent, highly-disruptive ransomware attacks. It’s therefore vital that organizations take a holistic approach to securing their identity layer,” the company said.

“Designed expressly for this purpose, SentinelOne’s proven Singularity for Identity solution can: prevent attack opportunities by closing the gaps in Active Directory and Azure AD that attackers frequently exploit; prevent attack progression by finding and misdirecting covert actors aiming to steal credentials; build resilience by ascertaining insights and intelligence from attempted attacks to prevent repeated compromises,” the company added.

“SentinelOne is keen to expand in the Middle East in step with growing digital transformation investments by government and business entities. We look forward to connecting with existing partners and widening our reach through new customers through our time at Black Hat MEA, and remain eager to continue protecting regional players from old and new threats,” Odeh added.

Continue Reading

Black Hat MEA

AmiViz and CyberME Studio Showcase KSA-Developed Cybersecurity Solutions at Black Hat MEA



AmiViz has announced today that it has entered into a strategic alliance with Saudi Arabia-based CyberME Studio, an independently operating Venture Studio focusing on identifying, investing, nurturing, launching, and promoting Saudi-based start-ups purely focused on cybersecurity solutions. Both companies are exhibiting together at Black Hat MEA in Riyadh from 15th to 17th November 2022. At the show, AmiViz is representing CyberME Studio and its associate companies; Cognna, Kensa, and 2FAST at Black Hat.

Black Hat MEA is one the largest and most iconic cybersecurity events in the world that brings together global CISOs from front page companies, elite ethical hackers, more Black Hat trainers than anywhere except Vegas, and thousands of visitors. The festive vibe and amazing design of the event have set a new standard for the infosec community.

Ilyas Mohamed, COO for AmiViz said, “CyberME Studio is doing an amazing job, and the start-ups under its fold have developed world-class cybersecurity solutions. We are extremely glad to represent their portfolio and showcase their solutions at Black Hat. CyberME Studio is a one-of-a-kind venture in Saudi Arabia that is focused on developing technology in the cybersecurity space to address the challenges that customers face in today’s era. Out of our large portfolio, this is our first partnership representing Saudi home-grown cybersecurity technology.”

CyberME Studio is on a mission to place Saudi Arabia among the league of a nation that can launch homegrown cybersecurity companies to serve customers across the globe and cater to the US$ 300 billion cybersecurity market worldwide. In line with this endeavour the company was able to successfully launch various new start-ups including Cognna, Kensa, and 2FAST in the past year.

CyberME Studio has been promoting these companies at various forums and exhibitions. The company has been part of LEAP 2021, @hack 2021, and Global Entrepreneurship Congress 2022. And, now with a strategic partnership with AmiViz, CyberME Studio has opted to participate in Black Hat 2022 in Riyadh with AmiViz.

Expressing his delight about the partnership with AmiViz and participation at Black Hat, Abdulrahman Bajaber, CEO at CyberME Studio said, “We are ecstatic with the performance of all these three start-ups, which focus on a different niche within the cybersecurity domain and provide solutions that help enterprises to enhance their security posture and shield themselves against advanced cyber-attacks. We are proud at CyberME to bring the best in people to establish a new industry and take it out to the world!”

ind the adversaries that traditional cybersecurity misses and defeat the threats they can’t see with a powerful cognitive detection and response platform. Cognna enables businesses to stop every threat without expending every resource, by combining human intuition, machine intelligence, and AI assistance for cognitive detection and response that evolves ahead of threats.

Cognna’s advanced compromise assessments include both Yara and Sigma scanning to detect malicious activity signatures and the behavioral patterns of an adversary. With cognitive threat detection, businesses can focus on the advanced persistent threats that plague their specific industry and region, knowing what’s ahead for them and protecting against evolving threats.

As application development gets more complex –with shorter timelines, new compliance regulations, and an evolving threat landscape, Kensa is the partner that can cut through complexity and give you a competitive edge. Kensa helps you develop security as your competitive edge –with mobile app security testing that finds more, helps you resolve vulnerabilities faster, and is hosted locally and tailored to the MENA threat landscape.

Kensa’s expertise in comprehensive security testing and in the unique challenges of the MENA market enables you to both meet regulations and use security as a competitive advantage. Develop security as your competitive edge and stand out in secure app development.

2Fast streamlines authentication and authorization with centralized IAM and one-step login for fast, flexible, frictionless security that’s easier on the enterprise and more enjoyable for the user. Experience seamless security with passwordless authentication and single sign-on options for every user. Find the security of flexibility with agile IAM that grows with your business and easily integrates with existing applications.

Elevate your security standards without impacting usability for internal teams and customers. Gain a deeper understanding of your organization with insights into user trends and robust modules to manage data privacy permissions. Go beyond the SSO with comprehensive IAM that powers greater possibilities for the evolving enterprise.

Continue Reading

Black Hat MEA

Mimecast Highlights Cyber Risks for Regional Companies at Black Hat MEA



Mimecast, an email and collaboration security company, has highlighted key cyber risks for Middle Eastern organisations ahead of Black Hat Middle East & Africa, taking place at the Riyadh Front Exhibition Centre from 15 to 17 November. The rapid increase in the usage of digital communication channels and the adoption of hybrid work models have expanded the attack surface for organisations, creating new security risks for people and data.

According to Werno Gevers, a cybersecurity expert at Mimecast, organisations in Saudi Arabia should ensure they have tools and processes in place to protect against email-related phishing and ransomware attacks in particular. “Phishing attacks are likely to continuously evolve as the low cost and high return on investment creates an attractive proposition for threat actors. An emerging threat in this respect is new starter phishing, where new starts announce their new jobs on LinkedIn and then receive fake welcome emails from supposed senior executives, or get directed to a false company onboarding portal. Threat actors then use this for credential harvesting or account takeover.”

Mimecast’s State of Email Security 2022 report found that 90% of companies in Saudi Arabia have been the target of an email-related phishing attempt. In addition, 60% of companies were hit by a ransomware attack, although Saudi Arabia is setting an example with only five days of downtime on average compared to a global average of over seven days. “Our latest State of Ransomware Readiness report found that 36% of global organisations have experienced a loss in revenue due to a ransomware attack in the last twelve months,” says Gevers. “Companies must implement proactive measures such as the use of artificial intelligence and integrating security tools to reduce their vulnerability and limit the frequency of successful ransomware attacks.”

To safeguard data and ensure employees can work protected, organisations in the region are advised to implement tools and policies to secure their workplace environment, wherever work may happen. In August, Mimecast unveiled the X1 Platform, the foundation of the Mimecast Product Suite that is built to drive industry-leading detection capabilities, deliver reliability, resilience, and scale, and transform data into insights that turn email and collaboration security into the eyes and ears of organisations worldwide.

“In light of the sheer breadth and scale of the cyber threats facing organisations, integrated cyber resilience solutions can protect organisations at speed and scale,” says Gevers. “In today’s fast-paced business environment, organisations need the ability to reduce risk, accelerate performance and drive collaboration. This is only possible if organisations can mitigate threats across their email, web, and cloud environments, gain real-time zero-trust data protection capabilities, access improved threat intelligence, and gain full control and visibility over the threats they face.”

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.