This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these template messages)
|
Marc Maiffret | |
---|---|
Born | |
Occupation | Computer hacker/security expert |
Employer | BeyondTrust |
Title | Chief Technology Officer |
Website | www www |
Marc Maiffret is the Chief Technology Officer at BeyondTrust, a security and compliance management company. Maiffret joined BeyondTrust by way of their acquisition of eEye Digital Security, which he co-founded in 1998 along with Firas Bushnaq. Maiffret created one of the first Vulnerability Management and Web Application Firewall products, which to date, have been deployed worldwide and won numerous product awards. Maiffret is credited with discovering some of the first major vulnerability discoveries in Microsoft software and leads BeyondTrust's Advanced Research Labs, responsible for identifying new trends in enterprise security for the benefit of the BeyondTrust product roadmap. Maiffret left eEye for a three-year period, during which he served as Chief Security Architect at FireEye. He returned to eEye in July 2010.
During his brief time away from eEye, Maiffret also founded Invenio Security, [1] which he eventually merged with veteran consulting firm The DigiTrust Group. At DigiTrust, Maiffret managed the company's Professional Services division, including network security consulting and managed security services. Maiffret is also responsible for helping expand the firm's internal research and development efforts.
Maiffret is known for running eEye's top security research team for nearly 10 years and at present, as well as discovering some critical Microsoft security vulnerabilities, such as Code Red. [2]
Maiffret has accepted three invitations to testify before the United States Congress on matters of national cybersecurity and critical security threats posed to both public and private infrastructures. [3] He was named one of People (magazine) Magazine's 30 People Under 30 and has been featured for cover stories in Details, the Los Angeles Times, Entrepreneur magazine, and USA Today in addition to numerous television appearances. Maiffret was featured in MTV's True Life: I'm a Hacker (October 1999). Marc was a guest speaker on episode 91 of Security Now, with Leo Laporte and Steve Gibson. Influential in his industry, Marc has spoken at a variety of conferences (including ISSA Los Angeles and InfoSec 2011) and has been featured in several publications including CNN, Fox News, Security Week, SC Magazine, PC World, and Computer World.
Marc was 'Chameleon' in the hacking group 'Rhino9'.
Marc was also known as 'sn1per' in the hacking group No|d.
On August 22, 2013, Yahoo News reported that Maiffret was prompting hackers to support in raising a $10,000 reward for Khalil Shreateh. On August 20, Maiffret stated that he had already raised $9,000 in his efforts, including the $2,000 he himself contributed. He and other hackers alike denounced Facebook for its actions. Maiffret said: "He is sitting there in Palestine doing this research on a five-year-old laptop that looks like it is half broken. It's something that might help him out in a big way." [4]
Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server. It was the first large scale, mixed threat attack to successfully target enterprise networks.
A grey hat is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent typical of a black hat hacker.
Comodo Security Solutions, Inc., also known as Sectigo, is a cybersecurity company headquartered in Bloomfield, New Jersey in the United States.
Sourcefire, Inc was a technology company that developed network security hardware and software. The company's Firepower network security appliances were based on Snort, an open-source intrusion detection system (IDS). Sourcefire was acquired by Cisco for $2.7 billion in July 2013.
A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.
Trellix is a privately held cybersecurity company founded in 2022. It has been involved in the detection and prevention of major cyber attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.
Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky, and Alexey De-Monderik; Eugene Kaspersky is currently the CEO. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.
BeyondTrust (formerly Symark) is an American company that develops, markets, and supports a family of privileged identity management / access management (PIM/PAM), privileged remote access, and vulnerability management products for UNIX, Linux, Windows and macOS operating systems.
Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, the company provides SaaS application security that integrates application analysis into development pipelines. Veracode provides multiple security analysis technologies on a single platform, including static analysis, dynamic analysis, and software composition analysis. The company serves over 2,500 customers worldwide and, as of February 2021, has assessed over 25 trillion lines of code.
DigiNotar was a Dutch certificate authority owned by VASCO Data Security International, Inc. On September 3, 2011, after it had become clear that a security breach had resulted in the fraudulent issuing of certificates, the Dutch government took over operational management of DigiNotar's systems. That same month, the company was declared bankrupt.
Trustwave Holdings is an American standalone business unit and cybersecurity brand of Singaporean telecommunications company Singtel Group Enterprise. It focuses on providing managed detection and response (MDR), managed security services (MSS), database security, and email security to organizations around the globe.
ImmuniWeb is a global application security company headquartered in Geneva, Switzerland. ImmuniWeb develops Machine Learning and AI technologies for SaaS-based application security solutions provided via its proprietary ImmuniWeb AI Platform.
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers. It was one of the first companies, along with Synack and Bugcrowd, to embrace and utilize crowd-sourced security and cybersecurity researchers as linchpins of its business model; it is the largest cybersecurity firm of its kind. As of May 2020, HackerOne's network had paid $100 million in bounties.
Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the bug bounty program at Microsoft and was directly involved in creating the U.S. Department of Defense's first bug bounty program for hackers. She previously served as Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California, and currently is the founder and CEO of Luta Security.
Alex Stamos is a Greek American computer scientist and adjunct professor at Stanford University's Center for International Security and Cooperation. He is the former chief security officer (CSO) at Facebook. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.
Rafay Baloch, is a Pakistani ethical hacker and security researcher known for his discovery of vulnerabilities on the Android operating system. He has been featured and known by both national and international media and publications like Forbes, BBC, The Wall Street Journal, and The Express Tribune. He has been listed among the "Top 5 Ethical Hackers of 2014" by CheckMarx. Subsequently he was listed as one of "The 15 Most Successful Ethical Hackers WorldWide" and among "Top 25 Threat Seekers" by SCmagazine. Baloch has also been added in TechJuice 25 under 25 list for the year 2016 and got 13th rank in the list of high achievers. Reflectiz, a cyber security company, released the list of "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021" recognizing Rafay Baloch as the top influencer. On 23 March 2022, ISPR recognized Rafay Baloch's contribution in the field of Cyber Security with Pride for Pakistan award.
Charming Kitten is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.
In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.
A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).