Erez Yalon Head of Security Research Checkmarx Why nominated: Erez Yalon’s he has put his talents and tools he had previously
developed as an independent security researcher to work at Checkmarx to help
find vulnerabilities at wide range of websites. This includes Tinder where he
found security flaws could have allowed an attacker to monitor a user’s
interaction with the app and for discovering the widely publicized
vulnerabilities in Alexa that would have allowed an attacker to use the device
to spy on unsuspecting consumers.Profile: The past
year has seen Yalon lead his team through a series of investigations on devices
and services that uncovered a number of vulnerabilities that could have
impacted millions of people. This included potential issues with industrial
control systems through what it called NFCdrip, basically a way sensitive data
could be exfiltrated from airgapped systems through Near Field Communication technology as the team demonstrated
that NFC transmitters on Android phones could be used to access sensitive data
at distances much greater than the previously thought. Yalon’s team also looked
at the AEG Smart Scale and found the Bluetooth-enabled smart scale to determine
if it could be exploited by hackers; Lenovo’s Smart Watch which the team found
to have several flaws that would allow an attacker to: pinpoint users’
locations, engage in sniffing, execute man- in- the-middle attacks, take over
user accounts, initiate a Bluetooth pairing with unwilling users, spoof calls
to the watch, and set alarms; and found vulnerabilities in the Garmin and
TomTom GPS appsWhat colleagues say:“I worked closely with Erez for almost three years at Checkmarx. Erez is one of the most professional, proactive, results driven, people's person I have ever got to work with. Erez grew a small team of 2 application security experts into managing one of the company's leading and strongest groups focusing on security research, both inbound and outbound. I've personally learned a lot from Erez and I would definitely recommend him and hopefully will get a chance to work with him again.” Boris Kacevich, Product Manager at Microsoft
The product, which is now in beta for Rubrik Enterprise Edition and cloud customers, aims to address challenges associated with prolonged business outages during cyberattacks, reducing the traditional recovery timeline from days or weeks to moments.
The announcements focused on integrating core security functions like detection, investigation, and response with advanced risk management for business-critical applications and data.
The new features enable rapid threat detection, investigation, and resolution, helping organizations restore operations more quickly, according to the company.
