Name: Vulnerability Hunting in a Third-Party Plugin in Adobe Acrobat Through Fuzzing
Start: 2023-07-12T09:00:00Z
End: 2023-07-12T09:00:54.000Z
Location: BrightTALK

Traditional firewalls, VPNs, and public point solutions for data security are failing in the AI era, because they expand your attack surface and allow lateral threat movement. The Zero Trust Exchange delivers a new approach that eliminates the concept of implicit trust, operating on the principle: Never trust, always verify. It delivers zero trust architecture as a service from a resilient, cloud-native AI cybersecurity platform. Acting as an intelligent switchboard to enable Zero Trust Everywhere, it provides secure, any-to-any, zero trust communication that uses business policies, not networks, for all of your workforces, branches, and clouds. The platform, built upon the Zero Trust Architecture and AI foundation, provides five integrated solutions: Cyberthreat Protection, Data Security, Zero Trust Branch and Cloud, and Security Operations.

Building a robust data security strategy capable of addressing today’s threats—and preparing for future challenges—doesn’t have to be complex. However, it requires a forward-thinking approach. With risks from AI, cloud, and mobility evolving faster than ever, now is the time to embrace a future-ready strategy built on key pillars that ensure smarter, stronger data security.

In this webinar, discover how to leverage cutting-edge solutions, including AI-driven LLM classification, proactive DSPM practices, and scalable inline proxy platforms, to stay ahead of emerging threats.

Here’s what you’ll learn:

1. How AI-driven LLM classification is revolutionizing data discovery
2. Why DSPM offers the proactive approach necessary to mitigate risky gaps
3. The critical role of an inline proxy in delivering scalable, effective security
4. Actionable steps you can implement today to significantly enhance your data protection

The 3 Pillars of Data Defense: Classify, Mitigate & Defend

Organizations everywhere are automating zero trust with OneAPI, a single programming interface for the entire Zscaler platform. And with OneAPI’s new capabilities for retrieving Zscaler analytics data, the possibilities are infinite. 

Now, practitioners can programmatically pull Zscaler data into custom widgets and third-party dashboards—without manually logging into Zscaler. Additionally, organizations can ensure their data is easy to secure, access, and work with through role-based access control (RBAC), query caching, and built-in data transformation functionality.

Join this webinar to see:

1. A live demo that shows what it’s like to use OneAPI
2. How to query analytics data programmatically based on your unique business needs
3. The way Zscaler automates data access, ingestion, and reporting without UI-based workflows
4. How you can save time and effort by integrating Zscaler insights into third-party dashboards

Zero Trust Automation: Streamlining Reporting with Zscaler OneAPI

Zscaler Internet Access (ZIA) forms the backbone of your cybersecurity defenses, blocking known threats and enforcing policies. But attackers now exploit trusted services like Azure Blob Storage, Cloudflare R2, Slack, and GitHub to blend malicious traffic with legitimate activity—bypassing traditional defenses. It’s not about failing tools; it’s about evolving attacker tactics.

Join our webinar to learn how to stay ahead of advanced threats with real-time threat hunting and Zscaler’s Zero Trust Exchange.

The Zscaler Threat Hunting Team will explore how to:

1. Uncover sophisticated LOTS (Living Off of Trusted Sites) attacks
2. Stop threats earlier by analyzing internet-bound traffic in real time
3. Reduce alert fatigue with actionable intelligence and guidance

The Art of Threat Hunting: Exposing Advanced Threats Before They Strike

Traditional security approaches based on firewalls and VPNs can no longer withstand today's sophisticated cyber threats or support agile productivity demands. To protect against these challenges, organizations must move away from outdated, perimeter-based methods and embrace a seamless and robust workplace security strategy. Enter Zero Trust - a framework built to secure hybrid environments while enabling effortless access for global teams.

In this webinar, we'll demystify the essentials of Zero Trust principles and reveal how Zscaler applies these principles internally to protect employees working across diverse locations. Discover actionable strategies for implementing Zero Trust to safeguard your hybrid workforce while optimizing productivity.

Key takeaways include:

1. Implementing Zero Trust principles for hybrid work environments
2. Tips to minimize business risk and improve employee productivity
3. Gaining operational insights from Zscaler's internal Zero Trust journey

Don't wait to modernize your security for the era of distributed work. Join this session for the clarity and confidence to implement Zero Trust strategies tailored to your organization's needs.

This webinar is essential for leaders who are ready to effectively secure hybrid workplaces, enable productivity gains, and embrace the flexibility of a modern Zero Trust model.

Zero Trust for Users Masterclass: Building the Secure Hybrid Workforce

Wait, what? Zscaler does exposure management? Yup! Join us for an in-depth exploration of Zscaler’s Exposure Management platform and see firsthand how our proactive security solutions seamlessly work together to reduce risk. 

Discover how customers are using these tools to uncover exposures, prioritize risks, and operationalize remediations. Experience it all in action during an interactive demo and get your questions answered by exposure management experts.

This session is for you if your team needs to:

- Ensure you have a comprehensive, accurate, and context-rich asset inventory
- Bring together exposures and findings from siloed security tools into one correlated, deduplicated view
- Identify your biggest exposures with contextual and customizable insights into your risk factors and mitigating controls
- Estimate financial losses and map risks to compliance frameworks to accelerate risk reduction
- Surface unprecedented risk insights—whether you’re a Zscaler customer or not

Watch now to see how our latest offering can help you identify and address critical security gaps in your environment.

Proactive Security in a Zero Trust

Manufacturing companies are now more connected than ever, with employees, contractors, suppliers, and cloud platforms. However, each new connection introduces additional vulnerabilities. Traditional firewalls and perimeter-based defenses can no longer ensure secure access.

Join us for a discussion on how Zero Trust principles can protect your workforce, partners, and production lines,without compromising factory uptime.

During this session, we’ll show you how to:

1. Create a robust roadmap for implementing Zero Trust across IT and OT environments.
2. Secure critical applications, such as MES or SAP systems, hosted in the cloud
3. Mitigate the impact of ransomware attacks, particularly within production environments
4. Deliver safe and reliable access for your extended workforce, including vendors and contractors

Zero Trust for Manufacturing: Protecting People, Partners, and Production Lines

Branch offices are evolving into dynamic, experience-focused spaces resembling cafés—designed for collaboration, productivity, and flexibility. CIOs are rethinking the branch model to meet the modern workforce's demands; seamless connectivity, uncompromised security, and exceptional user experience. Legacy network architectures—reliant on MPLS, SD-WAN, firewalls, and centralized data centers—often cause delays, poor app performance, and a subpar employee experience that no longer supports today’s agile business needs.

A café-like branch strategy transforms how IT leaders connect and secure branches. By adopting a direct-to-cloud architecture powered by zero trust principles, CIOs are not only achieving cost savings but also improving the user experience and reducing the risk of cyberthreats such as ransomware.

Watch this webinar to learn how to adopt a café-like branch strategy to redefine productivity and security for the modern workforce. 

Explore:
The shift to agile, cafe-like branches: Insights into why static, network-centric branch architectures are being replaced with flexible, user and device-centric models.
The role of zero trust: Explore how zero trust ensures secure and direct access to cloud apps without compromising on security.
Cost and complexity reduction: See how cafe-like branches eliminate the need for complex legacy technologies such as firewalls, NAC and expensive proprietary switches.
Real-life success stories: Learn how leading enterprises are embracing café-like branches to enhance employee satisfaction and boost productivity.

Why CIOs are Adopting a Cafe-like Branch Strategy

Today’s IT and Cybersecurity professionals are sharply focused on keeping their organizations flexible, adaptable, responsive, and resilient — but what about your personal resilience?

Organizational resilience is challenging enough, given today’s technology trends that include:

A diverse user base (employees, partners, suppliers, and customers), which for most is remote/hybrid
Fast, secure, and compliant access to cloud-based applications and data from anywhere, on any device
Expectations for great digital experiences, with business continuity as a top priority
Personal resilience for tech pros mustn’t be overlooked. Organizational resilience is our end goal, but tech pros with personal resilience are how we get there.

In this informative webinar, join Derek Brink from Aberdeen Strategy & Research and Kevin Schwarz from Zscaler in their engaging conversation about complimenting your enabling “technologies” with best practices in “people and process” that will strengthen personal resilience for yourself and your team.

Resilience Redefined: Prioritizing People in a Tech-Driven World

La direttiva NIS 2 è entrata in vigore. Un ampio bacino di aziende, dunque, è obbligato a implementare opportune misure per la gestione del rischio associato alla sicurezza informatica. Molte di esse sono coscienti del fatto che l’obbligo di adeguarsi e raggiungere la conformità non debba essere percepito come una minaccia ma, piuttosto, come un’importante opportunità di crescita. Ci sono, infatti, una serie di vantaggi che vanno ben oltre la prevenzione degli attacchi informatici: tra questi, riduzione dei costi, aumento della competitività, garanzia di continuità aziendale e migliore reputazione dei clienti. Tuttavia, pur volendo adeguarsi alla NIS 2 e coglierne i benefici, molte aziende sperimentano difficoltà.

Il webinar è rivolto proprio alle organizzazioni che hanno bisogno di un aiuto nell’implementazione delle misure previste dalla NIS 2 e che, per farlo, necessitano di un provider di servizi di sicurezza informatica capace di offrire, al tempo stesso, la consulenza strategica e le soluzioni operative e tecnologiche (piattaforme cloud native) per implementare un'architettura basata sul modello di sicurezza zero trust.

Questi alcuni dei temi che saranno affrontati:

Cosa devono fare le imprese per essere conformi alla NIS 2: impatti e responsabilità;
Non solo obblighi e sanzioni: perché adeguarsi alla NIS 2 è innanzitutto un’opportunità;
Cos’è il modello di sicurezza zero trust e quali vantaggi offre;
Strategie, piattaforme e soluzioni operative per implementare le misure previste dalla NIS 2.

NIS 2: Strategie e soluzioni operative - Webinar su implicazioni e adempimenti per aziende e professionisti

Your infosec and SOC colleagues are facing the threats and preventing the outages.

As they work towards ensuring organisational resiliency, what can infosec leaders do to help build resilient mindsets? How can your organisation foster a culture of resiliency, ensuring teams and people are prepared and empowered to handle cyber incidents and failures?

In this episode of teissTalk with Christoph Schuhwerk, CISO in Residence – EMEA, we’ll explore:

1. Analysing how your teams cope with a cyber incident or a failure scenario
2. Learning from crises - building resilience strategies to mitigate future incidents
3. Building a cyber resilient mindset within your infosec team and in the wider organisation

Join this episode as we discuss learning from crises to improve organisational cyber resilience, and a resilient mindset.

Teiss Talk: Building resilient infosec teams

The inevitability of a “failure scenario” involving a cyber-attack means the spotlight is falling on your cyber-resilience strategy.

Is your cyber resilience strategy ready to play the leading role in protecting your organisation, or is there a gap between confidence and effectiveness?

In this episode of teissTalk in association with Zscaler, Industry leader Thom Langford and James Tucker, Head of CISOs in Residence – EMEA, explores:

1. Identifying and removing barriers to cyber resilience
2. Reducing complexity - consolidating and eliminating legacy systems
3. Building a cyber-resilient organisation - moving from a reactive to a proactive model

Watch this episode as we explore how you can make your organisation truly cyber-resilient by design.

Teiss Talk: Why Resilient by Design is the next cyber-security imperative

The accelerating pace of cyberattacks—leveraging encrypted communication channels and generative AI—has rendered traditional security measures ineffective against the evolving threat landscape. To stay ahead, organizations must adopt a forward-thinking approach to web security. Join us for a webinar where we’ll delve into the transformative benefits of deploying a cloud-native secure web gateway (SWG) as part of your Security Service Edge (SSE) strategy, leveraging Zscaler’s pioneering innovations in zero trust and cloud security.

Featuring real-world insights from a compelling customer case study, we’ll discuss how Zscaler’s cloud-native, zero trust architecture-based SWG solution enables organizations to deliver seamless, scalable security for users, workloads, and IoT/OT devices – all while laying the groundwork for future advancements in SSE and zero trust.

Key Takeaways:

1. The limitations of traditional security strategies in defending against today’s sophisticated cyber threats. Discover why legacy solutions fall short and how adopting a cloud-native SWG revolutionizes web security.
2. Critical distinctions between cloud-native and legacy SWG models. Understand what sets a fully cloud-native SWG apart and why organizations are embracing cloud-first strategies
3. The integral role of Zscaler SWG in SSE and zero trust strategies. Explore how the Zscaler Zero Trust Exchange simplifies zero-trust adoption while safeguarding users, workloads, and IoT/OT devices
4. Customer success in action. Learn how a prominent organization enhanced security performance and aligned its cybersecurity goals with digital transformation initiatives by deploying Zscaler SWG

Future-Ready Web Security: The Power of Zscaler SWG in Your SSE Strategy

Looking to deliver faster issue resolutions or reduce troubleshooting times by 99.7%? With Zscaler Digital Experience (ZDX) Network Intelligence, you can detect ISP-related incidents in just five minutes and quickly resolve them by rerouting users to avoid problematic ISPs. As part of the Zscaler Zero Trust Exchange, ZDX provides full end-to-end visibility for all users, across any device and location. With 160+ globally distributed Zscaler data centers, finding a healthy path around provider disruptions is simple.

In this session, we’ll explore the recent Red Sea cable cut that caused widespread ISP disruptions and how ZDX Network Intelligence proactively detected the issue six hours before it was publicly announced. We’ll highlight our new Peer Insights capability, which provides powerful real‑time crowd context to validate ISP incident triage.

You’ll learn how to:

1. Reduce the time to detect problematic ISP issues by 99.7%
2. Quickly identify ISP issues across dozens of customer environments with the Network Intelligence Dashboard
3. Reroute impacted users to the best alternate Zscaler data center, bypassing ISP issues fast

3 Steps to Reroute Around ISP Trouble, Fast

Bad actors are escalating sophisticated attacks, leveraging tools like Generative AI and compromising identities for undetected lateral movement and privilege escalation. To prevent breaches, organizations must strengthen defenses across the entire cyber kill chain.


Learn how deception technology disrupts attackers at every phase. See real-world examples demonstrating how decoys—mimicking networks, endpoints, Active Directory, and cloud assets—are critical for stopping attacks.

Join this on-demand webinar to learn how to:

1. Trap Attackers Early: Identify and capture attackers during reconnaissance using realistic decoys
2. Prevent Malicious Activity: Thwart malware delivery and installation with endpoint and network decoys
3. Stop Lateral Movement: Block command-and-control (CnC) and lateral movement within your environment
4. Reveal Intent: Gain insight into attacker intent and block their activities at the earliest stages

Seize this opportunity to understand how deception enhances security, proactively disrupts attacks, and delivers high-fidelity threat intelligence.

Disrupting the Cyber Kill Chain: Stop Attackers in Their Tracks

The Client Connector endpoint agent is the key Zscaler technology powering security for end users. With its Windows v4.8 release, Client Connector will introduce Location-Based Policy to intelligently secure traffic based on device networks.

With the release, organizations can protect their endpoints by minimizing their attack surfaces and enhancing DNS privacy and data security—while simultaneously reducing policy management overhead.

Join this webinar to gain deep insights into:

1. The necessity of granular traffic steering for DNS queries, app-based bypasses, and destination IP inclusions/exclusions
2. Zscaler Client Connector’s new ability to automatically manage inbound and outbound host firewall rules
3. How streamlined ease of use reduces complexity and administrative burden, saving customers time and money

What’s New in Client Connector: Location-Based Policy

Zscaler recently announced the acquisition of innovative AI security pioneer SPLX, extending our Zero Trust Exchange with shift-left AI asset discovery, automated red teaming and governance. These new solutions enable organizations to accelerate the safe deployment of AI chatbots and applications, and stay competitive in the market.

LLMs are rapidly transforming how we work and innovate, but they also unleash a new generation of complex and often hidden security risks. Traditional approaches, such as manual red teaming, are inadequate for today’s dynamic AI systems. Automated approaches are needed for threat detection, remediation and governance across the entire AI lifecycle.

Zscaler’s Secure AI solution helps organizations:

1. Discover AI Assets and Assess Risks
2. Automate AI Red Teaming and Remediation
3. Enforce Runtime Guardrails
4. Govern AI Systems and Ensure Compliance

Zscaler Expands Platform for Secure AI with New Acquisition

As AI adoption accelerates, security and IT leaders face the critical challenge of securing a complex ecosystem that spans public GenAI applications, private models, and intelligent agents. This rapid adoption has outpaced traditional security frameworks. A recent study revealed that 63% of breached organizations either lacked or were still developing an AI security and governance policy. This significant gap underscores an urgent need for robust strategies to ensure AI is not only scalable and efficient but also inherently safe and secure.

Join our experts for an insightful webinar to explore the critical steps organizations must take to secure their AI transformation journey. We’ll guide you through building a resilient AI security foundation, equipping you with the knowledge to protect your data in an increasingly AI-driven world.

In this session, you will learn:

1. Emerging AI Trends: Understand the pressing security challenges and risks shaping the future of AI
2. Building a Robust AI Security Foundation: Discover strategies for responsible and secure AI adoption
3. A Comprehensive AI Security Checklist: Practical, actionable checklist to strengthen your AI security posture

AI Readiness: Your Checklist to Secure AI

Zero Firewalls and Zero Complexity with Zero Trust Cloud:

1. Secure Devin AI environment: Apply a true Zero Trust approach to protect your AI and developer environments.
2. Unify Multi-Cloud Security: Seamlessly connect and secure workloads with a single policy across AWS, Azure, and GCP.
3. Accelerate Cloud Migration: Confidently lift and shift mission-critical applications like SAP to the public cloud.
4. Stop Lateral Threat Movement: Shield your most critical apps from breaches with powerful, identity-based microsegmentation.
5. Prevent Breach Propagation: Implement comprehensive segmentation that extends from cloud-to-cloud and region-to-region, all the way down to individual processes.

New Innovations in Zero Trust Cloud

In today’s cybersecurity landscape, zero-day vulnerabilities pose significant threats to software applications, and their discovery is crucial for effective mitigations. Join us in this webinar as we will share our journey in uncovering vulnerabilities in Adobe Acrobat and Foxit PDF Editor, the two most widely used PDF processing applications.

• Develop a custom harness to fuzz the Solid Framework, a third-party library used by Adobe Acrobat and Foxit PDF Editor for PDF document to Microsoft Office document file conversion.

• Discovered and reported 16 vulnerabilities to date, including six cases in Adobe Acrobat and ten cases in Foxit PDF Editor, with all cases fixed.

• Notably, five of these vulnerabilities impacted both Adobe Acrobat and Foxit PDF Editor, highlighting the potential ripple effects of vulnerabilities in third-party libraries.

• Share insights into our vulnerability-hunting journey, including the techniques used, and the impact of our discoveries.

• Discuss the ethical considerations in vulnerability hunting and responsible disclosure practices.

• Educate software developers about the risks that third-party and open-source libraries pose when used without a thorough security code audit via fuzzing.

Join us to learn from our experiences and gain valuable insights into uncovering vulnerabilities in PDF processing applications. Don’t miss out on the opportunity to enable your knowledge of vulnerability hunting and responsible disclosure practices.

Vulnerability Hunting in a Third-Party Plugin in Adobe Acrobat Through Fuzzing

Cyber Attacks

Cyber Crime

Cyber Defence

Cyber Insurance

Cyber Incident Response

Zero Day Threats

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Vulnerability Hunting in a Third-Party Plugin in Adobe Acrobat Through Fuzzing

Presented by

About this talk

Zscaler