Table of Contents
The Black Hat series of international cybersecurity conferences brings together top IT security pros, researchers, and thought leaders to discuss the latest cyber techniques, vulnerabilities, threats, and more. Here’s the latest to know.
The infosecurity world decamps to London this week, with research on vulnerabilities in AI systems at the fore of the latest edition of Black Hat Europe.
The four-day program runs from Dec. 9-12, with two-and four-day options of hands-on trainings, but the main event at ExCeL London occurs on Dec. 11 and 12 featuring the latest research, developments, and trends in cybersecurity.
Check out our preview of the most notable keynotes and briefings from the event, which offers numerous presentations on how AI is impacting cyber operations and how cryptographic attacks are unfolding against internet protocols.
Here’s the latest news, insights, and analysis from Black Hat:
Black Hat Europe 2024: Key takeaways for cybersecurity pros
Dec. 16, 2024: Technical talks and policy discussions took centre stage, including ERP in the crosshairs, problems with CVSS, and AI’s impact on cybercops.
SAP systems increasingly targeted by cyber attackers
Dec. 13, 2024: Long viewed as an opaque black box, attackers are increasingly focused upon hacking into enterprise systems from SAP, according to research presented at Black Hat Europe 2024.
Security researchers find deep flaws in CVSS vulnerability scoring system
Dec. 12, 2024: Cybersecurity experts from financial giant JPMorganChase say the cybersecurity community is being misled about the severity of vulnerabilities by the CVSS, which threatens to seriously hinder remediation efforts.
Microsoft Windows ‘Best Fit’ character conversion ‘ripe for exploitation’
Dec. 12, 2024: Security researchers warn that the Windows ANSI API contains a hidden trap that could lead to arbitrary code execution — a new attack surface dubbed ‘WorstFit.’
KeyTrap DNSSEC: The day the internet (almost) stood still
Dec. 12, 2024: Black Hat conference attendees heard a post-mortem on the KeyTrap DNSSEC vulnerability, which could have widely impacted browsing, email, TLS, and other key web services.
Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight
Dec. 10, 2024: This week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity. Here are the most notable keynotes and sessions for cybersecurity leaders and professionals.
AMD CPUs impacted by 18-year-old SMM flaw that enables firmware implants
Aug. 9, 2024: Security reseachers estimate the ‘Sinkclose’ vulnerability affects ‘hundreds of millions of laptops, desktops, and servers,’ allowing attackers to execute malicious code on the most privileged execution mode on a computer. They will present their findings at this year’s DEF CON.
5 key takeaways from Black Hat USA 2024
Aug. 9, 2024: The industry’s biggest annual get together offers CISOs a chance to chart industry trends. From cloud security to AI, here’s what’s notable about this year’s ‘hacker summer camp.’
S3 shadow buckets leave AWS accounts open to compromise
Aug. 8, 2024: Attackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools.
Back to the future: Windows Update is now a trojan horse for hackers
Aug. 8, 2024: SafeBreach security researcher Alon Leviev has unveiled at Black Hat a technique that lets malicious actors manipulate the Windows Update process to downgrade critical system components, rendering security patches useless.
Top new cybersecurity products at Black Hat USA 2024
Aug. 8, 2024: Find out the top cybersecurity tools, platforms, features, services, and technologies unveiled at Black Hat USA 2024 that you need to know about, with our rolling coverage of conference announcements.
Generative AI takes center stage at Black Hat USA 2024
Aug. 8, 2024: Top gen AI-driven cybersecurity tools, platforms, features, services, and technologies unveiled at Black Hat 2024 that you need to know about. Read about them here.
APT groups increasingly attacking cloud services to gain command and control
Aug. 7, 2024: Nation-state threat groups are piling on attack techniques seen as successful in exploiting free cloud services, Symantec reports, with findings to be presented today in a talk at the Black Hat USA security conference.
Black Hat preview: AI and cloud security in the spotlight
Aug. 6, 2024: This year’s Black Hat USA sees LLMs in the crosshairs, rising attacks against hyperscale cloud vendors, and CISOs in need of advice for legal liabilities. Find out more with CSO Online’s conference preview.
North Korean group infiltrated 100-plus companies with imposter IT pros: CrowdStrike report
Aug. 6, 2024: Released at Black Hat, CrowdStrike’s Threat Hunting Report outlines a DPRK group’s attempts to exfiltrate data and install RMM tools by posing as US IT workers, along with several other examples that show cross-domain analysis is needed to tackle rising identity-based attacks.
