Black Hat 2024: AWS Patches Vulnerability in Cloud Services

0
238
Black Hat

Black Hat and DEF CON are two of the major security conferences in the U.S., drawing large crowds of cyber and AI decision-makers to Las Vegas. Black Hat USA 2024 runs from Aug. 3-8, with most of the briefings occurring on Aug. 7 and 8; DEF CON 32 runs from Aug. 8-11.

We’re rounding up the enterprise business tech news from Black Hat and DEF CON that is most relevant for IT and tech decision-makers.

How to hold generative AI accountable

A major topic of conversation and research at Black Hat this week will be how to hold generative AI accountable in the case of hallucinations, misinformation, or follow-on effects from generated content.

At the one-day AI Summit (ticketed separately from the rest of Black Hat), experts will discuss how to secure AI models and applications for enterprise use, as well as the use of AI in cyberattacks.

AI Village at DEF CON will task a team of hackers with exploring how to detect and report AI flaws. This event is notable because both the vulnerabilities and the methods of reporting those vulnerabilities will be under scrutiny. Ideally, this event will help AI vendors build frameworks for more thorough and accurate reporting.

DARPA and other government organizations will work on securing generative AI at DEF CON as well. The AI Cyber Challenge (AIxCC) Semifinal Competition will test hackers skills in securing critical infrastructure in a hypothetical, futuristic city.

Patches and vulnerabilities identified

Many organizations at Black Hat and DEF CON will announce patches and remarkable vulnerabilities. We will cover those as they arise. For people attending the conference, there are many briefings to choose from.

Aqua Security announced on Aug. 7 that it had pinpointed a vulnerability in six AWS cloud services that could let attackers execute code remotely or take over accounts. Amazon has since shut that door. The problem was that S3 buckets for those six services — CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar — had names with similar patterns. Because of this, attackers could guess names to plant malicious code in legitimate S3 buckets.

Enhancing security intelligence

X-Ops, the security response team of IT-as-a-service provider Sophos, released a report on Tuesday about new tactics ransomware attackers use to put pressure on their victims. These tactics can include:

  • Encouraging customers to open legal cases against victim organizations.
  • Opening legal cases themselves.
  • Seeking financial information about target companies, particularly information that might reveal inaccuracies or subterfuge.
  • Exposing criminal activity that may occur on company devices.
  • Painting the organizations they target as negligent or morally deficient.

Notable product releases

Flashpoint released new features and capabilities in Flashpoint Ignite and Echosec on Aug. 6. Flashpoint Ignite, the flagship platform, will now include investigations management and intelligence requirements mapping, which matches Flashpoint collections with Priority Intelligence Requirements. Echosec will include location protection starting Aug. 6.

The AI security company CalypsoAI boosted its product line with out-of-the-box scanners for specific business-use cases and verticals and real-time threat updates

Keynotes bring national and corporate players

Keynote speakers for Black Hat 2024 include Cybersecurity and Infrastructure Security Agency Director Jen Easterly, Google Security Engineering Manager Ellen Cram Kowalczyk, and Microsoft Threat Intelligence Strategy Director Sherrod DeGrippo.

DeGrippo spoke to TechRepublic earlier this month about keeping businesses secure during the Paris Olympics.

TechRepublic is covering Black Hat and DEF CON remotely. This article will be updated throughout Black Hat and DEF CON with more news highlights.

Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here