[ad_1]
Black Hat and DEF CON are two major security conferences in the United States, attracting a large number of cyber and AI decision-makers to Las Vegas. Black Hat USA 2024 will be held from August 3 to 8, with most briefings held on August 7 and 8; DEF CON 32 will be held from August 8 to 11.
We round up the most relevant enterprise business technology news for IT and technology decision makers from Black Hat and DEF CON. Notably, security researchers discovered a vulnerability that allowed six AWS services to be compromised, which has now been patched.
This article will be updated with more news highlights during Black Hat and DEF CON.
How to hold generative AI accountable
A major topic of discussion and research at Black Hat this week was how to hold generative AI accountable in cases of hallucinations, misinformation, or subsequent impact of generated content.
exist One-day AI summit (ticket sold separately from the rest of Black Hat), experts discussed how to protect AI models and applications used by enterprises, as well as the use of AI in cyberattacks.
AI Village At DEF CON, a team of hackers was commissioned to explore how to detect and report AI vulnerabilities. The event was notable because both vulnerabilities and the methods for reporting them were under scrutiny. Ideally, the event will help AI vendors build more comprehensive and accurate reporting frameworks.
DARPA and other government organizations also worked at DEF CON to ensure the safety of generative AI. Artificial Intelligence Cyber Challenge (AIxCC) Semi-Finals Testing hackers’ skills in protecting critical infrastructure in a hypothetical future city.
Identified Patches and Vulnerabilities
Many organizations will release patches and major vulnerabilities at Black Hat and DEF CON. We will report on these vulnerabilities as they become available. There are many briefing Available.
Water safety On August 7, Amazon announced that it had identified vulnerabilities in six AWS cloud services that could allow attackers to remotely execute code or take over accounts. Amazon has since closed the door. The problem is that the S3 bucket names of these six services (CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar) have similar patterns. Therefore, attackers can guess the names to plant malicious code in legitimate S3 buckets.
Enhanced security intelligence
IT-as-a-service provider Sophos launches X-Ops, its security response team A report On Tuesday, ransomware attackers used new tactics to exert pressure on victims. These tactics include:
- Encourage customers to initiate legal action against victimized organizations.
- Initiate legal action yourself.
- Seek financial information about the target company, especially information that may reveal inaccuracies or deceptive practices.
- Uncover criminal activity that may be occurring on company equipment.
- They portray the targeted organizations as negligent or lacking in ethics.
Noteworthy product launches
Flashpoint announced new features and capabilities for Flashpoint Ignite and Echosec on August 6. The flagship platform, Flashpoint Ignite, will now include investigation management and intelligence requirements mapping, matching the information collected by Flashpoint to priority intelligence requirements. Echosec will offer location protection capabilities starting August 6.
AI security company CalypsoAI enhances its product line with out-of-the-box scanners for specific business use cases and verticals, as well as real-time threat updates
Keynote speech brings together national and corporate players
Keynote speakers for Black Hat 2024 include Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency; Ellen Crum Kowalczykand Sherrod DeGrippo, director of threat intelligence strategy at Microsoft.
Earlier this month, DeGrippo spoke to TechRepublic about how to keep your business secure. During the Paris Olympics.
TechRepublic is covering Black Hat and DEF CON remotely. This article will be updated with more news highlights during Black Hat and DEF CON.
[ad_2]
Source link
