Black Hat and DEF CON are two of the key safety conferences within the U.S., drawing massive crowds of cyber and AI decision-makers to Las Vegas. Black Hat USA 2024 runs from Aug. 3-8, with many of the briefings occurring on Aug. 7 and eight; DEF CON 32 runs from Aug. 8-11.
We’re rounding up the enterprise enterprise tech information from Black Hat and DEF CON that’s most related for IT and tech decision-makers.
The best way to maintain generative AI accountable
A significant matter of dialog and analysis at Black Hat this week will likely be maintain generative AI accountable within the case of hallucinations, misinformation, or follow-on results from generated content material.
On the one-day AI Summit (ticketed individually from the remainder of Black Hat), specialists will talk about safe AI fashions and functions for enterprise use, in addition to the usage of AI in cyberattacks.
AI Village at DEF CON will process a staff of hackers with exploring detect and report AI flaws. This occasion is notable as a result of each the vulnerabilities and the strategies of reporting these vulnerabilities will likely be below scrutiny. Ideally, this occasion will assist AI distributors construct frameworks for extra thorough and correct reporting.
DARPA and different authorities organizations will work on securing generative AI at DEF CON as properly. The AI Cyber Problem (AIxCC) Semifinal Competitors will check hackers abilities in securing crucial infrastructure in a hypothetical, futuristic metropolis.
Patches and vulnerabilities recognized
Many organizations at Black Hat and DEF CON will announce patches and noteworthy vulnerabilities. We’ll cowl these as they come up. For folks attending the convention, there are a lot of briefings to select from.
Aqua Safety introduced on Aug. 7 that it had pinpointed a vulnerability in six AWS cloud providers that would let attackers execute code remotely or take over accounts. Amazon has since shut that door. The issue was that S3 buckets for these six providers — CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar — had names with related patterns. Due to this, attackers may guess names to plant malicious code in legit S3 buckets.
Enhancing safety intelligence
X-Ops, the safety response staff of IT-as-a-service supplier Sophos, launched a report on Tuesday about new techniques ransomware attackers use to place stress on their victims. These techniques can embody:
- Encouraging prospects to open authorized instances towards sufferer organizations.
- Opening authorized instances themselves.
- Searching for monetary details about goal firms, significantly data that may reveal inaccuracies or subterfuge.
- Exposing felony exercise which will happen on firm units.
- Portray the organizations they aim as negligent or morally poor.
Notable product releases
Flashpoint launched new options and capabilities in Flashpoint Ignite and Echosec on Aug. 6. Flashpoint Ignite, the flagship platform, will now embody investigations administration and intelligence necessities mapping, which matches Flashpoint collections with Precedence Intelligence Necessities. Echosec will embody location safety beginning Aug. 6.
The AI safety firm CalypsoAI boosted its product line with out-of-the-box scanners for particular business-use instances and verticals and real-time risk updates
Keynotes deliver nationwide and company gamers
Keynote audio system for Black Hat 2024 embody Cybersecurity and Infrastructure Safety Company Director Jen Easterly, Google Safety Engineering Supervisor Ellen Cram Kowalczyk, and Microsoft Risk Intelligence Technique Director Sherrod DeGrippo.
DeGrippo spoke to TechRepublic earlier this month about preserving companies safe in the course of the Paris Olympics.
TechRepublic is masking Black Hat and DEF CON remotely. This text will likely be up to date all through Black Hat and DEF CON with extra information highlights.
