Americas

Asia

Oceania

Black Hat: Latest news and insights

News
08 Aug 20244 mins
Advanced Persistent ThreatsApplication SecurityCloud Security

The Black Hat series of international cybersecurity conferences brings together top IT security pros, researchers, and thought leaders to discuss the latest cyber techniques, vulnerabilities, threats, and more. Here’s the latest to know.

Team of Internationally Wanted Hackers Teem Organizing Advanced Malware Attack on Corporate Servers. Hacker is Working in His Computer. Place is Dark and Has Multiple displays. Vulnerability
Credit: Gorodenkoff / Shutterstock

Black Hat USA 2024 kicks off Aug. 3 at Mandalay Bay in Las Vegas with training sessions, followed by a series of summits on Aug. 6, including the CISO Summit, with sessions on quantifying the cost of cyber risk, navigating regulatory complexity, and rebuilding after a cyber crisis, among others.

But the big show rolls out Aug. 7-8. Keynotes include a discussion on securing elections in a record-breaking year for voting worldwide, featuring CISA Director Jen Easterly, NCSC CEO Felicity Oswald, and ENISA COO Hans de Vries, and a fireside chat with Signal founder Moxie Marlinspike on the tradeoffs between security and privacy. Microsoft Deputy CISO Ann Johnson, ThreatLocker CEO Danny Jenkins, CISA’s Jen Easterly, and National Cyber Director Harry Coker will also be presenting on the main stage.

Session topics range from practical LLM security and leveraging LLMs for threat hunting, to cyber-insurance strategies and securing network appliances. As ever, exploit development sessions abound, as do talks aimed at breaking down application security defenses. On the enterprise front, critical vulnerabilities in AWS, VPN post-exploitation techniques, real-world SaaS attacks, and privileged escalation will be presented and discussed. Disinformation, deepfakes, ransomware gang structures — Black Hat has a bit of everything for everyone in the security community, on both sides of the divide.

Kindred “Hacker Summer Camp” conference DEF CON runs Aug. 8-11 at the Las Vegas Convention Center, offering up additional vulnerability research from the cyber community.

Here’s the latest news, insights, and analysis from Black Hat and DEF CON:

AMD CPUs impacted by 18-year-old SMM flaw that enables firmware implants

Aug. 9, 2025: Security reseachers estimate the ‘Sinkclose’ vulnerability affects ‘hundreds of millions of laptops, desktops, and servers,’ allowing attackers to execute malicious code on the most privileged execution mode on a computer. They will present their findings at this year’s DEF CON.

5 key takeaways from Black Hat USA 2024

Aug. 9, 2024: The industry’s biggest annual get together offers CISOs a chance to chart industry trends. From cloud security to AI, here’s what’s notable about this year’s ‘hacker summer camp.’

S3 shadow buckets leave AWS accounts open to compromise

Aug. 8, 2024: Attackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools.

Back to the future: Windows Update is now a trojan horse for hackers

Aug. 8, 2024: SafeBreach security researcher Alon Leviev has unveiled at Black Hat a technique that lets malicious actors manipulate the Windows Update process to downgrade critical system components, rendering security patches useless.

Top new cybersecurity products at Black Hat USA 2024

Aug. 8, 2024: Find out the top cybersecurity tools, platforms, features, services, and technologies unveiled at Black Hat USA 2024 that you need to know about, with our rolling coverage of conference announcements.

Generative AI takes center stage at Black Hat USA 2024

Aug. 8, 2024: Top gen AI-driven cybersecurity tools, platforms, features, services, and technologies unveiled at Black Hat 2024 that you need to know about. Read about them here.

APT groups increasingly attacking cloud services to gain command and control

Aug. 7, 2024: Nation-state threat groups are piling on attack techniques seen as successful in exploiting free cloud services, Symantec reports, with findings to be presented today in a talk at the Black Hat USA security conference.

Black Hat preview: AI and cloud security in the spotlight

Aug. 6, 2024: This year’s Black Hat USA sees LLMs in the crosshairs, rising attacks against hyperscale cloud vendors, and CISOs in need of advice for legal liabilities. Find out more with CSO Online’s conference preview.

North Korean group infiltrated 100-plus companies with imposter IT pros: CrowdStrike report

Aug. 6, 2024: Released at Black Hat, CrowdStrike’s Threat Hunting Report outlines a DPRK group’s attempts to exfiltrate data and install RMM tools by posing as US IT workers, along with several other examples that show cross-domain analysis is needed to tackle rising identity-based attacks.