Black Hat and DEF CON are two of the foremost safety conferences within the U.S., drawing massive crowds of cyber and AI decision-makers to Las Vegas. Black Hat USA 2024 runs from Aug. 3-8, with a lot of the briefings occurring on Aug. 7 and eight; DEF CON 32 runs from Aug. 8-11.
We’re rounding up the enterprise enterprise tech information from Black Hat and DEF CON that’s most related for IT and tech decision-makers.
The right way to maintain generative AI accountable
A significant subject of dialog and analysis at Black Hat this week might be how one can maintain generative AI accountable within the case of hallucinations, misinformation, or follow-on results from generated content material.
On the one-day AI Summit (ticketed individually from the remainder of Black Hat), consultants will talk about how one can safe AI fashions and functions for enterprise use, in addition to the usage of AI in cyberattacks.
AI Village at DEF CON will job a staff of hackers with exploring how one can detect and report AI flaws. This occasion is notable as a result of each the vulnerabilities and the strategies of reporting these vulnerabilities might be beneath scrutiny. Ideally, this occasion will assist AI distributors construct frameworks for extra thorough and correct reporting.
DARPA and different authorities organizations will work on securing generative AI at DEF CON as effectively. The AI Cyber Problem (AIxCC) Semifinal Competitors will take a look at hackers expertise in securing vital infrastructure in a hypothetical, futuristic metropolis.
Patches and vulnerabilities recognized
Many organizations at Black Hat and DEF CON will announce patches and noteworthy vulnerabilities. We’ll cowl these as they come up. For individuals attending the convention, there are various briefings to select from.
Aqua Safety introduced on Aug. 7 that it had pinpointed a vulnerability in six AWS cloud companies that might let attackers execute code remotely or take over accounts. Amazon has since shut that door. The issue was that S3 buckets for these six companies — CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar — had names with related patterns. Due to this, attackers might guess names to plant malicious code in authentic S3 buckets.
Enhancing safety intelligence
X-Ops, the safety response staff of IT-as-a-service supplier Sophos, launched a report on Tuesday about new ways ransomware attackers use to place stress on their victims. These ways can embody:
- Encouraging clients to open authorized circumstances towards sufferer organizations.
- Opening authorized circumstances themselves.
- In search of monetary details about goal corporations, significantly data which may reveal inaccuracies or subterfuge.
- Exposing legal exercise which will happen on firm gadgets.
- Portray the organizations they aim as negligent or morally poor.
Notable product releases
Flashpoint launched new options and capabilities in Flashpoint Ignite and Echosec on Aug. 6. Flashpoint Ignite, the flagship platform, will now embody investigations administration and intelligence necessities mapping, which matches Flashpoint collections with Precedence Intelligence Necessities. Echosec will embody location safety beginning Aug. 6.
The AI safety firm CalypsoAI boosted its product line with out-of-the-box scanners for particular business-use circumstances and verticals and real-time menace updates
Keynotes convey nationwide and company gamers
Keynote audio system for Black Hat 2024 embody Cybersecurity and Infrastructure Safety Company Director Jen Easterly, Google Safety Engineering Supervisor Ellen Cram Kowalczyk, and Microsoft Menace Intelligence Technique Director Sherrod DeGrippo.
DeGrippo spoke to TechRepublic earlier this month about holding companies safe in the course of the Paris Olympics.
TechRepublic is overlaying Black Hat and DEF CON remotely. This text might be up to date all through Black Hat and DEF CON with extra information highlights.