Previewing Black Hat Europe 2024 in London: 20 Hot Sessions

 The article previews the upcoming Black Hat Europe 2024 conference in London, which will feature over 45 keynotes and briefings on various cybersecurity topics. Highlights include:


1. **Geopolitics and Cybersecurity**: Exploring the intersection of geopolitics and cybersecurity.

2. **Industrial Control Systems**: Vulnerabilities in Schneider Electric M340 PLCs allowing remote code execution.

3. **DNSSEC Security**: Addressing KeyTrap vulnerabilities that can cause DNSSEC denial-of-service attacks.

4. **Windows ANSI Vulnerabilities**: Exploits related to Windows' "best fit" feature for Unicode characters.

5. **AI and Machine Learning Threats**: How large language models can be subverted via Trojan backdoors.

6. **Financial Fraud**: Operation MIDAS and tracking fraudulent online brokerage operations.

7. **Vulnerability Scoring**: Critiques of CVSS scoring and its implications for security.

8. **eSIM Protocol Vulnerabilities**: Security issues in the Remote SIM Provisioning protocol.

9. **Nation-State Mobile Malware**: Insights into mobile surveillance malware from Russia, China, and North Korea.

10. **Secure Boot Issues**: Vulnerabilities in Dell iDRAC9 and embedded device secure boot processes.

11. **Threat Intelligence on SAP**: Analysis of threat intelligence data targeting SAP ERP software.

12. **Cybercrime**: Success stories and challenges in fighting cybercrime.

13. **Privacy in AI Agents**: Risks and responses for AI-based tools.

14. **Automotive Exploits**: Critical vulnerabilities in Volkswagen Group vehicle infotainment systems.

15. **Government Cyber Regulation**: Balancing regulation and red tape in the cyber intrusion market.

16. **Side-Channel Attacks**: New attack surfaces in deep neural network executables.

17. **Code Leakage Prevention**: Mitigating code leakage with LLM-based code assistants.

18. **AI in Cybersecurity**: Applying AI to cybersecurity challenges in banking infrastructure.

19. **JavaScript Security in Cloud Computing**: Exploitation techniques and defenses for JavaScript in cloud environments.

20. **Conference Wrap-Up**: Key takeaways and trends in information security.


The article provides a detailed look at the sessions, emphasizing the importance of these discussions in addressing current and emerging cybersecurity threats.

https://www.govinfosecurity.com/blogs/previewing-black-hat-europe-2024-in-london-20-hot-sessions-p-3776

Comments

Post a Comment

Popular posts from this blog

Endor Labs Announces Integrated SAST Offerings

 Endor Labs recently announced that their Static Application Security Testing (SAST) toolset will be integrated into their platform, enhancing software security. This offering aims to help developers identify and fix code vulnerabilities earlier in the development cycle. By combining SAST with dependency management, Endor Labs provides a streamlined approach to managing and securing both custom code and third-party dependencies in a unified platform, which can improve efficiency and reduce security risks. For more details, you can read the full article  .
Read more

OWASP Releases Enhanced Dependency-Check Tool with Advanced Tagging and Policy Management Features

 OWASP has released an updated version of its dependency-check tool, version 4.12.0, which identifies vulnerabilities in third-party software components, enforces policy compliance, and generates a CycloneDX-based Software Bill of Materials (SBOM). Key updates include enhanced tag features for improved control over security alerts and SBOM validation, a new tag management view, a global policy violation audit view, and authorization for security status badges. These changes offer more granular control over managing third-party dependencies, though experts note that managing software risk remains an ongoing challenge despite these improvements. https://securityboulevard.com/2024/10/owasps-dependency-check-tool-update-key-changes-and-limitations/ ps.  I think Security Boulevard (https://securityboulevard.com/) is a little bit confused here. https://securityboulevard.com/2024/10/owasps-dependency-check-tool-update-key-changes-and-limitations/ The original news links to Dependency...
Read more

The Hidden Cost of DevSecOps: Time and Financial Burden of Security on Developers

 A survey by JFrog, "The Hidden Cost of DevSecOps: A Developer’s Time Assessment," reveals that developers spend a significant amount of time on security-related tasks, costing companies around $28,000 per developer annually. Half of senior developers and team leaders report a notable increase in weekly hours dedicated to security tasks like manual application scans, context switching, and secrets detection. This time detracts from innovation and delivering new applications. JFrog’s CTO, Asaf Karas, emphasized the inefficiency caused by juggling multiple tools and environments, advocating for streamlined security processes to boost efficiency and reduce risks. Many developers spend 19% of their weekly hours on security tasks, often outside regular work hours, resulting in a reactive approach to security. https://informationsecuritybuzz.com/the-hidden-price-of-devsecops/
Read more