Welcome to Information Security Media Group's Black Hat and DEF CON 2024 Compendium featuring latest insights from the industry's top cybersecurity researchers and ethical hackers, as well as perspectives from CEOs, CISOs and government officials on the latest trends in cybersecurity and AI.
Network detection and response delivers ground truth in cybersecurity, giving organizations crucial visibility into attacker behavior before, during and after ransomware attacks. Corelight CEO Brian Dye explains how NDR helps security teams verify threats and contain incidents effectively.
SquareX founder Vivek Ramachandran discusses the limitations of secure web gateways, focusing on their inability to handle dynamic, script-based attacks. He emphasizes the need for browser-native security products that offer real-time protection against evolving web threats.
Despite their illicit activities, ransomware groups invest in custom infrastructure and maintain stringent security practices, often surpassing Fortune 100 companies. Vangelis Stykas, CTO of Atropos, explains why ransomware infrastructure is harder to exploit than enterprise systems.
Scattered Spider, a notorious cyberthreat group, has continued its operations despite a series of high-profile arrests. The group's decentralized structure, in which members operate independently, contributes to its resilience, said Malachi Walker, security adviser at DomainTools.
SQL vulnerabilities continue to plague modern applications due to their severe impact and frequent occurrence. Databases hold valuable information such as customer data and authentication details and are "high-value targets" for attackers, said Paul Gerste, vulnerability researcher at SonarSource.
AI-assisted coding tools can speed up code production but often replicate existing vulnerabilities when built on poor-quality code bases. Snyk's Randall Degges discusses why developers must prioritize code base quality to maximize the benefits and minimize the risks of using AI tools.
When developers make Amazon Machine Images public, they risk exposing sensitive data and creating vulnerabilities. Security experts Matei Josephs and Eduard Agavriloae explain how attackers can exploit these exposures, leading to unauthorized access and potential data breaches.
Centralized architecture in the automotive industry streamlines cybersecurity and supply chain operations by reducing hardware components and enabling quicker fixes. But that centralization also poses major cybersecurity challenges, said Thomas Sermpinis, technical director at Auxilium Pentest Labs.
A U.S. strategy for cybersecurity seeks to move responsibility for cybersecurity from individual users to large tech companies. Researchers Alex O'Neill and Lachlan Price explain the global implications of this shift and how corporations such as Google and Microsoft are taking the lead.
As artificial intelligence technology continues to evolve, security professionals have become involved in areas that traditionally weren't their concern such as preventing biases in decision-making, said Nathan Hamiel, senior director of research at Kudelski Security.
Dating apps collect and sell user location data, leading to significant privacy risks. Users are vulnerable to stalking, harassment and even prosecution in certain countries, says Victor Le Pochat, postdoctoral researcher at KU Leuven. Pochat and Dhont called for improved data protection measures.
Generative AI tools boost developer productivity, but they also generate code with similar vulnerability rates as human developers. Chris Wysopal, co-founder and CTO of Veracode, explains why enterprises must treat AI-generated code with caution and automate security testing.
AI's influence on social engineering and election security has become a focal point at Black Hat. ISMG editors discuss how advanced technologies are making it easier to manipulate people and compromise security systems and offer key insights on machine learning vulnerabilities.
Artificial intelligence, much like when the internet became public, is simultaneously the most overhyped and underhyped technology in history, said Sam Curry, vice president and CISO at Zscaler. Its application in cyber defense is still evolving.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.