• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
black hat and def con roundup

Black Hat and DEF CON Roundup

You are here: Home / Latest Cyber Security Vulnerabilities / Black Hat and DEF CON Roundup
August 15, 2022

‘Summer Camp’ for hackers attributes a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

There was almost nothing normal this year at BSides LV, Black Hat United states of america and DEF CON – also identified collectively as Hacker Summer Camp. The weeklong collection of cybersecurity conferences featured an eclectic mix of attendees to find out, network, hack and have exciting. The 7 days even involved a uncommon Las Vegas flash flood (not a new DDoS system) on Thursday making chaos in one casinos.

The earlier 7 days, when not ‘typical’, was a nod to normalcy for attendees. Attendance for situations was up from the preceding 12 months, which in 2021 was muted by reduce attendance and COVID fears. Below is a roundup of primary investigate, themes and buzz from this year’s shows.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Investigate of Note

Movie conferencing darling Zoom was highlighted at DEF CON by Patrick Wardle, founder of the Goal-See Foundation, for a hacking system that allowed him, utilizing the macOS variation of Zoom, to elevated privileges and achieve accessibility to the whole macOS working technique.

Pen Test Partners uncovered a flaw in the Digital Flight Bag tablets employed by some Boeing aircraft pilots that could have authorized an adversary to modify information “and induce pilots to make dangerous miscalculations,” according to a Reuters report.

Starlink, the satellite operated by SpaceX that supplies internet entry to about 36 nations around the world, was proven vulnerable to a hack by using a $25 modchip. Belgian researcher Lennert Wouters unveiled at Black Hat how he mounted a prosperous fault injection attack on a person terminal employed to manage the satellite.

Researcher James Kettle debuted a new class of HTTP ask for smuggling attack that authorized him to compromise Amazon and Akamai, break TLS, and exploit Apache servers, in accordance to reporting from Portswigger’s The Day by day Swig.

Journalist Eduard Kovacs documented on a higher-severity Realtek bug in the company’s eCos SDK. Located by Faraday Security and talked over at DEF CON, the eCos SDK is utilised in a wide variety of routers, access factors and network repeaters, in accordance to his report.

For lovers of FUD, Laptop Journal has a pleasant rundown of “The 14 Scariest Points We Noticed at Black Hat 2022“. Items maintaining them up are SMS codes flunk MFA, an “invisible finger to choose control” of your touchscreen product and a Microsoft hiccup when launching its Early Start Antimalware (ELAM).

Matters of Dialogue

The main Black Hat keynote was from Chris Krebs, previous Cybersecurity and Infrastructure Security Company (CISA), who shared his optimism when it will come to the US method to info security. On the other hand, he did convey pessimism that US cyber-defenses were much too focused on nation state attackers versus much more mundane and pressing worries, in his estimation, these as ransomware.

Ukraine war and Log4j also ended up major themes at each of the conferences. ESET supplied Black Hat attendees with an update on cyberattacks from Ukraine. Companies this sort of as CyCognito warned that we are not out of the Log4j woods. A report by SiliconAngle  quotes Robert Silvers, undersecretary for policy at the Office of Homeland Security, echoed those considerations telling attendees that “[Log4j] is most possible that corporations are likely to offer with Log4j issues for at minimum a decade and possibly extended.”

Victor Zhora, deputy head of Ukraine’s Condition Special Communications Assistance, informed Black Hat attendees that his country’s infrastructure has knowledgeable a 300 percent uptick in cyber incidents because Russia’s invasion of the place. The visit was unannounced, according to a Voice of The usa report.

In the meantime latest White House Cyber Director Chris Inglis advised journalist Kim Zetter, through a DEF CON session, that he was targeted on “‘three waves of attacks’ that have progressed in recent decades,” in accordance a Nextgov report.

The to start with wave “focused on adversaries keeping info and techniques at risk.” In the next, the attackers “still held information and units at risk, but they then abstracted that into holding critical capabilities at risk.” The third is an attack on confidence, as exemplified by the attack on the Colonial Pipeline. – Nextgov.

For DEF CON, it was the event’s 30th anniversary, which activities organizers billed as not a birthday but a Hacker Homecoming.

“This has been a insane pair of several years,” in accordance to an formal DEF CON forum write-up.

“A global pandemic turned DEF CON 28 into DEF CON Safe Method. Some easing of the limits and some stringent attendance guidelines gave us a hybrid con for DC29. An improvement, to be positive, but a little something shorter of a complete DEF CON experience… We want DEF CON 30 to have the electricity of a reunion… In honor of all that, we’re contacting DEF CON 30 ‘Hacker Homecoming’.”


Some pieces of this short article are sourced from:
threatpost.com

Previous Post: «Cyber Security News #DEFCON: How Sanctions Impact Internet Operators
Next Post: Dutch Authorities Arrest Tornado Cash Developer Following US Sanctions on Crypto Mixer Firm Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.