News Desk 2024: Can GenAI Write Secure Code?

November 27, 2024 at 08:16AM Generative AI is rapidly learning to code, mirroring human development but also inheriting flaws from open-source models. Chris Wysopal highlights the challenge of increasing code volume leading to more vulnerabilities. He proposes using AI to identify and fix these issues, emphasizing ongoing work on specialized language models for enhanced security. … Read more

Black Hat USA 2024 – Summary of Vendor Announcements

August 12, 2024 at 09:18AM The 2024 Black Hat conference in Las Vegas saw numerous cybersecurity product and service announcements. Highlights include free ICS analysis tools from Claroty, a bug bounty initiative by Anthropic, and new offerings from companies like Sysdig, Cymulate, and Vectra AI. Additionally, findings from various security firms and platform launches were … Read more

Windows Update downgrade attack “unpatches” fully-updated systems

August 7, 2024 at 04:31PM SafeBreach security researcher Alon Leviev disclosed at Black Hat 2024 two unpatched zero-days that can be exploited in downgrade attacks on up-to-date Windows 10, 11, and Windows Server systems. Microsoft issued advisories for CVE-2024-38202 and CVE-2024-21302, providing mitigation guidance. The vulnerabilities allow for system compromise, making fully patched systems susceptible … Read more

Training at Black Hat to Focus on Equipping Cybersecurity Leaders With Soft Skills

July 17, 2024 at 11:07AM This executive summary highlights Dr. Daniel Shore’s upcoming workshop at Black Hat 2024 titled “Hacking Cybersecurity Leadership.” The workshop focuses on enhancing the soft skills of cybersecurity leaders through research-based training, aiming to address the complex challenges in the industry. It offers practical solutions and emphasizes human-centered leadership in the … Read more

CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips

June 28, 2024 at 04:15PM Wireless providers prioritize uptime and lag time at the expense of security, leaving users vulnerable to attacks. At Black Hat 2024, Penn State researchers will reveal how hackers can exploit 5G to intercept Internet traffic, leading to spying and phishing. The researchers have reported vulnerabilities to 5G vendors, but a … Read more