August 9, 2024 at 02:12PM At Black Hat USA, a panel discussed hackers’ increasing attempts to manipulate media post-data breaches. Criminal groups aim to build credibility through media attention, using extortion and threats to push victims into paying. Journalists stress the importance of verifying hacker claims and providing accurate information, despite pressure from both hackers … Read more
August 9, 2024 at 01:49PM Entro Security, a leader in Non-Human Identity (NHI) and Secrets Management, has announced two groundbreaking features at Black Hat USA: Optical Character Recognition (OCR) support for secret scanning and Employees Tokens Blast Radius. These unique features provide comprehensive insight and governance for secrets and NHI management, empowering security teams with … Read more
August 9, 2024 at 10:21AM Cybersecurity researchers discovered vulnerabilities in Sonos smart speakers that could be exploited by attackers to eavesdrop on users, impacting all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12. These findings were presented at Black Hat USA 2024 and reveal two security defects, CVE-2023-50809 and CVE-2023-50810, compromising … Read more
August 8, 2024 at 02:56PM Enterprises are rapidly adopting Microsoft’s Copilot AI-based chatbots to enhance employee productivity, but security researcher Michael Bargury demonstrated at Black Hat USA how attackers could exploit Copilot for data theft and social engineering. He also released an offensive toolset for Copilot and emphasized the need for better detection of “promptware” … Read more
August 8, 2024 at 02:12PM Ann Johnson and Sherrod DeGrippo presented at Black Hat on “Security in the Age of AI.” They tackled the recent CrowdStrike outage and highlighted the community’s response. Microsoft’s focus on collaborating with customers and peers, particularly in combating threat actors like Scattered Spider, was emphasized. The discussion emphasized the importance … Read more
August 8, 2024 at 08:07AM Aqua Security researchers discovered six critical vulnerabilities in Amazon Web Services (AWS) that could have allowed remote code execution, exfiltration, denial of service attacks, and account takeovers. Attack methods such as “Bucket Monopoly” and “Shadow Resources” were uncovered and reported to AWS, which rolled out mitigations between March and June. … Read more
August 8, 2024 at 06:45AM Microsoft is developing security updates to tackle two vulnerabilities affecting Windows update architecture. The flaws can be exploited for downgrade attacks, allowing manipulation of system files and elevating privileges. Discovered by SafeBreach Labs researcher Alon Leviev, the vulnerabilities were presented at Black Hat USA 2024 and DEF CON 32, highlighting … Read more
August 7, 2024 at 07:26PM At the Black Hat USA conference, it was revealed that an obscure issue in Microsoft’s Entra ID identity and access management service could enable a hacker with admin-level access to gain global administrator privileges. This could lead to unauthorized access, including accessing sensitive data and planting malware in an organization’s … Read more
August 7, 2024 at 03:25PM At Black Hat USA in Las Vegas, Eitan Worcel of Mobb Security, last year’s winner, passed the torch to Knostic, the 2024 winner. Sounil Yu, Knostic’s CTO, accepted the award. Four finalists, including LeakSignal, RAD Security, DryRun Security, and Knostic, made final pitches. Knostic’s tool focuses on access control of … Read more
August 7, 2024 at 02:27PM Enterprise usage of Microsoft’s Copilot Studio, a no-code chatbot creation tool, has surged within nine months of its release. However, security researcher Michael Bargury highlighted serious security vulnerabilities that could lead to data exfiltration and bypassing controls. Despite Microsoft addressing some issues, careful implementation and admin controls are essential to … Read more