Editor's note
Black Hat USA 2023, the 26th year of the annual cybersecurity conference, returned in person to Las Vegas Aug. 5-10.
The two-day main event, Aug. 9-10, featured keynote speaker Maria Markstedter, founder of Azeria Labs, addressing one of the year's hottest topics: cybersecurity in the age of AI. Other keynotes included a fireside chat with CISA director Jen Easterly and Victor Zhora, currently responsible for the cybersecurity of the Ukrainian digital infrastructure, and a talk from Kemba Walden, acting national cyber director in the Office of the National Cyber Director.
Four days of specialized trainings took place Aug. 5-8, including the Black Hat Certified Pentester program -- a new certification for pen testing pros. The all-day intermediate-level exam was available for attendees to take in person.
TechTarget's security team was on site, reporting from the conference floor. Use this guide to explore the news, announcements and developments from the 2023 event.
1On the hunt for security weak spots
At Black Hat 2023, experts covered the top likely vulnerabilities security teams need to watch for.
-
Article
Datacentre management vulnerabilities leave public clouds at risk
At the annual DEF CON hacking convention, researchers from Trellix have disclosed multiple vulnerabilities in key datacentre products underpinning the world’s public cloud infrastructure Read Now
-
Article
CISA shares 'secure by design' plan for US tech ecosystem
The cyber agency plans to establish secure-by-design principles through internal and external communications, data collection and education for the next generation. Read Now
-
Article
Trend Micro discloses 'silent threat' flaws in Azure ML
During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure. Read Now
-
Article
Researchers put LLMs to the test in phishing email experiment
A Black Hat USA 2023 session discussed an experiment that used large language models to see how effective the technology can be in both detecting and producing phishing emails. Read Now
-
Article
Wiz warns of exposed multi-tenant apps in Azure AD
During a Black Hat USA 2023 session, a Wiz researcher explained how a common misconfiguration in Azure Active Directory led to the exposure of nearly 1,300 applications. Read Now
-
Article
Coalition looks to bridge gap between CISOs, cyber insurance
While carriers and CISOs agree cyber insurance has contributed to better security postures, Coalition said the relationship needs to stronger as threat evolve and intensify. Read Now
-
Article
Google unveils 'Downfall' attacks, vulnerability in Intel chips
Google researcher Daniel Moghimi first reported CVE-2022-40982 and the resulting data leak attacks to Intel in August 2022, but it's taken nearly 12 months to disclose the flaw. Read Now
-
Article
Google to discuss LLM benefits for threat intelligence programs
Large language models are the backbone of generative AI products launching in the security space. Google will discuss how best to integrate the technology at this week's Black Hat USA. Read Now
-
Article
Palo Alto: SugarCRM zero-day reveals growing cloud threats
Recent incident response investigations reveal that attackers are becoming more advanced when it comes to the cloud, but there are steps enterprises can take to mitigate risks. Read Now
2Attacks and hacks: News from the conference floor
Black Hat USA 2023 will feature more than 100 presentations, with experts and analysts explaining the latest attacks and sounding warning bells on what could be coming next.
-
Article
Black Basta, Hive and Royal ransomware gangs may share real-world connection
At Black Hat USA, Sophos X-Ops researchers share data revealing potential connections between three active ransomware crews Read Now
-
Article
Kemba Walden: We need to secure open source software
During her Black Hat USA 2023 keynote, the acting national cyber director said the White House wants to develop realistic policies to improve the security of open source software. Read Now
-
Article
Onapsis researchers detail new SAP security threats
At Black Hat 2023, Onapsis researchers demonstrated how attackers could chain a series of SAP vulnerabilities impacting the P4 protocol to gain root access to a target network. Read Now
-
Article
CrowdStrike observes massive spike in identity-based attacks
Identity-based attacks like Kerberoasting saw massive increases over the last 12 months as adversary breakout time fell, according to CrowdStrike's 2023 Threat Hunting Report. Read Now
-
Article
Generative AI takes center stage at Black Hat USA 2023
About one year after generative AI launched into the spotlight, the technology is showing early signs of potential for security at Black Hat USA 2023 in Las Vegas. Read Now
-
Article
U.S., Ukraine cyber leaders talk resilience, collaboration
At Black Hat 2023, CISA's Jen Easterly and Ukraine's Victor Zhora discuss cyber resilience and security hardening in the face of destructive cyber campaigns. Read Now
3Pre-conference coverage for Black Hat 2023
At Black Hat 2022, presenters and experts discussed need-to-know cybersecurity topics, from timely information on improving the U.S. government's cyber operations and the Russian invasion of Ukraine to perennial topics of attack surface management and preventing email and other cyber threats. Review these highlights from last year to get ready for Black Hat USA 2023.
-
Podcast
Risk & Repeat: Black Hat 2022 recap
This Risk & Repeat podcast episode discusses the Black Hat 2022 conference in Las Vegas and the notable sessions, major themes and hot topics from the show. Listen Now
-
Article
‘Coopetition’ a growing trend among ransomware gangs
Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time Read Now
-
Article
Industroyer2: How Ukraine avoided another blackout attack
A Black Hat 2022 session explained how the latest attack on Ukraine's energy grid was thwarted this spring, thanks to quick responses and timely sharing of threat data. Read Now
-
Article
Chris Krebs: It's still too hard to work with the government
Former CISA Director Chris Krebs offered multiple areas of improvement to the U.S. government's cyber readiness during a Black Hat 2022 keynote. Read Now
-
Article
BrightTALK @ Black Hat USA 2022
BrightTALK's virtual experience at Black Hat 2022 included live-streamed conversations with experts and researchers about the latest cybersecurity landscape, threats and trends. Read Now