In this week's Risk & Repeat podcast, SearchSecurity editors recap Black Hat 2017 and discuss some of the big news from the event, including the Broadpwn remote exploit.
LAS VEGAS -- Black Hat 2017 was filled with the usual assortment of fresh vulnerabilities and emerging threats, including a devastating proof-of-concept attack for mobile devices and the first-known example of malware designed to cripple electrical grid substations.
In this episode of the Risk & Repeat podcast, SearchSecurity Editor Rob Wright recaps his experiences -- good and bad -- from Black Hat 2017 with his podcast co-host Peter Loshin. Highlights of this year's show included a packed presentation on Broadpwn, a wormable remote exploit discovered by researchers at Exodus Intelligence that can affect a litany of Android and iOS devices that use Broadcom Wi-Fi chips; a deep dive into the Industroyer malware (also known as CrashOverride), which attacked industrial controls systems in parts of Ukraine and triggered temporary blackouts; and a session on the Shadow Brokers that analyzed the group's activities and patterns of behavior, which suggest that disgruntled intelligence contractors may be behind it all.
Additional Black Hat 2017 highlights included a session on the science -- and psychology -- of phishing attacks from Stripe security engineer Karla Burnett, who argued that awareness training isn't enough to prevent today's email threats. Lowlights from the event include massive crowds, cramped hallways, and a lack of surprises and spoiler-free vulnerability reveals.
For more on Black Hat 2017, listen to this episode of the Risk & Repeat podcast.
Risk & Repeat: Enterprises leaking cloud data in Amazon Web Services
Risk & Repeat: Kaspersky Lab removed from GSA schedule
Risk & Repeat: Machine learning poised to revolutionize identity and access control