Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.

Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.

Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.

Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.

Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.

Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.

Cisco is a proud partner of the Black Hat NOC (Network Operations Center), as the Official Security Cloud Provider, celebrating our 10th year protecting Black Hat, the longest of any partner.   We work with other official providers to bring the hardware, software and engineers to build and secure the Black Hat USA network: Arista, Corelight, […]

Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.

Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.

Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future at Black Hat USA 2025.

Cybersecurity researcher Noam Moshe of Claroty met up with The Security Ledger Podcast at this year's Black Hat Briefings to discuss his presentation on critical Axis IP camera vulnerabilities that could let hackers spy, manipulate video feeds, and pivot into sensitive networks—and what organizations can do to defend against these (and other) IoT threats.

The post How Hackers Take Over Security Cameras (and What You Can Do About It): A Conversation With Claroty’s Noam Moshe appeared first on The Security Ledger with Paul F. Roberts.

💾

The week of August 4th, I had the opportunity to attend two exciting conferences in the cybersecurity world: Black Hat USA 2025 and Squadcon which were held in Las Vegas....

The post Vegas, Vulnerabilities, and Voices: Black Hat and Squadcon 2025 appeared first on Cyber Defense Magazine.

EXECUTIVE SUMMARY:

One of the leading cyber security conferences globally, Black Hat USA is where intellect meets innovation. The 2024 event is taking place from August 3^rd – 8^th, at the Mandalay Bay Convention Center in Las Vegas.

The conference is highly regarded for its emphasis on cutting-edge cyber security research, high-caliber presentations, skill development workshops, peer networking opportunities, and for its Business Hall, which showcases innovative cyber security solutions.

Although two other cyber security conferences in Las Vegas will compete for attention next week, Black Hat is widely considered the main draw. Last year, Black Hat USA hosted roughly 20,000 in-person attendees from 127 different countries.

Event information

The Black Hat audience typically includes a mix of cyber security researchers, ethical hackers, cyber security professionals – from system administrators to CISOs – business development professionals, and government security experts.

On the main stage this year, featured speakers include Ann Johnson, the Corporate Vice President and Deputy CISO of Microsoft, Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), and Harry Coker Jr., National Cyber Director for the United States Executive Office of the President.

The Black Hat CISO Summit, on Monday, August 5^th through Tuesday, August 6^th, caters to the needs and interests of CISOs and security executives. This track will address topics ranging from the quantification of cyber risk costs, to supply chain security, to cyber crisis management.

Professionals who are certified through ISC2 can earn 5.5 Continuing Professional Education (CPE) credits for CISO Summit attendance.

Why else Black Hat

• Access to thousands of industry professionals who have similar interests, who can discuss challenges and who can provide new product insights.
• Access to the latest cyber research, which may not yet be widely available, helping your organization prevent potential attacks before they transform into fast-moving, large-scale issues.
• Cyber security strategy development in partnership with experts and vendors.
  • Check Point is offering exclusive 1:1 meetings with the company’s cyber security executives. If you plan to attend the event and would like to book a meeting with a Check Point executive, please click here.
• Community building. Connect with others, collaborate on initiatives and strengthen everyone’s cyber security in the process.

Must-see sessions

If you’re attending the event, plan ahead to make the most of your time. There’s so much to see and do. Looking for a short-list of must-see speaking sessions? Here are a handful of expert-led and highly recommended talks:

• Enhancing Cloud Security: Preventing Zero-Day Attacks with Modernized WAPs: Wednesday, August 7^th, at 11:00am, booth #2936
• How to Train your AI Co-Pilot: Wednesday, August 7^th, at 12:30pm, booth #2936
• Key Factors in Choosing a SASE Solution: Thursday, August 8^th, at 10:45am, booth #2936

Further details

Be ready for anything and bring the best version of yourself – you never know who you’ll meet. They could be your next software developer, corporate manager, business partner, MSSP, or cyber security vendor. Meet us at booth #2936. We can’t wait to see you at Black Hat USA 2024!

For more event information, click here. For additional cutting-edge cyber security insights, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

 

The post A preview of the upcoming Black Hat conference… appeared first on CyberTalk.

We’ve previously covered his work concerning web cache poisoning and HTTP request smuggling which is intriguing for any software engineer to know about. This article will briefly highlight the main points about Web Cache Entanglement.

The post Web Cache Entanglement – Novel Pathways to Poisoning appeared first on Detectify Blog.

The post How secure is the PDF file? appeared first on Detectify Blog.

The Black Hat cybersecurity conference celebrated its 25th birthday in Las Vegas this week – and Synack was there to mark the occasion in style.

We staged a safari adventure in the Black Hat Business Hall, replete with hanging vines, lush foliage, cheetah swag and the sounds of the jungle. We showed attendees how our security testing platform can be their trusted guide by offering access to our highly skilled, vetted and diverse crew of Synack Red Team security researchers.

When it comes to cybersecurity, it’s a jungle out there. Black Hat speakers drove home just how tangled and daunting the threat landscape has become.

“Things are going to get worse before they get better,” said Chris Krebs, inaugural director of the Cybersecurity and Infrastructure Security Agency, who delivered Black Hat’s keynote Wednesday. “The bad actors are getting their wins, and until we make meaningful consequences and impose costs on them, they will continue.”

Krebs, a founding partner of the Krebs Stamos Group cyber consultancy, also spoke to the urgency of the talent gap in cybersecurity that stands at an estimated 700,000 infosec pros in the U.S. alone and at least four times that number globally.

“It’s been confounding to me how we continue to face workforce shortages,” Krebs said. “We hear about the 3 million open cybersecurity jobs in the community, and I’m just trying to figure out why are we not solving the gap.”

Here are some other themes to emerge from this year’s talks:

• Ransomware remains a top-tier threat. To coincide with Black Hat, the U.S. State Department announced it’s offering a $10 million reward for information on several members of the Conti ransomware gang, which has wreaked havoc in U.S. healthcare and emergency services networks.
• The COVID-era digital transformation is here to stay. Underscoring that point, organizers held Black Hat in a hybrid format, with some infosec pros visiting Las Vegas in person and others tuning in online. (We followed suit, offering a Synack virtual booth experience – though remote attendees missed out on smoothies and Jungle Juice at our tiki bar.) COVID has spurred a rush to the cloud, introducing new challenges and vulnerabilities as employees log in from home.
• API security is a leading concern for CISOs. No one said securing application programming interfaces would be easy. From misconfigurations to vulnerabilities, APIs present a deluge of cyber risks despite being the beating heart of many modern applications. The Business Hall was abuzz over API security, but no one seems to have cracked the code as new breaches crop up seemingly every day.
• The pace of DevOps calls for constant security testing. The continuous integration and continuous deployment (CI/CD) pipeline empowers developers to make fast and efficient changes to their code, removing bottlenecks by automating the process as much as possible. But CI/CD pipelines now “control so much” that they’re upending the cyber risk environment for many organizations by introducing supply chain vulnerabilities, Chris Eng, chief research officer at Veracode, said in a closing panel yesterday. “It’s a different threat model than 10 years ago, when all you had to worry about was being attacked directly, or individually,” he said.
• Log4j is simple to exploit but still hard to find. The bombshell Log4j vulnerability sent security teams scrambling when it came to light in December 2021. But we’ve hardly seen the last of the critical flaw in the popular open source logging tool. “Easy stuff to exploit got cleaned up, but I think you will continue to see malicious threat actors innovate the way they find and exploit this,” said Heather Adkins, vice president of security engineering at Google, at a Black Hat talk on Log4j. “It will be around for a long, long time.”

Our Black Hat Experience

Synack solutions architect Hudney Piquant spoke to how seemingly secure attack surfaces can be vulnerable tomorrow to long-lasting threats like Log4j. Piquant shared his cyber survival knowledge in “the Cave” at Synack’s Black Hat booth, where members of the Synack Red Team also offered hard-won insights into remediating vulnerabilities that matter.

“To survive, companies need to start discovering their assets, analyzing their assets with a hacker’s perspective and continuously scanning their external attack surface,” Piquant said. “The reason all three of these things are important is because hackers are doing all three things as well.”

We’d like to thank everyone who stopped by our booth, scheduled one-on-one meetings with us in our executive suite at the Delano Hotel or joined us at the many events we organized or attended throughout Black Hat.

We enjoyed some friendly competition in a 9-hole golf tournament to kick off the week, co-hosted an exclusive whiskey tasting with Microsoft, sponsored a reception at the Cosmopolitan with the Retail and Hospitality Information Sharing and Analysis Center and raised a glass with security peers and investors at a happy hour held by GGV Capital and its portfolio partners.

And that’s not to mention our Rainbow-level sponsorship of the Diana Initiative conference that coincided with Black Hat, our many customer and employee dinners, the one-on-one meetings in our suite and the memorable product demos with security practitioners. We also boosted global reforestation by supporting One Tree Planted at our jungle-themed booth. 

If you missed us at Black Hat, don’t worry: Many Synackers and SRT members are sticking around in Vegas for DEF CON, which runs through Sunday! Look out for the security pros wearing swanky tuxedo shirts, in line with DEF CON’s “Hacker Homecoming” theme. And you can always click here to schedule a demo to learn how Synack’s platform can help deliver a better security testing experience.

In the meantime, we wish you luck as you continue your journey through the cyber wilderness!  

The post Synack at Black Hat: Leading You Through the Security Jungle appeared first on Synack.