Welcome to Information Security Media Group's Black Hat and DEF CON 2024 Compendium featuring latest insights from the industry's top cybersecurity researchers and ethical hackers, as well as perspectives from CEOs, CISOs and government officials on the latest trends in cybersecurity and AI.
Despite their illicit activities, ransomware groups invest in custom infrastructure and maintain stringent security practices, often surpassing Fortune 100 companies. Vangelis Stykas, CTO of Atropos, explains why ransomware infrastructure is harder to exploit than enterprise systems.
Scattered Spider, a notorious cyberthreat group, has continued its operations despite a series of high-profile arrests. The group's decentralized structure, in which members operate independently, contributes to its resilience, said Malachi Walker, security adviser at DomainTools.
SQL vulnerabilities continue to plague modern applications due to their severe impact and frequent occurrence. Databases hold valuable information such as customer data and authentication details and are "high-value targets" for attackers, said Paul Gerste, vulnerability researcher at SonarSource.
AI-assisted coding tools can speed up code production but often replicate existing vulnerabilities when built on poor-quality code bases. Snyk's Randall Degges discusses why developers must prioritize code base quality to maximize the benefits and minimize the risks of using AI tools.
When developers make Amazon Machine Images public, they risk exposing sensitive data and creating vulnerabilities. Security experts Matei Josephs and Eduard Agavriloae explain how attackers can exploit these exposures, leading to unauthorized access and potential data breaches.
Centralized architecture in the automotive industry streamlines cybersecurity and supply chain operations by reducing hardware components and enabling quicker fixes. But that centralization also poses major cybersecurity challenges, said Thomas Sermpinis, technical director at Auxilium Pentest Labs.
As artificial intelligence technology continues to evolve, security professionals have become involved in areas that traditionally weren't their concern such as preventing biases in decision-making, said Nathan Hamiel, senior director of research at Kudelski Security.
Generative AI tools boost developer productivity, but they also generate code with similar vulnerability rates as human developers. Chris Wysopal, co-founder and CTO of Veracode, explains why enterprises must treat AI-generated code with caution and automate security testing.
Cato Networks Chief Security Strategist Etay Maor discusses the importance of virtual patching for defending against vulnerabilities such as Log4j, why certain enterprises struggle to patch these flaws and how visibility challenges lead to overlooked risks in critical systems.
Return-oriented programming continues to pose significant security challenges. Assistant Professor Bramwell Brizendine discusses how ROP exploits binary vulnerabilities for process injection and the advancements in tools designed to automate ROP chain generation.
Trail of Bits' Michael Brown explores the dual challenges of applying AI and ML to cybersecurity and securing these evolving technologies themselves. He discusses the complementary nature of traditional and AI/ML-based approaches and highlights the pressing need for secure development life cycles.
The recent CrowdStrike outage has forced CISOs to rethink their approach to software updates and security practices. David Brumley, CEO of Mayhem Security, discusses why thorough code analysis, staged rollouts and stress testing are crucial for ensuring software reliability.
AI-powered tools such as Microsoft Copilot can be manipulated by attackers to access sensitive data and perform unauthorized actions, says Michael Bargury, co-founder and CTO of Zenity. Enterprises must address these new security challenges when adopting AI technologies.
As concerns grow about China's cyberthreat to U.S. critical infrastructure, Scythe founder and CEO Bryson Bort suggests the actual risk may not be as severe as feared. He explains the factors that might limit China's cyber activities and the real strategic vulnerabilities that could be targeted.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.