As most of you have probably heard, members of PAN’s Security Practice have had quite a busy summer so far preparing for Black Hat 2019, which kicked off last week in Las Vegas. Like RSA Conference earlier this year, this is one of the security industry’s biggest events, with more than 300 vendors exhibiting and hundreds of media and analysts attending. This year, 11 of PAN’s clients had a presence at the show. And, the activity doesn’t stop with Black Hat for many of them; with multiple conferences such as DEF CON and BSides turning Las Vegas into Security City over the course of several days. That said, we wanted to share some of the biggest takeaways from the show this year.
One of the bigger trends coming out of the show has been the critical importance of security and the lengths that large tech companies are going to ensure their safety. As outlined in Forbes, Microsoft announced, over the past 12 months, they paid hackers $4.4 million so some of the top hackers could find vulnerabilities in their offerings so the company could take necessary steps to patch them. We also saw a similar program/story in another Forbes article about Apple. Last week, Apple announced plans to hand out iPhones to top researchers and hackers in an effort to find vulnerabilities in the macOS operating systems. The reward includes compensation upwards of $200,000.
What perhaps took center stage at the conference this year was the overwhelming number of vulnerabilities that have been disclosed. In one of the bigger stories highlighted at the conference, and as reported in Threatpost, researchers at the conference demoed how WhatsApp users are still open to manipulated chats. Andeven Apple isn’t immune to vulnerability disclosures – a presentation put on by Google discussed potential vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Apple Mail, according to Forbes.
Additionally, facial recognition systems have been found to be vulnerable to techniques as complex as injected video streams or as simple as tape on a pair of eyeglasses, according to . Furthermore, a Threatpost article described how researchers showed how a previously-disclosed flaw on Windows systems that allows arbitrary code execution could also impact Hyper-V. In related vulnerability news, a Wired article highlights how a 13-year-old bug is still affecting apps today. Lastly, even the Black Hat conference app was found to have cybersecurity issues of its own, according to Mashable.
There were also a number of roundup style articles published by CRN on product announcements at the show. This article outlines 12 new threat detection and response products, while this news piece highlights 20 of the newest and hottest cybersecurity products. There were also a number of articles from Threatpost that discussed larger security themes, like the need for protecting human digital rights and the cultural transformation shift in security.
It has been another spectacular year at Black Hat and we already can’t wait for what next year’s conference has in store for us and our security clients. Black Hat 2020… here we come!