“A global pandemic turned DEF CON 28 into DEF CON Safe Mode. “This has been a crazy couple of years,” according to an official DEF CON forum post. – Nextgov.įor DEF CON, it was the event’s 30 th anniversary, which events organizers billed as not a birthday but a Hacker Homecoming. The first wave “focused on adversaries holding data and systems at risk.” In the second, the attackers “still held data and systems at risk, but they then abstracted that into holding critical functions at risk.” The third is an attack on confidence, as exemplified by the attack on the Colonial Pipeline. Meanwhile current White House Cyber Director Chris Inglis told journalist Kim Zetter, during a DEF CON session, that he was focused on “‘three waves of attacks’ that have progressed in recent years,” according a Nextgov report. The visit was unannounced, according to a Voice of America report. Victor Zhora, deputy head of Ukraine’s State Special Communications Service, told Black Hat attendees that his country’s infrastructure has experienced a 300 percent uptick in cyber incidents since Russia’s invasion of the country. A report by SiliconAngle quotes Robert Silvers, undersecretary for policy at the Department of Homeland Security, echoed those concerns telling attendees that “ is most likely that organizations are going to deal with Log4j issues for at least a decade and maybe longer.” Firms such as C圜ognito warned that we aren’t out of the Log4j woods.
#DEFCON 2021 UPDATE#
ESET provided Black Hat attendees with an update on cyberattacks against Ukraine.
Ukraine war and Log4j also were major themes at each of the conferences. However, he did express pessimism that US cyber-defenses were too focused on nation state attackers versus more mundane and pressing concerns, in his estimation, such as ransomware. The main Black Hat keynote was from Chris Krebs, former Cybersecurity and Infrastructure Security Agency (CISA), who shared his optimism when it comes to the US approach to information security. Things keeping them up are SMS codes flunk MFA, an “invisible finger to take control” of your touchscreen device and a Microsoft hiccup when launching its Early Launch Antimalware (ELAM).
#DEFCON 2021 PC#
Found by Faraday Security and discussed at DEF CON, the eCos SDK is used in a variety of routers, access points and network repeaters, according to his report.įor fans of FUD, PC Magazine has a nice rundown of “ The 14 Scariest Things We Saw at Black Hat 2022“. Journalist Eduard Kovacs reported on a high-severity Realtek bug in the company’s eCos SDK. Researcher James Kettle debuted a new class of HTTP request smuggling attack that allowed him to compromise Amazon and Akamai, break TLS, and exploit Apache servers, according to reporting from Portswigger’s The Daily Swig. Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal used to manage the satellite. Starlink, the satellite operated by SpaceX that provides internet access to over 36 countries, was shown vulnerable to a hack via a $25 modchip. Pen Test Partners revealed a flaw in the Electronic Flight Bag tablets used by some Boeing aircraft pilots that could have allowed an adversary to modify data “and cause pilots to make dangerous miscalculations,” according to a Reuters report. Video conferencing darling Zoom was highlighted at DEF CON by Patrick Wardle, founder of the Objective-See Foundation, for a hacking technique that allowed him, using the macOS version of Zoom, to elevated privileges and gain access to the entire macOS operating system. Here is a roundup of leading research, themes and buzz from this year’s shows. Attendance for events was up from the previous year, which in 2021 was muted by lower attendance and COVID fears. The past week, while not ‘typical’, was a nod to normalcy for attendees. The week even included a rare Las Vegas flash flood (not a new DDoS technique) on Thursday creating chaos in one casinos. The weeklong collection of cybersecurity conferences featured an eclectic mix of attendees to learn, network, hack and have fun. There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known collectively as Hacker Summer Camp.
0 kommentar(er)
