-
Article
Chris Krebs: It's still too hard to work with the government
Former CISA Director Chris Krebs offered multiple areas of improvement to the U.S. government's cyber readiness during a Black Hat 2022 keynote. Read Now
-
Article
Researchers reveal Kubernetes security holes, prevention
Researchers with Palo Alto Networks took the stage at Black Hat to explain how configurations and system privileges in Kubernetes clusters can allow container escape and takeover. Read Now
-
Article
Cisco hacked by access broker with Lapsus$ ties
No Cisco employee or customer personal information was stolen in the hack, though some data did make it onto the dark web. Read Now
-
Article
Industroyer2: How Ukraine avoided another blackout attack
A Black Hat 2022 session explained how the latest attack on Ukraine's energy grid was thwarted this spring, thanks to quick responses and timely sharing of threat data. Read Now
Editor's note
Black Hat 2022 celebrated the conference's 25th anniversary with remote and in-person content for technical experts, thought leaders, innovative vendors and cybersecurity pros.
More than 100 virtual and live trainings opened the event on Aug. 6 and ran through Aug. 9, covering topics from industrial control system security to quantum cybersecurity and digital forensics.
The two-day main conference -- Aug. 10 and 11 -- kicked off from Mandalay Bay in Las Vegas with a keynote from Chris Krebs, founding partner of Krebs Stamos Group and former U.S. director of the Cybersecurity and Infrastructure Security Agency. More than 80 in-depth briefings on the latest security topics, trends and risks followed, exploring need-to-know attacks and vulnerabilities.
SearchSecurity's news team was on site to cover key developments and keep you up to date from one of the world's leading cybersecurity conferences.
1Need-to-know attacks, hacks and vulnerabilities
Nefarious actors use a mix of tried-and-true and up-and-coming attack techniques to keep enterprise defenders on their toes. At Black Hat 2022, security researchers and experts shared insights on new and old vulnerabilities every organization needs to be aware of, as well as proofs of concept security professionals need to consider and advice on the latest defense measures.
-
Article
Zero Day Initiative seeing an increase in failed patches
In a Q&A with TechTarget Editorial, Trend Micro Zero Day Initiative's Brian Gorenc and Dustin Childs discuss incomplete patches and the value of personal researcher relations. Read Now
-
Article
AWS, Splunk and more launch cybersecurity analytics standard
AWS and other IT vendors will start building connectors based on a new standard schema meant to streamline data sharing between cybersecurity tools. Read Now
-
Article
How CI/CD pipelines are putting enterprise networks at risk
At Black Hat USA 2022, NCC Group researchers demonstrated how threat actors can compromise CI/CD pipelines and break out into enterprise networks and cloud environments. Read Now
-
Article
SentinelOne discusses the rise of data-wiping malware
During a Black Hat 2022 session, researchers showed how expectations of cyber war may differ from the reality. Read Now
-
Article
Zero Day Initiative launches new bug disclosure timelines
The Trend Micro Zero Day Initiative's vulnerability disclosure policy will now mandate shorter disclosure windows for flaws believed to result from bypassed security patches. Read Now
-
Article
Ermetic addresses IAM weaknesses in multi-cloud environments
Researchers at the cloud security vendor discussed the importance of understanding the different identity and access management features among the major cloud providers. Read Now
-
Article
‘Coopetition’ a growing trend among ransomware gangs
Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time Read Now
2Security vulnerabilities under microscope
Researchers took the stage to divulge the top vulnerabilities security teams need to be aware of. From issues in OSes and specific products to calling out vendor patching fails, Black Hat 2022 had no shortage of newsworthy presentations.
-
Article
Eclypsium calls out Microsoft over bootloader security woes
At DEF CON 30, Eclypsium researchers detailed three new vulnerabilities in third-party Windows bootloaders that were signed with Microsoft's UEFI certificates. Read Now
-
Article
Rapid7: Cisco ASA and ASDM flaws went unpatched for months
While several of the vulnerabilities were reported to Cisco in February, they remained unpatched until Thursday when Rapid7's Jake Baines discussed the flaws at Black Hat USA 2022. Read Now
-
Article
Researcher finds 10 vulnerabilities in Cisco firewalls
At Black Hat USA, Rapid7 researchers report on 10 security issues in popular Cisco firewall products, many of which do not yet have patches Read Now
-
Article
Google researchers dissect Android spyware, zero days
Researchers with Google's Threat Analysis Group say the ecosystem of surveillance vendors is far larger than just NSO Group, and some vendors are sharing or trading exploits. Read Now
3Black Hat post-show recap
Black Hat 2022 covered a plethora of topics, from cyberwarfare and zero-day attacks to identity management and challenges working with the government to new security initiatives and standards. Check out recaps of what happened at the show, as well as some on-demand sessions you may have missed or should view again.
-
Podcast
Risk & Repeat: Black Hat 2022 recap
This Risk & Repeat podcast episode discusses the Black Hat 2022 conference in Las Vegas and the notable sessions, major themes and hot topics from the show. Listen Now
-
Article
BrightTALK @ Black Hat USA 2022
Live-streamed expert conversations between industry professionals and Enterprise Strategy Group analysts, powered by BrightTALK Studios. Read Now
-
Article
ESG at Black Hat
ESG experts discuss news and trends from Black Hat. Read Now
4Black Hat 2022 pre-conference coverage
Review highlights from last year's event to prepare for this year's show.
-
Article
CISA director announces 'Joint Cyber Defense Collaborative'
The Joint Cyber Defense Collaborative, or JCDC, is a partnership between the public and private sectors to create and implement comprehensive national cybersecurity plans. Read Now
-
Article
Supply chain attacks, IoT threats on tap for Black Hat 2021
Industry analysts say that evolving threats, real-world impacts and supply chain attacks will be among their hot topics at this year's Black Hat 2021 conference. Read Now
-
Article
Hackers build a better timing attack to crack encryption keys
A new technique for cracking encryption keys can overcome the limitations of popular timing attacks by analyzing network packets, according to researchers at Black Hat 2021. Read Now
-
Article
Mandiant: Microsoft 365 the 'Holy Grail' for nation-state hackers
Mandiant researchers discussed mailbox compromises, app registration abuse and new extensions of the Golden SAML attack technique against Microsoft 365 at Black Hat 2021. Read Now
-
Article
Researchers argue action bias hinders incident response
A Black Hat 2021 session focused on the human instinct to act immediately after a cyber attack and how that can negatively impact incident response. Read Now