Security News

That's the opinion of Jeff Moss, founder of the Black Hat and DEF CON security conferences, who has also served as chief security officer at ICANN, is a member of the Council on Foreign Relations, and was asked to serve on the Obama administration's Homeland Security Advisory Council. Speaking at the Black Hat Asia conference in Singapore today, Moss said the world is currently divided into three "Teams" of nations with different approaches to internet governance.

"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google. Essentially, we 'wiretapped' the internal network traffic of 15,000 organizations and millions of devices," Wiz wrote in a technical breakdown of the bug. Luttwak calls what he found a "Loophole" within the process used to handle the now obsolete dynamic DNS within modern DNS server configurations.

The research, presented last week at Black Hat by Drew Lohn, senior fellow at the Center for Security and Emerging Technology at Georgetown University, is based on Generative Pre-trained Transformer technology. In the context of social media, Lohn told Black Hat attendees that the newest version of GPT, released in May 2020, is even more powerful and potentially menacing.

After a year off due to a certain virus, the Black Hat and DEF CON security conferences returned to Las Vegas last week, just in time for the US government's attempts to foster more collaboration across the infosec industry. The newly appointed Security Director of the Cybersecurity and Infrastructure Agency Jen Easterly took to the virtual Black Hat stage last week and announced the Joint Cyber Defense Collaborative, which she claimed would be a true public/private partnership to try to lock down security incidents by sharing data and skills.

Microsoft came up the big winner in this year's Pwnie Awards, but for all the wrong reasons. From the PrintNightmare patching hiccups to the Exchange Server flaws to the NSA finding and disclosing a major bug in the Windows cryptography core, Microsoft's security foibles highlighted the annual event that recognizes excellence and mocks incompetence in cybersecurity.

LAS VEGAS - Just weeks after the U.S. Senate confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency, the new director spoke at Black Hat USA 2021 on Thursday, albeit virtually, announcing a major public-private partnership to fight cybercrime. Easterly replaced CISA acting director Brandon Wales after the agency's founder and former director Christopher Krebs was fired by former President Trump in 2020.

Head of the U.S. government's cybersecurity agency Jen Easterly introduced herself to the hacking community Thursday with a pledge to pursue transparent data sharing with the private sector and a call for "An ambitious national effort" to solve the cybersecurity skills shortage. In a carefully crafted video keynote at the annual Black Hat conference, the CISA director announced a new Joint Cyber Defense Collaborative to bring together federal agencies with big-tech players to manage the barrage of ransomware and supply chain attacks.

LAS VEGAS - Microsoft Windows 10 biometric user authentication systems Windows Hello can be bypassed, using a single infrared image of a user's face planted on a tampered clone of an external USB-based webcam. According to research disclosed here at Black Hat USA 2021, the flaw still allows attackers - in some scenarios - to bypass Windows Hello and Windows Hello for Business, used for single-sign-on access to a user's computer and a host of Windows services and associated data.

LAS VEGAS - The suspected Iranian threat group that IBM Security X-Force calls ITG18 and which overlaps with the group known as Charming Kitten keeps leaving a trail of paw prints. On Wednesday, in a session titled "The Kitten that Charmed Me: The 9 Lives of a Nation State Attacker," X-Force researchers Allison Wikoff and Richard Emerson said you just have to laugh about all the errors the group keeps making.

LAS VEGAS - A series of vulnerabilities in internet of things devices often found in connected hotel rooms allowed a researcher to take control of multiple rooms' amenities - and punish a loud neighbor. In an effort to make up for space constraints, these kinds of digs tend to offer a few electronic bells and whistles, and according to Supa, this particular hotel was no different.