Security News

Microsoft came up the big winner in this year's Pwnie Awards, but for all the wrong reasons. From the PrintNightmare patching hiccups to the Exchange Server flaws to the NSA finding and disclosing a major bug in the Windows cryptography core, Microsoft's security foibles highlighted the annual event that recognizes excellence and mocks incompetence in cybersecurity.

LAS VEGAS - Just weeks after the U.S. Senate confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency, the new director spoke at Black Hat USA 2021 on Thursday, albeit virtually, announcing a major public-private partnership to fight cybercrime. Easterly replaced CISA acting director Brandon Wales after the agency's founder and former director Christopher Krebs was fired by former President Trump in 2020.

Head of the U.S. government's cybersecurity agency Jen Easterly introduced herself to the hacking community Thursday with a pledge to pursue transparent data sharing with the private sector and a call for "An ambitious national effort" to solve the cybersecurity skills shortage. In a carefully crafted video keynote at the annual Black Hat conference, the CISA director announced a new Joint Cyber Defense Collaborative to bring together federal agencies with big-tech players to manage the barrage of ransomware and supply chain attacks.

LAS VEGAS - Microsoft Windows 10 biometric user authentication systems Windows Hello can be bypassed, using a single infrared image of a user's face planted on a tampered clone of an external USB-based webcam. According to research disclosed here at Black Hat USA 2021, the flaw still allows attackers - in some scenarios - to bypass Windows Hello and Windows Hello for Business, used for single-sign-on access to a user's computer and a host of Windows services and associated data.

LAS VEGAS - The suspected Iranian threat group that IBM Security X-Force calls ITG18 and which overlaps with the group known as Charming Kitten keeps leaving a trail of paw prints. On Wednesday, in a session titled "The Kitten that Charmed Me: The 9 Lives of a Nation State Attacker," X-Force researchers Allison Wikoff and Richard Emerson said you just have to laugh about all the errors the group keeps making.

LAS VEGAS - A series of vulnerabilities in internet of things devices often found in connected hotel rooms allowed a researcher to take control of multiple rooms' amenities - and punish a loud neighbor. In an effort to make up for space constraints, these kinds of digs tend to offer a few electronic bells and whistles, and according to Supa, this particular hotel was no different.

Prominent security practitioner Matt Tait kicked off the annual Black Hat security conference Wednesday with a call for platform vendors to make major technology changes to help cope with the surge in major software supply chain attacks. Tait, an outspoken researcher who has held stints at Google's Project Zero and the U.K.'s GCHQ intelligence agency, said mobile platforms must immediately start providing improved "On-device observability" to help defenders cope with ongoing in-the-wild zero-day attacks.

LAS VEGAS - The in-person Black Hat USA 2021 cybersecurity conference is back, after a pandemic-forced, year-long hiatus, with attendance notably down but spirts up among attendees eager to get back to networking, learning and returning to some normalcy. Event founder Jeff Moss kicked off Wednesday's keynote with a nod to those lost to COVID-19 and others such as Philippe Courtot and Dan Kaminsky, who have passed since Black Hat's last 2019 in-person event.

That's why this week's Black Hat and DEF CON conferences promise to run hot and heavy with a host of topics in the world of security. First, how might Black Hat USA 2021 and DEF CON 29 differ in their topics and slants? Both are joined at the hip because of their back-to-back schedules and slight distinctions, but there are some nuanced differences between the security conferences, according to 451 Research senior research analyst Daniel Kennedy.

Hackers and security experts have virtual, in-person and hybrid options for attending Black Hat USA 2021 and DEF CON 29 this year. There are still in-person and virtual tickets left for Black Hat but virtual tickets for DEF CON are sold out.