BSides, Black Hat and Def Con Debrief – August 8th & 9th, 2018

BSIDES:

Cybersecurity career tips from Scott Handley, Sentek Global’s Talent Acquisition Manager, on the BSides Recruiter Panel:

Going the extra inch makes a big difference – from what you wear, to how you carry yourself. If you show that you are passionate about the job, it helps you out considerably. – Scott Handley

 

TOP STORIES FROM BLACK HAT, August 8th, 2018:

Black Hat Schedule, August 9th, 2018: https://www.blackhat.com/us-18/briefings/schedule/index.html#tab/thursday

Black Hat Photos: https://www.flickr.com/photos/blackhatevents/

Parisa Tabriz’s Black Hat 2018 Keynote Challenges Infosec’s Status Quo
In her Black Hat 2018 keynote, Google’s Parisa Tabriz celebrated the unrecognized, long-term work that can cause real change in security and challenge the status quo.
Continue reading at searchsecurity.com.

IBM Demonstrates DeepLocker AI Malware at Black Hat
IBM researchers have developed a new proof of concept malware that can be highly targeted and very difficult to detect. Continue reading at eweek.com.

Black Hat Talk Reveals How Embedded Systems Expose Airlines to Risk
Security firm IOActive is set to disclose multiple vulnerabilities in the embedded systems used for satellite communications and in-flight WiFi, revealing the larger challenge of supply chain risk. Continue reading at eweek.com.

Researchers Reveal Smart City System Flaws at Black Hat
LAS VEGAS—A pair of researchers from IBM and Threatcare have discovered 17 vulnerabilities across three different manufacturers and four different smart city products and will detail their findings at Black Hat USA here on Aug. 9. Continue reading at eweek.com.

Satellite Communications Hacks Are Real, And They’re Terrifying
A researcher at the Black Hat conference in Las Vegas revealed new attacks that can take control of SATCOM devices. Hackers could remotely attack planes, boats, and military tech, sending high-powered transmissions to fry electronics and biological tissue.  Continue reading at pcmag.com.

Commerce’s Friedman Urges Stakeholders to Join Process on ‘Software Bill of Materials’
LAS VEGAS. Commerce official Allan Friedman today touted his department’s multistakeholder process on developing a voluntary software bill of materials, telling an audience at the Black Hat USA 2018 conference that this could be the best way for developers, vendors and others to help secure software amid growing regulatory interest in the issue. Continue reading at insidecybersecurity.com. [Subscription required]

New Tripwire Report Finds Continuing Corporate Shortfalls on Basic Cyber Hygiene
LAS VEGAS. A new report released here by security firm Tripwire found a disturbing assortment of shortcomings in how companies are performing cybersecurity basics, including poor “visibility” into their own systems, inadequate scanning and other issues. Continue reading at insidecybersecurity.com. [Subscription required]

No, The Mafia Doesn’t Own Cybercrime: Study
Organized crime does, however, sometimes provide money-laundering and other expertise to cybercriminals. Continue reading at darkreading.com.

Understanding Firewalls: Build Them Up, Tear Them Down
A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it. Continue reading at darkreading.com.

DEF CON NEWS, AUGUST 9TH, 2018:

Def Con WiFi Registration: https://wifireg.defcon.org/

Schedule for Thursday, August 9th: https://www.defcon.org/html/defcon-26/dc-26-schedule.html

DNC-led Def Con Event Tests Election Websites Against Child Hackers
The kid that devises the best cybersecurity strategy will win $2,500. Continue reading at engadget.com.

NASS Statement on DEFCON Voting Machine Hacking Events
As DEFCON 26 attendees begin to gather in Las Vegas this week, the National Association of Secretaries of State (NASS) would like to address the Voting Machine Hacking Village events. While we applaud the goal of DEFCON attendees to find and report vulnerabilities in election systems it is important to point out states have been hard at work with their own information technology teams, the Department of Homeland Security (DHS), the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), the private sector, the National Guard and universities to enhance and reinforce their cyber postures with penetration testing, risk and vulnerability assessments and many other tools. Continue reading at nass.org.