The first week of August may be a slow time for much of the world, but for cybersecurity researchers, it means that vulnerability news is about to ramp up thanks to the annual Black Hat USA security conference.
This year will be no exception. The Black Hat USA 2024 briefings and keynotes that begin on Wednesday will discuss (and in many cases reveal) vulnerabilities across the IT and technology spectrum, with sessions focusing on bugs and exploits in cloud services, hardware, security tools, quantum computing, AI and LLMs, software, firmware, virtualization, programming languages, developer tools, EV chargers, 5G, browsers, Apple and Android mobile devices, and, of course, lots of research into Microsoft Windows vulnerabilities.
The good news is that there are also a handful of sessions on promising cybersecurity defenses, so it’s not all doom and gloom. Here are 15 Black Hat sessions that IT security pros will want to keep an eye on.
Cloud Service Providers Under Scrutiny at Black Hat
Cloud service providers have a reputation for having some of the best security available (provided users follow proper configuration procedures when connecting to the services). A good cloud security reputation is important for attracting business, of course, and so the biggest providers typically have security controls that a smaller organization might not be able to match – Google, for example, has said it patches as much as 10 times a day in a near-continuous process of plugging security holes.
But part of that reputation for good security may also come from the services’ willingness to work with security researchers in bug bounty programs.
AWS, Google Cloud Platform (GCP) and Azure will all get some attention at this year’s Black Hat conference, and a common theme is that the vulnerabilities have largely been fixed. Aqua Security researchers will detail six critical vulnerabilities in AWS – “all promptly acknowledged and fixed by AWS” – that could have led to full account takeover, sensitive data exposure, denial of service and privilege escalation.
The researchers will detail how they discovered the vulnerabilities, identified commonalities among them, and “how we developed a method to uncover more vulnerabilities and enhance the impact by using common techniques leading to privilege escalation.” They will also plan to release an open-Source tool to research service internal API calls.
Nick Frechette of Datadog will also detail AWS vulnerabilities that have been fixed in access control and authentication, a common source of cloud breaches.
Liv Matan of Tenable will discuss GCP vulnerabilities – and how “Cloud security is so complex that even cloud providers get it wrong sometimes.”
Matan’s abstract notes that “one simple faulty command argument by Google Cloud Platform (GCP) was enough to enable us to find a critical RCE vulnerability (dubbed ‘CloudImposer’) in GCP customers’ workloads and Google’s internal production servers, affecting millions of cloud servers.”
He’ll also reveal a GCP privilege escalation vulnerability, discuss cloud supply chain vulnerabilities, and unveil a tool “to find the hidden APIs that are called by the cloud provider when performing an action.”
Azure and Microsoft 365 will get some attention from security researchers too. Eric Woodruff of SEMPERIS will discuss “a novel discovery that resulted in privilege escalation to Global Administrator in Entra ID (Azure AD).”
Other intriguing sessions will look at look at security weaknesses in deep reinforcement learning agents and quantum computers, OpenVPN vulnerabilities, Microsoft Copilot exploits, a Chrome V8 Sandbox escape technique, a web application firewall evasion technique, immutable backup attacks, and a Windows downgrade attack using Windows update.
Security Defenses Get Attention at Black Hat Too
Fortunately, Black Hat won’t be all bad news – cybersecurity defenses will get some attention too. In the most intriguing defensive security session, 29 researchers will discuss their successes in applying reinforcement learning to automate cyber defenses.
Other promising defensive sessions include a technique for detecting and stopping zero-day exploits in the Linux kernel, Microsoft researchers discussing ways security teams can use LLMs, and NVIDIA Principal Security Architect for AI and ML Richard Harang presenting AI security lessons learned from NVIDIA’s AI Red Team.
We’ve presented 15 intriguing Black Hat sessions here, but there are many more than that, and you may find others that better fit your own needs and interests.