Editor's note
Black Hat USA returned for its 27th year, covering the latest in infosec for technical experts, thought leaders, innovative vendors and cybersecurity pros.
The two-day main event held Aug. 7-8 at Mandalay Bay in Las Vegas featured more than 100 sessions on a plethora of topics, from application security, cryptography and platform security to the latest hacks, attacks and defensive techniques. AI, generative AI and large language models were also prominent.
Four days of specialized trainings Aug. 3-6 covered the latest in web application hacking, machine learning, social engineering attack mitigation, advanced malware traffic analysis and more. This year also marked two inaugural summits: Innovators & Investors Summit and AI Summit.
TechTarget Editorial was on site to report from the Black Hat USA 2024 conference, keeping its readers up to date on the latest from the show through this guide.
1News from the conference floor
Black Hat presenters will divulge the latest attacks and sound warning bells on what could be coming next.
-
Article
GuidePoint talks ransomware negotiations, payment bans
GuidePoint Security's Mark Lance discusses the current ransomware landscape and the steps that go into negotiating potential payments with cybercriminal gangs. Read Now
-
Article
Black Hat USA 2024 takeaways for data security and IAM
Black Hat USA 2024 showcased recurring themes of data security and IAM, encompassing the platform vs. point product debate, cleaning identity data and GenAI security. Read Now
-
Article
CISA: Election infrastructure has never been more secure
CISA Director Jen Easterly emphasized at Black Hat 2024 that election stakeholders cannot be complacent because 'the threat environment has never been so complex.' Read Now
-
Article
Evolving threat landscape influencing cyber insurance market
Many aspects of cyber insurance were addressed throughout Black Hat USA 2024, including changes in the threat landscape that affect policies and coverage. Read Now
-
Article
Zenity CTO on dangers of Microsoft Copilot prompt injections
Zenity's CTO describes how hidden email code can be used to feed malicious prompts to a victim's Copilot instance, leading to false outputs and even credential harvesting. Read Now
-
Article
Veracode highlights security risks of GenAI coding tools
At Black Hat USA 2024, Veracode's Chris Wysopal warned of the downstream effects of how generative AI tools are helping developers write code faster. Read Now
-
Article
Security framework to determine whether defenders are winning
Columbia University researcher and longtime security practitioner Jason Healey will present at Black Hat USA a new framework to determine defensive advantage. Read Now
-
Article
Nvidia AI security architect discusses top threats to LLMs
Richard Harang, Nvidia's principal AI and ML security architect, said two of the biggest pain points for LLMs right now are insecure plugins and indirect prompt injections. Read Now
2On the hunt for security weak spots
-
Article
Cyber-risk management: Key takeaways from Black Hat 2024
Product updates announced at Black Hat USA 2024 can help security teams better manage constantly changing attack surfaces and ensure new AI projects won't pose security risks. Read Now
-
Article
Microsoft corrects six zero-days for August Patch Tuesday
Admins can address most of the zero-days with a cumulative update. But of more concern is the lack of patches for two vulnerabilities demonstrated at the Black Hat conference. Read Now
-
Article
CrowdStrike, AI dominate conversation at Black Hat USA 2024
Although the trend of vendors pitching AI-powered products nonstop has continued at Black Hat USA 2024, CrowdStrike and the recent IT outage was an even larger point of discussion. Read Now
-
Article
Flashpoint CEO: Cyber, physical security threats converging
Although Flashpoint is known for their cybersecurity threat intelligence services, the vendor also provides physical security intelligence to its clientele. Read Now
-
Article
Wiz researchers hacked into leading AI infrastructure providers
During Black Hat USA 2024, Wiz researchers discussed how they were able to infiltrate leading AI service providers and access confidential data and models across the platforms. Read Now
-
Article
Akamai warns enterprises that VPN attacks will only increase
During Black Hat USA 2024, Akamai's Ori David revealed new VPN post-exploitation techniques that open the attack vector to threat actors of all skill levels. Read Now
-
Article
Researchers unveil AWS vulnerabilities, 'shadow resource' vector
During a Black Hat USA 2024 session, Aqua Security researchers demonstrated how they discovered six cloud vulnerabilities in AWS services and a new attack vector. Read Now
3Pre-conference coverage for Black Hat 2024
Black Hat USA 2023 focused on the heavy-hitting topic of cybersecurity in the age of AI. Generative AI and large language models took the spotlight, with deep-diving sessions into their opportunities, protections, risks and vulnerabilities. Other perennial issues, including software security, also made appearances at the show.
-
Podcast
Risk & Repeat: Highlights from Black Hat USA 2023
Black Hat USA 2023 in Las Vegas covered several trends, such as generative AI and cloud security issues, as well as new vulnerabilities, including the Downfall flaw in Intel chips. Listen Now
-
Article
Generative AI takes center stage at Black Hat USA 2023
About one year after generative AI launched into the spotlight, the technology is showing early signs of potential for security at Black Hat USA 2023 in Las Vegas. Read Now
-
Article
Researchers put LLMs to the test in phishing email experiment
A Black Hat USA 2023 session discussed an experiment that used large language models to see how effective the technology can be in both detecting and producing phishing emails. Read Now
-
Article
Google to discuss LLM benefits for threat intelligence programs
Large language models are the backbone of generative AI products launching in the security space. Google will discuss how best to integrate the technology at this week's Black Hat USA. Read Now
-
Article
CISA shares 'secure by design' plan for US tech ecosystem
The cyber agency plans to establish secure-by-design principles through internal and external communications, data collection and education for the next generation. Read Now