“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.
Las Vegas―DEF CON 32―“Are you here for the cyber event?” the cab driver asked me on the evening of August 10, as he picked me up from Treasure Island. In honor of the hacker summer camp, I replied, “Yes.” It seemed like every driver in town knew why I was here this week. Then, my experienced driver, Miko—who immigrated from Ethiopia over a decade ago and has mastered navigating the terrible Saturday night traffic—shared a real-life story about how cyberattacks had disrupted his livelihood.
When MGM Resorts was hit by major cyberattacks last year, rendering the company unable to operate for several days, the town slowed down significantly, and Miko’s main source of income—taxi driving—was inevitably affected. A similar situation occurred when flights in Las Vegas were disrupted by a recent global outage. Just last month, Harry Reid International Airport had to delay or cancel more than 300 flights due to a cyber incident, according to the Las Vegas Review-Journal. “This is not a joke,” Miko said. “This is a serious problem that can affect someone’s life and death.”
As I stepped out of the cab, concluding our unexpected interview, I disclosed my profession as a reporter and informed Miko that I planned to publish this story. He jokingly told me not to include his phone number, which I assured him I wouldn’t.
I have been in Las Vegas since last Wednesday, covering Black Hat 2024 and DEF CON 32. This briefing includes four articles on the Black Hat event. More articles will be available to our readers after the DARPA AI Cyber Challenge (AIxCC) wraps up its semifinal today at DEF CON. Additionally, you’ll find three insightful articles at the bottom, reported by Hongeun Im and Minkyung Shin.
This is Dain Oh reporting from Las Vegas, and here is your weekend briefing.
1. State-sponsored actors escalate disinformation to full-fledged operations, expert warns
Las Vegas, NV―Black Hat 2024―A former NATO analyst specializing in social media has called for increased awareness of disinformation campaigns conducted by state-sponsored actors. These campaigns, particularly from China and Russia, are part of highly orchestrated efforts to achieve long-term strategic goals. Meanwhile, the younger generation is becoming increasingly dependent on social media for news consumption, making them more vulnerable to these operations.
On Wednesday, Franky Saegerman, a social media expert who spent 31 years at the North Atlantic Treaty Organization (NATO), took the stage at the Black Hat 2024 Conference to expose state-sponsored information operations designed to manipulate global narratives. During his 30-minute presentation, Saegerman dissected the tactics behind recent campaigns, offering real-world examples. The risk intelligence company Blackbird.AI refers to these threats as “narrative attacks.”
According to Saegerman, disinformation refers to deliberately distorted information that is secretly inserted into communication channels to deceive and manipulate its target. He also introduced the term ‘FIMI,’ an acronym for Foreign Information Manipulation and Interference. While FIMI operations are often not illegal, they exhibit deliberate patterns of behavior that threaten or potentially impact the values, procedures, and political processes of the targeted victims. Unlike disinformation campaigns, which may not always be coordinated, FIMI occurs in a manipulative, intentional, and organized manner. READ MORE
2. Security veteran at Sophos emphasizes the need for incident reviews
Las Vegas, NV―Black Hat 2024―How long do you follow up on a news story after it breaks? For most people, including journalists, follow-ups are rare unless they have a specific interest in the issue. However, for Chester Wisniewski, Director and Global Field Chief Technology Officer at Sophos with over 25 years of security experience, this lack of follow-up is a critical problem that needs to be addressed.
“There’s a lot of misinformation during big events as they unfold. Everyone speculates on what happened, and usually, the first few reports in the news are wrong, but it’s those which most stick in your head,” Wisniewski told The Readable during the Black Hat Conference on August 8. “Rumors spread quickly, and the truth often comes out much later—sometimes as long as six months—when a lawsuit is filed or after someone is called to testify before Congress. But by then, people have lost interest and forgotten about the issue, so they never really hear the truth.”
In an effort to break this vicious cycle of misinformation that distorts the facts of security incidents and prevents people from learning valuable lessons, Wisniewski recently launched a podcast called “Security Take Two.” He cohosts the show with Ben Verschaeren, Director of Sales Engineering at Sophos. The podcast is independently operated and recorded during their own time on weekends, using their own equipment to keep it separate from their company’s business. READ MORE
3. Three standout vendors at Black Hat 2024: BlackCloak, Upwind, and Binary Defense
Las Vegas, NV―Black Hat 2024―The Readable spoke with entrepreneurs, IT professionals, and analysts at Black Hat 2024 to explore their efforts in enhancing global cybersecurity. In this article, we spotlight three vendors who stood out during our recent conversations. As a cybersecurity journalist, I selected these vendors based solely on their innovative contributions, without any sponsorship. This article aims to serve as a roadmap for our readers to discover the latest trends in cybersecurity, directly from the experts.
BlackCloak―Keyword: Concierge cybersecurity & privacy platform
BlackCloak is a leading provider of digital executive protection, specializing in safeguarding corporate executives and their families in their personal lives. The company offers comprehensive protection by enhancing privacy measures to reduce attack surfaces, securing personal devices through ongoing monitoring, and conducting weekly internal and external tests to fortify home networks. Additionally, BlackCloak provides real-time support for cybersecurity and privacy issues, including incident response. Chris Pierson, CEO of BlackCloak, explained to The Readable, “People receive phishing emails and calls. They need someone live and real-time to help, or an incident response team. We provide that, as well as other support.”
The company’s PR agency likens their services to “cyber-bodyguards.” With criminal hackers increasingly targeting high-profile individuals such as executives, elected officials, judges, and entertainment figures, the need for robust protection has grown. These attacks range from credential theft and Business Email Compromise (BEC) to more severe threats like doxing, cyber extortion (including sextortion), swatting, and threats of physical violence against family members. The agency explained that this rising threat has created a significant demand for around-the-clock digital executive protection services among large enterprises, Hollywood, and public officials. They attribute the increased urgency to the weaponization of data broker information, the growing use of physical threats and intimidation, and the broader impact on corporate and public sector cybersecurity, from elections to the courts. READ MORE
4. Top 10 announcements from Black Hat 2024
Las Vegas, NV―Black Hat 2024―Over the past week, security vendors and researchers have released numerous press statements, coinciding with the excitement of Black Hat 2024 in Las Vegas. Among the many media pitches we received, The Readable has chosen the ten most significant announcements for our readers. Please note that none of these selections are influenced by sponsorships.
- [LevelBlue] Report on C-level executive dynamics which create barriers to cyber resilience
- [Forescout, Finite State] Research on the state of OT/IoT routers in the software supply chain
- [Sophos] Research reports on adversary landscape including ransomware analysis
- [IBM] Service launch: Generative AI-powered assistant for threat detection and response
- [PhishFlagger] Product launch: Email validation that highlights suspected phishing attacks
- [Cybersixgill] Product launch: Cyber threat intelligence with personalized content stream
- [Resecurity] Product launch: Accelerated threat intelligence and incident response capabilities
- [ArmorCode] Product launch: AI Remediation in support of developers and security teams
- [Xygeni] Product launch: Advanced software composition analysis and malware early warning
- [Pentera] Product launch: Securing Linux environments against ransomware attacks READ MORE
5. Windows 10 support ends next year, but users aren’t ready
In December, Microsoft announced that support for Windows 10 would end on October 14, 2025. However, as of July, Windows 11 has only just surpassed a 30% market share, which has raised concerns within the security industry.
According to StatCounter, Windows 11’s market share reached a peak of 30.83% in July, the highest it has ever been. In comparison, Windows 10 still held a dominant 64.99% during the same period. Windows 10, which was released by Microsoft on July 29, 2015, has remained widely used despite the launch of Windows 11 on October 5, 2021.
With just 14 months remaining until Windows 10 support ends, the fact that its user base significantly exceeds that of Windows 11 presents a major security concern. After the End of Support (EoS) date, any new vulnerabilities discovered in Windows 10 will go unpatched, leaving devices still running the system vulnerable. EoS refers to the point in a software’s lifecycle when it no longer receives updates or security patches. READ MORE
6. Repeated software update flaws highlight need for improved testing practices
Following the major CrowdStrike outage on July 19 and the flaws discovered in Google Chrome’s update on July 24, there is an increasing need for more rigorous checks on software update vulnerabilities.
The CrowdStrike outage, according to the company’s website, occurred because an automated software failed to detect an error in a problematic update. The company uses a tool called Content Validator to ensure system functionality. However, a bug in the Content Validator led to the validation of software containing faulty content.
The severity of the CrowdStrike outage was significant because CrowdStrike, a business partner of Microsoft, had direct access to the Windows operating system. This access was granted to enable the cybersecurity software provider to manage clients promptly. CrowdStrike utilized this access to implement their Rapid Response Content (RRC) for real-time detection of system malfunctions. However, this same access contributed to the widespread impact of the faulty update. READ MORE
7. Financial Security Institute emphasizes security strategies following CrowdStrike global outage
The Financial Security Institute (FSI) of South Korea has raised concerns following the global outage incident involving CrowdStrike. The FSI emphasized that South Korean financial firms need to be better prepared for digital incidents to ensure the stability of the financial system.
On Monday, the FSI held a seminar for financial companies to review their security measures. The event, which took place on Wednesday, included five security experts from banking, securities firms, and academia. They convened to discuss the necessary countermeasures for South Korea’s financial sector in response to a recent global outage incident that affected approximately 8.5 million IT devices worldwide.
Kim Chul-woong, President of the FSI, emphasized that the CrowdStrike incident highlighted the vulnerability of the entire industrial ecosystem. He underscored the importance of security preparedness, noting that, although the security damage to Korea was minimal, the potential impact on the broader system is significant. READ MORE
