By Dain Oh, The Readable
Aug. 18, 2023 8:18PM GMT+9
“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Journalists for The Readable select important news stories from the previous week. Topics encompass privacy, cybercrime, and policy development in cybersecurity. There are no costs involved with a subscription, and some content, such as industrial reports, is only available to those who subscribe to our newsletters.
Hello! This is Dain Oh reporting from South Korea. The summer madness in Las Vegas came to an end over the last weekend, but the journalists’ job was never over. Our team has picked the five coolest vendors at Black Hat USA 2023 out of dozens of security firms that we directly communicated with. In addition, we have put together some of the most important statements made by speakers at the event. For those of you who haven’t had a chance to read our original news articles reported from Vegas and Anaheim, I have included eight stories in this briefing. Have a wonderful weekend!
1. The five coolest vendors at Black Hat USA 2023: Oligo, Veriti, Mobb, SafeBreach, CyberGRX
Black Hat USA 2023 was pure bliss for those of us who are passionate about cutting-edge security innovation. Before the event, The Readable reached out to more than 70 vendors through hundreds of emails and selected around 20 for in-person meetings. In this article, we’re excited to spotlight the five coolest vendors that we met in Las Vegas last week. Our selections are based solely on their innovative contributions and are not influenced by any sponsorships. This article may serve as a roadmap for our readers to discover the latest trends in the cybersecurity industry. READ MORE
2. Quotes from Black Hat USA 2023: Jeff Moss and more
Jeff Moss (Founder of the Black Hat and DEF CON)
“AI problems are going to become global problems. This is because the manufacturers and implementers of AI systems and learning models are going to be global companies. If a problem is discovered, you’re going to probably have to reach across one of the oceans and try to figure out what’s going on. And that requires an international mindset.” READ MORE
3. Psychological safety leads to trust by design, GitHub security strategist says
Las Vegas, NV ― Black Hat ― According to insights from a security strategist at GitHub on Thursday, the success of a company’s endeavor to implement two-factor authentication (2FA) for its employees hinges on the concept of psychological safety.
During a briefing session held at Black Hat, John Swanson, the Security Strategy Director at GitHub, delved into the remarkable journey of the world’s largest open-source community, where millions of developers were guided toward adopting two-factor authentication. GitHub’s initiative was driven by the goal of enhancing global safety by safeguarding developers and fortifying the software supply chain right from its inception at the hands of developers. READ MORE
4. Disclosing security flaws could damage white hat hackers’ creativity, researcher urges
Las Vegas, NV ― Black Hat ― A security academic raised an important concern on Thursday, highlighting that an organization’s choice to publicly disclose resolved vulnerabilities might inadvertently hinder ethical hackers’ capacity to uncover previously unknown security weaknesses.
At the Black Hat conference, Ali Ahmed, an assistant professor in the Department of Information Systems at the College of Business, University of Wisconsin-Eau Claire, unveiled his ongoing research. This study delves into the intricate connection between bug bounty programs and the behaviors exhibited by white hat hackers participating in these initiatives. READ MORE
5. Only 22% of organizations run matured threat intelligence, malware detection leader reveals
Las Vegas, NV ― Black Hat ― A prominent malware detection company revealed on Wednesday that the threat intelligence industry is still in its initial phase, underscoring the need for at least 62% of global organizations to channel investments into essential tools and processes.
As outlined in OPSWAT’s report titled “2023 Threat Intelligence Trends,” a mere 22% of organizations have managed to establish fully developed threat intelligence programs. This glaring statistic underscores the discrepancy between implementation and the pressing demands of the landscape. The survey outcomes reveal a striking 68% of entities grappling with the challenges of identifying both familiar and unfamiliar malware strains. READ MORE
6. Viasat, NSA urge building partnership, sharing their experience amid satellite hack
Las Vegas, NV ― Black Hat ― Forging a partnership between commercial and government entities proves to be pivotal in establishing an effective incident response process, as emphasized by the key players who collaborated to mitigate the unprecedented satellite sabotage that targeted Ukraine in 2022.
During the 26th Black Hat USA event on Thursday, Mark Colaluca, Vice President and Chief Information Security Officer at Viasat, shed light on a common oversight. “For many organizations, incident response is the most neglected muscle group,” Colaluca stated. He also offered insights into the cyberattacks against KA-SAT and expanded on the intricate dynamics at play, explaining, “Most of what we experienced was a complicated ecosystem which involved distributors, salespeople, and satellite people on servers, with many of these people being in different countries and facing a language barrier, making for a chaotic scene in the beginning.” READ MORE
7. US national cyber director stresses the importance of human element in security
Las Vegas, NV ― Black Hat ― On Thursday, the White House’s acting national cyber director emphasized a crucial point: humans play a vital role in the realm of cyberspace. She also noted the significance of having a robust cyber workforce, adding that the absence of such a workforce poses a significant challenge to the nation’s security.
Kemba Walden, who has been serving as the acting director of the Office of the National Cyber Director since February, recently took the stage as a keynote speaker at the Black Hat USA event. In her address, she spoke to an audience of international security professionals about the groundbreaking National Cyber Workforce and Education Strategy (NCWES) released on July 31. This strategy marks a significant milestone as the first of its kind in this domain. READ MORE
8. [Opinion] Why security awareness training is mostly pointless
9. [USENIX] When love turns into a monster: researchers shed light on IoT-enabled abuse by the intimate
W.Media: Korea Cloud & Datacenter Convention 2023 (31 August, South Korea)
The Readable is a strategic partner with W.Media regarding this event. As part of the partnership, The Readable provides its readers with complimentary tickets. Send us an email to receive promotional codes.
The cover image of this article was designed by Areum Hwang.
Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.