WELCOME TO BLACK HAT USA 2023
Now in its 26th year, Black Hat USA returned to the Mandalay Bay Convention Center in Las Vegas with a 6-day program. The event opened with four days of specialized cybersecurity Trainings (August 5-10), with courses for all skill levels. The two-day main conference (August 9-10) has been featured more than 100 selected Briefings, dozens of open-source tool demos in Arsenal, a robust Business Hall, networking and social events, and much more. This year Black Hat has launched a 'Certified Pentester' program - a full day practical exam,
covering pentesting topics.
Black Hat attracts over 20,000 of the world's most renowned security experts, executives, and attendees, that create the industry's most dynamic and concentrated information security community. For over 25 years, Black Hat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and training are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. Black Hat Briefings and Trainings are held annually in the United States, Canada, Europe, Middle East and Africa, and Asia.
The event welcomed more than 22,750 unique attendees, with 19,750 joining in-person at the Mandalay Bay Convention Center in Las Vegas, while more than 3,000 registered for On-Demand Access to the event.
John&Partners was one of the finalists invited to exhibit at Black Hat USA 2023 and received a 10-minute scheduled speaking slot and 30-minute call with an Omdia Cybersecurity Analyst.
Source: John&Partners LLC. - Black Hat USA 2023
NEWS
The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device.
Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a May 27 advisory.
Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack.
Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations.
CYBERSECURITY SOLUTIONS
According to TechRepublic, Symantec said that the newly-discovered Daxin exhibits a previously unseen level of complexity, and it’s been targeting governments around the world for some time.
US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide.
A notification from the U.S. Cybersecurity Infrastructure and Security Agency (CISA) warns that threat actors are exploiting vulnerabilities in the Zabbix open-source tool for monitoring networks, servers, virtual machines, and cloud services.
New cryptomalware currently targets cryptocurrency wallets, such as Coinbase, Binance Chain, and MetaMask. Right now, these digital wallet services are not focusing on their systems' security features.
One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version.
The Have I Been Pwned data breach notification service now lets you check if your email and password are one of 441,000 accounts stolen in an information-stealing campaign using RedLine malware.
Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it's possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device's Bluetooth component. - According to BleepingComputer
Google said Tuesday it has moved to shut down a network of about one million hijacked electronic devices used worldwide to commit online crimes, while also suing Russia-based hackers the tech giant claimed were responsible.
Introspecting on 30 years of resumed diplomatic relations, on May 14, Vietnamese Prime Minister Phạm Minh Chính visited Harvard Kennedy School to discuss the U.S.-Vietnam relationship and the country’s evolving economic outlook. Prime Minister Chính, invited to campus by the Vietnam Program at the Kennedy School’s Ash Center for Democratic Governance and Innovation, emphasized Hanoi’s continued efforts to attract foreign investment and deepen its international trade ties and foreign partnerships. He also underscores the importance of collaborating with US cybersecurity companies in the cyber range.
Source: Harvard Ash Center
The Great Bank Robbery: the Carbanak APT
The Carbanak group was first seen operating in 2013. By 2015, the group managed to breach more than 100 banks in 40 countries around the world and stole more than $1 billion, according to a Kaspersky investigation.
Source: Kaspersky & Joint Cybercrime Action Task Force (JCAT)
BLOG
The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
On May 13, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them.
Finland's Transport and Communications Agency (Traficom) is warning about an ongoing Android malware campaign attempting to breach online bank accounts.
Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates.
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg.
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
ABOUT US
Recognized Amongst 100 of the Industry's Best State-of-the-Art Risk Assessment Platforms
John&Partners, LLC. Cybersecurity partners with Netskope to deliver Security and Data Protection beyond the corporate perimeter Ho Chi Minh, Vietnam – February 24, 2021
John&Partners strengthened the Strategic Protect4S Partnership in Vietnam, with its cybersecurity consulting services and Protect4S’s world-class continuous automated SAP cybersecurity next-gen technology services.
John&Partners, LLC. Cybersecurity
7443 Brompton, Houston, Texas 77025 , USA