Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For technologists

 

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

By Byron V. Acohido

From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life.

Sharing intel for a greater good

Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern networks.

I had a terrific discussion about this at Black Hat USA 2023 with Casey Ellis, founder and CTO of Bugcrowd, a pioneer in the crowdsourced security market. Bugcrowd ushered in crowdsourced security with its launch in 2012, and today a covey of vendors have followed suit, each supplying intricate platforms to connect hackers with proven skillsets to companies that have particular needs.

“What we’ve got under the hood is effectively a dating website for people who are good at breaking into computers,” Ellis says.

Crowdsourced security vendors (others include Synack, Hacker One and Intigriti) make it seamless for companies to tap into a global network of software coders, and set them on

GUEST ESSAY: Robust data management can prevent theft, guard intellectual property

By Clark Frogley

In an era of global economic uncertainty, fraud levels tend to surge, bringing to light the critical issue of intellectual property (IP) theft.

Related: Neutralizing insider threats

This pervasive problem extends beyond traditional notions of fraud, encompassing both insider threats and external risks arising from partnerships, competitors, and poor IP management. Organizations dedicate substantial resources to detecting and preventing fraudulent activity in customer accounts.

Yet, the rise of internal fraud presents a unique challenge. Perpetrated by insiders who already possess unrestricted access to highly sensitive data and systems, internal fraud not only defies easy prevention but also imposes substantial costs.

Annually, American businesses suffer losses exceeding $50 billion, underscoring the impact on competitiveness in today’s fiercely competitive landscape. To navigate this complex landscape, business leaders must strike

GUEST ESSAY: Securing your cryptocurrency — best practices for Bitcoin wallet security

By Ronin Ashford

Over time, Bitcoin has become the most widely used cryptocurrency in the world. Strong security measures become increasingly important as more people use this digital currency.

Preserving privacy for a greater good

For managing and keeping your Bitcoin assets, you must need a bitcoin wallet, which is a digital version of a conventional wallet. The protection of your priceless digital assets will be guaranteed by this article’s discussion of the best techniques for protecting your Bitcoin wallet.Bu

A Bitcoin wallet is a piece of software that enables users to transmit, receive, and store bitcoins securely. While it performs similarly to a regular wallet, it stores digital assets in the form of cryptographic keys rather than actual cash or credit cards. These wallets are available in a variety of formats, including hardware wallets, online wallets, mobile wallets, and desktop wallets. Users can select depending on their unique needs

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

By Byron V. Acohido

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe.

Preserving privacy for a greater good

This is to be expected. After all, government mandates combined with industry standards are the twin towers of public safety. Without them the integrity of our food supplies, the efficacy of our transportation systems and reliability of our utilities would not be what they are.

When it comes to IoT, we must arrive at specific rules of the road if we are to tap into the full potential of smart cities, autonomous transportation and advanced healthcare.

In the absence of robust, universally implemented rules of the road, cybercriminals will continue to have the upper hand and wreak even more havoc than they now do. Threat actors all-too-readily compromise, disrupt and maliciously manipulate the comparatively simple IoT systems we havein operation today.

I had an eye-opening conversation about all of this with Steve Hanna, distinguished engineer at Infineon Technologies, a global semiconductor manufacturer based in Neubiberg, Germany. We went over how governments around the world are stepping up their efforts to impose IoT security legislation and regulations designed to keep users safe.

This is happening at the same time as tech industry consortiums are

Black Hat Fireside Chat: How ‘enterprise browsers’ serve as a checkpoint to stop ChatGPT leakage

By Byron V. Acohido

For a couple of decades now, the web browser has endured in workplace settings as the primary employee-to-Internet interface. It’s really just assumed to be a given that a browser built for consumers is an acceptable application for employees to use to work.

Preserving privacy for a greater good

And despite advances, like sandboxing, browser isolation and secure gateways, the core architecture of web browsers has remained all-too vulnerable to malicious attacks.

There was a lot of buzz at Black Hat USA 2023 about advanced “enterprise browsers.” I visited with Uy Huynh, vice president of solutions engineering at Island.io, to discuss this. For a full drill down please give the accompanying podcast a listen.

Built on the Chromium open source code, Island’s Enterprise Browser recognizes the identity and considers the role of each user—be it an employee, contractor, or HR personnel. This granular visibility aids in rapid onboarding while also bolstering security protocols, Huynh explained.

This can serve as a “last mile” checkpoint to curtail Shadow IT; in particular,

Black Hat Fireside Chat: How to achieve API security — as AI-boosted attacks intensify

By Byron V. Acohido

API security has arisen as a cornerstone of securing massively interconnected cloud applications.

At Black Hat USA 2023, I had a great discussion about API security with Data Theorem COO Doug Dooley and Applovin CISO Jeremiah Kung. For a full drill down, please give the accompanying podcast a listen.

As a fast-rising mobile ad network going toe-to-toe with Google and Facebook, Applovin has been acquiring advanced security tools and shaping new practices to manage its API exposures. Kung described for me how Data Theorem’s API Secure is proving to be a vital weapon in Applovin’s security arsenal.

APIs have become the “lifeblood” of apps and thus a prime target for cyber criminals, Kung says. AppLovin has learned that it must mitigate API exposures from multiple angles, he told me.

Robust API security has become table stakes – for cloud-native companies like AppLovin as

Black Hat insights: Generative AI begins seeping into the security platforms that will carry us forward

By Byron V. Acohido

LAS VEGAS – Just when we appeared to be on the verge of materially shrinking the attack surface, along comes an unpredictable, potentially explosive wild card: generative AI.

Related: Can ‘CNAPP’ do it all?

Unsurprisingly, generative AI was in the spotlight at Black Hat USA 2023, which returned to its full pre-Covid grandeur here last week.

Maria Markstedter, founder of Azeria Labs, set the tone in her opening keynote address. Artificial intelligence has been in commercial use for many decades; Markstedter recounted why this potent iteration of AI is causing so much fuss, just now.

Generative AI makes use of a large language model (LLM) – an advanced algorithm that applies deep learning techniques to massive data sets. The popular service, ChatGPT, is based on OpenAI’s LLM, which taps into everything available across the Internet through 2021, plus anything a user cares