#blackhat — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #blackhat, aggregated by home.social.
-
Howdy folks! We are excited to announce the Call For Presentations(CFP) for @bsidestc 2026!
This year’s conference theme is “Building Resilience“.We would love to hear your submissions of how you or people in your community have been “building resilience”.
Submissions will be open until July 19th 2026 23:59 CDT (UTC -5)
Key Dates:
• CFP Opens: April 20th
• CFP Closes: July 19th
• Acceptances: Week of August 3rd (rolling basis)https://bsidestc.org/call-for-proposals/
#bsides #twincities #infosec #cybersecurity #hacking #Minneapolis #stpaul #security #securityconference #defcon #blackhat
-
THREAT MODEL: CYBERSECURITY 🧑💻
for Apr. 28th, 2026
by independent journalist @violetblue- How the US government evades data laws
- #SamAltman apologizes for more #AI deaths
- @lawfare argues that AI companies should have a duty to inform/protect (like therapists)
- Claude AI deleted a whole company and said it knew what it did was wrong
- More revenge #Microsoft 0-days are in the wild now
- KitKat releases a Faraday cage
- Violet's debrief after #BlackHat Asia 2026
...and much more.
✨THREAT MODEL is free to read -- please help keep it accessible to all by becoming a patron, even $1 a month makes a difference!✨
https://www.patreon.com/posts/cybersecurity-28-156746057
#ThreatModel #ThreatModelCybersecurity #ThreatModelNewsletters #VioletBlue #infosec #cybersec #CovidIsNotOver
-
THREAT MODEL: CYBERSECURITY 🧑💻
for Apr. 28th, 2026
by independent journalist @violetblue- How the US government evades data laws
- #SamAltman apologizes for more #AI deaths
- @lawfare argues that AI companies should have a duty to inform/protect (like therapists)
- Claude AI deleted a whole company and said it knew what it did was wrong
- More revenge #Microsoft 0-days are in the wild now
- KitKat releases a Faraday cage
- Violet's debrief after #BlackHat Asia 2026
...and much more.
✨THREAT MODEL is free to read -- please help keep it accessible to all by becoming a patron, even $1 a month makes a difference!✨
https://www.patreon.com/posts/cybersecurity-28-156746057
#ThreatModel #ThreatModelCybersecurity #ThreatModelNewsletters #VioletBlue #infosec #cybersec #CovidIsNotOver
-
THREAT MODEL: CYBERSECURITY 🧑💻
for Apr. 28th, 2026
by independent journalist @violetblue- How the US government evades data laws
- #SamAltman apologizes for more #AI deaths
- @lawfare argues that AI companies should have a duty to inform/protect (like therapists)
- Claude AI deleted a whole company and said it knew what it did was wrong
- More revenge #Microsoft 0-days are in the wild now
- KitKat releases a Faraday cage
- Violet's debrief after #BlackHat Asia 2026
...and much more.
✨THREAT MODEL is free to read -- please help keep it accessible to all by becoming a patron, even $1 a month makes a difference!✨
https://www.patreon.com/posts/cybersecurity-28-156746057
#ThreatModel #ThreatModelCybersecurity #ThreatModelNewsletters #VioletBlue #infosec #cybersec #CovidIsNotOver
-
THREAT MODEL: CYBERSECURITY 🧑💻
for Apr. 28th, 2026
by independent journalist @violetblue- How the US government evades data laws
- #SamAltman apologizes for more #AI deaths
- @lawfare argues that AI companies should have a duty to inform/protect (like therapists)
- Claude AI deleted a whole company and said it knew what it did was wrong
- More revenge #Microsoft 0-days are in the wild now
- KitKat releases a Faraday cage
- Violet's debrief after #BlackHat Asia 2026
...and much more.
✨THREAT MODEL is free to read -- please help keep it accessible to all by becoming a patron, even $1 a month makes a difference!✨
https://www.patreon.com/posts/cybersecurity-28-156746057
#ThreatModel #ThreatModelCybersecurity #ThreatModelNewsletters #VioletBlue #infosec #cybersec #CovidIsNotOver
-
THREAT MODEL: CYBERSECURITY 🧑💻
for Apr. 28th, 2026
by independent journalist @violetblue- How the US government evades data laws
- #SamAltman apologizes for more #AI deaths
- @lawfare argues that AI companies should have a duty to inform/protect (like therapists)
- Claude AI deleted a whole company and said it knew what it did was wrong
- More revenge #Microsoft 0-days are in the wild now
- KitKat releases a Faraday cage
- Violet's debrief after #BlackHat Asia 2026
...and much more.
✨THREAT MODEL is free to read -- please help keep it accessible to all by becoming a patron, even $1 a month makes a difference!✨
https://www.patreon.com/posts/cybersecurity-28-156746057
#ThreatModel #ThreatModelCybersecurity #ThreatModelNewsletters #VioletBlue #infosec #cybersec #CovidIsNotOver
-
So many Vegas visits, still so few for fun
Landing at Dulles Wednesday evening closed out my 45th work trip to Las Vegas. That number alone is not something to take pride in and probably constitutes evidence of some character defect, but what’s even more disturbing is that since my first trip to Vegas in 1998–for CES, of course–I have still only been there three times for fun.
This lifestyle long ago rendered me incapable of dealing with that city however normal people do. Instead, having the event formerly known as the Consumer Electronics Show dominate my experience of Vegas–I’m now at 28 trips there just for the Consumer Technology Association’s convention, still one of the most important events on my work calendar–keeps subjecting me to the place at its most expensive and least efficient.
Even smaller-scale conferences like Black Hat (with six trips so far, it’s become about as essential as CES but easier to monetize) and the NAB Show (where I moderated a panel this week, with the National Association of Broadcasters covering airfare and lodging) leave me happier to take off from LAS than to land there.
It’s not that I can’t enjoy a little time in the glitziest corner of Nevada. You can eat exceedingly well there, and Vegas service-industry folks are some of the best in the world. Blackjack can be fun, as long as you remember that you should at least try to lose slowly.
If you drive far enough off the Strip, you can see some striking natural scenery. It took CES to remind me of that last bit, in the form of an outing in 2025 to Lake Mead to experience an electric sport boat.
And there is some exceptional lodging in Vegas, although I’ve also stayed at some of the crummier ones. I started trying to inventory the hotels I’ve stayed at from the Strip up to the convention center (thus excluding off-strip properties like the Palms and a few places in downtown Las Vegas as well as two Airbnbs) and quickly realized they exceed the number of ballparks I’ve visited.
From south to north: Mandalay Bay, Luxor, Excalibur, New York New York, MGM Grand, Monte Carlo (today Park MGM), Cosmopolitan, Hilton Grand Vacations, Bally’s (now the Horseshoe), Aladdin (now Planet Hollywood), Palms, Flamingo, Westin, Imperial Palace (the worst among the lot, fortunately now the Linq), Harrah’s, Mirage (demolished, being replaced by a Hard Rock Hotel in the shape of a guitar), Treasure Island, Wynn, Renaissance, Westgate, Fontainebleau (I’d rank that the best).
But however nice the hotel may have been, there’s no getting around how much I dislike the auto-centric, pedestrian-hostile nature of the streets outside. Unless you can start and end a conference commute on the monorail–this week’s trip, unlike most, allowed that–you will sit in traffic.
The only improvements to Vegas transportation since 1998 have been on the margins: the monorail, Uber and Lyft liberating visitors from taxis that charge $3 extra for credit-card payment, the Vegas Loop’s tunnels, and the advent of autonomous vehicles from Zoox and, soon, Waymo.
Even walking up and down the Strip is less efficient than it should be once you enter a building, since casino floors are where readable layouts and clear signage go to die.
I grew up someplace where you had to drive everywhere; I never want to live like that again and don’t enjoy visiting places that seem intent on making that a perpetual default. I am much happier to have my travel destination be a more human-scaled city where it’s normal and enjoyable to get around by walking and transit; the contrast between CES in Vegas and MWC in Barcelona is glaring and entirely in Spain’s favor.
I think of that every time one industry-analyst friend who moved from the Bay Area to a Vegas suburb tries to sell me on the same move. My response is always some version of “there is nothing you could say to make me ever want to do that.”
And yet work keeps pulling me to Vegas anyway. This week’s trip was my third this year, with one more planned, and I already know next year will feature at least three. I should probably seek treatment for this condition at some point.
#BlackHat #ces #hotels #las #LasVegas #LasVegasConventionCenter #LasVegasMonorail #LV #lvcc #NABShow #Nevada #pedestrian #rideHail #traffic #transit #Vegas #walkable -
So many Vegas visits, still so few for fun
Landing at Dulles Wednesday evening closed out my 45th work trip to Las Vegas. That number alone is not something to take pride in and probably constitutes evidence of some character defect, but what’s even more disturbing is that since my first trip to Vegas in 1998–for CES, of course–I have still only been there three times for fun.
This lifestyle long ago rendered me incapable of dealing with that city however normal people do. Instead, having the event formerly known as the Consumer Electronics Show dominate my experience of Vegas–I’m now at 28 trips there just for the Consumer Technology Association’s convention, still one of the most important events on my work calendar–keeps subjecting me to the place at its most expensive and least efficient.
Even smaller-scale conferences like Black Hat (with six trips so far, it’s become about as essential as CES but easier to monetize) and the NAB Show (where I moderated a panel this week, with the National Association of Broadcasters covering airfare and lodging) leave me happier to take off from LAS than to land there.
It’s not that I can’t enjoy a little time in the glitziest corner of Nevada. You can eat exceedingly well there, and Vegas service-industry folks are some of the best in the world. Blackjack can be fun, as long as you remember that you should at least try to lose slowly.
If you drive far enough off the Strip, you can see some striking natural scenery. It took CES to remind me of that last bit, in the form of an outing in 2025 to Lake Mead to experience an electric sport boat.
And there is some exceptional lodging in Vegas, although I’ve also stayed at some of the crummier ones. I started trying to inventory the hotels I’ve stayed at from the Strip up to the convention center (thus excluding off-strip properties like the Palms and a few places in downtown Las Vegas as well as two Airbnbs) and quickly realized they exceed the number of ballparks I’ve visited.
From south to north: Mandalay Bay, Luxor, Excalibur, New York New York, MGM Grand, Monte Carlo (today Park MGM), Cosmopolitan, Hilton Grand Vacations, Bally’s (now the Horseshoe), Aladdin (now Planet Hollywood), Palms, Flamingo, Westin, Imperial Palace (the worst among the lot, fortunately now the Linq), Harrah’s, Mirage (demolished, being replaced by a Hard Rock Hotel in the shape of a guitar), Treasure Island, Wynn, Renaissance, Westgate, Fontainebleau (I’d rank that the best).
But however nice the hotel may have been, there’s no getting around how much I dislike the auto-centric, pedestrian-hostile nature of the streets outside. Unless you can start and end a conference commute on the monorail–this week’s trip, unlike most, allowed that–you will sit in traffic.
The only improvements to Vegas transportation since 1998 have been on the margins: the monorail, Uber and Lyft liberating visitors from taxis that charge $3 extra for credit-card payment, the Vegas Loop’s tunnels, and the advent of autonomous vehicles from Zoox and, soon, Waymo.
Even walking up and down the Strip is less efficient than it should be once you enter a building, since casino floors are where readable layouts and clear signage go to die.
I grew up someplace where you had to drive everywhere; I never want to live like that again and don’t enjoy visiting places that seem intent on making that a perpetual default. I am much happier to have my travel destination be a more human-scaled city where it’s normal and enjoyable to get around by walking and transit; the contrast between CES in Vegas and MWC in Barcelona is glaring and entirely in Spain’s favor.
I think of that every time one industry-analyst friend who moved from the Bay Area to a Vegas suburb tries to sell me on the same move. My response is always some version of “there is nothing you could say to make me ever want to do that.”
And yet work keeps pulling me to Vegas anyway. This week’s trip was my third this year, with one more planned, and I already know next year will feature at least three. I should probably seek treatment for this condition at some point.
#BlackHat #ces #hotels #las #LasVegas #LasVegasConventionCenter #LasVegasMonorail #LV #lvcc #NABShow #Nevada #pedestrian #rideHail #traffic #transit #Vegas #walkable -
So many Vegas visits, still so few for fun
Landing at Dulles Wednesday evening closed out my 45th work trip to Las Vegas. That number alone is not something to take pride in and probably constitutes evidence of some character defect, but what’s even more disturbing is that since my first trip to Vegas in 1998–for CES, of course–I have still only been there three times for fun.
This lifestyle long ago rendered me incapable of dealing with that city however normal people do. Instead, having the event formerly known as the Consumer Electronics Show dominate my experience of Vegas–I’m now at 28 trips there just for the Consumer Technology Association’s convention, still one of the most important events on my work calendar–keeps subjecting me to the place at its most expensive and least efficient.
Even smaller-scale conferences like Black Hat (with six trips so far, it’s become about as essential as CES but easier to monetize) and the NAB Show (where I moderated a panel this week, with the National Association of Broadcasters covering airfare and lodging) leave me happier to take off from LAS than to land there.
It’s not that I can’t enjoy a little time in the glitziest corner of Nevada. You can eat exceedingly well there, and Vegas service-industry folks are some of the best in the world. Blackjack can be fun, as long as you remember that you should at least try to lose slowly.
If you drive far enough off the Strip, you can see some striking natural scenery. It took CES to remind me of that last bit, in the form of an outing in 2025 to Lake Mead to experience an electric sport boat.
And there is some exceptional lodging in Vegas, although I’ve also stayed at some of the crummier ones. I started trying to inventory the hotels I’ve stayed at from the Strip up to the convention center (thus excluding off-strip properties like the Palms and a few places in downtown Las Vegas as well as two Airbnbs) and quickly realized they exceed the number of ballparks I’ve visited.
From south to north: Mandalay Bay, Luxor, Excalibur, New York New York, MGM Grand, Monte Carlo (today Park MGM), Cosmopolitan, Hilton Grand Vacations, Bally’s (now the Horseshoe), Aladdin (now Planet Hollywood), Palms, Flamingo, Westin, Imperial Palace (the worst among the lot, fortunately now the Linq), Harrah’s, Mirage (demolished, being replaced by a Hard Rock Hotel in the shape of a guitar), Treasure Island, Wynn, Renaissance, Westgate, Fontainebleau (I’d rank that the best).
But however nice the hotel may have been, there’s no getting around how much I dislike the auto-centric, pedestrian-hostile nature of the streets outside. Unless you can start and end a conference commute on the monorail–this week’s trip, unlike most, allowed that–you will sit in traffic.
The only improvements to Vegas transportation since 1998 have been on the margins: the monorail, Uber and Lyft liberating visitors from taxis that charge $3 extra for credit-card payment, the Vegas Loop’s tunnels, and the advent of autonomous vehicles from Zoox and, soon, Waymo.
Even walking up and down the Strip is less efficient than it should be once you enter a building, since casino floors are where readable layouts and clear signage go to die.
I grew up someplace where you had to drive everywhere; I never want to live like that again and don’t enjoy visiting places that seem intent on making that a perpetual default. I am much happier to have my travel destination be a more human-scaled city where it’s normal and enjoyable to get around by walking and transit; the contrast between CES in Vegas and MWC in Barcelona is glaring and entirely in Spain’s favor.
I think of that every time one industry-analyst friend who moved from the Bay Area to a Vegas suburb tries to sell me on the same move. My response is always some version of “there is nothing you could say to make me ever want to do that.”
And yet work keeps pulling me to Vegas anyway. This week’s trip was my third this year, with one more planned, and I already know next year will feature at least three. I should probably seek treatment for this condition at some point.
#BlackHat #ces #hotels #las #LasVegas #LasVegasConventionCenter #LasVegasMonorail #LV #lvcc #NABShow #Nevada #pedestrian #rideHail #traffic #transit #Vegas #walkable -
So many Vegas visits, still so few for fun
Landing at Dulles Wednesday evening closed out my 45th work trip to Las Vegas. That number alone is not something to take pride in and probably constitutes evidence of some character defect, but what’s even more disturbing is that since my first trip to Vegas in 1998–for CES, of course–I have still only been there three times for fun.
This lifestyle long ago rendered me incapable of dealing with that city however normal people do. Instead, having the event formerly known as the Consumer Electronics Show dominate my experience of Vegas–I’m now at 28 trips there just for the Consumer Technology Association’s convention, still one of the most important events on my work calendar–keeps subjecting me to the place at its most expensive and least efficient.
Even smaller-scale conferences like Black Hat (with six trips so far, it’s become about as essential as CES but easier to monetize) and the NAB Show (where I moderated a panel this week, with the National Association of Broadcasters covering airfare and lodging) leave me happier to take off from LAS than to land there.
It’s not that I can’t enjoy a little time in the glitziest corner of Nevada. You can eat exceedingly well there, and Vegas service-industry folks are some of the best in the world. Blackjack can be fun, as long as you remember that you should at least try to lose slowly.
If you drive far enough off the Strip, you can see some striking natural scenery. It took CES to remind me of that last bit, in the form of an outing in 2025 to Lake Mead to experience an electric sport boat.
And there is some exceptional lodging in Vegas, although I’ve also stayed at some of the crummier ones. I started trying to inventory the hotels I’ve stayed at from the Strip up to the convention center (thus excluding off-strip properties like the Palms and a few places in downtown Las Vegas as well as two Airbnbs) and quickly realized they exceed the number of ballparks I’ve visited.
From south to north: Mandalay Bay, Luxor, Excalibur, New York New York, MGM Grand, Monte Carlo (today Park MGM), Cosmopolitan, Hilton Grand Vacations, Bally’s (now the Horseshoe), Aladdin (now Planet Hollywood), Palms, Flamingo, Westin, Imperial Palace (the worst among the lot, fortunately now the Linq), Harrah’s, Mirage (demolished, being replaced by a Hard Rock Hotel in the shape of a guitar), Treasure Island, Wynn, Renaissance, Westgate, Fontainebleau (I’d rank that the best).
But however nice the hotel may have been, there’s no getting around how much I dislike the auto-centric, pedestrian-hostile nature of the streets outside. Unless you can start and end a conference commute on the monorail–this week’s trip, unlike most, allowed that–you will sit in traffic.
The only improvements to Vegas transportation since 1998 have been on the margins: the monorail, Uber and Lyft liberating visitors from taxis that charge $3 extra for credit-card payment, the Vegas Loop’s tunnels, and the advent of autonomous vehicles from Zoox and, soon, Waymo.
Even walking up and down the Strip is less efficient than it should be once you enter a building, since casino floors are where readable layouts and clear signage go to die.
I grew up someplace where you had to drive everywhere; I never want to live like that again and don’t enjoy visiting places that seem intent on making that a perpetual default. I am much happier to have my travel destination be a more human-scaled city where it’s normal and enjoyable to get around by walking and transit; the contrast between CES in Vegas and MWC in Barcelona is glaring and entirely in Spain’s favor.
I think of that every time one industry-analyst friend who moved from the Bay Area to a Vegas suburb tries to sell me on the same move. My response is always some version of “there is nothing you could say to make me ever want to do that.”
And yet work keeps pulling me to Vegas anyway. This week’s trip was my third this year, with one more planned, and I already know next year will feature at least three. I should probably seek treatment for this condition at some point.
#BlackHat #ces #hotels #las #LasVegas #LasVegasConventionCenter #LasVegasMonorail #LV #lvcc #NABShow #Nevada #pedestrian #rideHail #traffic #transit #Vegas #walkable -
Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?
I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.
I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:
I feel like I'm creating more dependency than knowledge.
#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor
-
Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?
I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.
I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:
I feel like I'm creating more dependency than knowledge.
#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor
-
Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?
I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.
I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:
I feel like I'm creating more dependency than knowledge.
#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor
-
Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?
I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.
I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:
I feel like I'm creating more dependency than knowledge.
#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor
-
Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?
I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.
I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:
I feel like I'm creating more dependency than knowledge.
#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor
-
Quand un faux livre audio permet de pirater votre compte Amazon depuis votre Kindle
https://fed.brid.gy/r/https://korben.info/kindle-faille-securite-audiobook-amazon-compte-2.html
-
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHat USA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're thrilled to share this critical Brand Story conversation thanks to our friends at ReversingLabs 🙏
Your Business Apps Are Bringing Friends You Didn't Invite
Every commercial software application is a complex assembly of first-party, contracted, open source, and third-party code. But when #SolarWinds, #Kaseya, and #Ivanti happened, we learned that vendor questionnaires and contractual assurances offer little protection against supply chain compromises.
At #BlackHat2025, Saša Zdjelar, Chief Trust Officer at ReversingLabs, reveals how organizations can finally verify the integrity of #software from outside vendors—without relying on blind trust.
The game-changer: Comprehensive binary analysis that deconstructs any file into its components to:
• Detect malware, tampering, and embedded secrets
• Identify #vulnerabilities and insecure practices
• Uncover undocumented network connections
• Flag #compliance risks from restricted regions
This isn't just another policy checkbox—it's a true technical control that inspects the software itself, regardless of size or complexity.
Real-world applications:
• Procurement: Auto-scan all software before deployment
• Version Monitoring: Detect unexpected behavior changes between releases
• Critical Environments: Verify integrity before software enters OT, ICS, or financial systems
• Risk Management: Assess COTS software as part of ongoing vendor reviews
With regulations like EO 14028 and the EU's #CyberResilience Act demanding transparency, the ability to technically validate every application delivers both strategic protection and measurable benefits.
📺 Watch the video: https://youtu.be/pU9bHYFND7c
➤ Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57b
✦ Catch more stories from #ReversingLabs: https://www.itspmagazine.com/directory/reversinglabs
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #SupplyChainSecurity #SoftwareIntegrity #BlackHatUSA #BHUSA25 #ThirdPartyRisk #SBOM #BinaryAnalysis #Compliance #ZeroTrust
-
Weekly output: wireless-service satisfaction, ransomware survey, Dashlane report, Verizon fee increases, drone policy
I had one work event on my calendar this week that I don’t think rates as an appearance worth listing here, since I got roped into it at the last minute. I’d put the Internet Law & Policy Foundry’s tech-law trivia contest on my schedule Wednesday thinking it would be fun to watch, but then one of the contestants asked if I’d like to join their team–and we finished in third place. This was one of the first public trivia contests I’d joined since 1987, when I was a member of the high school team that won a New Jersey state championship, and it’s nice to see that I still have it or at least some of it.
This coming week has me traveling for work for the first time since the middle of June and to an event that first landed on my travel calendar in 2018: I’m headed to Las Vegas for the Black Hat information-security conference. The trip doesn’t include the DEF CON infosec conference that follows Black Hat, and on Patreon I explained why I opted out of that and feel a little guilty about it.
7/31/2025: People Like Wireless Service Best When It Doesn’t Involve the Big 3 Carriers, PCMag
The gap betweeen J.D. Power’s customer-satisfaction stats for the big three wireless carriers and that firm’s metrics for companies reselling the networks of AT&T, T-Mobile and Verizon caught my eye.
8/1/2025: Ransomware Victims Are Still Paying Up, Some More Than Once, PCMag
This survey published by the security firm Semperis got an unfortunate news peg when the Trump administration rescinded the West Point department-chair appointment of one of the report’s expert contributors, former Cybersecurity & Infrastructure Security Administration head Jen Easterly.
8/1/2025: This Password Manager Caught Some of Its Own Employees Not Using Its Product, PCMag
Dashlane’s PR folks offered me this story ahead of time. Since I have always found the fallible-human element of information security to be fascinating, I accepted the offer, and then my editors concurred.
8/1/2025: Months After Freezing Wireless Rates But Not Fees, Verizon Slips in a Fee Increase, PCMag
One of my colleagues brought this to my attention, and I was happy to set aside some time Friday morning to cover it.
8/2/2025: The Drone Industry Can’t Wait for This One Federal Regulation to Take Off, PCMag
I spent Tuesday and Wednesday at Nationals Park to cover a drone-policy conference hosted there by the trade group AUVSI, but I didn’t get around to writing it until Thursday night.
#AUVSI #BlackHat #ConsumerCellular #Dashlane #droneDelivery #drones #finePrint #JDPower #junkFees #NationalsPark #NatsPark #passwordManager #ransomware #Semperis #verizon #Vz #wirelessServices
-
A couple more news from #InfosecurityEurope25
Post Event Recordings On ITSPmagazine🎙️ These Aren’t Soft Skills — They’re Human Skills
A post–Infosecurity Europe 2025 conversation with Rob Black and Anthony D'AltonYes, Infosecurity Europe 2025 is behind us, but the most important conversations are still unfolding — like this one.
I (Marco Ciappelli) reconnected with Rob Black (yeah, I kicked Sean Martin, CISSP out again… temporarily 😄) and welcomed Anthony D’Alton to dive into something we all know is important but rarely define properly: so-called soft skills — or as we prefer to call them… human skills.
From communication and trust to team resilience and real-world training, this conversation is a practical look at what truly makes cybersecurity teams work — and why these “intangibles” aren’t soft at all.
🎥 Watch the conversation:
👉 https://youtu.be/iczQBFabLno🎧 Prefer audio? Listen to the podcast:
👉 https://eventcoveragepodcast.com/episodes/these-arent-soft-skills-theyre-human-skills-a-postinfosecurity-europe-2025-conversation-with-rob-black-and-anthony-dalton📚 See all the Infosecurity Europe 2025 coverage:
👉 https://www.itspmagazine.com/infosec25✅ Next stop: Black Hat USA 2025 – Las Vegas
If your company would like to join us for an On Location Brand Story or Editorial Conversation at Black Hat USA — now is the time to book:👉 Full Sponsorship
🔗 Book here: https://www.itspmagazine.com/event-coverage-sponsorship-and-briefings👉 On Location Briefing
🔗 Book here: https://www.itspmagazine.com/event-coverage-briefings#Cybersecurity #InfosecurityEurope2025 #HumanSkills #SoftSkills #CyberResilience #SecurityLeadership #StorytellingInCyber #ITSPmagazine #MarcoCiappelli #RobBlack #AnthonyDalton #OnLocation #IncidentResponse #CommunicationSkills #Teamwork #BlackHat2025 #Sponsorship #MediaPartnerships #blackhat
-
Zudem gibt es diese #HackerHappenings (1/2):
#NULLCON -- 26.02.-02.03.25
https://calendify.com/event/Qm5M1qp0MEz#BLACKHAT ASIA -- 01.-04.04.25
https://calendify.com/event/0WXOB9754Pk#CACKALACKYCON -- 16.-18.05.25
https://calendify.com/event/Zx8g83J5Myv#NOLACON -- 16.-18.05.25
https://calendify.com/event/yomMJLwq4Db#NEWLINE -- 23.-25.05.25
https://calendify.com/event/yLz4E9lD4ao#THOTCON -- 30.-31.05.25
https://calendify.com/event/EQVO26b7OkZ -
El lado del mal - BlackHat Europe 2024 Arsenal: level_up! & Web3 Security WarGames by Ideas Locas https://elladodelmal.com/2024/12/blackhat-europe-2024-arsenal-levelup.html #BlackHat #Web3 #SmartContract #Hacking #Pentest #Pentesting
-
Almost two weeks in Pacific time, starting with Black Hat and ending with some family time in the Bay Area, should have ended at around 9 p.m. Sunday. But the line of thunderstorms that swept through the D.C. area and shut down ramp operations at Dulles for a chunk of the evening had other ideas, which is why we got a free tour of IAD during a two-hour wait for a gate and why I’m now typing this sentence from baggage claim after midnight Monday.
8/13/2024: How Hughes Network Systems could bring satellite terminal manufacturing down to Earth, Light Reading
I visited Hughes’ new factory the day before I flew out to Vegas for Black Hat two weeks ago, then wrote this piece on Monday to include some news about Hughes’ contract to manufacture terminals for the low-Earth-orbit satellite-broadband firm OneWeb that Hughes PR gave me in advance.
8/13/2024: Patreon to Creators: Sorry, We Have to Let Apple Take a Cut of In-App Support, PCMag
I could not have written this story the way I did had I not set up shop on Patreon over five years ago and supported other creators on that platform. Some definitions of journalistic ethics would call that being too close to the story, but sometimes there’s no replacement for lived experience in a subject.
Later that day, I followed up by writing a post for Patreon readers explaining that I was not going to eat Apple’s cut, which meant that they could choose between paying about 43 percent extra (an increase Patreon calculated to ensure that creators would earn the same from a patron regardless of where they signed up) or following my advice to sign up on the Web.
8/15/2024: Come Out and Play: An Oral History of the HFStival, Washingtonian
I enjoyed the hell out of revisiting some of my favorite RFK memories with Washingtonian’s Andrew Beaujon over a long phone interview in May. I also enjoyed seeing my one quote from that conversation follow extended testimony from musicians in some of my favorite D.C. indie-rock bands of that era: the Dismemberment Plan, Jawbox, Tuscadero and Velocity Girl.
8/15/2024: Ep 104 SmartTechCheck Podcast — HEB and Apple Pay, Google news, desktop PC thoughts, BlackHat, Mark Vena
I joined my industry-analyst friend’s podcast to share my thoughts on Black Hat and to compare notes with fellow tech scribes John Quain and Dwight Silverman.
8/16/2024: Court: Calif. Child-Safety Bill Turns Businesses Into ‘Censors for the State’, PCMag
One state’s law about online child safety getting blocked by a federal appeals court might not seem like national news, but California is a very large state and the California Age-Appropriate Design Code Act has already inspired similar laws in other states and a bill that passed the Senate last month.
8/17/2024: Court Stops Disney-Fox-WBD ‘Venu’ Live Sports Service on Antitrust Grounds, PCMag
Friday gave me a second opportunity to digest a fairly lengthy court ruling and explain it to readers, this time one that halted the rollout of a sports streaming service on antitrust grounds.
#AgeAppropriateDesignCode #AppStore #AppStore30_ #BlackHat #Fubo #FuboTV #HughesNetworkSystems #MarkVena #NetChoice #OneWeb #Patreon #sportsStreaming #Venu
-
Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks https://www.securityweek.com/safebreach-sounds-alarm-on-windows-update-flaws-allowing-undetectable-downgrade-attacks/ #softwaredowngrade #Malware&Threats #Vulnerabilities #WindowsUpdate #BlackLotus #SafeBreach #BlackHat #Featured
-
Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks https://www.securityweek.com/safebreach-sounds-alarm-on-windows-update-flaws-allowing-undetectable-downgrade-attacks/ #softwaredowngrade #Malware&Threats #Vulnerabilities #WindowsUpdate #BlackLotus #SafeBreach #BlackHat #Featured
-
Going to @BSidesLV? Don't miss these talks from @censys and @greynoise researchers while you're there👇
🔸 Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you (shameless self promotion, I'll be presenting this!)
Ground Truth, 15:00 Tuesday
Abstract: https://bsideslv.org/talks#LNDN9Z🔸 What Do We Learn When We Scan the Internet every hour? by @amirian
Ground Truth, 15:30 Tuesday
Abstract: https://bsideslv.org/talks#DVYNJJ🔸 Discover the Hidden Vulnerability Intelligence within CISA’s KEV Catalog by @ntkramer
Ground Floor, 14:30 Wednesday
Abstract: https://bsideslv.org/talks#WXAEQRHope to see you there!
#SecurityResearch #InternetMeasurement #KEV #CVE #ICS #BSLV #blackhat #defcon
-
Going to @BSidesLV? Don't miss these talks from @censys and @greynoise researchers while you're there👇
🔸 Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you (shameless self promotion, I'll be presenting this!)
Ground Truth, 15:00 Tuesday
Abstract: https://bsideslv.org/talks#LNDN9Z🔸 What Do We Learn When We Scan the Internet every hour? by @amirian
Ground Truth, 15:30 Tuesday
Abstract: https://bsideslv.org/talks#DVYNJJ🔸 Discover the Hidden Vulnerability Intelligence within CISA’s KEV Catalog by @ntkramer
Ground Floor, 14:30 Wednesday
Abstract: https://bsideslv.org/talks#WXAEQRHope to see you there!
#SecurityResearch #InternetMeasurement #KEV #CVE #ICS #BSLV #blackhat #defcon
-
Going to @BSidesLV? Don't miss these talks from @censys and @greynoise researchers while you're there👇
🔸 Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you (shameless self promotion, I'll be presenting this!)
Ground Truth, 15:00 Tuesday
Abstract: https://bsideslv.org/talks#LNDN9Z🔸 What Do We Learn When We Scan the Internet every hour? by @amirian
Ground Truth, 15:30 Tuesday
Abstract: https://bsideslv.org/talks#DVYNJJ🔸 Discover the Hidden Vulnerability Intelligence within CISA’s KEV Catalog by @ntkramer
Ground Floor, 14:30 Wednesday
Abstract: https://bsideslv.org/talks#WXAEQRHope to see you there!
#SecurityResearch #InternetMeasurement #KEV #CVE #ICS #BSLV #blackhat #defcon
-
Going to @BSidesLV? Don't miss these talks from @censys and @greynoise researchers while you're there👇
🔸 Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you (shameless self promotion, I'll be presenting this!)
Ground Truth, 15:00 Tuesday
Abstract: https://bsideslv.org/talks#LNDN9Z🔸 What Do We Learn When We Scan the Internet every hour? by @amirian
Ground Truth, 15:30 Tuesday
Abstract: https://bsideslv.org/talks#DVYNJJ🔸 Discover the Hidden Vulnerability Intelligence within CISA’s KEV Catalog by @ntkramer
Ground Floor, 14:30 Wednesday
Abstract: https://bsideslv.org/talks#WXAEQRHope to see you there!
#SecurityResearch #InternetMeasurement #KEV #CVE #ICS #BSLV #blackhat #defcon
-
Going to @BSidesLV? Don't miss these talks from @censys and @greynoise researchers while you're there👇
🔸 Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you (shameless self promotion, I'll be presenting this!)
Ground Truth, 15:00 Tuesday
Abstract: https://bsideslv.org/talks#LNDN9Z🔸 What Do We Learn When We Scan the Internet every hour? by @amirian
Ground Truth, 15:30 Tuesday
Abstract: https://bsideslv.org/talks#DVYNJJ🔸 Discover the Hidden Vulnerability Intelligence within CISA’s KEV Catalog by @ntkramer
Ground Floor, 14:30 Wednesday
Abstract: https://bsideslv.org/talks#WXAEQRHope to see you there!
#SecurityResearch #InternetMeasurement #KEV #CVE #ICS #BSLV #blackhat #defcon
-
Happy Tuesday everyone!
Just your weekly reminder that Regular Registration is closing this Friday, July 19th! So you still have some time to get the regular pricing when you register for Cyborg Security's and Intel 471's Threat Hunter training at Black Hat USA in Las Vegas!
You will you learn:
What a threat hunt looks like from start to finish.
What tools and resources we can leverage to research and communicate with shareholders.
How to navigate through an investigation following process chains, finding correlating information, and how to find related events that help you better tell the story!If any of this sounds fun, come join me at Black Hat in Vegas this year for a fun time! I can't wait to meet everyone there, but until then, Happy Hunting!
Registration Links:
Aug 3rd - 4th:
https://www.blackhat.com/us-24/training/schedule/#a-beginners-guide-to-threat-hunting-how-to-shift-focus-from-iocs-to-behaviors-and-ttps-36528#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel
#ThreatHunting #ThreatDetection #HappyHunting #Intel471 #BlackHat -
Happy Wednesday, everyone!
I’m honored and proud to invite all my connections to join me at Cyborg Security & Intel 471’s Black Hat USA training for the second year in a row!
We cover everything from resources to use for research and models to use for communicating to your stakeholders to operationalizing intel to create a hypothesis to start a threat hunt. If you are a data junkie (like me) who loves diving into data, sifting through it, then this is the training for you! If any of this sounds fun, join my Black Hat USA training, titled “A Beginner’s Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs”! You may have missed the early registration discount, but the regular registration discount is still available until July 19th!
I will be teaching two 2-day sessions. You can pick which one works with your schedule best and register here:
I can't wait to meet everyone there. Until then, happy hunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #Intel471 #BlackHat
-
Are you going to be in Vegas at #BlackHatUSA? If so, check out this event at the Daylight Beach Club. Will be epic. Great networking, some pool-side relaxation and incredible vibes. Hang with Grammy nominated DJ Morgan Page. I hope to see you there!
Register today to reserve your spot:
https://www.eventbrite.com/e/hubble-blackhat-usa-pool-party-tickets-673225494577
-
If you will be at Blackhat or Defcon please add this event to your list.
https://www.eventbrite.com/e/hubble-blackhat-usa-pool-party-tickets-673225494577#cybersecurity #QTE #corpgov #OODA #OODAloop #defcon #blackhat
-
In case you missed it, in order to "combat online threats", #JenEasterly on Thursday as the Director of #HomelandSecurity's #CyberSecurity and #Infrastructure Security (#CISA) said at a #BlackHat #Security Conference that #CrowdStrike, #Amazon Web Services, #Google, #Microsoft, #PaloAlto Networks, #FireEye, #ATnT, #Verizon and #Lumen have all agreed to work on a "new initiative".
> Enlists help of #nazis to fight nazis. Terrorists to fight #terrorists.
BigTech is the virus
