Latest news with #BlackHat
Politico
21-07-2025
- Business
- Politico
Time's running out on a key cyber info-sharing law
Driving the day — Despite widespread support from bipartisan members of Congress, the private sector and the Trump administration, the Cybersecurity and Information Sharing Act is in danger of expiring at the end of September. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! Another week closer to Black Hat and DEF CON. I'm excited to see many of you there! Drop me a line at dnickel@ if you want to connect at either conference — or if you have any Las Vegas recommendations for a first-timer like me. Follow POLITICO's cybersecurity team on X at @RosiePerper, @johnnysaks130, @delizanickel and @magmill95, or reach out via email or text for tips. You can also follow @POLITICOPro on X. Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories. CYBER POLICY EXPIRATION DATE INCOMING — Lawmakers have until Sept. 30 to reauthorize the Cybersecurity Information Sharing Act, a 10-year-old law that's been described as 'the most successful piece of cyber legislation' in the country. But despite widespread support from the Trump administration, the private sector and bipartisan members of Congress, the law often referred to as 'CISA 2015' faces an uncertain future as lawmakers stare down the start of the month-long August recess. As leaders in the private sectorurge lawmakers to renew it before it's too late, the ranking member of the House Homeland Security Committee expressed frustration at the slow movement. 'We have known for ten years the CISA 2015 would expire this September,' Rep. Bennie Thompson (D-Miss.) said in a statement Sunday. 'The time to begin discussing and circulating potential changes to CISA 2015 was six months ago, if not earlier.' — Conflicting priorities: The law, which incentivizes information-sharing on cyber threats between the private sector and the federal government through legal safeguards, saw ramped-up renewal efforts earlier this year in the private and public sectors. But in the House, Thompson said that former Rep. Mark Green (R-Tenn.) — the chair of the House Homeland Security Committee, who resigned from Congress earlier this month — did not prioritize renewing the cyber law. 'He held four markups and didn't see fit to include a CISA 2015 extension in any of them,' Thompson said. 'Instead, he has left us with fewer than 20 legislative days to get an extension out of Committee, through the House, and over to the Senate or, more likely, find a way to attach an extension to a [continuing resolution].' Across chambers, Senate Homeland Security Chair Rand Paul (R-Ky.) hasn't signaled that renewal is a priority. Maggie reported last month that Paul vowed to make sure the law's reauthorization includes a clause that would prevent disinformation work at the Cybersecurity and Infrastructure Security Agency. But Paul — who didn't support the legislation in 2015 — isn't among the senators who sponsored legislation to renew the law earlier this year. A spokesperson for Paul did not respond to a request for comment. — Legislative movement: In April, Sens. Mike Rounds (R-S.D.), the chair of the Senate Armed Services Committee's cyber panel, and Gary Peters (Mich.), the top Democrat on the Senate Homeland Security Committee, introduced a bill that would pass a clean reauthorization of the law. 'Allowing this authority to lapse would weaken our cybersecurity defenses and send the wrong message to foreign adversaries, cybercriminals, and hacktivists looking to exploit vulnerabilities,' Peters said in a statement Sunday. A spokesperson for Rounds did not respond to a request for comment. But momentum could pick up on the House Homeland Security Committee. With Green's resignation, cyber panel Chair Andrew Garbarino (R-N.Y.) threw his hat in the ring last week for full committee chairship. In a letter to colleagues laying out his priorities if selected as chair, he vowed to work with committee Democrats in the House and with his Senate counterparts to renew the law. 'This will remain a priority in the weeks and months ahead,' Garbarino said in a statement Friday, adding that he has held meetings with fellow lawmakers and industry experts to 'identify the best legislative vehicle to get it done.' — An industry without CISA 2015? As the clock runs down, industry leaders, including trade organizations and cybersecurity companies, warned your host that crucial information-sharing could be lost if the law is allowed to lapse. '[The law] remains one of the most effective methods for enabling real-time collaboration between the government and the private sector in the face of evolving cyber threats,' said James Hayes, senior vice president of global government affairs at cyber firm Tenable. He added that letting it lapse would be 'a step backward.' John Miller, senior vice president of the Information Technology Industry Council, told your host that the law is 'arguably the most successful cyber law we've ever passed in this country. And so to just let it lapse for no reason would just be unfortunate, to say the least.' On The Hill FIRST IN MC: CYBER HEALTH — Sen. Ron Wyden (D-Ore.) is urging the Trump administration to address gaps in cybersecurity in rural hospitals caused by Medicaid funding cuts in the One Big Beautiful Bill. In a letter sent on Friday and shared exclusively with your host, Wyden asked Health and Human Services Secretary Robert F. Kennedy, Jr. and Centers for Medicare and Medicaid Administrator Mehmet Oz about their plans to help hospitals protect themselves in cyberspace. 'As rural and small hospitals confront even lower operating margins due to Republican health care cuts, they will be less likely to prioritize spending on cybersecurity infrastructure,' Wyden wrote. Wyden also asked Kennedy and Oz if HHS and CMS plan to provide resources, such as grant funding, to small and rural hospitals to meet Cybersecurity Performance Goals — a voluntary guideline by HHS to help the health care sector bolster cybersecurity practices. At the Agencies PENTAGON DEALS UNDER REVIEW — The Defense Department is looking into cloud contracts amid a report from ProPublica last week that revealed that Microsoft has bypassed a Pentagon policy that bans foreign citizens from accessing highly sensitive data. Defense Secretary Pete Hegseth ordered the review on Friday in response to the investigation, which detailed Microsoft's use of Chinese engineers to work on U.S. military cloud computing systems under the supervision of American 'digital escorts' who have security clearances but often lacked the skills to determine whether the Chinese engineers' work posed a cybersecurity risk. On Friday, Microsoft spokesperson Frank Shaw said in a post on X that 'in response to concerns raised earlier this week,' the firm 'made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services.' SHAREPOINT VULNERABILITY — CISA is warning about an active exploitation of a remote code execution vulnerability impacting Microsoft's on-site SharePoint servers. The cyber agency issued an alert on Sunday, warning that the exploitation publicly known as 'ToolShell' provides unauthorized access to systems and enables hacker access to SharePoint content, like internal configurations and file systems. Chris Butera, CISA's acting executive assistant director for cybersecurity, said in a statement that the agency is working with Microsoft to inform potentially affected groups about mitigation efforts. Quick Bytes 'HONKERS' — WIRED's Kim Zetter breaks down how an early wave of Chinese hackers became the backbone of Beijing's espionage apparatus. YOU'RE BREAKING UP — Cellphone internet shutdowns — which officials say are necessary to foil Ukrainian drones — have hit dozens of Russian regions, writes Dasha Litvinova for the Associated Press. CYBER SCHOOL IN SESSION — a cyber workforce development group for K-12 students, is launching a new program in D.C. schools. Chat soon. Stay in touch with the whole team: Rosie Perper (rperper@ John Sakellariadis (jsakellariadis@ Maggie Miller (mmiller@ and Dana Nickel (dnickel@
Business Insider
17-07-2025
- Business
- Business Insider
SquareX Collaborates with Top Fortune 500 CISOs to Launch The Browser Security Field Manual at Black Hat
Palo Alto, California, July 17th, 2025, CyberNewsWire SquareX announced the official launch of The Browser Security Field Manual at Black Hat USA 2025. In addition to a comprehensive practical guide to the latest TTPs attackers are using to target employees in the browser, this comprehensive manual features industry perspectives from leading CISOs from multiple Fortune 500 enterprises and other iconic companies, who share their perspectives on the evolving browser security landscape, the importance of each threat vector, and how they expect these attacks to evolve in the near future. Major contributors include: Rathi Murthy, CTO of Varo Bank, Fmr. CTO of Expedia and Verizon Rahul Kashyap, Fmr. CISO at Arista Networks John Carse, Fmr. CISO at Dyson As the browser becomes the new endpoint, it has also become the single most common initial access point attackers use to target employees. This is evident in the recent uptick in browser-based attacks such as the Cyberhaven breach, polymorphic extensions and Midnight Blizzard RDP-based attack. Yet, despite the increasing awareness of the browser security gap, given the nascency of the space, most security professionals lack the resources and tools to learn about this emerging threat landscape. To address this gap, The Browser Security Field Manual systematically guides practitioners through the techniques attackers are using to target employees in the browser across five major threat vectors - Phishing, Malicious Browser Extensions, Browser-based Data Loss, Identity Attacks and Browser-Native Ransomware. Co-authored by Audrey Adeline and Vivek Ramachandran, the book covers everything from common to bleeding edge techniques, including sample code snippets and case studies of such attacks unfolding in real life. "Attackers thrive on information arbitrage. As the place where 85% of work happens, it's imperative that security teams understand how their employees are being targeted," said Audrey Adeline, SquareX Researcher and Co-author of The Browser Security Field Manual. "We've been extremely fortunate to work closely with some of the industry's top thought leaders, and we hope that this new edition of The Browser Security Field Manual will provide security teams with not only the practical aspect of browser security, but also an industry perspective of how these threat vectors are impacting organizations in real life today and how they may evolve in the future." This release builds on a successful soft launch of the book at RSAC this year, where SquareX shared early copies with hundreds of CISOs for early feedback and worked closely with many of these security leaders to incorporate their deep industry insights into the second edition of the book. The Browser Security Field Manual will be available at Black Hat and DEF CON 33 bookstores, with the authors participating in both stores' book signing event. The Black Hat book signing event is taking place at the Black Hat bookstore on Thursday August 7 at 3:00pm - 3.30pm. The book is also available for pre-order via The Browser Security Field Manual website. Alternatively, you can find out more about the manual at SquareX Booth #6825 during Black Hat on August 6 from 10am to 6pm or on August 7 from 10am to 4pm. About SquareX SquareX's browser extension transforms any browser on any device into an enterprise-grade secure browser. SquareX's industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively detect, mitigate, and threat-hunt client-side web attacks including malicious browser extensions, advanced spearphishing, browser-native ransomware, genAI data loss prevention, and more. Unlike legacy security approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with users' existing consumer browsers, ensuring enhanced security without compromising user experience or productivity. By delivering unparalleled visibility and control directly within the browser, SquareX enables security leaders to reduce their attack surface, gain actionable intelligence, and strengthen their enterprise cybersecurity posture against the newest threat vector – the browser. Users can find out more at Contact Junice Liew
Business Wire
17-07-2025
- Business
- Business Wire
Swissbit to Debut at Black Hat USA 2025
WESTFORD, Mass.--(BUSINESS WIRE)-- Swissbit, a leading manufacturer of storage and security solutions, will make its debut at Black Hat USA on August 6–7, 2025, at the Mandalay Bay Convention Center in Las Vegas. At booth #6025, Swissbit will showcase its unique approach to cybersecurity – protecting the often-neglected physical layer of connected systems, from IoT and industrial equipment to critical infrastructure and edge devices. All Swissbit products, including its latest security innovations, are manufactured in Germany to ensure a transparent supply chain, industrial-grade quality, and trusted reliability. Exposing the hidden risk: physical access to embedded systems While much focus is placed on cloud and AI infrastructure, a critical security gap remains: Physical attacks on embedded and edge systems. Often deployed in remote or exposed environments, these systems are vulnerable to tampering and data theft. From smart meters and PLCs to drones, the consequences can be serious. Swissbit addresses this threat with plug-and-play, hardware-based solutions that secure both new and legacy systems, without the need for major redesigns. 'We're excited to bring Swissbit's expertise to Black Hat for the first time,' said Claus Gründel, General Manager Security Solutions at Swissbit. 'Physical attacks are a growing risk that many still underestimate. We provide easy-to-integrate, hardware-based security that protects systems and data at the edge, where software alone isn't enough.' Hardware-based protection for data and devices At Black Hat, Swissbit will demonstrate secure storage products such as microSD cards with AES-256 encryption and secure boot capabilities. These solutions retrofit embedded systems and protect edge-generated data like video and sensor streams from unauthorized access. By enabling compliance with regulations such as the EU Cyber Resilience Act and NIS2, Swissbit offers a future-proof path to stronger, more sustainable cybersecurity. Bridging digital and physical access with iShield Key 2 Also featured at the Swissbit booth: the new iShield Key 2 series -compact security keys that combine FIDO-based multi-protocol authentication with physical access control. Tailored for enterprise and government use, they integrate secure login and facility entry into a single, robust solution for digital identity and access protection. About Swissbit Swissbit AG is the leading European technology company for data storage and security solutions. For further information, please visit
Business Wire
02-07-2025
- Business
- Business Wire
The AI Summit Returns to Black Hat USA 2025 on August 5
LAS VEGAS--(BUSINESS WIRE)--The second annual The AI Summit at Black Hat USA 2025 is a live, in-person event taking place for one day only on August 5 at the Mandalay Bay Convention Center in Las Vegas. Featuring a packed agenda of featured speakers on topics showcasing cutting-edge AI solutions to better equip Black Hat attendees with innovative strategies to implement these AI products and tools, secure their enterprises, and prepare for future cyber attacks. This groundbreaking event discusses the importance of AI as not only a tool but as the cornerstone of both advanced cyber defense and as the latest weapon in the hands of today's threat actors. It kicks off with keynote presentations and panel discussions on the headliner stage, before breaking into Strategic and Technical workshop tracks. These sessions empower attendees to collaboratively tackle two pivotal forces shaping today's technology landscape – artificial intelligence and cybersecurity. 'We are proud of the diverse and powerful lineup of speakers and presentations at The AI Summit at Black Hat USA 2025,' said Caroline Hicks, Senior Director, The AI Summit Series, Informa Connect. 'Covering everything from GenAI-driven offense and defense to enterprise-grade AI systems, our program showcases the full breadth of today's cybersecurity landscape. Delegates will gain practical strategies and insights from leading global experts to equip them with the knowledge and tools to enhance detection and prevention using the latest AI innovations.' The AI Summit at Black Hat USA will bring together a range of attendees from senior enterprise executives to AI specialists, IT leaders to cybersecurity professionals, for a day of learning, networking, and inspirational moments. Topics will include the use of AI in cybersecurity products and solutions, securing AI applications and models within the enterprise, and the use of AI in cyber attacks. A preview of the stage presentations include: The New Frontier: AI Agents & Security Risks opens the conference with Protect AI's Ian Swanson and Dan McInerney. Addressing Real-World AI Security Challenges features panelists Jyotirmay Gadewadikar (Mitre), Rosalia Hajek (Topgolf Callaway Brands), Chuck Herrin (F5), and Niv Braun (Noma Security), among others, discussing how AI can be trusted and scaled in critical infrastructure and focusing on innovation in automation and threat detection. Debunking AI Myths & Misconceptions: What Security Leaders Need to Know includes Nathan Hamiel (Kudelski Security), Jess Burn (Forrester) and Apostol Vassilev (National Institute of Standards and Technology) separating hype from reality to help security professionals address real risks and practical defenses. The AI Summit at Black Hat USA 2025 is presented by Protect AI as well as sponsors Crogl, Trend Micro, World Wide Technology (WWT), Elastic, GTB Technologies, Microsoft Security, Lockheed Martin, F5, Intezer, Noma Security, and Cranium AI, among others. To learn more about The AI Summit at Black Hat USA 2025, visit for passes, speaker announcements, show agenda, and sponsorship opportunities. ABOUT THE AI SUMMIT at BLACK HAT USA The AI Summit at Black Hat USA 2025 takes place on August 5 at the Mandalay Bay Convention Center in Las Vegas. The AI Summit Series smartly integrates into the Black Hat USA 2025 programming to celebrate its 28th anniversary with a live, in-person six-day program from August 2 to August 7. As 2023 saw artificial intelligence explode into the mainstream and land firmly on the boardroom agenda, today it's clear that no AI implementation can truly be successful without understanding, and preparing for, the myriad cybersecurity implications. ABOUT THE AI SUMMIT SERIES In 2016, at a time when AI conferences were geared towards research & academia, Informa launched The AI Summit Series - the first-ever conference and exhibition to explore what AI practically means for enterprises. Every year since then, we've gathered top executives and investors with technology specialists and data scientists from across the globe to network, learn and showcase ground-breaking technology solutions for business. With the 10th edition flooring in 2025, it's clear we were trusted before the hype, and our conference & expo series has firmly established itself at the heart of the AI community with shows running in London, New York, Singapore, Cape Town, and at Black Hat USA.
Yahoo
05-06-2025
- Business
- Yahoo
Anchoring Innovation and Community: EC-Council's RSA 2025 Yacht Reception Sets the Stage for Black Hat USA
From RSA's luxury yacht reception to Black Hat's TopGolf Las Vegas event, EC-Council's leadership and community-led conversations shape a more secure and connected digital world. Anchoring Innovation and Community: EC-Council's RSA 2025 Yacht Reception Sets the Stage for Black Hat USA Tampa, Florida, June 05, 2025 (GLOBE NEWSWIRE) -- Against the backdrop of RSA Conference 2025, EC-Council- the global leader in cybersecurity education and training, and creator of the world-renowned Certified Ethical Hacker (CEH) credential; hosted a landmark executive cocktail reception aboard a luxury yacht. This invite-only event brought together a handpicked network of cybersecurity decision-makers from across continents, creating a powerful forum for strategic exchange, global connection, and collective foresight. With its unique setting and high-caliber attendees, the evening served as a catalyst for industry-shaping dialogue at a time when cybersecurity is undergoing one of its most pivotal transformations. The event brought together 150 senior executives from a pool of over 650 registrants, the reception represented a powerful cross-section of sectors, technology, finance, healthcare, consulting, and featured leaders from renowned global powerhouses like Amazon, Bank of America, Cisco, Google, Microsoft, Uber, and Wells Fargo. This diversity reflected the depth of leadership fuelling the evening's high-level discussions. From North America to Europe and Asia, participants From North America to Europe and Asia, this international community of cybersecurity professionals united around a shared mission: defending digital ecosystems amid the rise of AI-driven threats. The yacht setting offered a rare chance to move beyond formal sessions, enabling candid, forward-looking conversations about the rapidly shifting threat landscape and the technologies that will define the future of cyber defense. Jay Bavisi, Group President, EC-Council, shared: 'Cybersecurity cannot remain the domain of a few, it must be accessible to all. At EC-Council, we are building not just certifications, but a movement. One that empowers professionals across geographies and generations through high-impact training, real-world simulation, and community-led collaboration. Events like this reception are a reminder that the future of cybersecurity is collective, and we are proud to nurture the global community that drives it forward.' The reception also marked a defining moment for EC-Council's continued innovation. From the launch of CEH with AI-powered capabilities to the release of CPENT AI, and the introduction of The Hackerverse - a global competition platform that immerses learners in simulated real-world attack scenarios each initiative reflects EC-Council's deep commitment to preparing professionals for tomorrow's threats, today. With its $100 million cybersecurity innovation initiative now underway, EC-Council is accelerating the development of solutions that bridge capability gaps, empower learners, and fuel next-gen defense strategies, creating a future where cybersecurity expertise is scalable, inclusive, and globally accessible. Bavisi concluded, 'By engaging with leaders at RSA and Black Hat, EC-Council continues to build a global movement focused on empowering professionals and democratizing access to critical cybersecurity skills. These conversations are shaping the future of digital defense.' Next Stop: Black Hat USA 2025 at Top Golf Building on the momentum from RSA, EC-Council is set to host its next major gathering during Black Hat USA 2025, this time at Top Golf Las Vegas. This high-energy, immersive experience will blend cybersecurity insights with interactive networking, bringing together industry leaders, innovators, and rising talent for an unforgettable evening of connection and collaboration. For media inquiries or to connect with EC-Council at Black Hat USA 2025, please contact: press@ About EC-Council: EC-Council is the creator of the world-renowned Certified Ethical Hacker (CEH) program and a leader in cybersecurity education. Founded in 2001, EC-Council's mission is to provide high-quality training and certifications for cybersecurity professionals to keep organizations safe from cyber threats. EC-Council offers over 200 certifications and degrees in various cybersecurity domains, including forensics, security analysis, threat intelligence, and information security. An ISO/IEC 17024 accredited organization, EC-Council has certified over 350,000 professionals worldwide, with clients ranging from government agencies to Fortune 100 companies. EC-Council is the gold standard in cybersecurity certification, trusted by the U.S. Department of Defense, the Army, Navy, Air Force, and leading global corporations. For more information, visit: Attachment Anchoring Innovation and Community: EC-Council's RSA 2025 Yacht Reception Sets the Stage for Black Hat USA CONTACT: EC-Council press@ in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
