AI and Cloud Security Take Center Stage at Black Hat
Hacker Summer Camp opens in Las Vegas this week with talks on cloud security, supply chain threats, and artificial intelligence at the fore of presentations at BSides LV, Black Hat USA, and DEF CON.
LLM Security Concerns
Richard Harang, principal security architect at chip giant NVIDIA, is set to discuss practical large language model (LLM) security at Black Hat on Wednesday. LLMs are foundational for AI-based applications but security standards for these technologies are lagging behind, Harang warns, resulting in threats to the enterprise.
NVIDIA has implemented dozens of LLM-powered applications. The NVIDIA AI Red Team has helped secure all of them, discovering the most common and impactful attacks against LLMs. This practical experience has allowed Harang to develop best practice advice for attack mitigation and design integrations. His talk, titled “Practical LLM Security: Takeaways From a Year in the Trenches,” will provide insights into these challenges.
Breaching AWS
Researchers from Aqua Security are slated to present six critical vulnerabilities they discovered in AWS at Black Hat on Wednesday. The flaws — all reported and patched — had the potential to allow external attackers to breach almost any AWS account. Impact from the flaws ranged from remote code execution, which could lead to full account takeover, to information disclosure, potentially exposing sensitive data, or causing denial of service.
Their talk, titled “Breaching AWS Accounts Through Shadow Resources,” will also be presented at DEF CON.
CloudImposer Vulnerability
Researchers from Tenable will discuss a critical RCE vulnerability dubbed “CloudImposer” in GCP customers’ workloads and Google’s internal production server. The flaw stemmed from “one simple faulty command argument” and affected millions of cloud servers before it was resolved.
Liv Matan’s presentation, “The GCP Jenga Tower: Hacking Millions of Google’s Servers With a Single Package (and more),” covers the discovery of a separate privilege escalation vulnerability in GCP caused by dangerous defaults.
IAM Role Misconfigurations
Another presentation will cover circumventing Identity and Access Management (IAM) roles that establish trust with AWS services. Researchers from Datadog will explain how potential misconfigurations involving IAM roles can allow attackers to bypass the need for authentication, affecting services such as Amazon Cognito and GitHub Actions.
Windows Downdate Vulnerability
The infamous BlackLotus UEFI bootkit downgraded the Windows boot manager to bypass Secure Boot. Security researchers at SafeBreach discovered that Windows Updates could be hacked to force a downgrade of the software on Windows PCs. This attack could bypass verification steps during updates, including integrity verification and Trusted Installer enforcement. It could downgrade critical OS components, leaving a compromised machine unable to install future updates.
The talk by Alon Leviev, titled “Windows Downdate: Exploiting Windows Update to Install Vulnerable Software,” will delve into these vulnerabilities and their implications.
