Black Hat Review Board Members give their picks for must see presentations this week at Black Hat USA 2018. They have broken down the 2018 cybersecurity exploit trends into 6 categories:

1. Software Development
   1. Breaking Parser Logic, Lagoon JKL, WED 4PM
   2. AI & ML in Cybersecurity: Why Algorithms Are Dangerous, South Seas ABE, THU 11AM
   Policy
   1. Legal Liability for IoT Hacking, Lagoon JKL, THU 2:30PM
   Network Defenses
   1. ZEROing Trust: Do Zero Trust Models Provide Real Security, South Seas CDF, WED 4PM
   Hardware Platform Security
   1. Meltdown: Basics, Details, Consequences, South Pacific F, WED 2:40PM
   2. GOD Mode Unlocked: Hardware Backdoors in x86 CPUs, South Pacific F, THU 11AM
   Web Application Security
   1. Practical Web Cache Poisoning: Redefining ‘Unexploitable’, South Seas CDF, THU 3PM
   Human Factor
   1. Infosec Philosophies for a Corrupt Economy, Islander EI, WED 5:05PM
   2. Demystifying PTSD in the Cybersecurity Environment, South Seas ABE, THU 9AM

   For more details, visit the Black Hat Briefings 2018 agenda here: https://www.blackhat.com/us-18/briefings.html

I have started to offer vCISO services. What is this and why would a company want a fractional CISO? Both large and small companies, and those in between, need the advice and guidance policy, strategy, board presentations…) that an experienced security leader can offer, at a fraction of the cost of hiring and retaining the same talent. A vCISO provides the leadership services you would expect from a Chief Information Security Officer, on a fractional basis, making it more affordable especially for small to medium sized businesses. I’ll expand more on the benefits of having a vCISO, and when outsourcing may be a good solution for staffing and services in an upcoming article!

Understand real threats. Why you should only take a burner laptop to high risk countries. You can’t trust the firmware and chipsets, let alone the OS. Wiping and rebuilding is sometimes not enough.

Supply chain threats have been a concern for the federal government for years, but the Trump administration has increased the focus on them. Homeland Security last year banned government agencies from using products made by the Russian cyber firm Kaspersky Lab, citing the risk that Moscow could secretly access the company’s data or reach into its customers’ computers. Congress codified a similar ban later that year. DHS is also seeking industry feedback on a broader supply chain risk management initiative . And on Thursday, the telecom agency NTIA launched a project to encourage more transparency around the building blocks of software, with the goal of reducing hidden risks that can threaten the U.S. supply chain.

Congress is also focused on supply chain threats. Some lawmakers are trying to impose Kaspersky-like restrictions on the Chinese telecom giants Huawei and ZTE. Others have introduced bipartisan legislation to tackle supply chain risk management more holistically, and the White House has circulated a draft proposal that closely mirrors that bill. Meanwhile, the commerce committees have encouraged the FCC and the Agriculture Department to prevent telecom companies that receive federal subsidies from buying Huawei or ZTE products. At a recent federal advisory board meeting, a House Energy and Commerce Committee staffer noted that rural telecom operators in particular were liable to buy from these Chinese firms because they often offered better prices than American competitors.

2.3 Billion Account Credentials Compromised from 51 Organizations in 2017; New Research Shows Breadth of Breach Impacts