CyberTalk

Modern cloud attacks at Black Hat USA 2021

DarkSide Ransomware news, ransomware

By Trisha Paine, Head of Cloud Security Product Marketing, Check Point Software

Now in its 24th year, Black Hat USA returns July 31st-August 5th as a hybrid event, featuring real-time virtual trainings, and a two-day, in-person main conference taking place both at the Mandalay Bay Hotel in Las Vegas and online.

Front and center at this year’s leading security research event is Check Point Software, offering three timely learning sessions on the latest cyber threats, plus a ‘virtual booth’ in the virtual expo hall.

Learn cloud security in a simulation of attacker vs. defender

Chief Technologist for Cloud, Roy Feintuch, with Check Point Software, joins Maya Horowitz, Director, Threat Intelligence & Research, Check Point Software, for “Red Team vs. Blue Team,” on August 5th at 1:10 pm (PDT). This session uncovers how unauthorized users and financially motivated third parties gain access to advanced cloud capabilities, causing deep concerns and creating challenges in regards to securing cloud assets. The session illustrates defense vs. unauthorized cloud-native attacks using security analytics, threat hunting, and cloud intelligence solutions to dissect and analyze cloud breaches, and to strengthen cloud defenses.

Discover hacks through popular Greek myths

Be sure to catch Maya Horowitz in “Hacking Like a Greek Goddess,” in the on-demand zone at Black Hat. This must-see session takes you on a discovery journey of fascinating Greek myths and shows you how they correlate to today’s cyberattacks. Find out what can happen when opening Pandora’s (in)box, pinpoint the Achilles heel of common applications, and more.

Breaking down a cloud native attack

Don’t miss our sponsored post on Black Hat.com “Cracking the Attack: How One Hacker Breaches a Modern Cloud,” by Maya Levine, Check Point Technical Marketing Engineer, Cloud Security. Gain insight into what a cloud native attack looks like from the inside with this walk-through of how cloud native attacks occur, and what steps organizations should take to prevent them. Let’s consider a common cloud deployment – a serverless application consisting of an API GW in front with a lambda function serving the main business logic and a persistency layer of a self-hosted Mongo DB backed by an EBS volume.

Get a deep dive into how a hacker sees the API GW, and understand API GW calls that hit lambda functions. A simple coding mistake, looking for an input without correct validation, leaves the lambda function susceptible to Local File Inclusion attacks. The hacker can then extract the processes’ environmental variables, like the token ID and secret, which can be used to impersonate the lambda in a newly created token. Click here to read more.

Check Point Software is proud to be a Platinum virtual sponsor of Black Hat USA in 2021, and our team of experts look forward to connecting with you at our ‘virtual booth’. Be sure to attend our sessions and stop by our virtual booth to learn more about our solutions to help keep your cloud, network, users & access safe. When you stop by, be sure to enter our raffle prize drawing and take advantage of our demos and free trials. Click here to register for Black Hat. Have a productive conference and we’ll see you there!

Exit mobile version