I am delighted to announce the titles of my upcoming presentations for Black Hat 2023, both scheduled for August 10th. Here's a glimpse into what you can expect.
In the digital age, we've seen a steady evolution of threats, but none perhaps as chilling as the rise of deep fake voices and videos. Malicious actors can, with relative ease, use voice technology to mimic someone's voice and use it in criminally exploitative ways—from convincing others to take potentially dangerous actions, to making fraudulent payments, or opening gaps in security. This is a threat too severe to overlook. So, how do we safeguard ourselves in a landscape where our ears can't always be trusted?
While exploring the security aspects of ManageEngine ADAudit Plus, I discovered a security vulnerability (CVE-2023-32783) that may have far-reaching implications for other product users. These findings indicate that ADAudit Plus contains a vulnerability which allows Windows user accounts to remain completely undetected by ADAudit Plus.
As a fellow at ICIT and co-author of the book “Securing the Nation’s Critical Infrastructures: A Guide for the 2021-2025 Administration,” I was honored to be asked to speak at the RSA Conference 2023 in San Francisco on the topic of “Digital Supply Chain Security: What Happens When an Organization's Trusted Solutions Can No Longer Be Trusted?” Many thanks to SafeBreach, who sponsored the event and for hosting the reception and book signing afterward.