Black Hat preview: AI and cloud security take center stage

Hacker Summer Camp opens in Las Vegas this week with talks on cloud security, supply chain threats, and artificial intelligence at the fore of presentations at BSides LV, Black Hat USA, and DEF CON.

Richard Harang, principal security architect at chip giant Nvidia, is due to offer a presentation on practical large language model (LLM) security at Black Hat on Wednesday.

LLMs are foundational for AI-based applications but security standards for these technologies are lagging behind, Harang warns, resulting in threats to the enterprise.

Nvidia has implemented dozens of LLM-powered applications, and the Nvidia AI Red Team has helped secure all of them. In the process, Harang and his Red Team colleagues have discovered the most common and impactful attacks against LLMs.

This practical experience has allowed Harang to develop best practice advice for attack mitigation and design integrations, which is due to be presented in a talk entitled “Practical LLM Security: Takeaways From a Year in the Trenches.”

[For more Black Hat USA coverage, see “Black Hat: Latest news and insights.”]

Breaching AWS

Researchers from Aqua Security are slated to present six critical vulnerabilities they discovered in AWS, also at Black Hat on Wednesday. The flaws — all reported and patched — had the potential to allow external attackers to breach almost any AWS account.

“AWS is aware of this research. We can confirm that we have fixed this issue, all services are operating as expected, and no customer action is required,” said an AWS spokesperson.

Impact from the flaws ranged from remote code execution, which could lead to full account takeover, to information disclosure, potentially exposing sensitive data, or causing a denial of service.

Cloud security has come under increasing pressure of late, with enterprises looking for new techniques to tools to help address established and emerging threats. Aqua Security’s researchers are due to present their AWS vulnerability findings alongside an open-source tool to research internal API calls. A method to check whether accounts have been vulnerable to this vector in the past will also be presented.

The talk — entitled “Breaching AWS Accounts Through Shadow Resources” — is also due to be presented at DEF CON.

CloudImposer

Staying with the theme of cloud security, researchers from Tenable will take to the Black Hat stage on Wednesday to go through the work that enabled them to uncover a critical RCE vulnerability (dubbed “CloudImposer”) in GCP customers’ workloads and Google’s internal production server.

The flaw, which affected millions of cloud servers before it was discovered and resolved, stemmed from “one simple faulty command argument.”

Liv Matan’s presentation — entitled “The GCP Jenga Tower: Hacking Millions of Google’s Servers With a Single Package (and more)” — also covers the discovery of a separate privilege escalation vulnerability in GCP that stemmed from dangerous defaults by the hyperscaler.

According to Matan, cloud providers build their services like Jenga towers, for example by using core services as the foundation of more popular customer-facing offerings. This approach exposes customers to a larger attack surface and risks, Tenable’s Matan argues.

Another presentation covers a talk on circumventing Identity and Access Management (IAM) roles that establish trust with AWS services. Researchers from Datadog will explain how potential misconfigurations involving IAM roles that allow attackers to bypass the need for authentication, affecting services such as Amazon Cognito, GitHub Actions, and more.

Windows Downdate

The infamous BlackLotus UEFI bootkit downgraded the Windows boot manager to bypass Secure Boot. Downgrade attacks such as BlackLotus force software to revert to an older, vulnerable version of itself.

Security researchers at SafeBreach, led by Alon Leviev, discovered that Windows Updates could be similarly hacked to force a downgrade of the software on Windows PC.

The researchers were able to show that attacks carried out using this approach could be crafted to bypass verification steps performed during updates, including integrity verification and Trusted Installer enforcement.

The attack created the means to downgrade critical OS components, including DLLs, drivers, and even the NT kernel — leaving a compromised machine unable to install future updates. Attacks were possible in a Windows Updates restoration scenario, creating a vector for unprivileged attackers to abuse the technique.

According to the research, the tactic turns fixed vulnerabilities into zero days while making the term fully patched meaningless.

Other talks of potential interest to CSOs at Black Hat include a presentation by lawyer Jess Nall on CISO liability to US federal law in the event of security incidents and focusing on the cases of Joe Sullivan, formerly of Uber, and SolarWinds’ Tim Brown.

[For more Black Hat USA coverage, see “Black Hat: Latest news and insights.”]