The 14 Scariest Things We Saw at Black Hat 2022

pcmag.com:

Black Hat never fails to deliver exciting, enlightening, and distressing discussions about the state of cybersecurity. This is what we saw at Black Hat that impressed and worried us the most.

The Black Hat security conference turned 25 this year, and the relentless passage of time was enough to scare some of our reporters. The conference marked the occasion by focusing its two keynote presentations on the future of security. Both were a bit grim, touching on the impact of an ongoing cyberwar in Ukraine, the rise of online disinformation, and the political turbulence following unfounded claims that the 2020 US election was fraudulent. 

Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA) ticked through many of the challenges facing the world of cybersecurity. His talk was a call for attendees and security companies to embrace a set of principles to help guide them in the turbulent times he saw ahead. 

In her keynote, journalist Kim Zetter described how many of the most shocking security stories of recent years—Stuxnet, the Colonial pipeline attack, and so on—were predictable and preceded by many warning signs. Of particular note was her description of how difficult it is to cover election security in an era when legitimate concerns and research are misappropriated as disinformation.

When password security isn’t enough, banks and sensitive websites turn to multi-factor authentication. But not all factors are equal. A Swedish research team demonstrated that sending an authentication code via a text message is inherently insecure. They identified a number of recent breaches involving a failure of two-factor authentication and went on to demonstrate hacking techniques. If a hacker has