Weekly Recap: Ransomware Attacks Target SonicWall Firewalls; Black Hat USA 2025 Announced
Last week, Black Hat USA 2025 was held at the Mandalay Bay Convention Center in Las Vegas, showcasing a variety of news, photos, and product releases. In an interview with Help Net Security, Marc Frankel, CEO of Manifest Cyber, highlighted the importance of AI Bills of Materials (AIBOMs) in addressing overlooked AI-specific risks, such as poisoned training data and shadow AI. He explained that AIBOMs extend Software Bills of Materials (SBOMs) to enhance transparency regarding datasets, model weights, and third-party integrations, thereby improving governance and incident response. Aayush Choudhury, CEO of Scrut Automation, also discussed the challenges small teams face with security tools designed for large enterprises, emphasising the need for simplicity, integration, and automation to better serve cloud-native teams with limited resources.
In another interview, Jordan Avnaim, CISO at Entrust, addressed the quantum computing threat and the necessity of post-quantum cryptography (PQC) as a long-term priority. Meanwhile, SonicWall firewalls have been targeted by attackers using the Akira ransomware, potentially exploiting a zero-day vulnerability. Microsoft announced its development of Project Ire, an autonomous malware detection AI agent that shows promising results. Cisco Talos researchers discovered firmware vulnerabilities in over 100 Dell laptop models, which could allow persistent backdoor access. Additionally, Trend Micro warned of ongoing exploitation of command injection vulnerabilities in its Apex One platform. Adobe released an emergency update for Adobe Experience Manager Forms to address critical vulnerabilities, while Microsoft urged administrators to rectify a severe security hole in Exchange.
Categories: Cybersecurity Events, AI Risk Management, Vulnerabilities and Exploits
Tags: Black Hat USA 2025, AIBOMs, AI Risk Management, Security Tooling, Post-Quantum Cryptography, Ransomware Attacks, Autonomous Malware Detection, Firmware Vulnerabilities, Command Injection, Security Update