All news with #conference tag

Connect with Security Leaders at Microsoft Ignite 2025

🔒 Microsoft Security invites CISOs, SecOps leads, identity architects, and cloud security engineers to Microsoft Ignite 2025 in San Francisco (Nov 17–21) and online (Nov 18–21) to explore secure AI adoption and modern SecOps. Register with RSVP code ATXTJ77W to access the half-day Microsoft Security Forum (Nov 17), hands-on labs, live demos, and one-on-one meetings with experts. Attendees can join networking events including the Secure the Night party, pursue onsite Microsoft Security certifications, and engage in roundtables focused on threat intelligence, regulatory insights, and protecting data, identities, and infrastructure.

Black Hat USA 2025: Culture, AI, and Cyber Risk Debates

📣 At Black Hat USA 2025, founder Jeff Moss and veteran researcher Mikko Hypponen framed the conference around the interplay of technology, corporate culture, and measurable cyber risk. Moss asked whether companies let technology shape culture or adapt technology to preserve values, warning that AI-driven customer service can damage brand trust when poorly implemented. Hypponen argued that security failures often reflect system gaps—malicious links should be stopped before reaching users—and cautioned that apparent success (when nothing happens) can lead to complacency and cyclical underinvestment.

Microsoft Bounty Program: $17M Distributed in 2025

🔒 The Microsoft Bounty Program distributed $17 million this year to 344 security researchers across 59 countries, marking the largest total payout in the program’s history. In partnership with the Microsoft Security Response Center (MSRC), researchers helped identify and remediate more than a thousand potential vulnerabilities across Azure, Microsoft 365, Windows, and other Microsoft products and services. The program also expanded coverage and awards for Copilot, identity and Defender scopes, Dynamics 365 & Power Platform AI categories, and refreshed Windows attack scenario incentives to prioritize high-impact research.

Zero Day Quest returns with up to $5M bounties for Cloud

🔒 Microsoft is relaunching Zero Day Quest with up to $5 million in total bounties for high-impact Cloud and AI security research. The Research Challenge runs 4 August–4 October 2025 and focuses on targeted scenarios across Azure, Copilot, Dynamics 365 and Power Platform, Identity, and M365. Eligible critical findings receive a +50% bounty multiplier, and top contributors may be invited to an exclusive live hacking event at Microsoft’s Redmond campus in Spring 2026. Participants will have access to training from the AI Red Team, MSRC, and product teams, and Microsoft will support transparent, responsible disclosure.

Securing Cloud Identity Infrastructure Through Collaboration

🔒 CISA's Joint Cyber Defense Collaborative (JCDC) is coordinating with major cloud providers and federal partners to strengthen core cloud identity and authentication systems against sophisticated, nation-state affiliated threats. Recent incidents have exposed risks from token forgery, compromised signing keys, stolen credentials, and gaps in secrets management, logging, and governance. On June 25, a technical exchange convened experts from industry and government to share best practices and explore mitigations such as stateful token validation, token binding, improved secrets rotation and storage, hardware security modules, and enhanced logging to better detect and respond to malicious activity.

A Summer of Security: Empowering Defenders with AI

🛡️ Google outlines summer cybersecurity advances that combine agentic AI, platform improvements, and public-private partnerships to strengthen defenders. Big Sleep—an agent from DeepMind and Project Zero—has discovered multiple real-world vulnerabilities, most recently an SQLite flaw (CVE-2025-6965) informed by Google Threat Intelligence, helping prevent imminent exploitation. The company emphasizes safe deployment, human oversight, and standard disclosure while extending tools like Timesketch (now augmented with Sec‑Gemini agents) and showcasing internal systems such as FACADE at Black Hat and DEF CON collaborations.

CISA Marks Emergency Communications Month 2025: Resilience

📣 The Cybersecurity and Infrastructure Security Agency (CISA) proclaims April 2025 as Emergency Communications Month to honor emergency responders and promote secure, interoperable communications. The campaign centers on being “Resilient Together” and urges critical infrastructure organizations to enroll in free priority services such as GETS and WPS to preserve connectivity during outages caused by weather, cyber incidents, or human error. CISA emphasizes strategic partnerships across federal, state, local, tribal, and territorial stakeholders to protect the emergency communications ecosystem and strengthen community preparedness.

SAFECOM Fall 2024 Bi-Annual Meeting Executive Summary

📢 SAFECOM convened its Fall 2024 Bi‑Annual Meeting on November 19–20, 2024, in Cape Coral, Florida, bringing members and invited guests together for plenary and breakout sessions. Highlights included presentation of the Marilyn J. Praisner Leadership Award to Mr. Michael Murphy, an interactive exercise on Primary, Alternate, Contingency, and Emergency (PACE) plans, and briefings on Hurricane Helene response and federal grant navigation. Technical and policy discussions addressed mobile device "SOS only" features, FirstNet Authority initiatives, counter-jamming research, high frequency operations, and encryption use, while committees advanced governance, education, funding, and incident communications priorities.