This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
SecTor 2024 Announces Record-Breaking Attendance Following Successful Close of Toronto Event [SecTor 2024]
SecTor, Canada’s largest cybersecurity conference, today announced the successful completion of the in-person component of SecTor 2024. The event welcomed 5,000 unique attendees joining in-person from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto. Read More
Takeaways from the SecTor 2024 conference [SecTor 2024]
I couldn’t get to all of the sessions, but here’s a few things I came away with on Wednesday: Keynote speaker Leigh Honeywell of Tall Poppy, which advises firms on dealing with online harassment of employees, said infosec pros have a role in helping protect democracy and elections. They can do it by warning friends and relatives about not trusting everything online. Read More
SecTor Announces Leigh Honeywell and Omkhar Arasaratnam as Keynote Speakers for SecTor 2024 [SecTor 2024]
SecTor, Canada’s largest cybersecurity conference, today announced Leigh Honeywell, founder and CEO of Tall Poppy; and Omkhar Arasaratnam, Guest Lecturer, New York University (NYU) Tandon School of Engineering: Graduate School, as Keynote speakers for SecTor 2024. The live, in-person event will take place at the Metro Toronto Convention Centre in downtown Toronto from October 22 to October 24. Keynote speakers will present on Wednesday, October 23 and Thursday, October 24. Read More
A Sneak Peek into SecTor 2024: AI, Open-Source, and Cybersecurity Trends with Steve Wylie [SecTor 2024]
Discover the highlights of the upcoming Black Hat SecTor Conference in Toronto, featuring insightful discussions on AI, open-source security, and more. Join Steve Wylie, Sean Martin, and Marco Ciappelli as they preview keynotes, summits, and unique aspects of this premier cybersecurity event. Read More
Hacking Deepfake Image Detection System with White and Black Box Attacks | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Sagar Bhure | On Location Coverage with Sean Martin and Marco Ciappelli [SecTor 2024]
In this episode of SecTor 2024, Sean Martin, Marco Ciappelli, and security researcher Sagar Bhure discuss the escalating threat of deepfake technology and its implications for misinformation, financial fraud, and cybersecurity. Tune in to explore real-world examples and learn about innovative detection methods that aim to stay ahead of this complex challenge. Read More
Election security faces threat from cyberattacks and disinformation [Black Hat USA 2024]
It is estimated that more than half of the world’s population will cast ballots by the end of this year, with elections held across a number of countries including the United States. Election security has been a major concern, with threats looming from cyberattacks and disinformation. CNA's Ira Spitzer attended the recent Black Hat cybersecurity conference in Las Vegas and filed this report. Read More
3 Lessons From a Hacker Conference That Can Keep You Safe Online [Black Hat USA 2024]
If you go to Las Vegas for the Black Hat cybersecurity conference, don't bet on spotting people there using burner phones in place of their usual smartphones. Nor should you plan on seeing attendees anxiously using a burner laptop, stripped of most of its usual apps and data. Read More
Black Hat USA 2024 Showcases New Defenses For Cybersecurity Pros [Black Hat USA 2024]
Black Hat has always been an intriguing event to me. It takes its name from the malicious hackers who take on ethical “white hat” defenders, yet the audience is full of (figurative) white hats from the corporate IT world. Read More
The Shakedown From Black Hat USA, 2024 [Black Hat USA 2024]
My colleagues Allie Mellen, Paddy Harrington, Erik Nost, Cody Scott, and I assembled in Las Vegas last week for the Black Hat USA 2024 event. We spent the week attending sessions; meeting with clients; looking for trends, highlights, and lowlights in the festival of vendor marketing (on the show floor and in the convention center hallways); and making sure to drink a lot of water to survive the stifling 110-degree heat. Read More
Three insights you might have missed from Black Hat USA [Black Hat USA 2024]
The growing threat of cybersecurity attacks along the increasingly complex AI landscape reflects one reason Black Hat USA 2024 is one of the biggest cybersecurity conferences of the year. Read More
What a glimpse inside the Black Hat NOC reveals about infosec pros' security habits [Black Hat USA 2024]
The large network that materializes along with legions of infosec professionals at Black Hat every year presents the perfect opportunity to see how well the security community practices what it preaches. Read More
Presidential campaigns in the cyber spotlight [Black Hat USA 2024]
HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! Seeing everyone at Black Hat and DEF CON was great, now excuse me while I recharge my social battery by staring at the wall for the next three days. If you need me (no you don’t), John’s inbox can’t wait to hear all the details. Read More
Windows Downdate attack totally undermines Windows security; fix not yet ready [Black Hat USA 2024]
The security of Windows 11 can be completely undermined by corrupting the Windows Update process with a simple edit to the Windows Registry, forcing a downgrade to vulnerable older versions of Windows and other system processes. As of this writing, there is no patch preventing this attack, although Microsoft has offered steps that reduce the risk. Read More
Just the Hacks: How Journalists Work With Hackers to Break News [Black Hat USA 2024]
Hackers are known for using any available resource to get the money or data they want. Many times, that involves using media contacts to apply public pressure to the companies they are seeking to extort. Read More
Vulnerability Allowed Eavesdropping via Sonos Smart Speakers [Black Hat USA 2024]
NCC Group researchers have disclosed vulnerabilities found in Sonos smart speakers, including a flaw that could have been exploited to eavesdrop on users. One of the vulnerabilities, tracked as CVE-2023-50809, can be exploited by an attacker who is in Wi-Fi range of the targeted Sonos smart speaker for remote code execution. Read More
Design flaw could allow hackers to roll back Microsoft Windows updates [Black Hat USA 2024]
Some of Microsoft’s most important tools for protecting Windows users from malicious hackers can be twisted into being used in attacks, according to research presented here Wednesday at the annual Black Hat security conference. Read More
Windows Update downgrade attack "unpatches" fully-updated systems [Black Hat USA 2024]
SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to "unpatch" fully updated Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities. Read More
Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal [Black Hat USA 2024]
Android-based infotainment systems used in Ford, GM, Honda, and other major vehicle brands can be turned into data-stealing devices, Cisco Talos researchers have uncovered. As with virtually any electronic device, vehicle infotainment systems, colloquially known as head units, can be engineered to steal user data. Read More
CISA: Election infrastructure has never been more secure [Black Hat USA 2024]
CISA Director Jen Easterly said U.S. election infrastructure "has never been more secure" during a Wednesday keynote panel at Black Hat USA 2024. Read More
10 Hot Security Tools Unveiled At Black Hat 2024 [Black Hat USA 2024]
This week in Las Vegas, hundreds of cybersecurity vendors are on hand for the Black Hat USA 2024 conference—many of them with new tools or product capabilities ready to unveil. Read More
Taking Stock with Trinity Chavez: The Cyber Series - Black Hat [Black Hat USA 2024]
Step into the realm of cutting-edge cybersecurity insights at Black Hat in Las Vegas, the second largest cyber security conference in the world! Join NYSE TV’s Lead Anchor, Trinity Chavez, as she gets exclusive access and has riveting conversations with CEOs and other leading cybersecurity experts to explore their strategies, innovations, and groundbreaking perspectives that mold the digital defense landscape. Read More
Could Intel Have Fixed Spectre & Meltdown Bugs Earlier? [Black Hat USA 2024]
The Spectre and Meltdown chip vulnerabilities could have been resolved much earlier had chip makers taken reports from academic researchers more seriously, says one researcher who helped unveiled the hardware bug. Read More
Behind the Scenes at Black Hat USA 2024: An Exclusive Pre-Event Conversation | A Black Hat USA 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli [Black Hat USA 2024]
Black Hat USA 2024 promises to be an exciting and groundbreaking conference, and we caught up with Steve Wylie, the General Manager of Black Hat, to get an inside look at this year's event. Read More
Black Hat Asia 2024: A focus on regulation and reducing complexity in the security stack [Black Hat Asia 2024]
At 2024's Black Hat Asia event, we heard about increasing regulation and fines, ransomware attacks, securing devices in critical infrastructure, MDR's growth in APAC, and the need to reduce complexity in the security stack. Read More
Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities [Black Hat Asia 2024]
Ever since the first Hack@DAC hacking competition in 2017, thousands of security engineers have helped discover hardware-based vulnerabilities, develop mitigation methods, and perform root cause analysis of issues found. Read More
Researchers claim Windows Defender can be fooled into deleting databases [Black Hat Asia 2024]
Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem. Read More
Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers [Black Hat Asia 2024]
New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. Read More
CSA warns of emerging security risks with cloud and AI [Black Hat Asia 2024]
The rapid adoption of emerging technologies such as cloud computing and artificial intelligence (AI) is posing new cyber security risks, adding to the increasingly complex cyber threat landscape. Read More
EP 32: Using ChatGPT To Perform Side Channel Attacks On Real Hardware [Black Hat Europe 2023]
There’s a lot of talk about using AI and LLM in security. For example, could ChatGPT detect the vulnerable spots for power for analysis in particular pieces of code using Advanced Encryption Standard? Witold Waligora, CEO of CloudVA, talks about his Black Hat Europe presentation, How We Taught ChatGPT-4 to Break mbedTLS AES With Side-Channel Attacks. Read More
Increased Cyber Regulation in the Offing as Attacks Mount [Black Hat Europe 2023]
Expect governments to impose greater levels of cybersecurity regulation if businesses cannot defend against major attacks and stop breaches from happening. Read More
LogoFAIL vulnerabilities impact vast majority of devices [Black Hat Europe 2023]
A set of major vulnerabilities that impact nearly all devices allows hackers to bypass most modern security checks through the logo that shows up when the computer starts.
Discovered by the cybersecurity firm Binarly and presented at Black Hat Europe on Wednesday, LogoFAIL is a set of vulnerabilities that impact all x86 and ARM-based devices, like Windows and Linux, through the software that shows the manufacturer logo at the start of a bootup process. Read More
Liability Fears Damaging CISO Role, Says Former Uber CISO [Black Hat Europe 2023]
The growing trend of finding CISOs personally liable for security failings is making security professionals more reluctant to take up these positions.
This according to former Uber CISO Joe Sullivan, speaking during Black Hat Europe 2023. Read More
Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images [Black Hat Europe 2023]
Firmware security company Binarly on Wednesday disclosed the details of an attack method that can be used to compromise many consumer and enterprise devices by leveraging malicious UEFI logo images. Read More
NCSC's Ollie Whitehouse on Why Cybersecurity is Essential, Not Optional [Black Hat Europe 2023]
Ollie Whitehouse is the first-ever chief technical officer (CTO) the UK’s National Cyber Security Centre (NCSC) has appointed. Whitehouse formally began his role in October 2023 following the initial appointment in September. Read More
How I Learned to Stop Worrying and Build a Modern Detection & Response Program | A Black Hat Europe 2023 Event Coverage Conversation with Allyn Stott [Black Hat Europe 2023]
In this episode of the ITSPmagazine On Location Event Coverage series, host Sean Martin and guest Allyn Stott discuss the intricacies of building a modern detection response program, the role of threat intelligence, and the importance of aligning with business risk. Read More
We Need to Stop the Temperature From Rising If We Don't Want to Ice the CISO Role | A Black Hat Europe 2023 Event Coverage Conversation with Joe Sullivan [Black Hat Europe 2023]
Most of the time, for these event coverage conversations, we get to connect with keynote speakers to learn more about the topic they plan to share at the event. During our conversation with Joe Sullivan, we did that ... and so, so much more. Tune in to this (dare we say, approaching emotional) conversation to hear about Joe's journey and all the things he is doing to help keep the CISO role safe and successful. Read More
EP 84: When Old Medical Devices Keep Pre-shared Keys [SecTor 2023]
You would think there is a procedure to End-of-Life a medical device, right? Erase personal health info. Erase network configuration info. Speaking at SecTor 2023, Deral Heiland from Rapid 7 said he found that he was able to buy infusion pumps on the secondary market with the network credentials for the original Health Care Delivery Organization in tact. Read More
SecTor: Top cybersecurity predictions for 2024 [SecTor 2023]
It’s Halloween, and what could possibly be scarier than a look at cybersecurity threats for the year ahead?
Canadian infosec veteran Laura Payne served up her list of 10 cybersecurity predictions for 2024 during a keynote at the 17th annual SecTor conference in Toronto last week. Read More
Cyber Security Today, Week in Review for the week ending Friday, Oct. 27, 2023 [SecTor 2023]
Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, October 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S. Read More
SecTor 2023: A call to Canadian IT pros for political action [SecTor 2023]
IT pros should become more involved in technology policy issues to prevent the Trudeau government from making bad choices, attendees at the annual SecTor cybersecurity conference have been told. Read More
Keynote: 2024 Predictions in Future-Hindsight View - Get Ready! | A SecTor Event Coverage Conversation with Laura Payne [SecTor 2023]
In this episode, hosts Marco and Sean embark on a road trip to SecTor cybersecurity conference in Toronto, Canada, and sit down with cybersecurity expert Laura Payne to discuss cybersecurity's future and artificial intelligence's impact on technology and society. Read More
Do We Really Need to Worry about Critical Infrastructure? | A Discussion about Cyber Operations in the Context of the Leaked Vulkan Files | A SecTor Event Coverage Conversation with Marina Krotofil [SecTor 2023]
In this episode of Chats on the Road to the SecTor Security conference in Toronto, hosts Marco and Sean are joined by Marina Krotofil to explore the complexities of cyber warfare, the leaked Vulkan files, and the need for independent thinking in the face of evolving cyber threats. Read More
The Future of Secure Business Browsing: Isolation and Protection | Browser Security: Isolation-101 | A SecTor Event Coverage Conversation with Evgeniy Kharam [SecTor 2023]
In this episode of the Redefining CyberSecurity Podcast, Sean Martin and guest Evgeniy Kharam discuss browser security, remote browser isolation, enterprise browsers, and the impact on security programs. Read More
SecTor 2023: Full Schedule Programming for Toronto Event [SecTor 2023]
SecTor, Canada’s largest cybersecurity conference, today announced its full schedule programming for SecTor 2023. Taking place in Toronto at the Metro Toronto Convention Centre, this year’s event will feature 42 Briefings, two days of Trainings, 45 Sponsored Sessions, and for the first time at SecTor, Black Hat Arsenal will debut with 36 tool demos. Read More
White Tuque CNO, Laura Payne, to Give Keynote Address at SecTor 2023 [SecTor 2023]
SecTor, Canada's largest cybersecurity conference, will be taking place this October 23rd through 26th at the Metro Toronto Convention Centre. Now in its 17th year, SecTor annually connects IT and security experts from around the world. Thought leaders share the very latest in information security research, development, and trends, providing relevant, engaging, and reputable content for the benefit of the Canadian cybersecurity community. Read More
Black Hat USA 2023: AI's Impact On the Future of Cybersecurity [Black Hat USA 2023]
Artificial intelligence is having a massive impact on our society. “It’s forcing us, for economic reasons, to take all of our problems and turn them into prediction problems,” said Jeff Moss, founder of Black Hat. In an opening keynote for Black Hat USA 2023 in Las Vegas, experts shared just how dramatically generative AI is changing the game. Read More
AI for security, security for AI: 2 aspects of the intersection of 2 hot topics [Black Hat USA 2023]
AI has been a trending topic in technology for many years, but nothing has fueled interest like the explosive emergence of generative AI over the past year. As with many nascent trends, security often rises to the top of opportunities as well as concerns, and this is no less true with AI — it was a central focus of this year's RSA Conference. It was also the theme of the opening keynote at Black Hat, where the AI Cyber Challenge, a Defense Advanced Research Projects Agency (DARPA) initiative launched by the Biden-Harris administration, was announced. That same week, DEF CON hosted the largest public "red teaming" (penetration testing) exercise against AI models to date. Read More
Key takeaways from Black Hat 2023 [Black Hat USA 2023]
At Black Hat USA 2023, Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Victor Zhora, Deputy Chairman and Chief Digital Transformation Officer of the State Service of Special Communication and Information Protection of Ukraine, gave a joint presentation on the need for resilience. Read More
Cyber security experts lament west’s failure to learn lessons from Ukraine [Black Hat USA 2023]
Viktor Zhora, the public face of Ukraine’s success against Russian cyber attacks, received a hero’s welcome earlier this month on stage at Black Hat, the world’s biggest cyber security gathering, in Las Vegas. Read More
Black Hat 2023 Recap Report by The Readable [Black Hat USA 2023]
The Black Hat USA 2023 Recap Report by The Readable was just published. The Readable covered the Black Hat USA 2023 in person, along with the annual DEF CON and USENIX events that took place during the same week. Read More
When it comes to data protection, Black Hat puts its money where its mouth is [Black Hat USA 2023]
From embarrassing dating profiles to unprotected corporate earning reports, Cybernews discovers what really happens to all that sensitive information flowing through the Black Hat Network Operations Center (NOC) once summer camp for hackers finally ends. Read More
Generative AI: Cybersecurity Weapon, But Not Without Adaptable, Creative (Human) Thinkers [Black Hat USA 2023]
Generative AI was — not surprisingly — the conversational coin of the realm at Black Hat 2023, with various panels and keynotes mulling the extent to which AI can replace or bolster humans in security operations. Read More
Publisher’s Spotlight: Black Hat USA 2023 Closes on Record-Breaking Event in Las Vegas [Black Hat USA 2023]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, today announced the successful completion of the in-person component of Black Hat USA 2023. The event welcomed more than 22,750 unique attendees, with 19,750 joining in-person at the Mandalay Bay Convention Center in Las Vegas, while more than 3,000 registered for On-Demand Access to the event. Read More
Playing to Win: Generative AI, Cloud Security, and More at Black Hat 2023 [Black Hat USA 2023]
The stage was set, the players were ready, and Black Hat USA 2023 delivered a cybersecurity spectacle that left no doubt—this was a game-changing event. As we unpack the highlights, one overarching theme emerges: a united front against ever-evolving threats. From generative AI to cloud security and a glimpse into the future of defense, this year's conference illuminated the power of collaboration and innovation. Amidst these pivotal discussions, one revelation—the TETRA:BURST vulnerabilities—took center stage, leaving an indelible mark on the field. Read More
CISA Officials Share Plans for Secure-by-Design Ecosystem [Black Hat USA 2023]
The Cybersecurity and Infrastructure Security Agency (CISA) is looking to change the technology ecosystem through its secure-by-design and -default guidelines, and CISA officials explained the agency’s plan to foster this ecosystem at the Black Hat USA Conference in Las Vegas last week. Read More
Artificial Intelligence: Stopping the Big Unknown in Application, Data Security [Black Hat USA 2023]
Artificial intelligence, particularly large language models of the GPT type, were the talk of the town during last week’s Black Hat and Def Con in Las Vegas. But even the experts disagreed to what extent AI changes the security posture companies should take, from protecting internal data to developing applications. Read More
Password Security is Still Top-of-Mind but Evolving Away, Study Finds [Black Hat USA 2023]
Password security remains relevant but cybersecurity is trending toward a password-less strategy, according to a new survey conducted by Delinea at the recent Black Hat USA conference. Read More
Looks like people are ready to move away from passwords [Black Hat USA 2023]
It appears that many people are ready to embrace the brave new world of passwordless security, as they voice their support for the idea. The Privileged access management (PAM) firm Delinea conducted a survey at this year's Black Hat USA security conference and found that over half (54%) of respondents believe that passwordless solutions are a viable concept. A fifth were also already using passkeys instead of or in addition to passwords. Read More
Passwords are Evolving as a Passwordless Future Draws Nearer [Black Hat USA 2023]
Enterprises are developing strategies now to protect identities from being stolen and abused even as a true passwordless future is slowly coming into view, according to Joseph Carson, chief security scientist and advisory CISO at privileged access manager (PAM) vendor Delinea. Read More
‘Defender Pretender’ turns Windows’ malware protections against itself [Black Hat USA 2023]
Windows Defender can be hijacked to ignore malware, falsely recognize benign files as malicious and even delete critical system files to render a machine inoperable, two Israeli researchers demonstrated at the Black Hat security conference here on Aug. 9. Read More
Cyber Security Today, August 14, 2023 — A huge insurance company hack, presentations at the Black Hat conference, and more [Black Hat USA 2023]
One of the presentations at last week’s Black Hat USA security conference showed the advantages of setting up a honeypot to lure and then record the activities of hackers. Two researchers from GoSecure said they captured 100 hours of videos over three years showing the techniques threat actors use to access and exfiltrate data. Read More
Inside the Black Hat network operations center, volunteers work in geek heaven [Black Hat USA 2023]
Every summer, pandemics permitting, a group of volunteers gather in a Las Vegas hotel to run one of the more unusual examples of IT infrastructure on the planet: the Black Hat network operations center. Read More
For the first time, U.S. government lets hackers break into satellite in space [Black Hat USA 2023]
Hackers in a desert in the Southwest are lobbing a barrage of cyberattacks at a U.S. government satellite on Friday — and it’s exactly what the Pentagon wanted to happen. Read More
Black Hat USA 2023 – Announcements Summary [Black Hat USA 2023]
Hundreds of companies and organizations showcased their cybersecurity products and services this week at the 2023 edition of the Black Hat conference in Las Vegas. Read More
GitHub’s Hardcore Plan to Roll Out Mandatory Two-Factor [Black Hat USA 2023]
You've heard the advice for years: Turn on two-factor authentication everywhere it’s offered. It’s long been clear that using only a username and password to secure digital accounts isn’t enough. But layering on an additional authentication “factor”—like a randomly generated code or a physical token—makes the keys to your kingdom much tougher to guess or steal. Read More
Black Hat USA Unwrapped: Top 5 Cybersecurity Insights You Can't Afford to Miss [Black Hat USA 2023]
There is an enduring nature to many cybersecurity challenges while at the same time cyber practitioners must be aware of the evolving scale of threats, including the rapid global impact of AI-related issues. Read More
4 ways organizations can take back the advantage from attackers [Black Hat USA 2023]
Kelly Shortridge is on a mission — a “resilience revolution” as she describes it — to help defenders outmaneuver threat actors by using the same tactics they employ against other organizations. Read More
Dark Reading News Desk at Black Hat USA 2023 [Black Hat USA 2023]
Dark Reading News Desk was live for two days during Black Hat USA, at Mandalay Bay in Las Vegas. Dark Reading editor Becky Bracken hosted a bevy of Black Hat newsmakers including cybersecurity journalists, experts, and researchers for on-the-scene interviews. Read More
20 Hottest New Cybersecurity Tools At Black Hat 2023 [Black Hat USA 2023]
At Black Hat 2023 this week, vendors are showcasing new products in segments including XDR, application security, vulnerability management and cloud security. Read More
CISA Director: US has lessons to learn about anticipating threats, disruption [Black Hat USA 2023]
U.S. residents and businesses need to be better prepared for inevitable disruptions caused by cyberattacks, according to the head of the country’s cybersecurity agency. Speaking alongside Ukrainian cybersecurity chief Viktor Zhora at the Black Hat cybersecurity conference, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said Americans need to mirror Ukraine’s resilience in the face of an onslaught of damaging cyberattacks. Read More
The top new cybersecurity products at Black Hat USA 2023 [Black Hat USA 2023]
Black Hat USA 2023 served as launchpad for a host of cybersecurity products and services, with many notable vendors as well as up-and-coming startups showcasing their innovations at the annual conference, held this week in Las Vegas. Read More
The US Wants Americans To Learn From Its Cyber Partnership With Ukraine [Black Hat USA 2023]
The United States’ partnership with Ukraine to fend off Russian hackers during the ongoing war has proven to be an excellent model for helping other countries deal with similar digital assaults, a top U.S. cyber official said Wednesday. Read More
Hackers to compete for nearly $20 million in prizes by using A.I. for cybersecurity, Biden administration announces [Black Hat USA 2023]
Hackers will have the chance to compete for millions of dollars in prizes by using artificial intelligence to protect critical U.S. infrastructure from cybersecurity risks, the Biden administration announced Wednesday. Read More
White House launches contest to improve critical infrastructure cybersecurity with AI [Black Hat USA 2023]
The White House today announced the AI Cyber Challenge, a contest designed to improve the cybersecurity of the United States’ critical infrastructure. The contest was detailed during Black Hat USA 2023, a major cybersecurity event taking place this week in Las Vegas. Read More
White House launches AI Cyber Challenge to test how top AI models protect software [Black Hat USA 2023]
At the Black Hat USA conference in Las Vegas today — the nation’s largest hacking conference — the Biden-Harris administration announced the launch of a two-year open competition to explore how AI can be used to protect and defend the U.S.’s most vital software, including computer code that keeps the internet and critical infrastructure running. Read More
Black Hat USA: Cybersecurity Experts Optimistic About Generative AI [Black Hat USA 2023]
Cybersecurity as an industry is likely going to be the biggest benefactor of AI. A panel of cybersecurity experts from Amazon Web Services (AWS), Barracuda, Splunk and more agreed they are optimistic about the future of generative AI in spite of increasing threats. The panel took place Tuesday at this week’s Black Hat USA. Read More
‘Downfall’ vulnerability leaves billions of Intel CPUs at risk [Black Hat USA 2023]
Computer security operates on a few basic principles, and one of them is that data in use by one application should not be available to another without permission. This basic architecture should in theory keep one application from snooping on another and stealing, for example, a bank key from a password manager. When that principle breaks down, it can be devastating. Read More
New Downfall attacks on Intel CPUs steal encryption keys, data [Black Hat USA 2023]
A senior research scientist at Google has devised new CPU attacks to exploit a vulnerability dubbed Downfall that affects multiple Intel microprocessor families and allows stealing passwords, encryption keys, and private data like emails, messages, or banking info from users that share the same computer. Read More
Cybersecurity is everyone’s responsibility [Black Hat USA 2023]
Ahead of Black Hat 2023, Omdia Senior Director of Research Maxine Holt discusses the state of the cybersecurity landscape and what lies ahead for businesses not adequately prepared for the threat of cybercrime. Read More
What to Expect at Black Hat 2023 [Black Hat USA 2023]
Every summer, hackers and researchers from around the world brave the broiling Las Vegas heat, coming together for the hacking extravaganza known as Black Hat. This is the opportunity for academics and professional testers to wow their colleagues by showcasing the vulnerabilities they’ve discovered or new protection techniques they’ve invented. Read More
Tesla Jailbreak Unlocks Theft of In-Car Paid Features [Black Hat USA 2023]
Tesla cars are susceptible to a nearly irreversible jailbreak of their onboard infotainment systems that would allow owners to unlock a bevy of paid in-car features for free. The stolen perks can run the gamut from better bandwidth to faster acceleration and heated seats, according to a team of academic researchers. Read More
Summer Documentary Watch Party: 8 Sizzling Cybersecurity Tales [Black Hat USA 2023]
It's almost August, which means Hacker Summer Camp — the confluence of BSides Las Vegas, Black Hat USA, and DEF CON — is nearly upon us. If you're going to Las Vegas to take part in the annual celebration of probing every system for any possible weakness, we've got a wide selection of documentaries to get you in the investigative mood. Read More
Meet the Finalists for the 2023 Pwnie Awards [Black Hat USA 2023]
With Black Hat USA 2023 looming, it's time to start thinking about the Oscars of cybersecurity, the Pwnie Awards. The statuettes will be handed out live in Las Vegas on Wednesday, Aug. 9, at 6:30 p.m. – with the exception of this year's Lifetime Achievement Pwnie, which was awarded at the Summercon hackers' meetup in Brooklyn, New York, on July 14, when the other nominees were announced. Read More
Satellites Are Rife With Basic Security Flaws [Black Hat USA 2023]
Hundreds of miles above Earth, thousands of satellites are orbiting the planet to keep the world running smoothly. Timing systems, GPS, and communications technologies are all powered by satellites. But for years, security researchers have warned that more needs to be done to secure the satellites against cyberattacks. Read More
Microsoft users on high alert over dangerous RCE zero-day [Black Hat USA 2023]
Microsoft has disclosed a potentially serious remote code execution (RCE) zero-day under active exploitation – by a group with alleged links to the Russian intelligence services – among more than 100 other vulnerabilities in its July Patch Tuesday update, but the company has not yet issued an actual patch for it. Read More
Black Hat USA Announces Over 90 Briefings for its 26th Anniversary Event in Las Vegas [Black Hat USA 2023]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, returns to Las Vegas celebrating Black Hat USA’s 26th anniversary with a live, in-person 6-day program from August 5 – August 10. The event will take place at the Mandalay Bay Convention Center, featuring over 90 Briefings hand selected by the Black Hat Review Board. Read More
Black Hat Asia 2023: Data exposure, privacy, and minimization [Black Hat Asia 2023]
Black Hat Asia 2023 in Singapore and its flurry of activities make for an exciting time of the year. Cybersecurity is nascent among organizations in Asia, with plenty of opportunities to rise above in the race to build digital resilience. Read More
Millions of Android Devices Loaded with Malware Infected OEM Images [Black Hat Asia 2023]
TrendMicro made a shocking revelation at Black Hat Asia 2023 where they disclosed an operation that has been running since 2018 targeting Android devices. The scheme was uncovered in 2021 while researchers at TrendMicro were looking into SMS PVA (Phone Verified Accounts) mobile bot net. They identified that the botnet had been helped along by a supply chain attack targeting the image used by OEM to rapidly deploy the OS onto the devices. Read More
This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide [Black Hat Asia 2023]
A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks. Read More
Vulnerabilities in router vendors’ cloud management platforms detailed [Black Hat Asia 2023]
Hundreds of thousands of operational technology networks and devices are at risk of hijacking attacks stemming from the exploitation of several security vulnerabilities impacting the cloud management platforms of industrial cellular router vendors Sierra Wireless, InHand Networks, and Teltonika Wireless, The Hacker News reports. Read More
Black Hat Asia 2023 Closes on Record-Breaking, In-Person Event in Singapore [Black Hat Asia 2023]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, today announced the successful completion of the in-person component of Black Hat Asia 2023. The event welcomed a record number of attendees from May 9 through May 12, with more than 3,000 attendees joining at the Marina Bay Sands Expo & Convention Centre in Singapore. Read More
Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cybercrime Enterprise [Black Hat Asia 2023]
Millions of Android phone users around the world are contributing daily to the financial wellbeing of an outfit called the Lemon Group, merely by virtue of owning the devices. Unbeknownst to those users, the operators of the Lemon Group have pre-infected their devices before they even bought them. Now, they're quietly using their phones as tools for stealing and selling SMS messages and one-time passwords (OTPs), serving up unwanted ads, setting up online messaging and social media accounts, and other purposes. Read More
Arm acknowledges side-channel attack but denies Cortex-M is crocked [Black Hat Asia 2023]
Arm issued a statement last Friday declaring that a successful side attack on its TrustZone-enabled Cortex-M based systems was "not a failure of the protection offered by the architecture.” Read More
Millions of mobile phones come pre-infected with malware, say researchers [Black Hat Asia 2023]
Miscreants have infected millions of Androids worldwide with malicious firmware before the devices even shipped from their factories, according to Trend Micro researchers at Black Hat Asia. Read More
Firmware Looms as the Next Frontier for Cybersecurity [Black Hat Asia 2023]
Last December, researchers discovered a series of five vulnerabilities affecting servers run by more than a dozen major vendors — brand names like Huawei, Qualcomm, Nvidia, AMD, Dell, and HP. The vulnerabilities were nothing to scoff at, either, with CVSS scores ranging from 5.3 (Medium severity) to 9.8 (Critical). Read More
Shout-out to whoever went to Black Hat and had North Korean malware on their PC [Black Hat USA 2022]
The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents. Read More
The Black Hat Conference At 25: Still Fighting The Good Fight [Black Hat USA 2022]
Out on the Nevada desert sand, a phenomenon 25 years running has again grabbed the attention of the not only the tech industry, but also IT professionals from every industry. The annual Black Hat security convention proves there is no respite in a world of never-ending security threats – from the known, to the unknown, likely and unlikely sources. The conference attracts participants of all stripes, with its insights, breakthroughs, and aspirations. Founded in 1997, the Black Hat event is a yearly cybersecurity community geek-fest with the latest cutting-edge research, developments, and trends. Read More
Why patching quality, vendor info on vulnerabilities are declining [Black Hat USA 2022]
Those who apply security patches are finding that it’s becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren’t fixed right or variant bugs that could have been patched the first time. Read More
How cybersecurity vendors are misrepresenting zero trust [Black Hat USA 2022]
The zero-trust vision that cybersecurity vendors are selling isn’t the reality enterprises are experiencing. The disconnect begins during initial sales cycles, where the promises of ease of use, streamlined API integration and responsive service lead to enterprises buying solutions that don’t work. Unfortunately, enterprises are getting more challenges than the vision vendors sold. Read More
What Black Hat 2022 reveals about securing the supercloud [Black Hat USA 2022]
Black Hat 2022 was held in Las Vegas last week, at the same time as theCUBE’s supercloud event. Unlike AWS re:Inforce, where words are carefully chosen to put a positive spin on security, Black Hat exposes all the warts of cybersecurity and openly discusses its hard truths. It’s a conference attended by technical experts who proudly share some of the vulnerabilities they’ve discovered and of course by numerous vendors marketing their products and services. Read More
Black Hat USA 2022 Closes on a Record Breaking Event in Las Vegas & Online [Black Hat USA 2022]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, closes a successful hybrid event for Black Hat USA 2022. The event welcomed more than 21,000 unique attendees, with over 17,400 joining in person at the Mandalay Bay Convention Center in Las Vegas, while over 15,488 actively logged into the virtual platform. Security professionals from 111 countries joined the hybrid event, to experience the robust lineup of groundbreaking content led by security experts who showcased the latest and greatest research currently impacting the industry including more than 90 deeply technical Briefings. Read More
State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims [Black Hat USA 2022]
Fake job offers have become a top phishing tactic for state-sponsored threat actors to lure in unsuspecting targets in the wake of the COVID-19 pandemic, as many reconsider their careers amid growing demand for skilled workers and managers. Read More
As Black Hat security conference turns 25, a lesson: security doesn’t have an end point [Black Hat USA 2022]
At the start of the Black Hat information-security conference here, founder Jeff Moss took a moment to reflect on the state of cybersecurity today compared to the hopes of industry professionals at the first such gathering 25 years earlier. Read More
Black Hat Postmortem: Geopolitical Risks and Complexity on the Rise [Black Hat USA 2022]
Last week’s Black Hat USA 2022 conference solidly framed the cybersecurity issues IT and network managers are facing. From the keynotes throughout the conference sessions, the message was clear. Security challenges are increasing, and the complexity of modern applications and infrastructures makes it all the more harder to secure networks and defend against attacks. Read More
Head of Ukraine’s Cybersecurity Says Russia Has Committed ‘Cyber War Crimes’ [Black Hat USA 2022]
The head of Ukraine’s cybersecurity agency was in Las Vegas this week, at Black Hat, one of the largest hacking conferences in the world. He said he was there to promote the idea that "we should be united to create some kind of cyber coalition to counter the threats." Read More
Former CISA chief wants new, cross-cutting agency to lead fed cyber [Black Hat USA 2022]
The federal government should establish a new "U.S. Digital Agency" to counter risks associated with emerging digital threats and to further bolster national security around privacy and data management, according to the first-ever director of the Cybersecurity and Infrastructure Security Agency. Read More
Election disinformation fears loom over hacker confab [Black Hat USA 2022]
HAPPY MONDAY, and welcome to Morning Cybersecurity! I’m your host, Eric Geller, and I’m marveling at these gorgeous supermoon photos from around the world. Read More
Black Hat 2022: Why machine identities are the most vulnerable [Black Hat USA 2022]
Enterprises are struggling to secure machine identities because hybrid cloud configurations are too complex to manage, leading to security gaps cyberattackers exploit. Adding to the confusion are differences between public cloud providers’ approaches to defining machine-based identities using their native identity access management (IAM) applications. Additionally, due to differences in how IAM and machine identity management are handled across cloud platforms, it can be challenging to enforce zero-trust principles, enabling least-privileged access in a hybrid cloud environment. Read More
Black Hat 2022 reveals enterprise security trends [Black Hat USA 2022]
The blast radius of cyberattacks on an enterprise is projected to keep growing, extending several layers deep into software supply chains, devops and tech stacks. Black Hat 2022’s presentations and announcements for enterprise security provide a sobering look at how enterprises’ tech stacks are at risk of more complex, devastating cyberattacks. Held last week in Las Vegas and in its 25th consecutive year, Black Hat‘s reputation for investigative analysis and reporting large-scale security flaws, gaps and breaches are unparalleled in cybersecurity. Read More
Man vs. Dish: How one researcher used a $25 homemade device to hack into Elon Musk's Starlink system [Black Hat USA 2022]
With over 3,000 small satellites in orbit, Elon Musk's Starlink has created an excellent fleet orbiting Earth at the moment providing satellite internet access coverage in 36 countries. However, all it took was one Belgian cyber security researcher, a $25 homemade device, and a dream to reveal the first major security flaw in Starlink's user terminals. Read More
Researchers Find Vulnerability in Software Underlying Discord, Microsoft Teams, and Other Apps [Black Hat USA 2022]
A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others, which are used by tens of millions of people all over the world. Read More
Vulnerabilities Allowed Researchers to Remotely Lock and Unlock Doors [Black Hat USA 2022]
If you have worked or still work in an office, you have probably swiped an access card in front of one of those black devices with a light that toggles from red to green, which lets you get into the building. Thanks to a series of vulnerabilities into one of the most popular access control panels in the world, hackers could get into the building too. Read More
KREBS: ‘WE’VE OVER-FETISHIZED THE APT THREAT’ [Black Hat USA 2022]
The government and industry focus in recent years on the operations and tactics of highline threat actors such as Russian and Chinese APT teams has allowed cybercrime and ransomware groups to have a field day and grow stronger and more technologically advanced in the interim, the former director of the Cybersecurity and Infrastructure Security Agency said. Read More
New Cross-Industry Group Launches Open Cybersecurity Framework [Black Hat USA 2022]
Amazon Web Services (AWS) and Splunk are leading an industry effort of 18 systems and security vendors to standardize how different monitoring systems share security alerts. The goal is to deliver a simplified and vendor-agnostic taxonomy to help security teams ingest and analyze security data faster. Read More
4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls [Black Hat USA 2022]
Cisco's enterprise-class firewalls have at least a dozen vulnerabilities — four of which have been assigned CVE identifiers — that could allow attackers to infiltrate networks protected by the devices, a security researcher from vulnerability management firm Rapid7 plans to say in a presentation at the Black Hat USA conference on Aug. 11. Read More
Sloppy Software Patches Are a 'Disturbing Trend' [Black Hat USA 2022]
THE WHOLE PURPOSE of vulnerability disclosure is to notify software developers about flaws in their code so they can create fixes, or patches, and improve the security of their products. But after 17 years and more than 10,000 vulnerability disclosures, the Zero Day Initiative is calling out a “disturbing trend” at the Black Hat security conference in Las Vegas today and announcing a plan to apply some counterpressure. Read More
Log4j was the right incident for inaugural review, safety board says [Black Hat USA 2022]
Two leading members of the Cyber Safety Review Board, speaking at the Black Hat USA conference in Las Vegas Wednesday, praised the inaugural investigation of the Log4j vulnerability Read More
SpaceX Invites Security Researchers to Hack Starlink [Black Hat USA 2022]
To secure Starlink, SpaceX is inviting security researchers to try and hack the satellite internet system and then report any vulnerabilities to the company. Read More
Three ransomware attacks hit single company over two weeks [Black Hat USA 2022]
Three of the most prolific ransomware gangs currently in operation targeted the same company over a period of two weeks, according to cyber security researchers. Read More
WTF Just Happened? Why Your Org Needs a Cybersecurity Incident Review Board [Black Hat USA 2022]
"People don't do shit about cybersecurity until they have to," Tarah Wheeler, a Fulbright scholar and CEO at Red Queen Dynamics, Inc., remarked during her panel at Black Hat. Read More
Black Hat at 25: Why Cybersecurity Is Going to Get Worse Before It Gets Better [Black Hat USA 2022]
Chris Krebs, the first director of the Cybersecurity and Infrastructure Security Agency (CISA), a part of the US Department of Homeland Security, believes that information security will get worse before it gets better. Krebs, now a founding partner of consulting firm Krebs Stamos Group, opened information security conference Black Hat USA 2022 with a keynote speech on August 10. Read More
Black Hat USA: Former CISA Director Says Cybercrime to Get a Lot Worse Before Better [Black Hat USA 2022]
Former Cybersecurity and Infrastructure Agency (CISA) director Chris Krebs says when it comes to cybercrime, things are going to get a lot worse before they get better. Read More
Browser-powered desync: New class of HTTP request smuggling attacks showcased at Black Hat USA [Black Hat USA 2022]
A new class of HTTP request smuggling attack allowed a security researcher to compromise multiple popular websites including Amazon and Akamai, break TLS, and exploit Apache servers. Read More
Black Hat USA: Deliberately vulnerable AWS, Azure cloud infrastructure is a pen tester’s playground [Black Hat USA 2022]
Security pros from INE enjoyed a double billing at Black Hat USA yesterday (August 10) as they showcased penetration testing tools AWSGoat and AzureGoat. Read More
ReNgine upgrade: New subscan feature, PDF reports, expanded toolbox showcased at Black Hat USA [Black Hat USA 2022]
Black Hat USA attendees were given a firsthand look at the new and improved ReNgine, which includes several new features for penetration testers and red teamers. Read More
Black Hat USA: Log4j de-obfuscator Ox4Shell ‘dramatically’ reduces analysis time [Black Hat USA 2022]
A Log4Shell de-obfuscation tool that promises simple, rapid payload analysis without the risk of “critical side effects” has been showcased at Black Hat USA. Read More
This Anti-Tracking Tool Checks If You're Being Followed [Black Hat USA 2022]
MATT EDMONDSON, A federal agent with the Department of Homeland Security for the last 21 years, got a call for help last year. A friend working in another part of government—he won’t say which one—was worried that someone might have been tailing them when they were meeting a confidential informant who had links to a terrorist organization. If they were being followed, their source’s cover may have been blown. “It was literally a matter of life and death,” Edmondson says. Read More
#BHUSA: Chris Krebs Explains How Cybersecurity Can Improve [Black Hat USA 2022]
Why is cybersecurity so bad right now? That is the question with which the Black Hat USA 2022 security conference got underway on August 10 in an opening keynote address from former CISA director Chris Krebs. Read More
Tech, Cyber Companies Launch Security Standard to Monitor Hacking Attempts [Black Hat USA 2022]
A group of 18 tech and cyber companies said Wednesday they are building a common data standard for sharing cybersecurity information. They aim to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to fully assess hacking threats. Read More
MAJOR CYBERSECURITY COMPANIES CREATE NEW OPEN-SOURCE CONSORTIUM TO SHARE KEY DATA [Black Hat USA 2022]
Black Hat USA 2022 started off with a bang Wednesday with a group of major cybersecurity companies unveiling the formation of a new open-source consortium to share key data and with DNSFilter separately saying it’s acquiring Guardian, a firewall and VPN platform. Read More
Researcher Hacks Starlink Terminal to Warn SpaceX of Dangerous Flaws [Black Hat USA 2022]
A researcher from Belgium created a $25 hacking tool that could glitch Starlink’s internet terminals, and he is reportedly going to make this tool available for others to copy. Lennert Wouters, a security researcher at KU Leuven, demonstrated how he was able to hack into Elon Musk’s satellite dishes at the Black Hat Security Conference being held this week in Las Vegas, Wired reported. Read More
More than a dozen companies developing single standard to detect cyberattacks faster [Black Hat USA 2022]
More than a dozen companies in the cybersecurity space are developing a single, open standard for sharing data about hacking threats, a project the companies say could help organizations detect cyberattacks more quickly. Read More
AWS, Splunk lead open source effort to spot and curb cyberattacks [Black Hat USA 2022]
A coalition of 18 companies on Wednesday introduced a project aimed at creating a universal model for sharing data deemed essential to spot and curb cyberattacks. Read More
Group of security companies launches open source project to ease data sharing [Black Hat USA 2022]
It’s long been known that security is not a problem that companies, even large corporations, can solve on their own. It takes a community working together to battle the kinds of problems that companies are facing today when it comes to cybersecurity. Read More
Black Hat USA 2022: DNSFilter, NetWitness, BlackBerry, CrowdStrike, More [Black Hat USA 2022]
Black Hat USA 2022 kicked off Wednesday in Las Vegas with a flurry of news and research from DNSFilter, NetWitness, BlackBerry, CrowdStrike and more. Read More
Looking Back at 25 Years of Black Hat [Black Hat USA 2022]
Back in 1997, when tech companies didn't understand hackers very well and didn't take them seriously, the founder of DEF CON, Jeff Moss, decided to create an event that would give everyone the chance to peek inside the minds of these creative geniuses. Black Hat was born. Read More
The Hacking of Starlink Terminals Has Begun [Black Hat USA 2022]
Since 2018, Elon Musk’s Starlink has launched more than 3,000 small satellites into orbit. This satellite network beams internet connections to hard-to-reach locations on Earth and has been a vital source of connectivity during Russia’s war in Ukraine. Thousands more satellites are planned for launch as the industry booms. Now, like any emerging technology, those satellite components are being hacked.
Read More
One of 5G's Biggest Features Is a Security Minefield [Black Hat USA 2022]
TRUE 5G WIRELESS data, with its ultrafast speeds and enhanced security protections, has been slow to roll out around the world. As the mobile technology proliferates—combining expanded speed and bandwidth with low-latency connections—one of its most touted features is starting to come in to focus. But the upgrade comes with its own raft of potential security exposures. Read More
What to watch for as 'Hacker Summer Camp' gets underway in Las Vegas [Black Hat USA 2022]
A trio of cybersecurity conferences — BSidesLV, Black Hat USA and DEF CON — kicks off this week in Las Vegas in what’s collectively known as Hacker Summer Camp, bringing together policymakers, executives, experts, hackers and enthusiasts against a backdrop of some of the most unsettled international events of recent years. Read More
Sophos Says Attackers are Ganging Up on Victims [Black Hat USA 2022]
Ransomware victims are being targeted by multiple attackers within weeks, days, and even hours, according to a new whitepaper from security vendor Sophos. Read More
Russia-Ukraine Conflict Holds Cyberwar Lessons [Black Hat USA 2022]
The online attacks against infrastructure and information operations used by both sides in the conflict between Russia and Ukraine fulfill the definition of cyberwar and hold lessons for governments and companies, two researchers plan to say this week at the Black Hat USA conference in Las Vegas. Read More
Abusing Kerberos for Local Privilege Escalation [Black Hat USA 2022]
As the main authentication protocol for Windows enterprise networks, Kerberos has long been a favored hacking playground for security researchers and cybercriminals alike. While the focus has been on attacking Kerberos authentication to carry out remote exploits and aid in lateral movement across the network, new research explores how Kerberos can also be abused to great effect in carrying out a variety of local privilege escalation (LPE) attacks. Read More
Early Log4j mitigation, asset inventory led to a better security position [Black Hat USA 2022]
Third-party scans suggest that a significant number of large businesses that spent the first months in the wake of the Log4j discovery conducting rigorous asset inventory and rooting out instances in their software or hardware were able to reduce their risk from the vulnerability to near zero in the following months. Meanwhile, those that were sluggish to initially address the flaw early often saw their risk increase or compound as new, vulnerable assets were brought online over the year. Read More
Simple IDOR vulnerability in Reddit allowed mischief-makers to perform mod actions [Black Hat USA 2022]
A vulnerability in Reddit allowed attackers to perform moderator actions or elevate regular users to mod status without the appropriate permissions. Read More
NetSPI rolls out 2 new open-source pen-testing tools at Black Hat [Black Hat USA 2022]
Preventing and mitigating cyberattacks is a day-to-day — sometimes hour-to-hour — is a massive endeavor for enterprises. New, more advanced techniques are revealed constantly, especially with the rise in ransomware-as-a-service, crime syndicates and cybercrime commoditization. Likewise, statistics are seemingly endless, with a regular churn of new, updated reports and research studies revealing worsening conditions. Read More
Treasury cracks down on a tool that helped launder billions [Black Hat USA 2022]
Welcome to The Cybersecurity 202! Go watch “Sandman” now, if you haven't. Those comics were a formative part of my youth, but I never thought a TV adaptation could work. Thankfully, I was wrong. Read More
IBM reveals ways to use native source-code management functionality in attacks [Black Hat USA 2022]
IBM’s pen testing group X-Force Red released a new source-code management (SCM) attack simulation toolkit Tuesday, with new research revealing ways to use native SCM functionality in attacks. Read More
What to Expect at Black Hat 2022 [Black Hat USA 2022]
Almost every August, Las Vegas fills to the brim with a curious cross-section of visitors: hackers, researchers, hobbyists, and everyone else who has an interest in making computers do things they shouldn't. They're in town for Black Hat (and its less formal sibling event, DEF CON), and PCMag will be there, too. Here's what we're looking forward to this year. Read More
A marquee week for cybersecurity in Vegas [Black Hat USA 2022]
HAPPY MONDAY, and welcome back to Morning Cybersecurity! I’m your host, Maggie Miller, and we’re officially into the part of summer where Washington, D.C., is filled exclusively with tourists while Capitol Hill clears out for the month. The “stand on the right, walk on the left” thoughts are about to go into overdrive. Read More
Phone Numbers Used for Identification, Hacker Summer Camp Advice, Samsung Repair Mode [Black Hat USA 2022]
Why your phone number is becoming a popular way to identify you, our advise on how to best protect your privacy at hacker summer camp in Las Vegas (BSides, BlackHat, DEF CON), and details on Samsung’s new repair mode which will protect your private data on your smartphone when you take it in for repairs. Read More
VMware: The threat of lateral movement is growing [Black Hat USA 2022]
Lateral movement was observed in 25% of all attacks that VMware tracked for its annual "Global Incident Response Threat Report," released Monday. Read More
Cybercriminals Are Using Bots to Steal Online Pharmacy Accounts [Black Hat USA 2022]
Cybercriminals are increasingly deploying software Bots to commandeer the online pharmacy accounts of everyday people, according to new research, allowing hackers to illegally buy prescription drugs and depriving patients of needed medications. Read More
DARKTRACE TO PRESENT KEY SESSIONS AT BLACK HAT USA 2022 [Black Hat USA 2022]
BLACK HAT USA 2022 – Darktrace, a global leader in cyber security artificial intelligence, today announced it will present two sessions at Black Hat USA 2022. Listed below, Darktrace speakers will explore preventative approaches to cyber security that are redefining how organizations and smart cities mitigate cyber risk. Read More
BlackCloak Brings Digital Executive Protection to Black Hat 2022 [Black Hat USA 2022]
Next week, members of both BlackCloak’s executive and revenue teams will descend on Las Vegas for the annual Black Hat Conference. This year will be the first for us as an exhibitor. You can find us setup in Innovation City Booth #52. Read More
Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Report: Emergency Alert System vulnerable to hijacking. [Black Hat USA 2022]
The Security Service of Ukraine (SSU) says it dismantled a large Russian botnet operation that was being used to spread Russian propaganda and disinformation. The bots, about a million strong, were herded from locations within Ukraine itself, in the cities of Kyiv, Kharkiv, and Vinnytsia, BleepingComputer reports. Their output took the form of social media posts from inauthentic accounts associated with fictitious personae. The SSU describes the operation as follows: "Their latest ‘activities’ include the distribution of content on the alleged conflict between the leadership of the President’s Office and the Commander-in-Chief of the Armed Forces of Ukraine as well as a campaign to discredit the first lady. To spin destabilizing content, perpetrators administered over 1 million of their own bots and numerous groups in social networks with an audience of almost 400,000 users. In the course of a multi-stage special operation, the SSU exposed the leader of this criminal group. He is a russian citizen who has lived in Kyiv and positioned himself as a ‘political expert.’" Read More
Wordfence Intelligence Launching at Black Hat 2022 in Las Vegas Next Week [Black Hat USA 2022]
Wordfence protects over 4 million websites around the world on 12,000 unique networks, and we block over 1.8 billion attacks targeting those websites every month. For years we have had a relationship with our customers that is a virtuous cycle: We receive attack reports from our customers at a rate of over 700 reports per second, and we distill those attacks into malware signatures, firewall rules, and an IP blocklist, and we give that data back to our customers in the form of a threat intelligence feed. Read More
Expel Heads to Las Vegas and Makes its Black Hat Debut [Black Hat USA 2022]
Fresh off its successful RSA Conference debut, Expel is again making its first-time appearance at a landmark industry event—Black Hat USA 2022. Expel, the managed security provider that aims to make security easy to understand, use and improve, is exhibiting in the Black Hat business hall, and will be located in booth #2861, August 10-11. Read More
IronNet to Help Secure Black Hat USA 2022 through Network Operations Center [Black Hat USA 2022]
IronNet, Inc. (NYSE: IRNT), an innovative leader Transforming Cybersecurity Through Collective DefenseSM, today announced it will participate in the Black Hat Network Operations Center (NOC) to provide a highly secure, high-availability network in one of the most demanding environments in the world–the Black Hat USA 2022 event. Read More
How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes [Black Hat USA 2022]
It's a well-known fact that humans are — and will remain — one of the weakest links in any company's cyber defenses. Security admins have tried to help the situation through random phishing tests and training, ultimatums, eliminating local control over a given device, and even naming and shaming those unlucky souls who clicked on the wrong link in an email. Read More
Black Hat USA Research: Supply Chain and Cloud Security Risks Are Top of Mind [Black Hat USA 2022]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, releases its eighth annual community survey Supply Chain and Cloud Security Risks Are Top of Mind. The report highlights important findings from more than 180 of the industry’s most experienced cybersecurity professionals who reported concerns over attacks against cloud services, ransomware and the growing risks to the global supply chain. Read More
Black Hat USA 2022: What you need to know [Black Hat USA 2022]
Following a successful hybrid event in 2021 that saw more than 6,000 in-person, and more than 14,500 virtual attendees, Black Hat USA returns in 2022 to the Mandalay Bay Convention Centre in Las Vegas, Nevada. Now in its 25th year, this year’s event has three key components, each equally unmissable, namely these are Trainings, Briefings, and The Business Hall. Read More
Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine [Black Hat USA 2022]
The infamous Sandworm threat group operating out of Russia's military GRU unit has no qualms about taunting researchers when it finds it is being watched. Just ask Robert Lipovsky and his fellow researchers at ESET, who got the message loud and clear when they dissected one of Sandworm's newer malware variants earlier this year: The Sandworm attackers disguised the loader for one of its data-wiping variants as the IDAPro reverse-engineering tool — the very same tool the researchers had used to analyze the attackers' malware. Read More
Why Should you Visit Black Hat this Year? [Black Hat USA 2022]
Ever since it was introduced in 1997 by Jeff Moss, Black Hat has emerged to become one of the most promising information security events across the world. Apart from informative discussions and briefings, the Black Hat event also comes up as a promising opportunity for the networking and security vendors to unveil their ground-breaking products and services in front of an audience, which consists of thousands of security professionals, C-Suite executives, and small-business owners. Read More
Rezilion Unveils Broad Lineup Platform Enhancements, Providing Organizations with Holistic and Automated Toolset to Accelerate Software Security [Black Hat USA 2022]
Rezilion announced today the full availability of its new, automated vulnerability management solution to identify, prioritize, and remediate vulnerable software. Read More
Don't Have a COW: Containers on Windows and Other Container-Escape Research [Black Hat USA 2022]
In what's shaping up to be a summer of container escapes, a pair of talks slated for Black Hat USA next month will explore the kinds of architectural weaknesses in operating systems and in container platforms that can make it easy for attackers break down the barriers of container isolation and run roughshod over cloud infrastructure. Read More
Hackers lifting fingerprints from your Android phone? [Black Hat USA 2022]
Researcher duo reveals that fingerprint sensors on your Android device can be hacked to reveal all you fingerprint dataBy Digit NewsDesk | Published 04 Jul 2022 14:04 IST
HIGHLIGHTS
Research duo reveals that fingerprint sensors on your Android device can be hacked to reveal your fingerprint data
Hackers lifting fingerprints from your Android phone?Hackers lifting fingerprints from your Android phone?GOBASS 400 Headphones Operate calls and music on the go with multi function control Make crystal clear calls with a high def mic Click here to know moreAdvertisementsYour fingerprints on your Android phone might not be as safe as you think. Recently, two security researchers at the annual Black Hat conference revealed that the fingerprint scanner on your Android devices is quite vulnerable. Researchers Tao Wei and Yulong Zhong of FireEye Inc., showed that Hackers can remotely lift fingerprints from Android devices. The duo talked about how design flaws in TrustZone, the ARM technology that comes embedded in modern day smartphones, will simply let a 'sensor spying attack' harvest a user fingerprints. Read More
The Artemis Red Team, a new subgroup within the Synack Red Team, was formed to encourage women, trans and nonbinary people to excel in their pentesting careers. There are vast numbers of untapped and underrepresented hacking talent in the world, and the Artemis Red Team is actively seeking these individuals out, giving them a home for mentorship and helping them develop their professional skills. Read More
Police Linked to Hacking Campaign to Frame Indian Activists [Black Hat USA 2022]
Now the researchers have gone further in nailing down the group’s affiliations. Working with a security analyst at a certain email provider—who also spoke to WIRED but asked that neither they nor their employer be named—SentinelOne learned that three of the victim email accounts compromised by the hackers in 2018 and 2019 had a recovery email address and phone number added as a backup mechanism. Read More
The Ghostwriter team recently released v3.0.0. This release represents a significant milestone for the project, and there has never been a better time to try out Ghostwriter. Our goal was to make it much simpler to install and manage the application and make it possible to add external functionality via an API. This release accomplishes all of this and more, and we’re excited for you to see it. DevOps Connect:DevSecOps @ RSAC 2022 Introducing Ghostwriter CLI For this release, we created an all-new tool to help you manage Ghostwriter’s services, Ghostwriter CLI! GitHub – GhostManager/Ghostwriter_CLI: Golang CLI binary used for installing and managing Ghostwriter Written entirely in Go, this command-line tool can be cross-compiled to support Windows, macOS, and Linux, so you can use whichever operating system you like as your host system for Ghostwriter. You only need to have Docker installed. Ghostwriter CLI greatly simplifies server management. Current Ghostwriter users will notice we have removed the need for the old environment files. We even removed the requirement for you to generate the TLS/SSL certificates for production environments (unless you want to use your own signed certificates). $ ./ghostwriter-cli help Ghostwriter-CLI Read More
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, returns to Las Vegas celebrating Black Hat USA’s 25th anniversary with a hybrid event on August 6 – August 11. The event will take place at Mandalay Bay Convention Center with both a virtual experience and an in-person event, offering a robust lineup of over 80 Briefings hand selected by the Black Hat Review Board, comprised of some of the industry’s most respected experts. Read More
US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional [Black Hat Asia 2022]
The future of cybersecurity public-private partnerships (PPP) will be about sharing efforts and pooling resources to provide a common defense, explained US national cyber director Chris Inglis during a fireside chat at Black Hat Asia Read More
How to Turn a Coke Can Into an Eavesdropping Device [Black Hat Asia 2022]
A soda can, a smartphone stand, or any shiny, lightweight desk decoration could pose a threat of eavesdropping, even in a soundproof room, if an attacker can see the object, according to a team of researchers from Ben-Gurion University of the Negev. Read More
Black Hat Asia: Democracy's Survival Depends on Taming Technology [Black Hat Asia 2022]
Technology is an existential threat to global democracy — requiring a shift to a transnationally regulated, culturally sensitive tech ecosystem that provides space for democracies to flourish. Read More
CISO Shares Top Strategies to Communicate Security's Value to the Biz [Black Hat Asia 2022]
When it comes to demonstrating the value of cybersecurity to a business, one of the biggest challenges is communicating ROI to the C-suite. The entrenched perception of security as an obstacle to productivity and other areas makes it very difficult for security engineers and nontechnical management to be on the same page. Read More
Black Hat Asia: ‘If democracy is to survive, technology will have to be tamed’ [Black Hat Asia 2022]
The internet is not currently, as its earliest advocates foresaw, “a great liberator of human expression and catalyst for pluralism and democratic thought”, reflects tech and geopolitics expert Samir Saran. Read More
'Peacetime in cyberspace is a chaotic environment' says senior US advisor [Black Hat Asia 2022]
Cyber war has become an emerged aspect of broader armed conflicts, commencing before the first shot is fired, cybersecurity expert Kenneth Geers told the audience at the Black Hat Asia conference on Friday. Read More
Software patching must work like car safety recalls, says US cyber boss [Black Hat Asia 2022]
Software made unsafe by dependencies should be fixed without users needing to interact with the source of the problem, according to US National Cyber Director Chris Inglis, who serves in the Executive Office of the President. Read More
Researchers find 134 flaws in the way Word, PDFs, handle scripts [Black Hat Asia 2022]
Security researchers have devised a tool that detects flaws in the way apps like Microsoft Word and Adobe Acrobat process JavaScript, and it's proven so effective they've found 134 bugs – 59 of them considered worthy of a fix by vendors, 33 assigned a CVE number, and 17 producing bug bounty payments totaling $22,000. Read More
To predict the targets of Chinese malware, look at the target of Chinese laws [Black Hat Asia 2022]
BLACK HAT ASIA Keep an eye on new Chinese government policies, if you want to anticipate malware attacks, a threat intelligence analyst suggested at the Black Hat Asia conference on Thursday. Read More
Black Hat founder on cyber-governance and Ukraine war [Black Hat Asia 2022]
BLACK HAT ASIA The war in Ukraine, and the Declaration for the Future of the Internet signed by 60 nations in late April, should be understood in the context of a global effort to recruit the nations of the world into blocs with different attitudes to internet governance. Read More
APT gang 'Sidewinder' goes on two-year attack spree across Asia [Black Hat Asia 2022]
BLACK HAT ASIA The advanced persistent threat gang known as SideWinder has gone on an attack spree in the last two years, conducting almost 1,000 raids and deploying increasingly sophisticated attack methods. Read More
Transforming SQL Queries Bypasses WAF Security [Black Hat Asia 2022]
A team of university researchers used basic machine learning to identify patterns that common Web application firewalls (WAFs) fail to detect as malicious, but which can still deliver an attacker's payload, one of the researchers said in a presentation at the Black Hat Asia security conference in Singapore on Thursday. Read More
Black Hat Asia: Firmware Supply Chain Woes Plague Device Security [Black Hat Asia 2022]
When it comes to developing the firmware that powers computing devices, the ecosystem consists of complex supply chains that have multiple contributors. For any given device, firmware could be made up of a hodgepodge of components from different sources. And that means that when it's time to address security vulnerabilities, it's far from a straightforward process to get a patch out to the public. Read More
On the Air With Dark Reading News Desk at Black Hat Asia 2022 [Black Hat Asia 2022]
Like many things since 2020, Dark Reading News Desk has had to adapt. Instead of broadcasting live interviews with security researchers presenting at Black Hat, News Desk shifted to prerecorded interviews with the speakers. Read More
It's time to kick China off social media, says tech governance expert [Black Hat Asia 2022]
BLACK HAT ASIA The time has come to remove Chinese voices from global social media, according to Samir Saran, president of Delhi-based think tank Observer Research Foundation (ORF), a commissioner of The Global Commission on the Stability of Cyberspace, and a member of Microsoft's Digital Peace Now Initiative. Read More
Known macOS Vulnerabilities Led Researcher to Root Out New Flaws [Black Hat Asia 2022]
Sometimes all it takes to root out a new software vulnerability is to study and analyze previous bug reports. That's how researcher Csaba Fitzl says he sniffed out some new Apple macOS vulnerabilities, one of which was a mirror image of a logic flaw that a group of researchers competing in the 2020 Pwn2Own contest found and executed there. Read More
1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin [Black Hat Asia 2022]
It's one of the more prolific yet lesser-known nation-state hacking groups in the world, and it's not out of China or Russia. The so-called SideWinder (aka Rattlesnake or T-APT4) group has been on a tear over the past two years, launching more than 1,000 targeted attacks. Read More
Black Hat Announces Keynote Speakers for Black Hat Asia 2022 Hybrid Event [Black Hat Asia 2022]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces Samir Saran, President of the Observer Research Foundation, and George Do, Chief Information Security Officer at Gojek and GoTo Financial, as Keynote speakers for Black Hat Asia 2022 hybrid event. Registration is open for the hybrid event offering a virtual only pass and an in-person pass, taking place at Marina Bay Sands in Singapore on May 10 – 13 (GMT +8h). Read More
Black Hat Announces Content Lineup for Black Hat Asia 2022 Hybrid Event [Black Hat Asia 2022]
SAN FRANCISCO--(BUSINESS WIRE)--Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces the release of its Briefings and content lineup for Black Hat Asia 2022. Registration is open for the hybrid event offering a virtual only pass and an in-person pass, taking place at Marina Bay Sands in Singapore on May 10 – 13 (GMT +8h). This year’s Briefings lineup will include over 30 talks spanning many topics on information security such as malware, reverse engineering, applied security, exploit development, cloud and platform security and more. Read More
An Optical Spy Trick Can Turn Any Shiny Object Into a Bug [Black Hat Asia 2022]
THE MOST PARANOID among us already know the checklist to avoid modern audio eavesdropping: Sweep your home or office for bugs. Put your phone in a Faraday bag—or a fridge. Consider even stripping internal microphones from your devices. Now one group of researchers offers a surprising addition to that list: Remove every lightweight, metallic object from the room that's visible from a window. Read More
Removing need to unlock mobile wallets for contactless payments has eroded security protections, researchers warn [Black Hat Europe 2021]
Moves to make it easier to use contactless payments on public transport systems have eroded the security of mobile wallets, security researchers have discovered. Read More
IoT Protocol Used by NASA, Siemens and Volkswagen Can Be Exploited by Hackers [Black Hat Europe 2021]
Maintained by the standards development organization Object Management Group (OMG), DDS is a middleware protocol and API standard for data connectivity that is advertised as ideal for business-critical IoT systems. DDS has been used in sectors such as public transportation, air traffic management, aerospace, autonomous driving, industrial robotics, medical devices, and missile and other military systems. Read More
How to Negotiate With Ransomware Attackers [Black Hat Europe 2021]
Organizations hit with ransomware often find themselves in a crisis: To pay or not to pay? Most security experts agree payment is not the ideal response to a ransomware attack. But the truth is, some organizations don't have a choice — and in these cases, they need to have a strategy. Read More
Black Hat Europe: Strong security relies on a 'culture of openness' [Black Hat Europe 2021]
Executives and managers need to do a better job of creating a safe space for knowledge-sharing if they hope to make their organisations more secure. Read More
Black Hat Europe on SOC psychology [Black Hat Europe 2021]
So much of cyber security is about technicalities, and seldom about workplace psychology. That’s as true of this week’s annual Black Hat Europe conference, online and in London; where titles of talks have included the intriguing ‘how your e-book might be reading you’; VPN exploits, ransomware, cloud account hacking, hacked databases of Azure customers, and so on. Read More
#BHEU: Zero Trust Protects Against Ransomware, Claims Engineer [Black Hat Europe 2021]
“A zero trust architecture can protect against ransomware” was the resounding claim made by Ben Jenkins, senior solutions engineer at ThreatLocker, during a session at Black Hat Europe 2021. Read More
#BHEU: Can Time Be Hacked? [Black Hat Europe 2021]
Time synchronization is a fragile ecosystem that is vulnerable to being hacked, with the potential for enormous damage to be caused. This was the message of Adam Laurie, global associate partner and lead hardware hacker, IBM X-Force Red, during the keynote address on day two of Black Hat Europe 2021. Read More
Zero tolerance: How infosec’s online ‘cancel culture’ is stunting industry growth [Black Hat Europe 2021]
Social media backlash and online squabbling is stopping the information security industry from learning from its mistakes, Black Hat Europe attendees heard today. Read More
What Happens If Time Gets Hacked [Black Hat Europe 2021]
Most people take time synchronization for granted, but it operates on what hardware security expert Adam Laurie calls a "fragile ecosystem." Laurie, a renowned hardware hacker, here today demonstrated an unnervingly simple way to alter time on a clock. Read More
#BHEU: 5 Ways to Approach Ransomware Negotiations [Black Hat Europe 2021]
Five key approaches organizations should take during ransomware negotiations with extorters to improve the outcome were outlined by Pepijn Hack, cybersecurity analyst of Fox-TT, part of NCC Group, in a session at Black Hat Europe 2021. Read More
Cloud Attack Analysis Unearths Lessons for Security Pros [Black Hat Europe 2021]
An attack group known for cloud-specific campaigns targeting Amazon Web Services (AWS) credentials has recently expanded its toolkit to steal more credentials from targeted cloud systems and deploy new tactics to exploit containerized Kubernetes systems. Read More
Black Hat Europe: ‘Failures in tech governance are eroding democracy’ [Black Hat Europe 2021]
Public and private sector bodies in charge of governing the use of technology in society are “effectively condoning” attacks on democracy, a leading expert on cyber security has said. Read More
#BHEU: Ransomware is The New Terrorism, Contends Cyber Expert [Black Hat Europe 2021]
“The continued survival and future of your organization cannot be based upon negotiations with criminals,” was the stark message given by Tanner Johnson, principal analyst of OMDIA, during his session at Black Hat Europe 2021. Read More
Apiiro Unveils Open Source Software Toolkit to Combat Dependency Confusion Attacks [Black Hat Europe 2021]
Apiiro, the leader in Application Risk Management, announced the release of the Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. The Dependency Combobulator allows organizations to safeguard against this newly uncovered type of risk, which has been on the rise this year as a key vector in supply chain attacks targeting dependencies within software packages. This new solution is a critical element in Apiiro’s multidimensional approach to securing the Software Development Lifecycle to prevent both direct and supply chain attacks. Read More
Businesses don't know how to manage VPN security properly - and cyber criminals are taking advantage [Black Hat Europe 2021]
Cyber attacks targeting vulnerabilities in virtual private networks (VPN) are on the rise, and many organisations are struggling to protect their networks.
Read More
Researcher Details Vulnerabilities Found in AWS API Gateway [Black Hat Europe 2021]
All it took was a space between characters and a few random letters, and Web researcher Daniel Thatcher was able to modify the HTTP header sent to Amazon API Gateway. Read More
Cybersecurity: This prolific hacker-for-hire operation has targeted thousands of victims around the world [Black Hat Europe 2021]
A hacker-for-hire operation offered by cyber mercenaries has targeted thousands of individuals and organisations around the world, in a prolific campaign of financially driven attacks that have been ongoing since 2015. Read More
#BHEU: Zero Trust Protects Against Ransomware, Claims Engineer [Black Hat Europe 2021]
“A zero trust architecture can protect against ransomware” was the resounding claim made by Ben Jenkins, senior solutions engineer at ThreatLocker, during a session at Black Hat Europe 2021. Read More
Dark Reading Video News Desk Comes to Black Hat Europe [Black Hat Europe 2021]
The Dark Reading News Desk has, in past years, come to you live from Black Hat with live video interviews featuring top security researchers who discuss the details of their presentations at the show. But as the world has changed, so too has our News Desk. Read More
#BHEU: How to Create a Safe and Democratic Digital Infrastructure [Black Hat Europe 2021]
Liberal nations must act now to ensure the digital ecosystem operates in a way that is conducive to democratic values. This was the message of Marrietje Schaake, international policy director at Stanford University’s Cyber Policy Center, speaking during the opening keynote session on day three of Black Hat Europe 2021. Read More
Black Hat Europe: Laws and regulations need to change to secure world’s digital infrastructure [Black Hat Europe 2021]
Tighter restrictions against digital weapons and a reframing of the economics of cybersecurity are needed to stop the erosion of democratic institutions and values, delegates at Black Hat Europe heard today (November 10).
Marietje Schaake, international policy director at Stanford University’s Cyber Policy Center, warned that the way the digital infrastructure currently operates is eroding democratic principles in ways that and leave us vulnerable to cyber-attacks. Read More
Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors [Black Hat Europe 2021]
A stakeout in digital investigations looks very different to the traditional images of sleuths camped out in blacked-out vans. Just ask Netherlands-based cybersecurity researcher Feike Hacquebord, who’d spent some months behind his computer screen tracking the activities of a hacker-for-hire crew called RocketHack when, in October 2020, he had a slice of luck. Data collected by his employer, Trend Micro, pointed to a web page used by RocketHack to monitor its victims. Requiring no password to enter, it effectively gave him a shop floor view of a bustling hacker-for-hire operation. Read More
Securing the Public: Who Should Take Charge? [Black Hat Europe 2021]
When governments rely on private organizations to build and protect their digital infrastructure, who is charged with protecting the public? How can troves of information stay secure at a time when the attack surface is rapidly expanding? Read More
Hacker-for-Hire Group Spied on More Than 3,500 Targets in 18 Months [Black Hat Europe 2021]
A Russian-speaking hacker-for-hire group has been quietly spying on thousands of individuals and organizations worldwide and selling highly private information about them to various customers, motivated by financial gain and by politically driven agendas. Read More
When Liza Minnelli sang that famous tune, “Money makes the world go around,” she should have added one more word: time. Time makes the world go around. It’s that one agreed-upon part of life that the world shares. From laptops to phones to wall clocks to just about every other technology, time is everywhere, controlling our important life responsibilities. In cybersecurity, time is also critical. Event log files rely on time. Forensic investigations rely on time. Networks rely on time. In fact, Network Time Protocol (NTP) is one of the oldest internet protocols still in use. Read More
Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks [Black Hat Europe 2021]
A researcher has created a method for testing and identifying how HTTP/HTTPS headers can be abused to sneak malicious code into back-end servers. Read More
APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm [Black Hat Europe 2021]
Virtual private networks (VPNs), which have become essential for many organizations that provide remote employees with access to private networks since the pandemic's onset, are a popular target for cyberattacks. Incident response teams say these attacks on VPNs aren't new, but attackers are finding new and sophisticated ways to compromise enterprise VPNs. Read More
Read Between the Lines: Finding Flaws in EPUB Reading Systems [Black Hat Europe 2021]
How secure is your e-reader? A team of security researchers curious to explore e-book security analyzed free EPUB reading applications and physical e-readers and found that many apps don't comply with security recommendations, and some popular applications are vulnerable to exploitation. Read More
Who's In Your Wallet? Exploring Mobile Wallet Security [Black Hat Europe 2021]
The rise of mobile wallet apps like Apple Pay, Google Pay, and Samsung Pay has made it easier for smartphone owners to pay for goods and services without touching a payment terminal. But as researchers found, some inconsistencies could make it easier for cybercriminals to commit fraud on stolen devices. Read More
Who's In Your Wallet? Exploring Mobile Wallet Security [Black Hat Europe 2021]
The rise of mobile wallet apps like Apple Pay, Google Pay, and Samsung Pay has made it easier for smartphone owners to pay for goods and services without touching a payment terminal. But as researchers found, some inconsistencies could make it easier for cybercriminals to commit fraud on stolen devices. Read More
10 Hot Red Team Tools Set to Hit Black Hat Europe [Black Hat Europe 2021]
The latest round of Black Hat Arsenal, next month at Black Hat Europe, is set to put the spotlight on a range of new and evolving tools tailor-made for penetration testers, red teamers, and other offensive security professionals. Some tools are brand new, while others are evolving and unveiling new features at the show. Either way, Arsenal will offer up plenty of tools for discovering misconfigurations, building out exploits, delivering payloads, tracking penetration testing campaigns, and more. Read More
Applying Behavioral Psychology to Strengthen Your Incident Response Team [Black Hat Europe 2021]
Cybersecurity incident response teams (CSIRTs) rely on technical and social skills. But focusing mostly on technical knowledge can come at the expense of communication and teamwork, according to a new study. Read More
Your Apple Pay payments can be stolen over the air — here's what to do [Black Hat Europe 2021]
Apple Pay payments can be stolen from your iPhone over the air, and the problem still exists because neither Apple nor Visa wants to be the one to fix it, UK-based researchers say.
Read More
Microsoft Azure Cloud Vulnerability Exposed Thousands of Databases [Black Hat USA 2021]
Microsoft's Azure cloud platform exposed the database keys of 3,300 customers, including Fortune 500 enterprises, that had used a data-science feature available on the platform since 2019, cloud security firm Wiz said this week. Read More
CISA: ProxyShell flaws being actively exploited, patch now [Black Hat USA 2021]
Nearly three weeks after the vulnerability set gained greater prominence at the Black Hat 2021 conference, the ProxyShell flaws are now being actively exploited by threat actors, according to an urgent CISA advisory published Saturday. Read More
Nasty new malware targets Microsoft Exchange servers [Black Hat USA 2021]
A new ransomware operator known as LockFile encrypts Windows domains after breaking into vulnerable Microsoft Exchange servers using the recently disclosed ProxyShell exploit. Read More
LockFile Ransomware Targets Microsoft Exchange Servers [Black Hat USA 2021]
Security researchers have discovered a new ransomware family called LockFile that appears to have been used to attack Microsoft Exchange servers in the US and Asia since at least July 20. Read More
Scaring up enterprise cybersecurity innovation at a pandemic-constrained Black Hat [Black Hat USA 2021]
The cybersecurity conference Black Hat roared back to Las Vegas last week in spite of a renewed mask mandate and a virtual event alternative. My mission: Uncover what’s next in the world of enterprise cybersecurity. Read More
Black Hat 2021: What we don’t know may be the greatest cybersecurity threat [Black Hat USA 2021]
I always come away from the Black Hat USA cybersecurity conference having learned something new, feeling inspired, and imbued with just the right amount of angsty determination to do my part to help improve what is, in my opinion, one of the most pressing collective problems of our time. Read More
More SolarWinds-style attacks are coming. Here's how to stop them [Black Hat USA 2021]
Supply-chain hacks are an information-security problem we probably had coming. In retrospect, these hacks—which target the mechanisms companies employ to manage and update their software and systems—seem as inevitable as a virus evolving to infect more people. Read More
The Ripple Effect: How increasing the number of women in the infosec can result in a happier workplace [Black Hat USA 2021]
The issue of diversity in the information security industry was a hot topic at Black Hat USA last week, as more companies look to create a more inclusive workplace. Read More
Top Hacks from Black Hat and DEF CON 2021 [Black Hat USA 2021]
Security researchers made up for the lack of audience interaction by showing that – like the athletes competing at this month’s Olympics and Paralympics – they could go faster, higher, and stronger together.
Still catching up on the proceedings? Look no further: Read More
Security of Open Source Components Requires More Collaborative Efforts [Black Hat USA 2021]
When security researchers and the open source community disclosed the Heartbleed vulnerability in OpenSSL in April 2014, the project — which underpins much of the secure communications for the Web — only had two full-time developers. The lack of resources for such a critical open source project highlights the issues open source projects and components continue to have: a lack of funding, slow patching, and — increasingly — a great deal of interest from attackers. Read More
The 20 Hottest Cybersecurity Products At Black Hat 2021 [Black Hat USA 2021]
Vendors are taking advantage of Black Hat 2021’s bright spotlight to launch new cybersecurity products, features, platforms and tools that will set the stage for the months and years to come. For the hundreds of exhibitors found at Black Hat, the Business Hall provides a chance to promote new products and highlight strategic shifts to an in-person audience of approximately 5,000. Read More
Black Hat Conference Yields New Cybersecurity Products [Black Hat USA 2021]
Black Hat USA, one of the premier cybersecurity conferences held yearly, is prime time for vendors to announce new cybersecurity products, and this year was no exception. Read More
Black Hat security conference returns to Las Vegas – complete with hacks to quiet the hotel guest from hell [Black Hat USA 2021]
After a year off due to a certain virus, the Black Hat and DEF CON security conferences returned to Las Vegas last week, just in time for the US government's attempts to foster more collaboration across the infosec industry. Read More
Microsoft Exchange servers are once again under attack [Black Hat USA 2021]
Threat actors have once again started scanning for the now-patched vulnerabilities in Microsoft Exchange, cybersecurity experts shared at the recent Black Hat 2021 conference. Read More
Apple plan to scan users’ iCloud photos raises new fears of government-mandated data access [Black Hat USA 2021]
A firestorm emerged on Friday and raged during the weekend over Apple's new "Expanded Protections for Children," a series of measures across Apple's platforms aimed at cracking down on child sexual abuse material (CSAM). The new protections address three areas, including communications tools for parents and updates to Siri and search to help children and parents deal with unsafe situations. Read More
At Black Hat, mobile and open-source software emerge as key cybersecurity dangers [Black Hat USA 2021]
Mobile platforms and open-source software emerged as key cybersecurity issues at the annual Black Hat USA cybersecurity conference this week, judging from presentations by a mix of onsite attendees and virtual streaming of briefings from security researchers around the globe. Read More
FragAttacks Foil 2 Decades of Wireless Security [Black Hat USA 2021]
The evolution of wireless security could at best be described as trial and error. The initial standard that debuted in the late 1990s — Wired Equivalent Privacy (WEP) — had significant security problems, and the first two version of Wireless Protected Access, WPA and WPA2, both have been found to be vulnerable to a variety of other security issues. Read More
White House officials share cybercrime strategy at conference [Black Hat USA 2021]
Department of Homeland Security Secretary Alejandro Mayorkas and CISA director Jen Easterly laid out the federal government's plan to tackle the recent uptick in ransomware attacks earlier this week. The two were keynote speakers at the annual Black Hat USA cybersecurity conference in Las Vegas. CBS News technology reporter Dan Patterson joined CBSN to discuss. Read More
#BHUSA: CISA Director Advocates for New Partnership to Improve Cybersecurity [Black Hat USA 2021]
Jen Easterly has only been on the job as the director of the United States’ Cybersecurity and Infrastructure Agency (CISA) for a few weeks, but she's looking to make a quick impact.
In a keynote at the Black Hat US 2021 hybrid event on August 5, Easterly outlined the goals of CISA and announced a series of new initiatives designed to help enable closer coordination and partnership between the US government and the private sector. The big news was the announcement of the Joint Cyber Defense Collaborative (JCDC) with an initial group of partners that includes CrowdStrike, Palo Alto Networks, FireEye, Microsoft, Google, Amazon Web Services, AT&T, Verizon, and Lumen. Read More
#BHUSA: DHS Chief: ‘We are Competing for the Future of Cyberspace’ [Black Hat USA 2021]
Alejandro Mayorkas, Secretary of the U.S. Department of Homeland Security (DHS), sees the future of cyberspace as being a contest of ideals, between openness and authoritarianism.
Mayorkas delivered his remarks in a keynote at the Black Hat US 2021 hybrid event on August 5. He noted that in recent years the cybersecurity landscape has shifted, with news headlines about data breaches; ransomware attacks disrupting hospitals, schools, food suppliers and pipelines; as well as interference in elections. The events of the last few years, according to Mayorkas, have served to reinforce the importance of cybersecurity, how it is governed and why there is a need for a free and secure cyberspace. Read More
AI Wrote Better Phishing Emails Than Humans in a Recent Test [Black Hat USA 2021]
NATURAL LANGUAGE PROCESSING continues to find its way into unexpected corners. This time, it's phishing emails. In a small study, researchers found that they could use the deep learning language model GPT-3, along with other AI-as-a-service platforms, to significantly lower the barrier to entry for crafting spearphishing campaigns at a massive scale. Read More
Security News This Week: Microsoft Edge’s ‘Super Duper Secure Mode’ Does What It Says [Black Hat USA 2021]
THIS WEEK, APPLE made an announcement as surprising as it was controversial. The company will begin scanning both iCloud and user devices for child sex abuse materials. It's using clever cryptography to do so, and it won't actually be able to view the images on a user's iPhone, iPad, or Mac unless it detects multiple instances of CSAM. But some cryptographers sounded the alarm over how the technology could be used in the future, especially by authoritarian governments. Read More
Security News in Review: Zero Trust, The Government, and You [Black Hat USA 2021]
This week in security has seen some new moves from the federal government on zero trust, tighter collaboration with the private tech sector, and more than a few new attacks from groups operating in China and Iran. With that said, here’s the security news in review. Read More
Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now [Black Hat USA 2021]
Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference.
Before we get to the active scanning of these vulnerabilities, it is important to understand how they have been disclosed. Read More
CISA to partner with Amazon, Google, Microsoft, Verizon, AT&T and more for cyberdefense initiative [Black Hat USA 2021]
CISA director Jen Easterly announced a new cyberdefense collaborative that will see government bodies partner with Google, Microsoft, Verizon and more on protective cybersecurity measures. Read More
Jen Easterly at Black Hat: Top cyber official calls for more 'ambitious' defenses while encouraging people to join CISA [Black Hat USA 2021]
In her first major speech since taking office, Cybersecurity and Infrastructure Security Agency Director Jen Easterly sought to elevate the young agency, pushing for more cybersecurity talent across the US and announcing a new initiative collaborating with the private sector on ransomware and other issues.
Read More
The U.S. wants Amazon, Google, Microsoft, and others to join them in the fight against cybercrime [Black Hat USA 2021]
The US government wants Big Tech to support its efforts to improve the security of the country's critical infrastructure against cyber threats. According to a report from the Wall Street Journal, the initiative is led by the Department of Homeland Security and is meant to bring the government and the private sector together in defending the country against cyberattacks. Read More
Black Hat USA: HTTP/2 flaws expose organizations to fresh wave of request smuggling attacks [Black Hat USA 2021]
HTTP/2 specification pitfalls and implementation errors have resulted in some of the world’s biggest tech companies exposing themselves to high-impact web attacks, new research shows. Read More
CISA Launches JCDC, the Joint Cyber Defense Collaborative [Black Hat USA 2021]
Jen Easterly, the newly appointed director of the Cybersecurity and Infrastructure Security Agency (CISA), officially invited the security industry to team up with the federal government to proactively address and defend against the growing wave of cyberattacks on US organizations and government agencies that have intensified over the past year. Read More
Bow to the USBsamurai: Malicious USB cable leaves air-gapped networks open to attack [Black Hat USA 2021]
Penetration testers tasked with auditing industrial environments for susceptibility to USB implants have been offered a new utility for their hacking toolbox. Read More
I Watched a Training Video for Iranian Hackers [Black Hat USA 2021]
Security researchers generally don’t discuss the little mistakes hackers make, and they never show hacking group training videos. But that’s exactly what happened at this year’s Black Hat, where a pair of researchers examined the eccentricities of an Iranian hacking group. Read More
The Scariest Things We Saw at Black Hat 2021 [Black Hat USA 2021]
Every year, the Black Hat security conference gathers the best and most frightening security research in one (sometimes digital) place. Here's what impressed and worried us in 2021. Read More
Black Hat USA: Downgrade attack against Let’s Encrypt lowers the bar for printing fraudulent SSL certificates [Black Hat USA 2021]
Security shortcomings in the mechanism used by Let’s Encrypt to validate web domain ownership create a loophole that allow cybercriminals to get digital certificates for domains more easily. Read More
DNS loophole could allow hackers to carry out “nation-state level spying” [Black Hat USA 2021]
Security researchers have discovered a flaw within major DNS-as-a-Service (DNSaaS) providers that could allow hackers to access confidential data within corporate networks. Read More
DHS secretary asks for more participation and cooperation with cybersecurity pros [Black Hat USA 2021]
Secretary of Homeland Security Alejandro Mayorkas closed Black Hat Thursday evening with a keynote address asking cybersecurity professionals to consider working for the Department of Homeland Security and, if that is not for them, help in other ways, including helping foster a diverse next generation of cyber talent. Read More
Black Hat Is Back: Scenes From The Show [Black Hat USA 2021]
Black Hat 2021 was one of the first large-scale technology conferences to take place in person since the arrival of COVID-19 last spring, with 5,000 cybersecurity enthusiasts convening in Las Vegas’ Mandalay Bay Convention Center to hear about ransomware, supply chain and critical infrastructure attacks from leaders including Homeland Security (DHS) Secretary Alejandro Mayorkas and CISA Director Jen Easterly. Read More
All your DNS were belong to us: AWS and Google Cloud shut down spying vulnerability [Black Hat USA 2021]
Until February this year, Amazon Route53's DNS service offered largely unappreciated network eavesdropping capabilities. And this undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider. Read More
Hybrid Black Hat Conference Features ‘Intimate’ Setting, Meaningful Conversations [Black Hat USA 2021]
The ongoing COVID-19 pandemic didn’t stop this year’s Black Hat conference from going live again in Las Vegas.
This time, the Black Hat conference was a virtual event, with most participants opting for virtual, while around 5,000 chose to attend in person. In addition, the business hall was noticeably smaller, lacking the presence of cybersecurity giants such as Mircrosoft, IBM, FireEye, Palo Alto Networks and more. That gave the startups and smaller providers a chance to stand out during this Black Hat conference. Read More
Cybersecurity conference goes ahead in Las Vegas [Black Hat USA 2021]
Despite the coronavirus pandemic, one of the world’s largest cyber security conferences – Black Hat is taking place in Las Vegas.
This year it’s part in-person and part virtual. Read More
Top cyber official calls for more 'ambitious' defenses while encouraging people to join CISA [Black Hat USA 2021]
In her first major speech since taking office, Cybersecurity and Infrastructure Security Agency Director Jen Easterly sought to elevate the young agency, pushing for more cybersecurity talent across the US and announcing a new initiative collaborating with the private sector on ransomware and other issues. Read More
The Cybersecurity 202: CISA’s new director brought a unique style to Black Hat [Black Hat USA 2021]
The government’s new cybersecurity quarterback made a strong appeal at the Black Hat conference for industry cyber pros to partner with government to counter hacking threats.
The entreaty from Cybersecurity and Infrastructure Security Agency Director Jen Easterly comes amid an unprecedented wave of cyberattacks against critical industry sectors that are threatening to disrupt the flow of electricity, water and gas and dramatically affect national and economic security. Read More
Black Hat: Charming Kitten Leaves More Paw Prints [Black Hat USA 2021]
The suspected Iranian threat group that IBM Security X-Force calls ITG18 and which overlaps with the group known as Charming Kitten keeps leaving a trail of paw prints. Read More
Hillicon Valley: Senators highlight security threats from China during rare public hearing | Facebook suspends accounts of NYU researchers who've criticized platform [Black Hat USA 2021]
The leaders of the Senate Intelligence Committee and other officials warned Wednesday of increasing threats from China on a number of fronts, including the stealing of intellectual property, malign influence and cyberattacks. Read More
Shutterstock START SLIDESHOW Black Hat USA: Worst Supply Chain Attacks Are Yet to Come [Black Hat USA 2021]
It’s early days in terms of supply chain cyberattacks, according to the opening keynote speaker at Black Hat USA 2021. Furthermore, the size and scope of what’s to come will make what’s happened so far look like “peanuts.” Read More
Why Supply Chain Attacks Are Destined to Escalate [Black Hat USA 2021]
The epic software supply chain attacks over the past year, including the high-profile breaches of SolarWinds, Microsoft Exchange Server, Kaseya, and Codecov, were only the beginning. Read More
Google, Amazon forced to patch DNS platforms after serious bug discovered [Black Hat USA 2021]
Cybersecurity researchers have disclosed a security issue that affected hosted DNS service providers and can be exploited to monitor incoming traffic and map the victim’s internal networks. Read More
Pew! Pew! Researcher Uses Laser to Steal Data From a Tiny Chip [Black Hat USA 2021]
The Black Hat conference is often about spectacle, and few things are more attention-grabbing than lasers. In his virtual presentation, Ledger's Hardware Security Expert Olivier Heriveaux used precisely timed laser blasts to trick a chip into giving up its secrets. Read More
I Watched a Training Video for Iranian Hackers [Black Hat USA 2021]
Security researchers generally don't discuss the little mistakes hackers make, and they never show hacking group training videos. But that's exactly what happened at this year's Black Hat, where a pair of researchers examined the eccentricities of an Iranian hacking group. Read More
Amazon, Google and other tech companies join government effort to fight ransomware [Black Hat USA 2021]
Amazon, Google and Microsoft are among several tech companies that have agreed to join a government effort to fight ransomware as cyber attacks have become regular threats to U.S. organizations. Read More
Beware Your Browser Messing With Your Files [Black Hat USA 2021]
Using just a browser and some clever tricks, a researcher presenting at the Black Hat security conference demonstrated how to weaponize a tool intended to make websites more like apps. Read More
Researchers Find Significant Vulnerabilities in macOS Privacy Protections [Black Hat USA 2021]
Applications that are allowed to run on Apple's operating system, macOS, can exceed the permissions granted to them by the user and the operation system, allowing a variety of privacy attacks, such as grabbing address book information, taking screenshots, and gaining access to system files, two researchers stated at a Black Hat USA briefing on Aug. 4. Read More
Organizations Still Struggle to Hire & Retain Infosec Employees: Report [Black Hat USA 2021]
Is the cybersecurity skills shortage overstated? No, according to a recent survey of Information Systems Security Association (ISSA) members. The majority of respondents report the skills shortage is a significant problem that is hurting organizations. Read More
Strong Encryption Is 'Absolutely Fundamental,' US Cybersecurity Chief Says [Black Hat USA 2021]
Encryption technology sometimes seems at odds with the goals of government and law enforcement, but Jen Easterly, the recently confirmed director of the Cybersecurity and Infrastructure Security Agency (CISA), gave it her stamp of approval during today's Black Hat security conference. Read More
Black Hat: How cybersecurity incidents can become legal minefields [Black Hat USA 2021]
When a company becomes the victim of a cyberattack, executives are faced with a tsunami of challenges: containing a breach, remediation, informing customers and stakeholders, identifying those responsible, and conducting a forensic analysis of the incident -- to name but a few. Read More
New DNS vulnerability allows 'nation-state level spying' on companies [Black Hat USA 2021]
Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks. Read More
4 things I learned at Black Hat 2021 [Black Hat USA 2021]
The Black Hat 2021 cybersecurity conference took place in Las Vegas this week, and it’s been a whirlwind few days. The awkwardness of returning to face-to-face events and the sensory overload of walking through the Mandalay Bay casino gave way to some fantastic content from the sessions and engaging discussions on the show floor. It was great to get back together with the security community and really reconnect after a truly extraordinary year in security — and in society. As I head home, a few themes that seemed to underpin so much of the show are now coalescing in my mind. Read More
Federal cyber agency kicks off collaborative to defend the U.S. against cyberattacks [Black Hat USA 2021]
The Cybersecurity and Infrastructure Security Agency (CISA) on Thursday kicked off a new effort to help defend the U.S. against cyberattacks, which have multiplied in recent months. Read More
Black Hat: New CISA Head Woos Crowd With Public-Private Task Force [Black Hat USA 2021]
Just weeks after the U.S. Senate confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency (CISA), the new director spoke at Black Hat USA 2021 on Thursday, albeit virtually, announcing a major public-private partnership to fight cybercrime. Read More
Some Cyber Experts Want to Investigate Hacks Like Plane Crashes [Black Hat USA 2021]
President Biden in May ordered the Department of Homeland Security to create a public-private board to investigate major hacks but offered few details on how the initiative would work. Some security wonks say the administration should look to transportation disasters for clues. Read More
The 20 Hottest Cybersecurity Products At Black Hat 2021 [Black Hat USA 2021]
Vendors are taking advantage of Black Hat 2021’s bright spotlight to launch new cybersecurity products, features, platforms and tools that will set the stage for the months and years to come. For the hundreds of exhibitors found at Black Hat, the Business Hall provides a chance to promote new products and highlight strategic shifts to an in-person audience of approximately 5,000. Read More
What to Expect at Black Hat 2021 [Black Hat USA 2021]
The COVID-19 outbreak forced many large conferences to either move online or cancel altogether. In 2020, the Black Hat hacker convention chose to go online-only for the first time in its decades-long history. This year, Black Hat is back in its natural habitat (the Mandalay Bay Convention Center in Las Vegas), but some of us will still be attending from home. Read More
Watch a Hacker Hijack a Capsule Hotel's Lights, Fans, and Beds [Black Hat USA 2021]
When staying in a “capsule hotel,” the Japanese style of budget accommodation that packs guests into tiny, adjoining rooms not much bigger than their bodies, be considerate of your neighbors. Especially if the capsule hotel you're staying in offers digital automation features—and a hacker is staying in the next room over. Read More
Kaseya Ransomware Attack: 10 Things MSPs Must Do To Protect Themselves [Black Hat USA 2021]
The REvil gang pulled off one of the biggest ransomware heists in years, exploiting a vulnerability in Kaseya’s on-premise VSA remote monitoring and management (RMM) tool to compromise nearly 60 MSPs and encrypt the data and demand ransom payments from up to 1,500 of their end user customers. Read More
Black Hat: Let’s All Help Cyber-Immunize Each Other [Black Hat USA 2021]
The in-person Black Hat USA 2021 cybersecurity conference is back, after a pandemic-forced, year-long hiatus, with attendance notably down but spirts up among attendees eager to get back to networking, learning and returning to some normalcy. Read More
You Are Not Alone: Hacking a Capsule Hotel [Black Hat USA 2021]
Capsule hotels aren’t common in the US, but those who’ve traveled in Asia, especially Japan, may have encountered them. Instead of a room, you get a tiny capsule, barely bigger than the one-person bed. On checking in to such a hotel, Kya Supa, security consultant for LEXFO did what any security researcher would do—he hacked the system. Read More
Several Malware Families Targeting IIS Web Servers With Malicious Modules [Black Hat USA 2021]
A systematic analysis of attacks against Microsoft's Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years. Read More
What App Stores Get Right (and Very Wrong) About Security [Black Hat USA 2021]
The Black Hat security conference's keynote was a sobering evaluation of how supply chain attacks have changed the entire economics of hacking, and served as a pointed call for mobile app stores to provide greater transparency to third-party security companies. Read More
Black Hat 2021: WARCannon simplifies web-wide vulnerability research [Black Hat USA 2021]
An open source tool that makes grepping the internet for web vulnerabilities simpler, faster, and cheaper was unveiled at Black Hat USA today.
Read More
Black Hat 2021: Zero-days, ransoms, supply chains, oh my! [Black Hat USA 2021]
Software supply chain attacks are growing at an alarming pace, in a stark development that upends the delicate balance cybersecurity relies on, infosec luminary Matt Tait told delegates at the Black Hat USA conference today (August 4). Read More
Excel 4 Is Alive and Well, and Ready to Attack [Black Hat USA 2021]
You've got to be a real cybergeezer to remember using Excel 4, given that it was replaced by Excel 5 in 1993. After almost 30 years, surely everyone is running a more up-to-date version of Microsoft's popular spreadsheet software. So why do we care about Excel 4? It turns out that Excel 4's macro system is alive, armed, and dangerous. Read More
A New Approach to Securing Authentication Systems' Core Secrets [Black Hat USA 2021]
dvanced persistent threat (APT) groups have long sought credentials to access, move laterally throughout, and persist in target networks. Defenders have attempted to mitigate the risk with multifactor authentication (MFA), which, while effective in most cases, can fall short of protecting the most lucrative data. Read More
This dangerous security bug affects nearly all hospitals in North America [Black Hat USA 2021]
Researchers from the IoT security firm Armis have discovered nine critical vulnerabilities in the Nexus Control Panel which is used to power all current models of Translogic's pneumatic tube system (PTS) stations by Swisslog Healthcare. Read More
Black Hat: The NOC’s eye view [Black Hat USA 2021]
Around infosec campfires, spooky tales are told about the horrors of logging on to the public networks at Black Hat and DEF CON, culminating in the legendarily adversarial network of the latter. But Bill Swearingen, strategist with Black Hat network operations center vendor IronNet, says that if his firm does its job well, Black Hat will not be such a scary place to be. Read More
Hospitals Still Use Pneumatic Tubes-and They Can Be Hacked [Black Hat USA 2021]
IT'S ALL TOO common to find hackable flaws in medical devices, from mammography machines and CT scanners to pacemakers and insulin pumps. But it turns out that the potential exposure extends into the walls: Researchers have found almost a dozen vulnerabilities in a popular brand of pneumatic tube delivery system that many hospitals use to to carry and distribute vital cargo like lab samples and medicine. Read More
There's yet another new PrintNightmare hack [Black Hat USA 2021]
The PrintNightmare vulnerability is living up to its name with another cybersecurity researcher exploiting the bug in a privilege escalation attack Read More
Black Hat USA 2021 and DEF CON 29: What to expect from the security events [Black Hat USA 2021]
Following a string of major cyberattacks and proposed initiatives by the U.S. government to better thwart them, cybersecurity has never been so uppermost on the minds of organizations and individuals around the world. That's why this week's Black Hat and DEF CON conferences promise to run hot and heavy with a host of topics in the world of security. But what discussions should we expect at this year's events? Here are some thoughts from a variety of analysts. Read More
Inside the Famed Black Hat NOC [Black Hat USA 2021]
It's been called one of the most "hostile" networks in the world, but the managers of the Black Hat network operations center (NOC) contend that it's merely the most unique. After all, they can't just block all malicious-looking network traffic because they could inadvertently disrupt legitimate Black Hat activities, such as on-stage hacking tool demo or Trainings course exercise. Read More
Hackers Got Past Windows Hello by Tricking a Webcam [Black Hat USA 2021]
BIOMETRIC AUTHENTICATION IS a key piece of the tech industry's plans to make the world password-less. But a new method for duping Microsoft's Windows Hello facial-recognition system shows that a little hardware fiddling can trick the system into unlocking when it shouldn't. Read More
Researchers Create New Approach to Detect Brand Impersonation [Black Hat USA 2021]
Security researchers have designed a new way to detect brand impersonation using Siamese Neural Networks, which can learn and make predictions based on smaller amounts of data. Read More
Beyond Kaseya: Everyday IT tools can offer ‘God Mode’ for hackers [Black Hat USA 2021]
ACROSS THE INTERNET, more than a thousand companies spent the past week digging out from a mass ransomware incident. In the wake of the devastating compromise of Kaseya's popular IT management tool, researchers and security professionals are warning that the debacle isn't a one-off event, but part of a troubling trend. Hackers are increasingly scrutinizing the entire class of tools that administrators use to remotely manage IT systems, seeing in them potential skeleton keys that can give them the run of a victim's network. Read More
New Framework Aims to Describe & Address Complex Social Engineering Attacks [Black Hat USA 2021]
Deepfake and related synthetic media technologies have helped attackers develop ever-more-realistic social engineering attacks in recent years, putting pressure on defenders to change the strategies they use to detect and address them. Read More
Microsoft Releases Emergency Patch for 'PrintNightmare' Vuln [Black Hat USA 2021]
Microsoft has rushed out an emergency security update for "PrintNightmare," a critical remote code execution vulnerability present in all versions of its Windows operating system. Read More
Black Hat Announces Matt Tait as One of Its Keynote Speakers for Black Hat USA 2021 Hybrid Event [Black Hat USA 2021]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces Matt Tait, Chief Operating Officer at Corellium, as a Keynote speaker for the Black Hat USA 2021 hybrid event. Tait will present his Keynote talk "Supply Chain Infections and the Future of Contactless Deliveries" taking place in Las Vegas at Mandalay Bay Events Center on Wednesday, Aug. 4 at 9 a.m. PT. Read More
Black Hat Announces Matt Tait as One of Its Keynote Speakers for Black Hat USA 2021 Hybrid Event [Black Hat USA 2021]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces Matt Tait, Chief Operating Officer at Corellium, as a Keynote speaker for the Black Hat USA 2021 hybrid event. Tait will present his Keynote talk “Supply Chain Infections and the Future of Contactless Deliveries” taking place in Las Vegas at Mandalay Bay Events Center on Wednesday, Aug. 4 at 9 a.m. PT. Read More
Researchers Learn From Nation-State Attackers' OpSec Mistakes [Black Hat USA 2021]
When security intelligence teams talk about human error, the conversation typically focuses on the victim of a cyberattack. What might they learn if they analyzed attackers' mistakes instead? Read More
Black Hat USA 2021: PortSwigger's latest research to be unveiled [Black Hat USA 2021]
Two years ago, PortSwigger's director of research James Kettle presented "HTTP Desync Attacks" on-stage at BlackHat USA and kicked off a wave of request smuggling, but at that time HTTP/2 escaped serious analysis. At this year's BlackHat USA event, James will be unveiling his latest research, "HTTP/2: The Sequel is Always Worse". Read More
Black Hat USA 2021: Full Schedule & Hybrid Event Programming [Black Hat USA 2021]
Black Hat, the world’s leading producer of information security events, announces its full schedule including in-person and virtual programs for Black Hat USA 2021. Taking place in Las Vegas at the Mandalay Bay Convention Center and virtually, this year’s event will feature over 90 Briefings, four days of virtual Trainings and new virtual programs. Read More
Attackers Already Unleashing Malware for Apple macOS M1 Chip [Black Hat USA 2021]
It was only a matter of time. Apple Macs are growing in popularity in the enterprise - as is the number of malware variants targeting macOS. But the much-anticipated arrival of Apple's new system-on-a-chip, the M1, has spawned a new generation of macOS-specific malware that anti-malware tools, threat hunters, and researchers must quickly learn to spot and, ultimately, thwart. Read More
The Danger of Action Bias: Is It Always Better to Act Quickly? [Black Hat USA 2021]
When a data breach hits, the best response is to act quickly and forcefully … right?
Not necessarily, experts say. The impulse for cybersecurity pros to have control over a situation is common — after all, you don't want to be the CISO who didn't act after learning about an attack — but hastily made decisions may do more harm than good or create a problem where one didn't exist. Read More
New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies [Black Hat USA 2021]
Cloud security researchers from Wiz.io were poking around at Amazon Web Services' Route53 Domain Name Service (DNS) earlier this year when they suddenly realized that its self-service domain registration system let them set up a new hosted zone with the same name as the real AWS name server it was using. Within seconds, they watched in shock as their phony name server got flooded with DNS queries from other AWS customers' networks: external and internal IP addresses, computer names for finance, human resources, production servers, and organization names. Read More
Misconfigurations in most Active Directory environments create serious security holes, researchers find [Black Hat USA 2021]
Common misconfigurations in Active Directory Certificate Services can allow attackers to steal credentials, escalate privileges, and achieve domain persistence, security researchers have found.
“In our experience, almost every Active Directory installation we’ve looked at over the last decade has had some kind of misconfiguration issue,” said Lee Christensen and Will Schroeder, Technical Architects at SpecterOps.
The researchers have detailed their findings in a comprehensive white paper (PDF) and a blog post, and will present them at this year’s Black Hat USA security conference. Read More
Report: Active Directory Certificate Services a big security blindspot on enterprise networks [Black Hat USA 2021]
As the core of Windows enterprise networks, Active Directory, the service that handles user and computer authentication and authorization, has been well studied and probed by security researchers for decades. Its public key infrastructure (PKI) component, however, has not received the same level of scrutiny and, according to a team of researchers, deployments are rife with serious configuration mistakes that can lead to account and domain-level privilege escalation and compromise. Read More
Your Guide to Hacker Summer Camp 2021 [Black Hat USA 2021]
This will be my 21st year attending Hacker Summer Camp. Back in 2000, it was just Black Hat USA followed by DEF CON, and only a handful of people knew about it. Now it’s a full nine days of technical conferences starting with Black Hat training sessions on early Saturday, followed by BSidesLV, then the Black Hat briefings themselves, followed by DEF CON ending the following Sunday. And several thousand of my closest friends all in one place. It’s draining to stay for the whole thing; and it’s even draining if you attend just a small part. So pace yourself. Read More
Black Hat Announces Briefings Lineup for Black Hat USA 2021 Hybrid Event [Black Hat USA 2021]
Black Hat, the world’s leading producer of information security events, will return to Las Vegas with its hybrid event Black Hat USA on July 31 – August 5. The event will take place at the Mandalay Bay Convention Center with both a virtual experience and an in-person event, offering a robust lineup of over 90 Briefings hand selected by the Black Hat Review Board, comprised of some of the industry’s most respected experts. Read More
‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices [Black Hat USA 2021]
A Belgian security researcher specializing in Wi-Fi bugs has unearthed a clutch of new ones, which he called FragAttacks, that affect the Wi-Fi standard itself. The name is short for “fragmentation and aggregation attacks.”
Some bugs date back to 1997, meaning that computers, smartphones or other smart devices as old as 24 years may be vulnerable to attackers in Wi-Fi range. If attackers are near enough, they could intercept the owner’s information, trigger malicious code, and/or take over the device. Read More
This Guy Designed an Android App That Deletes All Your Phone's Data When Police Try to Crack It [Black Hat Asia 2021]
These days, if you’re arrested and charged with a crime, the first thing cops will probably try to do is look at the contents of your phone. Digital forensics is increasingly a favorite way to secure a conviction, or at least gain a broader understanding of a crime. Read More
[BHAsia 2021] แอปพลิเคชันมือถือไม่ละเมิดข้อมูลผู้ใช้ ตามคำประกาศจริงหรือไม่ [Black Hat Asia 2021]
เมื่อเราติดตั้งแอปพลิเคชันมือถือเรามักจะได้รับข้อความที่แสดงเจตนาการขอเข้าใช้งานข้อมูลบางอย่าง เพื่อนำไปใช้ในการให้บริการ เคยสงสัยไหมว่าจริงหรือไม่ที่แอปพลิเคชันเหล่านั้นจะรักษาข้อตกลงว่าจะไม่ละเมิดสิทธิในข้อมูลอันแสนเปราะบางเหล่านั้น ที่งาน Black Hat Asia 2021 มีงานศึกษาหนึ่งที่ได้เข้าไปทดสอบแอปพลิเคชันกว่า 1,400 ตัว Read More
Surveillance Is Affecting the Interests of Potential Security Experts – Black Hat Asia 2021 [Black Hat Asia 2021]
The demand for cybersecurity experts is thriving, especially in today’s digital landscape where threats actors are utilising more and more advanced threats for their nefarious acts. Such a profession needs a conducive environment, however, allowing them to perform in cyberspace with little to no restrictions from authorities. Read More
Onderzoekers foppen computer vision met onverwacht naastliggend object [Black Hat Asia 2021]
Computer vision-algoritmen blijken op een opvallende manier in de war te brengen te zijn. Wanneer er een volledig ongerelateerd object naast het bedoelde object staat, blijken computers niet meer te snappen wat ze zien. Door deze kennis toe te passen, kunnen bijvoorbeeld zelfrijdende auto’s gefopt worden. Read More
This Android App Promises To Wipe Your Phone If Cops Try To Hack It [Black Hat Asia 2021]
If the police get hold of a smartphone and they have a warrant to search it, they’ll often turn to a tool from Israeli company Cellebrite that can hack into it and download the data within. But on Friday a security researcher is releasing an app that he says can detect when a Cellebrite is about to raid the device, turn the phone off and wipe it. Read More
How North Korean APT Kimsuky Is Evolving Its Tactics [Black Hat Asia 2021]
North Korean APT group Kimsuky is adopting new tactics, techniques, and procedures in global attacks, report researchers whose findings indicate the group's operations have sufficient differences to warrant splitting it into two smaller subgroups: CloudDragon and KimDragon. Read More
Black Hat Asia 2021: Are We Leaking Data Without Knowing it? [Black Hat Asia 2021]
Black Hat Asia 2021 kicked off with an interesting opening keynote presentation by Troy Hunt, a security researcher and founder of “Have I Been Pwned”, a website that helps people check and see if their emails have been compromised. Read More
Researchers say objects can hide from computer vision by seeking out unusual company that trips correlation bias [Black Hat Asia 2021]
Computer vision systems display “correlation bias” that makes it possible to create adversarial images, that could have real-world consequences such as messing with self-driving cars’ ability to accurately interpret road signs. Read More
Kids in Hong Kong and other highly surveilled states worry infosec careers are just asking for trouble [Black Hat Asia 2021]
Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire. Read More
[BHAsia 2021] 6 บทเรียนจากข้อมูลที่รั่วกว่า 11,000 ล้านรายการบน Have I Been Pwned [Black Hat Asia 2021]
ภายในงานสัมมนา Black Hat Asia 2021 ที่กำลังจัดอยู่ในขณะนี้ Troy Hunt ผู้ก่อตั้งเว็บ Have I Been Pwned ได้มาบรรยายในเซสชัน Keynote และแชร์สิ่งที่เขาได้เรียนรู้หลังจากเก็บรวบรวมข้อมูลที่รั่วไหลมากกว่า 11,000 ล้านรายการตลอด 8 ปีที่ผ่านมา ซึ่งสามารถสรุปได้ 6 บทเรียน ดังนี้ Read More
New Techniques Emerge for Abusing Windows Services to Gain System Control [Black Hat Asia 2021]
Several new techniques have become available recently that give attackers a way to abuse legitimate Windows services and relatively easily escalate low-level privileges on a system to gain full control of it. Read More
Troy Hunt at Black Hat Asia: ‘We’re making it very difficult for people to make good security decisions’ [Black Hat Asia 2021]
Imagine a parent’s terror when the geolocation of their child’s smart watch suddenly switches from tennis practice to the middle of the ocean. Read More
Troy Hunt: Organizations Make Security Choices Tough for Users [Black Hat Asia 2021]
Data breach notification website Have I Been Pwned (HIBP) has processed more than 11 billion compromised records from breached websites and publicly accessible databases since it was launched in 2013, offering a window into attacks and security issues that put users' data at risk. Read More
Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security [Black Hat Asia 2021]
'Enter Sandbox': Automating Linux Seccomp for Better AppSec: Linux seccomp is a powerful way to build secure applications, but it’s a grueling manual process. At Black Hat Asia, security researchers (slash Metallica fans) show how they’ve now automated the process to expand its use. Claudio Canella, phD candidate at Graz University of Technology tells Dark Reading about the session "Enter Sandbox," co-presented by Graz University of Technology postdoctoral researcher Mario Werner and Hemoltz Center for Information Security faculty Michael Schwarz. Read More
Researcher Finds New Vulnerabilities in Cellebrite's Tools [Black Hat Asia 2021]
The question was posed late last month by Signal, the messaging app that is a recent new target for Cellebrite's data-collecting tools for law enforcement. Signal's founder, Moxie Marlinspike, contended that software vulnerabilities found in Cellebrite's tools could be used to tamper with evidence. As a result, one lawyer has already filed a motion for a new trial. (see: Signal Founder Says Cellebrite's Forensics Tools Flawed). Read More
Researchers Explore Active Directory Attack Vectors [Black Hat Asia 2021]
Active Directory is a massive and complex attack surface that has long been a prime target for criminals seeking valuable privileges and data. Incident responders find the service is involved in the bulk of attacks they investigate, underscoring major security challenges for defenders. Read More
Researchers Connect Complex Specs to Software Vulnerabilities [Black Hat Asia 2021]
Six common mistakes in implementing network software led to scores of vulnerabilities, highlighting the impact that complex design requirements and ambiguous specifications can have on software security, according to two security researchers who plan to talk about at next week's Black Hat Asia conference. Read More
Do Cyberattacks Affect Stock Prices? It Depends on the Breach [Black Hat Asia 2021]
In the aftermath of a data breach, ransomware attack, or vulnerability disclosure, organizations may think about how the news will cause their stock price to dip. New research indicates that although security incidents do affect stock price, the size of this impact largely depends on the circumstances — and rarely lasts. Read More
SniperPhish: An all-in-one open-source phishing toolkit [Black Hat Asia 2021]
SniperPhish is an all-in-one open-source phishing toolkit that pentesters and other security professionals can use for setting up and executing email and web-based spear phishing campaigns. Read More
Cloud Sniper: Manage and automate cloud security operations [Black Hat Asia 2021]
Cloud Sniper is an open-source platform for managing cloud security operations that aims to make it easy for cloud teams to deal with security incidents. Read More
10 Free Security Tools at Black Hat Asia 2021 [Black Hat Asia 2021]
As in previous years, next month's Black Hat Asia 2021 virtual event will feature a full lineup of free security tools -- some new and some updated versions of existing tools. Read More
The World’s Largest Hacking Conferences Are Back IRL This Summer [Black Hat USA 2021]
For thousands of people in the hacking and cybersecurity world, the back-to-back Def Con and Black Hat conferences in Las Vegas are marked in red on their calendars. With its legendary badges, extravagant parties, and diverse set of activities—talks, movie viewings, and the massive capture the flag event—Def Con is widely considered the hacking conference. Read More
Security Gaps in IoT Access Control Threaten Devices and Users [Black Hat Asia 2021]
A team of Internet of Things security researchers has discovered vulnerabilities in the way IoT device vendors manage access across multiple clouds and users, putting both individuals and vendors at risk. Read More
A huge new hacking threat was just discovered [Black Hat Asia 2021]
“You have the watches,” goes a famous quote with different variations throughout history but most recently attributed to a captured Taliban commander, “but we have the time.” Read More
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices [Black Hat Asia 2021]
Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Read More
NAME:WRECK vulnerabilities could impact 100 million servers, IoT devices [Black Hat Asia 2021]
Security researchers say they have uncovered nine vulnerabilities in four TCP/IP stacks that could be used to target a range of servers, medical and industrial devices. Read More
Touch and go: Contactless payment security controls defeated by security researchers [Black Hat Asia 2020]
In follow-up research presented at Black Hat Asia last week, Galloway and Yunusov showed how it was possible to bypass multi-factor authentication controls designed to guard against tap-and-go fraud with contactless credit and debit cards. Read More
Android Camera Bug Under the Microscope [Black Hat Asia 2020]
This vulnerability could be exploited even if the phone was locked, its screen was turned off, or if the person was on a call, explained Erez Yalon, director of security research at Checkmarx, where a team of researchers discovered the flaw last summer. Yalon offered a hacker's perspective of discovering and reporting the flaw in a talk at this year's virtual Black Hat Asia. Read More
4G and 5G networks are vulnerable due to their mix with old technologies [Black Hat Asia 2020]
During a Black Hat Asia presentation on Friday, Sergey Puzankov, a security expert at Positive Technologies, highlighted the SS7 protocol as one of the problems still plaguing the telecommunications industry. This protocol was developed in 1975 and has not evolved much since then. Read More
Vulnerability to Old Tech – How 5G May Face Problems [Black Hat Asia 2020]
Black Hat Asia, a tech security conference held in Singapore, included researchers who demonstrated how modern networks such as 5G could be vulnerable to systems that are decades old and yet are still able to connect to such networks. Read More
Sharkcop: Google Chrome extension uses machine learning to detect phishing URLs [Black Hat Asia 2020]
A Google Chrome browser extension that identifies suspected phishing URLs with a machine learning algorithm was unveiled at Black Hat Asia last week. Read More
Vulmap: Aiding privilege escalation with CVE-mapping vulnerability scanner [Black Hat Asia 2020]
A hacking tool designed to aid privilege escalation by leveraging known security vulnerabilities was demonstrated at Black Hat Asia last week. Read More
Researching vulnerabilities in computer systems is becoming similar to watching wildlife. [Black Hat Asia 2020]
Computer security researcher Daniel Gruss, an assistant professor at the Austrian University of Technology in Graz, spoke at the Black Hat Asia conference yesterday in Singapore's time zone. It was Gruess' team that discovered the Meltdown and Specter vulnerabilities in Intel processor architectures and beyond. According to the expert, computer security has been irreparably damaged by the increased complexity of the systems. But there is a cure, although not absolute. Read More
Searching for vulnerabilities in computer systems is becoming akin to observing life in wildlife [Black Hat Asia 2020]
Computer security researcher Daniel Gruss, assistant professor at the Austrian University of Technology Graz, spoke at the Black Hat Asia conference yesterday in the Singapore time zone . It was Gruess's team that discovered the Meltdown and Specter vulnerabilities in Intel processor architectures and beyond. According to the expert, computer security has been irreparably disturbed by the increased complexity of systems. But there is a cure, although not absolute. Read More
Protocols from the 1970s pose a risk to 5g users [Black Hat Asia 2020]
In connection with this year's edition of the conference Black Hat Asia, security expert Sergey Puzankov from Positive Technologies has described a wide range of potential security problems with the 5g network. Read More
5G networks are vulnerable due to "bad" old technologies [Black Hat Asia 2020]
During a presentation at Black Hat Asia on Friday entitled "Back to the Future. Cross-Protocol Attacks in the Era of 5G ", positive security expert Sergey Puzankov stressed how pending issues in the SS7 protocol still plague the telecommunications industry. Read More
Grinder Framework helps overcome Shodan false negatives and blind spots [Black Hat Asia 2020]
“The Grinder Framework is an open source security research toolkit adopted to Internet-wide surveys and allows you to use the full power of tools like Nmap, Shodan, Censys, Vulners, and TLS-attacker, and bringing the light through tailored scanning and threat intelligence approach,” the researchers explain in a preview for a presentation for an Arsenal session held during Black Hat Asia today (October 1). Read More
4G, 5G networks could be vulnerable to exploit due to ‘mishmash’ of old technologies [Black Hat Asia 2020]
During a presentation at Black Hat Asia on Friday called "Back to the Future. Cross-Protocol Attacks in the Era of 5G," Positive Technologies security expert Sergey Puzankov highlighted how outstanding issues in the SS7 protocol still plague the telecommunications industry. Read More
Computer scientist behind Meltdown discovery prescribes biological approach to securing complex systems [Black Hat Asia 2020]
Treat this as the new normal, Daniel Gruss, a member of one of three teams that uncovered the Meltdown vulnerability, said during a keynote presentation on Friday at the Black Hat Asia security conference. Read More
Black Hat Asia 2020: Android vulnerability scanners tackle code obfuscation and false positives [Black Hat Asia 2020]
Android apps can be probed comprehensively for known security vulnerabilities without being fooled by code obfuscation techniques, attendees at Black Hat Asia heard yesterday. Read More
Vulnerabilities in Kata containers could be chained to achieve RCE on host [Black Hat Asia 2020]
A talk delivered at the virtual Black Hat Asia conference today by security researcher Yuval Avrahami detailed how the flaws in Kata’s containers could also be exploited to compromise other guest users. Read More
Biometric Data Collection Demands Scrutiny of Privacy Law [Black Hat Asia 2020]
"One of the things that has been so great about technology is not only the convenience, but we've really started to look at privacy, and privacy is coming to the forefront," said Melissa Wingard, special counsel at law firm Phillips Ormonde Fitzpatrick, in a virtual Black Hat Asia talk. Read More
Researchers Adapt AI With Aim to Identify Anonymous Authors [Black Hat Asia 2020]
At Black Hat Asia, artificial intelligence and cybersecurity researchers use neural networks to attempt to identify authors, but accuracy is still wanting. Read More
Singapore authorities suggested treating information security as a public good [Black Hat Asia 2020]
Information security is as much a public good as clean drinking water. This was announced on Thursday, October 1, by Brigadier General Gaurav Keerthi, Assistant Chief of the Cybersecurity Agency of Singapore, at the Black Hat Asia conference. Read More
BitLocker sleep mode vulnerability can bypass Windows’ full disk encryption [Black Hat Asia 2020]
At the virtual Black Hat Asia security conference today, researcher Seunghun Han introduced a tool that can be used to subvert BitLocker security protections. Read More
Black Hat Asia: Need for global security perspectives underlined at virtual event [Black Hat Asia 2020]
The Asia edition of the information security and hacking conference has more than justified its place in the infosec calendar, with the spring event becoming a firm fixture in the diary of security professionals, researchers, CISOs, journalists, and other industry-watchers. Read More
Singapore Asks Big Cybersecurity Questions to Improve National Defense [Black Hat Asia 2020]
As Singapore pursues its journey to become a "Smart Nation," it's asking these tough questions and many others as officials wrestle with the role of cybersecurity in a country increasingly dependent on technology, explained Gaurav Keerthi, deputy chief executive of development at Singapore's Cyber Security Agency, in his keynote talk at this week's virtual Black Hat Asia. Read More
Black Hat Asia 2020 | Balancing User Awareness And Public Trust That Is Riddled With Complexities | With Gaurav Keerthi, Melissa Wingard And Daniel Gruss [Black Hat Asia 2020]
In this conversation, we bring these three very diverse topics and the Black Hat Asia 2020 speakers that present them together on a conversation that will undoubtedly make you think forward. Each one of them represents very different perspectives and aspects of security and privacy—government, industry, legal, academia, and society—and the complexities they bring with them, coupled with the complexities they also introduce when building trust within and across many stakeholders. Read More
Navigating the Asia-Pacific Threat Landscape: Experts Dive In [Black Hat Asia 2020]
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare. Read More
Top U.S. cybersecurity expert on mail-in voting: "If you've got paper, you've got receipts" [Black Hat USA 2020]
Other high-profile security researchers also affirmed the value of mail-in systems at Black Hat. In his virtual keynote address, Georgetown Law professor Matt Blaze said that while mail-in and absentee voting systems are not foolproof, the systems are reliable, widely available, and lack many of the risks that plague digital voting systems. Read More
How CISOs Can Play a New Role in Defining the Future of Work [Black Hat USA 2020]
The theme of remote security has stayed top of mind since March: Cybersecurity experts correctly predicted that cybercrime in a virtual workforce would be a central topic at the recent Black Hat conference, and CISOs have had to rethink 2020 strategy with remote work leading the way. Read More
At Black Hat, James Pavur, a Rhodes Scholar working on a PhD in cybersecurity at Oxford University's Department of Computer Science, cited examples of communications he'd been able to intercept. Read More
Disinformation Spurs a Thriving Industry as U.S. Election Looms [Black Hat USA 2020]
The 2020 Presidential Election is the topic of a recent Threatpost feature Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem and the focus of a Black Hat 2020 keynote address earlier this month by Renée DiResta, research manager at the Stanford Internet Observatory. Read More
How to secure vulnerable printers on a Windows network [Black Hat USA 2020]
At the recent Black Hat conference, Peleg Hadar and Tumar Bar of SafeBreach Labs pointed out that the way to a network’s heart is often through its printers. Read More
Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem [Black Hat USA 2020]
Meanwhile, recent stats from the Black Hat USA 2020 Attendee Survey show that 85 percent of respondents believe that cyber-threat actors will have at least some impact on the U.S. elections in 2020. And disturbingly, nearly one third of respondents believe that the impact will be critical, and that the results of the 2020 election will always be in doubt as a result. Read More
IoT botnets: Smart homes ripe for a new type of cyberattack [Black Hat USA 2020]
By powering on a large number of devices an energy supplier or utility company could artificially increase demand to boost profits. This idea is at the core of Black Hat USA 2020 presentation titled led by Georgia Tech researchers Tohid Shekari and Raheem Beyah. Read More
Cash machine hackers are getting better at stealing your money [Black Hat USA 2020]
During Black Hat, Kevin Perlow, the technical threat intelligence team lead at a large, private financial institution, analysed two cash-out tactics that represent different current approaches to jackpotting. Read More
'Next-Gen' Supply Chain Attacks Surge 430% [Black Hat USA 2020]
Meantime, at Black Hat USA earlier this month, researchers showed how a next-gen approach could be used to attack Node.js applications by manipulating the hidden properties used to track internal program states. Read More
Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay [Black Hat USA 2020]
To its credit, Black Hat USA 2020 turned hard left once it was clear that large live events wouldn’t be happening in the second half of 2020, and what they managed to pull off was nothing short of a miracle. Even if, from an analyst’s perspective, the event was nothing like an in-person event, it was incredibly useful for all involved. Read More
Exposed: China's hacking campaign to unsettle Taiwan economy [Black Hat USA 2020]
At the Black Hat security conference last week, researchers from CyCraft presented details of a hacking campaign that may have compromised internal data of at least seven Taiwanese chip firms over the past two years. Read More
Mail-In Votes Require Special Cybersecurity Attention [Black Hat USA 2020]
“It’s night and day compared to what existed in 2016,” CISA Director Christopher Krebs said at the Black Hat USA 2020 cybersecurity conference this month. “2020 will be the most protected and most secure election in modern history.” Read More
AWS launches open source tool to protect against HTTP request smuggling attacks [Black Hat USA 2020]
At Black Hat USA 2019, PortSwigger Web Security’s director of research James Kettle demonstrated how the somewhat forgotten hacking technique could be leveraged to poison web caches and desynchronize entire systems. Read More
Black Hat USA 2020 Recap And What Is Happening Next | With Kymberlee Price And Steve Wylie [Black Hat USA 2020]
Beyond the content itself, there's a lot to be learned for how we will consume content moving forward and how we will likely expect to engage with each other in a world where in-person-only events may be a thing of the past.
Steve and Kymberlee provide some interesting insights into the future of Black Hat in this context. Read More
Open-source library dependence puts digital currency exchanges at risk: report [Black Hat USA 2020]
At the recent Black Hat security conference, researchers detailed potential weaknesses in the exchanges secured wallet schemes that have now been patched. Read More
Pardon the Intrusion #24: The clock is TikToking [Black Hat USA 2020]
At the Black Hat conference last week, a security researcher revealed how insecure satellite-based Internet allows attackers to snoop on companies and sometimes tamper with data. Read More
Open-source library dependence puts digital currency exchanges at risk: report [Black Hat USA 2020]
At the recent Black Hat security conference, researchers detailed potential weaknesses in the exchanges secured wallet schemes that have now been patched. Read More
Your Work-From-Home Future: Now’s the Time to Think About Security [Black Hat USA 2020]
In time for the Black Hat 2020 virtual conference earlier this month, AT&T released a study about cybersecurity and working from home that included responses from 800 security professionals working in the U.K., France and Germany. Of those surveyed, 88 percent reported that, while they initially felt well-prepared for the switch to WFH, a majority (55 percent) now feel that ongoing remote working is making their companies more vulnerable to cyber-threats. Read More
ATM Hackers Have Picked Up Some Clever New Tricks [Black Hat USA 2020]
At last week's Black Hat and Defcon security conferences, researchers dug through recent evolutions in ATM hacking. Criminals have increasingly tuned their malware to manipulate even niche proprietary bank software to cash out ATMs, while still incorporating the best of the classics—including uncovering new remote attacks to target specific ATMs. Read More
Decrypted: Hackers Show Off Their Exploits as Black Hat Goes Virtual [Black Hat USA 2020]
But with less than three months until millions of Americans go to the polls, Black Hat sharpened its focus on election security and integrity more so than any previous year. Read More
Risk & Repeat: Black Hat 2020 highlights [Black Hat USA 2020]
This week's Risk & Repeat podcast recaps the highlights and trends of Black Hat USA 2020, which was held as a fully virtual conference for the first time because of the COVID-19 pandemic. Read More
Electionland 2020: USPS Chaos, Election Cybersecurity, August Voting and More [Black Hat USA 2020]
At this month’s Black Hat hacker conference, voting tech company Election Systems & Software announced new policies that will allow cybersecurity researchers to test the company’s technology. Also at the conference, the director of CISA touted the government’s progress on cybersecurity since 2016, saying it was “like night and day.” Read More
Deepfake of Tom Hanks that 'easily passes as real' made for less than $100 [Black Hat USA 2020]
It read: "There are many photos of Tom Hanks, but none like the images of the leading everyman shown at the Black Hat computer security conference Wednesday: They were made by machine-learning algorithms, not a camera." Read More
These Are the Apps We Miss Right Now [Black Hat USA 2020]
I watched virtual Black Hat presentations from the comfort of my own home instead of the Mandalay Bay casino in Las Vegas. I don’t really miss the app, truth be told, but I have found myself missing the bustle of conferences. Read More
Cyber Threat First Responders Fight COVID-19 Attacks Amid Pandemic [Black Hat USA 2020]
Okta Executive Director of Cybersecurity Marc Rogers, like many of us, has lost all concept of time during the COVID-19 pandemic. There’s pre-COVID life and work, and then there’s the Groundhog’s Day existence that has become our collective reality. “I measure things in 2020 units now,” he said, during a virtual interview at Black Hat. “Some of it’s turned into a daily grind.” Read More
DHS Worried About Ransomware Attacks for 2020 Election [Black Hat USA 2020]
According to an intelligence report issued by the Department of Homeland Security, one of the top 2020 election security concerns is ransomware. A report entitled “Cybercriminals and Criminal Hackers Capable of Disrupting Election Infrastructure”, echos concerns CISA head Chris Krebs articulate at the Black Hat security conference in early August. Read More
Boeing's DEF CON Debut a Sign of the Times [Black Hat USA 2020]
IOActive's Santamarta — who had presented his research over at Black Hat USA in Las Vegas just a few days before DEF CON kicked off — maintained that an attacker exploiting the flaws could remotely gain access to the aircraft's sensitive avionics network, also known as the crew information systems network. Read More
Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity [Black Hat USA 2020]
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them. Read More
Big hole in BIG-IP. How the new vulnerability in F5 products works [Black Hat USA 2020]
We need to look at how the URI is passed to Tomcat. It is worth referring here to Orange Tsai 's great study on path normalization in various applications that he presented at Black Hat USA 2018 and DEF CON 26 Read More
BlackBerry releases free reverse engineering tools to help resist cyber security attacks [Black Hat USA 2020]
Also this week at Black Hat USA 2020, Kevin Livelli, the director of BlackBerry threatening the IntelliSense system, will be presenting the Rat Decade on August 5, 11-11:40 am PT. BlackBerry will also hold a webinar about its cooperation with Intel to stop encryption hijacking malware, and in-depth study of BlackBerry Optics AI-based EDR technology for Linux. Read More
Mercedes-Benz E-Class. 19 safety risks detected, already resolved [Black Hat USA 2020]
According to TechCrunch , the facts were revealed by Minrui Yan, head of Sky-Go's security research team, during this year's Black Hat security conference. Read More
Chinese computer scientists uncover the vulnerability of the Mercedes-Benz E-Class [Black Hat USA 2020]
Through a coordinated attack, Qihoo 360 computer scientists were able to unlock the car doors, lower the windows, control the lighting system and even start the car's engine without the owner's key, as explained in a Black Hat cybersecurity conference, focused on the risks of hacking. Read More
Patchday: Microsoft closes actively exploited Windows and browser holes [Black Hat USA 2020]
As part of a lecture at the Black Hat Conference 2020, a team of researchers warned last week about a new version of a security hole that the Stuxnet computer worm had previously misused to switch from Windows systems to industrial control systems via the printer spooler. Read More
Microsoft plugs 2 zero-days on August Patch Tuesday [Black Hat USA 2020]
The patch resolved a lingering printer spooler issue that had been patched multiple times -- most recently in May -- but security researchers found a way to bypass the patch and gave a recent Black Hat USA presentation on the flaw, which has its origins in the Stuxnet worm from 2010. Despite public knowledge of the bug, Microsft's CVE did not report this as publicly disclosed. Read More
Researchers claim that hackers attack cryptoburses in three ways [Black Hat USA 2020]
Researchers at the Black Hat security conference have revealed that cryptoburses can be vulnerable to hackers . Although cryptocurrencies provide a high level of privacy and security to protect their resources, scientists have found that hackers can attack in three ways. Read More
Black Hat 2020: How to Boost Security Problem-Solving [Black Hat USA 2020]
But problem-solving isn’t necessarily a trait you’re born with. At Black Hat USA 2020, Matt Wixey, research lead at PwC U.K., said that it’s something that can be trained. Read More
They hack the Mercedes E-Class and even get to start it [Black Hat USA 2020]
They could even have started the engine without having to enter the cabin . The investigation was started a couple of years ago and the results were sent to Daimler, from where we assume that they remedied the problem. Now they have been unveiled at the Black Hat cybersecurity conference. Read More
Sky-Go Discusses How to Hack and Remotely Control the Mercedes-Benz E-Class [Black Hat USA 2020]
In 2017, a video surfaced showing two thieves in the UK using a relay hacking method to exploit the keyless entry system of a Mercedes car. It only took them less than 30 seconds to drive off with it. This is just one of the examples that Sky-Go demonstrated in its presentation at a recent Black Hat cybersecurity conference. Read More
Security team analyzes data breach costs for better metrics [Black Hat USA 2020]
Severski and Baker published their findings on the cost of data breaches in the Cyentia Information Risk Insights Study (IRIS 20/20) and the ripple effects of breaches in Ripples Across the Risk Surface (in collaboration with automated risk assessment firm RiskRecon). They discussed the topic at Black Hat 2020. Read More
Mercedes-Benz security bug — a sign of connected vehicle security issues? [Black Hat USA 2020]
A team of security researchers at the Sky-Go Team detailed the way they were able to form an attack chain and remotely take control of the vehicle. The head of Sky-Go’s security research team, Minrui Yan, shared the findings at this year’s Black Hat security conference, as reported in TechCrunch. Read More
Latest Mimecast research finds threat actors more motivated by money than intelligence or IP [Black Hat USA 2020]
Mimecast Limited, a leading email security and cyber-resilience company, has launched the Threat Intelligence Report: Black Hat U.S.A. Edition 2020. Read More
Black Hat 2020: How to Boost Security Problem-Solving [Black Hat USA 2020]
But problem-solving isn’t necessarily a trait you’re born with. At Black Hat USA 2020, Matt Wixey, research lead at PwC U.K., said that it’s something that can be trained. Read More
Blackhat: Innovation and case studies around cybersecurity [Black Hat USA 2020]
The Blackchat event is a space that for 20 years has been dedicated to solving the doubts that may arise around cybersecurity and presenting innovations and research on the subject of the event. Read More
An elections security progress report: Black Hat edition [Black Hat USA 2020]
As you might expect, the election was a core topic at the virtual Black Hat and DEFCON voting village conferences held in early August. It has become a core feature of “hacker summer camp” to share the latest in election security from the perspective of the professionals doing the work. Read More
Researchers Trick Facial-Recognition Systems [Black Hat USA 2020]
At the Black Hat USA 2020 virtual event last week, researchers from McAfee showed how they were able to use such technologies to successfully trick a facial-recognition system into misclassifying one individual as an entirely different person. Read More
Spying On Satellite Internet Now Possible With $300 Setup [Black Hat USA 2020]
Researchers have devised a new strategy for spying on satellite internet traffic. Sharing the details in the recent Black Hat USA 2020, they revealed that anyone with mere home television equipment could intercept satellite internet traffic to snoop into the data. Read More
Researchers discover a bug in Windows and prevent an attack [Black Hat USA 2020]
" As a bonus, various Windows services loaded our DLL (wbemcomn.dll) as they did not verify the signature and tried to load the DLL from a non-existent path, which means we also got the code executed ," Hadar and Bar said. , who presented their finding at the Blackhat security conference . Read More
Qualcomm, MediaTek Wi-Fi chip found loopholes, signal transmission, data packets may be intercepted [Black Hat USA 2020]
At the Black Hat USA 2020 security conference held recently, ESET announced the vulnerability of the "Kr00k" variant, and emphasized that the key will be invalidated by disassociation, so that the original WPA2-type encryption protection will lose its function, and it can be blocked through Wi-Fi. The Fi signal transmits the content of the data packet. Read More
Suspected mainland hackers stealing Taiwan semiconductor secrets, reason: working hours 996 [Black Hat USA 2020]
A few days ago, the US technology media "Wired" reported that a cybersecurity company called CyCraft in Taiwan revealed at the "Black Hat USA" Black Hat Conference held last week, since the company released it in April this year. Since the white paper on cyber attacks on the semiconductor industry in Taiwan, many responses have been received, showing that at least 7 semiconductor companies in Taiwan have been locked down by the same mainland Chinese hacker group "Chimera". Read More
The cost of hacking a satellite is only 350,000 won? [Black Hat USA 2020]
Research results showing that a satellite can be hacked for about $300 (about 350,000 won) is drawing attention from the industry. At'Black Hat 2020', a global information security conference held online from August 1 to 6, University of Oxford academic researcher James Pavur said that satellite Internet communication (ISP) is vulnerable to eavesdropping and signal blocking. Read More
Black Hat 2020: The Security Implications of Disinformation Campaigns [Black Hat USA 2020]
While this has been a known threat in the public space, businesses are at risk as well. At Black Hat USA 2020, Stanford Internet Observatory Research Manager Renee DiResta said that the vast opportunities of the internet and social media have left us with an avalanche of material at our fingertips, and some of it is ill-intentioned. Read More
Chinese hackers target Taiwan's semiconductor factories and look for technology secrets [Black Hat USA 2020]
Due to the coronavirus pandemic, this year's Black Hat cybersecurity conference was held as an online event. One of the conference participants was CyCraft, whose experts presented an interesting report on the results of the investigation into a series of incidents related to attacks on Taiwanese companies operating in the semiconductor industry. Read More
Jeff Moss, creator of the cybersecurity and hacker conferences Black Hat and DEF CON, talked about 2020 election security, the Chinese-owned Tik Tok and We Chat social media platforms, and where the internet is heading. Mr. Moss spoke from Singapore. Read More
Vulnerabilities in popular Bitcoin exchanges revealed [Black Hat USA 2020]
The Black Hat IT security conference took place at the beginning of the month. Due to the COVID-19 pandemic, this year's event took place online. Read More
Forum software vBulletin: New attack technique leverages old security patch [Black Hat USA 2020]
The researcher apparently decided not to wait for the vBulletin team to publish a patch. In any case, this should be informed or alarmed: Jeff Moss, founder of the IT security conferences Black Hat and Def Con, announced via Twitter that the Def Con forum was already three hours after the PoC code was published in the researcher's blog entry had been attacked. Read More
The deplorable situation with satellite Internet security [Black Hat USA 2020]
Black Hat presented a report on security problems in satellite Internet access systems . The author of the report demonstrated the ability to intercept Internet traffic transmitted through satellite communication channels using a low-cost DVB receiver. Read More
How they could easily spy on satellite connections [Black Hat USA 2020]
At the 2020 Black Hat , a computer security researcher from the University of Oxford has shown how it is possible to access confidential information from corporate networks that use satellites to transmit the signal. Read More
Healthcare CISO offers alternatives to 'snake oil' companies [Black Hat USA 2020]
Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his Black Hat USA 2020 talk. Read More
Mercedes E-Class Had 19 Security Risks, Which Were Patched Last Year [Black Hat USA 2020]
According to TechCrunch, the breakdown came from Minrui Yan, head of Sky-Go’s security research team, during this year’s Black Hat security conference. The team found 19 vulnerabilities in a Mercedes E-Class that gave researchers vast control over the vehicle. Read More
Researcher Publishes Patch Bypass for vBulletin 0-Day [Black Hat USA 2020]
Indeed, hackers wasted no time in using Etemadieh’s bypass to try to hack into the forum at the DEF CON security conference, according to a post on Twitter by DEFCON and Black Hat founder Jeff Moss. However, administrators quickly applied Etemadieh’s advice to disable PHP to thwart the attack, he tweeted. Read More
High-value users with no control over their infrastructure or security practices seem like characters in a dystopian novel, but Michelle Wolfe, who works with local governments in the UK, spoke at Black Hat USA about students in classrooms using dystopian terms. Read More
Baking And Boiling Botnets Could Drive Energy Market Swings And Damage [Black Hat USA 2020]
Evil armies of internet-connected EV chargers, ovens, hot-water heaters, air-conditioners, and other high-wattage appliances could be hijacked to slightly manipulate energy demand, potentially driving price swings and creating financial damage to deregulated energy markets, warns a new report scheduled to be presented Aug. 5 at the Black Hat USA 2020 conference. Read More
Microsoft Patch Tuesday, August 2020 Edition [Black Hat USA 2020]
Narang said researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 at the Black Hat security conference earlier this month. Read More
Anatomy of a healthcare data breach dissected at Black Hat 2020 [Black Hat USA 2020]
Insecure technologies are making healthcare organizations easy prey for cybercriminals, as well as lucrative and egregious targets, attendees at Black Hat USA 2020 heard last week. Read More
Chinese experts remotely hacked Mercedes-Benz E-class [Black Hat USA 2020]
Now Sky-Go experts have finally made their findings public by presenting a talk at the Black Hat conference (this year's event is being held remotely). At the same time, some details of the bugs were deliberately omitted, both to protect Daimler's intellectual property and to prevent exploitation of vulnerabilities. Read More
Chinese state hackers are targeting Taiwanese chip companies [Black Hat USA 2020]
This is reported by security company CyCraft at the Black Hat conference, which will be held online this year. Wired writes that the attacks are attributed to Chinese hackers for various reasons. Read More
The Station: Uber Eats ride, the next micromobility trend, Levandowski's day in court [Black Hat USA 2020]
The Black Hat security conference is that annual event that reminds me of how vulnerable connected cars can be. This year, security researchers at the Sky-Go Team, the car hacking unit at Qihoo 360, found more than a dozen vulnerabilities in a Mercedes-Benz E-Class car that allowed them to remotely open its doors and start the engine. Read More
Mercedes-Benz E-Class Is Surprisingly Easy To Hack [Black Hat USA 2020]
During a recent Black Hat cybersecurity conference, Sky-Go demonstrated how these flaws could have been exploited to remotely access a number of the car's functions and even start the engine without even touching the car. Read More
Games, not shame: Why security awareness training needs a makeover [Black Hat USA 2020]
Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior. Read More
Election 2020: Will Disinformation Trump Election Security? [Black Hat USA 2020]
Election security took center stage at Black Hat, but not in the usual, who can hack a voting machine way. Hardware and software vulnerabilities still exist. But the COVID-19 pandemic, rampant disinformation campaigns, disenfranchisement, and impatient voters may pose far greater security risks. Read More
Exploring the (lack of) security in a typical Docker and Kubernets installation [Black Hat USA 2020]
To get up to speed, I signed up for the Black Hat 2020 session entitled, “From Zero to Hero: Pentesting and Securing Docker Swarm and Kubernetes Environments." The course, taught by Sheila A. Berta and Sol Ozzan, literally started with a description of how Docker containers worked and went all the way through a Kubernetes deployment. Read More
Bugs in Office and macOS gave full control of Mac [Black Hat USA 2020]
Security researcher Patrick Wardle (former NSA hacker and now head of security at Jamf) has an impressive track record for finding flaws security flaws on the Mac platform. His latest report was shared at this year's Black Hat conference (held virtually). He has also published a blog post where he goes in depth into how the attack works. Read More
Black Hat 2020: Cybersecurity trends, tools, and threats [Black Hat USA 2020]
This year’s Black Hat USA 2020 computer security conference was entirely virtual for the first time and took place from August 1-6. This is the 23rd year for the conference, which traditionally takes a close look at some of the top cybersecurity trends. Read More
Protocol gateway flaws reveal ICS environment weak points [Black Hat USA 2020]
Security researchers warn about widespread vulnerabilities in protocol gateways, small devices that connect industrial machinery and sensors to TCP/IP networks that are used to automate and control them. New research published by Trend Micro and presented at the Black Hat USA virtual security conference highlights a new threat via protocol translation attacks and reveals nine flaws found in protocol gateways from different vendors. Read More
18 (new) ways attackers can compromise email [Black Hat USA 2020]
Vern Paxson, Professor of Computer Science at UC Berkeley and Co-Founder and Chief Scientist at Corelight, Jianjun Chen, Post-Doc researcher at the International Computer Science Institute and Jian Jiang, Senior Director of Engineering at F5 (Shape Security), presented the result of their research at Black Hat last week in a talk entitled “You Have No Idea Who Sent That Email: 18 Attacks on Email Sender Authentication.” Read More
Researchers Find Bugs that Could Expose Crypto Wallets on Exchanges [Black Hat USA 2020]
At a recent Black Hat cybersecurity conference, experts said that some of the issues that affected exchanges have now been fixed – but claimed that others still pose a threat to their owners. Read More
Chinese Hackers Steal From Taiwan's Semiconductor Industry [Black Hat USA 2020]
At the Black Hat security conference, reports will be presented that detail the damage. The report shows that at least seven Taiwanese chip firms over the past two years were compromised by hackers. Read More
Researchers Uncover Stuxnet-Style Flaw In Windows [Black Hat USA 2020]
At the Black Hat USA 2020 security conference Bar and Hadar said the privilege escalation flaw could be used by an attacker who has physical access to a system to gain escalated privileges. Read More
Top hacks from Black Hat and DEF CON 2020 [Black Hat USA 2020]
As well as tackling core enterprise and web security threats, presenters at both Black Hat and DEF CON 2020 took hacking to weird and wonderful places.
Anything with a computer inside was a target – a definition that these days includes cars, ATMs, medical devices, traffic lights, voting systems and much, much more. Read More
Black Hat 2020: Fixing voting – boiling the ocean? [Black Hat USA 2020]
Following the Black Hat keynote about voting security, we wonder how fixing elections might be possible in the next few months amidst pressure of U.S. elections rapidly approaching, requiring massive, coordinated effort at immense expense. Is that possible? If so, how likely? Read More
vBulletin fixes ridiculously easy to exploit zero-day RCE bug [Black Hat USA 2020]
According to Jeff Moss, aka The Dark Tangent and the creator of the Black Hat and Defcon security conferences, the defcon.org forum was attacked with this exploit three hours after it was disclosed. Read More
Over 30 Vulnerabilities Discovered Across 20 CMS Products [Black Hat USA 2020]
Muñoz and Mirosh, who presented their findings last week at the Black Hat cybersecurity conference, focused on .NET and Java-based products, and they showed how an unprivileged attacker can escape template sandboxes and achieve remote code execution. Read More
Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight [Black Hat USA 2020]
The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year. Read More
Researchers Claim Crypto Exchange Hacks Happen in Three Ways [Black Hat USA 2020]
Researchers at the Black Hat security conference revealed that crypto exchanges might be vulnerable to hackers. Although crypto exchanges have high privacy and security to protect their funds, researchers still found three ways hackers can attack these crypto exchanges, according to Wired on August 9. Read More
Flaws Could Have Exposed Cryptocurrency Exchanges to Hackers [Black Hat USA 2020]
At the Black Hat security conference on Thursday, researchers detailed potential weaknesses in these specially secured wallet schemes, including some that affected real exchanges that have now been fixed. Read More
As the pandemic hastens a cyberpunk future, hackers put democracy at risk [Black Hat USA 2020]
Reflecting on a dystopian future described in a subgenre of science fiction known as “cyberpunk” in the 1980s, a somber Jeff Moss, Black Hat’s founder, opened this year’s all-digital event by capturing the state of computer security in a newly altered world. Read More
Security News This Week: The NSA's Tips to Keep Your Phone From Tracking You [Black Hat USA 2020]
This week marked the first-ever online-only Black Hat and Defcon security conferences, both of which still produced impactful work despite going remote. But before you dive into everything that's broken, start off with a tale of perseverance that starts with the private keys needed to recover $300,000 of bitcoin trapped in an old zip file. Read More
Digital Clones Could Cause Problems for Identity Systems [Black Hat USA 2020]
The fundamental technologies for creating digital clones of people — text, audio, and video that sound and look like a specific person — have rapidly advanced and are within striking distance of a future in which digital avatars can sound and act like specific people, Tamaghna Basu, co-founder and chief technology officer of neoEYED, a behavioral analytics firm, told attendees at the virtual Black Hat conference on Aug. 6. Read More
Black Hat 2020: Security Needs Better Data for Better Policies [Black Hat USA 2020]
But what if the information they’re basing their decisions on is skewed? What if it doesn’t take the right things into consideration? What if the data isn’t accurately represented?
That is exactly what is happening when it comes to security, according to research presented this week at Black Hat USA 2020. Virginia Tech University professor and Cyentia Institute co-founder Wade Baker said that some well-known cybersecurity statistics, such as the notion that 60 percent of small businesses close within six months of a data breach, are widely repeated despite the original source of the information being unclear. Read More
McAfee Scopes Threat Landscape, Sees Deep Fakes, Zombies [Black Hat USA 2020]
“I think we’re going to continue to see these more advanced and evolution of [attack] techniques,” Povolny said, during an interview at this week’s virtual Black Hat. “We’re going to see the consistent use of ransomware, we’re going to see the same breaches we’ve been seeing forever. After 20 years, if it’s not changing, it’s not going anywhere for the foreseeable future.” Read More
Not just politics: Disinformation campaigns hit enterprises, too [Black Hat USA 2020]
In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises. Read More
Cybersecurity Training? Try the Carrot Instead of the Stick [Black Hat USA 2020]
Masha Sedova leveraged her experience as a defense analyst for the government and Director of Trust Engagement at Salesforce to co-found Elevate Security, a company dedicated to using behavioral science to change security behaviors in ways that work. Per Sedova’s bio, her company can “transform employees into security super-humans.” In her Black Hat presentation this week, she demonstrated why traditional training doesn Read More
Protocol gateway flaws reveal a weak point in ICS environments [Black Hat USA 2020]
Research presented at this week's Black Hat conference highlights a new threat via protocol translation attacks and reveals 9 flaws found in protocol gateways from different vendors. Read More
Spectra Attack Turns Bluetooth and Wi-Fi Against Each Other [Black Hat USA 2020]
Our smart devices need to communicate wirelessly and seamlessly with many other devices, in order to be useful. All these devices' radios also need to talk with one another. And that allowed researchers at the Black Hat security conference to show off a new kind of attack they dubbed Spectra. Read More
Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler [Black Hat USA 2020]
While presenting their findings at the Black Hat hacking conference this week, Hadar and Bar release proof-of-concept code on GitHub designed to help detect attacks on the spooler service. Read More
The Scariest Things We Saw at Black Hat 2020 [Black Hat USA 2020]
Every year, hackers and researchers flock to Las Vegas for the Black Hat security conference (and some stay on for the free-wheeling DEF CON) to see and share the latest in security research. This year, everyone had to stay at home because of COVID-19, but there was still plenty to be worried about at this year's conference. Read More
10 years after Stuxnet, new zero-days discovered [Black Hat USA 2020]
A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020. Read More
Researcher Finds New Office Macro Attacks for MacOS [Black Hat USA 2020]
Microsoft Office is no stranger to vulnerabilities and exploits. Most of those vulnerabilities led from Microsoft Office to Microsoft Windows, but it's possible for an attacker to take an exploit path from Microsoft Office to macOS — a path that Patrick Wardle, principal security researcher at Jamf, discussed in his presentation on Wednesday at Black Hat USA. Read More
Researchers: IoT Botnets Could Influence Energy Prices [Black Hat USA 2020]
High-wattage IoT devices and appliances, such as connected refrigerators, air conditioners and heaters, could be turned into massive botnets by malicious actors and used to influence energy prices, according to an academic study released at Black Hat 2020. Read More
Chinese Researchers Show How They Remotely Hacked a Mercedes-Benz [Black Hat USA 2020]
Representatives of Sky-Go and Daimler disclosed the findings this week at the Black Hat cybersecurity conference and published a research paper detailing the findings. However, some information was not made public to protect Daimler’s intellectual property and to prevent malicious exploitation. Read More
VMware Reports Destructive Attacks Surge During COVID-19 [Black Hat USA 2020]
“We noted a dramatic increase in destructive attacks — the use of wipers and ransomware, NotPetya style, within networks,” said Tom Kellermann, head cybersecurity strategist at VMware Carbon Black, during a virtual Black Hat happy hour panel. Read More
Exploring the Forgotten Roots of 'Cyber' [Black Hat USA 2020]
At the same time, the word cyber arguably points to what is inherently leading-edge and subject to change. Entering the world of cybersecurity today, for example, "you're leaving the reality of what you know, for a fantasy world you know nothing about," Amanda Rousseau, an offensive security engineer at Facebook, said in a keynote speech at last year's Black Hat Europe conference in London. Read More
The Cybersecurity 202: Trump’s government is working to protect mail voting while Trump attacks it [Black Hat USA 2020]
About 28 percent of voters cast ballots on such machines in 2016, according to a study by the Pew Research Center. CISA was estimating that figure would drop to about 8 percent in 2020 but it might be even lower because of mail voting, CISA Director Chris Krebs said during an address at the Black Hat cybersecurity conference this week. Read More
Here's a Bright Idea: Use a Lightbulb to Eavesdrop [Black Hat USA 2020]
The primary question Nassi and his team set out to answer was whether a hanging lightbulb can be used as a microphone—a challenge since "lightbulbs were not exactly designed to be used as microphones," Nassi said at this year's virtual Black Hat conference. Read More
Researchers Create New Framework to Evaluate User Security Awareness [Black Hat USA 2020]
In a presentation at the Black Hat USA event this week, Ron Bitton, principal research manager at BGU's cybersecurity research center, said the framework addresses some of the shortcomings of current approaches to evaluating user security awareness. Read More
Black Hat 2020: xGitGuard uses AI to detect inadvertently exposed data on GitHub [Black Hat USA 2020]
Security researchers at Comcast have developed a tool that detects organizations’ secrets and user credentials in cases where they inadvertently spill onto GitHub. The tool, called xGitGuard, is designed to be both scalable and rapid.
The tool was demonstrated during an Arsenal session at the Black Hat 2020 virtual conference on Thursday (August 7). Read More
When TLS hacks you: Security friend becomes a foe [Black Hat USA 2020]
During a session entitled ‘When TLS Hacks You’, during the Black Hat virtual conference on Wednesday, Maddux showed how “dangerous properties” of TLS can be abused to target internal services. Read More
Satellite Comms Globally Open to $300 Eavesdropping Hack [Black Hat USA 2020]
At the virtual Black Hat 2020 conference, academic researcher and Oxford University doctoral candidate James Pavur spoke about the risk of satellite hacking. Pavur stated that attackers can use basic home television gear to listen in on internet traffic occurring across the globe, including high-value targets such as shipping fleets and oil installations. Read More
Mercedes-Benz E-Series Rife with 19 Bugs [Black Hat USA 2020]
At Black Hat 2020, a famous cybersecurity conference held virtually this year, researchers explained the process of discovery and disclosure of security flaws found in Mercedes Benz vehicles. Although the flaws have since been fixed, the bugs impacted roughly 2 million Mercedes Benz connected cars before they were patched. Read More
Chinese Hackers Have Pillaged Taiwan’s Semiconductor Industry [Black Hat USA 2020]
Yesterday at the Black Hat security conferences, CyCraft researchers presented details of a previously unknown hacking campaign that compromised Taiwanese chip firms. CyCraft is a Taiwanese cybersecurity firm that has been investigating the campaign, which allegedly compromised at least seven firms over a two year period. Read More
Week in security with Tony Anscombe [Black Hat USA 2020]
This week, the cybersecurity community ‘met up’ at the virtual Black Hat 2020, and ESET researchers elaborated on their discovery of the KrØØk vulnerability, revealing that variants of the same bug also affect Wi-Fi chips produced by other brands. Read More
Black Hat: Public Opinion Hacking Hits Fever Pitch [Black Hat USA 2020]
This week’s virtual Black Hat USA 2020 conference featured a keynote on how information operations are working overtime to manipulate public opinion. Renee DiResta, research manager at Stanford Internet Observatory, heads up research in this area. Read More
Mole in your network: Out-of-band exploitation framework showcased at Black Hat 2020 [Black Hat USA 2020]
Mole, a new open source framework for identifying and exploiting out-of-band (OOB) application vulnerabilities, was launched at Black Hat 2020 this week. Read More
Mole in your network: Out-of-band exploitation framework showcased at Black Hat 2020 [Black Hat USA 2020]
Mole, a new open source framework for identifying and exploiting out-of-band (OOB) application vulnerabilities, was launched at Black Hat 2020 this week. Read More
What becoming a poll worker taught me about securing the 2020 election [Black Hat USA 2020]
In a keynote that opened the Black Hat conference Wednesday, security researcher and Georgetown Law professor of secure systems and cryptology Matt Blaze offered advice for our current situation. But his solution doesn’t center around software or protocols. Instead, it’s all about people. Read More
From Russia With Lure: Why We’re Still Beset By Bots And Trolls Pushing Disinformation [Black Hat USA 2020]
In a keynote at the Black Hat security conference Thursday, Renee DiResta, research manager at the Stanford Internet Observatory, offered a disinformation dissection that broke down how those two countries have worked to exploit social media and what to watch for as the election nears. Read More
#BHUSA: Researchers Reveal Attacks Against Email Sender Authentication [Black Hat USA 2020]
The ‘from’ address field in an email is supposed to identify the person that sent an email, but unfortunately that’s not always the case. In a Black Hat USA 2020 virtual conference session researchers outlined 18 different attacks against email sender authentication systems. Read More
#BHUSA: Lack of Electronic Medical Record Security Amplified Opioid Crisis [Black Hat USA 2020]
According to Mitchell Parker, CISO at Indiana University Health, a small part of the human suffering could have potentially been alleviated, if there was better control and security for Electronic Medical Record (EMR) systems. Parker presented his views during a session at the Black Hat USA 2020 virtual conference, where he outlined what has gone wrong with EMR systems and what can be done to make them more secure. Read More
#BHUSA: How Nation States Hack Public Opinion [Black Hat USA 2020]
Nation state threat actors, including Russia and China, are using multiple techniques to effectively ‘hack’ public opinion around the world, according to Renée DiResta. DiResta expressed her views in a keynote session at the Black Hat USA 2020 virtual conference. Read More
Black Hat keynoter DiResta: Disinformation an effective, readily available tool for cyber adversaries [Black Hat USA 2020]
She spoke Thursday on “Hacking Public Opinion,” on the final day of the all-digital Black Hat USA 2020. Cyber researcher Matt Blaze delivered the keynote on Wednesday, discussing election security challenges including securing software. Read More
What security functions should small medical providers outsource? [Black Hat USA 2020]
Lamenting the recent scourge of ransomware and data breach attacks against health care organizations, along with what he believes is lack of specific cybersecurity guidance and an overabundance of “snake oil” infosec companies that provide expensive risk assessments “while not delivering anything of value,” Parker presented a series of recommendations for smaller medical providers in a presentation at the 2020 virtual Black Hat conference. Read More
Spooler alert: A decade after Stuxnet, Windows printer component still a playground for zero-days [Black Hat USA 2020]
Revisiting their discovery at the virtual Black Hat USA 2020 today, a pair of security researchers said they were astounded to find that the flaws in the Windows print spooler component were still exploitable, using fresh techniques. Read More
Palo Alto Networks Discloses Kata Container Flaws [Black Hat USA 2020]
At the online Black Hat USA 2020 conference today, researchers from the Unit 42 arm of Palo Alto Networks disclosed how they had enabled malicious code to escape from a Kata Container runtime environment that makes use of lightweight virtual machines to isolate workloads. Read More
Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack [Black Hat USA 2020]
That’s the word from James Pavur, an academic researcher and doctoral candidate at Oxford University, speaking at Black Hat 2020 on Wednesday. Read More
What will it take for a secure election? [Black Hat USA 2020]
The virus "added a whole new set of concerns that were always there, but that got brought very sharply into focus" such as how to conduct voting in a state of emergency and what exceptions to make, said computer scientist and election security expert Matt Blaze during a speech at the Black Hat cybersecurity conference this week. Read More
Information Operations Spotlighted at Black Hat as Election Worries Rise [Black Hat USA 2020]
While the Russian government spends a fraction of the People's Republic of China on overt state-sponsored media properties, the covert activities targeting Western democracies and other rivals is "best-in-class," Renée DiResta, a research manager at the Stanford Internet Observatory, told attendees during an Aug. 6 keynote on information operations at virtual Black Hat USA. Read More
Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry [Black Hat USA 2020]
"This is very much a state-based attack trying to manipulate Taiwan's standing and power," says Chad Duffy, one of the CyCraft researchers who worked on the company's long-running investigation. The sort of wholesale theft of intellectual property CyCraft observed "fundamentally damages a corporation's entire ability to do business," adds Chung-Kuan Chen, another CyCraft researcher who will present the company's research at Black Hat today. "It's a strategic attack on the entire industry." Read More
Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs [Black Hat USA 2020]
Researchers say the flaws, detailed at Black Hat USA on Thursday, potentially impacted over 2 million Mercedes-Benz connected cars before they were fixed. Read More
Hacking group has hit Taiwan's prized semiconductor industry, Taiwanese firm says [Black Hat USA 2020]
“Based on the stolen data, we infer that the actor’s goal was to harvest company trade secrets,” CyCraft wrote in a report they are presenting Thursday at the 2020 Black Hat security conference. Read More
Black Hat: Hackers are using skeleton keys to target chip vendors [Black Hat USA 2020]
At Black Hat USA on Thursday, CyCraft Technology researchers Chung-Kuan Chen and Inndy Lin described a set of attacks believed to have been conducted by the same Chinese APT group in the quest for semiconductor designs, source code, software development kits (SDKs), and other proprietary information. Read More
Security bugs let these car hackers remotely control a Mercedes-Benz [Black Hat USA 2020]
Since then, the car hacking world has bustled with security researchers looking to find new bugs — and ways to exploit them — in a new wave of internet-connected cars that have only existed the past decade.
This year’s Black Hat security conference — albeit virtual, thanks to the coronavirus pandemic — is no different. Read More
How to Be a Better Security Problem Solver [Black Hat USA 2020]
His Thursday talk fell in the Black Hat conference’s Human Factors track, which has been growing in popularity the last several years. Most talks in this track involve guiding employees into doing the right thing security-wise, or devising systems that work even when employees do the wrong thing. With this session, Wixey focused on honing the skills of the security elite—a refreshing change. Read More
A Mix of Optimism and Pessimism for Security of the 2020 Election [Black Hat USA 2020]
DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election. Read More
State Dept. offers $10 million reward for info on cyberattackers targeting US elections [Black Hat USA 2020]
Nearly a third of cybersecurity experts and hackers attending the Black Hat USA 2020 conference think cyberattacks and disinformation will ensure the upcoming election’s results will “always be in doubt,” according to a survey of 273 attendees conducted in advance of the conference. Read More
How Security Research Can Get You Arrested [Black Hat USA 2020]
Hiring a red team is a common practice among security-conscious companies and government entities. Getting the red team arrested on federal felony charges is not common, but that’s what happened to two security experts from Coalfire Systems. They presented their cautionary tale, along with a call for action, at this week's virtual Black Hat conference. Read More
Are Police Spying on Your Phone? Ask the Crocodile Hunter [Black Hat USA 2020]
Nefarious devices have long masqueraded as cell towers in a bid to intercept data from mobile devices. But at this week's (virtual) Black Hat, Cooper Quintin, Senior Staff Technologist at the Electronic Frontier Foundation, outlined a way to detect these bogus base stations, and offered suggestions on how to prevent their use altogether. Read More
Election Day 2020: Why security experts predict a chaotic mess [Black Hat USA 2020]
This fall's U.S. presidential election may end up being a chaotic mess that won't yield a winner on Election Night, three election-security experts told the Black Hat 2020 security conference during its opening day Wednesday (Aug. 5). Read More
Coronavirus Borked the 2020 Election, But We Can Still Save It [Black Hat USA 2020]
At the Black Hat security conference, security researcher Matt Blaze outlines the difficulty of securing US elections in unprecedented times. Read More
Sensitive Satellite Internet Data Is Easily Accessible, If You Know Where to Look [Black Hat USA 2020]
At Black Hat, an Oxford University student outlines how his team intercepted unencrypted satellite internet data across a 'massive attack area' from government agencies, major shipping companies, Greek billionaires, and more. Read More
New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet [Black Hat USA 2020]
"We started digging in, looking at the original Stuxnet propagation, and then we found out there were problems. ... We decided to take the Spooler service to the next level, and eventually we found it was not fully patched," explains Tomer Bar, research team leader at Safe Breach, who along with his colleague Peleg Hadar found the flaws that they plan to detail today at Black Hat USA. Read More
Voting vendor ES&S unveils vulnerability disclosure program [Black Hat USA 2020]
At Black Hat USA 2020 Wednesday, Chris Wlaschin, vice president of systems security for Election Systems & Software, (ES&S) formally announced the voting-machine manufacturer's vulnerability disclosure program, which aims to strengthen election security by working with independent security researchers. Read More
Researcher Discovers New HTTP Request Smuggling Attack Variants [Black Hat USA 2020]
Klein told SecurityWeek ahead of his talk on HTTP request smuggling at the Black Hat conference that an attacker needs to find combinations of web servers and proxy servers with “matching” vulnerabilities in order to launch an attack, which makes it difficult to determine exactly how many servers are impacted. Read More
Internet communication via satellite “Danger of leakage” pointed out by a British researcher [Black Hat USA 2020]
It was held online at the world's largest international cybersecurity conference, "Blackhat," reported by James Pavo of Oxford University on Thursday. Read More
Black Hat: Entropy - the solution to malvertising and malspam? [Black Hat USA 2020]
Speaking to attendees of Black Hat USA on Thursday, lead Cisco threat researcher Shyam Sundar Ramaswami revealed recent uses of steganography to hide malicious payloads in connection to the COVID-19 pandemic. Read More
CISA chief: Ransomware could threaten election security [Black Hat USA 2020]
During a Black Hat USA 2020 session, CISA Chief Christopher Krebs said ransomware attacks on city, state and local governments are a major concern for election security. Read More
Energy Market Manipulation with High-Wattage IoT Botnets [Black Hat USA 2020]
Attackers that can compromise enough products such as smart ACs and heaters can tweak power demand in subtle ways for financial gain or to hurt market players, researchers at Black Hat say. Read More
HTTP Request Smuggling now has 4 New Variants – Cyber Security Research 2020 [Black Hat USA 2020]
HTTP Request smuggling attack now has four new variants and this was identified thanks to the new research presented by Amit Klein (VP of Security Research at SafeBreach) thus confirming the findings today at Black Hat Security Conference. Read More
Black Hat 2020: Temi assistant robot has serious security gaps [Black Hat USA 2020]
For the IT security experts, this was reason enough to get one of the robots, test their network capabilities and, for example, also take a close look at the firmware and update procedures. As they explained on Thursday at the Black Hat hacker conference held virtually this year and in a technical report , they quickly came across massive targets. Read More
Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros [Black Hat USA 2020]
The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at Black Hat USA 2020, runs macros without an alert or prompt from the Microsoft Office application that prompts explicit user approval – meaning that when a user opens the document, the macro is automatically executed. Read More
Ripple20 vulnerabilities still plaguing IoT devices [Black Hat USA 2020]
Months after Ripple20 vulnerabilities were reported, things haven't gotten much better, say experts at Black Hat USA 2020. In fact, the world may never be fully rid of the flaws. Read More
Tool that turns Domain Name System into a security layer unveiled at Black Hat 2020 [Black Hat USA 2020]
Vadim Pavlov, Senior Security Product Manager, at Infoblox, outlined the benefits of ioc2rpz service as a defense against malware the during an Arsenal session of the Black Hat conference yesterday (August 5). Read More
Election Systems & Software Unveils Vulnerability Disclosure Policy; Chris Wlaschin Quoted [Black Hat USA 2020]
The new policy announced at the virtual Black Hat conference will provide ES&S 90 days to address the cyber vulnerabilities before security researchers can publicly report those issues. Read More
Ripple20: More Vulnerable Devices Identified [Black Hat USA 2020]
JSOF researchers shared their findings this week at the virtual Black Hat USA conference, with a technical deep dive into DNS vulnerability CVE-2020-11901. The remote code execution (RCE) flaw has a CVSS score of 9.0 and can be triggered by answering a single DNS request made from the device. Read More
Your Personal Health Data Is Not Safe [Black Hat USA 2020]
You go to the doctor to get well, or check your health. You don’t expect the doctor’s apps to expose your privacy. But they do, as Penn Medicine's Information Security Director outlined at Black Hat Read More
#BHUSA: How Public Standards Help to Enable Financial Fraud [Black Hat USA 2020]
In a session at the Black Hat USA 2020 virtual conference on August 5, Kevin Perlow, technical intelligence team lead for one of the largest banks in the US, explained how cyber-attackers are using public standards for financial transactions to enable multiple forms of fraud. Read More
BLACK HAT 2020 KEYNOTE: STRESS-TESTING DEMOCRACY [Black Hat USA 2020]
Black Hat 2020 is all-virtual, which I rather like. The fog machines and laser shows are good eye candy, but they distract us from what event founder Jeff Moss calls Black Hat’s “community of ideas.” People were watching from 117 countries, ready to dig into dozens of online presentations. Read More
Election security depends on addressing software issues, says Black Hat keynoter Matt Blaze [Black Hat USA 2020]
Cyber researcher Matt Blaze, in an opening keynote at the all-virtual Black Hat USA 2020, framed election security as largely a software issue and said solutions are available between the extremes of completely eliminating computers from the process or going all-in with a blockchain approach. Read More
$10 Million Reward For Info Foreign Hackers Trying To Interfere With US Election [Black Hat USA 2020]
“On the election infrastructure targeting, there is just not near anything of what we were seeing in 2016,” Krebs said during a virtual Black Hat cybersecurity conference. “Shifting over to the disinformation space and the potential for hack and leak, Russia has never taken its foot off the gas, China’s in the game, Iran’s in the game, so I just really encourage everyone to pay attention to your sources of information, think before you click, think before you share.” Read More
#BHUSA: Can the US Election be Held During the Pandemic? [Black Hat USA 2020]
The Black Hat USA 2020 virtual conference kicked off on August 5 with a keynote session exploring the challenges of modern election security in the US and the impact of the COVID-19 pandemic. Read More
Black Hat 2020: Threagile toolkit enables code-driven threat modeling [Black Hat USA 2020]
‘Threat modelling as code’ is poised to supplant whiteboard diagrams as the definitive AppSec risk mapping paradigm, Black Hat USA attendees heard yesterday. Read More
How hackers could spy on satellite internet traffic with just $300 of home TV equipment [Black Hat USA 2020]
PhD candidate in the Department of Computer Science James Pavur revealed his research at the Black Hat USA virtual conference after previously disclosing his findings to the affected parties in order to help them improve security. Read More
U.S. Offers Reward of $10M for Info Leading to Discovery of Election Meddling [Black Hat USA 2020]
The COVID-19 pandemic has created new concerns in the upcoming election. Election security has been a hot topics at this year’s Black Hat USA 2020, which is being held this week for the first time virtually due to the pandemic. Read More
Getting to the Root: How Researchers Identify Zero-Days in the Wild [Black Hat USA 2020]
"We care a lot about making it harder for people to exploit users using zero-days," said Google Project Zero researcher Maddie Stone in a Black Hat presentation on the topic. "When zero-day exploits are detected in the wild, that's the failure case for these attackers. And so we need to learn as much as possible each time that happens." Read More
Deepfakes Are Getting Better, Easier to Make, and Cheaper [Black Hat USA 2020]
In the paper published online today and presented (virtually) at the cybersecurity conference Black Hat, researchers Philip Tully and Lee Foster write that it takes thousands of dollars and weeks to produce new software tools for synthetic media generation. Read More
#BHUSA: Android Phones at Risk of BlueRepli Bluetooth Attack [Black Hat USA 2020]
There has been no shortage of Bluetooth related attacks disclosed in recent years, including BlueBorne and BadBlueTooth among numerous others. At the Black Hat USA 2020 virtual event on August 5, a new attack was added to the list of Bluetooth vulnerabilities, with the public disclosure of BlueRepli. Read More
Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem [Black Hat USA 2020]
The use of social media to sway opinion, sow division and hurt reputations is now part of a threat-actor’s playbook, according DiResta. During a keynote address at Black Hat on Thursday entitled “Hacking Public Opinion,” she said threat actors are fine-tuning these attacks. Read More
Linux Spyware Stack Ties Together 5 Chinese APTs [Black Hat USA 2020]
On Wednesday, BlackBerry released an analysis to the Black Hat 2020 conference group in which evidence linking five Chinese APT groups was presented. The five groups are allegedly splinters of the Winnti group, which is a supply-chain specialist threat actor group. Read More
America was getting on top of its electronic voting machine security – then suddenly... A wild pandemic appears [Black Hat USA 2020]
Just as America was getting a grip on improving the security of its electronic ballot boxes, the coronavirus pandemic hit, throwing a potential surge in remote voting unexpectedly into the mix, the Black Hat hacking conference was told today. Read More
Ever wonder how a pentest turns into felony charges? Coalfire duo explain Iowa courthouse arrest debacle [Black Hat USA 2020]
Part of the problem, the two professional attackers told the Black Hat online conference today, was the imprecise terms of the penetration tests Coalfire was hired to perform at the request of the US state of Iowa. Read More
Tales from the Trenches Show Security Issues Endemic to Healthcare [Black Hat USA 2020]
As the chief information security officer for Indiana University Health, he has seen a spectrum of issues: information overload from risk assessments, ancient — in Internet years — computers managing physical systems and devices, a chaotic mess of password systems that don't interoperate, and legacy data that cannot be decrypted, he said during a virtual Black Hat USA presentation on Aug. 5. Read More
Black Hat: Election Security Issues Aplenty with ‘Interference,’ ‘Lots of Misinformation’ [Black Hat USA 2020]
This week’s virtual Black Hat USA 2020 conference kicked off with a call to arms for cybersecurity professionals to help with election security issues this November. Read More
Insecure satellite Internet is threatening ship and plane safety [Black Hat USA 2020]
In a briefing delivered on Wednesday at the Black Hat security conference online, researcher and Oxford Ph.D. candidate James Pavur presented findings that show that satellite-based Internet is putting millions of people at risk, despite providers adopting new technologies that are supposed to be more advanced. Read More
Now-fixed exploit used Microsoft Office macros to hack macOS [Black Hat USA 2020]
The exploit was developed by Jamf security engineer and ex-NSA hacker Patrick Wardle, who has long specialized in hacking Macs. Wardle showed off the attack method at the Black Hat 2020 security conference Wednesday. Read More
Researchers found another way to hack Android cellphones via Bluetooth [Black Hat USA 2020]
Attackers looking to steal sensitive information like contacts, call history, and SMS verification codes from Android devices only need to target Bluetooth protocols, according to new DBAPPSecurity research presented at the 2020 Black Hat conference Wednesday. Read More
Top federal official says 'more details coming' on foreign election interference [Black Hat USA 2020]
“That was the beginning of a conversation with the American people about these threats, about the risks we face, more is absolutely coming, more details and more granular information,” Krebs said during the virtual Black Hat cybersecurity conference. Read More
'Unprecedented' challenges to safe, secure 2020 vote [Black Hat USA 2020]
The virus "added a whole new set of concerns that were always there, but that got brought very sharply into focus" such as how to conduct voting in a state of emergency and what exceptions to make, said computer scientist and election security expert Matt Blaze during a speech at Black Hat this week. Read More
ATTPwn: Adversary emulation tool allows pen testers to identify security holes before attackers do [Black Hat USA 2020]
A new security tool designed to emulate adversaries conducting malware campaigns or probing networks for secrets was presented at Black Hat USA today. Read More
Matt Blaze warns of election security challenges amid COVID-19 [Black Hat USA 2020]
In his Black Hat USA 2020 keynote, Security researcher Matt Blaze discussed the challenges facing U.S. elections this year and what must be done to solve them. Read More
KubiScan: Open source Kubernetes security tool showcased at Black Hat 2020 [Black Hat USA 2020]
On the opening morning of Black Hat 2020’s virtual Arsenal program, security researcher Eviatar Gerzi explained how KubiScan trawls Kubernetes environments for risky permissions that attackers could potentially exploit to compromise the clusters. Read More
New EtherOops attack takes advantage of faulty Ethernet cables [Black Hat USA 2020]
Tomorrow at the Black Hat USA security conference, security researchers from IoT research outfit Armis are set to present details about a new technique that can be used to attack devices located inside internal corporate networks. Read More
Attack of the Clone: Next-Gen Social Engineering [Black Hat USA 2020]
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections. Read More
Tales from the Trenches Show Security Issues Endemic to Healthcare [Black Hat USA 2020]
As the chief information security officer for Indiana University Health, he has seen a spectrum of issues: information overload from risk assessments, ancient — in Internet years — computers managing physical systems and devices, a chaotic mess of password systems that don't interoperate, and legacy data that cannot be decrypted, he said during a virtual Black Hat USA presentation on Aug. 5.
Read More
Cheap, Easy Deepfakes Are Getting Closer to the Real Thing [Black Hat USA 2020]
THERE ARE MANY photos of Tom Hanks, but none like the images of the leading everyman shown at the Black Hat computer security conference Wednesday: They were made by machine-learning algorithms, not a camera. Read More
Building Cybersecurity Strategies in Sub-Saharan Africa [Black Hat USA 2020]
Evelyn Kilel and Laura Tich of Shehacks Ke discuss how they are working to build cybersecurity strategies that suit the needs and capabilities of developing nations. Read More
‘We want to have more protection’: Arrested pen testers push for Good Samaritan law [Black Hat USA 2020]
Coalfire employees Gary DeMercurio, managing senior, and Justin Wynn, senior security consultant, lobbied Wednesday at the virtual Black Hat conference for a Good Samaritan law that would protect their industry peers from the kind of overzealous prosecution they say they experienced for roughly five months, after a local sheriff had them arrested on Sept. 11, 2019 for alleged third-degree burglary. Read More
What a Security Engineer & Software Engineer Learned by Swapping Roles [Black Hat USA 2020]
As part of the swap, principal security engineer Craig Ingram was dropped into the Salesforce runtime team. Principal infrastructure engineer Camille Mackinnon joined the platform security assessment team. In a Black Hat briefing on Aug. 5, the two shared stories and lessons learned. Read More
Voting Machine Makers Are Finally Playing Nice With Hackers [Black Hat USA 2020]
At the Black Hat security conference today, Chris Wlaschin, vice president of systems security and chief information security officer of the election technology giant ES&S, and Mark Kuhr, chief technology officer of the security firm Synack, detailed how the two companies would work together to allow for so-caled penetration testing on some ES&S products—and pointed to the larger project of bridging the longstanding gap between their two worlds. Read More
Black Hat 2020: Scaling Mail-In Voting Spawns Broad Challenges [Black Hat USA 2020]
Security researcher Matt Blaze opened Black Hat 2020 with a call-to-arms for cybersecurity experts, asking them during his keynote to leverage their passion for election security to help secure the upcoming U.S. presidential elections, which will likely be a mostly vote-by-mail affair. Read More
Black Hat 2020: Web cache poisoning offers fresh ways to smash through the web stack [Black Hat USA 2020]
The potentially devastating consequences of attacks against contemporary web caches were once again pulled into stark focus at Black Hat USA this week, as security researcher James Kettle documented his ongoing study in the field. Read More
How do you solve a problem like election security? Matt Blaze tackles the age-old question at Black Hat 2020 [Black Hat USA 2020]
Matt Blaze provided a Black Hat 2020 keynote on election security
Confidence in the outcome of an election increasingly depends on the integrity of the voting systems themselves, cryptographer Matt Blaze told Black Hat 2020 attendees today. Read More
Why Cisco Duo’s on a Quest to Kill the Password [Black Hat USA 2020]
However, while it’s highly irrational and unlikely to happen, this innate fear of losing fingers and eyeballs proves Goerlich’s point, which he hopes to hammer home during his Black Hat session about passwordless security. “What can we do from an enterprise security perspective to increase the trust in passwordless authentication? That’s what’s important right now.” Read More
Black Hat: When penetration testing earns you a felony arrest record [Black Hat USA 2020]
Speaking at Black Hat USA on Wednesday, Demercurio and Wynn said that after-hours testing, at night, was originally only what the client wanted -- and this was then extended to day and evening testing. Read More
Cybersecurity professionals: Upcoming elections vulnerable to hackers [Black Hat USA 2020]
The organizers of the Black Hat USA 2020 cybersecurity conference found that 31% of those attending think the level of cyberattacks and disinformation will be so great that the election results will “always be in doubt,” according to a survey of 273 attendees conducted in advance of the conference. Read More
Black Hat 2020: Open-Source AI to Spur Wave of ‘Synthetic Media’ Attacks [Black Hat USA 2020]
At a Wednesday session at Black Hat USA 2020, researchers with FireEye demonstrated how freely-available, open-source tools – which offer pre-trained natural language processing, computer vision, and speech recognition tools – can be used to create malicious the synthetic media. Read More
Hackers encouraged to breach US voting technology to test security before election day [Black Hat USA 2020]
Election Systems & Software LLC Chief Information Security Officer Chris Wlaschin on Wednesday is expected to unveil an outreach program to security researchers during the annual Black Hat USA convention for hackers, which will be hosted remotely this year amid the coronavirus pandemic, the Wall Street Journal first reported. Read More
Former NSA Hacker to Demonstrate How to Hack Mac Users Via Microsoft Office [Black Hat USA 2020]
During the annual Black Hat security conference, which is being held online this year due to the COVID-19 pandemic, security researcher and former NSA hacker Patrick Wardle will demonstrate how he was able to create a chain of exploits that can take control of a Mac by simply convincing the target to open a Microsoft Office file. Read More
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis [Black Hat USA 2020]
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost. Read More
CISA Director Identifies Main Targets of Russian Adversaries in Election Security Efforts [Black Hat USA 2020]
Interagency collaboration has informed a focus on defending election night reporting and voter registration databases from ransomware attacks by Russian adversaries, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs told attendees of the annual Black Hat information security conference Wednesday. Read More
Live From Black Hat: Stress-Testing Democracy - Election Integrity During a Global Pandemic with Matt Blaze [Black Hat USA 2020]
Matt Blaze, this year’s Black Hat keynote speaker, is a researcher in the areas of secure systems, cryptography, and trust management. He is currently the McDevitt Chair of Computer Science and Law at Georgetown University. Read More
Black Hat: How your pacemaker could become an insider threat to national security [Black Hat USA 2020]
At Black Hat USA on Wednesday, Dr. Alan Michaels, Director of the Electronic Systems Lab at the Hume Center for National Security and Technology at the Virginia Polytechnic Institute and State University, echoed the same sentiment. Read More
Black Hat: How hackers gain root access to SAP enterprise servers through SolMan [Black Hat USA 2020]
Speaking at Black Hat USA on Wednesday, Onapsis cybersecurity researchers Pablo Artuso and Yvan Genuer explained how the bugs were found in SAP Solution Manager (SolMan), a system comparable to Windows Active Directory. Read More
Coronavirus brings election security threats. Experts say tech community must help [Black Hat USA 2020]
Election security, meet the coronavirus pandemic. That was the theme of the Black Hat security conference Wednesday, a meeting of cybersecurity experts from around the world that is taking place virtually this year to help limit the spread of COVID-19. Read More
Security Researcher Shows Off Now-Fixed macOS Hack That Used Microsoft Office [Black Hat USA 2020]
Wardle shared a blog post on the exploit that he found for manipulating Office files to impact Macs, which he's highlighting during today's online Black Hat security conference. Read More
Pen Testers Who Got Arrested Doing Their Jobs Tell All [Black Hat USA 2020]
De Mercurio and Wynn, who were fully exonerated in January after all charges against them were dropped, today at Black Hat USA Virtual will publicly share the full story of their harrowing experience and how it's shaped new pen-testing engagement protocols at their company — and their advice and recommendations for fellow physical pen testers so they can avoid a similar backlash to their social engineering and physical pen-test engagements. Read More
He has now presented his experiment in the virtual edition of the Black Hat IT security conference, which usually takes place every summer in Las Vegas. Read More
Black Hat 2020: CISO Summit Advisory Board Members Reflect on the State of Security [Black Hat USA 2020]
As part of Black Hat USA 2020, BizTech spoke with advisory board members of the event’s CISO Summit about the state of the industry. Wendy Nather, head of advisory CISOs at Cisco’s Duo Security; Trey Ford, vice president of trust and strategy at Salesforce; and Justine Bone, CEO of MedSec, discussed current security trends, the evolving role of the CISO and what they believe businesses should be preparing for. Read More
Black Hat 2020: In a Turnaround, Voting Machine Vendor Embraces Ethical Hackers [Black Hat USA 2020]
Voting machine technology seller Election Systems & Software (ES&S) offered an olive branch to security researchers with new safe harbor terms and vulnerability disclosure policies at Black Hat USA 2020. Read More
Ex-NSA Hacker Finds a Way to Hack Mac Users Via Microsoft Office [Black Hat USA 2020]
As it turns out, they could. Wardle published a blog post on Wednesday morning, and will demonstrate his findings during the Black Hat security conference on Wednesday, which is being held online this year due to the coronavirus pandemic. Read More
“Most endpoints are behind an edge network now, so the IP address and the stuff you can get by watching the network connection doesn’t tell you much anymore. So people are turning to DNS for monitoring or infection,” said Eldridge Alexander, security tools manager at Duo, who is speaking about DoH benefits and concerns during the Black Hat conference Wednesday. Read More
Baking and boiling botnets could drive energy market swings and damage [Black Hat USA 2020]
Evil armies of internet-connected EV chargers, ovens, hot-water heaters, air-conditioners, and other high-wattage appliances could be hijacked to slightly manipulate energy demand, potentially driving price swings and creating financial damage to deregulated energy markets, warns a new report scheduled to be presented Aug. 5 at the Black Hat U.S. 2020 conference. Read More
An '80s File Format Enabled Stealthy Mac Hacking [Black Hat USA 2020]
At the Black Hat security conference today, former NSA hacker Patrick Wardle plans to detail that technique, which exploits a series of vulnerabilities in both Microsoft Office and macOS to gain full access to the target Mac. Read More
A Flaw Used by Stuxnet Wasn't Fully Fixed [Black Hat USA 2020]
Hadar and his colleague, Tomer Bar, a research team manager at SafeBreach, will present their research Thursday at the Black Hat security conference, which is a virtual event this year due to the pandemic. Read More
Hackers Get Green Light to Test Election Voting Systems [Black Hat USA 2020]
With the U.S. presidential election less than three months away, ES&S Chief Information Security Officer Chris Wlaschin on Wednesday will unveil the company’s outreach effort to security researchers at the annual Black Hat hacker convention that is taking place virtually this year, according to ES&S. Read More
A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return [Black Hat USA 2020]
During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet’s recent return -and how a cyber vigilante is attempting to thwart the malware’s comeback. Read More
Researchers uncover vulnerabilities in devices used at industrial facilities [Black Hat USA 2020]
“These devices tend to be overlooked,” said Trend Micro’s Marco Balduzzi, who will present his findings at the Black Hat virtual hacking conference this week. “There are some vendors that are security-conscious and others that are not.” Read More
5 Tools Out of Black Hat to Gain Better IoT Visibility [Black Hat USA 2020]
Even in the COVID era, August can’t officially start for the cybersecurity community without Black Hat USA researchers offering up some juicy exploit announcements and dropping useful security tools onto GitHub. This year’s event is fully virtual, which means no rockin’ Vegas parties—but still plenty of interesting research lined up. Read More
Top voting vendor ES&S publishes vulnerability disclosure policy [Black Hat USA 2020]
On Wednesday at the Black Hat virtual conference, CISA Director Chris Krebs urged voters to be vigilant in the face of disinformation campaigns and patient in waiting for votes to be counted. “The last measure of resilience in the 2020 election is going to be an informed, patient voter,” he said. Read More
HACKING MEDICAL DEVICES TO HIJACK SECURE FACILITIES [Black Hat USA 2020]
Michaels described how implanted medical devices—such as pacemakers and insulin pumps— could be compromised to listen to conversations, access classified information, even expose the location of these secure facilities in his presentation at this year’s Black Hat conference (which was offered virtually). Read More
The Cybersecurity World Strives To Fill The Void Of Large Conferences And Events [Black Hat USA 2020]
I should be in Las Vegas right now at the Black Hat security conference—known affectionately in cybersecurity circles as “Hacker Summer Camp”. I had it penciled in on my calendar since this time last year, but the COVID-19 pandemic derailed the plan. Read More
What to Expect at Black Hat 2020 [Black Hat USA 2020]
While Black Hat lasts a week, most of that time is devoted to training sessions that help researchers hone their skills. The two days of Black Hat briefings, open to the press and others, are where the latest revelations come to light. Each day has a keynote, and both keynotes relate to election security. Read More
Decades-Old Email Flaws Could Let Attackers Mask Their Identities [Black Hat USA 2020]
At the Black Hat security conference on Thursday, researchers will present "darn subtle" flaws in industry-wide protections used to ensure that emails come from the address they claim to. Read More
Robots Running the Industrial World Are Open to Cyber Attacks [Black Hat USA 2020]
“Attacks on industrial environments in these sectors could have serious consequences, including operational failure, physical damage, environmental harm and injury or loss of life,” according to Federico Maggi, a researcher at Trend Micro Inc., and Marcello Pogliani, an information security researcher at Politecnico di Milano, in a research report reviewed by Bloomberg News. The report will be presented Wednesday at a virtual forum organized by Black Hat, which hosts cybersecurity events around the world. Read More
Hackers Could Use IoT Botnets to Manipulate Energy Markets [Black Hat USA 2020]
At the Black Hat security conference on Wednesday, the researchers will present their findings theorizing that high-wattage IoT botnets—those made up of power-guzzling devices like air conditioners, car chargers, and smart thermostats—could be deployed strategically to increase demand at certain times in any of the nine private energy markets around the US. Read More
2020 election could be under threat from "old adversaries" and "domestic disinformation campaigns" [Black Hat USA 2020]
"The new stuff we're hearing about now, this is really interesting," said Patterson, who is covering the annual Black Hat cybersecurity conference this week. Read More
Microsoft has paid security researchers $13.7 million for bug bounties in 12 months [Black Hat USA 2020]
But the timing is no coincidence: The Black Hat USA 2020 security conference kicks off tomorrow. Microsoft is championing its holistic approach to customer security, which includes the wider security community engaging in its bug bounties. Read More
High-Wattage IoT Botnets Can Manipulate Energy Market: Researchers [Black Hat USA 2020]
The notorious IoT botnet Mirai was powered by 600,000 devices, but those were mostly low-wattage devices. However, the researchers told SecurityWeek in an interview ahead of a talk at the Black Hat cybersecurity conference, an attacker with large resources could create a botnet of high-wattage devices from scratch, by searching for vulnerabilities in the targeted IoT devices and then exploiting them in an effort to ensnare them in a botnet. Read More
Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020 [Black Hat USA 2020]
Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees. Read More
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes [Black Hat USA 2020]
Critical flaws in the popular Meetup platform were revealed Monday as part of research unleashed at this week’s Black Hat USA 2020. The flaws, which have been patched, enable the full takeover of Meetup “Groups” by threat actors, who can also redirects payments and carryout other malicious actions. Read More
Satellite Broadband Security - James Pavur - BH2020 [Black Hat USA 2020]
In my upcoming Blackhat and DEFCON briefings, I will be presenting the result of several experiments looking at real-world security and privacy in satellite broadband communications. Read More
Why Secure Remote Access Is Like The Emperors New Clothes - Charl van der Walt, Wicus Ross - BH20 #1 [Black Hat USA 2020]
Our research for Black Hat demonstrates that the Secure Remote Access or so-called 'VPN' technologies typically used by enterprises to facilitate access to their networks for remote employees are poorly understood, improperly configured and don't provide the full level of protection typically expected of them. Read More
Black Hat and Def Con 2020 go into ‘safe mode,’ offering a week of virtual trainings, briefings [Black Hat USA 2020]
The annual Black Hat USA mega-conference has launched as a virtual event with training sessions already underway, and moves into keynotes and briefings Wednesday with an opening speech by researcher Matt Blaze on election security, and on Thursday with a keynote by Renee DiResta of the Stanford Internet Observatory on “Hacking Public Opinion.” Read More
Common Container and Kubernetes Vulnerabilities [Black Hat USA 2020]
I recently spoke with Rory McCune, principal security consultant at NCC Group, to discover what common vulnerabilities exist in today’s containers and container orchestration environments. McClune will be leading the Mastering Container Security IV training, a deep two-day dive into mastering container security, during the Black Hat virtual conference Aug. 3–4. Read More
Enjoy Black Hat and DEF CON from home [Black Hat USA 2020]
In normal times, the first week of August sees a huge chunk of the cybersecurity community — researchers, journalists, vendors and policymakers — converge on Las Vegas for talks, demos, announcements and schmoozing at Black Hat and DEF CON, two of the year’s biggest hacker conferences. The coronavirus pandemic has ruled out those giant in-person confabs this year, but both conferences have adapted by implementing virtual formats, and there’s still a smorgasbord of good programming coming our way this week. Read More
Black Hat USA: Your guide to the top web hacking sessions in 2020 [Black Hat USA 2020]
All eyes are on the upcoming US Presidential Election, so it’s perhaps unsurprising that voter security is top of the agenda for Black Hat USA this year. Read More
Annual Black Hat convention travels from the Las Vegas Strip to the digital world [Black Hat USA 2020]
“Security researchers spend a lot of time finding bugs and trying to investigate how to make our digital world more secure. So, they come to Black Hat to share the results of that,” said Steve Wylie, Black Hat General Manger. Read More
'Hidden Property Abusing' Allows Attacks on Node.js Applications [Black Hat USA 2020]
A team made up of security researchers from the Georgia Institute of Technology has found a way to exploit Node.js applications by manipulating the hidden properties used to track internal program states, the group plans to announce at the virtual Black Hat USA security conference next week. Read More
IT security conference Black Hat USA 2020 starts on Saturday [Black Hat USA 2020]
Due to the corona virus pandemic, this year's Black Hat Conference, one of the most important annual IT security events, will take place from August 1st through August 6th. The necessity of social distancing gives conference visitors from all over the world the advantage of being able to attend from the comfort of their own home. Read More
Anti-NATO Disinformation Campaign Leveraged CMS Compromises [Black Hat USA 2020]
The topic of disinformation and influence campaigns is slated to be a big topic this year at Black Hat USA 2020, with keynotes surrounding election security and COVID-19 disinformation over the past few months. Read More
'Hidden Property Abusing' Allows Attacks on Node.js Applications [Black Hat USA 2020]
A team made up of security researchers from the Georgia Institute of Technology has found a way to exploit Node.js applications by manipulating the hidden properties used to track internal program states, the group plans to announce at the virtual Black Hat USA security conference next week. Read More
Top 6 cybersecurity trends to watch for at Black Hat USA 2020 [Black Hat USA 2020]
At this year's Black Hat USA 2020 computer security conference, some of the top trends expected to surface include ransomware, election security and how to protect a remote workforce. Read More
Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More [Black Hat USA 2020]
Despite COVID-19 pushing the Black Hat USA 2020 conference to go virtual for the first time, you can expect a steady stream of new security research, threat intel and an impressive lineup of high-profile speakers. Read More
Universities Explore A Path For A Safe And Secure Healthcare Ecosystem | Black Hat USA 2020 Coverage [Black Hat USA 2020]
The healthcare train is barreling down the tracks of society, fueled by new technologies and massive amounts of data. Security companies offer products and services for traditional protection/detection/response but many miss the mark on the interconnected core of the healthcare ecosystem: healthcare apps, devices, data, and 3rd-party vendors. Upon further inspection, the safety train may be running wild in the healthcare space.
And that's exactly why we decided to bring these 3 Black Hat presenters together. Read More
Black Hat Virtually: An Important Time to Come Together as a Community [Black Hat USA 2020]
It's an odd dichotomy for cybersecurity leaders and vendors this summer: Many of us are gearing up for Black Hat USA 2020, long one of the most influential conferences in the industry. But none of us are booking plane tickets, setting aside (just a little bit of) cash for the blackjack tables, or booking dinner meetings at whichever steakhouse doesn't require going out into the Las Vegas heat. Read More
Universities Explore A Path For A Safe And Secure Healthcare Ecosystem | Black Hat USA 2020 Coverage | With Seth Fogie, Alan Michaels, And Mitchell Parker [Black Hat USA 2020]
The healthcare train is barreling down the tracks of society, fueled by new technologies and massive amounts of data. Security companies offer products and services for traditional protection/detection/response but many miss the mark on the interconnected core of the healthcare ecosystem: healthcare apps, devices, data, and 3rd-party vendors. Read More
Election Security: Securing America's Future | With Christopher Krebs, CISA | Black Hat USA 2020 [Black Hat USA 2020]
Listen to this podcast we had with Christopher Krebs, Director at the Cybersecurity and Infrastructure Security Agency (CISA) as he presents his upcoming session at Black Hat 2020 Virtual Edition; and so much more. Read More
Dark Reading Video News Desk Returns to Black Hat [Black Hat USA 2020]
For 2020, Black Hat USA has transformed into Black Hat Virtual, moving out of Vegas and onto the Internet. And when the action kicks off next week, the Dark Reading News Desk team will be there. (The desk won't.) Read More
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event [Black Hat USA 2020]
lack Hat Arsenal is a venue for developers and researchers to showcase the latest open source tools to members of the cybersecurity community. Read More
How CISOs can deal with cybersecurity stress and burnout [Black Hat USA 2020]
Cybersecurity stress and mental health conversations have become more frequent recently, and Mogull said the security industry can learn a lot from EMS. Mogull is presenting on the topic at Black Hat 2020. Read More
Election Security: Securing America's Future | With Christopher Krebs, CISA | Black Hat USA 2020 [Black Hat USA 2020]
Seems that now, more than ever, we found ourselves in a situation where the outcome of a Democratic election could be manipulated by external actors — or at least we are very worried that it is a possibility. We know for a fact that various sorts and levels of cultural propaganda have been tried for many decades, but it has never been as powerful as it has been since the advent of the Internet and social media. At this point, we know that not only is it possible; it is also a fact. Read More
Email Security Features Fail to Prevent Phishable 'From' Addresses [Black Hat USA 2020]
Three standards for email security that are supposed to verify the source of a message have critical implementation differences that could allow attackers to send emails from one domain and have them verified as sent from a different — more legitimate-seeming — domain, says a research team who will present their findings at the virtual Black Hat conference next month. Read More
Google lead says he’s ‘disappointed’ with Apple’s new iPhone security program [Black Hat USA 2020]
Apple’s Security Research Device program has been long overdue and was first mentioned last year at the Black Hat security conference by the company’s head of security, Ivan Krstic. Read More
8 Cybersecurity Themes to Expect at Black Hat USA 2020 [Black Hat USA 2020]
While many a security professional currently laments the inability to meet up with peers for real-life security summer camp this year, the good news is that Black Hat USA 2020 is a go for virtual attendees. The conference organizers have still managed to capture the zeitgeist of the security industry through Black Hat programming, which will feature the same kinds of vulnerability disclosures, attack research, and exploit tools that regulars have come to expect. Read More
Black Hat USA 2020 Coverage The Virtual Experience | With BH General Manager Steve Wylie [Black Hat USA 2020]
While we will miss being there, here is what we won't miss as it's all still happening: training, tracks, an amazing conversation about election security, healthcare, mobile, digital transformation, and obviously, cybersecurity's new world connected to the work-from-home new normal.
Listen to our chat with Steve to find out all that the Black Hat virtual experience has to offer. Read More
Apple is now supplying bug bounty hunters with special iPhones [Black Hat USA 2020]
During the Black Hat security conference last year, Apple said that it intended to provide special iPhones to bug hunters. The idea was to help them find bugs so that Apple could squash them and the company is now coming good. Read More
Apple's New iPhone Rewards Hackers for Bugs [Black Hat USA 2020]
At last year's Black Hat hacker conference in Las Vegas, Apple announced that it would be releasing hackable iPhones to help security researchers investigate the smartphones for vulnerabilities. Read More
Apple's new security program gives special iPhone hardware, with restrictions attached [Black Hat USA 2020]
At last year's Black Hat cybersecurity conference, Apple first said it would be providing modified iPhones for security researchers. It launched the program Wednesday, saying it would be accepting applications immediately and that researchers who apply should expect to get their devices very soon. Read More
Apple Starts Giving 'Hacker Friendly' iPhones to Top Bug Hunters [Black Hat USA 2020]
Last year at the Black Hat security conference, Apple’s head of security Ivan Krstic told a crowd of security researchers that it would give its most-trusted researchers a “special” iPhone with unprecedented access to the the device’s underbelly, making it easier to find and report security vulnerabilities that Apple can fix in what it called the iOS Security Research Device program. Read More
An Overview of Black Hat USA 2020 - Steve Wylie - ESW #191 [Black Hat USA 2020]
Tune-in to get the inside scoop on Blackhat 2020! Steve Wylie, Black Hat General Manager, joins us to talk about to what attendees can expect from this year's virtual Blackhat event. Steve discusses the highly-anticipated briefings, trainings, new tracks, community programs, and the all new virtual conference platform. Read More
Q&A: How Systemic Racism Weakens Cybersecurity [Black Hat USA 2020]
Stewart will lead a discussion session at Black Hat USA Virtual on "Taking Steps to Break Down Systemic Racism in Cybersecurity," in the event's Community track, on Thursday, Aug. 6, at 10 a.m. PT. Read More
Checkmate: Cybersecurity Strategy on the Modern Battlefield [Black Hat USA 2020]
The same technique can be applied to security. In fact, according to recent research conducted at Black Hat conference in 2019, over 70% of respondents said their businesses conduct ‘red team’ exercises. Simulated attacks can be employed to actively seek out vulnerabilities in their own security infrastructure – an effective way to proactively prepare for real attacks in the future. Read More
Infosec pro Vandana Verma on improving diversity and helping to grow the Indian security community [Black Hat USA 2020]
“Keeping pace with the current restrictions due to the spread of Covid-19, OWASP Bangalore Chapter has also gone online and our sessions are published on our YouTube channel.”
This is part of a wider move towards online events: Verma was due to speak at Black Hat in August. Read More
Researcher Matt Blaze tapped for Black Hat keynote on election security issues [Black Hat USA 2020]
Matt Blaze, cyber researcher and professor of computer science and law at Georgetown University, will deliver a keynote on election security to help launch this year’s all-digital Black Hat conference in August. Read More
Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems [Black Hat USA 2020]
Wixey will share more puzzles, riddles, and observations made while creating this initiative in his upcoming Black Hat USA talk, "Breaking Brains, Solving Problems: Lessons Learned from Two Years of Setting Puzzles and Riddles for Infosec Professionals" on Thursday, August 6. Read More
Lost in Translation: Serious Flaws Found in ICS Protocol Gateways [Black Hat USA 2020]
Marco Balduzzi, senior research scientist with Trend Micro, next month at the Black Hat USA virtual event will disclose details of multiple vulnerabilities he and his team discovered in a sampling study of five popular ICS gateway products. Their findings focused not on the gateways' software nor the industrial protocols as in previous research, but rather on a lesser-studied function: the protocol translation process the devices conduct. Read More
A Paramedic's Lessons for Cybersecurity Pros [Black Hat USA 2020]
Mogull will share stories and lessons about his parallel careers in an upcoming Black Hat USA talk, "The Paramedic's Guide to Surviving Cybersecurity," on Thursday, August 6. Read More
Black Hat announces first keynote for August virtual conference, focusing on disinformation [Black Hat USA 2020]
The first announced keynote speech for Black Hat’s all-digital 2020 conference will focus on disinformation, with a presentation from a leading researcher into one of the hottest and most difficult issues facing policymakers. Read More
A Most Personal Threat: Implantable Devices in Secure Spaces [Black Hat USA 2020]
Michaels will be presenting results of his research at Black Hat, in a session titled "Carrying Our Insecurities with Us: The Risks of Implanted Medical Devices in Secure Spaces" at 10:00 a.m. on Wednesday, August 5. Read More
How Advanced Attackers Take Aim at Office 365 [Black Hat USA 2020]
Madeley and Bienstock will discuss more of these attack methods in their upcoming Black Hat USA talk, "My Cloud is APT's Cloud: Investigating and Defending Office 365," on August 6, 2020. Read More
Building Security Strategies in Sub-Saharan Africa: Trends and Concerns [Black Hat USA 2020]
Tich and Kilel will share insights into the sub-Saharan security landscape, along with proposed policies and solutions, in their upcoming Black Hat USA talk, "Building Cyber Security Strategies for Emerging Industries in Sub-Saharan Africa," to take place on Aug. 6, 2020. Read More
COVID-19 pandemic has changed cybersecurity utterly [Black Hat USA 2020]
A survey of more than 270 cybersecurity professionals published this week by the host of the Black Hat Conference finds 80 percent of respondents said they believe the pandemic will lead to significant changes in cybersecurity operations. Only 15 percent said they believe cybersecurity operations and threat flow will return to normal once the COVID-19 pandemic subsides. Read More
Cybersecurity Risks Increase as Nation Adapts to Effects of COVID-19; Bryan Ware Quoted [Black Hat USA 2020]
COVID-19 has triggered a wave of cybersecurity threats in a variety of industries, and security professionals predict that there will be no return to normality. Black Hat has found that 94 percent of current and former attendees believe that COVID-19 increases the cyber threat to enterprise systems and data. Read More
Security Predictions: COVID-19 Edition [Black Hat USA 2020]
Black Hat's survey, Cyber Threats in Turbulent Times, describes how the COVID-19 pandemic will have a huge impact on the information security industry in the second half of 2020. Read More
COVID-19-triggered threat changes will linger beyond crisis, say most security pros [Black Hat USA 2020]
A commanding 94% majority of respondents to a new Black Hat survey says the pandemic has increased cybersecurity threats to enterprise systems and data – and many say it will continue to. Read More
Black Hat survey: Unprecedented stress in cyber ecosystem amid COVID-19 upheaval [Black Hat USA 2020]
Black Hat USA on Tuesday released the results of its sixth annual survey of attendees at one of the world’s largest conferences for cyber professionals – to be held online this year – finding deep concerns about the lasting impact of the pandemic on cybersecurity. Read More
Administration officials under spotlight [Black Hat USA 2020]
Only 15 percent of experts “believe that cyber operations and threat flow will return to normal” after the pandemic ends, the organizers of the Black Hat security conference said in their annual survey of past attendees. Eighty-four percent of respondents “believe that significant, lasting changes will occur, at least in some industries.” Read More
Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19 [Black Hat USA 2020]
Annual "Black Hat USA Attendee Survey" indicates unprecedented concern over possible compromises of enterprise networks and US critical infrastructure. Read More
Coronavirus creating big cyber risks that will persist in long term, experts say [Black Hat USA 2020]
Only 15 percent of experts “believe that cyber operations and threat flow will return to normal” after the pandemic ends, the organizers of the Black Hat security conference said in their annual survey of past attendees. Eighty-four percent of respondents “believe that significant, lasting changes will occur, at least in some industries.” Read More
‘Lamphone’ Hack Uses Lightbulb Vibrations to Eavesdrop on Homes [Black Hat USA 2020]
“Fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time,” said researchers with the Ben-Gurion University of the Negev and Weizmann Institute of Science, in a paper published this week. The research will be further presented at the Black Hat USA 2020 virtual conference in August. Read More
Lamphone attack lets threat actors recover conversations from your light bulb [Black Hat USA 2020]
Additional details are available in the research team's academic paper, entitled "Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations". The research team's work will be presented in August at the Black Hat security conference. Read More
How You Can Use a Light Bulb to Eavesdrop on People's Conversations [Black Hat USA 2020]
"We show how fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time," the researchers write in their new paper, which they plan to present later this year at the Black Hat USA security conference. Read More
Spies Can Eavesdrop by Watching a Light Bulb's Vibrations [Black Hat USA 2020]
"Any sound in the room can be recovered from the room with no requirement to hack anything and no device in the room," says Ben Nassi, a security researcher at Ben-Gurion who developed the technique with fellow researchers Yaron Pirutin and Boris Zadov, and who plans to present their findings at the Black Hat security conference in August. "You just need line of sight to a hanging bulb, and this is it." Read More
Hacker Used £270 of TV Equipment to Eavesdrop on Sensitive Satellite Communications [Black Hat USA 2020]
James Pavur, a Rhodes Scholar and DPhil student at Oxford, will detail the attack in a session at the Black Hat security conference in early August. Read More
New Spectra attack breaks the separation between Wi-Fi and Bluetooth [Black Hat USA 2020]
"Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum, and wireless chips need to arbitrate the channel access," the research team said today in a short abstract detailing an upcoming Black Hat talk. Read More
Tech's Volkswagen moment? Trend Micro accused of cheating Microsoft driver QA by detecting test suite [Black Hat USA 2020]
"Most of the security concerns I have with Trend Micro's driver were shocking because most of them were not mistakes," said Demirkapi, who has presented at hacking super-conference DEF CON and is due to discuss Windows rootkits at Black Hat USA 2020. Read More
PrintDemon vulnerability impacts all Windows versions [Black Hat USA 2020]
PrintDemon is tracked under the CVE-2020-1048 identifier. Two security researchers from SafeBreach Labs, Peleg Hadar and Tomer Bar, were the first to discover the issue and report it to Microsoft. The two will be presenting their own report on the issue at the Black Hat security conference in August. Read More
New flaw in the Intel Thunderbolt port puts millions of laptops in risk of being hacked [Black Hat USA 2020]
Ruytenberg also said that no software update can patch this issue, and Intel has to get back to the drawing board and make hardware changes to fix this issue.
Ruytenberg plans to present his Thunderspy research at the Black Hat security conference this summer. Read More
Hacking technique makes millions of devices vulnerable, research finds [Black Hat USA 2020]
The researcher will be detailing his discovery at a Black Hat security conference this summer, and is releasing a tool so that people can see if their computers might be vulnerable to the hack. Read More
Millions of Thunderbolt-Equipped Devices Open to ‘ThunderSpy’ Attack [Black Hat USA 2020]
A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes.
Ruytenberg plans to present his research at the Black Hat USA conference this summer. Read More
Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking [Black Hat USA 2020]
"All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop," says Ruytenberg, who plans to present his Thunderspy research at the Black Hat security conference this summer—or the virtual conference that may replace it. Read More
The best security conferences of 2020 [Black Hat Asia 2020]
This is the Asian sister of the famous North American conference for hackers held in Las Vegas. It combines hands-on training sessions taught by industry experts with briefings containing cutting-edge research, including the latest zero-day vulnerabilities. There's also a business hall for solutions and service providers, and an "arsenal" feature where the latest open-source security tools are demonstrated. Read More
Ransomware Attackers May Lurk for Months, FBI Warns [Black Hat Europe 2019]
Or in the case of nation-state hacking operations, attackers may deploy ransomware to make the intrusion look like a criminal undertaking, while helpfully wiping their digital forensic tracks, as Jake Williams, head of cybersecurity consultancy Rendition Infosec, told me at this month's Black Hat Europe conference in London Read More
Ransomware 2.0: Cybercrime Gangs Apply APT-Style Tactics [Black Hat Europe 2019]
In this interview (see audio link below the image) recorded a the recent Black Hat Europe 2019 conference, Williams also discusses how hackers are "surgically targeting backup solutions" before deploying ransomware Read More
Google charts progress in developing Site Isolation browser technology [Black Hat Europe 2019]
During a presentation at the Black Hat Europe conference in London earlier this month, Google software engineers Nasko Oskov and Charlie Reis offered an update (PDF) on the development of its Site Isolation technology. Read More
#SocialSec – Hot takes on this week’s biggest cybersecurity news (Dec 13) [Black Hat Europe 2019]
Google believes the feature will help to combat SMS phishing attacks – a topic covered at Black Hat Europe last week – that seek to deceive users with “things like one-time passwords, account alerts, or appointment confirmations”. Read More
YouTube users be aware: Your viewing habits can be tracked [Black Hat Europe 2019]
Ran Dubin, a doctoral student in the BGU Department of Communication Systems Engineering who is an expert in cyber security, presented this research at the Black Hat Europe meeting in London. Read More
Visual Journal: Black Hat Europe 2019 [Black Hat Europe 2019]
Black Hat Europe returned to London last week. Once again held at the ExCeL conference center in the city's Docklands quarter, the annual cybersecurity conference featured in-depth training as well as two days of briefings, vendor exhibitions in a packed business hall, sessions run by vendors, in-depth technical demonstrations and more. Read More
Cybersecurity: How Facebook's red team is pushing boundaries to keep your data safe [Black Hat Europe 2019]
Amanda Rousseau, offensive research engineer at Facebook, who was formerly a malware researcher and a computer forensic examiner, detailed how the red teaming at Facebook works – and the challenges it involves – at the Black Hat Europe 2019 cybersecurity conference in London. Read More
‘Alexa, hack my serverless technology’ – attacking web apps with voice commands [Black Hat Europe 2019]
Speaking at the Black Hat Europe conference in London last week, researcher Tal Melamed took control of vulnerable applications hosted on serverless environments using Alexa-guided SQL injection attacks. Read More
Top Ten: Things We Learned in 2019 [Black Hat USA 2019]
Deepfakes have been an emerging trend in 2019, with claims that their use could have political impact. At the Black Hat conference in Las Vegas in August, security vendor ZeroFOX disclosed research on deepfakes, and how to improve detection. Read More
Panasonic Use Honeypot for the Safety of its IoT Products [Black Hat Europe 2019]
Panasonic uses two web sites honeypots that are built specifically and have the effect of exposing the device to the internet. "This is to lure cyber criminals to attack the device," ZDNet wrote , Monday (9 December 2019) which summarizes the presentations of two Panasonic officials at the "Black Hat Europe" event in London. Read More
SIEMs like a stretch: Elastic searches for cash from IT pros with security budgets [Black Hat Europe 2019]
They're a bit coy about it, though. The global biz's James Spiteri told The Register at Black Hat Europe that this was all about offering customers a better choice of integrated tools, with eating a slice of the pies being baked by others on its Elasticsearch tool as a very distant second priority. Of course. Read More
When it rappels in the cloud container [Black Hat Europe 2019]
Fork Bombs are not new, but they seem to be able to dislodge a Kubernetes. How the bomb can be defused and what other potential problems lurk in build environments was a topic at Black Hat Europe. Read More
Maersk CISO Says NotPeyta Devastated Several Unnamed US firms [Black Hat Europe 2019]
Speaking at Black Hat Europe 2019, A.P. Moller Maersk A/S Chief Information Security Officer Andrew Powell said he believes globally approximately 600 companies were damaged by NotPetya around the time of the Maersk attack. Read More
Honeypots: Best Bet for IoT Security? [Black Hat Europe 2019]
In a recent presentation at Black Hat Europe in London, security researchers from Panasonic, Hikohiro Y Lin and Yuki Osawa, detailed that how they’re executing honeypots. Read More
How Panasonic is using internet honeypots to improve IoT device security [Black Hat Europe 2019]
The process was detailed by Hikohiro Y Lin, general manager and head of the product security incident response team, and Yuki Osawa, senior engineer at Panasonic Corporation, presenting a session at Black Hat Europe in London. Read More
When the screens went black: How NotPetya taught Maersk to rely on resilience – not luck – to mitigate future cyber-attacks [Black Hat Europe 2019]
ecounting the remarkable stroke of luck at the Black Hat Europe conference in London last week, Maersk CISO Andy Powell said the malware wiped out almost all online backups of the company’s Active Directory – save, mercifully, for a piece held in its powered-down Lagos office. Read More
8 Takeaways: Black Hat Europe's Closing 'Locknote' Panel [Black Hat Europe 2019]
On Thursday, the final day of this year's annual cybersecurity conference, Black Hat founder and organizer Jeff Moss (@thedarktangent) took to the stage, joined by several member of the Black Hat review board. The board reviews and selects all of the conference briefings. Read More
SEC Xtractor – Experts released an open-source hardware analysis tool [Black Hat Europe 2019]
An open-source bootloader was used to program the device via USB. No external programmer is needed to reflash the ATXmega microcontroller. The black color for the main PCB and the NAND/NOR adapters were chosen because the launch was made during Black Hat Europe 2019 Arsenal. Read More
Maersk CISO: I don't trust the built-in security of the cloud [Black Hat Europe 2019]
At Maersk, CISO (Chief Information Security Officer) Andy Powell does not immediately have the big scam of the built-in security on the cloud platforms. He came up with the topic during a presentation at the Black Hat Europe Security Conference taking place in London this week. Read More
How the Adversarial Mindset Is Making Cybersecurity Better [Black Hat Europe 2019]
In this interview (see audio link below the image) recorded at Black Hat Europe 2019, Moss also discusses the increased use of red teams to help organizations' blue teams and engineers to be more effective Read More
The best hacks from Black Hat Europe 2019 [Black Hat Europe 2019]
If there was still any semblance of doubt, security researchers proved once again that anything based on a computer can and will be hacked during the Black Hat Europe conference this week. Read More
Search engine detects security holes in security cameras [Black Hat Europe 2019]
At Black Hat Europe 2019, Japanese security researchers from NTT have launched an online search that will help them discover security holes in no-name security cameras. Read More
Doors of Durin: backdoor in Siemens PLC [Black Hat Europe 2019]
After a welcome by the Black Hat founder Jeff Moss started yesterday the 19th Black Hat Europe in London. Among other things, security researchers from the University of Bochum showed that there is a backdoor in a Siemens PLC. Read More
How to fool infosec wonks into pinning a cyber attack on China, Russia, Iran, whomever [Black Hat Europe 2019]
Faking digital evidence during a cyber attack – planting a false flag – is simple if you know how, as noted infosec veteran Jake Williams told London's Black Hat Europe conference. Read More
Behind the story: Journalist Geoff White takes a closer look at the fragile ties between security and the media [Black Hat Europe 2019]
Speaking at the Black Hat Europe conference in London yesterday (December 4), White noted that media outlets published the story on public interest grounds. Read More
Barq: Post-exploitation framework plays havoc with AWS infrastructure [Black Hat Europe 2019]
Barq, a post-exploitation framework that allows penetration testers and red teamers to easily perform attacks on running AWS infrastructure, was showcased during the Arsenal sessions at Black Hat Europe today (December 5). Read More
Black Hat Europe: Mental health websites are leaking user data [Black Hat Europe 2019]
At Black Hat Europe in London, researchers reveal the extent to which confidential data is being leaked to third parties by online mental health websites Read More
Black Hat Europe: New tool offers Metasploit-like framework for hacking into drones [Black Hat Europe 2019]
Progress in developing the tool, dubbed ‘DroneSploit’, was outlined by its developers, Alexandre D’Hondt and Yannick Pasquazzo, during an Arsenal session at the Black Hat Europe conference in London today (December 5). Read More
Black Hat Europe 2019: Did your employee leave with the data? [Black Hat Europe 2019]
Departing employees account for more than half of all insider threat incidents; Two out of three professionals openly admit to taking data with them when they quit Read More
"Hackers hack - but you should know the tools they use" [Black Hat Europe 2019]
Lars Dobos attends the Black Hat conference in London and is struck by the fact that the world certainly does not suffer from a lack of hacking tools. Read More
#BHEU: Mental Health and Depression Websites Share Details in Plain Text [Black Hat Europe 2019]
Revealing research around web and cookie security at Black Hat Europe in London, Eliot Bendinelli, technologist at Privacy International and Frederike Kaltheuner, formerly of Privacy International and now tech policy fellow at Mozilla, described how a number of websites offering “tests” on mental health and depression shared results with third parties. Read More
False flag cyber operations likely to further muddle the complex attribution puzzle [Black Hat Europe 2019]
Jake Williams, principal consultant at Rendition Infosec and former US Department of Defense (DoD) cybersecurity expert who has taken part in offensive ops, told delegates at this year’s Black Hat Europe that conducting a false flag cyber operation is a lot easier than people tend to think. Read More
Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism [Black Hat Europe 2019]
Now that major data leaks are a semi-regular occurrence it’s more important than ever for cybersecurity professionals to understand how the media covers them, and there’s no better place to do that than Black Hat Europe in London this week. Read More
Black Hat Europe 2019: Facebook’s Amanda Rousseau on rabbit holes, red team ops, and challenging security assumptions [Black Hat Europe 2019]
Facebook red teamer Amanda Rousseau lamented an incipient hyper-specialization among infosec professionals during her keynote address at Black Hat Europe 2019 today (December 4). Read More
#BHEU: Consider Adversarial Thinking, Ask If the Tool Works [Black Hat Europe 2019]
Delivering the opening keynote at Black Hat Europe, offensive security engineer Amanda Rousseau talked about the move from a defensive to offensive role, and how narrow that has made our thinking. Read More
Gates wide open to contactless fraud [Black Hat Europe 2019]
But two security researchers, speaking at the Black Hat Europe 2019 conference in London on December 4, painted a much darker picture of contactless payment risks. Read More
WHID Elite: Weaponized USB gadgets boast multiple features for the stealthy red teamer [Black Hat Europe 2019]
Presenting the tool on the Arsenal track at this year’s Black Hat Europe, Bongiorni explained how he wanted to develop the capabilities of a previous iteration, WHID Injector – a USB device that, once plugged into a target’s machine, could allow an attacker to remotely inject keystrokes without the need for physical access. Read More
#BHEU: Foster the Right Skills, Culture and Share Knowledge [Black Hat Europe 2019]
Opening the 19th Black Hat Europe in London, founder Jeff Moss said that over the years the diversity of the security community has grown as well has the expansion of skills to include both hard and soft skills. Read More
Unknown error in Windows Hello for Business - fix released today, but not by Microsoft [Black Hat Europe 2019]
A hitherto unknown error in Windows Hello for Business has been discovered by a Czech security researcher presenting his findings at the Black Hat conference in London. The researcher has developed his own tool, but Microsoft's own patch may be delayed. Read More
Black Hat Europe: Red teams and blue teams must evolve in the 2020s [Black Hat Europe 2019]
The concepts of red teams and blue teams in cyber security should be redefined for the 2020s, and both sides need to come together and learn from each other, according to Facebook offensive security engineer Amanda Rousseau, who opened Black Hat Europe 2019 by calling for a new approach to this fundamental aspect of security culture. Read More
Attack detection: Zhouhe uses machine learning to hunt for network traffic threats [Black Hat Europe 2019]
“Meanwhile, our machine learning algorithms let us know some unknown threats or 0day that cannot be detected by the ruleset, so that we can better write rules.” Rui Xiao and Rui Zhang demonstrated their tool during a Black Hat Europe Arsenal presentation earlier today (December 4). Read More
The Future of Texting Is Far Too Easy to Hack [Black Hat Europe 2019]
At the Black Hat security conference in London on Tuesday, German security consultancy SRLabs demonstrated a collection of problems in how RCS is implemented by both phone carriers and Google in modern Android phones. Those implementation flaws, the researchers say, could allow texts and calls to be intercepted, spoofed, or altered at will, in some cases by a hacker merely sitting on the same Wi-Fi network and using relatively simple tricks Read More
What's in a Botnet? Researchers Spy on Geost Operators [Black Hat Europe 2019]
García, Shirokova, and their fellow researcher María José Erquiaga, also of the Czech Technical University in Prague, presented their findings today at Black Hat Europe. Read More
Password-Cracking Teams Up in CrackQ Release [Black Hat Europe 2019]
Security services firm Trustwave has released an open source project aimed at companies that want to provide password-cracking as a service to their security teams and red teams, the company announced today at the Black Hat Europe conference. Read More
Cybersecurity Defenders: Channel Your Adversary's Mindset [Black Hat Europe 2019]
A clear theme Wednesday throughout the first day of the Black Hat Europe conference was the importance of approaching the design and defense of networks and systems by thinking like the enemy. Read More
SMS phishing: TapIt framework enables large-scale social engineering campaigns [Black Hat Europe 2019]
A framework for automating large-scale SMS phishing campaigns, including SMS tracking, web payloads, and credential harvesting, has been showcased at this year’s Black Hat Europe. Read More
Hack that lifts limits on contactless card payments debuts at Black Hat Europe 2019 [Black Hat Europe 2019]
During a presentation at the Black Hat Europe conference in London today (December 4) the researchers demonstrated for the first time how to bypass the UK £30 ($39) limit for contactless payments made using physical cards. Read More
Vulnerabilities In RCS Technology Exposes Android Users To Cyber Attacks Attribution link: https://latesthackingnews.com/2019/12/03/vulnerabilities-in-rcs-technology-exposes-android-users-to-cyber-attacks/ [Black Hat Europe 2019]
Presently, researchers have briefly hinted towards their findings. Whereas, they plan to reveal more about the RCS vulnerabilities in the upcoming Black Hat Europe 2019. Read More
15 Hot Sessions at Black Hat Europe 2019 [Black Hat Europe 2019]
Black Hat Europe returns this week to London. Now in its 18th year, the conference features 100 speakers and researchers delivering 15 in-depth technical training sessions and more than 40 briefings. Read More
Siemens Offers Workarounds for Newly Found PLC Vulnerability [Black Hat Europe 2019]
Ali Abbasi, a research scholar at Ruhr-University Bochum, doctoral student Tobias Scharnowski, and professor Thorsten Holz will present their findings this week in London at Black Hat Europe. The researchers alerted Siemen, which says it plans to fix the flaw. Read More
When Rogue Insiders Go to the Dark Web [Black Hat Europe 2019]
"In English-language forums, they tend to be a lot more cautious and suspicious," especially now that they are aware of researchers and law enforcement infiltrating their spaces, she says. And because law enforcement has been shuttering some of these forums over the past couple of years, it's harder to track where the rogue insiders go next, notes Wright, who will present some of IntSights' latest Dark Web findings at Black Hat Europe in London this week. Read More
RCS delivers new texting features—and old security vulnerabilities [Black Hat Europe 2019]
Since our original interview in November, Nohl has uncovered another method of intercepting RCS texts and calls that exploits how the messaging app validates the certificate. SR Labs plans to include this discovery in its Black Hat Europe presentation. Read More
20 TOP CYBERSECURITY TRAINING PROGRAMS [Black Hat Europe 2019]
Black Hat hosts multi-day labs in urban centers (like Las Vegas and Singapore) that are focused on topics like penetration testing and web application vulnerabilities. The professional organization for cybersecurity vendors and professionals has hosted those types of educational events for more than two decades. Read More
RCS messaging features may entice you, but its carrier implementation is reportedly not safe [Black Hat Europe 2019]
Though it seems to be a major security threat, for now, there is no evidence that hackers have done any such thing. Hopefully, researchers would reveal more information when they talk about the findings at the Black Hat Europe conference in December. Read More
Some carrier RCS implementations have security issues [Black Hat Europe 2019]
Full details will be revealed at the Black Hat Europe conference later this week, but the short version is that, while nothing is wrong with the base RCS standard, it is partly undefined, leaving certain details up to the carriers. It's those parts that are prone to security issues. Read More
RCS is being implemented dangerously, leaving users vulnerable to attack [Black Hat Europe 2019]
While SRLabs's full research is due to be presented at December's Black Hat Europe conference, the group has given a summary of its findings ahead of this. It found that RCS left users exposed to the risk of message interception, impersonation, tracking, and much more. Read More
New SMS Alternative ‘RCS Standard’ Is Exposing Users To Security Threats [Black Hat Europe 2019]
GSM told Vice that while they appreciate the efforts made by SLabs to the public the security issues; however, the research includes “no new, vulnerabilities” that the body wasn’t aware of. The SLabs researchers will report their findings in the Black Hat December conference in Europe. Read More
New Android Text Messaging Update ‘Exposes Most Users To Hacking’ [Black Hat Europe 2019]
The issues raised by SRLabs are more straightforward. And with RCS already being deployed in around 70 countries, it needs fixing quickly. The good news is that the major networks seem to be open to reviewing the research and adapting deployments.
SRLabs will present more of its findings at Black Hat Europe in December. Read More
The new RCS services are not all bed and roses: they hide serious security problems [Black Hat Europe 2019]
But there is more: according to Nohl it is indeed a scandal that important Telco companies such as Vodafone , AT&T, Verizon, Sprint and many others have embraced the RCS services without the consent of their users, obviously exposing them to such important security problems. Researchers Luca Melette and Sina Yazdanmehr will present all their findings during the Black Hat Europe conference this December, showing all the limitations discovered so far. Read More
Bad RCS implementations are creating big vulnerabilities, security researchers claim [Black Hat Europe 2019]
SRLabs will be presenting its findings at the Black Hat Europe conference in December, after showing off some of its work at the DeepSec conference today. Read More
Google’s RCS messaging could rival iMessage, but for now it’s a security nightmare [Black Hat Europe 2019]
The good news is that the GSMA and the carriers are aware of these issues, and fixes are probably on the way. The researchers will further explain their RCS findings at the Black Hat Europe conference next December. Read More
SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos [Black Hat Europe 2019]
SRLabs researchers Luca Melette and Sina Yazdanmehr will present their RCS findings at the upcoming Black Hat Europe conference in December, and discussed some of their work at security conference DeepSec on Friday Read More
The hidden reason why companies are struggling to secure cloud infrastructure [Black Hat Europe 2019]
In an upcoming talk for Black Hat Europe 2019 ("Inside Out: The Cloud Has Never Been So Close"), XM Cyber senior security researchers will outline a new approach to attacking cloud infrastructure. This technique illustrates the relationships between various identities, resources and policies, in the process identifying vulnerable choke points that require immediate remediation. Read More
New Free Emulator Challenges Apple's Control of iOS [Black Hat Europe 2019]
A security researcher at Black Hat Europe in London next week plans to release an open source low-level emulator that can run a version of Apple's mobile operating system. Read More
Researchers Explore How Mental Health Is Tracked Online [Black Hat Europe 2019]
Bendinelli and Frederike Kaltheuner, tech policy fellow with the Mozilla Foundation, will present more of these research findings at the Black Hat Europe 2019 conference in a briefing entitled "Is Your Mental Health for Sale?" Read More
Black Hat Europe Q&A: Unveiling the Underground World of Anti-Cheats [Black Hat Europe 2019]
Anti-cheat software safeguards countless online game players every year, but it’s not bulletproof. At Black Hat Europe in London next month attendees will learn firsthand where the chinks are in the armor of modern anti-cheat solutions Read More
Global Witness urges UK authorities to investigate links between illicit crypto exchanges and Russian security services [Black Hat USA 2019]
Thus, the FSB-Bilyuchenko case could further highlight the emerging trend os "infighting among Russian security services in the cyber sphere," a theme that headlined a briefing given by Kimberly Zenz, an American cyber-threat intelligence expert who focuses on Russia, at the 2019 Black Hat hacker conference in Las Vegas last August. Read More
Windows Hello for Business Opens Door to New Attack Vectors [Black Hat Europe 2019]
To learn more about how WHfB operates, Grafnetter has spent the past year studying the feature and the past two months doing a deep dive. He will present his findings at the upcoming Black Hat Europe show in a briefing entitled "Exploiting Windows Hello for Business." Read More
Undocumented Access Feature Exposes Siemens PLCs to Attacks [Black Hat Europe 2019]
Abbasi says they have reported their findings to Siemens in March and the company released an advisory this week to inform customers that it’s working on a solution. In the meantime, customers have been advised to ensure protection against physical access and apply defense-in-depth recommendations. The industrial giant told the researchers that it would remove the problematic access mode from PLCs.
The researchers plan on presenting their findings next month at the Black Hat Europe conference in London. Read More
Android users beware: 146 bugs found in preinstalled apps [Black Hat USA 2019]
In a Black Hat 2019 presentation, Google security researcher Maddie Stone said an Android device often has 100 to 400 preinstalled apps. If you're a malicious actor, Stone said in the presentation, you "only have to convince one company to include your app, rather than thousands of users." Read More
Officials warn about the dangers of using public USB charging stations [Black Hat USA 2019]
Across the years, several proofs-of-concept were created. The most notorious is Mactans, presented at the Black Hat 2013 security conference, which was a malicious USB wall charger that could deploy malware on iOS devices. Read More
Chinese Hackers Now Stealing Text Messages, Phone Records From Telecom Companies [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas, FireEye detailed how APT41 Chinese hackers broke into the production environment of a video gaming company, so as to manipulate the amount of virtual currency available to them. They are also using ransomware to shake down companies in exchange for cryptocurrency ransom payments. Read More
Researchers Find New Approach to Attacking Cloud Infrastructure [Black Hat Europe 2019]
At this year's Black Hat Europe, Gofman and Shani plan to demonstrate an alternative new approach to attacking cloud infrastructure in a talk titled "Inside Out — The Cloud Has Never Been So Close." Their methodology involves using a graph to show permission relationships between different entities, revealing risky choke points that need to be addressed and eliminated. Read More
Hidden access function detected in Siemens PLC [Black Hat Europe 2019]
Researchers reported the find of Siemens, now the company is working to eliminate the vulnerability. Experts will present detailed results of the study at the Black Hat Europe conference in December 2019. Read More
Black Hat Q&A: Hacking a '90s Sports Car [Black Hat Europe 2019]
Communicating with your car and building your own tools is easier than you think, and well worth the effort, says Stanislas Lejay who will be briefing attendees in London at Black Hat Europe next month on Unleashing the Power of My 20+ Years Old Car. It's a fun and fascinating look at Lejay's efforts to bypass the speed limiter (set at ~180 km/h) and still pass inspection. Read More
Siemens PLC Feature Can Be Exploited for Evil - and for Good [Black Hat Europe 2019]
The researchers built a tool that performs this forensic memory dump, which they will release at Black Hat Europe next month in London when they will present their research findings Read More
The CyberWire Daily Podcast, Wednesday, October 16, 2019 [Black Hat Europe 2019]
It's a great way to demonstrate that either you have the offensive capabilities or that you have the defense capabilities. The capture the flag scenarios and games that are being run at conferences like Black Hat and Defcon are serving several purposes. - See more at: https://thecyberwire.com/podcasts/cw-podcasts-daily-2019-10-16.html#.dpuf Read More
Developers' Code Reuse Security Conundrum: Cut, Paste, Fail [Black Hat Europe 2019]
That question was posed at the December 2018 Black Hat Europe in London. At the ending "locknote" panel discussion, an audience member asked Black Hat founder Jeff Moss if it was time to get tough on vendors that produce poor software, because the basics - including the Open Web Application Security Project's top 10 most critical application security risks - haven't changed fundamentally in years. Read More
Targeted threat intelligence and what your organization might be missing [Black Hat USA 2019]
In this Help Net Security podcast recorded at Black Hat USA 2019, Adam Darrah (Director of Intelligence), Mike Kirschner (Chief Operating Officer) and Christian Lees (Chief Technology Officer) from Vigilante, talk about how their global threat hunting and dark web cyber intelligence research team extends the reach of a company’s security resources, and lives within the underground community to remain ahead of emerging threats. Read More
Security pros need more and better visibility into their cloud networks [Black Hat USA 2019]
In this Help Net Security podcast, Kevin Sheu, VP Product Marketing and Marcus Hartwig, Senior Product Marketing Manager at Vectra AI, discuss the Vectra superhero survey from Black Hat USA 2019, which provides insight into the current cloud adoption and top-of-mind concerns of attendees. Read More
Cyber Insurance: You Get What You Pay For [Black Hat USA 2019]
These risks were highlighted recently by a study from mutual insurance giant FM Global, and summit helmed by cyber insurance experts at the annual Black Hat USA security conference in Las Vegas. Read More
This Has Been the Worst Year for iPhone Security Yet [Black Hat USA 2019]
Before Solnik’s Black Hat talk, Apple had yet to provide decrypted kernels to the public. Analysing the kernel is a key step to hacking the iPhone and to understanding how iOS really works under the hood. And these dev-fused iPhones, available on the gray market for four or five figures, are the perfect tool to do that. Read More
Week in review: Mass iPhone hacking, SSL VPNs under attack, SOC analysts overwhelmed [Black Hat USA 2019]
According to a survey of 476 IT security professionals at Black Hat USA 2019, nearly one in four (24%) said they would take company information to help apply for a position at a competitor. Read More
What’s changing in the cyber domain? We ask industry experts [Black Hat USA 2019]
Fifth Domain posed this question to cybersecurity experts at Black Hat, a cybersecurity conference in Las Vegas, Nevada, that ran from Aug. 3-8. With the cyber domain rapidly evolving, we wanted to know how conversations within the cyber community are changing. Read More
Google uncovers 2-year iPhone hack that was ‘sustained’ and ‘indiscriminate’ [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas earlier this month, Apple’s head of security engineering said the company will pay as much as $1.5 million for a “bug bounty” to any researcher who discovers iOS attack techniques and discreetly reports them to Apple. Read More
How the Cloud Security Alliance helps businesses identify and mitigate cybersecurity risks [Black Hat USA 2019]
At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with Cloud Security Alliance's John Yeoh about how implementing new technology leads to success. The following transcript has been edited for clarity purposes. Read More
How To Make $1 Million From Hacking: Meet Six Hacker Millionaires [Black Hat USA 2019]
If you need any more convincing that hacking can be a very profitable career path, then you only have to look at the Hacker Summer Camp this year. This is the name given to the week in August that sees both Black Hat USA and DEF CON hacker conferences happening in Las Vegas. Read More
Business VPN flaws exploited by hackers [Black Hat USA 2019]
Pulse Secure VPN and Fortinet's FortiGate VPN were targeted after flaws in both products were made public during a talk at this month's Black Hat security conference. Read More
Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs [Black Hat USA 2019]
Fixes exist for both: Pulse Secure released them in April and Fortinet in May, months before Devcore researchers Meh Chang and Orange Tsai shared their discovery with the audience at Black Hat USA 2019. Read More
Hackers are actively trying to steal passwords from two widely used VPNs [Black Hat USA 2019]
The vulnerabilities can be exploited by sending unpatched servers Web requests that contain a special sequence of characters, researchers at the Black Hat security conference in Las Vegas said earlier this month. Read More
Using deep learning and natural language understanding to protect enterprise communication [Black Hat USA 2019]
In this Help Net Security podcast recorded at Black Hat USA 2019, Dhananjay Sampath, CEO at Armorblox, talks about how they use natural language understanding and deep learning to automatically create and adapt policies, continuously measure risk exposure, and prevent attacks and data loss. Read More
Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs [Black Hat USA 2019]
But if this week started bad, it ended even worse. By Friday, attackers also started exploiting another set of vulnerabilities, also disclosed at a security conference -- but this time at Black Hat. Read More
SECURITY NEWS THIS WEEK: CRYPTOCURRENCY MINERS EXPOSE NUCLEAR PLANT TO INTERNET [Black Hat USA 2019]
While the cybersecurity world took a collective deep breath after the Black Hat and Defcon hacker conferences, there was still plenty of news to be had this week. Read More
How can the government improve its cyber posture? [Black Hat USA 2019]
Several industry experts interviewed by Fifth Domain at Black Hat USA, a cybersecurity conference held in Las Vegas, Nevada, from Aug. 3-8, expressed concern that government agencies don’t know what’s on their networks. Read More
4 takeaways from Black Hat 2019 [Black Hat USA 2019]
The Black Hat conference not only sheds light on the IT security issues currently plaguing organizations, but the emerging issues that will soon affect people and companies. At the latest Black Hat, held in the Mandalay Bay in Las Vegas in August, industry experts offered their insights on how cybercriminals are upping the ante and what IT security professionals can do to combat the constant and unyielding tide of attacks. Read More
The challenge of creating a 2,500 person security team [Black Hat USA 2019]
One of the major challenges is how to align, integrate and organise complimentary business units into single functions that operate across the new business. Matthew Gyde is the new CEO of NTT Security. At Black Hat 2019, in a very hot Las Vegas, he sat with Enterprise Times to talk through some of the challenges he and the new company face. Read More
HTTPS everywhere? Cloudflare planning improvements to middleware detection utility [Black Hat USA 2019]
At Black Hat USA earlier this month, Cloudflare’s Gabriele Fisher and Luke Valenta offered a deep dive into HTTPS interception practices, in which TLS-terminating middleboxes or middleware can be used to potentially snoop on internet users, or even steal private data. Read More
Aviation Faces Increasing Cybersecurity Scrutiny [Black Hat USA 2019]
Boeing pushed back hard on the research just prior to the presentation at Black Hat, saying its existing network defenses would thwart the attack cases Santamarta posed, and that an attacker could not reach its avionics systems via those attack methods. IOActive had been in contact with Boeing for months after the initial findings, holding weekly teleconferences. Read More
Yubikey 5Ci for iPhone, biometric attacks, and other odds and ends from Black Hat [Black Hat USA 2019]
I laid out my initial thoughts from Black Hat 2019 last week and also took a deeper look at Apple’s session around their new bug bounty program and research devices. Read More
Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson [Black Hat USA 2019]
In this week’s episode of the Podcast, # 156: we’re back at “hacker summer camp” in Las Vegas this week – also known as the Black Hat, B-Sides and DEF CON conferences, which bring tens of thousands of the world’s top security experts to the Las Vegas Strip. Read More
The Future of Cyber security: Putting the capital “C” in Community! [Black Hat USA 2019]
As you know, Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a variety of people interested in information security ranging from non-technical individuals, executives, hackers, and industry-leading security professionals. Read More
Black Hat 2019 brings out new security, protection offerings [Black Hat USA 2019]
The 22nd Black Hat conference in Las Vegas brought together a slew of vendors in network and data security with a variety of security offerings to pitch. Read More
KNOB turns up the heat on Bluetooth encryption, hotels leak guest info, city hands $1m to crook, and much, much more [Black Hat USA 2019]
Let's run through all the bits and bytes of security news beyond what we've already covered. Also, don't forget our articles from this year's Black Hat, DEF CON, and BSides Las Vegas conferences in the American desert. Read More
Post GandCrab, Cybercriminals Scouring the Dark Web for the Next Top Ransomware [Black Hat USA 2019]
Hi, everyone. I’m Lindsey O’Donnell with Threatpost and I’m here today at Black Hat USA 2019, here with Winnona DeSombre with Recorded Future. Winnona, how are you doing? Read More
Black Hat 2019: Building Communities of Women in Security [Black Hat USA 2019]
But also at Black Hat, I noted many initiatives and sessions to foster diversity in information security. One thing that surprised me was an on-site daycare offered this year where attendees could drop kids to attend sessions. Several other booths and groups along the floor were promoting women in infosec. As much as women are still few in number, there is movement and gains to increase their ranks in security. Read More
Black Hat USA 2019 Event Coverage | A Conversation With Kymberlee Price [Black Hat USA 2019]
Fortunately, both of these activities came together in a single setting during Black Hat, as Marco and I got to meet Kymberlee not only to discuss the micro summit, but to also hear about her journey in InfoSec and her role in establishing some of the best practices being leveraged by the industry for some time now—specifically via her work at Microsoft, at Bugcrowd, and Microsoft (again). Read More
Diverse Set of Security Innovators Converge at Black Hat 2019 [Black Hat USA 2019]
Black Hat 2019 has come and gone and I am still recovering from the sensory overload caused by the 19K+ attendees of this big conference amidst the backdrop of Las Vegas. My focus going into the conference was mainly on meeting startups… I was looking for something new – a solution that attacks the cyber problem from a new angle. Read More
Voyage’s driverless future, ghost work, B2B growth strategies, and Black Hat takeaways [Black Hat USA 2019]
In the autonomous vehicle space, startups have taken radically different strategies to building our AV future. Some companies like Waymo have driven all across different types of environments in order to rack up the datasets that they believe will be needed to effectively maneuver without a human driver. Read More
Last week at the Black Hat cybersecurity conference in Las Vegas, the Democratic National Committee tried to raise awareness of the dangers of AI-doctored videos by displaying a deepfaked video of DNC Chair Tom Perez. Deepfakes are videos that have been manipulated, using deep learning tools, to superimpose a person’s face onto a video of someone else. Read More
Apple’s Face ID Can Be Bypassed By Using A Pair Of Glasses &Tape [Black Hat USA 2019]
The details of the attack were explained on Black Hat USA 2019 which is an annual security conference. Researchers were able to get into the victim’s iPhone by using a modified pair of glasses. The glasses have a combination of white and black tape pasted on them and they call it the “X-glasses”- which you can see below Read More
Key Themes from Black Hat Conference 2019 [Black Hat USA 2019]
It hasn’t even been a week since Black Hat Conference 2019. Somehow, it seems like it’s been longer than that. Speaking from both the vendor and attendee perspective, it was a fantastic event overall. I managed to squeeze in a couple sessions, and I had the opportunity to speak to a variety of attendees and visit vendor booths on the show floor. After 4 days and nearly 50,000 steps—some of it in 100-plus degree heat outdoors—I’m back in Houston and back to the daily grind and I’ve had some time to reflect on the time in Las Vegas. Read More
Cause for alarm: Advice from a cyber summit [Black Hat USA 2019]
From phony iPhones preloaded with malware to election meddling and the rules of cyberwar, Black Hat USA 2019 wrapped up in Nevada last week with something for everyone to lie awake worrying about. Unlike most of us, Shawn Murray was there, with about 17,000 other infosec professionals. He’s a cybersecurity consultant with the Pikes Pea Read More
Apple sues Corellium for creating virtual copies of iOS [Black Hat USA 2019]
Apple also makes a point of highlighting its recent decision to give security researchers customized iPhones with fewer security barriers as to make it easier for serious exploits and bugs to be discovered. Ivan Krstic, Apple’s head of security and engineering, announced the new program at the Black Hat security conference earlier this month. Read More
GCU students log in to ‘hacker summer camp’ [Black Hat USA 2019]
The GCU student, whose IT emphasis is in cybersecurity, was just one of 52 Lopes who made their way to Vegas for, not just Defcon, but for Black Hat, the world’s largest IT event. The back-to-back IT security and hacker gatherings — together they’re dubbed “hacker summer camp” — attracted tens of thousands of cyber professionals and enthusiasts. Read More
News Wrap: DejaBlue Bugs and Biometrics Data Breaches [Black Hat USA 2019]
On the heels of Black Hat USA 2019 and DEF CON, Threatpost editors break down the biggest news of this past week ended Aug. 16, from Patch Tuesday craziness to publicly-exposed databases. Read More
Trend Micro fixes DLL hijacking vulnerability [Black Hat USA 2019]
Hot on the heels of Black Hat where security vendors spoke to audiences about their ability to protect against breaches, SafeBreach discovered a new vulnerability in Trend Micro Password Manager software that could have led to DLL hijacking, privilege escalation, and code execution attacks. Read More
7 Can’t-Miss Cybersecurity Lessons From Black Hat USA and Vegas Security Week [Black Hat USA 2019]
As Black Hat USA and DEF CON 2019 draw to a close, the security industry continues to buzz over events from the annual Las Vegas security week. Each year, nearly 20,000 security professionals, researchers and hackers convene on the Las Vegas strip for a week of cutting-edge security trainings, sessions and research. Black Hat and DEF CON sessions served up a shocking amount of internet of things (IoT) vulnerabilities and research on security best practices. Read More
APPLE SUES MOBILE DEVICE VIRTUALISATION FIRM CORELLIUM ALLEGING IT ‘ILLEGALLY REPLICATED’ IOS, APPS [Black Hat USA 2019]
Apple argues that Corellium’s iOS virtualisation product infringes on Apple's copyrights. The iPhone-maker says that Corellium has simply copied everything: the code, the graphical user interface, the icons -- all of it, in exacting detail. In fact, at the two-day Black Hat USA conference that concluded on August 8, Corellium emphasised that its “Apple product” is an exact copy of iOS, macrumours reported. Read More
Hackers Stole Over $4 Billion From Crypto Crimes In 2019 So Far, Up From $1.7 Billion In All Of 2018 [Black Hat USA 2019]
As we’ve seen so many times again—most recently with the latest massive data breaches (Equifax, Capital One…), and the new exploits revealed at the Black Hat and DefCon hacking conferences — the Cloud is far from being the most secure place to store your data, even less your hard-earned money, especially in digital form. Read More
Software Vulnerabilities in the Boeing 787 [Black Hat USA 2019]
At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called electronic flight bag, a collection of navigation documents and manuals used by pilots. Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane’s network. An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane’s safety-critical systems, including its engine, brakes, and sensors. Boeing maintains that other security barriers in the 787’s network architecture would make that progression impossible. Read More
Apple sues mobile device virtualization company Corellium for selling iOS clones [Black Hat USA 2019]
What just happened? At the Black Hat Conference earlier this month, a small startup called Corellium showcased a tool that is claimed to provide customers access to virtual iOS devices inside a web browser. Apple has sued for damages and asked for an immediate ban on the sale of Corellium's product. The iPhone maker argues the tool is an "unlawful commercialization of Apple's valuable copyrighted works," or in other words an exact replica of iOS down to the underlying code. Read More
Apple’s Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market [Black Hat USA 2019]
These announcements, made to much fanfare at the Black Hat security conference in Las Vegas, were met with delight and enthusiasm by the jailbreaking and iOS hacking community, who saw this as a “historic moment” for the security of iPhones all over the world. Read More
Black Hat USA 2019 Event Coverage | A Conversation With Stephanie “Snow” Carruthers [Black Hat USA 2019]
Next time you think that a social engineer is a social media expert or a criminal of some sort, do me a favor and look at yourself in the mirror — chances are you won't see either. One thing that you will see is a social engineer; all humans are social engineers—it is in our nature, and we are damn good at it. Read More
Cybersecurity conference attendees possibly exposed to IRL virus [Black Hat USA 2019]
Hackers and cybersecurity researchers who attended this year's annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in Vegas over the course of the conference may have been exposed to measles. Read More
Aug 16, 2019 |
[Black Hat USA 2019]
Hackers and cybersecurity researchers who attended this year's annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in Vegas over the course of the conference may have been exposed to measles. Read More
But also at Black Hat, I noted many initiatives and sessions to foster diversity in information security. One thing that surprised me was an on-site daycare offered this year where attendees could drop kids to attend sessions. Several other booths and groups along the floor were promoting women in infosec. As much as women are still few in number, [Black Hat USA 2019]
Black Hat and Def Con came and went as quickly as it ever does. The week-long pair of back-to-back conferences, referred to as “hacker summer camp,” draws in the security crowd from across the world onto Las Vegas, where startups tout their technologies as hackers and researchers reveal their findings. Read More
MASS MARKET VS. TARGETED MARKETING: TECHNIQUES AND TECHNOLOGY BEHIND THESE TWO STRATEGIE [Black Hat USA 2019]
One of the takeaways from the recently released report, Mimecast Threat Intelligence Report: Black Hat Edition 2019, is that some attackers use more simplistic attack strategies that are broadly deployed, whereas other attackers use more complex and sophisticated strategies that are deployed much more narrowly. The data for this report came from three months of analysis from Mimecast’s processing of nearly 160 billion emails on behalf of our customers. Not a small sample! Read More
Apple Files Lawsuit Against Virtualization Company Corellium for Illegally Replicating iOS and Apple Apps [Black Hat USA 2019]
Corellium's product creates digital replicas of iOS, iTunes, and user interface elements available on a web-based platform or a custom platform built by Corellium. It is designed to create virtual iOS devices for the purpose of running iOS, and at the recent Black Hat USA conference, Corellium emphasized that its "Apple product" is an exact copy of iOS, able to allow researchers and hackers to find and test vulnerabilities. Read More
How to limit the impact of data breaches [Black Hat USA 2019]
At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Wendi Whitmore about how to defend against and respond to data breaches.The following is an edited transcript of the interview. Read More
5 Things to Know About Cyber Insurance [Black Hat USA 2019]
After years of trying, Risk Based Security CISO Jake Kouns finally managed to get cyber insurance the attention he thinks it deserves. He had been submitting ideas for insurance-related talks for the annual Black Hat USA event since 2012 - and had been rejected four times. But at last week's Black Hat in Las Vegas, he led one of the sessions during a dedicated micro summit about cyber insurance. Read More
What security pros need to know from Black Hat & Def Con 2019 [Black Hat USA 2019]
Black Hat and Def Con came and went as quickly as it ever does. The week-long pair of back-to-back conferences, referred to as “hacker summer camp,” draws in the security crowd from across the world onto Las Vegas, where startups tout their technologies as hackers and researchers reveal their findings. Read More
How to prevent data destruction from cybersecurity attacks [Black Hat USA 2019]
At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Global Remediation Lead Christopher Scott about how cyberattackers get into environments, and why using multifactor authentication is crucial if you use an online service. The following is an edited transcript of the interview. Read More
The Best Of Black Hat And DEF CON 2019 | Avast [Black Hat USA 2019]
If you didn’t go to the Black Hat or DEF CON cybersecurity conferences last week in Las Vegas, we’ve got a quick summary of some of the best stories, presentations, social media, and just plain weirdness. Read More
Falha no WhatsApp permite alterar a resposta de mensagens citadas [Black Hat USA 2019]
Durante uma apresentação realizada na conferência Black Hat, na semana passada, em Las Vegas (EUA), os pesquisadores, Dikla Barda, Roman Zaikin e Oded Vanunu, apresentaram uma ferramenta usada como prova de conceito. Read More
Not anymore. At the recent Black Hat security conference in Las Vegas, Ivan Krstić, Apple's head of security engineering and architecture, announced an overhaul of Apple’s bug bounty program that massively sweetens the payouts—the top award will jump from $200,000 to $1 million—and also opens it up to all researchers. Read More
The cost of replacing paperless voting machines [Black Hat USA 2019]
RED TEAM > BLUE TEAM — Nearly 70 percent of IT pros consider red team hackers more effective than the blue teams trying to stop them, Exabeam reported in a survey out today. More than one-third of those defensive teams fail to halt the red teams, the pros said in a survey conducted at Black Hat. Overall, 72 percent said their organizations perform red team tests, while 60 percent practice blue team. Read More
Defeating Apple's Faceid's proof-of-life by putting tape over glasses' lenses [Black Hat USA 2019]
Researchers from Tencent demo'ed the attack at Black Hat last week and used it to unlock a phone and approve a cash transfer from the owner's Apple Pay account to their own. Read More
IBM's Wendi Whitmore explains why a data breach isn't a one-time cost and recommends cost-saving tips, which include having access to an incident response team. [Black Hat USA 2019]
At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Wendi Whitmore about why a data breach isn't a one-time cost and recommends cost-saving tips, The following is an edited transcript of the interview. Read More
Hackers Stole Over $4 Billion From Crypto Crimes In 2019 So Far, Up From $1.7 Billion In All Of 2018 [Black Hat USA 2019]
As we've seen so many times again—most recently with the latest massive data breaches (Equifax, Capital One...), and the new exploits revealed at the Black Hat and DefCon hacking conferences— the Cloud is far from being the most secure place to store your data, even less your hard-earned money, especially in digital form. Read More
68% of Companies Say Red Teaming Beats Blue Teaming [Black Hat USA 2019]
A survey conducted by Exabeam at Black Hat USA 2019 found red teams, which are made up of internal or hired security experts who imitate cybercriminals' behavior to test a business' security defenses, are also more popular. Seventy-two percent of respondents conduct red team exercises, with 23% performing them monthly, 17% quarterly, 17% annually, and 15% biannually. Read More
Cybersecurity Roundup: Black Hat USA 2019 Edition [Black Hat USA 2019]
Last week’s Black Hat USA 2019 conference in Las Vegas drew record attendance and highlighted the latest hot topics in the fight against cybercriminals. Read More
Apple to offer up to $1.5 million to hackers who find flaws and report them to the company [Black Hat USA 2019]
At a recent Black Hat security conference in Las Vegas, the tech giant took the opportunity to announce that it’s raising its reward to ethical hackers who uncover and disclose problematic susceptibilities directly to the company. Read More
Apple Offers $1 Million to Anyone Who Can Break into iPhone [Black Hat USA 2019]
The Black Hat conference is attended by many security researchers who attempt to hack the computer systems of companies and governments. The researchers seek security weaknesses that need to be fixed to prevent outside attackers from breaking into systems and devices. Read More
Huge Survey of Firmware Finds No Security Gains in 15 Years [Black Hat USA 2019]
Zatko presented the findings of CITL’s extensive study in Las Vegas on Friday on the sidelines of the Black Hat and DEF CON conferences at an event hosted by The Hewlett Foundation. CITL was started by Sarah and her husband Peiter (aka “Mudge”) Zatko. It bills itself as a kind of “Consumer Reports” for cyber security, partnering with that organization as well as The Ford Foundation, The Digital Standard and online payments firm Stripe. Read More
Apple reveals special new iPhones for security researchers [Black Hat USA 2019]
Apple is planning to supply special iPhones to security researchers next year to help them find security flaws in iOS. The devices will be made available to researchers that report bugs through the company’s invitation-only bug bounty program for iOS. Apple first launched this bug bounty program three years ago at the Black Hat conference, and it’s now extending its use at the same conference today to cover macOS, Apple Watch, Apple TV, and more. Read More
New Vulnerabilities Can Alter Your WhatsApp Messages [Black Hat USA 2019]
WhatsApp, a popular instant messaging platform now owned by Facebook with over 1.5 billion users across the globe has a major vulnerability that has not been fixed completely so far. The vulnerability was discovered by researchers at Check Point and was made public in Black Hat 2019, an annual Black Hat security conference. Read More
Black Hat, DEF CON, And BSides 2019: Highlights And Emerging Industry Trends [Black Hat USA 2019]
As Hacker Summer Camp comes to a close, we sat down with a few friends in the security space to discuss the major highlights from Black Hat, DEF CON, and BSides and what have emerged as the latest industry trends over the past week. Read More
Black Hat 2019: Investment, Interest in AI for Security Ramps Up [Black Hat USA 2019]
An emphasis on AI was clear at this year’s Black Hat event in Las Vegas, where several vendors were promoting platforms that leverage AI and machine learning capabilities to address threat detection. Read More
TikTok Scammers Cash In On Adult Dating, Impersonation Tricks [Black Hat USA 2019]
LO: I’m good just coming off of Black Hat craziness, so a little tired. So Tenable on the kind of outskirts of Black Hat has come out with some new research today about several popular scams that are taking a hold of the popular video platform TikTok, which is very prevalent. I mean, it’s the number one app for App Store downloads and the number three download overall in terms of apps. So with that kind of success, obviously comes security issues, as we’ve seen in the past with other apps and social media platforms. So Satnam, can you give us some context about TikTok, what do we need to know about the social platform as it relates to the attacks that you’ve outlined in your research? Read More
NEW TECH: Trend Micro inserts ‘X’ factor into ‘EDR’ – endpoint detection and response [Black Hat USA 2019]
With all the talk of escalating cyber warfare, the spread of counterfeit smartphones and new forms of self-replicating malware, I came away from Black Hat USA 2019 (my 15th) marveling, once more, at the panache of modern cyber criminals. Read More
Black Hat Recap: Automation is Key to Managing Threats and Scaling the Future of Security (Video) [Black Hat USA 2019]
Another Black Hat USA is in the books, and anyone leaving the festivities feeling apprehensive about the state of security seems well justified. Read More
Meet FumbleChain, the Deliberately Flawed Blockchain [Black Hat USA 2019]
Demonstrated for the first time last Thursday at the Black Hat infosec event, the deliberately flawed technology is meant to act as an educational tool for crypto developers. Read More
Thoughts from Defcon 27 – This is why I do what I do [Black Hat USA 2019]
Every year, thousands of security professionals descend upon Las Vegas to take part in a series of conferences known as Hacker Summer Camp. This year, Black Hat, BSides Las Vegas, Defcon 27 and the Diana Initiative took up the majority of the conference space. So, what makes this one of the most relevant and successful security conferences? Read More
Apple’s New Bug Bounty Is a ‘Historical Moment’ For the iPhone’s Security [Black Hat USA 2019]
The company’s head of security engineering Ivan Krstic made these announcements at the Black Hat security conference on Thursday of last week. What he didn’t say is that this is a major win not only for iOS hackers and jailbreakers, but also for users—and ultimately even for Apple. Read More
Qualys Has a Prescription for Better Cybersecurity [Black Hat USA 2019]
One of the first things I saw when I arrived in Las Vegas for Black Hat—aside from the flashing lights of the banks of slot machines and the large neon “Welcome to Las Vegas” sign in the airport terminal—was an ad on the wall for Qualys. The ad shows a red and white pill with the Qualys logo, accompanied by the tagline “A New Prescription for Security and It’s Free.” Read More
Apple finally expands bug bounty program, talks about research devices at Black Hat [Black Hat USA 2019]
On the last day of Black Hat 2019, I attended an interesting session where Apple provided a peek behind the curtain on macOS and iOS security, as well as finally announced an expansion to Apple’s bug bounty program and its new iOS Security Research Devices. Read More
Threat hunting, attribution and identifying what motives threat actors [Black Hat USA 2019]
Jaime Blasco is the AVP Product Development at Alien Labs, part of AT&T Cybersecurity. At Black Hat 2019, Jaime sat down with Enterprise Times to talk about threat intelligence. It’s a subject that is high on a lot of organisations agenda. The problem, is that many organisations don’t know what to do with it. They are overwhelmed by the intelligence they gather and when they try and DIY, they lack the tools. But when they go to many vendors, what they get are a series of alerts which often lack an actionable element. Read More
Millions of Android phones at risk of shipping with malware pre-installed [Black Hat USA 2019]
Millions of Android phones are at risk of shipping with malicious pre-installed apps, a recent report from Black Hat has uncovered. The findings were presented by Maddie Stone, a former employee of Android Security and current member of the Project Zero team, who revealed that it’s near-impossible to protect your device against the flaw. Read More
Last week, a number of nCipher employees attended the 2019 Black Hat USA conference. The booth, which saw around 1,000 visitors, was home to a mix of activity. Read More
New Switch Vulnerability Discovered by Nozomi Networks Labs [Black Hat USA 2019]
Nozomi Networks Labs responsibly disclosed the security issue to Siemens CERT and CISA. This effort is part of ongoing research conducted by Nozomi Networks Labs to test common devices for vulnerabilities. For example, the Labs team recently presented its research on securing intelligent electronic devices (IEDs) using the IEC 62351-7 Standard for Monitoring at BlackHat 2019. While doing this analysis, we discovered a previously unknown device vulnerability. Read More
Optimizing the patch management process [Black Hat USA 2019]
In this podcast recorded at Black Hat USA 2019, Jimmy Graham, Senior Director of Product Management at Qualys, discusses the importance of a tailored patch management process. Read More
Forscher manipulieren Inhalt und Absender von WhatsApp-Nachrichten [Black Hat USA 2019]
Auf der diesjährigen Black-Hat-Konferenz demonstrierte ein Forscherteam live, dass Angreifer unter bestimmten Voraussetzungen Inhalt und Absender per WhatsApp verschickter Kurznachrichten auf verschiedene Arten verändern könnten. Read More
‘Bug bounty’: Apple to pay hackers more than $1m to find security flaws | Technology [Black Hat USA 2019]
Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas. Read More
Pre-installed apps in 7 million Android devices found containing malware [Black Hat USA 2019]
At the Black Hat cybersecurity conference in Las Vegas, Maddie Stone, a security researcher on Project Zero and who previously served as Senior Reverse Engineer & Tech Lead on Android Security team, revealed that her team discovered three instances of Android malware being pre-installed in budget Android phones in the recent past. Read More
Black Hat 2019 brings out new security, protection offerings [Black Hat USA 2019]
At the 22nd annual Black Hat conference in Las Vegas for computer security consulting, training and briefing, industry experts came together from Aug. 3 to 8 to discuss emerging threats in cybersecurity, such as new attack methods and critical vulnerabilities across various industries. The conference also served as the birthplace for many potential answers to the security issues highlighted. Vendors in security and networking used Black Hat as an opportunity to unveil their newest products and services to the tens of thousands of attendees that ranged from executives and security professionals to small-business owners to individuals with an interest in the cybersecurity world. Read More
Car Makers Befriend Hackers to Learn About Cyber Vulnerabilities [Black Hat USA 2019]
Known for its sprawling resorts and casinos, Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference. Read More
The team presented their findings at the recent Black Hat USA conference in Las Vegas, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7. Read More
Zero-trust in a cloud-native world: Best practices emerge [Black Hat USA 2019]
How the industry should update zero-trust in today’s cloud-native computing world is the question I hoped to answer at this year’s Black Hat USA conference in Las Vegas. To this end, I whittled the list of vendor PR pitches down to four from companies that were breaking the zero-trust mold. Read More
Millions of New Android Phones Sold With Preinstalled Malware [Black Hat USA 2019]
Stone shared her team’s findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file. Read More
"Apple Is Offering A $1 Million Reward For Anyone Who Can Hack An iPhone " [Black Hat USA 2019]
Ivan Krstić — the Head of Security Engineering and Architecture at Apple — announced the bug bounty at Black Hat. And Apple is also launching a bug bounty program for Macs, watchOS, and Apple TV. Apple will also give developer devices to bug bounty participants. Read More
What government can do to keep its cyber workforce [Black Hat USA 2019]
“They have to value these people, and I don’t know that they’re fully valued,” said Greg Conti, current senior security strategist at IronNet, former director of the Army Cyber Institute and a senior cyber warfare adviser to U.S. Cyber Command, in an Aug. 8 interview at Black Hat 2019, held in the Mandalay Bay Resort & Casino. Read More
Leaked Dreamliner Code Reveals “Startling” Vulnerabilities [Black Hat USA 2019]
A cybersecurity researcher has offered a presentation on exploitable bugs he discovered in the code used in Boeing Dreamliner aircraft this week at the Black Hat cybersecurity conference in Las Vegas. Ruben Santamarta says he was surprised to find the code used in Boeing’s 737 and 787 aircraft readily available online, but he was even more shocked to find flaws in the software which could allow hackers to take control of some of the Dreamliner’s systems. Read More
Google Researchers Say Android Malware Could Come Pre-Installed on Devices [Black Hat USA 2019]
"In a talk called “Securing The System” at last week’s Black Hat cybersecurity conference, Google researcher Maddie Stone outlined how pre-installed applications are exploited to run malware without the user’s knowledge. This security vulnerability is especially acute for Android’s open-source operating system, which is a favorite for low-budget Android device-makers. Typically, an Android device has about 100-400 pre-installed applications (don’t confuse them with the other sense of the word apps—not all of them have icons on your home screen). Since these apps are pre-installed, anti-virus software does not detect them if they behave maliciously, and they can never be entirely deleted from the device, only deactivated. Read More
"Hackers can Change the Messages received on WhatsApp" [Black Hat USA 2019]
"An annual Black Hat security conference was held on 7th August in Las Vegas. At conference Israeli Security Company, Check Point disclosed the WhatsApp's vulnerability that let hackers change the message and also modify the sender’s identity. Read More
BGP Hijackings Take on New Meaning in Cybersecurity Climate [Black Hat USA 2019]
The Border Gateway Protocol is vulnerable to malicious actors -- and as of right now, little can be done about it from a security perspective, although there have been attempts to make it more reliable. Despite the apparent risk, last week's Black Hat and Def Con events didn't have one session that mentioned BGP hijackings. Read More
Black Hat 2019: The Promise of 5G Also Brings Security Concerns [Black Hat USA 2019]
While several large cities in the US are rolling out 5G networks, before we get to a world with the widespread use of 5G, a lot obviously needs to be worked out with the security around it too. Hailed initially as an ultra-secure protocol, one session at Black Hat proved that to be far from true. Read More
Microsoft opens security lab to test vulnerabilities [Black Hat USA 2019]
Microsoft has introduced the Azure Security Lab — a dedicated customer-safe Cloud environment, at the Black Hat USA 2019 conference. The Azure Security Lab is a set of dedicated Cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. Read More
Hacking my airplane – BlackHat edition [Black Hat USA 2019]
Until it did. Here at BlackHat a while back we got to see videos of vehicles swerving out of control following a hack. Thankfully, the automotive industry came to terms with the hacking reality, and (some) even sponsored hacking opportunities like the automotive hacking village here at DefCon later in the week. It was a very positive turn of events. By engaging the hacker culture in a more open way, automobile technology started to get better at defending against hacks, which helps to keep us all safe. Read More
What I learned at the Black Hat USA 2019 Conference [Black Hat USA 2019]
The phrase ‘black hat’ refers to a hacker with criminal intentions, so I expected my first trip to the Black Hat USA conference held in Las Vegas this year to give me exposure to the shady underbelly of the cybersecurity world. Read More
Apple offers $1 million Bug Bounty to hack its iPhone [Black Hat USA 2019]
Speaking at the Black Hat technology security conference in Las Vegas, Krstic stated that the company is also going to reward another $500,000 (£415,500) to those who can find a Network Attack or any other technical flaws in its devices, making it more lucrative to security researchers. Read More
Apple Will Give You $1 Million if You Can Do This 1 Thing (and Why It's Happy to Do So) [Black Hat USA 2019]
"Apple's bug-bounty program has been around since 2016, but the company just upped the ante last week during the Black Hat cybersecurity conference in Las Vegas. Of course, in order to get paid, you have to show that you're able to gain remote access to the core functionality of iOS without the device's owner doing anything at all. Read More
2019 Pwnie Award Winners (And Those Who Wish They Weren't) [Black Hat USA 2019]
The awards ceremony, held at the Black Hat USA security conference, bears little resemblance to the Oscars, Grammys, Emmys, or pretty much any other awards show. There's no glitz or glamour. The dress code is strictly informal; shorts and T-shirt are perfectly acceptable sartorial choices. Judges lightheartedly B-box and/or thigh-slap the drumrolls, and the awards themselves recognize not just excellence in the field of information security, but also the more dubious distinctions and epic fails. Read More
Building a Culture of Security: 73 articles Summarizing Black Hat USA 2019 [Black Hat USA 2019]
If there was a common theme at the 2019 Black Hat USA conference in Las Vegas, it may well have been security culture. Culture emerged in some of the most prominent sessions and talks, including, notably, a keynote address by Dai Zovi and a session presented by Equifax CISO Jamil Farshchi. Read More
Fake news doesn’t (always) fool mice [Black Hat USA 2019]
Still, the ability of mice to recognize real vs. fake phonetic construction can come in handy for sniffing out deep fakes. According to researchers at the University of Oregon’s Institute of Neuroscience, who presented their findings during a presentation at the Black Hat security conference last Wednesday (7 August), recent work has shown that “the auditory system of mice resembles closely that of humans in the ability to recognize many complex sound groups.” Read More
Google Finds Phishing Success Based on Targeted Nature, Evolving Variants [Black Hat USA 2019]
Presented at Black Hat last week, the report showed that Google blocks more than 100 million phishing emails every day. Google Safe Browsing protects about 4 billion devices from phishing and other malicious sites. Read More
Apple Is Offering A $1 Million Reward For Anyone Who Can Hack An iPhone [Black Hat USA 2019]
Apple is providing a reward of up to $1 million for hackers who can break into an iPhone and inform the company about how it was done. Apple announced the massive bug bounty at the annual Black Hat hacker convention in Las Vegas last week. This is Apple’s largest-ever bug bounty and it is five times bigger than its previous largest payout. Read More
Cyber insurance policies currently fetch a surprisingly low premium, as TechTarget notes from discussions it heard at Black Hat. The low cost is a supply-side phenomenon: a lot of insurers are working to get into the market, and they're competing on price. But the low premiums being charged probably mean that the underwriters are still working without the actuarial data and models they need to be fully comfortable with the risk they're accepting in transfer from their customers. Expect prices to change as the actuaries catch up with the consequences of cyber incidents. Read More
"More on the UN Security Council’s report on North Korean state-sponsored cyber crime. PsiXBot evolves. BITTER APT probes Chinese government networks in an apparent espionage campaign. A study looks at the state of spearphishing. It’s not just the three-letter agencies out securing US voting systems; it’s the four-letter agencies who are taking point. And a last look back at Black Hat and Def Con. Jonathan Katz from UMD on Apple’s clever new cryptographic protocol. Guest is Mike Overly from Foley and Lardner LLP on the House’s hold on the State Department’s proposal for a Bureau of Cyberspace Securities and Emerging Technologies. Read More
Hack in the box: Hacking into companies with “warshipping” [Black Hat USA 2019]
Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque. At the Black Hat security conference here last week, Ars got a close look at the hardware that has weaponized cardboard. Read More
Don't Fear DevOps: Black Hat 2019 [Black Hat USA 2019]
BLACK HAT 23, LAS VEGAS — During his keynote at the Black Hat security conference last Wednesday, Dino Dai Zovi, Staff Security Engineer at Square, challenged the audience to fully immerse themselves in DevOps in order to support today's pace of web- and cloud-based business. Read More
Una blockchain vulnerable para aprender sobre las trampas de seguridad [Black Hat USA 2019]
Un ejemplo de ello es el proyecto, Hack the Block! FumbleChain, desarrollado por la compañía Kudelski, el cual fue lanzado durante la conferencia de Black Hat, evento realizado en Las Vegas, Estados Unidos del 3 al 8 de agosto. Read More
WhatsApp Flaw Lets Hackers Alter Your Chats [Black Hat USA 2019]
During a recent Black Hat security conference held in Las Vegas, it has been revealed by the researchers that there are several WhatsApp flaws in which it would allow chat messages to be altered. This means that in theory, a hacker could take a message and change its contents to make it seem like a completely different message. Read More
Apple Offering Insane Payday for This Type of Bug [Black Hat USA 2019]
At this year’s edition of the Black Hat security conference in Las Vegas, Ivan Krstic, Apple’s head of security engineering and architecture, told the audience (and the world at large) that Apple would give that million-dollar payday to anyone who discovered a remote attack that allowed an attacker to gain total control of a user’s iPhone without that user doing anything to help. Read More
Researchers Use Tape and Glasses to Spoof Face ID Liveness Detection [Black Hat USA 2019]
The technique is effective because the Face ID algorithm does not make a complete scan when the user is wearing glasses. Tencent’s researchers were able to use the “X-Glasses” to unlock someone’s phone and authorize a financial transaction, and presented their findings at the recent Black Hat conference in Las Vegas. Read More
Hackers Go Pro, Seeking Bounties for Bugs [Black Hat USA 2019]
LAS VEGAS—Finding fundamental flaws in software used to be a shady business. Companies often mistrusted the researchers who brought bugs to their attention, dealing with them at arm’s length, if at all. Read More
WiFi can be a free-for-all for hackers. Heres how to stop them from taking your data [Black Hat USA 2019]
LAS VEGAS — The connectivity at Black Hat and DEF CON is not where you want to gamble. Both conferences attract thousands of information-security professionals, some of whom will snoop around networks here. Read More
HACKERS ARE ROASTING A TERRIBLE SPONSORED TALK AT BLACK HAT [Black Hat USA 2019]
Cybersecurity experts at the Black Hat security conference in Las Vegas last week ridiculed a bizarre, sponsored presentation by a company called Crown Sterling to the point that its materials got taken off of the conference website. Read More
Google Hackers Found 10 Ways to Hack an iPhone Without Touching It [Black Hat USA 2019]
Project Zero has returned with a new report by researcher Natalie Silvanovich highlighting 10 new ways that the iPhone can be covertly compromised by hackers. Silvanovich and fellow Project Zero researcher Samuel Groß revealed the flaws last week at the Black Hat hacking and security conference in Las Vegas. Read More
Tencent Researchers Beat Face ID Liveness Detection with Glasses and Tape [Black Hat USA 2019]
The technique is effective because the Face ID algorithm does not make a complete scan when the user is wearing glasses. Tencent’s researchers were able to use the “X-Glasses” to unlock someone’s phone and authorize a financial transaction, and presented their findings at the recent Black Hat conference in Las Vegas. Read More
Black Hat 2019 Recap: Transformation & the New Cybersecurity Culture [Black Hat USA 2019]
As the security industry finally leaves Las Vegas after a full week of Black Hat, Defcon, and Bsides, we wanted to set aside some time to take stock and think about all the trainings, presentations, research, and conversations during our week in the desert. One of the overarching takeaways that was cemented by Dino Dai Zovi’s keynote is the critical need for security to become embedded in our culture. Read More
TAU and TechnionResearchers Hack One of World's Most Secure PLCs [Black Hat USA 2019]
The team is slated to present their findings at Black Hat USA week in Las Vegas this month, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7. Read More
Black Hat 2019: Can Products Make Up Security Talent Shortfall? [Black Hat USA 2019]
At this year’s Black Hat event in Las Vegas, several vendors in the talent and training space introduced new concepts and ideas for addressing the so-called skills gap that's leaving roles in security departments empty. Read More
Black Hat 2019: Investment, Interest in AI for Security Ramps Up [Black Hat USA 2019]
An emphasis on AI was clear at this year’s Black Hat event in Las Vegas, where several vendors were promoting platforms that leverage AI and machine learning capabilities to address threat detection. Read More
GDPR privacy can be defeated using right of access requests [Black Hat USA 2019]
In his session entitled GDPArrrrr: Using Privacy Laws to Steal Identities at this week’s Black Hat show, Pavur documents how he decided to see how easy it would be to use right of access requests to ‘steal’ the personal data of his fiancée (with her permission). Read More
Apple will hand out unlocked iPhones to vetted researchers [Black Hat USA 2019]
Well, here’s some good news for a select group of researchers: at the Black Hat 2019 security conference on Thursday, Apple’s head of security, Ivan Krstic, unveiled a new program through which the company is offering some form of pre-dev iPhones, specifically for security researchers. Read More
PHISHERS PLAY ON EMOTIONS TO FOOL VICTIMS [Black Hat USA 2019]
The researchers presented their results at the Black Hat USA conference here, and in addition to the findings on emotional responses, they found that targeted phishing is more common and effective than bulk campaigns. The massive phishing spam runs pushing pharmaceuticals, lottery scams, and gift cards are still out there, but those emails rarely make it into users’ inboxes these days, thanks to better detection methods. The ones that present the clear and present danger to most people are the spear phishing or boutique phishing campaigns. Spear phishing targets a handful of individual people or organizations and boutique campaigns go after a few dozen companies or people. Google’s numbers show that enterprises are 4.8 times more likely to be targeted by phishing campaigns than any other group. Read More
5 Biggest Cybersecurity Updates From Black Hat 2019 You Should Know [Black Hat USA 2019]
The biggest event for hackers concluded in Las Vegas last week. During the conference, there were many revelations that threw light on the cybersecurity space and some of them were shocking enough to get all the eyes. Here are the top updates that came out of Black Hat conference that you need to know about: Read More
1. Black Hat 2019 and 2020: The Black Hat 2020 cybersecurity conference dates and location are now confirmed. Track all of our Black Hat conference news and analysis here. Special thanks to the more than 30 executives and companies with whom we met at last week’s event. We’ll be sharing more event thoughts soon. Read More
Black Hat 2019: Learning about the latest in authentication, workspaces, and security [Black Hat USA 2019]
Black Hat 2019 felt like a blur to me as I ran from meeting to session to meeting (while still finding time for the business hall). I sat down with over a half dozen vendors, some old and new to me, and attended several interesting sessions. Read More
Why cyber insurance policies are so 'ridiculously cheap' [Black Hat USA 2019]
The cyber insurance market is growing rapidly and policies are incredibly inexpensive -- but experts at Black Hat 2019 had concerns about those low prices. Read More
Google flags preinstalled malware as hidden threat on millions of Android phones [Black Hat USA 2019]
Stone shared her team’s findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file. Read More
Black Hat 2019: Election security gets top billing at Black Hat, Def Con [Black Hat USA 2019]
LAS VEGAS — With the U.S. still dealing with the fallout of the 2016 presidential election, and with the 2020 vote just 15 months away, the state of election security was top of mind at the Black Hat and Def Con security conferences last week. Read More
Microsoft Azure Security Lab will Offer Cybersecurity Researchers a New Guinea Pig [Black Hat USA 2019]
Microsoft has introduced the Azure Security Lab -- a dedicated customer-safe Cloud environment, at the Black Hat USA 2019 conference which convened here this week. The Azure Security Lab is a set of dedicated Cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers, according to Microsoft, Xinhua news agency reported. Read More
Automakers' vulnerabilities on display at hackers convention in Vegas [Black Hat USA 2019]
Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference. Read More
Black Hat 2019 News Wrap: The Best and Worst of the Show [Black Hat USA 2019]
Threatpost breaks down the highs and lows from Black Hat 2019, from new vulnerabilities and industry collaboration to a scandal around a sponsored session. Read More
Bug bounty': Apple to pay hackers more than $1m to find security flaws [Black Hat USA 2019]
Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas. Read More
https://www.smbnation.com/big-data-analytics/2938-black-hat-the-cyber-shell-game-war-information-warfare-and-the-darkening-web [Black Hat USA 2019]
Alexander Klimburg’s speech at Black Hat was well received and combined hacking, security and geopolitical topics. In this 1:1 interview after his presentation, Klimburg shares the six stages of cyber warfare and much more. Read More
'Bug bounty': Apple to pay hackers more than $1m to find security flaws [Black Hat USA 2019]
Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas. Read More
Researcher Breaches iPhone by Sending an iMessage [Black Hat USA 2019]
At Black Hat, a Google security researcher details numerous bugs in iMessage that could be exploited remotely without interaction from the victim. Read More
All you need is some sunglasses and some tape to bypass the iPhone’s FaceID [Black Hat USA 2019]
There was a flaw in the liveness detection function of the biometric authentication system that is used by Apple for unlocking an iPhone using face recognition and that dangerous discovery has shocked attendees of the Black Hat hacker convention held in Las Vegas when cybersecurity researchers have managed to bypass the iPhone’s face recognition feature in just a mere 120 seconds and some things you can find in your desk. Read More
Apple Will Give You $1 Million to Hack an iPhone [Black Hat USA 2019]
The bounty, which was announced by the iPhone-maker at the annual Black Hat hacker convention in Las Vegas on Thursday, is the company’s biggest ever -- in fact, it’s five times bigger than its previous largest payout. Read More
Black Hat researchers demonstrate unlocking Face ID using ‘X-Glasses’ [Black Hat USA 2019]
Tencent researchers have found a way to unlock another person’s iPhone by using tape, glasses and the unconscious person’s facial features. At the Las Vegas Black Hat conference, the group from Tencent demonstrated how they could fool the iPhone’s liveness detection feature, which was advertised to distinguish between real and fake facial features. Read More
Black Hat Talk About ‘Time AI’ Causes Uproar, Is Deleted By Conference [Black Hat USA 2019]
A controversial sponsored talk at the Black Hat security conference caused an uproar among security professionals and prompted the conference to delete the talk from the internet. Read More
Two weird ways your iPhone or Mac can be hacked [Black Hat USA 2019]
As for hacking into an iPhone, security researchers at the Black Hat hacker convention in Las Vegas managed to bypass the iPhone's Face ID authentication system in 120 seconds. Read More
You Can Unlock an iPhone Protected with Face ID Using Glasses and Tape [Black Hat USA 2019]
The details of the attack were explained on Black Hat USA 2019 which is an annual security conference. Researchers were able to get into the victim’s iPhone by using a modified pair of glasses. The glasses have a combination of white and black tape pasted on them and they call it the “X-glasses“. Read More
Microsoft introduces security lab to test vulnerabilities, attacks [Black Hat USA 2019]
Microsoft has introduced the Azure Security Lab, a dedicated customer-safe cloud environment, at the Black Hat USA 2019 conference which convened here this week. Read More
Automakers warm up to friendly hackers at cybersecurity conference [Black Hat USA 2019]
Known for its sprawling resorts and casinos, Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference. Read More
Black Hat USA 2019 conference explores new trends in cybersecurity [Black Hat USA 2019]
LAS VEGAS, Aug. 8 (Xinhua) -- Tens of thousands of the world's best cybersecurity professionals gathered in Las Vegas this week for the Black Hat USA 2019 cybersecurity conference, which focuses on latest development and new trend in cybersecurity. Read More
Apple offers $1 million if you can hack an iPhone [Black Hat USA 2019]
The bounty was announced by the company at the annual Black Hat hacker convention in Las Vegas last week. It is said to be the biggest ever payout by the iPhone-maker. Read More
Inside Black Hat, the world’s biggest ethical hacker conference in Las Vegas [Black Hat USA 2019]
Black Hat, the world’s biggest annual cyber security conference, opened its doors in 1997 and has since grown from an obscure “hacker summer camp” for geeks into a vast and increasingly mainstream event sponsored by blue chip companies such as Cisco and Accenture. Attendees pay $3,000 a ticket to join hacking lessons, to network and relax in casinos. Read More
SECURITY NEWS THIS WEEK: ELECTION SYSTEMS ARE WAY MORE VULNERABLE THAN WE THOUGHT [Black Hat USA 2019]
HACKER SUMMER CAMP is here again! You know what that means: WIRED is back in Las Vegas for the annual Black Hat and Defcon security conferences, where we’re digging into the latest and greatest hacks on display. First, let’s talk about iPhones. A researcher found it’s possible to break into one just by sending a text message. To help uncover similar vulnerabilities in the future, Apple is handing out new, hacker-friendly iPhones to its favorite security researchers, and paying up to $1.5 million in bug bounties. Read More
Black Hat Attendees: Sponsored Session Was 'Snake Oil Crypto' [Black Hat USA 2019]
LAS VEGAS—The Black Hat security conference is no stranger to controversy, but that's usually limited to daring hacks or heated debates about privacy. This year, a sponsored session drew ridicule from attendees who claim it was little more than pseudoscience, and the uproar prompted Black Hat organizers to remove the content from the website. Read More
Soziale Netzwerke: Zweifelhafte Phishing-Tests mit Mitarbeitern [Black Hat USA 2019]
Das erste Tool, das Jacob Wilkin im Rahmen einer Präsentation auf der Black-Hat-Konferenz vorstellte, nennt sich "Social Attacker". Die in Python geschriebene Software dient der weitgehenden Automatisierung von Phishing-Angriffen innerhalb von Facebook, LinkedIn, Twitter und VKontakte. Read More
Biometrics: Life detection in biometric authentication on the iPhone undone [Black Hat USA 2019]
HC Ma of Tencent Security demonstrated during the Black Hat 2019 the research results of his colleagues who could not present themselves due to lack of visa. The hackers studied the ways in which face, voice, fingerprint, iris, or palm detection sensors determine whether a living human is interacting with them - or just a photo or voice record. This sets them apart from the researchers, who focused exclusively on kicking off the sensors themselves, while leaving aside features such as Apple's "attention checking for face ID". Read More
New report describes acute threat from criminal cyber actors in Russia [Black Hat USA 2019]
“The first rule of Russian dark web communities is to never target victims in CIS countries, especially Russia,” according to “The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime,” released Thursday at the Black Hat USA 2019 conference here. Read More
Researcher details how GDPR, privacy laws can be manipulated for identity theft [Black Hat USA 2019]
James Pavur used the GDPR’s “right of access” provision, requiring companies to reveal information they hold on citizens upon their request, to collect data including his girlfriend’s social security number, date of birth, credit card activity and even account passwords. Pavur detailed the experience in a white paper released here at Black Hat. Read More
Live From Black Hat USA: Making Big Things Better the Dead Cow Way [Black Hat USA 2019]
In InfoSec, we know and understand that hackers are not inherently bad. Many of them are hactivists looking to make positive change in the world. During the Black Hat panel discussion, “Making Big Things Better the Dead Cow Way,” Menn talked about how O’Rourke was 14 or 15 years old when he joined the cDc and left before the organization grew in notoriety, and that he interviewed a neo-Nazi in Texas and proceeded to let him hang himself with his own words. Even at that young age, he was all about diversity and engagement, especially within the cDc. Read More
Black Hat 2019 smokes out vulnerabilities in WhatsApp, iOS, Azure [Black Hat USA 2019]
Your favourite messenger's end-to-end encryption may not be as secure as you think. At the Black Hat cybersecurity conference 2019 (August 7-8) in Las Vegas, security researchers from CheckPoint reverse-engineered WhatsApp's web source code to successfully intercept and manipulate private messages. WhatsApp isn't the only major platform that is under scrutiny at the conference. Read More
While Face ID was hacked at the Black Hat Conference, the Plausibility of it occurring could only be found in a bad B-Movie [Black Hat USA 2019]
The Black Hat 2019 Conference ran from August 3-8 and we reported earlier this week that Microsoft and Apple Leveled up their Hacker Bug Bounties. Yesterday Forbes posted a report titled "Black Hat USA 2019: Apple iOS New Flaws Let Hackers Break Into All iPhones." The report pointed out that "the Google team exploited the iOS vulnerabilities to hack and take control of an iPhone by just sending text messages." Read More
Report from Black Hat: Escalating cyberthreats swirl around Apple, IoT and 5G [Black Hat USA 2019]
“The thing that has really stood out to us is more IoT-based attacks,” Andrew Tsonchev, director of technology at Darktrace, said in an exclusive interview with SiliconANGLE at the Black Hat USA 2019 cybersecurity conference this past week in Las Vegas. “They slip under the radar and the impact is huge. IoT puts this in the firing line and so does 5G,” the next generation of wireless carrier networks. Read More
What a security researcher learned from monitoring traffic at Defcon [Black Hat USA 2019]
The first time I saw Mike Spicer, I spotted him from a mile away. He was hard to miss as he threaded his way through the crowd at the 2017 Black Hat hacking conference in Las Vegas with 35 pounds of gear on his back. Read More
Apple announces a new iPhone (and you can’t have it) [Black Hat USA 2019]
Ivan Krstić, Apple’s head of security engineering, provided big insights into Apple’s platform security during his presentation at Black Hat U.S. 2019. Read More
Black Hat 2019 trends: Social media influence campaigns, big business, ATM hacking [Black Hat USA 2019]
CNET and CBS News Senior Producer Dan Patterson is reporting on the Black Hat USA 2019 cybersecurity conference in Las Vegas. He spoke with TechRepublic's Karen Roby about the main topics at Black Hat 2019. Read More
Black Hat: Using Tech to Offset User Behavior Risks [Black Hat USA 2019]
At Black Hat 2019, several sessions looked at the human factors in security, and offered suggestions on preventing people from making costly errors. Read More
Black Hat 2019: Security Pros Must Start Informing Govt. Policies [Black Hat USA 2019]
In two sessions at Black Hat 2019, security luminary Bruce Schneier, currently a fellow at the Harvard Kennedy School, made the argument for the need for the role public interest technologist and offered suggestions to address ways to get more individuals prepared for it, and to create more roles that demand the background. Read More
Spotlight: Black Hat USA 2019 conference focuses on new trend in cybersecurity [Black Hat USA 2019]
Tens of thousands of the world's best cybersecurity professionals gathered in Las Vegas this week for the Black Hat USA 2019 cybersecurity conference, which focuses on latest development and new trend in cybersecurity. Read More
Researcher Exploits GDPR Fears to Obtain Private Data [Black Hat USA 2019]
GDPR grants you the right to access any personal data a company or other entity holds about you. But how are companies verifying that those data requests are legitimate? Some are not, one researcher revealed at Black Hat. Read More
Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage [Black Hat USA 2019]
Western audiences might view the disarray in Russian's intelligence agencies as a good thing, but security expert Kimberly Zenz argues at Black Hat that it just encourages risky behavior. Read More
Black Hat USA: perímetro controlado e além [Black Hat USA 2019]
De volta a Las Vegas, a Black Hat USA encerrou nesta quinta-feira (08/08) a sua jornada, iniciada no dia 03 de agosto, apresentando as principais tendências e novidades em segurança da informação, cobrindo desde vulnerabilidades críticas encontradas em máquinas de votação, aeronaves, carros, dispositivos móveis, plataformas de mídia social e muito mais. Read More
Apple is offering a $1 million reward to anyone who can pull off this specific iPhone hack (AAPL) [Black Hat USA 2019]
Apple announced the changes to its bug bounty program during the Black Hat cybersecurity conference in Las Vegas alongside other critical updates. In addition to the new $1 million reward, Apple also revealed that it's expanding the program to its other platforms such as macOS, tvOS, and watchOS, the software that powers its Mac, Apple TV, and Apple Watch products. Read More
Hackers Disable MSP Backups, Launch Ransomeware Attacks [Black Hat USA 2019]
Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. Read More
Out in Vegas: DOJ, BlueKeep, VoIP phones [Black Hat USA 2019]
The financial services industry has proven best at patching BlueKeep, the vulnerability that sparked worries about a massive attack on the scale of WannaCry or NotPetya, according to a SecurityScorecard analysis that coincides with a Black Hat presentation today. Across the industry, systems vulnerable to BlueKeep that were patched were typically patched within 13 days. Overall, the response to the vulnerability has been very slow, SecurityScorecard assessed. Read More
#BHUSA: DevSecOps, Looking Beyond the Buzzword [Black Hat USA 2019]
DevSecOps isn't just yet another meaningless buzzword, it's an approach that has a number of steps and real technologies that can be used to help effectively reduce risk. That's the message coming out of a session at the Black Hat USA conference in Las Vegas titled, "DevSecOps: What, Why and How." Read More
Consumers feel privacy is no safer under GDPR [Black Hat USA 2019]
Dave Meltzer, CTO at Tripwire, chatted with SC Media at Black Hat on the survey and sais that while some of the perceptions uncovered in the survey do reflect people’s gut reaction to the situation there is some evidence to prove that corporations are behaving differently under GDPR. He noted significant investment being made by companies in people, technology and processes by companies in order to comply with GDPR. Read More
NSA to build new features into its open-source malware analysis tool Ghidra [Black Hat USA 2019]
Knighton and Delikat discussed their plans with specialist website Cyber Scoop before a session of the Black Hat security conference held in Las Vegas, California this week. Read More
#BHUSA: Cult of the Dead Cow Members Discuss Hacktivism, Influence & Politicians [Black Hat USA 2019]
In a panel at Black Hat USA, former members of the hacking collective Cult of the Dead Cow were joined by author Joseph Menn, who wrote the recent memoir Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. Read More
Destructive malware attacks double as attackers pair ransomware with disk wipers [Black Hat USA 2019]
“Now you have to not only recover the data that you lost, but you have to recover the entire operating system along with that and that’s a larger effort for a company to work with,” said Christopher Scott, global remediation lead at X-Force IRIS, in a video interview with SC Media at Black Hat in Las Vegas. And that places more pressure on impacted organizations to acquiesce to the attackers’ demands. Read More
Apple to release super-exclusive new iPhone you’ll probably never get to try out [Black Hat USA 2019]
Ivan Krstić told a group of tech security experts at the Black Hat conference that Apple would soon begin to hand out new iPhones to a chosen group of researchers. Read More
Significant Vulnerabilities Found in 6 Common Printer Brands [Black Hat USA 2019]
Printers have long been a target of vulnerability researchers and hackers. At the Black Hat Security Briefings in 2002, two security researchers demonstrated that HP printers could be remotely exploited using security weaknesses in a variety of access methods. In 2017, a graduate thesis presented a survey of the security flaws in printers and multifunction devices, identifying more than 125 printer vulnerabilities in the National Vulnerability Database dating back nearly 20 years. Read More
Misinformation to Voting Machine Flaws [Black Hat USA 2019]
At Black Hat USA 2019, Threatpost caught up with Matt Olney, director of threat intelligence at Cisco Talos, to discuss the challenges that elections are facing. On one hand, election security is now top of mind for the information operations space in Facebook, Twitter and other social media companies looking to battle misinformation campaigns, cyber-influence operations and other, newer threats like deep fakes Read More
‘This happens a lot more than many customers realize, it's often just brushed under the carpet’ [Black Hat USA 2019]
What’s a show without an award? In the case of Black Hat, it’s the Pwnie Awards, where Bloomberg’s controversial story about Super Micro won in the “most overhyped bug” category. Read More
New DoS attack exploits algorithms to knock sites offline [Black Hat USA 2019]
The exploit was detailed at the Black Hat cybersecurity conference in Las Vegas by Nathan Hauke and David Renardy security company Two Six Labs, as reported by Wired. Read More
A Simple Text Message Can Put iPhone Users At Risk, Project Zero Reports [Black Hat USA 2019]
Natalie Silvanovich, a Google Project Zero researcher, unveiled a presentation Wednesday on how hackers will be able to break into iPhone users’ data through a simple text message. The presentation was done in a Black Hat security conference held in Las Vegas. Read More
Why security culture needs to change [Black Hat USA 2019]
In a Black Hat conference keynote heralded by rock concert lighting and sound effects, a security engineer from Square told a packed arena in Las Vegas that culture is a key lever to automate security in an organisation. Read More
Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage [Black Hat USA 2019]
Instead of thinking of Russia and its myriad intelligence agencies as a single, monolithic entity, we need to view it as a collection of individual groups that are often at odds with each other, Zenz explained here at Black Hat. Unfortunately, that chaos is bad for US, too. Read More
Phishing emails: Here's why we are still getting caught out after all these years [Black Hat USA 2019]
In a talk at the Black Hat 2019 security conference Google security researcher Elie Bursztein and University of Florida professor Daniela Oliveira detailed why these social engineering attacks remain effective, even though they have been around for decades Read More
We keep falling for phishing emails, and Google just revealed why [Black Hat USA 2019]
At a briefing Wednesday evening at the Black Hat security conference in Las Vegas, Google security researcher Elie Bursztein and University of Florida security professor Daniela Oliveira shared that and other insights about the business of coaxing people into giving up their usernames and passwords. Read More
How technologists in government could shape better tech policy [Black Hat USA 2019]
The resounding message out of BSides Las Vegas and Black Hat — two information security conferences that took place the week of Aug. 5 — is that government is falling far short in the technology space. Read More
Early warning: Website defacement alert utility debuts in the desert [Black Hat USA 2019]
A tool that provides an automatic warning about web site defacements was among the range of utilities released during the Black Hat Arsenal sessions this week. Read More
Detecting Deepfakes May Mean Reading Lips [Black Hat USA 2019]
At Black Hat here, ZeroFox researchers presented their techniques for identifying deepfake videos. CTO Mike Price ran through the history of deepfakes and outliend the process used to create them. ZeroFox Principal Research Engineer Matt Price (no relation) then ran through the available detection tools, and their respective drawbacks, before introducing his own. Read More
Apple Offers New Bug Bounty of up to $1.5 Million [Black Hat USA 2019]
Apple will now offer bug bounty payouts for vulnerabilities found in macOS, watchOS, tvOS, iPadOS, and iCloud. Its head of security engineering and architecture, Ivan Krstic, laid out the plans at the Black Hat conference. Read More
WhatsApp Security Flaw Could Let Hackers Manipulate Messages [Black Hat USA 2019]
The flaw was revealed at the Black Hat conference, and to make matters worse it seems that Facebook was informed about the vulnerability over a year ago but has failed to patch it. Read More
Hackers can alter WhatsApp chats to show fake information [Black Hat USA 2019]
The flaw, published at the Black Hat security conference in Las Vegas, could affect both private and public chats, potentially leading to the spread of false information or "fake news" by what were thought to be trusted sources. Read More
Microsoft names top security researchers, zero-day contributors [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas, Microsoft announced the top security researchers and enterprise partners who contributed the most vulnerability and zero-day reports affecting the company's products. Read More
NSA's reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy [Black Hat USA 2019]
In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday. Read More
The Russians are coming! The Russians are … complicated! [Black Hat USA 2019]
Of course it’s nothing of the sort. Instead it is a complex, seething, tiered morass of many figures and institutions, often incentivized against one another, in a time of profound and rapid change. Today I attended a Black Hat talk by Kimberley Zenz, who opened with a plea for nuanced consideration of Russia and Russian activities. She’s right, of course, but sadly the internet tends to be where nuance goes to die. Read More
Talk about unintended consequences: GDPR is an identity thief's dream ticket to Europeans' data [Black Hat USA 2019]
In a presentation at the Black Hat security conference in Las Vegas James Pavur, a PhD student at Oxford University who usually specialises in satellite hacking, explained how he was able to game the GDPR system to get all kinds of useful information on his fiancée, including credit card and social security numbers, passwords, and even her mother's maiden name. Read More
Who will save us from deepfakes? Other AIs? Humans? What about vastly hyperintelligent pandimensional beings? [Black Hat USA 2019]
In a presentation at the Black Hat security conference in Las Vegas, data scientists examined various ways to identify deepfake videos – something that is going to become increasingly important as US elections approach in 2020. Read More
You can easily secure America's e-voting systems tomorrow. Use paper – Bruce Schneier [Black Hat USA 2019]
“Paper ballots are almost 100 per cent reliable and provide a voter-verifiable paper trail,” he told your humble Reg vulture and other hacks at Black Hat in Las Vegas on Thursday. “This isn’t hard or controversial. We use then all the time in Minnesota, and you make your vote and it’s easily tabulated.” Read More
Black Hat: Using Tech to Offset User Behavior Risks [Black Hat USA 2019]
At Black Hat 2019, several sessions looked at the human factors in security, and offered suggestions on preventing people from making costly errors. Read More
Black Hat USA 2019: IBM X-Force Red Reveals New 'Warshipping' Hack To Infiltrate Corporate Networks [Black Hat USA 2019]
At the annual Black Hat cybersecurity conference happening this week in Las Vegas, Nevada, IBM’s X-Force Red presented in front of more than 19,000 security professionals from roughly 90 countries a new attack technique they’ve nicknamed "warshipping". Read More
Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc [Black Hat USA 2019]
Following the best practices of responsible disclosure, the research findings were shared with Siemens well in advance of the scheduled Black Hat USA 2019 presentation, allowing the manufacturer to prepare. Read More
Apple offers $1 million reward to anyone who can hack an iPhone [Black Hat USA 2019]
The bug bounty program, which previously offered rewards of up to $200,000 for finding problems in iOS devices, first launched in 2016. Apple head of security Ivan Krstić announced major changes to the program on stage at the Black Hat conference in Las Vegas Thursday, CNET reports. Read More
Pwnie Awards 2019: Even the press gets her fat away [Black Hat USA 2019]
Like every year, the Pwnie Awards were held at the Black Hat conference in Las Vegas. They are almost the Oscars of the security scene and award spectacular failure as well as outstanding achievements around IT security. Read More
Boeing 787: Forscher dokumentiert Schwachstellen in Netzwerkkomponenten-Firmware [Black Hat USA 2019]
Da der Sicherheitsexperte Rubens Santamarta nach eigener Auskunft unter Flugangst leidet, setzt er sich besonders gründlich mit der Sicherheit in der Luftfahrt auseinander. Wie der in den Diensten von IOActive stehende Forscher in einem Vortrag während der Black Hat 2019 in Las Vegas ausführte, brachte ihn eine Google-Suche im Herbst 2018 zu einem öffentlich zugänglichen Server von Boeing, auf dem sich diverse Firmware-Files fanden. Read More
New NSS Labs analysis shows ‘technology suites’ can meet claims of enhanced protection [Black Hat USA 2019]
Brvenik and Peter Armstrong of Munich Re Group are on a panel today here at Black Hat to discuss “Trendspotting through Cybersecurity Testing. Read More
Commerce’s Friedman says ‘champions’ can promote software bill of materials, avoiding regulation [Black Hat USA 2019]
The public-private initiative’s four working groups will discuss “baseline” SBOM drafts at a Sept. 5 meeting in Washington, DC, an important milestone, Friedman noted in a presentation Wednesday at the Black Hat conference here. Read More
Leading figures offer ways to assess effectiveness of Trump’s aggressive cyber deterrence strategy [Black Hat USA 2019]
The Trump strategy of “persistent engagement” is “the most significant policy change in 20 years,” said Columbia University’s Jason Healey, a prominent cyber strategist and policy voice. Healey and research partner Neil Jenkins of the Cyber Threat Alliance discussed their work today here at Black Hat. Read More
Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward [Black Hat USA 2019]
The device manufacturer in a Thursday Black Hat USA 2019 session said it will open the historically private program to all researchers in the fall. In addition, it plans to drastically boost some rewards for vulnerabilities found in its devices – including a $1 million payout – and adding a much-wanted program for its Mac devices. Read More
Black Hat keynote: Why security culture needs to change [Black Hat USA 2019]
Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale Read More
Researchers Bypass Apple FaceID Using Biometrics ‘Achilles Heel’ [Black Hat USA 2019]
Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim’s FaceID and log into their phone simply by putting a pair of modified glasses on their face. By merely placing tape carefully over the lenses of a pair glasses and placing them on the victim’s face the researchers demonstrated how they could bypass Apple’s FaceID in a specific scenario. The attack itself is difficult, given the bad actor would need to figure out how to put the glasses on an unconscious victim without waking them up. Read More
Google Researcher: The iPhone Is Not Exactly a Paragon of Security [Black Hat USA 2019]
At Black Hat, a Google security researcher details numerous bugs in iMessage that could be exploited remotely without interaction from the victim. Read More
Researcher uses GDPR data transparency clause to obtain users’ sensitive information [Black Hat USA 2019]
Presenting his research at Black Hat USA in Las Vegas earlier today, Pavur pulled focus on GDPR’s ‘right of access’ clause, which stipulates that individuals have the right to request a copy of all the information a company holds on them. Read More
What Are the Rules of Engagement in a Cyberwar? [Black Hat USA 2019]
When is it appropriate to respond to a cyberattack by launching missiles? At Black Hat, security expert Mikko Hypponen exhaustively explored the topic. Read More
How Often Can One Program Infect Another? Let Us Count the Way [Black Hat USA 2019]
At Black Hat, experts from SafeBreach report on the many different ways a malicious program could infect another process with its own code. Spoiler alert: it's a lot. Read More
Apple Beefs UApple Beefs Up Its Bug Bounty Program With $1M Prizep Its Bug Bounty Program With $1M Prize [Black Hat USA 2019]
Apple's macOS is inherently more secure than Windows or Android, but securing any operating system is a 24/7 operation, and at Black Hat, Ivan Krstic, Apple's Head of Security Engineering and Architecture, detailed three highly technical security accomplishments and added his own One More Thing. Read More
Detecting Deepfakes May Mean Reading Lips [Black Hat USA 2019]
At the Black Hat security conference, researchers evaluated the deepfake detection tools currently available and released their own mouth-centric deepfake detector. Read More
Black Hat 2019: WhatsApp Users Still Open to Message Manipulation [Black Hat USA 2019]
Researchers at Black Hat USA 2019 demoed how known vulnerabilities in WhatsApp could still be exploited in several attacks that manipulate chats. Read More
Apple vastly expands security bounty program: higher payouts, ‘dev’ devices, Mac support [Black Hat USA 2019]
After hearing rumors about Apple expanding its bug bounty program earlier this week along with expectations for the company to start giving out dev devices like iPhones to security researchers, Apple has confirmed at the Black Hat conference today a vast expansion to its bounty program along with opening it up to all. Read More
Apple's expanded bug bounty program covers all operating systems, payouts up to $1M, special iPhones, more [Black Hat USA 2019]
Rumored in a report on Monday and announced during the Black Hat conference by Apple's head of security engineering and architecture Ivan Krstic, the bug bounty system has been expanded to cover Apple's other operating systems. For the first time, Apple is defining levels of payments that will be provided to security researchers who disclose vulnerabilities they find in macOS, with similar schemes also created for other platforms, including watchOS and tvOS. Read More
NSA’s reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy [Black Hat USA 2019]
In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday. Read More
Apple to Give Researchers Special iPhones to Up Its Security [Black Hat USA 2019]
Ivan Krstic made the announcement in Las Vegas at the annual Black Hat security conference at the end of a 50-minute long presentation to discuss Apple’s security efforts for its hardware and software products. Apple has long positioned the security of its systems as a core tenet of its products. Read More
Apple offers record 'bounty' to researchers who find iPhone security flaws [Black Hat USA 2019]
At the annual Black Hat security conference in Las Vegas on Thursday, the company said it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called “bounties,” for the most significant findings. Read More
Apple Confirms $1 Million Reward For Anyone Who Can Hack An iPhone [Black Hat USA 2019]
As Forbes reported on Monday, Apple is also launching a Mac bug bounty, which was confirmed Thursday, but it's also extending it to watchOS and its Apple TV operating system. The announcements came in Las Vegas at the Black Hat conference, where Apple’s head of security engineering Ivan Krstić gave a talk on iOS and macOS security. Read More
Apple extends its bug bounty program to cover macOS with $1 million in rewards [Black Hat USA 2019]
Apple is finally rewarding security researchers for finding security flaws in macOS. At the Black Hat conference today, Apple announced that it is greatly expanding its existing bug bounty program to include macOS, tvOS, watchOS, and iCloud. It will include rewards of up to $1 million for a zero-click, full chain kernel code execution attack. Read More
Apple adds Macs, Watches, and Apple TVs to $1 million bug bounty program [Black Hat USA 2019]
The news went public today at the annual Black Hat security conference in Las Vegas (via TechCrunch), where lead Apple security developer Ivan Krstić disclosed key updates to the bug bounty program. Apple will now pay $1 million for a deadly serious exploit — a zero-click attack that enables complete, persistent control of an iPhone’s kernel with nothing more than knowledge of the device’s phone number — up from a peak of $200,000 before. Less serious exploits will qualify for smaller amounts. Read More
Google researcher details iOS exploit that can take over an iPhone with a text message [Black Hat USA 2019]
That notwithstanding, security researchers from Google’s Project Zero team recently divulged a sophisticated exploit that would allow a malicious actor to take control of a targeted device with no interaction required from the device owner at all. As Google researcher Natalie Silvanovich detailed during a presentation at the Black Hat security conference this week, there are a handful of iOS 12 exploits — which have since been patched by Apple with iOS 12.4 — that can let a third-party gain full control of a device simply by sending over a text message. Read More
Rebels with a cause: Hacking for good [Black Hat USA 2019]
In an invite-only session at the Black Hat USA 2019 conference sponsored by Cisco and Duo Security Joseph Menn, author of the new bestseller "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World, talked to a panel of hackers on how they first got involved and why hacking can be a good thing. Read More
Tel Aviv U and Technion researchers wrest control of one of world's most secure PLCs [Black Hat USA 2019]
The team is slated to present their findings at Black Hat USA week in Las Vegas this month, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7. Read More
BATTERY RIGHTS MANAGEMENT – DTNS 3591 [Black Hat USA 2019]
At Black Hat, Researchers from security firm Checkpoint demonstrated an exploit of WhatsApp that would let an attacker alter text in a quoted message to change what a person appeared to write. Early results from a study by Apple, Eli Lilly and Evidation Health found that data from an iPhone, an Apple Watch, and a Beddit sleep monitor, differentiated patients with mild Alzheimer’s disease dementia from those without symptoms. Read More
Hacking for the Greater Good Has Never Been Easier [Black Hat USA 2019]
Experts on a panel at Black Hat stressed Wednesday that there's never been a greater need for hackers and public interest technologists to foster a safe digital society. Read More
WhatsApp flaws allow the attackers to manipulate conversations [Black Hat USA 2019]
Vanunu explained at the Black Hat conference in Las Vegas, Nevada, that the vulnerabilities were responsibly disclosed in 2018, but remained exploitable for a long time. Read More
Using GDPR Subject Access Requests to Harvest Data [Black Hat USA 2019]
In a talk at this year's Black Hat an Oxford University student explained how he used GDPR Access Requests and a Python script to steal a slew of sensitive information on another person. Read More
What Are the Rules of Engagement in a Cyberwar? [Black Hat USA 2019]
"The lines between real and virtual worlds are blurring fast," Mikko Hypponen, Chief Research Officer for Finnish security company F-Secure, said here at Black Hat. "Several governments have publicly stated that they reserve the right to respond to cyber attacks with kinetic force. Now we are seeing that happening for real." Read More
Apple expands bug bounty to macOS, raises bug rewards [Black Hat USA 2019]
Speaking on stage at Black Hat today, Ivan Krstić, Apple's head of security, also announced a considerable increase in the rewards hackers are eligibe to make. Read More
APPLE GIVES HACKERS A SPECIAL IPHONE—AND A BIGGER BUG BOUNTY [Black Hat USA 2019]
At the Black Hat security conference Thursday, Apple's head of security engineering and architecture Ivan Krstić announced a broad revamping of the company's bug bounty program. It's now open to all researchers, rather than its current invite-only eligibility; includes not just iOS but MacOS and other Apple operating systems; and vastly increases the rewards for certain rare forms of attack, from $100,000 for physical access attacks to bypass an iPhone's lock screen to an unprecedented $1 million for a remote attack that can gain total, persistent control of a user's computer without any interaction on the victim's part. Read More
Security Researcher Says He Cracked 787 Airliner, But Boeing, FAA Disagree [Black Hat USA 2019]
LAS VEGAS—The Black Hat security conference is no stranger to controversy, but it has been a while since a presentation elicited much pushback. That changed when a security researcher from IOActive presented what he says are vulnerabilities in the Boeing 787 Dreamliner that could be used for several different attacks. Boeing disputes the firm's findings and its disclosure process, highlighting the cracks between security researchers and the subjects of their work. Read More
Researchers Demonstrated Method for Bypassing 'Attention Aware' Feature on a Victim's iPhone Using Glasses and Tape [Black Hat USA 2019]
During the Black Hat USA conference in Las Vegas, researchers demonstrated a Face ID bypass method that used glasses and tape to unlock and infiltrate the iPhone of an "unconscious" victim. Read More
Apple announces developer iPhones with root access for security research [Black Hat USA 2019]
The company made the announcement at the Black Hat conference today, an update to the bug bounty program it launched three years ago. The deeper access should make researchers’ lives a lot easier, able to access deeper iOS functions without waiting for a jailbreak to be available for every update. Even though researchers won’t have quite the same level of access as Apple itself, it’s a huge step in the right direction – one that should make it easier to catch an increasing number of attacks on Apple‘s software. Read More
Apple offers record 'bounty' to researchers who find iPhone security flaws [Black Hat USA 2019]
At the annual Black Hat security conference in Las Vegas on Thursday, the company said it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called “bounties,” for the most significant findings. Read More
Black Hat 2019 keynote: Transformative change needed to improve cyber-security [Black Hat USA 2019]
A transformative change in how security ops and devops staffs function is needed in order for organisations to get ahead of the curve combating cyber-security issues, said Square’s head of security Dino Dai Zovi during his Black Hat 2019 keynote address. Read More
#BHUSA: Five Years of Google Project Zero Should Influence Similar Groups [Black Hat USA 2019]
Speaking at Black Hat USA, Google Project Zero manager Ben Hawkes looked back at five years of the vulnerability research team and deemed the future success of the group to be focused on more groups forming. Read More
#BHUSA Empathy is Key to Hiring and Retaining Women in Cybersecurity [Black Hat USA 2019]
At Black Hat Las Vegas on August 08 2019, Rebecca Lynch of Duo Security gave a talk on hiring, and just as importantly retaining, women in the cybersecurity industry. Read More
#BHUSA: How GDPR Can Help Attackers Steal Identities [Black Hat USA 2019]
In a session at the Black Hat USA conference in Las Vegas, titled, "GDPArrrrr: Using Privacy Laws to Steal Identities", James Pavur, DPhil student and Rhodes Scholar at Oxford University, outlined how he was able to abuse a key component of the GDPR to get access to personally identifiable information for his fiance. Read More
Critical RCE Bug Found Lurking in Avaya VoIP Phones [Black Hat USA 2019]
Researchers found the Avaya 9600 series IP Deskphone vulnerability in a piece of open source software that Avaya likely copied and modified 10 years ago. The same bug was reported in 2009, according to the analysis from McAfee shared with Threatpost at Black Hat 2019, “yet its presence in the phone’s firmware remained unnoticed until now.” Read More
Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says [Black Hat USA 2019]
Speaking at Black Hat 2019 on Thursday, Doerr pointed out that supply-chain risk comes from four main areas: Hardware, software, services and people. All are important, but it’s the latter, he maintained, that should be the top focus. Read More
Facebook leaves flaw in WhatsApp unresolved for a year [Black Hat USA 2019]
Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email [email protected] to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour.
https://www.ft.com/content/3d106036-b981-11e9-8a88-aa6628ac896c
Speaking at the Black Hat cyber security conference, Oded Vanunu, head of product vulnerability research at the security company, said Facebook blamed WhatsApp’s flaws on “limitations that can’t be solved due to their structure and architecture”. Read More
WhatsApp’s chat manipulation exploit remains unresolved even after a year (Updated) [Black Hat USA 2019]
Details of the vulnerabilities were disclosed by Israeli cybersecurity firm Checkpoint Research at Black Hat 2019 security conference in Las Vegas on August 7. Read More
How Often Can One Program Infect Another? Let Us Count the Ways [Black Hat USA 2019]
Fast forward to the modern world, and the possibilities are more complex and numerous. At the Black Hat conference here, a pair of researchers from SafeBreach, which contracts to assess and mitigate security risks, unveiled an exhaustive survey of all the ways one program can inject code into another. Their session isn't until Thursday, but we caught up with them ahead of the briefing. Read More
Wi-Fi-spying gizmos may lurk in future parcels – [Black Hat USA 2019]
Black Hat IBM’s X-Force hacking team have come up with an interesting variation on wardriving – you know, when you cruise a neighborhood scouting for Wi-Fi networks. Well, why not try using the postal service instead, and called it “warshipping,” Big Blue’s eggheads suggested earlier today. Read More
Report Identifies 6 DevSecOps Pillars [Black Hat USA 2019]
At the Black Hat USA conference, the DevSecOps Working Group of the Cloud Security Alliance (CSA) announced it has published a report identifying the six pillars on which any set of best DevSecOps processes should be based. Read More
How Lab Mice Are Helping Detect Deepfakes [Black Hat USA 2019]
Creating a convincing deepfake takes a lot of time and computing power, as does training computers to distinguish humans from deepfakes. At the Black Hat conference here, a cross-discipline team of researchers presented some novel ideas on how to manage the problem, looking specifically at the problem of generating voice audio that sounds human. Read More
HIDDEN ALGORITHM FLAWS EXPOSE WEBSITES TO DOS ATTACKS [Black Hat USA 2019]
Many websites and services rely on algorithms to transform data inputs into actions and results. But new research detailed Thursday at the Black Hat cybersecurity conference in Las Vegas shows how a small, seemingly innocuous input for an algorithm can cause it to do a huge amount of work—slowing a service down or crashing it entirely in the process, all with just a few bytes. Read More
Bogus Satellite Nav Signals Send Autonomous Cars Off the Road [Black Hat USA 2019]
At the Black Hat security conference, a researcher demonstrated how making tweaks to navigation signals could send a self-driving car careening off the road.
Read More
WhatsApp Is Vulnerable To Hack That Could Allow Attackers To Put Words In Your Mouth [Black Hat USA 2019]
Researchers at Checkpoint disclosed the a trio of attack vectors last year, explaining that they could enable a hacker to change a user's messages, change a sender's identity, and make private messages viewable to the public. One of those has been addressed, but two of the attack vectors still remain, as researchers recently demonstrated at the Black Hat USA 2019 conference in Las Vegas. Read More
Equifax's push to regain public trust calls on companies to work together [Black Hat USA 2019]
At Black Hat, Equifax's chief information security officer talks about how companies need to collaborate on cybersecurity to win back public confidence. Read More
The Evolution of Russia's Dark Web [Black Hat USA 2019]
Ahead of releasing a report on the topic, Charity Wright, formerly with the NSA, and Ariel Ainhoren, Research Team Leader at IntSights, graciously summarized this evolution for us here at the Black Hat conference. Read More
Security Researcher Says He Cracked 787 Airliner, But Boeing, FAA Disagree [Black Hat USA 2019]
LAS VEGAS—The Black Hat security conference is no stranger to controversy, but it has been a while since a presentation elicited much pushback. That changed when a security researcher from IOActive presented what he says are vulnerabilities in the Boeing 787 Dreamliner that could be used for several different attacks. Boeing disputes the firm's findings and its disclosure process, highlighting the cracks between security researchers and the subjects of their work. Read More
WhatsApp Hack Attack Can Change Your Messages [Black Hat USA 2019]
During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today. Read More
WhatsApp's New Security Vulnerability Can Allow Hackers To Change Messages In Your Chats [Black Hat USA 2019]
On August 7th, in a briefing at the annual Black Hat security conference in Las Vegas, researchers from Israeli security company 'Check Point' shed light on WhatsApp's security vulnerabilities where one could hack the chat and change the text of a message as well as the identity of the sender. Read More
Why North Korea is a different kind of cyberthreat [Black Hat USA 2019]
LAS VEGAS — Security experts have come to expect certain behaviors from nation-state cyber actors — such as Russia, China and Iran — but North Korea stands apart, according to a speaker at Black Hat USA, a hacking conference held in Las Vegas Aug. 3-8. Read More
WhatsApp hack attack can change your messages, says Israeli security firm [Black Hat USA 2019]
The hacking tool was revealed publicly during a briefing at the annual Black Hat security conference in Las Vegas on August 7, news magazine Forbes reported on Wednesday. However, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today. Read More
Terrifying WhatsApp flaw discovered that could let hackers edit your messages [Black Hat USA 2019]
Cyber security researchers at Check Point Research demonstrated how the flaw could be exploited at the Black Hat cybersecurity conference in Las Vegas this week. Read More
WhatsApp flaw could let hackers alter your quoted messages and change the words you appear to have sent to your friends [Black Hat USA 2019]
Their team detailed the hack at the Black Hat cyber-security conference in Las Vegas, attended by other experts who also uncover vulnerabilities in popular software. Read More
Cyberattackers can change and manipulate your WhatsApp messages [Black Hat USA 2019]
Israeli security firm Check Point revealed in a briefing at the annual Black Hat security conference in Las Vegas, Nevada, that WhatsApp messages can be manipulated to change the content of a message and even the identity of the sender. Read More
Code leak in a Boeing 787 Dreamliner reveals security flaw which could allow hackers to access flight controls, expert claims [Black Hat USA 2019]
Ruben Santamarta, a consultant with cyber security firm IOActive, is scheduled to explain his method at this week's Black Hat hacking conference in Las Vegas. Read More
iMessage bug lets you get hacked with just one message [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas, Google Project Zero researcher Natalie Silvanovich demonstrated interactionless bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device. Read More
Black Hat 2019: Security Culture Is Everyone's Culture [Black Hat USA 2019]
In his Black Hat USA keynote, Square's Dino Dai Zovi discussed lessons learned throughout his cybersecurity career and why culture trumps strategy. Read More
PROJECT ZERO WANTS YOU TO HELP MAKE 0-DAY HARD [Black Hat USA 2019]
“Good defense requires a detailed knowledge of offense. We approach vulnerability research the way that an attacker does,” Hawkes said during a talk at the Black Hat USA conference here Thursday. Read More
Researchers allegedly bypass Apple's Face ID using modified glasses [Black Hat USA 2019]
Researchers presenting at the 2019 Black Hat conference have revealed a possible flaw with facial biometrics, including Apple's Face ID. The exploit, however, isn't especially easy to pull off. Read More
Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find [Black Hat USA 2019]
Security researchers who built a phony engineering workstation that was able to dupe — and alter — operations of the Siemens S7 programmable logic controller (PLC) found that modern S7 PLC families running the same firmware also share the same public cryptographic key, leaving the devices vulnerable to attacks like the ones they simulated. Read More
Communication placed front and center during Black Hat 2019 opening sessions [Black Hat USA 2019]
During his opening remarks at the Mandalay Bay Events Center, Black Hat and DEF CON founder Jeff Moss underlined the importance of communication – not just within the security community, but also in terms of how CISOs, pen testers, and network defenders communicate with those outside of the industry. Read More
“In general, AV evasion works most of the time,” Sauder told The Daily Swig ahead of this year’s Black Hat USA conference, where he demonstrated his multifaceted tool on the Arsenal track. Read More
How Behavioral Data Shaped a Security Training Makeover [Black Hat USA 2019]
"When you think about the ways how you could lower that number, the first thing that comes to mind is training," said Aika Sengirbay, current security awareness program manager at Airbnb and former senior security engagement specialist at Autodesk, in the Black Hat briefing "It's Not What You Know, It's What You Do: How Data Can Shape Security Engagement." Read More
HOW APPLE PAY BUTTONS CAN MAKE WEBSITES LESS SAFE [Black Hat USA 2019]
APPLE PAY HAS a slew of protective features that make it a secure method of online credit card transactions. And since 2016, third-party merchants and services have been able to embed Apple Pay into their websites and offer it as a payment option. But at the Black Hat security conference in Las Vegas on Thursday, one researcher is presenting findings that this integration inadvertently introduces vulnerabilities that could expose the host website to attack. Read More
Black Hat keynote: Why security culture needs to change [Black Hat USA 2019]
Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale Read More
WhatsApp Hack Attack Can Change Your Messages [Black Hat USA 2019]
During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today. Read More
How uncertainty in the cyber domain changes war [Black Hat USA 2019]
“It’s very easy to say these things; it’s much more different to do these things,” Mikko Hypponen, chief research officer of Finnish cybersecurity and privacy company F-Secure, said at Black Hat USA, a hacker conference in Las Vegas running Aug. 3-8. “The reason why it’s so hard is basically one word: attribution.” Read More
Selling zero-days to governments takes some business savvy, says former bug broker [Black Hat USA 2019]
Not all researchers are comfortable with the ethics of selling the zero-day vulnerabilities they’ve discovered to governments and offensive security companies. But those who do seek profit beyond that of a traditional bug bounty reward will require a fair share of business savvy to seal the deal, according to former vulnerability broker Maor Shwartz, in a Black Hat presentation yesterday that offered a unique inside glimpse into the zero-day economy. Read More
Black Hat 2019: Software Businesses Need a Different Security Approach [Black Hat USA 2019]
That was the message coming out of Black Hat 2019 in Las Vegas as security professionals convened for a multi-day event with sessions on fresh research and insights for the community. Organizers predicted the event, in its 23rd year, would exceed 19,000 attendees from around the world this year. Read More
Eyeballer: AI utility scours website screenshots for bug bounty candidates [Black Hat USA 2019]
“Having AI that can identify ‘old-looking’ websites has proven to be very useful,” they concluded. Petro and Stroy unveiled the tool during an Arsenal session of the Black Hat conference in Las Vegas earlier today (August 8). Read More
Pwn an iPhone to bank $1m and Check Point gripes about WhatsApp privacy again [Black Hat USA 2019]
Apple's security engineering boss Ivan Krstić told Black Hat attendees that Cupertino is expanding its bug-bounty program in various ways. For instance, it will now cover macOS, WatchOS, and Apple TV, whereas previously it was only interested in coughing up cash for details of iOS vulnerabilities. Read More
Live From Black Hat USA: The Inevitable Marriage of DevOps & Security [Black Hat USA 2019]
During her briefing with Kelly Shortridge, vice president of product strategy at Capsule8, Dr. Nicole Forsgren, research and strategy at Google, did a beautiful job of adding imagery to the story she told of the attendee reactions during the now-famous talk Paul Hammond and John Allspaw gave at Velocity in 2009. If you’re not familiar, the title of said talk was, “10 Deploys Per Day: Dev & Ops Cooperation at Flickr.” Read More
Black Hat: Lessons Learned from the Equifax Data Breach [Black Hat USA 2019]
That’s according to Jamil Farshchi, Equifax’s chief information security officer, who spoke during this week’s Black Hat USA 2019 conference in Las Vegas. He joined Equifax after it suffered a massive data breach, which resulted in unauthorized access to the personal information of nearly 44% of the U.S. population. Read More
Black Hat: Lessons Learned from the Equifax Data Breach [Black Hat USA 2019]
That’s according to Jamil Farshchi, Equifax’s chief information security officer, who spoke during this week’s Black Hat USA 2019 conference in Las Vegas. He joined Equifax after it suffered a massive data breach, which resulted in unauthorized access to the personal information of nearly 44% of the U.S. population. Read More
Apple opens up hacker-friendly iPhone to researchers at Black Hat [Black Hat USA 2019]
Apple's head of security, Ivan Krstic, unveiled the new program at Black Hat, a cybersecurity conference in Las Vegas. These iPhones aren't the same as the ones you can buy in a store. They're specifically coded for developers who want to poke around iOS and Apple's hardware to find security flaws. Read More
13-Year-Old Encryption Bugs Still Haunt Apps and IoT [Black Hat USA 2019]
Hackers try to find novel ways to circumvent or undermine data encryption schemes all the time. But at the Black Hat security conference in Las Vegas on Wednesday, Purdue University researcher Sze Yiu Chau has a warning for the security community about a different threat to encryption: Vulnerabilities that were discovered more than a decade ago still very much persist today. Read More
The Cybersecurity 202: Hackers are going after medical devices — and manufacturers are helping them [Black Hat USA 2019]
That marks a massive shift since 2011, when cybersecurity researcher Jay Radcliffe first demonstrated how he could hack his own implantable insulin pump at Def Con's sister conference Black Hat. Read More
From Vegas: a scoop, zero-days and cyber weapons [Black Hat USA 2019]
Security researchers who want to sell a zero-day vulnerability to a company should look for one with an in-house security team, because “they will understand the value of it and be willing to pay more,” zero-day broker Maor Shwartz said during a candid presentation Wednesday at Black Hat in Vegas. Read More
Microsoft recognizes top-tier security researchers at Black Hat 2019 [Black Hat USA 2019]
At Black Hat USA this week, Microsoft named Yuki Chen as its Most Valuable Security Researcher for 2018-19. Chen (@guhe120), a researcher at Chinese security firm Qihoo 360, topped a list of 75 hackers, who were ranked by both the frequency and quality of bugs reported through Microsoft’s Coordinated Vulnerability Disclosure program. Read More
12 Most Exciting Cybersecurity Technologies To Watch At Black Hat 2019 [Black Hat USA 2019]
CRN asks 12 executives, sales and technical leaders attending Black Hat 2019 which cybersecurity technologies they're most excited to see come to fruition and how customers and solution providers will benefit. Read More
Black Hat USA 2019: Apple iOS New Flaws Let Hackers Break Into Any iPhones -- Users Must Update Now [Black Hat USA 2019]
The sheer number of critical security vulnerabilities revealed at the Black Hat USA 2019 conference, happening this week in Las Vegas, Nevada, is becoming overwhelming. Read More
WhatsApp Hackers Can Manipulate Your Messages: Here's How [Black Hat USA 2019]
WhatsApp messages can be manipulated to add fake quotations from other WhatsApp users, to alter the quoted text of real replies, and to send secret messages to individuals within group chats, two Israeli researchers revealed Wednesday (Aug. 7) at the Black Hat conference here. Read More
Hackers want you to be happy. People in a good mood are easier to trick, research says [Black Hat USA 2019]
UF Professor Daniela Oliveira, who led the study along with Dr. Natalie Ebner, presented the research at the Black Hat cybersecurity conference in Las Vegas on Wednesday. Oliveira was joined by Elie Burszstein, who leads Google's anti-abuse research team. Read More
WhatsApp Hack Attack Changes Your Messages, And Facebook Doesn't Seem To Care [Black Hat USA 2019]
During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today. Read More
WhatsApp flaw 'puts words in your mouth' [Black Hat USA 2019]
The tool was demonstrated at Black Hat, a cyber-security conference in Las Vegas, as a follow up to a research paper published by Checkpoint last year. Read More
The service worker hiding in your browser [Black Hat USA 2019]
Red teamers looking for creative ways to put ‘pseudo’ backdoors into browsers should turn their attention to service workers, following the release of a new exploitation kit at Black Hat USA. Read More
What’s cybercriminals’ most effective weapon in a ransomware attack? [Black Hat USA 2019]
The 2019 Spotlight Report on Ransomware is based on observations and data from the 2019 Black Hat Edition of the Attacker Behavior Industry Report, which reveals behaviors and trends in networks from a sample of over 350 opt-in Vectra customers. The Attacker Behavior Industry Report provides statistical data on the behaviors motivated attackers use to blend in with existing network traffic behaviors and mask their malicious actions. Read More
ILL COMMUNICATION: IMPROVING SECURITY BY TALKING IT OUT [Black Hat USA 2019]
“Communication is just transmitting information between humans. Risks are shared. If you can reinforce that security is everyone’s job, you can move toward a more generative culture,” Dino Dai Zovi, mobile security lead at Square, sad during his keynote speech at the Black Hat USA conference here Wednesday. Read More
#BHUSA Need For Technologists to Be Recognized and Empowered [Black Hat USA 2019]
In a panel at Black Hat USA, cryptographer Bruce Schneier; Camille Francois, research and analysis director at Graphika and fellow at Harvard Law School Berkman Center; and Eva Galperin, director of cybersecurity at the EFF, talked about the benefits of technologists to society. Read More
Linux security startup Capsule8 raises approximately $6.5 million led by Intel Capital [Black Hat USA 2019]
This week, Capsule8 executives will lead several sessions at the Black Hat USA 2019 security conference in Las Vegas. Capsule8 vice president (and Pwnie Award judge) Kelly Shortridge spoke at the CISO Summit and will team with Nicole Forsgren, research and strategy expert at Google Cloud, to present “Controlled Chaos: The Inevitable Marriage of DevOps and Security” on Wednesday, August 7 at 4 p.m. Pacific time. Additionally, Capsule8 chief scientist Brandon Edwards and research scientist Nick Freeman will explore “A Compendium of Container Escapes” on Thursday, August 8 at 3:50 p.m. Read More
Black Hat 2019: Ethical Hackers Must Protect Digital Human Rights [Black Hat USA 2019]
At a time when technology is being utilized for human-rights abuses, the security space needs to turn its focus to public interest defense technology, security stalwarts urged during Black Hat USA 2019. Read More
SYMANTEC CORPORATION (SYMC) SHARES DROP -1.10% TO -$0.22 IN EARLY TRADING HOURS: IS IT GOOD TIME TO BUY? [Black Hat USA 2019]
The Symantec Corporation (NASDAQ:SYMC) is going down by -1.10% in today’s trading session, a fall equivalent to -0.22% of the stock’s price from yesterday’s market close. A news came out on 08/01/19 stating that Symantec Presents on DEF CON 27 Main Stage and Hosts Live-Hacking Demo at Black Hat USA 2019 by WSJ. The lowest point that the shares touched during the trading session was $20.095, while the peak of the day was recorded at a share price of $20.67. SYMC finished the previous session at $20.46 according to the data provided by Barchart, while the trading volume was observed to be $2,161,832. Read More
IBM's Warshipping Attacks Wi-Fi Networks From Afar [Black Hat USA 2019]
Speaking at Black Hat USA, IBM researchers explained how they used off-the-shelf components costing under $100 to create a single-board computer with Wi-Fi and 3G capability. This enables it to connect to a Wi-Fi network to harvest data locally and then send it to a remote location using its cellular connection. The small device runs on a cell phone battery and easily fits into a small package. Read More
Ann Arbor-Based Censys Unveils Enterprise-Level Attack Surface Management Software Platform [Black Hat USA 2019]
Censys is premiering the upcoming launch of its new enterprise-level attack surface management software platform at the Black Hat USA 2019 conference Read More
#BHUSA Jeff Moss Talks of Need to be Better Communicators [Black Hat USA 2019]
Opening Black Hat USA’s keynote, founder Jeff Moss talked of the need to focus on better communication, and look at “how we communicate and what we talk about.” Read More
Hack-age delivery! Wardialing, wardriving... Now warshipping: Wi-Fi-spying gizmos may lurk in future parcels [Black Hat USA 2019]
"Think of the volume of boxes moving through a corporate mailroom daily," said Charles Henderson of IBM X-Force Red on Wednesday, just in time for this year's Black Hat USA conference in Las Vegas. "Or consider the packages dropped off on the porch of a CEO's home, sitting within range of their home Wi-Fi. Using warshipping, X-Force Red was able to infiltrate corporate networks undetected." Read More
Aug 7, 2019 |
Linux security startup Capsule8 raises approximately $6.5 million led by Intel Capital [Black Hat USA 2019]
This week, Capsule8 executives will lead several sessions at the Black Hat USA 2019 security conference in Las Vegas. Capsule8 vice president (and Pwnie Award judge) Kelly Shortridge spoke at the CISO Summit and will team with Nicole Forsgren, research and strategy expert at Google Cloud, to present “Controlled Chaos: The Inevitable Marriage of DevOps and Security” on Wednesday, August 7 at 4 p.m. Pacific time. Additionally, Capsule8 chief scientist Brandon Edwards and research scientist Nick Freeman will explore “A Compendium of Container Escapes” on Thursday, August 8 at 3:50 p.m. Read More
Fancy Bear hackers used IoT devices to hack corporate networks [Black Hat USA 2019]
Fortunately Microsoft was able to block these attacks in their early stages but this means that it investigators won't be able to determine exactly what Fancy Bear was attempting to steal from the compromised networks. The company will reveal additional details regarding Fancy Bear's activities online at this year's Black Hat USA security conference. Read More
QualPwn is a new exploit for Qualcomm Snapdragon chips, here’s what you need to know [Black Hat USA 2019]
We don’t have all the details about how this would happen or how easy it would be, but those are coming during Tencent Blade’s Black Hat 2019 and DEFCON 27 presentations. Read More
Black Hat: LeapFrog Tablet Flaws Let Attackers Track, Message Kids [Black Hat USA 2019]
The LeapPad Ultimate is a rugged tablet made by LeapFrog that targets children with an array of education, game and eBook apps. Researchers, who disclosed the flaws at Black Hat 2019 on Wednesday, said the tablet has a number of security issues opening the door to a slew of malicious activities by an adversary. Those include allowing bad actors to track the devices, send messages to children or launch man-in-the-middle attacks. Read More
HACKERS CAN BREAK INTO AN IPHONE JUST BY SENDING A TEXT [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas on Wednesday, Google Project Zero researcher Natalie Silvanovich is presenting multiple so-called “interaction-less” bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device. And while Apple has already patched five of them, a few have yet to be patched.
Read More
Black Hat 2019: Security’s Powerful Cultural Transformation [Black Hat USA 2019]
“Start with yes.'” That’s the advice to security teams from Dino Dai Zovi, mobile security lead at Square, giving the keynote on Wednesday at the 23rd annual Black Hat conference in Las Vegas. Read More
#BHUSA Keynote Encourages Positivity and Collaboration [Black Hat USA 2019]
Speaking in the opening keynote at Black Hat USA, Dino Dai Zovi, researcher and head of security for the cash app at Square, talked about security teams acknowledging developers and vice versa. Read More
Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says [Black Hat USA 2019]
Las Vegas – IOActive industrial cybersecurity expert Ruben Santamarta last fall discovered an Internet-exposed Boeing Co. server housing firmware specifications for the aviation manufacturer's 787 and 737 airplane networks. Read More
Black Hat 2019: Microsoft Protocol Flaw Leaves Azure Users Open to Attack [Black Hat USA 2019]
At Black Hat USA 2019, researchers showed how a previously-disclosed flaw on Windows systems that could allow arbitrary code execution could also impact Hyper-V. Read More
Microsoft Ignored RDP Vulnerability Until it Affected Hyper-V [Black Hat USA 2019]
Details about the attack and the underlying flaw that enabled it are presented at the Black Hat USA security conference where Itkin and Dana Baril, security software engineer at Microsoft, talk from the perspective of both an attacker and a defender. Read More
Security Vulnerabilities Are Increasingly Putting Kids at Risk [Black Hat USA 2019]
The latest example of this fear was seen at Black Hat 2019, where serious vulnerabilities were disclosed in LeapFrog’s tablet for kids, the LeapPad Ultimate. Erez Yalon, director of security research at Checkmarx, who disclosed the flaws at Black Hat 2019 on Wednesday, said the tablet has a number of security issues opening the door to a slew of malicious activities by an adversary. Those include allowing bad actors to track the devices, send messages to children or launch man-in-the-middle attacks. Read More
Tenable unveils new product innovations in Tenable.sc and Tenable.io [Black Hat USA 2019]
Tenable, the Cyber Exposure company, announced at Black Hat USA 2019 new product innovations in Tenable.sc (formerly SecurityCenter) and Tenable.io to continuously discover and assess known and unknown assets across on-premises and cloud environments from a single platform at no extra charge. Read More
Researchers Show Vulnerabilities in Facial Recognition [Black Hat USA 2019]
Researchers Yu Chen, Bin Ma, and Zhuo (HC) Ma of Tencent Security's Zuanwu Lab were scheduled to speak here at Black Hat USA, but Visa denials left HC Ma alone on the stage. He said his colleagues had begun the research to find out how biometric authentication was being implemented and, specifically, how the routines designed to separate a living human from a photo or other fake were put into practice. Read More
Black Hat keynoter: If cybersecurity is everyone’s job, what’s the security team’s job? [Black Hat USA 2019]
Black Hat kicked off here with a keynote by Dino Dai Zovi -- the mobile security lead at Square -- and with a record 20,000 participants expected to attend the two-day conference. Read More
Black Hat 2019: Deepfakes Require a Rethink of Incident Response [Black Hat USA 2019]
Two sessions at this year’s Black Hat event here in Las Vegas dive into the issue and offer insights on how deepfakes are created, and also highlight advances in technology that can possibly be used to detect the videos. Titled "Detecting deepfakes with Mice" and "Playing Offense and Defense with deepfakes," the sessions’ place on the agenda solidify that this is an issue for the security department to pay attention to as more criminals use deepfakes in social engineering attacks. Read More
Ancient technique tears a hole through modern web stacks at Black Hat 2019 [Black Hat USA 2019]
Presenting at Black Hat USA today, the PortSwigger Web Security researcher demonstrated how isolated HTTP requests can be exploited to poison web caches and desynchronize entire systems – including those belonging to major companies such as PayPal and Red Hat. Read More
Microsoft and Apple Level up Star Hacker Bug Bounties [Black Hat USA 2019]
The iPhones will be given to the rock star hackers that participate in the Cupertino company's invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference. Read More
Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson [Black Hat USA 2019]
In this week’s episode of the Podcast, # 156: we’re back at “hacker summer camp” in Las Vegas this week – also known as the Black Hat, B-Sides and DEF CON conferences, which bring tens of thousands of the world’s top security experts to the Las Vegas Strip. Read More
Black Hat 2019: 12 Cybersecurity Myths That Could Put You At Risk [Black Hat USA 2019]
CRN asks 12 executives, sales and technical leaders attending Black Hat 2019 what they see as the top oft-repeated beliefs about cybersecurity that are foolishly accepted as fact. Read More
JSShell takes cross-site scripting to new highs [Black Hat USA 2019]
Akamai’s Daniel Abeles today walked Black Hat attendees through version 2.0 of JSShell – a free-to-install web tool that aims to make XSS-to-RCE exploitation easier than ever. Read More
A new speculative execution processor flaw is addressed with software mitigations. LokiBot gets more persistent, and it adopts steganography for better obfuscation. The cyber-spies of APT41 seem to be doing some moonlighting. An accused criminal who bribed telco workers to unlock phones is in custody. Scammers are exploiting the tragedies in El Paso and Dayton. And a call at Black Hat for the security sector to bring in some safety engineers. Ben Yelin from UMD CHHS on Virginia updating legislation to address Deep Fakes. Guest is James Plouffe from MobileIron on the challenges of authentication and the legacy of passwords. Read More
Windows Quietly Patches Bug That Could Reverse Meltdown, Spectre Fixes for Intel CPUs [Black Hat USA 2019]
The issue hit Intel by far the hardest, but also competitors like AMD and ARM to a lesser degree. Patches have since been issued, but at around the same time researchers for security firm Bitdefender discovered a related issue that threatened to make the patches useless for Windows machines, Tom’s Guide wrote. Bitdefender researchers revealed their findings at the Black Hat security conference in Las Vegas on Tuesday, almost exactly a year to the date after finding it. Read More
Black Hat 2019 keynote: Software teams must own security [Black Hat USA 2019]
In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasized security as a collaborative effort by all software teams that relies on communication, automation and feedback. Read More
Sysdig Injects More AI into Container Security [Black Hat USA 2019]
At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments. Read More
A BOEING CODE LEAK EXPOSES SECURITY FLAWS DEEP IN A 787'S GUTS [Black Hat USA 2019]
At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called electronic flight bag, a collection of navigation documents and manuals used by pilots. Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane's network. An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors. Boeing maintains that other security barriers in the 787's network architecture would make that progression impossible. Read More
Cloud security offers significant benefits if you start right [Black Hat USA 2019]
At Black Hat 2019 in Las Vegas, Enterprise Times talked with Sergio Caltagirone, Vice President, Threat Intelligence at Dragos and John Yeoh, Vice President of Research at the Cloud Security Alliance. With the skills shortage hurting many small to medium businesses (SMB), cloud is being seen, by some sectors, as a panacea to the problem. Read More
Microsoft launches Azure Security Lab [Black Hat USA 2019]
At the ongoing Black Hat USA 2019 conference, Microsoft announced the Azure Security Lab ‚ a sandbox-like environment for security researchers to test Azure security without putting the company's customers at risk. Read More
Major flaw affects latest-generation Intel processors [Black Hat USA 2019]
On the occasion of the Black Hat conference, Bitdefender explained that the vulnerability of these processors is at the level of the speculative execution feature. The latter is to guess the instructions that will potentially be used later to make the processors faster. However, this can leave traces exploitable by hackers and allow them to lead an attack “by auxiliary channel” . Read More
Your security team is probably an infuriating obstacle – but it doesn’t have to be this way [Black Hat USA 2019]
Which is why it was such a glorious breath of fresh air to hear Dino Dai Zovi‘s keynote speech at the Black Hat security conference in Las Vegas this morning. Dai Zovi, staff security engineer at Square, argued that the all-too-common model of security as a team which sits and snipes at the people who actually build things, telling them no and pointing fingers, is in fact fantastically counterproductive.
Read More
Cybersecurity experts from around the world descend on Las Vegas for Black Hat 2019 [Black Hat USA 2019]
Voting machines could be very vulnerable during the 2020 election. Black Hat surveyed cyber-security experts from around the world. They said there's a 60% chance the 2020 presidential election will be hacked. Read More
Chinese government hackers suspected of moonlighting for profit [Black Hat USA 2019]
The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world's most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns. Read More
Censys To Unveil Attack Surface Visibility Platform at Black Hat [Black Hat USA 2019]
LAS VEGAS — Censys, Inc., the leading provider of Internet security data trusted by the likes of Google and The US Department of Homeland Security, today from Black Hat USA 2019, announced the upcoming launch of its enterprise-level attack surface management software platform that provides real-time visibility and actionable insights over entire network attack surfaces. Read More
HAPPY WEDNESDAY and welcome to Morning Cybersecurity! It’s a very report-y edition of MC, what with Black Hat and DEF CON kicking off. Please send your thoughts, feedback and especially tips to [email protected]. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below. Read More
Microsoft intros security lab to test Azure vulnerabilities [Black Hat USA 2019]
Announced at the Black Hat USA 2019 conference this week, the Azure Security Lab is a set of dedicated cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers. Read More
Live From Black Hat USA: Four Key Takeaways from Dino Dai Zovi’s Keynote [Black Hat USA 2019]
“Did you know that your 20th Black Hat is when you get to give the keynote at Black Hat?” Dino Dai Zovi, head of security for Cash App at Square, joked to the packed ballroom. While it may have been Dai Zovi’s 20th conference, the topic of his keynote has never been more fitting for where we are in security and the ways in which it mirrors what we experience in our day-to-day life. Read More
Live From Black Hat USA: Communication’s Key Role in Security [Black Hat USA 2019]
The kick-off keynote for the 23rd Black Hat USA Conference in Las Vegas set the stage for the conversations that will undoubtedly be discussed in great detail over the next two days – and likely the next two years – if Black Hat founder Jeff Moss’ opening remarks are indicative of a trend. Moss pointed out that security had been asking for the spotlight, both in legislative and more corporate settings, and the industry has had it for the last two years. Read More
Wi-Fi-spying gizmos may lurk in future parcels [Black Hat USA 2019]
"Think of the volume of boxes moving through a corporate mailroom daily," said Charles Henderson of IBM X-Force Red on Wednesday, just in time for this year's Black Hat USA conference in Las Vegas. "Or consider the packages dropped off on the porch of a CEO's home, sitting within range of their home Wi-Fi. Using warshipping, X-Force Red was able to infiltrate corporate networks undetected." Read More
Vectra: Ransomware attacks are spreading to cloud, datacenter, and enterprise infrastructure [Black Hat USA 2019]
The Vectra 2019 Spotlight Report on Ransomware finds that the most significant ransomware threat — in which hackers steal your data and hold it for ransom — is malicious encryption of shared network files in cloud service providers. San Jose, California-based Vectra released the report ahead of the Black Hat 2019 security conference in Las Vegas this week. Read More
APT41 Is Not Your Usual Chinese Hacker Group [Black Hat USA 2019]
A Chinese hacker group known as APT41 appears to have taken up financial crimes in addition to the usual state-sponsored cyber espionage, FireEye researchers revealed here at Black Hat. Read More
The Cybersecurity 202: Here's how the Justice Department wants to befriend ethical hackers [Black Hat USA 2019]
Bailey acknowledged the conflict. He joked in a 2016 address that when he first met with ethical hackers at the Black Hat cybersecurity conference in 2015 “only half [of the meeting] was being yelled at.” In succeeding years, he says, those conversations have become far less hostile and more productive. Now, he says ethical hackers frequently call him to talk over policy disagreements. Read More
Chinese government hackers suspected of moonlighting for profit [Black Hat USA 2019]
The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world’s most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns. Read More
PSA: Latest Spectre and Meltdown scare only affects Macs running Windows [Black Hat USA 2019]
Security company Bitdefender revealed the issue at the Black Hat security conference yesterday, reports Tom’s Guide. Interestingly, they actually discovered it a year ago, but Intel didn’t initially believe it to be a real-life problem. Read More
New Meltdown and Spectre Security Bugs Affects Macs Running Windows [Black Hat USA 2019]
Tom’s Guide reports security company Bitdefender announced the issue at the Black Hat security conference on Tuesday. Although the flaw was discovered a year ago, Intel didn’t initially believe it to be a real-life issue. Read More
New Intel Flaw Exposes Secrets on Windows Machines: What to Do [Black Hat USA 2019]
Bitdefender disclosed the flaw in conjunction with Microsoft today (Aug. 6) here at the Black Hat security conference, almost one year to the day after Bitdefender's researchers told Intel of the flaw. Read More
Sysdig Injects More AI into Container Security [Black Hat USA 2019]
At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments. At the same time, Sysdig unveiled Falco Rule Builder, a more flexible user interface (UI) for creating runtime security policies, which integrates tightly with Sysdig Secure. Knox Anderson, director of product management for Sysdig, says these extensions will make it easier for organizations to embrace best DevSecOps processes by relying on container monitoring and security tools for Kubernetes environments delivered via a software-as-a-service (SaaS) application, dubbed Sysdig Cloud Native Visibility and Security Platform (VSP). Read More
Apple Hands Hackers Secret iPhones In A Bid To Boost Security [Black Hat USA 2019]
Apple will be giving security researchers special iPhones for better testing of potential weaknesses and vulnerabilities. According to Forbes, Apple is expected to announce the program during the Black Hat security conference which will be held in Las Vegas. Read More
Windows 10 gets silent security patch to deal with SWAPGS vulnerability [Black Hat USA 2019]
As such, Microsoft released a silent patch to address the problem. The update to the Linux kernel was part of last month’s Patch Tuesday, but it wasn’t revealed until recently, at the BlackHat security conference.
Read More
Apple reportedly set to announce iOS, macOS bug bounty programs starting later this month [Black Hat USA 2019]
Apple is also expected to announce plans to offer security researchers iPhone handsets at the Black Hat security conference in Las Vegas later this week. This program is expected to make it easier for Apple to find weaknesses in iOS’ security features. Read More
Apple reportedly set to announce iOS, macOS bug bounty programs starting later this month [Black Hat USA 2019]
Apple is also expected to announce plans to offer security researchers iPhone handsets at the Black Hat security conference in Las Vegas later this week. This program is expected to make it easier for Apple to find weaknesses in iOS’ security features. Read More
The Morning After: Instagram's 'huge booty' issue [Black Hat USA 2019]
Apple plans to offer security researchers special iPhones and finally launch a bug bounty program for Mac, according to a Forbes report. Cupertino will reportedly announce those security measures at the Black Hat security conference in Las Vegas later this week in an effort to strengthen its flawed bug bounty program -- and security. Read More
Microsoft quietly patched a Spectre-style vulnerability in Intel chips that could expose user data [Black Hat USA 2019]
Intel dismissed the initial report of the issue, saying it already knew of the vulnerability and had no plans to fix it, but Bitdefender provided a proof-of-concept attack that showed how it could be exploited and the flaw was disclosed at the Black Hat security conference yesterday. It exploits the SWAPGS kernel-level instruction set, which was introduced with Ivy Bridge processors back in 2012. Read More
SWAPGS Attack is the latest Windows exploit to worry about [Black Hat USA 2019]
The security flaw, which was revealed at the annual Black Hat conference 2019 in Las Vegas, affects every single Windows computer running an Intel CPU dating back to 2012, regardless of which version of Windows is installed. Read More
Black Hat and Defcon look to boost diversity through day care [Black Hat USA 2019]
When Jeff Moss started Defcon in 1993, it was unheard of to bring kids to the hacker conference in Las Vegas. Now, as the conference and its attendees grow up, and more security researchers and hackers are becoming parents, services like day cares and childcare rooms at Black Hat and Defcon are in high demand. Read More
SAMSUNG'S NEW PHONES, A BOEING 787 SOFTWARE FLAW, AND MORE NEWS [Black Hat USA 2019]
At the Black Hat conference, security researchers lifted the curtain on "interaction-less bugs" in Apple's iOS, which would give a hacker access to your phone without you doing anything at all. An attacker could send a specially crafted text message, and even if you don't open it, the iMessage server would send back specific user data, like the content of your SMS messages or images. Read More
HACKERS BEWARE: Black Hat 2019 brings advanced cybersecurity [Black Hat USA 2019]
The annual hacking and security conference is here again.Experts and researchers from all over the world are showcasing cybersecurity and privacy risks at Black Hat 2019. Black Hat USA is in its 23rd year. It's the world's leading information security event. Read More
Black Hat: Everyone Has a Part to Play in Cybersecurity [Black Hat USA 2019]
That was the message conveyed Wednesday by keynoter Dino Dai Zovi, Square’s mobile security lead, at this week’s Black Hat USA 2019 conference in Las Vegas. In its 23rd year, the conference has drawn a record 19,000-plus attendees. Read More
Black Hat and Defcon look to boost diversity through day care [Black Hat USA 2019]
When Jeff Moss started Defcon in 1993, it was unheard of to bring kids to the hacker conference in Las Vegas. Now, as the conference and its attendees grow up, and more security researchers and hackers are becoming parents, services like day cares and childcare rooms at Black Hat and Defcon are in high demand. Read More
Kiuwan’s application security testing platform helps teams realize DevSecOps goals [Black Hat USA 2019]
Kiuwan, a provider of application security testing tools, announced the availability of free software vulnerability scan trials for the US market, with live demonstrations at Black Hat USA 2019. Read More
SWAPGS Speculative Execution Vulnerability for Intel CPUs Disclosed, Microsoft Releases Windows 10 Patch [Black Hat USA 2019]
Security vendor Bitdefender has disclosed details of a new speculative execution security vulnerability in Intel CPUs dating back to 2012, which could be used to steal sensitive information including passwords from a computer. The newly discovered issue, named SWAPGS, could also negate all the patches so far released for the infamous Spectre and Meltdown flaws. According to Bitdefender, the issue was first discovered over a year ago, and the company has been working with Intel and other ecosystem stakeholders in order to minimise its impact. Public disclosure was withheld till just now, at the ongoing Black Hat security conference, where Bitdefender has released a detailed whitepaper on its research. Read More
New ‘warshipping’ technique gives hackers access to enterprise offices [Black Hat USA 2019]
At Black Hat USA in Las Vegas, Nevada, IBM researchers said that warshipping is made possible through the proliferation of e-commerce deliveries, now an everyday occurrence which has slowly replaced visits to traditional brick-and-mortar stores. Read More
Microsoft intros security lab to test Azure vulnerabilities [Black Hat USA 2019]
Announced at the Black Hat USA 2019 conference this week, the Azure Security Lab is a set of dedicated cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers. Read More
How Europe's GDPR Privacy Rules Help Identity Thieves [Black Hat USA 2019]
The truth is, though, that "many organizations fail to employ adequate safeguards against Right of Access abuse and thus risk exposing sensitive information to unauthorized third parties," as Knerr and Pavur wrote in a white paper released in conjunction with Pavur's Black Hat presentation. Read More
Android Alert: Users Urged To Patch Critical Flaw In Recent Qualcomm Chips, Millions At Risk [Black Hat USA 2019]
More critical security vulnerabilities are being unveiled at the Black Hat USA 2019 conference which is now in full swing in Las Vegas, Nevada, and this time it’s coming from Tencent’s Blade Team. Read More
New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits [Black Hat USA 2019]
The vulnerability was discovered by researchers at Bitdefender as they researched CPU architectures. They've chosen to reveal what they found in a session at Black Hat USA after working with Intel, Microsoft and others to ensure an update was released to fix the bug as part of Patch Tuesday. Read More
Mimecast introduced community based tailored threat intelligence tool at Black Hat 2019 [Black Hat USA 2019]
Yesterday, at Black Hat 2019, Mimecast Limited, a leading email and data security company, introduced Mimecast Threat Intelligence which offers a deeper understanding of the cyber threats faced by organizations. Read More
QualPwn is a new exploit for Qualcomm Snapdragon chips, here's what you need to know [Black Hat USA 2019]
This makes finding these bugs and vulnerabilities an industry in its own right. At DEFCON 27 and Black Hat 2019, huge venues where exploits are made public and demonstrated (and hopefully, patched), a vulnerability in Qualcomm chips has been announced by the Tencent Blade Team that would allow an attacker to gain access through the kernel and potentially get into your phone and cause harm. The good news is that it was responsibly announced and Qualcomm worked with Google to fix the issue with the August 2019 Android Security Bulletin. Read More
Dell’s Secureworks Releases SaaS-Based Red Cloak TDR with Managed Services Option [Black Hat USA 2019]
BLACK HAT USA — Secureworks is using this week’s Black Hat USA 2019 conference in Las Vegas to release its new Red Cloak Threat Detection and Response (TDR), the company’s first of a planned suite of SaaS-based software offerings announced earlier this year. Read More
Black Hat Briefings: Assessing the impact of last year’s pioneering security research [Black Hat USA 2019]
On the eve of the Black Hat 2019 Briefings sessions, The Daily Swig takes a closer look at the real-world impact of the security research that’s showcased in the desert each year Read More
Microsoft waves $300,000 at hackers, says ‘do your worst’ to Azure Security Lab [Black Hat USA 2019]
The company chose the Black Hat Conference in Las Vegas to announce it was “inviting a select group of talented individuals to come and do their worst to emulate criminal hackers in a customer-safe cloud environment called the Azure Security Lab.” Read More
Microsoft provides tools to find holes in Azure [Black Hat USA 2019]
Addressing the assembed throngs at the Black Hat conference, Kymberlee Price, Microsoft’s security community manager said that Azure Security Lab is a set of dedicated cloud hosts isolated from Azure customers so security researchers can test attacks against cloud scenarios. The isolation means researchers can not only research vulnerabilities in Azure, they can attempt to exploit them. Read More
The Cybersecurity 202: The government's relationship with ethical hackers has improved, security experts say [Black Hat USA 2019]
The relationship between ethical hackers and the federal government is better now than it was in 2013, when then-National Security Agency chief Keith Alexander first spoke at the Black Hat cybersecurity conference — not long after Edward Snowden revealed the government's sweeping surveillance programs. Read More
Apple may soon hand special iPhones to security researchers [Black Hat USA 2019]
Apple will start providing security researchers special iPhones and will finally launch a bug bounty program for Mac, according to Forbes. Cupertino will reportedly announce those security measures at the Black Hat security conference in Las Vegas later this week in an effort to strengthen its flawed bug bounty program. Read More
Apple To Provide "Pre-Jailbroken" iPhones To Researchers As Part Of A Reward Program: Report [Black Hat USA 2019]
According to a report by Forbes, Apple will be announcing the new program at the ongoing Black Hat security conference in Las Vegas which runs in till Thursday, August 8. Read More
Apple might give hackers special iPhones to plug security problems [Black Hat USA 2019]
According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS. Read More
12 Big New Network And Endpoint Security Tools From The Black Hat 2019 Conference [Black Hat USA 2019]
Vendots attending the Black Hat 2019 conference have placed big bets around network and endpoint security, debuting offerings that turn network assets into security devices, redirect attempted endpoint access into deception environments, and use machine-learning algorithms on network flows and packet data. Read More
Microsoft, Apple Level Up Bounties [Black Hat USA 2019]
An announcement at Black Hat 2019 this week would mark the third anniversary of Apple's original bug bounty program, in which it promised to pay up to $200,000 for the best reported security flaws. Read More
GSA Reflects on Years of Lessons Learned for Cloud Security [Black Hat USA 2019]
Senior Security Architect for the General Services Administration’s (GSA’s) Technology Transformation Services (TTS) and Centers of Excellence (CoE) Dan Jacobs wants agencies and industry alike to heed the lessons GSA has learned from experience and the Black Hat conference over the past 16 years when it comes to securely implementing cloud. Read More
Apple will provide jailbroken iPhones to researchers investigating iOS security [Black Hat USA 2019]
Additionally, Apple wants to open a Mac bug bounty program that will also offer financial incentives to researchers who find vulnerabilities and alert Apple. It’s unclear when the Mac bug bounty program will be announced. Apple might reveal more details on Thursday when Apple’s head of security and engineering Ivan Krstić will deliver a Black Hat talk titled Behind the Scenes of iOS and Mac Security Read More
Armis Finds 11 Zero-Day Vulnerabilities, Exposing 200 Million Critical Devices using VxWorks [Black Hat USA 2019]
Ben Seri and Dor Zusman, security researcher at Armis will present the exploration of the URGENT/11 vulnerabilities at Black Hat 2019 in Las Vegas on Thursday, August 8, 2019. The talk will also include a demonstration of real-world end-to-end attacks on VxWorks-based devices including a firewall and printer. Read More
I’m at Black Hat 2019 for the next couple days: Here’s what I hope to learn [Black Hat USA 2019]
I’m off at Black Hat 2019 through Thursday evening. This is the first time BrianMadden.com has attended this conference, so despite being stuck in Las Vegas for more time than I’d ever like, I’m excited! Read More
Microsoft Asks Researchers To “Do Their Worst,” Doubles Azure Bounty To $40,000 [Black Hat USA 2019]
At the ongoing Black Hat USA 2019 conference, Microsoft announced the Azure Security Lab ‚ a sandbox-like environment for security researchers to test Azure security without putting the company’s customers at risk. Read More
‘Rock Star’ Hackers Will Get Special iPhones from Apple to Help Boost Security [Black Hat USA 2019]
A new report in Forbes reveals that Apple is planning to announce a new program at this week’s Black Hat security conference in Las Vegas where it will give select security researchers special “pre-jailbroken” iPhones to make it easier for them to find weaknesses in the iPhone hardware and iOS operating system Read More
Apple might give hackers special iPhones to plug security problems [Black Hat USA 2019]
According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS. Read More
Microsoft launches Azure Security Lab for greater cloud protection [Black Hat USA 2019]
At this year's Black Hat USA security conference, the company unveiled its new Azure Security Lab which is made up of a set of dedicated cloud hosts that security professionals invited by the software giant will be able to use to test for vulnerabilities and exploits in Azure. Read More
Apple Bug Bounty Program Coming This Month [Black Hat USA 2019]
The iPhones will be given to the rock star hackers that participate in the Cupertino company’s invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference. What makes these iPhones special? One source with knowledge of the Apple announcement said they would essentially be “dev devices.” Think of them as iPhones that allow the user to do a lot more than they could on a traditionally locked-down iPhone. For instance, it should be possible to probe pieces of the Apple operating system that aren’t easily accessible on a commercial iPhone. In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities. This would allow them to see what happens at the code level when they attempt an attack on iOS code. Read More
LogicHub SOAR Gains Autonomous Detection and Response [Black Hat USA 2019]
SOAR+ with autonomous detection and response is now available, and LogicHub will showcase the updated platform at the Black Hat USA 2019 conference in Las Vegas, Nevada. Read More
Microsoft dangles USD$300k in updated Azure cloud bug bounty [Black Hat USA 2019]
Microsoft unveiled Azure Security Lab at the Black Hat USA conference in Las Vegas on Monday, where it also told security researchers it was doubling the top bounty for Azure bugs to $40,000. But the program, which is open to eligible applicants only, also offers hackers “scenario-based challenges” that max out at $300,000. Read More
A secure wireless environment for Light Communication [Black Hat USA 2019]
Speaking ahead of DEF CON 27, a hacker convention that takes place immediately after Black Hat USA 2019, Dr Dauphinee highlighted the potential that VLC has for environments where there is sensitive information that could be the target of a cyberattack. These environments include financial institutions, government buildings, critical businesses and military bases. Read More
Stellar Cyber Unveils Starlight™ 3.3; Offers AI-Based Dynamic Phishing Detection and Automated Event Correlation [Black Hat USA 2019]
Black Hat USA 2019 — Security analytics provider Stellar Cyber recently unveiled Starlight™ 3.3, which is the first Unified Security Analytics Platform having two industry-first capabilities: Read More
Microsoft offers $300k bounty for those who can hack Azure Security Lab [Black Hat USA 2019]
In a process to find and locate bugs and vulnerabilities in its Azure cloud platform, Microsoft announced in public at the Black Hat USA 2019 that the tech giant will reward $300,000 to researchers who successfully attack and launch test exploits for the platform. Read More
Russian hackers are targeting corporate VoIP phones and IoT devices [Black Hat USA 2019]
Security research presented at the Black Hat, Microsoft said that in April, Russian hackers compromised VoIP phones, office printers, and video decoders across multiple corporations. “In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords, and in the third instance the latest security update had not been applied to the device,” Microsoft said in a blog post. Read More
Vulnerability in Snapdragon chips, ‘QualPwn,’ fixed with August security patch [Black Hat USA 2019]
If you’re interested in seeing a full demonstration of QualPwn in action, Tencent Blade will be presenting it at Black Hat USA 2019 on Thursday Read More
Sysdig Injects More AI into Container Security [Black Hat USA 2019]
At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments. Read More
Millions of Android Smarphones Vulnerable to Trio of Qualcomm Bugs [Black Hat USA 2019]
The QualPwn vulnerabilities will be discussed by Tencent’s Blade Team researchers at BlackHat USA 2019 and DEFCON 27 later this week, according to researchers. Researchers declined to share vulnerability specifics until, as they put it: “we’re informed that the flaws are fixed and consumers have time to install security updates on their devices.” Read More
Spies piggyback on IoT insecurity to hack into corporate networks [Black Hat USA 2019]
Microsoft has published at outline of the attack and indicators of compromise ahead of a talk on the topic by Microsoft Eric Doerr at Black Hat USA on Thursday (8 August). Read More
Microsoft Confirms It Has Paid $4.4M To Hackers [Black Hat USA 2019]
Microsoft has announced, at the start of the Black Hat 2019 hacking and security event in Las Vegas, that it has paid $4.4 million (£3.6 million) to hackers over the past 12 months. What's more, it has issued a new challenge for confident and aggressive hackers to come and have a go if they think they're hard enough. Read More
Cybereason Raises $200 Million Led By SoftBank Group Ahead Of IPO [Black Hat USA 2019]
Cybereason, a cloud-based cybersecurity company and Forbes 2019 Next Billion-Dollar Startups honoree announced Tuesday $200 million in new funding. Led by SoftBank Group, the Series E round boosts the company’s valuation to $900 million, with $389 million in total equity. The fresh influx provides padding as Cybereason prepares for an initial public offering, the timing of which depends on market conditions., CEO and cofounder Lior Div told Forbes. In the meantime, Cybereason aims to expand its already global reach, the details of which will be announced this week at Black Hat, the annual infosec conference in Las Vegas. Read More
Black Hat conference gets underway / Which? publishes Facebook fake review findings / Disney announces Q3 results with streaming in its sights [Black Hat USA 2019]
Following a weekend of technical sessions, the main Black Hat 2019 conference will get underway today, providing attendees with insight into the latest developments and trends in information security. Read More
It's 2019 – and you can completely pwn a Qualcomm-powered Android over the air [Black Hat USA 2019]
Black Hat It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices. Read More
I’m at Black Hat 2019 for the next couple days: Here’s what I hope to learn [Black Hat USA 2019]
Meanwhile, Black Hat looks to offer slightly more technical sessions that might help grow my knowledge about security and the vulnerabilities in the wild. Read More
How to prepare for the world's largest hacker fest [Black Hat USA 2019]
One of the largest gatherings of hackers is happening in Las Vegas in August, with Black Hat and Defcon are set to start this week. The back-to-back cybersecurity conferences are often referred to as "Hacker Summer Camp," which raises questions about how to keep yourself safe when you're surrounded by hackers. Read More
12 Cool New Threat Detection And Response Products Unveiled At Black Hat 2019 [Black Hat USA 2019]
Here's a look at 12 products released around Black Hat 2019 that make it easier for customers and partners to locate and prioritize advanced threats and respond to security incidents in an automated fashion. Read More
20 Hot New Cybersecurity Products Unleashed At Black Hat Las Vegas 2019 [Black Hat USA 2019]
From inspecting encrypted traffic in real time to using machine learning to build profiles of containers to ranking security gaps by their potential business impact, here's a look at 20 hot cybersecurity products unleashed at Black Hat this year. Read More
Hacker-Friendly iPhones and Mac Bug Bounty Program [Black Hat USA 2019]
Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It’ll also be announcing an Apple Mac bounty, so anyone who can find security issues in macOS will get rewarded, sources claimed. Read More
Microsoft is doubling down on Azure security [Black Hat USA 2019]
At Black Hat conference in Las Vegas, Microsoft today announced that it is doubling down on Azure security. First, Microsoft is encouraging more security researchers to exploit Azure by doubling the top bounty reward for Azure vulnerabilities to $40,000. Second, Microsoft is making it easier for security researchers to aggressively test Azure in a closed environment. Microsoft is inviting a select group of security individuals to emulate criminal hackers in a cloud environment called the Azure Security Lab. Read More
Report: Apple to provide ‘pre-jailbroken’ iPhones to researchers, launch macOS bug bounty program [Black Hat USA 2019]
Apple is reportedly set to provide security researchers with unique iPhone models that would allow them to more easily find weaknesses in iOS. Forbes reports that Apple will make this announcement at the Black Hat security conference later this week. Read More
Black Hat 2019 On Your Mark, Get Set, Go [Black Hat USA 2019]
It’s that time. The Black Hat Conference is taking place in Las Vegas this week and tens of thousands of people will fill the space in and around the Mandalay Bay hotel to gain insight on emerging attack trends and techniques—and how to effectively defend against those exploits. Read More
Devo Technology defines vision for next-gen cloud SIEM [Black Hat USA 2019]
According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS. Read More
Apple Is Giving Out Hacker-Friendly iPhones, Plots Mac Bug Bounty — Sources [Black Hat USA 2019]
From a cybersecurity perspective, it appears so. Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It'll also be announcing an Apple Mac bounty, so anyone who can find security issues in macOS will get rewarded, sources claimed. Apple declined to comment. Read More
Microsoft launches new Azure Security Lab, offering up to $300K to anyone who can hack its public cloud [Black Hat USA 2019]
Microsoft Corp. announced today at the Black Hat USA Conference in Las Vegas the creation of a new Azure Security Lab that it believes will bolster the security of its public cloud service. Read More
QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air [Black Hat USA 2019]
Tencent's Blade researchers are scheduled to present the technical details for the QualPwn bugs and exploiting them on Thursday, at the Black Hat security conference. They have already published a brief advisory about the two vulnerabilities. Read More
Microsoft Warns Russian Hackers Can Breach Secure Networks Through Simple IoT Devices [Black Hat USA 2019]
Just ahead of Black Hat 2019, Microsoft has reported that in April its Threat Intelligence Center discovered a targeted attack against IoT devices—a VOIP phone, a printer and a video decoder. The attack hit multiple locations, using the devices as soft access points into wider corporate networks. Two of the three devices still carried factory security settings, the software on the third hadn't been updated. Read More
HomeGrid Forum Promotes Light Communication for Secure Wireless [Black Hat USA 2019]
The Visible Light Communication (VLC) industry is growing at a rapid rate, and is set to exceed ten billion devices by 2023, according to HomeGrid Forum President Dr. Len Dauphinee. Speaking ahead of DEF CON 27, a hacker convention that takes place immediately after Black Hat USA 2019, Dr Dauphinee highlighted the potential that VLC has for environments where there is sensitive information that could be the target of a cyberattack. Read More
11 Top Cybersecurity Trends To Watch For At Black Hat 2019 [Black Hat USA 2019]
Black Hat has grown over the past 22 years into the premier stage for cybersecurity professionals to share cutting-edge research and insights though demos, technical trainings and hands-on labs. Read More
What to expect at Black Hat USA 2019 [Black Hat USA 2019]
Black Hat USA 2019 kicks off this week! We’re incredibly excited for another week of impactful sessions, to hear from industry thought leaders, and even to unwind with other infosec professionals. On the heels of exciting announcements, including a significant Series B funding round and key additions to the leadership team, Swimlane will once again be your headquarters for security orchestration, automation and response (SOAR). Here’s some of what you can expect from this year’s conference: Read More
LAPD loses job applicant details, Project Zero pokes holes in iOS, AWS S3 whack-a-mole continues, and more [Black Hat USA 2019]
Also, look out this week for our Black Hat, DEF CON, and Bsides Las Vegas coverage: our vultures out in the Nevada desert will produce a string of articles from the hacking conferences. Read More
Data Breach Alert: Over 1 Million Credit Card Data From The U.S., South Korea Have Been Leaked [Black Hat USA 2019]
There’s not a day that goes by anymore without yet another major data leak uncovered and with the Black Hat conference—sort of a boot camp for hackers—kicking off in Las Vegas this week, we might hear more of them in the coming days. Read More
Data Breach Alert: Over 1 Million Credit Card Data From The U.S., South Korea Have Been Leaked [Black Hat USA 2019]
There’s not a day that goes by anymore without yet another major data leak uncovered and with the Black Hat conference—sort of a boot camp for hackers—kicking off in Las Vegas this week, we might hear more of them in the coming days. Read More
MITRE's ATT&CK Prioritizes Cyber Defenses [Black Hat USA 2019]
On Wednesday, August 7, at 2:40pm, Black Hat USA 2019, Nichols and Ryan Kovar, Principal Security Strategist at Splunk, will present MITRE ATT&CK: The Play at Home Edition. Read More
Newsletter: Cal Inc.: It’s not about the Equifax settlement cash. It’s about sending a message [Black Hat USA 2019]
The Black Hat USA conference, now in its 22nd year, brings the world’s top hackers and information security experts to Las Vegas. Be on the lookout for some scary headlines on Wednesday and Thursday as researchers reveal the latest vulnerabilities they’ve uncovered. Read More
Microsoft Lab Offers $300K For Working Azure Exploits [Black Hat USA 2019]
Las Vegas – In an attempt to sniff out bugs in its Azure cloud platform, Microsoft announced at Black Hat USA 2019 on Monday that it will offer rewards of up to $300,000 for researchers who launch successful test exploits for the platform. Read More
Microsoft launches Azure Security Lab, doubles top bug bounty to $40,000 [Black Hat USA 2019]
At Black Hat 2019 today, Microsoft announced the Azure Security Lab, a sandbox-like environment for security researchers to test its cloud security. The company also doubled the top Azure bug bounty to $40,000. Read More
Microsoft launches Azure Security Lab, expands bug bounty rewards [Black Hat USA 2019]
At the Black Hat USA conference in Las Vegas, Nevada on Monday, Microsoft said the new Azure Security Lab, a set of dedicated cloud hosts, will be made available to security professionals invited by the Redmond giant to "confidently and aggressively test Azure." Read More
ELECTION SURVEY: Tracking the move to paper-based voting machines [Black Hat USA 2019]
It’s Black Hat and DEF CON time, and late last week brought some news about the events. At Black Hat, the Pwnie Award nominations are out. Notable nominees for the sometimes-cheeky cyber awards include the NSA for “most innovative research” and “most epic achievement” due to its reverse engineering tool Ghidra, to the consternation of some hacker types who don’t have much admiration for the spy agency. Read More
Looking for answers at Black Hat 2019: 5 important cybersecurity issues [Black Hat USA 2019]
As Black Hat 2019 begins, the cybersecurity topics top of mind include network security platforms, threat detection/response services, new cloud security strategies, and clarification around security analytics. Read More
Week in review: Capital One breach, Visa payment limit bypass flaw, VxWorks RTOS vulnerabilities [Black Hat USA 2019]
Black Hat USA 2019 is just around the corner! Selecting which sessions to attend from among the conference’s jam-packed catalog of training sessions, panels and briefings can be a daunting task without a clear strategy. In the run-up to every conference, we compile a list of the most engaging content and identify the most compelling cybersecurity trends highlighted in the agenda. Read More
5G IS HERE—AND STILL VULNERABLE TO STINGRAY SURVEILLANCE [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas next week, a group of network communication security researchers will present findings on flaws in the 5G protections meant to thwart the surveillance devices known as stingrays. Read More
CloudKnox Security adds privileged access features to platform [Black Hat USA 2019]
The company will demonstrate the new features at Black Hat USA in Las Vegas this year for the first time. CloudKnox's update to its Cloud Security Platform follows competitor CyberArk's recent updates to its own privileged access management offering, including zero-trust access, full visibility and control of privileged activities for customers, biometric authentication and just-in-time provisioning. Read More
Black Hat USA 2019 Cybersecurity Conference: Live Blog [Black Hat USA 2019]
The Black Hat USA 2019 cybersecurity conference will attract thousands of IT professionals, researchers, MSPs and MSSPs. Track this live blog from MSSP Alert for the latest news, analysis and chatter throughout the conference. Read More
How offense and defense came together to plug a hole in a popular Microsoft program [Black Hat USA 2019]
ne RDS discovery in particular prompted close, behind-the-scenes cooperation between Microsoft and an outside researcher. They will share what they learned about detection and remediation next week at the Black Hat conference in Las Vegas. Read More
Black Hat 2019 Braving the Heat and Chaos in Search of Peace of Mind [Black Hat USA 2019]
Black Hat 2019 is taking place next week in Las Vegas. A biblical swarm of grasshoppers large enough to be seen on radar has invaded the city and temperatures outside in the scorching sun will approach 110 degrees, but that won’t stop tens of thousands of IT and cybersecurity professionals from making the trek to learn about emerging attack techniques and trends and find out what vendors have to offer to help guard against a growing and shifting threat landscape. Read More
Black Hat: A Summer Break from the Mundane and Controllable [Black Hat USA 2019]
Next week, security practitioners from across the globe will make their summer pilgrimage to Las Vegas for Black Hat, DEF CON, and other security gatherings. As in years past, there will be no shortage of surprises Read More
7 must-see talks at Black Hat and DEF CON 2019 [Black Hat USA 2019]
Infosec is political. It's about power — who has it, who doesn't, and how it will be used. Some geeks like to pretend otherwise, but that will be harder this year during hacker summer camp in Las Vegas, as politicians and policymakers join hackers to merge tech and policy in some much-anticipated talks. Read More
Chats On The Road To Hacker Summer Camp 2019 | Black Hat — CyberInsurance Micro Summit | A Conversation With Jeffrey Smith [Black Hat USA 2019]
The newly-formed cyber insurance micro summit is being chaired by Jeremiah Grossman and is taking place on Wednesday, August 7th, during Black Hat. So, if you want to learn more about cyber insurance from a group of people that know this space like the back of their hands, you’ll have to join Jeffrey and the rest of the micro summit team for their half-day session. Details for the three talks are below. Read More
Writing the Book on Hacking Web Applications [Black Hat USA 2019]
Even before this week's announcement of the Capital One breach, application security/secure DevOps has been heating up. The topic is important enough to make the keynote at the Black Hat Briefings next week. Respected researcher Dino Dai Zovi, security engineer at Square, titled his keynote "Every Security Team Is a Software Team Now." Read More
Every security team is a software team now: Why you should attend the Black Hat keynote [Black Hat USA 2019]
Building and facilitating a culture with continuous collaboration between engineers and security forces is becoming the new philosophy in security, which is why I am stoked for this year’s Black Hat USA keynote speaker: Dino Dai Zovi, staff security engineer at Square. Read More
Top 5 Black Hat 2019 Sessions Not to Miss. Plus: Bonus Travel Tips to Hacker Cons [Black Hat USA 2019]
The Black Hat USA 2019 conference is about to start. Over 17,000 security professionals will come from all around the world to Las Vegas, USA. They will learn, share, educate and disclose security research on the latest cyber-threats and attacks, vulnerabilities, and techniques used to bypass security used by most governments and organizations globally. Read More
Despite bizarre reports of a grasshopper infestation, Black Hat USA 2019 and DEF CON are set to kick off next week in Las Vegas, bringing on a wave of sessions, keynotes and security-themed villages. Read More
8 Free Tools to Be Showcased at Black Hat and DEF CON [Black Hat USA 2019]
The security research community is getting ready to not only drop a lot of knowledge on their colleagues in the coming weeks, but also a boatload of new and evolving tools. Black Hat and DEF CON presenters always give out the best party favors in the form of hacking frameworks, open source software, hardware design plans, and other free goodies targeted at all different stripes of security practitioners. Read More
DHS ‘blew up’ its hiring system for cybersecurity talent [Black Hat USA 2019]
“We’re going to have the ability to go to Black Hat and some of the different conferences and be able to recruit directly and make job offers directly to those folks out of those different technical conferences and things like that,” she told the Regulatory Affairs and Federal Management Subcommittee. Read More
Black Hat Q&A: Cracking Apple's T2 Security Chip [Black Hat USA 2019]
Duo Labs' Mikhail Davidow and Jeremy Erickson speak about their research on the Apple's T2 security chip, and why they're sharing it at Black Hat USA. Read More
Google reveals fistful of flaws in Apple's iMessage app [Black Hat USA 2019]
One of the two Google researchers involved - Natalie Silvanovich - intends to share more details of her findings at a presentation at the Black Hat conference in Las Vegas next month. Read More
Google researchers discovered serious iOS security flaws [Black Hat USA 2019]
Six critical security vulnerabilities that were patched in the iOS 12.4 update released earlier this month were originally discovered by security researchers at Google. Natalie Silvanovich and Samuel Groß, two members of Google's Project Zero bug-hunting team, alerted Apple to the issues. Silvanovich will be laying out the details on several of the bugs and provide a demonstration of exploits in action at the Black Hat security conference set to be held in Las Vegas next week. Read More
Confluera Secures $9 Million Series A To Map Attacks In Real-Time [Black Hat USA 2019]
Confluera will make its debut at Black Hat, the annual security conference in Las Vegas, in August. Until then, to scale initial outreach, Confluera has been meeting with companies’ IT and cybersecurity teams to solve specific use cases. Read More
Google researchers discover six iPhone vulnerabilities, one unpatched [Black Hat USA 2019]
All of the vulnerabilities are “interaction-less,” meaning they can be run without any interaction from a user and can be exploited via SMS, MMS, Visual Voicemail, iMessage and Mail, according to an abstract of a presentation the researchers will give at Black Hat 2019 that will reveal details of the exploits. Read More
Apple has yet to fix a mysterious iMessage bug spotted by Google researchers [Black Hat USA 2019]
Next week in Las Vegas at the Black Hat security conference, Google Project Zero researcher Natalie Silvanovich is set to give a presentation about interactionless iPhone vulnerabilities that can run without the victim taking any action at all. The talk will come on the heels of Silvanovich and a Google Project Zero colleague, Samuel Groß, discovering half a dozen iOS vulnerabilities that can be exploited via iMessage — although five of those flaws, according to ZDNet, were fixed with last week’s iOS 12.4 update. Read More
Confluera snags $9M Series A to help stop cyberattacks in real time [Black Hat USA 2019]
It’s early days for Confluera, as it has 19 employees and three customers using the platform so far. For starters, it will be officially launching next week at Black Hat. After that, it has to continue building out the product and prove that it can work as described to stop the types of attacks we see on a regular basis. Read More
Managed Security Services Provider (MSSP) News: 30 July 2019 [Black Hat USA 2019]
Spirent Communications during the Black Hat USA 2019 conference will demonstrate several new capabilities in its CyberFlood Data Breach Assessment solution and preview new use cases for security assessment in 5G networks. Read More
Google researchers find six major security vulnerabilities in Apple’s iOS [Black Hat USA 2019]
During her presentation at the Black Hat security conference, Silvanovich will discuss “the remote, interaction-less attack surface of iOS” and the “potential for vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Mail.” She will also play out two examples of vulnerabilities discovered. Read More
Security trends to follow at Black Hat USA 2019 [Black Hat USA 2019]
Black Hat USA 2019 is just around the corner! Selecting which sessions to attend from among the conference’s jam-packed catalog of training sessions, panels and briefings can be a daunting task without a clear strategy. In the run-up to every conference, we compile a list of the most engaging content and identify the most compelling cybersecurity trends highlighted in the agenda. Read More
AN OPERATING SYSTEM BUG EXPOSES 200 MILLION CRITICAL DEVICES [Black Hat USA 2019]
VxWorks developer Wind River is in the process of distributing patches for the bugs. But the Armis researchers, who first disclosed their findings to Wind River in March, say that the patching process will be long and difficult, as is often the case with IoT and critical infrastructure updates. The researchers will present their findings at the Black Hat security conference in Las Vegas next week. Read More
Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices [Black Hat USA 2019]
It's this work that has resulted in the discovery of the Urgent11 vulnerabilities impacting VxWorks, which Armis researchers have made public today, and will detail in greater depth in a presentation at the Black Hat security conference next week, on August 8, in Las Vegas. Read More
Critical VxWorks flaws expose millions of devices to hacking [Black Hat USA 2019]
The researchers plan to demonstrate three real-world attack scenarios against a SonicWall firewall, a Xerox printer and a patient monitor at the upcoming Black Hat USA security conference. Read More
200 million enterprise, industrial, and medical devices affected by RCE flaws in VxWorks RTOS [Black Hat USA 2019]
Ben Seri and Dor Zusman will present the vulnerabilities at Black Hat USA 2019 and will demonstrate real-world end-to-end attacks on three VxWorks-based devices: a SonicWall firewall, a Xerox printer and a patient monitor. Read More
Over 200M devices affected by critical flaws found in real-time operating system [Black Hat USA 2019]
Collectively referred to as URGENT/11, the flaws were originally discovered by researchers at Armis, who publicly detailed their findings today in an online vulnerability summary, as well as a technical paper authored by Armis team members Ben Seri, Gregory Vishnepolsky and Dor Zusman. Seri and Zusman will also present their findings next week at the Black Hat conference in Las Vegas. Read More
Critical 'Update Now' Warning Issued For VxWorks OS Inside 2 Billion IoT Devices [Black Hat USA 2019]
Armis will present its URGENT/11 at Black Hat 2019 in Las Vegas next month. The company's researchers will also demonstrate three end-to-end attacks on a SonicWall firewall, a Xerox printer and a patient monitor. Read More
Critical Industries at Risk from Eleven Zero-day Flaws in Real Time Operating System [Black Hat USA 2019]
Armis researchers will demonstrate exploitation of these vulnerabilities at Black Hat 2019. The demonstrations will involve real-world end-to-end attacks on three VxWorks-based devices: a SonicWall firewall, a Xerox printer and a patient monitor. Armis believes that there are more than 200 million vulnerable mission-critical devices around the world. Read More
Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices [Black Hat USA 2019]
Seri and fellow researcher For Zusman will present their findings in Critical Zero Days Remotely Compromise the Most Popular Real-Time OS, on Thursday, August 8, at Black Hat USA. Read More
US files lawsuit against Bitcoin exchange that helped launder ransomware profits [Black Hat USA 2019]
A day later after the BTC-e shutdown, a team of academics that also included Google staffers presented research at the Black Hat USA 2017 security conference, revealing that 95% of all ransomware ransom payments that had been made up until that point had been cashed out and converted into fiat currency through Vinnik's BTC-e portal. Read More
The World’s First Vulnerable Blockchain Will Debut at Black Hat Conference [Black Hat USA 2019]
Researchers plan to launch the intentionally vulnerable blockchain in hopes of drawing attention to the flaws of the open-sourced public ledgers. The blockchain, designed by Kudelski Security, will debut at the Black Hat conference next month. Read More
Black Hat Q&A: Inside the Black Hat NOC [Black Hat USA 2019]
When you sign up to attend Black Hat USA in Las Vegas next month, make sure to leave time in your busy schedule to check out the Black Hat Network Operations Center (NOC), the heart of the Black Hat network. Read More
How Secure is Your Virtual Private Network? [Black Hat USA 2019]
Orange Tsai and Meh Chang, researchers with Devcore, previewed their findings for Zak Whittaker of Tech Crunch ahead of their presentation at the upcoming Black Hat conference in Las Vegas. According to Tsai and Chang, three enterprise VPN providers (Palo Alto Networks, Pulse Secure, and Fortinet) have flaws in their products that “are ‘easy’ to remotely exploit.” Read More
Black Hat 2019: 2020 Election Fraud Worries Attendees [Black Hat USA 2019]
Security professionals tend to be natural cynics. But as thousands prepare to head to Las Vegas early next month for the annual Black Hat conference, the attitude among them seems downright dark. Data from Black Hat’s fifth attendee survey of more than 300 information security professionals uncovered massive concern over the security of the 2020 U.S. presidential election – and most think the picture is bleak. Read More
Managed security services will take center stage at Black Hat [Black Hat USA 2019]
In my humble opinion, RSA is an industry event, while Black Hat is more of a cybersecurity professional gathering. The focus is on cyber-adversary tactics, techniques, and procedures (TTPs); threat intelligence; and defensive playbooks. Rather than hosting lavish cocktail parties, vendors who participate in Black Hat must roll up their sleeves and demonstrate their technology acumen to gain street cred with this crowd. Read More
VPN providers address vulnerability findings by researchers [Black Hat USA 2019]
Pulse Secure said they released a patch in April, according to Computing. TechRadar said that Fortinet updated its firmware to address the vulnerability. You can expect to hear more from them on August 7, where their work is scheduled as a briefing at Black Hat. Read More
11 top DEF CON and Black Hat talks of all time [Black Hat USA 2019]
Since 1997, the Black Hat and DEF CON events have gained a reputation for presenting some of the most cutting-edge research in information security. Read More
Black Hat 2019: Best sessions for SecOps [Black Hat USA 2019]
Yet again, it’s that time of year when the InfoSec community swarms to Las Vegas. It’s the 22nd annual Black Hat USA Conference. Anyone with a thirs for all things cybersecurity is guaranteed six full days of training courses, demos, breifings, and of course, plenty of opportunities for social networking. Read More
Researchers to launch intentionally ‘vulnerable’ blockchain at Black Hat [Black Hat USA 2019]
Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm Kudelski Security next week plans to launch the industry’s first "purposefully vulnerable" blockchain – and will demo it at next month's Black Hat conference. Read More
VPN flaw enables hackers to easily infiltrate corporate networks [Black Hat USA 2019]
"A few SSL VPN vendors dominate the market. Therefore, if we find any vulnerability on these vendors, the impact is huge," Tsai told TechCrunch, ahead of a presentation at the Black Hat USA event in August. Read More
5 IoT Security Conferences You Don’t Want to Miss [Black Hat USA 2019]
While not a focused IoT conference, Black Hat USA will feature an important industry announcement and session by Armis Security, a pioneer in agentless security for unmanaged and IoT devices. Read More
Researchers Find a Way to Compromise Corporate Networks Through Their VPN [Black Hat USA 2019]
According to a TechCrunch report, DEVCORE researchers Orange Tsai and Meh Chang are about to present security flaws that plague three corporate VPN products on the upcoming Black Hat conference. The flaws allow an attacker to perform remote exploitation to the target systems, and the vendors that are affected by the revelations are Palo Alto Networks, Pulse Secure, and Fortinet. Read More
Flaws in widely used corporate VPNs put company secrets at risk [Black Hat USA 2019]
Devcore researchers Orange Tsai and Meh Chang, who shared their findings with TechCrunch ahead of their upcoming Black Hat talk, said the flaws found in the three corporate VPN providers — Palo Alto Networks, Pulse Secure and Fortinet — are “easy” to remotely exploit. Read More
Equifax to pay at least $575M as part of FTC settlement [Black Hat USA 2019]
The FTC also required Equifax to have a designated employee in charge of its cybersecurity program. At the Black Hat cybersecurity conference in 2018, Equifax's new chief information security officer, Jamil Farschi, told CNET the company was going through a major shift to regain the public's trust, spending $200 million on its cybersecurity program last year. Read More
How Cybercriminals Break into the Microsoft Cloud [Black Hat USA 2019]
At this year's Black Hat USA, Morowczynski and Metcalf will discuss threats specific to Microsoft cloud services in their talk, "Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)." The goal, Metcalf says, is to help people understand how to secure Microsoft cloud environments, common mistakes made, and which configurations could make them vulnerable. Read More
Chances of destructive BlueKeep exploit rise with new explainer posted online [Black Hat USA 2019]
Williams said he previously expected there to be publicly available exploits no later than the middle of next month, when the Black Hat and Defcon security conferences in Las Vegas conclude. The new insights could shorten this predicted timeline. Read More
Black Hat 2019: Cyber Insurance Joins the Security Conversation [Black Hat USA 2019]
Although cyber insurance is still a small market, rising threat scenarios -- and rising damages from data breaches -- are fueling interest in the topic at the upcoming Black Hat 2019. Read More
Crack the defenses of iOS and other platforms at Black Hat USA 2019 [Black Hat USA 2019]
Cybersecurity professionals, take note: There’s an entire track of Platform Security Briefings lined up for Black Hat USA this August that will equip you with the latest knowledge, tools, and tricks to improve or compromise the security of iOS Windows hardware and software. Read More
Crack the defenses of iOS and other platforms at Black Hat USA 2019 [Black Hat USA 2019]
Cybersecurity professionals, take note: There’s an entire track of Platform Security Briefings lined up for Black Hat USA this August that will equip you with the latest knowledge, tools, and tricks to improve or compromise the security of iOS Windows hardware and software. Read More
Artificial Intelligence & Cybersecurity: Attacking & Defending [Black Hat USA 2019]
How do we know for sure? It is true that it is quite hard to attribute a botnet or a phishing campaign to AI rather than a human. Industry practitioners, however, believe that we will see an AI-powered cyber-attack within a year; 62% of surveyed Black Hat conference participants seem to be convinced in such a possibility. Read More
Open Source Hacking Tool Grows Up [Black Hat USA 2019]
"It's much more efficient now. It can be used to compromise entire networks in a matter of minutes," says Dillon, who plans to show off Koadic's new features next month at the Black Hat USA Arsenal in Las Vegas. Read More
RDP Bug Takes New Approach to Host Compromise [Black Hat USA 2019]
Clipboards were designed to be used locally and therefore trusted, Baril adds. This vulnerability exposes machines to a clipboard they can no longer trust. Baril and Itkin will discuss the details of the vulnerability, and approach the attack from both offensive and defensive perspectives, in their upcoming Black Hat USA briefing, "He Said, She Said — Poisoned RDP Offense and Defense." Read More
No, You Don’t Need a Burner Phone at a Hacking Conference [Black Hat USA 2019]
Every year, infosec Twitter debates whether people should bring a burner phone to conferences like Def Con or Black Hat. Here’s why we think you don’t need to worry about that. Read More
The importance of hardening firmware security [Black Hat USA 2019]
To date, firmware attacks have been few and far between. The first known BIOS attack, called the Chernobyl Virus, happened in 1998 and was used to erase flash ROM BIOS contents on chipsets. It wasn’t until Black Hat in 2006 that another BIOS vulnerability was demonstrated by researcher John Heasman (elevating privileges and reading physical memory), and then again in 2009 when Alfredo Ortega demonstrated a persistent BIOS infection (inserting malicious code into the decompression routines). Read More
Report: Literal killer app prompted Medtronic MiniMed recall [Black Hat USA 2019]
Billy Rios and Jonathan Butts discovered the vulnerabilities and raised awareness in August 2018, Wired reports. The two researchers, who work at security firm QED Security Solutions, publicized the issue at the Black Hat security conference in Las Vegas that year. With the presentation, the FDA, the Department of Homeland Security and Medtronic warned customers of the potential risks and vulnerabilities associated with the MiniMed pumps. Read More
Meet the World’s Biggest ‘Bulletproof’ Hoster [Black Hat USA 2019]
In a talk given at the Black Hat security conference in 2017, researchers from cyber intelligence firm Intel 471 labeled Yalishanda as one the “top tier” bulletproof hosting providers worldwide, noting that in just one 90-day period in 2017 his infrastructure was seen hosting sites tied to some of the most advanced malware contagions at the time, including the Dridex and Zeus banking trojans, as well as a slew of ransomware operations. Read More
Hackers Made An App That Kills To Prove A Point [Black Hat USA 2019]
Rios and Butts, who work at the security firm QED Security Solutions, had first raised awareness about the issue in August 2018 with a widely publicized talk at the Black Hat security conference in Las Vegas. Alongside that presentation, the Food and Drug Administration and Department of Homeland Security warned affected customers about the vulnerabilities. Read More
12 Events at Black Hat USA 2019 You Won’t Want to Miss [Black Hat USA 2019]
“We are totally overwhelmed by the amount of [tasks] we should be doing but can’t because of a lack of resources.” That’s how one respondent characterized the state of cybersecurity affairs in the fifth annual survey of attendees conducted by Black Hat. Read More
DevOps' Inevitable Disruption of Security Strategy [Black Hat USA 2019]
With DevOps principles taking root and reaching greater maturity at an increasing number of enterprises today, security strategists are in for some major disruption of the status quo in the coming years. That's the message being brought forward by a number of talks at next month's Black Hat USA, which will feature discussions on the impact that DevOps-driven practices and tools will have on the security world. Read More
7 Hot Cybersecurity Trends to Be Highlighted at Black Hat [Black Hat USA 2019]
Black Hat USA is fast approaching. With the full conference schedule online, now is the time for security pros to dive in and plan out their paths to exploring a wide range of learning opportunities. As with years past, the conference will feature sessions about new zero-day vulnerabilities, research that stretches the bounds of what's breakable in emerging technology, and new methods of defending systems in the ever-evolving tech world. Read More
Researchers Poke Holes in Siemens Simatic S7 PLCs [Black Hat USA 2019]
Eli Biham and Sara Bitan of Technion, and Avishai Wool and Uriel Malin of Tel Aviv University, at Black Hat USA next month in Las Vegas will reveal security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7 Read More
Chats On The Road To Hacker Summer Camp 2019 | Black Hat USA | A Conversation With Steve Wylie [Black Hat USA 2019]
As we are gearing up to cover three more conferences, we are having our pre-event conversations for each one. As we are planning to make all them a recurring series, this particular podcast is already part of a solid ITSPmagazine tradition: the third Chats on the Road conversation with Black Hat General Manager, Steve Wylie. This episode kicks off our coverage for such a pillar event in our industry. Read More
Vulnerabilities in US Defense Could Lead to Major Breach in Two Years, Says Black Hat Survey [Black Hat USA 2019]
Upcoming US elections and critical infrastructure security were among heated discussion topics at Black Hat USA 2019. According to 40 percent of Black Hat USA’s 2019 survey respondents, “large nation-states” are the number one threat that US critical infrastructures will have to fight. When specifically asked about the US election, more than 60 percent expect Kremlin-supported hackers will compromise voting machines to influence the outcome. 77 percent expect a critical attack on US critical infrastructure to succeed in the next two years, up 10 percent since 2018. Read More
Black Hat Q&A: Understanding NSA’s Quest to Open Source Ghidra [Black Hat USA 2019]
The National Security Agency (NSA) made a splash in the cybersecurity industry this year when it released its Ghidra software reverse-engineering framework as open source for the community to use. Now that the tool is in the public’s hands, NSA senior researcher Brian Knighton and his colleague Chris Delikat, will be presenting a talk at Black Hat USA about how Ghidra was designed, and the process of rendering it open source. Read More
'Human Side-Channels': Behavioral Traces We Leave Behind [Black Hat USA 2019]
At Black Hat USA, Wixey will examine multiple human side-channels, how they can be used in attacks and defense, privacy implications, and how they can be countered in his briefing, "I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy." Read More
Black Hat Survey Reveals Cyber Concerns [Black Hat USA 2019]
In advance of the 2019 Black Hat conference in Las Vegas, Black Hat USA has released its latest report on the growing concerns of consumers. Based on survey responses from conference attendees, the report, Consumers in the Crosshairs, looks at consumer concerns about their personal data potentially ending up in the hands of criminals as well as the ways in which security will affect the 2020 US presidential election. Read More
Risky business: Security pros outline key concerns ahead of Black Hat USA [Black Hat USA 2019]
With corporate mega-breaches now an all-too-common occurrence, consumers should work to the assumption that their data has already been compromised and take action to minimize further exposure to cybercriminals. This is one of the key takeaways of the 2019 Black Hat USA Attendee Survey – an annual poll of industry professionals that was released today, ahead of the eponymous security conference next month. Read More
Heading into Black Hat, cyber community in dark mood on data protection [Black Hat USA 2019]
Cybersecurity professionals appear increasingly pessimistic about the likelihood of major breaches, attacks on critical infrastructure including election systems, and the effectiveness of government-industry responses, according to a survey of some of those planning to attend the massive annual Black Hat conference in Las Vegas. Read More
Will hacked voting machines decide the 2020 election? [Black Hat USA 2019]
Cybersecurity professionals are concerned about foreign cyber operations and vulnerabilities in voting machines as the days tick down to the first 2020 primaries in February. According to a new survey of 345 cybersecurity professionals by Black Hat USA, 63 percent of respondents said that the hacking of voting machines in the next election is “very likely” or “somewhat likely” to have a “significant impact” on election results. Read More
Consumer Data, Upcoming Elections Are at Risk, Black Hat Survey Says [Black Hat USA 2019]
Newly published '2019 Black Hat USA Attendee Survey' recommends users stay off social media and remain wary of products that promise to solve security problems. Read More
FDA Warns of Potentially Fatal Flaws in Medtronic Insulin Pumps [Black Hat USA 2018]
Rios and other researchers have previously disclosed several other serious vulnerabilities in Medtronic products (including insulin pumps). A proof-of-concept exploit attack was released by researchers in March 2018 — after which the manufacturer issued advisories for the flaws on August 7. That’s more than 570 days after they were first reported. “It’s disappointing to know these have been out there for a long time,” said Rios at Black Hat 2018. “For the last two years, we’ve been increasingly frustrated with how our research was dealt with.” Read More
Apple Head of Security Engineering to Speak About iOS and Mac Security at 2019 Black Hat Event [Black Hat USA 2019]
Apple's Head of Security Engineering and Architecture Ivan Krstić will be attending the Black Hat 2019 event where he will give a "Behind the Scenes" look at iOS and macOS security. Black Hat is an annual event that's designed for the global InfoSec community, providing security professionals with a place to meet up and gain training on new techniques. Read More
Apple security chief will talk iOS 13, macOS Catalina at Black Hat [Black Hat USA 2019]
Apple security chief Ivan Krstic will be returning to the Black Hat security conference this summer to discuss iOS 13 and macOS Catalina — as well as the security protections in Apple’s new Find My service. Read More
Apple security chief to cover iOS 13, macOS security at Black Hat [Black Hat USA 2019]
Apple's security engineering chief Ivan Krstic will be making a reappearance at the Black Hat security conference in August, discussing the technologies protecting iOS 13 and macOS Catalina as well as how the Find My feature is kept secure. Read More
Inside MLS, the New Protocol for Secure Enterprise Messaging [Black Hat USA 2019]
By next year, he hopes, MLS will be ready to integrate into messaging platforms. Robert, along with INRIA's Benjamin Beurdouche and independent researcher Katriel Cohn Gordon, will discuss the research behind, and details of, MLS this summer at Black Hat USA in a briefing entitled "Messaging Layer Security: Towards a New Layer of Secure Group Messaging." Read More
A Socio-Technical Approach to Cybersecurity's Problems [Black Hat USA 2019]
In their upcoming Black Hat USA briefing, "Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project," Breuer and Perlman will discuss their framework, how security principles apply to STS, how red team and blue team processes could look in the context of STS security, and examples of red team analyses of influence operations. Read More
A tale of two cities: Why ransomware will just get worse [Black Hat USA 2017]
In 2017, the information security conference Black Hat USA surveyed attendees and found that 58% believed their organizations didn't have sufficient budget to recover from a ransomware attack or other breach. Twelve percent said that ransomware response was the biggest demand on their time during an average day. And there's a wealth of data from research (mostly funded by disaster recovery companies) that suggests most organizations are more confident in their data recovery plans than they should be, if they even have one. Read More
With GDPR's 'Right of Access,' Who Really Has Access? [Black Hat USA 2019]
Some businesses improved their verification over time, he adds, but mistakes are still being made: a handful of organizations accidentally deleted his fiancée's account when asked for data. He points to a need for businesses to feel comfortable denying suspicious GDPR requests.
Pavur will be presenting the details of his case study this August at Black Hat USA in a presentation "GDPArrrrr: Using Privacy Laws to Steal Identities." Read More
Black Hat Q&A: Defending Against Cheaper, Accessible ‘Deepfake’ Tech [Black Hat USA 2019]
The tools and techniques to create false videos via AI-driven image synthesis are getting easier to access every year, and few people know that better than ZeroFox’s Matt Price and Mike Price (not related). In an email interview with Black Hat's Alex Wawro, the pair of security experts shared their latest research, which will be presented at Black Hat USA in Las Vegas this summer. Read More
Major HSM vulnerabilities impact banks, cloud providers, governments [Black Hat USA 2019]
The duo's research paper is currently available only in French, but the two are also scheduled to present their findings at the Black Hat security conference that will be held in the US in August. Read More
Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists [Black Hat USA 2019]
Veteran security researcher, cryptographer, and author Bruce Schneier is one of the many cybersecurity experts who will be speaking at Black Hat USA in Las Vegas this August. He’s presenting Information Security in the Public Interest, a 50-minute Briefing about why it’s so important for public policy discussions to include technologists with practical understanding of how today’s tech can be used and abused. Read More
Cisco's 'Thrangrycat' Router Flaw Tough to Neuter [Black Hat USA 2019]
The flaw, designated CVE-2019-164, was discovered by Jatin Kataria, Richard Housley and Ang Cui of Red Balloon Security, which investigates embedded systems. The team is due to present their research into the flaw and techniques for mitigating it in August at the Black Hat security conference in Las Vegas. Read More
Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear [Black Hat USA 2019]
On a website dedicated to the Thrangrycat vulnerability, the Red Balloon Security team said plan to present a tool for detecting Thrangrycat attacks in August this year, at the Black Hat 2019 security conference. Read More
It's 2019 so now security vulnerabilities are branded using emojis: Meet Thrangrycat, a Cisco router secure boot flaw [Black Hat USA 2019]
The full details are not going to be released until this year's Black Hat USA security conference in August. Cisco was privately tipped off by Red Balloon Security in November 2018, and only now is the issue public. The ??? exploits were tested on a Cisco ASR 1001-X, though plenty of devices are at risk because they use the FPGA-based TAm. Read More
Security Firm to Offer Free Hacking Toolkit [Black Hat Asia 2019]
A penetration testing and consulting firm plans to release a free penetration testing toolkit next month at Black Hat Asia; the toolkit includes privilege escalation and network attack functions. Read More
Whose Line Is It? When Voice Phishing Attacks Get Sneaky [Black Hat Asia 2019]
In a presentation at Black Hat Asia, entitled "When Voice Phishing Met Malicious Android App," Jang will disclose and discuss the findings of criminal traces in voice phishing analysis conducted by his research team over the past few months. Read More
These Recently Discovered POODLEs Can Bypass Your TLS [Black Hat Asia 2019]
If Zombie POODLE and GOLDENDOODLE has you biting your nails, Young is ready to present his full findings at Black Hat Asia in Singapore at some point during the March 26th to March 29th event. Read More
Researchers Dig into Microsoft Office Functionality Flaws [Black Hat Asia 2019]
At Black Hat Asia, coming up March 26-29 in Singapore, Hegt and Ceelen will take the stage to present their talk "Office in Wonderland," in which they will disclose details on new Word and Excel vulnerabilities, release attack vectors which Microsoft deemed Office features, and demonstrate the security impact of the architectural design of the full Office suite. Read More
Visual Journal: Black Hat Europe 2018 [Black Hat Europe 2019]
The recent Black Hat Europe conference in London touched on topics ranging from combating "deep fake" videos and information security career challenges to hands-on lock-picking tutorials and the dearth of researchers submitting proposed briefings centered on deception technology. Read More
Neil and Bart tried to find the right malicious traffic on hackers' conference [Black Hat Europe 2018]
This was the situation at the Black Hat IT Security Conference, which took place recently in the European edition in London. Thousands of people from around the world participated. This year's conference had a visit of approx. 3000 participants from 106 countries. And some of the participants fell under the hacker category. Read More
‘Dear Bloomberg, you still owe everyone a retraction, explanation or some proof’ [Black Hat Europe 2018]
“The attack exploits DNS Cache Poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker’s public key to a victim domain,” the researchers explained during this year’s Black Hat Europe. Read More
Innovation backfires: Security feature makes Windows 10 unsafe [Black Hat Europe 2018]
Researchers were quick to prove that integrating security issues produced exactly the wrong result: Instead of generating more security, Windows 10 users are more exposed to malicious hackers than before. Researchers Magal Baz and Tom Sela presented their findings about a week ago at the Black Hat Security Conference in London. Read More
How to Secure Windows 10 by Disabling Its Password Recovery Questions [Black Hat Europe 2018]
This is exactly the scenario a group of security researchers described in a recent presentation at the Black Hat Europe Security Conference, as Ars Technica writes. Read More
Texas Instruments flicks Armis' Bluetooth chip vuln off its shoulder [Black Hat Europe 2018]
At Black Hat London last week, Ben Seri and Dor Zusman from research house Armis went into full detail about their November discovery of how to pwn TI-made Bluetooth Low Energy (BLE) chips. Read More
These hackers are using Android surveillance malware to target opponents of the Syrian government [Black Hat Europe 2018]
Dubbed SilverHawk by researchers at security firm Lookout, they detailed their findings at the Black Hat Europe conference in London. The malware is thought to have been in operation since mid-2016 and is capable of secretly recording audio, taking photos, downloading files, monitoring contacts, tracking location and more. Read More
CAs exposed as a weak point in web crypto [Black Hat Europe 2018]
Presentations at Black Hat Europe last week gave contrasting views the state of cryptography on the web. Hackers are unlikely to find it easy to break elliptic curve crypto, but according to a separate study they might well be able to subvert the trustworthiness of popular commercially-used Certificate Authorities (CAs). Read More
Fake apps are infecting smartphones with the ultimate spyware [Black Hat Europe 2018]
New research from cybersecurity firm Lookout presented during this year's Black Hat Europe conference has revealed that the SEA has expanded its hacking toolset and it now includes the entire SilverHawk "surveillanceware" family. Read More
Face Off: Researchers Battle AI-Generated Deep Fake Videos [Black Hat Europe 2018]
Security researchers are facing off against deep-fake videos over fears that they might be used for nation-state disinformation campaigns or to ruin someone's reputation or social standing.
Read More
The best hacks from Black Hat Europe 2018 [Black Hat Europe 2018]
Thermal imaging might be impressive – but the main prize for sheer mis-appropriation of science during Black Hat Europe has to go to a talk by IBM researchers on attacking hardware systems using resonance. Read More
Researchers: Syrian Electronic Army targeting secure messaging app users with spyware [Black Hat Europe 2018]
Known for its ardent support of Syrian President Bashar al-Assad, the threat group is targeting in particular users of secure messaging apps such as WhatsApp and Telegram. The SEA is spreading malicious updates for these apps through a combination of watering hole websites and phishing emails, according to a report from Forbes, citing researchers at Lookout who presented their findings at the Black Hat conference in London this week. Read More
Threat intelligence marketplace aims to ease skills shortage [Black Hat Europe 2018]
That’s according to Ben Schmidt, one of the founders of new decentralized platform PolySwarm, which is hoping to change the industry by linking the work of individual security researchers to the companies that may need their specialized expertise. “The idea really came about because we were frustrated,” Schmidt told The Daily Swig at this year’s Black Hat Europe conference. Read More
Researchers sneak Android data out during charging in an inventive way [Black Hat Europe 2018]
It told one of the researchers, Riccardo Spolaor, the details of the IT Security Conference Black Hat Europe, which will take place in London this week. Read More
oo little, too late? Should we be faster to point the finger of blame at cyber attackers? [Black Hat Europe 2018]
"Our then defence minister answered the question and his logic was if somebody looks like a dog, talks like a dog, eats like a dog, then most probably it's a dog -- in our case it was a bear," Kaljurand said during her keynote address at Black Hat Europe in London. Read More
Biggest casualty of a breach is security jobs, not share price [Black Hat Europe 2018]
The Daily Swig spoke to Hypponen on the fringes of the Black Hat Europe conference in London this week. Business leaders should realise their responsibility, he claimed, while adding that – according to research by Hypponen himself – very few companies have failed or gone bust as the result of a breach. Read More
#BHEU: We Must Update Cybersec Education to Develop More Security Experts [Black Hat Europe 2018]
Speaking at Black Hat Europe in London, Nahman Khayet, security researcher and Shlomi Boutnaru, CTO at Rezilion, explored the current cybersecurity skills shortage and its link to the education system. Read More
#BHEU: AI is Going Rogue with ‘Deep Fake’ Videos [Black Hat Europe 2018]
Speaking at Black Hat Europe 2018 in London Vijay Thaware, security response lead at Symantec and Niranjan Agnihotri, associate threat analysis engineer at Symantec, explored the rise of a threat called ‘Deep Fakes.’ Read More
SNDBOX - an AI Powered Malware Analysis Site is Launched [Black Hat Europe 2018]
Today at Blackhat Europe, a new malware analysis service was unveiled called SNDBOX that utilizes artificial intelligence and a hardened virtual environment to perform static and dynamic analysis of malware samples. Read More
Black Hat Europe: The Power of Attribution [Black Hat Europe 2018]
"But where was Germany, where was France, where was Italy, where were others?" asked Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, in her opening keynote speech at Black Hat Europe conference in London on Wednesday (see: 14 Hot Sessions at Black Hat Europe 2018). Read More
Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy [Black Hat Europe 2018]
As nation-state cyberattacks continue to evolve into more complex and disruptive campaigns, the pressure is on for countries to set specific cybernorms and support one another in the attribution of nation-state hacks, according to Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace (GCSC) and Member of the UN Secretary General's High Level Panel on Digital Cooperation. Read More
Windows 10 Security Questions Prove Easy for Attackers to Exploit [Black Hat Europe 2018]
In a presentation at this week's Black Hat Europe, security researchers from Illusive Networks demonstrated a new method for maintaining domain persistence by exploiting Windows 10 security questions. Read More
#BHEU: Attribution & Offensive Capabilities Changed Cybersecurity in 2018 [Black Hat Europe 2018]
Delivering the opening keynote at the Black Hat Europe conference in London, Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, spoke of the 2007 attacks by Russia on her home nation of Estonia, and how it was “primitive by today’s standards” but enabled the country to build better defenses and its e-government services. Read More
‘Cyber-attacks have become the new normality’ [Black Hat Europe 2018]
Marina Kaljurana, current chair of the Global Commission of the Stability of Cyberspace, was the Estonian ambassador to Russia at the time her country’s critical infrastructure was hit by the politically motivated offensive. “I had two tasks,” Kaljurana said, in her keynote address to attendees at this year’s Black Hat Europe conference in London. Read More
Why, in 2018, is Microsoft adding security questions to Windows 10? [Black Hat Europe 2018]
By answering questions such as “What was your first car?” the users can reset the forgotten password and regain control of the account. It didn’t take long for researchers to identify weaknesses in the newly introduced feature. They presented their findings today at the Black Hat Europe Security Conference in London. Read More
Syrian Electronic Army Hackers Are Targeting Android Phones With Fake WhatsApp Attacks [Black Hat Europe 2018]
But the SEA hasn't made headlines in some time, largely because it's turned its focus away from Western targets and gone after people closer to home as it continues to support the Bashar Al-Assad regime. And, as research released at the Black Hat conference in London this week shows, the group is putting significant resources into an Android spyware tool that can keep constant tabs on a target's mobile life. Read More
#BHEU: How Google Aurora Attacks Changed the Consciousness of Cybersecurity [Black Hat Europe 2018]
Opening the Black Hat Europe conference, founder Jeff Moss cited the 2010 attacks on Google as a point where attacks became more serious, as this enabled people in cybersecurity to “speak to a new audience.” Read More
#BHEU: Did the 'Grain of Rice Chip' Drive New Risk Assessments? [Black Hat Europe 2018]
Speaking at the Black Hat Europe conference in London, trainer and researcher Joe FitzPatrick from SecuringHardware.com asked delegates if their risk assessment considers $5 hardware attacks and if not, “why worry about $1m [hardware attacks], as what is more likely?” Read More
Battery charger hack offers covert way to spy on mobile devices [Black Hat Europe 2018]
A novel side-channel attack was demoed during a presentation at Black Hat Europe today (December 5) by Dr Riccardo Spolaor of the University of Oxford – one of a team of four European computer scientists that have developed a means of exfiltrating data from a compromised device based on power consumption fluctuations alone. Read More
‘London Blue’ Fraud Group Targets Financial Services Industry [Black Hat Europe 2018]
The group has taken the basic techniques of targeted scams, known as spear phishing attacks, relying on detailed knowledge about a target’s relationships to send a fraudulent email, and “turned it into massive BEC campaigns”, Agari said in a report. The study was launched to coincide with Black Hat Europe, taking place in London this week. Read More
Toyota Builds Open-Source Car-Hacking Tool [Black Hat Europe 2018]
A Toyota security researcher on his flight from Japan here to London carried on-board a portable steel attaché case that houses the carmaker's new vehicle cybersecurity testing tool. Read More
Estonian ex-foreign sec urges governments: Get cosy with the private sector on cybersecurity [Black Hat Europe 2018]
Black Hat Governments need to "turn from public private partnership slogans to real partnerships" on cybersecurity, former Estonian foreign minister Marina Kaljurand told the Black Hat infosec conference in London this morning. Read More
Why, in 2018, is Microsoft adding security questions to Windows 10? [Black Hat Europe 2018]
Enter Microsoft, which earlier this year added a security questions feature to Windows 10. It allows users to set up a list of security questions that can be asked in the event they later forget a password to one of their administrative accounts. By answering questions such as “What was your first car?” the users can reset the forgotten password and regain control of the account. It didn’t take long for researchers to identify weaknesses in the newly introduced feature. They presented their findings today at the Black Hat Europe Security Conference in London. Read More
Black Hat Europe: You Can be Lucky if You’re the First to Be Attacked [Black Hat Europe 2018]
Speaking at Black Hat Europe, a cyber and information security event in London, Kaljurand discussed the cyberattack on her country that forced the government to change how it thought about cybersecurity. Read More
Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy [Black Hat Europe 2018]
The former Estonian Foreign Minister, who was serving as the ambassador to Russia in 2007 when her country was hit with historic distributed denial-of-service (DDoS) attacks by Russia, said in an interview with Dark Reading that without "a clear understanding" of attack attribution, bad actors continue to operate in the "gray zone." Read More
#BHEU: Attribution & Offensive Capabilities Changed Cybersecurity in 2018 [Black Hat Europe 2018]
Delivering the opening keynote at the Black Hat Europe conference in London, Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, spoke of the 2007 attacks by Russia on her home nation of Estonia, and how it was “primitive by today’s standards” but enabled the country to build better defenses and its e-government services. Read More
Black Hat Europe: The Power of Attribution [Black Hat Europe 2018]
Kaljurand, who previously served as the foreign minister of Estonia and an ambassador to six countries, including the U.S., told the audience at the annual information security conference that the NotPetya attribution by the seven nations represented a breakthrough in countries' ability to hold others to account. Read More
‘London Blue’ BEC Cybercrime Gang Unmasked [Black Hat Europe 2018]
Agari today disclosed details of both its unmasking of the group – which it has dubbed "London Blue" – as well as its inner workings. Security researchers at Agari flipped the equation on the attackers in an email exchange by posing as Lim's assistant and drawing out enough details to drill down into the particulars of the group as well as the physical location of its operators in London. Read More
14 Hot Sessions at Black Hat Europe 2018 [Black Hat Europe 2018]
London is calling all information security professionals, as the Black Hat Europe conference returns to the U.K. capital for the third year in a row. Read More
Latest Hacking News Podcast #175 [Black Hat Europe 2018]
Black Hat Europe 2018 kicks off today in London so on episode 175 of our daily podcast we highlight just a few of the cybersecurity talks scheduled to take place. Read More
Lax Employee Cybersecurity Habits Pose Growing Danger to Businesses [Black Hat Europe 2018]
Research by Black Hat Europe indicates that the biggest danger to personal data is the collection and sale of personal information by enterprises and social media organizations that don’t properly protect privacy. Read More
Black Hat survey: User privacy doubts highlight cyber skills shortage [Black Hat Europe 2018]
The growing skepticism toward the legislation, enacted in May of this year, was cast in new research published by the organizers of Black Hat Europe ahead of its annual meeting of infosec pros in December. Read More
What’s keeping Europe’s top infosec pros awake at night? [Black Hat Europe 2018]
Black Hat Europe’s new research report entitled, Europe’s Cybersecurity Challenges, details the thoughts that are keeping Europe’s top information security professionals awake at night. Read More
Just because you're paranoid doesn't mean hackers won't nuke your employer into the ground tomorrow [Black Hat Europe 2018]
So reckon the people behind the Black Hat cybersecurity knees-up, who polled 130 European infosec folk to find out what keeps them awake at night. Read More
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues [Black Hat Europe 2018]
The 2018 Black Hat Europe Attendee Survey, published Wednesday, offers a sobering look at the state of cybersecurity defenses in Europe, bolstering the Paris meeting's conclusion that greater efforts are needed to protect data and infrastructure across national boundaries. Read More
7 Cool New Security Tools to be Revealed at Black Hat Europe [Black Hat Europe 2018]
Security researchers will convene in London next month to share findings at Black Hat Europe and unveil new tools at the conference's "Arsenal" event. At Arsenal reseachers will pass around dozens of new tools to advance vulnerability discovery, auditing, and other security practices. Here are a few highlights of what's to come. Read More
Finding Gold in the Threat Intelligence Rush [Black Hat Europe 2018]
At Black Hat Europe, in London this December, van der Walt and Pillarisetty will take the stage to share their findings in "Don't Eat Spaghetti with a Spoon: An Analysis of the Practical Value of Threat Intelligence." They hope to "move the needle along" in terms of understanding threat intelligence and equip other researchers with the data structures, tooling, methodology, and language to enable future research in the space, van der Walt says. Read More
A pair of new Bluetooth security flaws expose wireless access points to attack [Black Hat Europe 2018]
Security company Armis calls the vulnerabilities “Bleeding Bit,” because the first bug involves flipping the highest bit in a Bluetooth packet that will cause its memory to overflow — or bleed — which an attacker can then use to run malicious code on an affected Cisco or Meraki hardware. Read More
Bleedingbit zero-day chip flaws may expose majority of enterprises to remote code execution attacks [Black Hat Europe 2018]
Armis plans to release a full technical white paper describing the vulnerabilities at the Black Hat Europe conference, which is due to take place in the first week of December. Read More
New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points [Black Hat Europe 2018]
Seri and Armis security researcher Dor Zusman will discuss their chip findings on in detail in the session "BLEEDINGBIT: Your APs Belong to Us" at Black Hat Europe, December 3 - 6. Read More
Hardware Cyberattacks: How Worried Should You Be? [Black Hat Europe 2018]
"Reactions are not rational or appropriate to what should be done," says Joe Fitzpatrick, trainer and researcher at SecuringHardware.com. He'll be putting hardware threats into context and explaining how they fit into enterprise threat models during a briefing, titled "A Measured Response to a Grain of Rice," at Black Hat Europe in London this December. Read More
DeepPhish: Simulating Malicious AI to Act Like an Adversary [Black Hat Europe 2018]
At this year's Black Hat Europe event, taking place in London in December, Correa will present the team's findings in a session entitled "DeepPhish: Simulating Malicious AI." Read More
Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites [Black Hat Europe 2018]
So far, Twitter and eBay have updated their platforms to prevent the attack, and some browsers, including Microsoft Edge, Microsoft Internet Explorer, and Mozilla Firefox, have added a feature to thwart the attack, according to Takuya Watanabe, who will present his team's findings in December at Black Hat Europe in London Read More
New Security Woes for Popular IoT Protocols [Black Hat Europe 2018]
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online. Read More
Medical Device Maker Medtronic Finally Fixes its Hackable Pacemaker [Black Hat USA 2018]
The company said in a notice this week that it’s switching off the software distribution network after researchers found that a hacker could update the pacemaker’s software with malicious software that could manipulate the impulses that regulate a patient’s heartbeat. The researchers, Jonathan Butts and Billy Rios, revealed the vulnerability at the Black Hat conference in August, more than a year after first reporting the vulnerability to Medtronic. Read More
FDA Warns of Cybersecurity Vulnerabilities in CareLink Programmers [Black Hat USA 2018]
In a presentation at the BlackHat security conference held in August, security researchers Bill Rios and Jonathan Butts criticized Medtronic for dragging its feet regarding the vulnerabilities in the CareLink programmers. Read More
Medtronic cuts cyber access to vulnerable devices [Black Hat USA 2018]
The Irish medical device company, operated from offices in Fridley, announced that it was shutting down the ability of its CareLink 2090 and CareLink Encore 29901 device programmers to download new software updates remotely. The news follows a demonstration at the Black Hat USA cybersecurity conference in Las Vegas in August by independent researchers who showed that the vulnerabilities in Medtronic device programmers could negatively impact patient care. Read More
Medtronic disables pacemaker programmer updates over hack concern [Black Hat USA 2018]
Medtronic in August issued an alert on the issue with its CareLink programmers after researchers discussed the vulnerability at the Black Hat hacking conference. Medical device security experts said they had uncovered a bug that could enable hackers to update malicious software onto the programmers, then attack implanted pacemakers. Read More
The Cybersecurity 202: Kanye West is going to make password security great again [Black Hat USA 2018]
Security researchers at the Black Hat hacker conference in Las Vegas in August demonstrated how a bug in the devices “could enable hackers to update malicious software onto the programmers, then attack implanted pacemakers.” Medtronic said in its letter that it is working on security updates to “further address these vulnerabilities and will be implemented pending regulatory agency approvals.” Read More
FDA warns users of cyber vulnerability in pacemaker programmers [Black Hat USA 2018]
In August at the Black Hat conference, security researchers demonstrated how a hacker could run malicious firmware on one of the programmers, the CareLink 2090, to make life-threatening changes in care. The security researchers, Billy Rios and Jonathan Butts, said they disclosed the vulnerabilities to Medtronic in January 2017 and criticized the vendor for taking months to address the issue. Read More
Medtronic disables pacemaker programmer updates over hack concern [Black Hat USA 2018]
Medtronic in August issued a security bulletin on the issue with its CareLink programmers after researchers discussed the vulnerability at the Black Hat hacking conference in Las Vegas. Medical device security experts said they had uncovered a bug that could enable hackers to update malicious software onto the programmers, then attack implanted pacemakers. Read More
Medtronic disables updates for pacemaker programmers over cybersecurity concerns [Black Hat USA 2018]
n a presentation at the annual Black Hat cybersecurity conference in Las Vegas, two researchers demonstrated the security weaknesses in the pacemaker's control unit, saying the vulnerabilities allowed for “the disruption of therapy as well as the ability to execute shocks to a patient.” Read More
Why the hacking of medical devices is still big news [Black Hat USA 2018]
The vulnerability of medical devices to be hacked is nothing new. But picking up on news reports from the Black Hat security event that took place in Las Vegas at the beginning of August, it seems that these concerns continue to be top of the agenda where products such as pacemakers and implantable devices, are concerned. Read More
Medical Device Flaws Shine Light On Security And IoT Issues [Black Hat USA 2018]
This technology helps medical professionals make more accurate and safer health decisions for patients. Just like computer systems, medical devices are vulnerable to security breaches. In August at the Black Hat security conference in Las Vegas, researchers uncovered vulnerabilities in heart monitoring devices by Medtronic, and insisted that hackers could remotely install malware. Read More
House panels consider airline cyber threats [Black Hat USA 2018]
early 85 percent of security pros in a poll out today said they believed there would be hacking during the 2018 midterms. The poll, conducted by cybersecurity company Lastline of Black Hat conference attendees, found a variety of opinions about how it might happen. Read More
Why data loss prevention is a throwback technology [Black Hat USA 2018]
Black Hat is one of the top conferences for security professionals to learn about the latest technologies and vulnerabilities to be aware of in the coming year. From the surprising safety of self-driving cars, to new ways to hack into what many thought were secure systems, Black Hat is the spot for the latest innovations, hacking methods and more. Read More
Phishing for political secrets: Hackers take aim at midterm campaigns [Black Hat USA 2018]
"[Phishing is] one of the biggest threats … and it's still a continuous attack factor," said Microsoft's Diana Kelley in an interview at the 2018 Black Hat cybersecurity conference. "I don't even call [targeted email attacks] spearphishing, I think of them as laser fishing now because they're so well-crafted." Read More
Medical Device Security Improvements Coming - But Not Anytime Soon [Black Hat USA 2018]
At Black Hat in Las Vegas last month, researchers Billy Rios and Jonathan Butts brought a similar message, with a session titled, “Exploiting Implanted Medical Devices.” Read More
How is Facebook battling cyber crime? [Black Hat USA 2018]
High-performing students may be eligible for internships with the social media platform after graduating from the scheme, and be able to attend cyber security conferences, such as the Black Hat Briefings. Read More
How Do You Run A Hacking Operation? [Black Hat USA 2018]
Thousands of cyberattacks occur every single day. Some hackers steal credit card details or pilfer money from online bank accounts. Others cripple businesses, or even governments. As tensions mount in cyberspace, what are countries doing to strengthen their cyber power and build a hacking army? In this Inquiry, we delve into some of the world’s most intriguing cyber operations – including Iran, Russia and North Korea. Read More
Risk & Repeat: Are the Meltdown and Spectre flaws overhyped? [Black Hat USA 2018]
Were the Meltdown and Spectre flaws as bad as some claimed? That question was raised by the Pwnie Awards at Black Hat 2018 earlier this month. Read More
Lessons From the Black Hat USA NOC [Black Hat USA 2018]
At Black Hat USA, the network operations center (NOC) and security operations center (SOC) are one in the same — reasonable for a network that exists to serve a huge gathering of security professionals. While the network that exists for a high-intensity week is unique in many ways, in others it is a concentrated example of what is possible when professionals with different areas of expertise — and different vendors — work together. Read More
Texas A&M-San Antonio partners with Facebook for cybersecurity education [Black Hat USA 2018]
This fall, the university is slated to offer a hybrid cybersecurity course to students underwritten by Facebook. It includes curriculum, mentorship, project development and training during a simulated cybersecurity attack side by side with Facebook employees in San Antonio. It also includes potential internships with Facebook for its students and scholarships to attend competitions like cybersecurity events Black Hat Conference and DEF CON in Las Vegas. Read More
How unsecured medical record systems and medical devices put patient lives at risk [Black Hat USA 2018]
The researchers from UC San Diego and UC Davis detailed their findings Aug. 9 at the Black Hat 2018 conference in Las Vegas, where they staged a demonstration of the attack. Dubbed Pestilence, the attack is solely proof-of-concept and will not be released to the general public. While the vulnerabilities the researchers exploited are not new, this is the first time that a research team has shown how they could be exploited to compromise patient health. Read More
Why Security Techniques Need To Evolve As Fast As Hackers [Black Hat USA 2018]
And the bad news of impressive feats in hacking have been pouring out of various hacking professional conferences all summer long. A research team at the Black Hat conference managed to trick voice recognition software from Microsoft by convincing it a machine voice was human. Read More
MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police? [Black Hat USA 2018]
Phishing is the number one way organizations are breached, Aaron Higbee, CTO and co-founder of Cofense, told me at Black Hat USA 2018 in Las Vegas. Even though phishing has been a problem for years and most people are aware of what a phishing email looks like, we still fall for them. Read More
Why Security and DevOps Desperately Need Couples Counseling [Black Hat USA 2018]
“Nobody thinks security is their friend,” laughed Brad Senetza, security assurance architect, Oracle in an on-camera interview at the 2018 Black Hat Conference in Las Vegas. Read More
BLACK HAT 2018: ATTACK SIMULATION [Black Hat USA 2018]
Inspector Clouseau, of Pink Panther fame, had Cato Fong, his manservant, attack him by surprise to keep his self-defense reflexes strong. (And funny) Businesses and government agencies today should have their own version of Cato in the form of attack simulation software. Black Hat 2018 had several vendors offering this kind of solution, sometimes called Breach and Attack Simulation (BAS). These included AttackIQ, XM Cyber, Cymulate and others. Read More
https://biglawbusiness.com/device-makers-combating-cyber-risks-to-patient-health/ [Black Hat USA 2018]
The Black Hat and DefCon conferences in Las Vegas where McAfee presented its research showed how vulnerable some of these medical devices are, but there’s a real lack of awareness of the risks that exist in deployed devices in most hospitals, McMillan said. Read More
Stop playing “whack-a-mole” with your security [Black Hat USA 2018]
Those were the key takeaways in a presentation by Parisa Tabriz, a director of engineering from Google. Tabriz spoke at the August Black Hat US 2018 conference in Las Vegas. In the session, the underlying theme was that security professionals must do whatever they can to incentivize firms to make better and more secure products. Read More
iCloud Compromise With A Twist [Black Hat USA 2018]
When I first wrote about iCloud compromises there was a far more salacious bent to the story line. Now with BSidesLV, Blackhat and DEF CON only recently passed by it only seemed appropriate that a clever iCloud related hack story would fall into my lap. Read More
Will more sanctions drive Iran to a cyberattack? [Black Hat USA 2018]
Iranian hackers usually take three to four months to carry out an attack, Levi Gundert, vice president of intelligence at Recorded Future, told Fifth Domain during the Black Hat conference in Las Vegas. That means the Nov. 4 date for potentially another round of U.S. sanctions coincides with the timeline for an expected retaliation. Read More
Cisco Talos' Craig Williams on the hunt for bugs and abnormal behavior [Black Hat USA 2018]
On the sidelines of the Black Hat and DEF CON conference in Las Vegas this month, CyberScoop sat down with Craig Williams, Talos’ director of outreach, to get his take on some of these high-profile threats and how he approaches the craft of investigating malware campaigns. Read More
Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says [Black Hat USA 2018]
The emergence of Petya/NotPetya and other virulent forms of malware have showcased how the best and most successful black-hat hacks are not entirely new—bad actors simply take older, more established approaches or attack vectors and add a new twist. And so it is with PHP unserialization attacks, as showcased at the Black Hat conference earlier this month by Sam Thomas, director of research for Secarma Ltd, an information security consultancy. Read More
BLACK HAT 2018: REDUCING ATTACK SURFACES [Black Hat USA 2018]
The theme of reducing attack surfaces emerged repeatedly at Black Hat 2018. While many cyber security professionals acknowledge the risk exposure hidden in today’s proliferating collection of attack surfaces, not everyone is taking action. Read More
How hackers can use AI to hide their malware and target you [Black Hat USA 2018]
Thanks to advances in artificial intelligence, such fine-grained targeted cyberattacks are no longer the stuff of dark hacker movies, as security researchers at IBM demonstrated at the recent Black Hat USA security conference in Las Vegas. Read More
BLACK HAT 2018: THE ICS CONVERSATION [Black Hat USA 2018]
The subject of Industrial Control Systems (ISCs) came up frequently at Black Hat 2018. The threats are very real, with serious potential consequences in the event of a successful attack. Talking to various experts at the conference, the state of industrial cyber security seems to be on a trajectory of improvement, but with much work to be done in many “spheres of activity. Read More
Looking Back on Black Hat 2018: Four Key Learnings from This Year’s Event [Black Hat USA 2018]
Two weeks ago I attended the Black Hat USA 2018 conference: As one of the largest cybersecurity events in the world, it’s always interesting to hear the key themes and trends the industry is buzzing about. Here are my observations on four actionable takeaways from the 2018 conference. Read More
AI bias and data stewardship are the next ethical concerns for infosec [Black Hat USA 2018]
Laura Norén, director of research at Obsidian Security, spoke about data science ethics at Black Hat USA 2018, and discussed the potential pitfalls of not having quality data, including AI bias learned from the people training the model. Read More
Risk & Repeat: Meltdown and Spectre disclosure in review [Black Hat USA 2018]
A Black Hat panel discussion provided a behind-the-scenes look at the process from the perspective of Microsoft, Google and Red Hat representatives. Read More
Assembling an ingredients list for software [Black Hat USA 2018]
Speaking at the Black Hat conference earlier this month, Allan Friedman, director of cybersecurity for the National Telecommunications and Information Administration, discussed how his unit is working to develop a “software bill of materials,” a list of ingredients for business software products. Read More
Detecting bot attacks | Salted Hash Ep 44 [Black Hat USA 2018]
In this episode, host Steve Ragan talks with Engin Akyol, CTO at Distil Networks at the Black Hat 2018 conference, about bot account takeovers and how they can be detected. Read More
IoT vendors talk open buildings, black hats and a jam conspiracy [Black Hat USA 2018]
In what may be one of the most predictable headlines readers of this piece will see, some of the world’s leading information security professionals attending the Black Hat security conference told the media that unsecured IoT devices still pose a large-scale threat to networks around the globe. Read More
Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says [Black Hat USA 2018]
Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research, introduced at Black Hat this month, shows that malevolent hackers can introduce this vulnerability, even in environments that were previously considered low-risk for this attack. Read More
Here comes Russia, back at it again with the hacking in time for midterms: Today's talker [Black Hat USA 2018]
Recent security conferences (Black Hat and DEF CON) discussed research on the latest threats, vulnerabilities and techniques of the cyberworld. And this time around, the voting systems for the U.S. midterms drew paramount focus from security researchers, learning that several states that use electronic voting systems had been purchasing parts off eBay after some of their systems became faulty. Read More
Video: Bishop Fox on Device Threats and Layered Security [Black Hat USA 2018]
Threatpost talked to Christie Terrill, partner at Bishop Fox, about the top trends and security issues that were discussed at Black Hat USA in Las Vegas this month. Read More
Former DHS attorney: Info-sharing system needs incentives, smoother process [Black Hat USA 2018]
Allison Bender, interviewed on the sidelines of the recent Black Hat conference in Las Vegas, said “very few organizations are sharing into” DHS' Automated Indicator Sharing program even as sharing expands among private entities. Read More
Meet 'Intrusion Truth,' the Mysterious Group Doxing Chinese Intel Hackers [Black Hat USA 2018]
“We won’t achieve anything by publicly naming,” Andrei Barysevich, director of advanced collection at threat intelligence firm RecordedFuture, told Motherboard at the annual Black Hat cybersecurity conference earlier this month. Likely the only time the company may publish names is in a direct collaboration with law enforcement, a RecordedFuture spokesperson added. Read More
Stories From the Edge of IoT Security: Threat Demos From Black Hat and DEF CON [Black Hat USA 2018]
As the annual security week in Las Vegas drew to a close, cybersecurity professionals left Black Hat 2018 and DEF CON 26 armed with knowledge, renewed energy and no shortage of exposure to emerging Internet of Things (IoT) security flaws. Perhaps fittingly, Black Hat event founder Jeff Moss helped kick off the conference by acknowledging threats faced by the security industry and citing a sense that they were in the “final exams stage.” Read More
Risky Business feature: Adam Boileau recaps Black Hat and DEF CON [Black Hat USA 2018]
But that’s ok, because Adam went to both Black Hat and DEF CON and he joined me to talk about the highlights from his point of view. This was his first trip to the Vegas cons since 2005, and agreed with me that the content this year was actually pretty bloody good. Read More
AI for cybersecurity: Friend or foe? [Black Hat USA 2018]
“What’s happening is a little concerning, and in some cases even dangerous,” warned Raffael Marty, vice president of corporate strategy at security firm Forcepoint, at the Black Hat cybersecurity conference in Las Vegas. Read More
These Android phones have security defects out of the box, researchers say [Black Hat USA 2018]
Ryan Johnson, Kryptowire's director of research, and Angelos Stavrou, the company's CEO, disclosed their findings recently at the Black Hat security conference in Las Vegas, according to Wired. Kryptowire's research was partially funded by the Department of Homeland Security. Read More
So phar, so FUD: PHP flaw puts WordPress sites at risk of hacks [Black Hat USA 2018]
Research into the vulnerability was presented by Secarma's Sam Thomas at Thursday's BSides cybersecurity conference in Manchester, UK – days after it was first unveiled at Black Hat in Las Vegas last week. His presentation (video below) was entitled It's A PHP Unserialization Vulnerability Jim, But Not As We Know It. Read More
How Better Intel Can Reduce, Prevent Payment Card Fraud [Black Hat USA 2018]
Royal Bank of Canada machine learning researcher Cathal Smyth and Terbium Labs chief scientist Clare Gollnick discuss how they use intelligence about the carding market to predict the next payment card fraud victims. Filmed at the Dark Reading News Desk at Black Hat USA 2018. Read More
'Oh sh..' – the moment an infosec bod realized he was tracking a cop car's movements by its leaky cellular gateway [Black Hat USA 2018]
“What happens when people go after police officers because they know where they live,” Justin Shattuck, principal threat researcher at F5 Networks, who gave a Black Hat USA talk this week about the findings, told The Register. “Using GPS we know where they buy their donuts, how long to get their orders – we know where they are down to the metre.” Read More
Heart-stopping security news: Hackers can now get into pacemakers [Black Hat USA 2018]
At the recent Black Hat information security conference, researchers demonstrated how the Carelink 2090 pacemaker, along with the company’s insulin pump, could be hacked. Read More
Black Hat: Protecting Industrial Control System [Black Hat USA 2018]
Industrial Control System (ICS) security was ramped up at Black Hat USA – with packed sessions ranging from specific attacks to vulnerable hardware – all with the aim of protecting critical infrastructure, whose security shortcomings so frequently hit the headlines these days. Read More
Combating Social Engineering: Tips From Black Hat 2018 [Black Hat USA 2018]
Matt Wixey, one of the presenters this year at Black Hat USA, leads technical research for the PwC Cyber Security practice in the UK. He works closely with the Ethical Hacking team and is a PhD candidate at University College London. Prior to joining PwC, Wixey led a technical R&D team for a law enforcement agency in the UK. Read More
Black Hat 2018: Sneaker bots and their challenges [Black Hat USA 2018]
Josh Shaul, vice president of web security at Akamai, sat down with TechRepublic's Dan Patterson at Black Hat 2018 to speak about sneaker sales' market and after-market. Read More
ICS security fails the Black Hat tes [Black Hat USA 2018]
Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren't really trying. Read More
Black Hat 2018: Connecting cars to enhance the way we drive [Black Hat USA 2018]
Thomas Mackenzie, associate partner at X-Force Red at IBM, talks to TechRepublic's Dan Patterson about the importance of connecting communication technologies between vehicles at Black Hat 2018. Read More
Demo at Black Hat 2018 of what corrupt data does to a Libelium Meshlium [Black Hat USA 2018]
Daniel Crowley, research baron for X-Force Red at IBM, and Jennifer Savage, security researcher at Threatcare, show TechRepublic's Dan Patterson an exploited demo based on vulnerabilities that were found in the Libelium Meshlium at Black Hat. Read More
Security researchers say they can hack Medtronic pacemakers [Black Hat USA 2018]
Rios and Butts demonstrated the security weaknesses earlier this month at the annual Black Hat cyber security conference in Las Vegas, one of the industry's most prestigious annual meetings. Read More
Black Hat Conference Vendors Use Cybersecurity Marketing Theme to Gain Attendees’ Attention [Black Hat USA 2018]
Many vendors and cybersecurity companies attend the Black Hat USA 2018 conference. The world’s leading annual information security event took place in Las Vegas August 5–9. Read More
Black Hat and Defcon cybersecurity experts share tips on how to protect yourself [Black Hat USA 2018]
During the week of Black Hat and Defcon, tens of thousands of security experts and hackers flock to Las Vegas for the back-to-back conferences. They hold discussions on issues like smart cities getting hacked, two-factor authentication, and security issues with voice assistants Read More
Ep. 16: Hypersonic missiles; Black Hat/Defcon 2018; Q&A w/ Chris Lynch of Defense Digital Services. [Black Hat USA 2018]
Then (13:25) we’ll get into what’s new from the world of hackers at this year’s Black Hat / DefCon. Our own Patrick Tucker has returned from Sin City to tell us all about what happened in Vegas. Read More
Week in security with Tony Anscombe [Black Hat USA 2018]
In this week’s cybersecurity news, Tony Anscombe covers the Instagram hack that left some users locked out of their accounts. There is a report from Black Hat from our Security Researcher Cameron Camp and a look at why New York University researchers have come up with a novel idea to make software more secure. Read More
SECURE SYSTEM ENGINEERING AND THE TORAH [Black Hat USA 2018]
I attended the session, “Open Sesame: Picking Locks with Cortana” at Black Hat 2018, in which presenters Tal Be’ery, Amichai Shulman, Ron Marcovich and Yuval Ron revealed several different ways to access private information on a locked PC using the Cortana voice assistant. Read More
New Foreshadow Vulnerabilities Defeat Memory Defenses on Intel CPUs [Black Hat USA 2018]
These are the latest in a long string of architectural vulnerabilities in CPUs that have been found and disclosed since Spectre and Meltdown. Last week at the Black Hat USA security conference, researcher Ben Gras from VU Amsterdam presented the details of another CPU vulnerability called TLBleed that abuses hyper-threading and the translation lookaside buffer (TLB) to leak secrets such as encryption keys. Read More
The Latest Thing You Need to Worry About Cybercriminals Hacking? Your Voice.] [Black Hat USA 2018]
We've already seen cybersecurity researchers demonstrate some of these methods in proof-of-concept attacks, and the risk gained further priority this August at the Black Hat conference, where ethical hackers demonstrated new methods of voice "spoofing" and attacking a widely used personal digital assistant through voice commands. Read More
Obama campaign used security keys during both elections to defend against hackers [Black Hat USA 2018]
As political campaigns in the 2018 midterm elections fight off hackers, the Obama campaign might have figured out the key solution a decade ago. President Obama's campaign used Yubikeys, which are security keys for protecting logins, in both the 2008 and 2012 elections to defend itself from hackers, according to Yubico CEO Stina Ehrensvard. "The woman who tried after him did not, and you can see the results," Stina Ehrensvard, the CEO and founder of Yubico, said in an interview at Black Hat. Read More
How mobile POS devices succumb to hackers [Black Hat USA 2018]
With payments increasingly shifting to mobile, the ability to exploit mobile point-of-sale systems that make it possible for merchants to accept card and even cryptocurrency payments on the go is also shifting. Presenting at the Black Hat USA cybersecurity conference last week in Las Vegas, prominent security researchers from U.K.-based Positive Technologies showcased research detailing the inherent vulnerabilities they discovered among four of the most popular mPOS systems operating in both the United States and Europe. Read More
WATCH: XM Cyber Fights Hackers With An Automated Red Team [Black Hat USA 2018]
As seen at Black Hat USA 2018, automation has become a valued technology for security companies, which are challenged by a talent shortage and a constantly evolving threat landscape. The Global Information Security Workforce Study from the Center for Cyber Safety and Education, predicts a shortfall of 1.8 million cybersecurity workers by 2022. Read More
Black Hat 2018: Xerox CISO on why the tech industry needs to simplify [Black Hat USA 2018]
TechRepublic's Dan Patterson interviewed Alissa Johnson, Xerox Chief Information Security Officer, at Black Hat. She discussed defining IT processes, simplifying the tech industry, and more. The following is an edited transcript of the interview. Read More
Classic Rock and Cloud-Native Attacks Collide at Black Hat [Black Hat USA 2018]
Serpa said that compared to past security conferences, many more people approached the Bitglass booth at last week’s Black Hat conference knowing what CASB is. Now the burning question is what is different about Bitglass CASB compared to others? Read More
Security Roundup: Black Hat Edition [Black Hat USA 2018]
Last week’s Black Hat USA 2018 conference in Las Vegas was the place to be for all things cybersecurity. Among the topics explored were the need for more collaboration among cybersecurity providers and more information sharing in the industry to battle the ever-increasing volume of cyberthreats. Other individual topics included securing IoT and stopping election hacking. Read More
Hack mobile point-of-sale systems? Researchers count the ways [Black Hat USA 2018]
Presenting at the Black Hat USA information security conference last week in Las Vegas, prominent U.K. security researchers showcased recent research detailing the inherent vulnerabilities they discovered among four of the most popular mPOS systems operating in both the United States and Europe. Read More
BLACK HAT HACKER CONFERENCE BEGINS TO GRAPPLE WITH GENDER DISCRIMINATION AND SEXUAL ASSAULT IN CYBERSECURITY [Black Hat USA 2018]
But last week, for the first time in Black Hat’s history, the conference invited speakers to address gender discrimination, sexual assault, mental health, and substance abuse. The conference’s inaugural Community Track briefings provided a window into problems in the cybersecurity world that have long been hidden in plain sight. Read More
Messages from Black Hat: Cybersecurity tools are better, and the risk is worse [Black Hat USA 2018]
A duality of messages permeated last week's Black Hat and Def Con conferences: Cybersecurity tools are improving, business and government entities alike are better organizing themselves, and yet, the cyber threat environment continues to darken and grow more dangerous. Read More
Microsoft Cortana Flaw Allows Web Browsing on Locked PCs [Black Hat USA 2018]
Last week at Black Hat USA, researchers discussed another flaw (patched in June by Microsoft) dubbed “Open Sesame,” which also allowed an adversary to bypass a Windows 10 lock screen using the voice assistant aspect of Cortana; from there, they were able to unleash a number of “dangerous” functions. Read More
SOPHOS RELEASE IN-DEPTH REPORT ON ATYPICAL SAMSAM RANSOMWARE [Black Hat USA 2018]
Sophos announced the publication of a detailed report on the notorious SamSam ransomware threat at Black Hat 2018. The 47-page report covers how the attacks began in 2016. It explores how SamSam targets victims in ways unlike any previous ransomware attack had before. Read More
Infosec mental health support and awareness hits Black Hat 2018 [Black Hat USA 2018]
Rather than continue being reactive to social issues, Black Hat 2018 took steps to be more proactive in addressing and bringing awareness to the topic of infosec mental health. Read More
Miller & Valasek: Security Stakes Higher for Autonomous Vehicles [Black Hat USA 2018]
Valasek and Miller, now both principal security architects for autonomous-vehicle manufacturer Cruise Automation, at Black Hat USA last week mapped out the key issues surrounding securing this new generation of driverless cars, based on their past three years working in the self-driving vehicle industry collectively for Uber, Didi Chuxing, and now Cruise, of which General Motors is a majority owner. Read More
Marines launch bug bounty at Las Vegas event [Black Hat USA 2018]
he Hack the Marine Corps program, jointly created by the Department of Defense and vulnerability disclosure platform company HackerOne, launched Aug. 12 with a live hacking event in Las Vegas on the heels of the annual Black Hat and DEF CON hacker conventions. Hackers discovered 75 unique vulnerabilities during the event worth more than $80,000 in prizes. Read More
Flaws in Mobile Point of Sale Readers Displayed at Black Hat [Black Hat USA 2018]
Leigh-Anne Galloway and Tim Yunusov - Positive Technologies' security researcher and senior banking security expert, respectively - sought to answer that question in research presented at Black Hat USA and DEF CON. Read More
Black Hat 2018: AI was supposed to fix security – what happened? [Black Hat USA 2018]
At Black Hat 2018 the aisles were bustling and activity kept ramping up, not subsiding. Last year there were no shortage of security breaches and they seem to be continuing unabated, so what happened with the promise of AI? Read More
A Black Hat Veteran Reflects on the Hot Topics at This Year’s Conference [Black Hat USA 2018]
A somewhat less sexy topic that also got a lot of play at this year’s Black Hat is the evolving nature of vulnerability and threat management. Vulnerability management has been around for a while to help security teams scan their networks, rank vulnerabilities and remediate them with the resources they have. Read More
Industrial Control Gateways: It’s Like Exploiting in the 1990s [Black Hat USA 2018]
“It’s like exploiting in the 1990s,” said Thomas Roth, a German security researcher and consultant who analyzed the firmware of industrial control gateways from several vendors over the past year. Roth presented his findings at the Black Hat USA security conference last week. Read More
Blackberry's Latest Feature Makes Ransomware Recovery Quick And Easy [Black Hat USA 2018]
The announcement was made on Monday at the Black Hat conference in Las Vegas. In a press release, BlackBerry called the feature a precise recovery tool with the ability to protect businesses against ransomware attack. Read More
VORACLE Attack Can Recover HTTP Data From VPN Connections [Black Hat USA 2018]
A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions.
The attack was discovered by security researcher Ahamed Nafeez, who presented his findings at the Black Hat and DEF CON security conferences held last week in Las Vegas. Read More
DIGITAL MONEYBlack Hat cyber security conference in Las Vegas: "Hackers can turn satellite into weapon" [Black Hat USA 2018]
From the announcements at the Black Hat security conference in Las Vegas last week, the international community learned that malicious hackers could kill someone by remotely violating an implanted medical device such as a pacemaker or insulin pump. Read More
There’s more to election integrity than secure voting machines [Black Hat USA 2018]
Researcher Carsten Schürmann revealed inconclusive results of a forensic examination of the solid-state drives of eight WinVote machines in a Thursday morning talk at the Black Hat USA security conference here. During his presentation, Schürmann, a professor at the IT University of Copenhagen and founder of the research project DemTech, emphasized two things: how little a WinVote autopsy reveals, and the importance of securing voting with paper trails and risk-limiting audits. Read More
What We Saw at Black Hat 2018 [Black Hat USA 2018]
From breaking voice authentication and remote-controlling airplanes to hijacking emergency sirens and protecting self-driving cars, this year's Black Hat conference was a wild ride. Read More
NSA Research Looks at How Stress Impacts Cyber-Security Operations [Black Hat USA 2018]
Celeste Lyn Paul, senior researcher, and Josiah Dykstra, deputy technical director of NSA Cyber-Security Operations, gave a presentation at Black Hat USA in Las Vegas on Aug. 8 titled "Stress and Hacking," which included details on research about the impact of stress on cyber-operations. Read More
Black Hat USA 2018: Car hackers Miller and Valasek now using their skills for good [Black Hat USA 2018]
The duo last appeared at Black Hat two years ago when they revealed their hack of a Jeep Cherokee and announced their retirement from car hacking. But this latest appearance featured the two guys, who now work for Cruise - a GM division developing self-driving vehicles for ride-share businesses - discussing how they have used their hacking skills to help make the upcoming generation of autonomous vehicles as safe as possible from a cyber-attack. Read More
IBM Hackers, Cloud Security Alliance Take On IoT at Black Hat [Black Hat USA 2018]
The week before Black Hat, the FBI warned of cybercriminals hacking IoT devices and using those devices to attack other devices on the network. And at the annual security conference in Las Vegas, startup Armis surveyed 130 security professionals and found 93 percent of them expect nation-states will target or exploit connected devices in the next year. Read More
17 Remarkable (and Scary) Things We Saw at Black Hat 2018 [Black Hat USA 2018]
The 2018 Black Hat conference—summer's week-long celebration of all things infosec—kicked off with an inspiring exhortation by Parisa Tabriz, Director of Engineering at Google. She urged attendees to forget the status quo and stop playing security Whack-A-Mole. Read More
TRAILBLAZER HUNTS CREDENTIAL ABUSE IN AWS [Black Hat USA 2018]
Netflix relies on Amazon Web Services for its infrastructure and computing needs, and needs to know when a credential is potentially compromised, Will Bengtson, a senior software security engineer at Netflix, said at Black Hat USA. Netflix has hundreds of thousands of virtual server instances on AWS and utilizes AWS Security Token Service to generate credentials for AWS Identity and Access Management. Read More
Cisco Execs: Cryptomining, Election Security Threats Loom Large [Black Hat USA 2018]
Talos is Cisco’s threat research team made up of about 300 researchers globally. Williams is the group’s director of outreach. He and other Talos members set up shop at a room with a fireplace inside the Irish Pub at Mandalay Bay during last week’s Black Hat security conference. Read More
Lessons learned from Meltdown and Spectre disclosure process [Black Hat USA 2018]
During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre. Read More
IBM Describes AI-powered Malware That Can Hide Inside Benign Applications [Black Hat USA 2018]
At the Black Hat conference on Thursday, IBM presented just one way that black hats could do just that: a new class of AI-enhanced malware attack it calls DeepLocker. Read More
Microsoft Cortana Vulnerability Can Unlock a Locked Windows PC [Black Hat USA 2018]
During last week's Black Hat conference in Las Vegas, researchers showed how Microsoft's Cortana virtual assistant could be used to bypass the Windows lock screen. The vulnerability affects Windows 10 machines and Windows 10 Servers. Read More
Hackers Target Marines for Pentagon's Latest Bug Bounty [Black Hat USA 2018]
The challenge, dubbed “Hack the Marine Corps,” began with a live-hacking event in Las Vegas, where hackers from around the world gathered last week for the Black Hat USA, DefCon and BSides Las Vegas cybersecurity conferences. Read More
Hackers just spent the week in Las Vegas breaking into planes, politicians' websites, printers, heart monitors and slot machines [Black Hat USA 2018]
Perhaps the most alarming Black Hat presentation for many this week came from Ruben Santamara of IOActive. He showed how by accessing a satellite communications network, he could access phones, tablets and laptops on planes as they flew overhead. Read More
Social Engineers Show Off Their Tricks [Black Hat USA 2018]
It's not every day you hear or see social engineers in action – well, knowingly, anyway – but that's exactly what the crowd did at Black Hat and DEF CON 2018 held last week in Las Vegas. Read More
How unsecured gateways put emergency first responders in real, physical danger [Black Hat USA 2018]
Organizations must stay vigilant in keeping their wireless networks safe and secure, which is something Shattuck hopes to bring to the forefront of conversation. He spoke about his findings at the 2018 Black Hat event in Las Vegas last week. Read More
Hacker Unlocks 'God Mode' and Shares the 'Key' [Black Hat USA 2018]
When a room filled with hundreds of security professionals erupts into applause, it's notable. When that happens less than five minutes into a presentation, it's remarkable. But that's what transpired when security researcher Christopher Domas last week showed a room at Black Hat USA how to break the so-called ring-privilege model of modern CPU security. Read More
Why Fortnite’s absence from the Google Play Store is a big security headache [Black Hat USA 2018]
Last week, security researchers presenting at Black Hat revealed a compromise that could make Macs used for enterprises vulnerable the first time they connect to Wi-Fi. Read More
Backdoor Mechanism Discovered in VIA C3 x86 Processors [Black Hat USA 2018]
At the Black Hat 2018 and DEF CON 26 security conferences held in Las Vegas last week, a security researcher detailed a backdoor mechanism in x86-based VIA C3 processors, a CPU family produced and sold between 2001 and 2003 by Taiwan-based VIA Technologies Inc. Read More
Black Hat 2018: Mobile APTs Redefining Phishing Attacks [Black Hat USA 2018]
Mike Murray, vice president of security intelligence at Lookout, talks with Threatpost’s Tom Spring to discuss the latest trends in mobile advanced persistence threats (APTs). Read More
Black Hat hacker says he accessed 'hundreds' of aircraft already in the sky [Black Hat USA 2018]
The Black Hat cybersecurity conference currently being held in Las Vegas brings together a variety of experts to discuss the risks, pitfalls — and locations — of flaws in computer networks. Read More
Black Hat USA 2018: A SecOps Recap [Black Hat USA 2018]
Last week, I had the pleasure of joining thousands of security researchers, vendors, marketers, press, and bloggers converging on the desert and Mandalay Bay for my first-ever Black Hat USA conference. Attendees discussed the newest research, latest technologies, scariest threats, and biggest trends in this crazy world of cybersecurity. If you weren’t lucky enough to be part of the fun, here’s a quick recap of Black Hat USA 2018 (aka Security Summer Camp). Read More
Cellphone Privacy and Remote Hacking Policies Remain Blurry Areas [Black Hat USA 2018]
“Almost everything we do today is stored in the cloud," she said in an Aug. 8 panel at Black Hat. "And the government’s argument for years has been . . . if you have information that is in the hands of third parties, it’s not private, not protected by the Fourth Amendment." Read More
Takeaways from Black Hat USA 2018 [Black Hat USA 2018]
There was a lot to see and discuss at Black Hat – too much to elaborate on in a short blog. Nevertheless, here are a few things that stood out to me: Read More
Hackers Can Exploit Fax Machines to Compromise Entire Networks [Black Hat USA 2018]
At Black Hat 2018, for example, a researcher revealed that he was able to connect to the satellite communications systems of ships and aircraft inflight because the device's modems were accessible over the internet. Read More
Cyber-Security Failure Brings Societal Risks: Black Hat Researchers [Black Hat USA 2018]
The message was clear at this year's Black Hat conference: The "culture," for lack of a better term, of security must change, or society faces living in a world of perpetual cyber-risk. Read More
How two car hackers plan to keep GM's self-driving cars safe [Black Hat USA 2018]
Two famed car hackers have a plan to stop people like them from compromising the vehicles of their new employer — and, as outlined in a presentation Thursday afternoon at the Black Hat USA security conference here, it involves security addition through subtraction. Read More
Hacks of Macs, Microsoft Cortana are two more reasons why you should install updates [Black Hat USA 2018]
Security professionals have made those points for years, but two presentations at the Black Hat USA conference here provided fresh arguments for them – and signs companies are getting snappier at fixing vulnerabilities. Read More
While the US hangs back, China and Europe seize control of internet policy [Black Hat USA 2018]
Several of the commissioners, appearing in a panel discussion at Black Hat USA conference in Las Vegas on Thursday, sounded realistic about the current direction to create a set of common norms in concert with major nations of the world. Read More
Hacking pacemakers, insulin pumps and patients' vital signs in real time [Black Hat USA 2018]
Medical device insecurity was covered at the recent Black Hat and Def Con security conferences in Las Vegas. One set of researchers showed off hacks to pacemakers and insulin pumps that could potentially prove lethal, while another researcher explained how hospital patients’ vital signs could be falsified in real time. Read More
Snap code snatched, Pentagon bans bands, pacemakers cracked, etc [Black Hat USA 2018]
Infosec bods Billy Rios and Jonathan Butts reported the flaws over a year ago to the manufacturer, and this week spoke about their experiences in dealing with the biz, and the slow rate of progress in getting things fixed, at Black Hat USA 2018 Read More
AI for cybersecurity is a hot new thing—and a dangerous gamble [Black Hat USA 2018]
Black Hat cybersecurity conference in Las Vegas, I was struck by the number of companies boasting about how they are using machine learning and artificial intelligence to help make the world a safer place. Read More
Security flaws in ZTE phones mean they can be hacked to spy on users [Black Hat USA 2018]
It’s not yet clear if the flaws in ZTE phones have been used by hackers to steal any data. The full research into the flaws is expected to be announced at the Black Hat cybersecurity conference in Las Vegas on Friday. Read More
Black Hat 2018: With Healthcare Security Flaws, Safety’s Increasingly at Stake [Black Hat USA 2018]
At Black Hat today, a group of experts specializing in both healthcare and security from UC-San Diego and UC-Davis outlined how to exploit vulnerabilities in the Health Level 7 (HL7) standard – the protocol which acts as a common language in hospitals to transmits order or lab results – to change lab results coming from blood gas machines and urinalysis machines. Read More
Millions of Android Devices Are Vulnerable Right Out of the Box [Black Hat USA 2018]
That’s the key finding of new analysis from mobile security firm Kryptowire, which details troubling bugs preloaded into 10 devices sold across the major US carriers. Kryptowire CEO Angelos Stavrou and director of research Ryan Johnson will present their research, funded by the Department of Homeland Security, at the Black Hat security conference Friday. Read More
Black Hat 2018: Voice Authentication is Broken, Researchers Say [Black Hat USA 2018]
However, according to two researchers John Seymour and Azeem Aqil, both with Salesforce’s research team, voice authentication for account access is extremely insecure. At a Black Hat session Thursday, the two showed how easy it is to spoof someone’s voice well enough to access protected accounts Read More
Many Android devices ship with firmware vulnerabilities, researchers find [Black Hat USA 2018]
The security lapses could lead to everything from letting an attacker lock someone out of their device, to getting control over their microphone and more — though most of the attacks that the researchers detailed required users to download some sort of malicious app before they could take advantage of the holes present in the firmware. Their research, funded by the Department of Homeland Security, is being presented today at the Black Hat USA security conference. Read More
Chris Valasek and Charlie Miller: How to Secure Autonomous Vehicles [Black Hat USA 2018]
“We know [autonomous car security] is not perfect, but for the time being, it’s something,” said Miller, speaking at Black Hat 2018. Miller and Valasek, who last year joined GM’s self-driving car unit Cruise, also released a new report on the challenges and opportunities behind autonomous driving at the conference. Read More
The off-brand 'military-grade' x86 processors, in the library, with the root-granting 'backdoor' [Black Hat USA 2018]
This weird and wonderful piece of semiconductor history was uncovered by Christopher Domas, an adjunct instructor at Ohio State University in the US, who presented his findings on Thursday at the 2018 Black Hat USA security conference in Las Vegas. Read More
Smartphones or pen and paper? Cybersecurity experts split on tech in voting [Black Hat USA 2018]
Election hacking was one of the main themes at Black Hat, a conference in Las Vegas this week that brought together thousands of ethical hackers to discuss cybersecurity threats and solutions. Read More
2018 Pwnie Awards cast light and shade on infosec winners [Black Hat USA 2018]
The Meltdown and Spectre research teams won big at the Pwnie Awards this year at Black Hat, while the late-entry Bitfi Wallet team overwhelmingly won for Lamest Vendor Response. Read More
Spec-exec CPU bugs sweep hacking Oscars – and John McAfee’s in there like a bullet [Black Hat USA 2018]
This week, amid Black Hat USA 2018, they won a gong for the best privilege escalation bug, and also the award for the most innovative research, although when popping up to the stage to pick up their glammed up My Little Pony-style trophies, they said they honestly didn’t think that they had done the best research of the year. Read More
Kernel Attack Fully Compromises Windows Machines [Black Hat USA 2018]
On Thursday at the Black Hat conference in Las Vegas, researchers from cybersecurity firm Endgame demonstrated how kernel attacks can go beyond standard malware and exploits to fully compromise a Windows machine with a fileless technique. Read More
PayPal, Square vulnerabilities impact mobile point-of-sale machines [Black Hat USA 2018]
On Thursday at the Black Hat conference in Las Vegas, security experts from Positive Technologies said that vulnerabilities present in mPOS machines could allow unscrupulous merchants to raid the accounts of customers or attackers to steal credit card data. Read More
NCR patches ATM vulnerabilities [Black Hat USA 2018]
Criminals could steal cash in this way by taking advantage of poor physical security to connect a computer to the dispenser, Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov told attendees of the Black Hat USA security conference in Las Vegas. Read More
Black Hat USA 2018: SamSam has yielded $6M for creators [Black Hat USA 2018]
Peter MacKenzie, global malware escalations manager working in Sophos Technical Support, told SC Media during the Black Hat 2018 show in Las Vegas that 74 percent of known victims are located in the U.S., with the largest random payout topping $64,000. Read More
Research Revealed at Black Hat shows Airplane’s SATCOM’s are Hackable [Black Hat USA 2018]
New research presented at Black Hat in Las Vegas has identified serious vulnerabilities within the satellite communication systems that connect Ships and Airplanes to the internet. Read More
IoT malware found hitting airplanes’ SATCOM systems [Black Hat USA 2018]
Ruben Santamarta, principal security consultant with IOActive, presented this latest research at this year’s Black Hat conference in Las Vegas, and showed that it’s possible for remote attackers to take control of airborne SATCOM equipment on in-flight commercial aircrafts, earth stations on vessels and those used by the US military in conflict zones. Read More
At Black Hat, hacks of voting machines, satellites, pacemakers – and more to come [Black Hat USA 2018]
n the heat of the desert summer, when the annual cybersecurity circus known as Black Hat comes to Las Vegas, no industry or technology is safe. Flaws are found, vulnerabilities are identified, fixes are issued (or not) and life in the digital world goes perilously onward. Read More
‘Stay humble, keep learning, and have fun’ [Black Hat USA 2018]
This year’s awards, part of the Black Hat conference, saw some big-name vulnerabilities scoop prizes, such as Meltdown/Spectre, which was named best privilege escalation bug. Read More
Equifax has a plan to win your trust back. It’ll take three years. [Black Hat USA 2018]
CNET sat down with Farshchi at the Black Hat cybersecurity conference in Las Vegas on Thursday to discuss his plans, and the hardest part about trying to fix Equifax. Read More
Alphabet’s Chronicle Exec Talks IoT Security [Black Hat USA 2018]
Chronicle is a security company that spun out of Alphabet’s secretive X research lab. In an interview with SDxCentral at Black Hat, Caccia said IoT amplifies many of the challenges that companies still struggle with. Read More
Researcher Finds Hundreds of Planes Exposed to Remote Attacks [Black Hat USA 2018]
Further research into satcom systems revealed the existence of various types of vulnerabilities, including insecure protocols, backdoors, and improper configuration that could allow attackers to take control of affected devices. The expert disclosed his findings this week at the Black Hat security conference in Las Vegas. Read More
Bug Bounty: Google hacker demands millions of Apple [Black Hat USA 2018]
Since the introduction of Apple's bug-bounty program, he has had 30 bugs that can wipe out crucial parts of the iOS security model in more detail reported the iPhone maker, as Beer explained at the hacker conference Black Hat in Las Vegas. Read More
MDM gap enabled complete Mac takeover on initial installation [Black Hat USA 2018]
Brand new Apple computers were completely hijacked at the first network contact. Security researchers at the Black Hat conference in Las Vegas showed how a vulnerability in macOS High Sierra can be abused accordingly. Apple has closed the gap meanwhile. Read More
Can we talk about the little backdoors in data center servers, please? [Black Hat USA 2018]
"They are basically a machine inside a machine – even if the server is down, as long as it has power, the BMCs will work,” said Nico Waisman, VP of security shop Immunity, in a talk at this year's Black Hat USA hacking conference on Thursday. Read More
Self-Driving Cars Are Surprisingly Secure [Black Hat USA 2018]
At the Black Hat 2018 conference, they revealed a surprising fact: self-driving cars are tougher to hack than their less-smart counterparts, and they're getting tougher. Read More
Beware of Short-Distance Crypto Data Leaks [Black Hat USA 2018]
The device doesn't store or send ones and zeroes; it sends wavelengths modulated to represent ones and zeroes. That's not a problem normally, and our devices act exactly as if they were pristinely digital. But, as a group of students and researchers demonstrated at Black Hat, bad things can happen when these digital signals interact with other components on popular chips. Read More
Risk of Fraud in Mobile Point-of-Sale Device Flaw [Black Hat USA 2018]
At yesterday’s final day of Black Hat USA 2018, researchers from Positive Technologies demonstrated how attackers could exploit a flaw in mobile point-of-sale (mPOS) devices to charge fraudulent transactions and alter the amount charged during a transaction. Read More
How Netflix Secures AWS Cloud Credentials [Black Hat USA 2018]
In a session at Black Hat USA, Will Bengtson, senior software security engineer on Netflix's security tools and operations team, explained some of the steps the streaming media giant takes to identify potentially compromised or unauthorized credentials.
Read More
Positive Technologies Reveals Mobile Point of Sale Device Flaws [Black Hat USA 2018]
Leigh-Anne Galloway, cyber-security resilience lead, and Tim Yunusov, senior banking security expert at Positive Technologies, detailed their findings on mobile POS risks in a session at Black Hat USA here on Aug. 9. Read More
Satellite Flaws Raise Aviation Fears [Black Hat USA 2018]
IOActive’s Ruben Santamarta authored the first paper, launched at Black Hat yesterday, which is a follow-up to his 2014 research on satcom vulnerabilities. Read More
Macs can be hacked by new security flaw [Black Hat USA 2018]
Researchers have discovered an exploit that allowed them to remotely hack Apple's Mac computers right out of the box which they will demonstrate during this year's Black Hat security conference in Las Vegas. Read More
How some business Macs could get hacked right out of the box [Black Hat USA 2018]
Such attacks were demonstrated Thursday during the Black Hat security conference, according to the report. The attacks target enterprise devices that use Apple's device enrollment program (DEP) and its Mobile Device Management (MDM) platform. Read More
Say what you will about self-driving cars – the security is looking 'OK' [Black Hat USA 2018]
The duo, who work for General Motors’ robo-automaker offshoot Cruise, told this year's Black Hat USA conference on Thursday while self-driving vehicles are much less hackable than you may think, there are still serious issues that need to be shored up. Given this is an emerging and fledgling market, it's in every manufacturer's interest to get security right, to avoid one PR nightmare crashing them all. Read More
Black Hat: Google Chief Says Stop Playing Security Whack-A-Mole [Black Hat USA 2018]
The 2018 Black Hat keynote kicked off with a celebration of noise, smoke, and lasers worthy of any Hollywood production. Last year's conference drew more than 17,000 attendees. Black Hat doesn't release totals until the event is complete, but this year may be even bigger. In keeping with the size of the crowd, the keynote took place in the sports arena of the Mandalay Bay Resort. Read More
Black Hat: Sharing Information, Hiring and Retaining Women Cybersecurity Engineers [Black Hat USA 2018]
And that's a wrap for this week's massive Black Hat USA 2018 conference in Las Vegas, which focused on latest opportunities to stop cybercriminals. Read More
Satellite Communications Hacks Are Real, And They're Terrifying [Black Hat USA 2018]
Where fiber and cell phones can't reach, satellite communications (SATCOM) systems pick up the slack. At the Black Hat security conference in Las Vegas, a security researcher demonstrated that not only are SATCOM systems vulnerable to attack, the consequences could be dire. Read More
Black Hat 2018: Satellite Communication Systems Hackable; Threat For Aviation Industry [Black Hat USA 2018]
Black Hat USA 2018 which commenced on August 4 has seen some of the famous researchers putting out their research works. While all the demos were impressive, one that stood out from the rest was a research activity from Ruben Santamarta of IOActive team. Read More
Irregularities discovered in WinVote voting machines [Black Hat USA 2018]
At Black Hat 2018, security researcher Carsten Schuermann unveiled the results of a forensic analysis of eight WinVote voting machines that had been used in Virginia elections. Read More
Netflix launches tool for monitoring AWS credentials [Black Hat USA 2018]
At Black Hat 2018, a Netflix security engineer introduced a new open source tool designed to more effectively monitor AWS credentials in large cloud environments, like Netflix's. Read More
Meltdown and Spectre disclosure suffered "extraordinary miscommunication" [Black Hat USA 2018]
Speaking at a panel on Meltdown and Spectre disclosure at Black Hat 2018 Wednesday, Matt Linton, senior security engineer and self-described "chaos specialist" at Google's incident response team, explained how his company surprisingly fell through the cracks when it came time for the chip makers to notify OS vendors about the vulnerabilities. Read More
Black Hat 2018: Retaining and promoting women cybersecurity staffers [Black Hat USA 2018]
In her session "The Science of Hiring and Retaining Female Cybersecurity Engineers" at Black Hat 2018, Holtz boiled down the results of more than 100 reports conducted worldwide on the topic of women working in engineering and cybersecurity. She found, for the most part, that women want the same thing as men: job security, a chance to be promoted and fair pay. Read More
Black Hat 2018: Widespread Critical Flaws Found in Smart-City Gear [Black Hat USA 2018]
Researchers from Threatcare and IBM X-Force Red joined forces to test several smart-city devices that are widely deployed, with the specific goal of investigating “supervillain-level” attacks from afar. The research, presented at Black Hat and DEF CON 2018, delved into three categories of devices: Intelligent transportation systems, disaster management and industrial IoT. Read More
Black Hat Researcher Shows Why Air Gaps Won't Protect Your Data [Black Hat USA 2018]
For your most important secrets, it isn't enough to simply have layers of security. The better option is to simply shun the internet and keep your computer safely offline behind what's called an air gap. But even without a connection to the internet, your secrets aren't necessarily safe, as security researcher Mordechai Guri demonstrated at the Black Hat conference. Read More
Why more people don't use simple two-factor authentication [Black Hat USA 2018]
Yet, it's still a long way from widespread adoption, researchers from Indiana University said at the Black Hat security conference on Thursday. Indiana University Professor L. Jean Camp and Sanchari Das, a doctoral student at Indiana University Bloomington, conducted a study of 500 people to find out why the simple security measure isn't popular, despite its benefits and ease. Read More
Warning over 'panic' hacks on cities [Black Hat USA 2018]
"While no evidence exists that such attacks have taken place, we have found vulnerable systems in major cities in the US, Europe and elsewhere.” The team plans to explain the vulnerabilities at Black Hat - a cyber-security conference - on Thursday. Read More
Hacking For Sport: A Journey in Reverse Engineering a Toshiba Wireless SD Card [Black Hat USA 2018]
At a Black Hat session here on Wednesday, Valadon demonstrated how he hacked the Toshiba FlashAir SD storage card and was able to execute code on the card. The challenge, he pointed out, was that the card was a virtual black box. He had nothing to go by – from the unidentified OS running on the card, the mystery firmware and a custom unidentified Toshiba chipset. Read More
New research says ZTE phones could be hacked [Black Hat USA 2018]
Fifth Domain reported earlier this week that research funded by the Department of Homeland Security’s Science and Technology Directorate has found a “slew” of vulnerabilities in millions of mobile devices offered by U.S. cell phone carriers. The research is expected to be formally announced during the Black Hat conference in Las Vegas Aug. 10 Read More
Google Hacker Asks Tim Cook to Donate $2.45 Million In Unpaid iPhone Bug Bounties [Black Hat USA 2018]
On Wednesday, after a talk at the Black Hat security conference in Las Vegas, Beer tweeted a message to Apple’s CEO Tim Cook, challenging him to pay for each bug he has reported since 2016, and asking him to donate $2.45 million to to human rights group Amnesty International. Read More
Researchers find security flaws in “smart city” technology [Black Hat USA 2018]
The researchers say they found a total of 17 vulnerabilities across systems used in smart-city technology from Libelium, Echelon and Battelle. Each of the vendors has released patches to fix the bugs, which the researchers are announcing at the Black Hat security conference, in Las Vegas. Read More
A NEW PACEMAKER HACK PUTS MALWARE DIRECTLY ON THE DEVICE [Black Hat USA 2018]
At Black Hat, Rios and Butts will demonstrate a series of vulnerabilities in how pacemaker programmers connect to Medtronic's software delivery network. The attack also capitalizes on a lack of "digital code signing"—a way of cryptographically validating the legitimacy and integrity of software—to install tainted updates that let an attacker control the programmers, and then spread to implanted pacemakers. Read More
Google Bug Hunter Urges Apple to Change its iOS Security Culture [Black Hat USA 2018]
Since 2016, the Project Zero team member said he has found over 30 iOS bugs. In his Black Hat session “A Brief History of Mitigation: The Path to EL1 in iOS 11” he reviewed the “async_wake” exploit for iOS 11.1.2 he released in December along with reviewing nearly a half dozen additional bugs he suggested Apple dragged its feet to fix. Read More
Research: Smart cities are dumb on defense [Black Hat USA 2018]
Your MC host is navigating the overflowing toilets, cooked crytopjacking router eggs and APT DARKPIGEONs of Mandalay Bay in Las Vegas, but mostly spent time Wednesday getting lost at the Black Hat conference. Here are some highlights of various chats, speakers and other news from Black Hat and the forthcoming DEF CON. Read More
New research says ZTE phones could be hacked [Black Hat USA 2018]
Fifth Domain reported earlier this week that research funded by the Department of Homeland Security’s Science and Technology Directorate has found a “slew” of vulnerabilities in millions of mobile devices offered by U.S. cell phone carriers. The research is expected to be formally announced during the Black Hat conference in Las Vegas Aug. 10 Read More
This Guy Hacked Hundreds Of Planes From The Ground [Black Hat USA 2018]
Throughout November and December last year, Ruben Santamarta was sat in front of his computer peeking inside the technical bowels of hundreds of aircraft flying thousands of meters above him. That included commercial aircraft operated by some of the biggest airlines in the world. Read More
Black Hat USA 2018: Analysis of email address in Mueller indictments exposes 9M weaponized email accounts [Black Hat USA 2018]
Researchers ran the 4.7 milllion-strong batch against the FCC's efforts to accept public comments regarding its net neutrality repeal effort and found more than 30,000 accounts generating comments -- many of them the exact same message, which were posted “all in one second,” indicating an enormous botnet intended to “influence policy discourse,” Minder said. Read More
Black Hat: Voting Machine Hack [Black Hat USA 2018]
Carsten Schuermann, associate professor at IT University of Copenhagen, presents a session called “Lessons from Virginia - A Comparative Forensic Analysis of WINVote Voting Machines” at the Black Hat USA cyber security convention in Mandalay Bay Thursday, Aug. 9, 2018. Read More
Should I infect this PC, wonders malware. Let me ask my neural net... [Black Hat USA 2018]
DeepLocker was developed by IBM eggheads, and is due to be presented at the Black Hat USA hacking conference in Las Vegas on Thursday. It uses a convolutional neural network to stay inert until the conditions are right to pounce. Read More
Hacked satellite systems could launch microwave-like attacks, expert warns [Black Hat USA 2018]
According to research presented at the Black Hat information security conference in Las Vegas, a number of popular satellite communication systems are vulnerable to the attacks, which could also leak information and hack connected devices. The attacks, which are merely a nuisance for the aviation sector, could pose a safety risk for military and maritime users, the research claims. Read More
Hackable implanted medical devices could cause deaths, researchers say [Black Hat USA 2018]
In new research presented at the Black Hat information security conference, a pair of security researchers remotely disabled an implantable insulin pump, preventing it from delivering the lifesaving medication, and then took total control of a pacemaker system, allowing them to deliver malware directly to the computers implanted in a patient’s body. Read More
Microsoft- and Facebook-Led Cybersecurity Tech Accord Tackles Router Security [Black Hat USA 2018]
In an interview at Black Hat with SDxCentral, Johnnie Konstantas, senior director of Microsoft’s Enterprise Cybersecurity group, said the Cybersecurity Tech Accord and other collaborative efforts show that Microsoft is committed to working with tech companies — as well as public-sector groups and law enforcement — to advance security for customers and the general public. Read More
Are Trading Apps Safe? Not All of Them, Report Finds [Black Hat USA 2018]
Ten of the 80 applications tested over a one-year period store passwords of subscribers without encryption, a flaw that could lead to funds being stolen, IOActive reported at the Black Hat cybersecurity conference Thursday in Las Vegas. Read More
HACKING A BRAND NEW MAC REMOTELY, RIGHT OUT OF THE BOX [Black Hat USA 2018]
That attack, which researchers will demonstrate Thursday at the Black Hat security conference in Las Vegas, targets enterprise Macs that use Apple's Device Enrollment Program and its Mobile Device Management platform. Read More
Under the hood: New tool simplifies the vulnerability replication process [Black Hat USA 2018]
Developers seeking to reproduce issues discovered by pen testers were given a deep dive into PortSwigger's Replicator BApp yesterday at the Black Hat security conference in Las Vegas. Read More
BUGS IN MOBILE CREDIT CARD READERS COULD EXPOSE BUYERS [Black Hat USA 2018]
All four manufacturers are addressing the issue, and not all models were vulnerable to all of the bugs. In the case of Square and PayPal, the vulnerabilities were found in third-party hardware made by a company called Miura. The researchers are presenting their findings Thursday at the Black Hat security conference. Read More
Trading Apps Expose Investors to Cyber Criminals, Report Finds [Black Hat USA 2018]
Ten of the 80 applications tested over a one-year period store passwords of subscribers without encryption, a flaw that could lead to funds being stolen, IOActive reported at the Black Hat cybersecurity conference Thursday in Las Vegas. Read More
In-vehicle wireless devices are endangering emergency first responders [Black Hat USA 2018]
Shattuck said he has spent the past 22 months investigating the problem and helping wireless gateway providers—which, besides Sierra Wireless, also includes Moxa and Digi—to begin fixing it. Despite the efforts, he said scans regularly show large numbers of unsecured devices continue to expose not only emergency first responders but also remote pipelines, hydrogen refueling stations, traffic monitoring systems, tolls, bridges, and airports. Now, after almost two years of keeping the problem a carefully guarded secret, he plans to discuss it in detail Thursday at the Black Hat security conference in Las Vegas. Read More
Zero-Day Shop Opens the Floodgates for People to Sell Exploits to Governments [Black Hat USA 2018]
“We are now dealing with researchers who are not on the market,” Andrea Zapparoli Manzoni, the director of Crowdfense, told Motherboard in an interview at the annual Black Hat hacking conference on Thursday. Read More
Smart cities around the world were exposed to simple hacks [Black Hat USA 2018]
Jennifer Savage, a security researcher from Threatcare, and Daniel Crowley, a research director with IBM's X-Force Red, disclosed their findings at the Black Hat cybersecurity conference in Las Vegas on Thursday.
Read More
Researchers Reveal Smart City System Flaws at Black Hat [Black Hat USA 2018]
A pair of researchers from IBM and Threatcare have discovered 17 vulnerabilities across three different manufacturers and four different smart city products and will detail their findings at Black Hat USA here on Aug. 9. Read More
Blockchain may not be the answer to security worries, Google chief says [Black Hat USA 2018]
During the start of this year's Black Hat USA conference in Las Vegas, Director of Engineering and head of Project Zero at Google, Parisa Tabriz shared her insights from working on the search giant's bug-hunting team and the push to label non-HTTPS websites as insecure. Read More
Hack causes pacemakers to deliver life-threatening shocks [Black Hat USA 2018]
At the Black Hat security conference in Las Vegas, researchers Billy Rios and Jonathan Butts said they first alerted medical device maker Medtronic to the hacking vulnerabilities in January 2017. So far, they said, the proof-of-concept attacks they developed still work. The duo on Thursday demonstrated one hack that compromised a CareLink 2090 programmer, a device doctors use to control pacemakers after they’re implanted in patients. Read More
Car Hackers Discuss What It Takes to Secure Autonomous Vehicles [Black Hat USA 2018]
Three years ago at the Black Hat conference, Charlie Miller and Chris Valasek (pictured) detailed flaws in Chrysler cars that led to the recall of millions of vehicles. The pair have now changed their focus from offense to defense, detailing ways to help secure autonomous vehicles at the Black Hat USA 2018 event on Aug. 9. Read More
Black Hat USA 2018: IBM X-Force finds 17 zero-day vulnerabilities in four smart city systems [Black Hat USA 2018]
The study, released by IBM's X-Force Red Team today at Black Hat 2018, looked at four common devices and found 17 vulnerabilities, nine of which were considered critical in nature, said Daniel Crowley, research baron at IBM X-Force Red. These included ICS components, devices used in conjunction with connected cars, and other products that control various types of sensors. Read More
Smart city systems are riddled with critical security vulnerabilities [Black Hat USA 2018]
At the Black Hat conference in Las Vegas on Monday, the cybersecurity firm's X-Force Red team of penetration testers and hackers demonstrated how old-school threats are placing the cities of the future at risk in the present day. Read More
Black Hat 2018: ‘We are now being tested. Are we as good as we say we are?’ [Black Hat USA 2018]
And with global spending on cybersecurity products and services expected to exceed $1 trillion cumulatively between 2017 and 2021, the growth of information security as an industry is no more evident than at Black Hat, taking place this week in Las Vegas. Read More
Google security expert Parisa Tabriz opens Las Vegas Black Hat conference. She wants more transparency and collaboration, and uses site isolation in Chrome to explain the challenges that sometimes need to be overcome in the event of major security enhancements. Read More
BLACK HAT 2018 KEYNOTE: COMING TOGETHER TO TACKLE ROOT CAUSES OF CYBER VULNERABILITY [Black Hat USA 2018]
Parisa Fabriz, Director of Engineer at Google, ascended a round stage at Black Hat 2018 that had been covered until moments earlier with a projection of the moon’s surface. The whole celestially themed warm up to the speech, with copious smoke effects and spinning spotlights, seemed a tad overproduced. The moon like stage sat against a backdrop of shooting stars and floating galaxies. Read More
10 Managed Security Developments at Black Hat USA 2018 - Day 3 [Black Hat USA 2018]
This week’s Black Hat USA 2018 conference in Las Vegas continues to generate new products and services designed for MSSPs and channel partners that are pushing deeper into managed security, managed detection and response (MDR), and more. Read More
Are Hackers Happy? No, They're Probably Stressed Out [Black Hat USA 2018]
During a panel here at Black Hat, Dr. Celeste Lyn Paul, a senior researcher with the NSA, pointed out that it was one of four conference tracks focusing on mental health; others cover addiction, PTSD, and avoiding burnout and depression. Read More
Compression and VPNs Make for Leaked Secrets [Black Hat USA 2018]
Nafeez noticed that OpenVPN, a popular VPN protocol, has compression enabled by default. This is used by several VPN companies, many of which, Nafeez said, leave compression on by default. In the research he presented at Black Hat, Nafeez didn't use a VPN provided by VPN company like TunnelBear or NordVPN$2.75 at NordVPN - Limited Deal. Instead, he used the OpenVPN code and rolled his own. Read More
It Takes Just $200 to Tie Cell Networks in Knots [Black Hat USA 2018]
Most of the attacks featured at the Black Hat conference in Las Vegas hinge on stealing money, exfiltrating data, or, in extreme cases, blowing up factories with bubbles. Read More
How Blackberry Does Secure Release Management [Black Hat USA 2018]
Gadsby shared her experience and some templates during a session at the Black Hat USA 2018 conference titled, "Stop that Release, There's a Vulnerability!" The session was one of ten must-see sessions we noted earlier this week. Read More
F5 Details Cellular Gateway IoT Flaws at Black Hat [Black Hat USA 2018]
Cellular gateways are leaking information that could be exposing critical infrastructure to risk. That's the conclusion of Justin Shattuck, principal threat researcher for F5 Labs, who talked about the issue of cellular gateway flaws for internet of things (IoT) in a session at Black Hat USA here on Aug .9. Read More
Dark Reading News Desk Live at Black Hat USA 2018 [Black Hat USA 2018]
Whether you are hitting the Mandalay Bay for the Black Hat USA 2018 conference this week or peeking at the news feeds from afar, keep your browser open here from 2 pm to 6 pm Eastern (11 - 3 Pacific) on Wednesday, Aug. 8 and Thursday Aug. 9. The Dark Reading News Desk will once again be streaming live. Read More
10 Vendors Making News at Black Hat USA 2018 [Black Hat USA 2018]
The core of the Black Hat USA conference is security research, but in recent years it has also become a chance for cybersecurity vendors to unveil new products. Read More
Black Hat conference in Las Vegas addresses cryptocurreny theft [Black Hat USA 2018]
The rise of cryptocurrencies is creating more opportunities for cyber criminals to steal, according to Cisco Systems.
Crypto phishing — sending emails or creating websites that resemble a trusted crypto company — and cryptojacking — using another person’s computer to mine currencies — are two new methods that are increasingly used, Cisco representatives told a attendees Wednesday at the Black Hat conference in Las Vegas. Read More
Staying off DEF CON’s ‘Wall of Sheep’ [Black Hat USA 2018]
AVOIDING THE WALL OF SHEEP — The meat of the Black Hat and DEF CON hacker conferences kick off today in Las Vegas, where your MC host stepped off his plane into the 106-degree heat, and we imagine some people at Mandalay Bay and Caesar’s Palace — home to the respective events — might be reading this newsletter. Nobody in the business, whether journalists, hackers or whoever, wants to end up on the dreaded DEF CON “Wall of Sheep” that memorializes insecure visitors by the hundreds or even thousands annually. Conference officials with both events have some tips. Read More
Online Stock Trading Has Serious Security Holes [Black Hat USA 2018]
IT’S NEVER BEEN easier to trade stocks; just a few taps or clicks will do the trick. But most of the platforms that millions of market participants rely on to move their money suffer from cybersecurity shortcomings, new research warns. As if stocks weren’t risky enough already. Read More
Hack the planet: vulnerabilities unearthed in satellite systems used around the globe [Black Hat USA 2018]
So this is bad. Black Hat, the king of enterprise security conventions, kicked off today, and most noticeable amid the fusillade of security research was some impressive work from Ruben Santamarta of IOActive, whose team has unearthed worrying vulnerabilities in satellite communication systems, aka SATCOM, used by airplanes, ships and military units worldwide. Read More
Can Security Software Compromise Your Privacy? [Black Hat USA 2018]
Security tools should eliminate bad files and leave good ones alone. But some handle unknowns by sending them to the cloud for analysis, and that analysis can compromise your privacy, according to a talk at Black Hat. Read More
Cybersecurity expert found people could hack computers using Microsoft's Cortana [Black Hat USA 2018]
Tal Be’ery, Kzen Networks co-founder, sits down with CNBC's Josh Lipton at the Black Hat Conference in Las Vegas to discuss how he uncovered a security flaw that allows hackers to access computers by targeting Microsoft’s Cortana. Read More
Samsung Galaxy S7 smartphones are vulnerable to hacking: Researchers [Black Hat USA 2018]
Samsung's Galaxy S7 smartphones contain a microchip security flaw, uncovered earlier this year, that put tens of millions of devices at risk to hackers looking to spy on their users, researchers told Reuters.
Read More
Black Hat: Collaboration Needed to Fight Cybercriminals [Black Hat USA 2018]
BLACK HAT USA — More collaboration among cybersecurity providers is needed to continue making progress against ever-increasing cyber threats. Read More
DeepLocker: How AI Can Power a Stealthy New Breed of Malware [Black Hat USA 2018]
Cybersecurity is an arms race, where attackers and defenders play a constantly evolving cat-and-mouse game. Every new era of computing has served attackers with new capabilities and vulnerabilities to execute their nefarious actions. Read More
New genre of artificial intelligence programs take computer hacking to another level [Black Hat USA 2018]
SAN FRANCISCO (Reuters) - The nightmare scenario for computer security - artificial intelligence programs that can learn how to evade even the best defenses - may already have arrived. Read More
Google Project Zero boss: Blockchain won’t solve your security woes – but partying just might [Black Hat USA 2018]
Black Hat Parisa Tabriz, a director of engineering at Google and head of the web giant's Project Zero bug-hunting squad, today opened this year's Black Hat USA conference with a reminder that partying is key to securing software. Read More
Google Exec Says It's Time to Stop Playing Whack-a-Mole with Security [Black Hat USA 2018]
BLACK HAT USA: Parisa Tabriz, director of engineering at Google doesn't want organizations to just focus on fixing bugs, she says they should look at root causes. Read More
Google's Tabriz calls for more collaboration in Black Hat keynote [Black Hat USA 2018]
Google's Director of Engineering Parisa Tabriz kicked off Black Hat 2018 with a wide-ranging keynote address this morning at the Mandalay Bay Events Center calling the industry's current approach to cybersecurity insufficient. Read More
Parisa Tabriz's Black Hat 2018 keynote challenges infosec's status quo [Black Hat USA 2018]
In her Black Hat 2018 keynote, Google's Parisa Tabriz celebrated the unrecognized, long-term work that can cause real change in security and challenge the status quo. Read More
Samsung Galaxy 7 vulnerable to hacking due to flaw, researchers say [Black Hat USA 2018]
Samsung phones were previously thought to be immune to Meltdown, which is said to endanger most computing devices. The team will release its findings at the Black Hat security conference in Las Vegas on Thursday. Read More
Black Hat 2018: Bridging the Gap Between Complex Security Landscapes [Black Hat USA 2018]
At Black Hat, Google’s Parisa Tabriz discussed how to navigate the complex security environment with long-term thinking and a policy of open collaboration. Read More
Black Hat Talk Reveals How Embedded Systems Expose Airlines to Risk [Black Hat USA 2018]
Security firm IOActive is set to disclose multiple vulnerabilities in the embedded systems used for satellite communications and in-flight WiFi, revealing the larger challenge of supply chain risk. Read More
20 Hot Cybersecurity Products Announced At Black Hat 2018 [Black Hat USA 2018]
Vendors are taking advantage of Black Hat 2018's bright spotlight to launch new cybersecurity products, features and platforms that will set the stage for the year to come. For the more than 300 exhibitors expected at Black Hat, the massive gathering provides a chance to explore new strategic directions and evangelize new products to an audience of more than 17,000. Read More
IBM DeepLocker Turns AI Into Hacking Weapon [Black Hat USA 2018]
The IBM presentation of DeepLocker at the Black Hat USA 2018 conference on Wednesday comes amid concern that cybercriminals will turn to AI to help them bypass the very best cyber defences. Read More
Cybersecurity professionals flock to Las Vegas for Black Hat [Black Hat USA 2018]
Black Hat USA, the largest annual cybersecurity conference, is expecting a record 17,000 attendees during its six-day run at the Mandalay Bay Convention Center this week. Read More
Black Hat 2018: What to Expect [Black Hat USA 2018]
Black Hat is known for its showmanship as much as its research. Previous years have seen hacked Linux rifles, ATMs spewing $100 bills, insecure satellite phones, and high-tech "smart" cars driven off the road by researchers. Read More
Demisto Demonstrates Tool to Validate IOC Detection at Black Hat [Black Hat USA 2018]
Organizations typically get all manner of threat reports providing Indicators of Compromise (IOCs) warning them know they might be under cyber attack. But how can an organization know if their systems are properly identifying the IOCs? That's a question that Lior Kolnik, head of security research at security firm Demisto, wants to help organizations answer. Kolnik is set to detail his research alongside a new tool at the Black Hat USA 2018 conference on Aug. 8 Read More
#BHUSA: Better Collaboration and Recognition Can Make a Safer Internet [Black Hat USA 2018]
Delivering the keynote address at Black Hat USA in Las Vegas, Google’s director of engineering Parisa Tabriz talked about the need to collaborate, celebrate progress and recognize those doing the defensive work. Read More
Google’s Project Zero Chief: Stop Playing Security Whack-A-Mole [Black Hat USA 2018]
It’s time to stop treating security problems like a game of Whack-A-Mole, Google’s Parisa Tabriz said during the keynote today at Black Hat 2018. Oh, and blockchain isn’t the magic bullet. “Blockchain is not going to solve all our security problems,” she quipped. Read More
Black Hat 2018: Google’s Tabriz Talks Complex Security Landscapes [Black Hat USA 2018]
At Black Hat, Google’s Parisa Tabriz discussed how to navigate the complex security environment with long-term thinking and a policy of open collaboration. Read More
Google’s ‘Security Princess’ calls for stronger collaboration [Black Hat USA 2018]
”The blockchain is not going to solve all our problems,” Parisa Tabriz, Google’s head of security for the Chrome browser and leader of the Project Zero security vulnerability-hunting team, told an audience of more than 6,000 to kick off the Black Hat conference here. Read More
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push [Black Hat USA 2018]
As Black Hat founder Jeff Moss put it in his introduction, there are "maybe 20 companies in the world who are in a position to actually do something about raising the level of security and resiliency for all of us." Read More
Airplane hacking explained at Black Hat 2018 [Black Hat USA 2018]
lack Hat 2018 is in full swing at Mandalay Bay. The annual event began in 1997 and brings in more than 17,000 hackers and cyber security experts. Every year, the event focuses on security concerns, and this year, there's a big one, shared by Ruben Santamarta. Read More
10 Managed Security Developments at Black Hat USA 2018 - Day 2 [Black Hat USA 2018]
New products, services and partnerships designed for MSSPs and channel partners are surfacing at this week’s Black Hat USA 2018 conference in Las Vegas. Here are Day Two conference highlights involving cloud, artificial intelligence, endpoint security, vulnerability management and more. Read More
No, The Mafia Doesn't Own Cybercrime: Study [Black Hat USA 2018]
Lusthaus found an interesting paradox: While many of the people he interviewed believed organized crime plays a major role in cybercrime, few were able to provide examples. "Many participants in this study believed that organized crime involvement in cybercrime was substantial. But when pressed, this appeared to be a theoretical rather than an empirical view," he wrote in a white paper he released in conjunction with his Black Hat presentation. Read More
Cybersecurity Burnout Can Trigger Frustration, Stress and Depression [Black Hat USA 2018]
Mental health is in the spotlight at Black Hat this year, with several panels advising organizations on ways to combat depression, burnout, suicide and post-traumatic stress in the cybersecurity community. Read More
Reporter’s Notebook: Black Hat Summer Camp for Hackers [Black Hat USA 2018]
About 17,000 researchers, academics and cybersecurity professionals from the public and private sectors have descended on Las Vegas this week for what some refer to as summer camp for hackers. Read More
App nutrition labels? Hackers disagree on software bill of materials [Black Hat USA 2018]
LAS VEGAS—Imagine if software came with a complete list of ingredients. And instead of revealing whether an app contains a digital equivalent of gluten or peanuts, this list would indicate whether it’s vulnerable to hackers. Call it a software bill of materials. Read More
Phones at all major US carriers filled with vulnerabilities, say researchers [Black Hat USA 2018]
Researchers funded by the Department of Homeland Security discovered security vulnerabilities in mobile devices used by Verizon, AT&T, T-Mobile, Sprint and more, DHS program manager Vincent Sritapan told Fifth Domain at the Black Hat security conference in Las Vegas on Tuesday. Read More
RiskSense raises $12 million to prioritize security risks — like safeguarding midterm elections [Black Hat USA 2018]
RiskSense will use the money to accelerate growth through sales, marketing, and research and development investments. It is also one of many security companies exhibiting at the Black Hat corporate security conference in Las Vegas this week. Read More
Hackers targeted a fake power grid. Is the real one next? [Black Hat USA 2018]
The experiment “showed a whole new tier of threat actor that operates against these highly sensitive systems,” Ross Rustici, Cybereason’s senior director of intelligence, told Fifth Domain during the Black Hat conference in Las Vegas. “When you talk about the industrial control system, you don’t think of the criminal network. It’s almost always the nation-state actors.” Read More
Annual Black Hat Convention in Las Vegas expected to draw the largest crowd ever this year [Black Hat USA 2018]
It's the largest conference of its kind in the United States, bringing together like-minded computer types with a singular purpose: Hackers! The Black Hat Convention in Las Vegas aims to teach people how to stop them. Read More
IOActive to Detail Stock Trading App Vulnerabilities at Black Hat [Black Hat USA 2018]
Alejandro Hernandez, senior consultant at IOActive, will detail multiple vulnerabilities found in the desktop and mobile stock trading applications of major financial institutions at Black Hat USA in Las Vegas on Aug. 8. Read More
Black Hat USA 2018: Mimecast Describes New Channel Ecosystem [Black Hat USA 2018]
The initiative will be on display at the Black Hat USA 2018 conference this week, where the vendor will be highlighting several recent announcements, like the recent acquisition of Ataata. Read More
10 Cool Network And Endpoint Security Products Unveiled At Black Hat USA 2018 [Black Hat USA 2018]
Vendors attending Black Hat USA 2018 have continued to keep network and endpoint security front and center, debuting offerings that protect against signatureless malware while infusing stronger threat intelligence and vulnerability assessments into the ecosystem. Read More
IBM, Fortinet team on cyber threat data sharing [Black Hat USA 2018]
IBM and Fortinet have expanded their strategic relationship by agreeing to share threat information in an effort to help customers respond to emerging threats more quickly. The agreement, detailed during the Black Hat cybersecurity conference taking place in Las Vegas, runs primarily through IBM's X-Force research team and Fortinet's FortiGuard Labs. Read More
Duo unravels massive three-tiered ‘crypto-giveaway’ botnet [Black Hat USA 2018]
Duo's principal R&D engineer Jordan Wright and data scientist Olabode Anise published their findings in a report titled 'Dont @ Me: Hunting Twitter Bots at Scale', ahead of a presentation at the 2018 Black Hat cybersecurity conference in Las Vegas tomorrow. Read More
Researchers Inadvertently Discover Crypto Scam Involving 15,000 Twitter Bots [Black Hat USA 2018]
While conducting a study to figure out the best way to identify Twitter bots — accounts controlled by software, not humans — researchers from security software companyDuo Security came across a network of at least 15,000 bots working together to perpetuate a cryptocurrency scam. The researchers plan to present their study on Wednesday at Black Hat, an information security conference in Las Vegas, NV. Read More
Podcast: Black Hat USA 2018 Preview [Black Hat USA 2018]
Threatpost editors Tom Spring, Lindsey O’Donnell and Tara Seals break down the biggest trends to watch out for at Black Hat USA and DEF CON 2018, which both kick off this week in Las Vegas. There is much to watch out for, including a keynote from Google’s Director of Engineering Parisa Tabriz, as well as announcements about new vulnerabilities and interesting sessions. Read More
Black Hat USA 2018 Conference Focuses on Cyber Threats and Unique Solutions [Black Hat USA 2018]
The Black Hat USA 2018 Conference is the world’s leading information security event, now taking place through August 9 in Las Vegas. Attendees are learning about the latest in cyber research, development and trends. Read More
Mental health, overhyped bugs on Black Hat and DEF CON agendas [Black Hat USA 2018]
Black Hat and DEF CON are making the mental health of cybersecurity pros a priority this week at their conferences. Black Hat has a whole speaker track devoted to the topic, including one that addresses a subject that stirred controversy this year — post-traumatic stress disorder within the cybersecurity community. Read More
Every August, the hacker community gathers in Las Vegas for one of the industry’s most well-known conferences, Black Hat. Black Hat has become something of a spectacle both inside and outside of the talks, with dramatic presentations and vendor marketing teams all vying for the flashiest parties, promotions, and giveaways. It’s fitting that it takes place in Vegas. Read More
Twitter botnets are becoming more sophisticated [Black Hat USA 2018]
A wave of Twitter accounts are spoofing celebrity profiles, engaging in fraud and using verified profiles that have been hacked, according to new research from Duo Security, a protection company based out of Michigan. Researchers from there will present their research at the Black Hat conference this week in Las Vegas. Read More
Security firm: Possible regulatory impact of GDPR is front-of-mind concern for cyber clients [Black Hat USA 2018]
Black Hat 2018 opened Saturday with training sessions, and features a closed-press “CISO Summit” today before moving into a full schedule of briefings on Wednesday and Thursday, beginning with a keynote from Google director of engineering Parisa Tabriz, who will discuss vulnerability disclosure and other issues. Inside Cybersecurity will provide full coverage of the Black Hat conference in addition to exclusive interviews with representatives from a variety of cybersecurity firms. Read More
DFLabs to Release Free Live Forensics Tool at Black Hat [Black Hat USA 2018]
To solve this challenge, Moran, who now works as a senior product manager at DFLabs, wrote his own tool called No-Script Automation Tool (NAT), which he will demonstrate on Aug. 8 at the Black Hat USA conference in Las Vegas. Read More
Top 10 Talks to See at Black Hat USA 2018 [Black Hat USA 2018]
The Black Hat USA security conference has an allure unlike no other cybersecurity event. Over the years, some of the most infamous and audacious security attacks and research have been announced at Black Hat, and the 2018 event looks like it will once again live up to the hype. Read More
Live Blog: Black Hat USA 2018 Day 1 [Black Hat USA 2018]
Thousands of cybersecurity professionals, vendors and partners are attending this week’s Black Hat USA 2018 conference in Las Vegas. MSSP Alert is blogging live — each day — from the conference. Here’s our update for Monday, August 6, 2018. Read More
10 Top Cybersecurity Trends To Watch For At Black Hat 2018 [Black Hat USA 2018]
The annual Black Hat conference has grown over the past two-plus decades into a premier stage for security researchers to demonstrate the latest hacks on devices, systems and critical infrastructure. Read More
Bracing for Black Hat, DEF CON [Black Hat USA 2018]
It’s that special time of year when tens of thousands of hackers of all shades descend on Las Vegas for some dry heat and security talks at the back-to-back Black Hat and DEF CON conferences. While the more pro-oriented Black Hat officially kicked off this weekend, the meat of its briefings begin midweek, after which the more loose DEF CON takes over going into next weekend. Read More
IBM, ATMs – WTF? Big Blue to probe cash machines, IoT, vehicles, etc in new security labs [Black Hat USA 2018]
t has been eight years since the late, great hacker Barnaby Jack took to the stage at the Black Hat USA conference in Las Vegas, and showed attendees how in just a few steps an ATM can be tricked into spewing dollar bills onto the floor for free... Read More
ATM hacking becomes a priority in IBM cybersecurity facilities [Black Hat USA 2018]
At the Black Hat conference in Las Vegas on Monday, IBM said the facilities will be based in Austin, TX; Hursley, England; Melbourne, Australia; and Atlanta, GA, and include a dedicated ATM testing practice "in response to increased demand for securing financial transaction systems." Read More
BlackBerry claims it can do to ransomware what Apple did to its phones [Black Hat USA 2018]
The Canadian biz's days as the smartphone king long gone, with Apple making quick work of its hardware. And although it still licenses its name to a few handsets, BlackBerry now focuses on software. It is using this year's Black Hat USA security show, held this week in Las Vegas, to unveil what it claims is a fast response to ransomware infections. Read More
Blackberry Can Now Reverse Ransomware Attacks [Black Hat USA 2018]
At Black Hat USA 2018 being held in Las Vegas this week, Blackberry unveiled a new ransomware recovery capability for Blackberry Workspaces Collaborate and Secure Plus editions at no extra cost. Once enabled, it allows an administrator to freeze accounts once a ransomware infection is detected. Read More
Researchers open source tools to identify Twitter bots at scale [Black Hat USA 2018]
Wright and Anise will present their research on Wednesday at the 2018 Black Hat USA security conference in Las Vegas. Following the presentation, they will make their research tools available on Github to enable other researchers to identify automated Twitter accounts at scale. Read More
New BlackBerry Workspaces platform could help businesses quickly recover from ransomware [Black Hat USA 2018]
BlackBerry Limited announced its updated BlackBerry Workspaces content collaboration platform on Monday at the annual Black Hat USA security conference in Las Vegas. Read More
How to not get hacked at Black Hat [Black Hat USA 2018]
Few environments provide a more target-rich environment for cyber criminals than the estimated 17,000 information security experts gathered in Las Vegas this week for the annual Black Hat security conference. Read More
3 storylines to watch during Black Hat 2018 [Black Hat USA 2018]
More than 17,000 security experts, hackers and analysts are expected to attend Black Hat USA for a combination of trainings and briefings by experts. Now in its 21st year, the conference is one of the largest information security events in the world and includes more than 300 speakers or trainers, 120 briefings and more than 80 trainings. Read More
3 storylines to watch during Black Hat 2018 [Black Hat USA 2018]
The cybersecurity community is descending on Las Vegas this week for a series of conferences just as digital warfare has been thrust into the national spotlight.
More than 17,000 security experts, hackers and analysts are expected to attend Black Hat USA for a combination of trainings and briefings by experts. Now in its 21st year, the conference is one of the largest information security events in the world and includes more than 300 speakers or trainers, 120 briefings and more than 80 trainings. Read More
How to not get hacked at Black Hat [Black Hat USA 2018]
Few environments provide a more target-rich environment for cyber criminals than the estimated 17,000 information security experts gathered in Las Vegas this week for the annual Black Hat security conference. Read More
Black Hat, with big names and crowds, infiltrates Las Vegas [Black Hat USA 2018]
More than 17,000 cybersecurity professionals from government, academia and the private sector are expected to turn out for the six-day show to attend some of the 80 training sessions and 120 briefings on offer. The show has nearly doubled in size since 2014. Read More
3 trends hackers at Black Hat and DEFCON are watching [Black Hat USA 2018]
One of the best ways to gain insights into these evolving tactics is to follow the hacking announcements that come out each year at the Black Hat and DEF CON security conferences. These twin hacker cons, which take place in August this year, are a bellwether of sorts for the information security field. They cover a vast range of new hacking research and tend to be a good predictor of the new trends emerging in the hacker and cybercrime communities. Read More
Security world to hit Las Vegas for a week of hacking, cracking, fun [Black Hat USA 2018]
Fast forward to 2018, and that get-together has grown into events that will see an estimated 30,000 people converge on Las Vegas for the biggest security shindig in the world – the combination of Black Hat USA, DEF CON and BSidesLV. Read More
Security world to hit Las Vegas for a week of hacking, cracking, fun [Black Hat USA 2018]
While that first gathering morphed into the DEF CON hacking conference, the biggest event is Black Hat USA, which begins on Saturday, and runs through until Thursday, August 9. This is the flashy corporate brother of DEF CON, and features four days of security training, a one-day invite-only CISO summit day (from which press are strictly barred) and two days of briefings featuring everything from government agents to hardcore hackers talking about the tricks of the trade. Read More
Black Hat, with big names and crowds, infiltrates Las Vegas [Black Hat USA 2018]
Black Hat USA, the largest annual cybersecurity conference, is expecting record attendance in Las Vegas this week as high-profile breaches and election meddling fears dominate headlines. Read More
Cyber security vulnerabilities: What's causing them and what can be done? [Black Hat USA 2018]
According to a recent study, based on the results of attendees at Black Hat USA 2018, infosec professionals cited cyber security staff shortages as a prominent challenge that occurs when dealing with potential cyber threats. Read More
Four Cool Tools Expected Out of Black Hat [Black Hat USA 2018]
In just about a week the hacking community will converge on Las Vegas to drop their biggest discoveries of the year at the podiums of Black Hat USA. This annual confab always offers up a range of great new ideas for defenders, red teamers and security researchers—as well as a boatload of new tools. This year’s show should be no different. Read More
Black Hat 2018: A survival guide [Black Hat USA 2018]
The next year I returned to attend the Black Hat conference. I had been indoctrinated in the chaos of the Alexis Park Hotel and I decided to try my hand at this more stoic iteration of a security conference. Now, decades later I can share some of the key lessons I’ve learned from regularly attending Def Con, Black Hat, and BSides Las Vegas. Read More
Black Hat 2018 survey: Cybersecurity staffing, budgets still lacking [Black Hat USA 2018]
Attendees for next week's 2018 Black Hat USA conference said they are still facing significant challenges when it comes to cybersecurity staffing and budgets. According to the 2018 Black Hat USA Attendee Survey, which was conducted in May with 315 infosec professionals, a majority of respondents said they don't have "the staffing or budget to defend adequately against current and emerging threats." Read More
Anticipating Black Hat USA 2018 [Black Hat USA 2018]
Looking forward to learning more about new developments in artificial intelligence, cloud security, enterprise risk management, and lots of other topics Read More
Google Researcher Unpacks Rare Android Malware Obfuscation Library [Black Hat USA 2018]
Stone, who will present her findings next week at Black Hat USA in Las Vegas, describes the defense architecture as a "wedding cake" because there are many layers to the defense. The first is aimed at thwarting human analysts, the second at humans using automated systems, and the third autonomous systems running alone. Read More
Three security trends to watch for at Black Hat USA 2018 [Black Hat USA 2018]
Black Hat USA, an annual cybersecurity conference taking place in August, is a great opportunity for practitioners to get a glimpse into both emerging attack vectors and the latest technologies designed to protect against these attacks.
Read More
10 More Women in Security You May Not Know But Should [Black Hat USA 2018]
Tomasello is an advocate of employee wellness and inclusion, and will be presenting a session at this year's Black Hat USA, entitled "Holding on for Tonight: Addiction in Infosec." Read More
Managed detection and response supports internal security teams [Black Hat USA 2018]
These data-driven insights, combined with machine learning and automation help provide a seamless incident response workflow, ensuring quick and accurate detection and response that removes false positives and produces only actionable intelligence. You can find out more on the Fidelis website or on the company's stand at next week's Black Hat USA conference. Read More
HP Announces First-Ever Bug Bounty Program For Printer Security [Black Hat USA 2018]
HP's print bug bounty program has been running since May, and researchers have uncovered several bugs since it began, Albright said. The program is being disclosed now just ahead of the Black Hat USA 2018 conference, which takes place Aug. 4-9 in Las Vegas. Read More
$10,000 for hacking HP printers: First bug bounty program for printer security [Black Hat USA 2018]
Announcing the first-ever printer bug bounty program is not quite the same thing as launching it; according to CNet, HP quietly launched the bug bounty program in May. The program is being disclosed before the upcoming Black Hat USA 2018 conference which takes place August 4 - 9 in Las Vegas. Read More
Leaky radio devices broadcast chipset data, discover researchers [Black Hat USA 2018]
The researchers will also be sharing their findings at the Black Hat conference in Las Vegas next week. In the meantime, they have called upon microelectronics manufacturers to implement better protections against this kind of attack Read More
SIDE CHANNEL ATTACKS AGAINST MIXED SIGNAL MICROCONTROLLERS [Black Hat USA 2018]
You shouldn’t transmit encryption keys over Bluetooth, but that’s exactly what some popular wireless-enabled microcontrollers are already doing. This is the idea behind Screaming Channels, an exploit published by researchers at EUERCOM, and will be a talk at Black Hat next week. Read More
Discover everything about the origin, the quintessential parameters of growth, and the changes brought about by the Black Hat in the arena of cybersecurity, exclusively on Straight Talk. Read More
Automating Kernel Exploitation for Better Flaw Remediation [Black Hat USA 2018]
Black Hat researchers plan on open sourcing a new framework they say can help organizations get a better rein on vulnerability fixes for kernel bugs. Read More
The ABCs of Hacking a Voting Machine [Black Hat USA 2018]
A hacker who successfully infiltrated a voting machine at last year's DEF CON will demonstrate at Black Hat USA how he did it, as well as what he later found stored on other decommissioned WinVote machines. Read More
How to Get Infected With Malware [Black Hat USA 2018]
Originally demonstrated at Black Hat, now marketed as a tool for testing, the USB Killer uses your computer's own USB power to charge up its capacitors, then zap the PC with 200 volts. Read More
Virtualization Flaw Uptick: It’s ‘Just Getting Underway’ [Black Hat USA 2018]
And the increased interest among security researchers in virtualization flaws is reflected in programming expected to be highlighted at Black Hat USA next week. For example, one pair of researchers at the show is planning on disclosing a vulnerability on the kernel virtual machine (KVM) on ARM systems that can be exploited to install a hypervisor rootkit affected systems. Read More
Software is Achilles Heel of Hardware Cryptocurrency Wallets [Black Hat USA 2018]
Upcoming Black Hat talk will detail software vulnerabilities that can put private cryptocurrency wallets and currency exchange services at risk. Read More
Risk & Repeat: Closing the gender gap at cybersecurity conferences [Black Hat USA 2018]
And while cybersecurity conferences such as Black Hat 2018 will prominently feature women infosec professionals as keynote speakers, there is still a significant gender gap at cybersecurity conferences. Read More
White hat hacker’ aims to protect world, encourage women [Black Hat Asia 2018]
Nakajima also serves as a peer reviewer of reports for Black Hat, a series of international conferences that hackers from all over the world participate in. Read More
Concerned about smart TVs invading privacy, lawmakers ask FTC to investigate [Black Hat USA 2018]
Smart TVs were called the perfect target for spying on users back in 2013 – the same year as a Black Hat presentation about hacking Samsung Smart TVs. It was not just exploits that allowed for spying as a scandal erupted about LG Smart TV spying in 2013. Read More
The Types of Hackers & Why They Hack [Black Hat USA 2018]
A black hat may engage in illegal activities for a living, while also being involved in hacktivism, essentially as a hobby. And, some black hat hackers move on to the ethical hacking arena as can be seen at computer security conventions such as Black Hat and DEF CON. Read More
8 Big Processor Vulnerabilities in 2018 [Black Hat USA 2018]
Here's what we've had to contend with this year on the CPU vulnerability front — and what we can expect in a couple of weeks when new research hits the stage at Black Hat. Read More
Voting machine vendors under pressure [Black Hat USA 2018]
he Black Hat conference has finalized its agenda for the 2018 event running Aug. 4 through 10, organizers announced Wednesday. One of the highlights: a presentation on how researchers hacked an airplane, in-flight, from the ground. Read More
Are Security Researchers Worried About Privacy? This And More With Black Hat Events GM, Steve Wylie [Black Hat USA 2018]
This podcast episode is part of our Las Vegas cybersecurity event coverage called “Chats on the Road to Las Vegas”, which, of course, is centered around the extremely popular cybersecurity research and training event, Black Hat. Read More
DEF CON Voting Village grows this year [Black Hat USA 2018]
Black Hat and DEF CON are just around the corner, and one of the biggest headlines from last year’s conferences was the Voting Village where hackers broke into voting machines en masse. Read More
Trading Platforms Riddled With Severe Flaws [Black Hat USA 2018]
Next month at Black Hat USA, a researcher from IOActive will detail some stark examples of this during a presentation that will show the depths of flaws found present in stock-trading platforms used by millions of traders around the globe. Read More
Five Ways Digital Assistants Pose Security Threats in Home, Office [Black Hat USA 2018]
At the Black Hat conference later this month, for example, four researchers will show how Cortana can be used to bypass the security on locked Windows PCs and other devices. Read More
6 Drivers of Mental and Emotional Stress in Infosec [Black Hat USA 2018]
Every year, thousands of cybersecurity pros descend on Las Vegas for Black Hat USA, where they learn the latest in security research, hone new skills, and connect with the infosec industry Read More
Are privacy and personal identity impossible to protect? [Black Hat USA 2018]
These findings are outlined in Black Hat USA’s new research report entitled, Where Cybersecurity Stands. The report, compiled from the fourth installment of Black Hat’s Attendee Survey, includes critical industry intel directly from more than 300 top information security professionals. Read More
Natural Language Processing Fights Social Engineers [Black Hat USA 2018]
The duo will present their approach to detecting social engineering attacks, and release the tool so attendees can test it, at Black Hat 2018 in a panel entitled "Catch me, Yes we can! Pwning Social Engineers Using Natural Language Processing Techniques in Real-Time." Read More
Experts agree that a critical infrastructure attack is imminent [Black Hat USA 2018]
A report from Black Hat released June 26 said that 69 percent of respondents believe that an attack on American critical infrastructure is coming in the next two years. Only 15 percent of respondents said they believe that the county will be able to respond. The suspected culprits of such an attack were hardly surprising: China and Russia. Read More
Jask Raises $25M Series B Funding for Autonomous Security Platform [Black Hat USA 2017]
Jask, which debuted its autonomous security platform at last year’s Black Hat USA conference, today said it raised $25 million in Series B funding. This brings its total to $39 million. Read More
New Details Leak on Security Flaw That Led OpenBSD to Disable Hyper-Threading [Black Hat USA 2018]
Last week, the head of OpenBSD development, Theo de Raadt, told the press that the OS project he leads would no longer enable Hyper-Threading on Intel processors because of security issues. A full paper is due to be released in August at the Black Hat security conference. Read More
Are Black Hat Professionals Raising White Flag on Privacy Protection? [Black Hat USA 2018]
These findings outlined in San Francisco-based Black Hat USA’s new research report, Where Cybersecurity Stands, compiled from Black Hat’s Attendee Survey in May 2018, from more than 300 information security professionals. Read More
TLBleed is latest Intel CPU flaw to surface: But don't expect it to be fixed [Black Hat USA 2018]
The flaw, which will be presented at the Black Hat USA 2018 conference, is why OpenBSD recently decided to disable hyperthreading on Intel CPUs. Read More
Survey Finds Privacy Protection a Lost Cause [Black Hat USA 2018]
Black Hat today released a new report, Where Cybersecurity Stands, based on a survey of Black Hat USA attendees. The survey looked, in part, at whether privacy protection is a lost cause and posed questions to more than 300 top information security professionals about privacy, election hacking, the US federal government’s ability to handle cyber-threats, nation-state attacks, the cryptocurrency hype and the perceived risks to the nation’s critical infrastructure. Read More
Cyber Researchers Don’t Think Feds or Congress Can Protect Against Cyberattacks [Black Hat USA 2018]
Only 13 percent of researchers “believe that Congress and the White House understand cyber threats and will take steps for future defenses,” according to the poll of attendees at the Black Hat cybersecurity conference. Read More
Black Hat: Cybersecurity Is More Than A Tech Problem [Black Hat USA 2018]
Black Hat has conducted this survey annually since 2015, with the most recent survey being conducted in May of 2018. Three hundred and fifteen cybersecurity professionals were interviewed, including chief information officers, chief technology officers and researchers in sectors such as financial services, government and healthcare. Read More
Black Hat Survey: Enterprise Tech, US Government Unprepared for Cyberattacks [Black Hat USA 2018]
The 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure. Read More
Cybersecurity pros are limiting their personal use of Facebook, survey says [Black Hat USA 2018]
About 65% of surveyed current and former attendees at the annual Black Hat USA security conference say they’re limiting their use of Facebook or not using it at all after the recent controversies over the company’s security practices, Black Hat reports. Read More
Black Hat: People are still the weakest link in the security chain [Black Hat USA 2018]
The Black Hat USA 2018 Attendee Survey, released today, found that 38% of infosec pros perceive the biggest weakness to be “end users who violate security policy and are too easily fooled by social engineering attacks”. Read More
Researchers warn of new Hyper-Threading-based Intel CPU vulnerability [Black Hat USA 2018]
Project leader Theo de Raadt is set to present a research paper at the Black Hat conference this August that will reveal why they made the change. Read More
Hyperthreading under scrutiny with new TLBleed crypto key leak [Black Hat USA 2018]
Last week, developers on OpenBSD—the open-source operating system that prioritizes security—disabled hyperthreading on Intel processors. Project leader Theo de Raadt said that a research paper due to be presented at Black Hat in August prompted the change, but he would not elaborate further. Read More
Why Intel won't patch TLBleed vulnerability, despite serious concerns for cloud users [Black Hat USA 2018]
While the whitepaper describing the finer technical details of TLBleed is set to be released next week—Ben Gras, one of the researchers involved, is giving a presentation at the Black Hat USA conference in August—a draft version has been shared in OS development circles, as well as with The Register. Read More
OpenBSD disables Intel’s hyper-threading over CPU data leak fears [Black Hat USA 2018]
And this talk at Black Hat in August that promises to reveal how miscreants can extract encryption keys from application memory via hyper-threading and TLB data leaks. Specifically, that presentation, by Ben Gras, will cover a technique dubbed TLBleed that exploits hyper-threading to swipe sensitive data Read More
OpenBSD Disables Intel CPU Hyper-Threading Due to Security Concerns [Black Hat USA 2018]
According to the infosec community, the reason why OpenBSD disabled Intel HT is related to a research paper detailing a new vulnerability named TLBleed, which will be presented at the Black Hat security conference that will be held in Las Vegas in August. Read More
Watch Windows 10 Hack Steal Passwords And Photos By Abusing Cortana [Black Hat USA 2018]
The weakness was found separately by McAfee researchers, and Yuval Ron and Ron Marcovich, software engineering students at the Technion Israeli Institute of Technology, as part of a project overseen by independent security researchers Amichai Shulman and Tal Be'ery. Read More
Cybersecurity Conference Season Starts Soon in Las Vegas [Black Hat USA 2018]
The Black Hat USA conference, now in its 21st year, features recent research, development and trends. Black Hat is often the show where some of the most controversial vulnerability research in the field of information technology is unveiled. Read More
New Hack Weaponizes the Web Cache [Black Hat USA 2018]
Kettle is holding back much of the secret sauce of the Web-caching hack as well as his Web targets until his Black Hat USA talk in August. But he does say that with his attack, he can force a cache into behaving in an unsavory way without directly targeting it. Read More
Why Every Enterprise Should Have A Cyber Range In Its Security Arsenal [Black Hat USA 2017]
In fact, in another poll conducted at the 2017 Black Hat security conference, 84% of the organizations that experienced an attack attributed it to human error. Read More
Not everyone is so hot about this free USB fan handed to journalists at Trump-Kim summit [Black Hat USA 2014]
Security researchers Karsten Nohl and Jakob Lell demonstrated malware they had developed, called BadUSB, at the Black Hat Conference back in 2014. Read More
It might be possible to hack airplanes in mid-flight from the ground, says security expert [Black Hat USA 2018]
If your summer plans include attending the 2018 Blackhat hacker conference, be sure to add Ruben Santamarta’s not-at-all alarming “Last Call for SATCOM Security.” Read More
In-Flight Airplanes Can Now Be Hacked From the Ground, Cyber Expert Warns [Black Hat USA 2018]
Building on research first published in 2014, Ruben Santamarta, an expert at cybersecurity company IO/Active, will tell attendees at 2018’s BlackHat hacker conference in August how “entire fleets” of airplanes were left accessible from the internet, leaving hundreds of in-flight craft at risk. Read More
What’s your poison? New attack method turns the tables on web caching [Black Hat USA 2018]
During his presentation at Black Hat USA, which takes place in Las Vegas on August 4-9, the researcher will illustrate how he was able to use his new web cache poisoning technique to compromise websites by using esoteric web features that turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage. Read More
You Think Discovering a Computer Virus Is Hard? Try Naming One [Black Hat USA 2017]
Heartbleed gained so much attention it inspired the Pwnie Awards—pronounced “Pony” Awards—which recognize the best bug branding at the annual Black Hat computer-security conference in Las Vegas. Read More
Intel: Recent BranchScope side channel on CPUs does not require new patches [Black Hat Asia 2018]
Intel also responded to The Register on another attack that was presented at Black Hat Asia by two researchers from the Technical University of Graz, who also collaborated on Meltdown and Specter. They claimed that it is possible to run malware from the user space into a protected SGX enclave to attack another enclave on the same hardware with a cache attack. Read More
Intel shrugs off ‘new’ side-channel attacks on branch prediction units and SGX [Black Hat Asia 2018]
One of the new allegations was discussed at Black Hat Asia in Singapore last week, where University of Graz PhD Students Moritz Lipp and Michael Schwarz delivered a talk titled “When good turns to evil: using Intel SGX to stealthily steal Bitcoins.” Read More
Microsoft stops RDP requests from unpatched clients [Black Hat Asia 2018]
The vulnerability introduced by researchers at security company Preempt at the Black Hat Asia conference has been fixed by Microsoft as part of Patch Tuesday. The company is taking the unusual step of completely locking out unpatched clients. Specifically, the authentication of the computer via RDP is aborted. Read More
Korean banks hacked through zero-days in anti-virus and VM [Black Hat Asia 2018]
In recent years, South Korean banks have become the target of several targeted attacks, with the attackers also using zero-days in anti-virus software and virtual machine software to compromise the banking networks. That is what employees at the Korean Financial Security Institute have announced during the Black Hat Asia security conference Read More
The expert described ways to compromise mobile payments [Black Hat Asia 2018]
Paying for purchases using a smartphone - frankly dangerous, warns the expert Fudan University (China) Jae Zhou. In the speech at the Black Hat Asia conference in Singapore, the researcher described a number of ways to intercept tokens when making contactless payments, writes The Register. Read More
[BHAsia 2018] Researchers Offer New SDL Models for Wearable Devices Focus on Security and Privacy [Black Hat Asia 2018]
At the Black Hat Asia 2018 conference, Kavya Racharla, senior security researcher at Intel and Sumanth Naropanth, founder of Deep Armor, presented a new Software Development Lifecycle (SDL) model for new generation Wearable devices, focusing on security, security and Be personal. Read More
[BHAsia 2018] Researchers point out that national hackers are beginning to attack for more money [Black Hat Asia 2018]
Shen and Kwak argue that in the past, hackers like Lazarus, Bluenoroff, Andariel and Reaper began to change their purpose of being a Nation-state Attacker. Read More
Looking Back and Thinking Ahead on Cyberwar, Nation-State Attacks [Black Hat Asia 2018]
Nation-state threats dominated the themes of this week's keynotes at Black Hat Asia, where experts dug into past and current cyberattacks, efforts to mitigate nation-state attacks, and the broad and evolving realm of cyber warfare. Read More
Black Hat Asia 2018 Special Recommendation Topic: Tencent Security Anti-Virus Lab Uncovers New loT Attack [Black Hat Asia 2018]
From March 20th to 23rd, Black Hat Asia 2018 (Asian Black Hat Conference), the highest event in the global information security industry, was held in Singapore. Security experts from around the world gathered here to discuss and share the latest research on current hot security issues. Achievements. Read More
Microsoft to re-enforce March patch that owns Windows over RDP [Black Hat Asia 2018]
Black Hat Asia Microsoft will soon prevent Windows from authenticating un-patched RDP clients to cap a March patch addressed a flaw that can allow lateral movement across a network from a compromised remote desktop protocol session. Read More
Private sector over-investing against nation-state attacks [Black Hat Asia 2018]
“We’re all spending a lot of money trying to defend ourselves against attacks that are conducted using tax money that we’re paying to our governments,” Bill Woodcock, executive director of Packet Clearing House, a non-governmental organisation that builds and supports critical internet infrastructure, said at Black Hat Asia 2018 in Singapore this week. Read More
Reflection of a QR code on PoS scanner used to own mobile payments [Black Hat Asia 2018]
Black Hat Asia Paying for stuff with your smartphone is downright dangerous according to Zhe Zhou, a pre-tenure associate professor at Fudan University, who yesterday explained how three different payment methods can be cracked at Black Hat Asia in Singapore. Read More
Smartwatch are more vulnerable to information hacking [Black Hat Asia 2018]
Black Hat Asia, is a technology conference where the gurus in computer security come together to, among other things, talk about the vulnerabilities that certain devices have, among which they decided to analyze the weareables or smartwatch, devices that -although it seems incredible- represent a great opportunity for hackers. Read More
Diplomats, 'Net greybeards work to disarm USA, China and Russia’s cyber-weapons [Black Hat Asia 2018]
As explained today in a keynote at Black Hat Asia by GCSC commissioner and executive director of Packet Clearing House Bill Woodcock, those behind state-sponsored attacks are usually either hopelessly optimistic, or indifferent, to the notion that their exploits will be re-used. Read More
Holy sweat! Wearables have THREE attack surfaces [Black Hat Asia 2018]
Black Hat Asia Wearable devices – and anything that relies on an app to help with configuration – has at least three attack surfaces and your existing secure development lifecycle probably isn’t going to cope with the complexity that creates. Read More
Why a major data breach will happen across Asia in next two years [Black Hat Asia 2018]
These concerns and more are outlined in Black Hat Asia’s first-ever research report, Cybersecurity Risk in Asia. The report, compiled from a survey of nearly 100 current and former attendees at Black Hat Asia, provides insights on critical information security issues pertaining to Asian cyber defenses and vulnerabilities. Read More
New Black Hat Asia Research: More than 70% of Security Professionals Predict a Major Data Breach Across Asian Countries in the Next Two Years [Black Hat Asia 2018]
Cyber attacks levels have raised concerning the IT security professionals across the globe, and Asia is not an exception to it. A majority of the respondents in Black Hat Asia 2018 survey believe their organizations will have to respond to a major security incident in the next 12 months. Read More
Report: Asia-Pacific Cybersecurity Chiefs Expect Major Attack on Critical Infrastructure [Black Hat Asia 2018]
More than two-thirds of Asia-Pacific cybersecurity leaders believe there will be a major successful attack on multiple countries’ critical infrastructure in the next two years, according to a survey from Black Hat Asia. Read More
Asia's security professionals wary of Russia, China, North Korea [Black Hat Asia 2018]
Attendees at this year’s Black Hat Asia conference are wary of what’s ahead from some of the world’s most notorious countries behind cyber attacks. Read More
Major data breach across Asia predicted in next 2 years [Black Hat Asia 2018]
Based on the report, Black Hat found that more than 30% of respondents believe the primary reason cybersecurity strategies fail in Asia is because of a shortage of skilled professionals. Read More
APAC security chiefs expect imminent attack on critical systems [Black Hat Asia 2018]
According to the survey conducted ahead of Black Hat Asia in Singapore, 52% of nearly 100 respondents either “strongly agree” or “somewhat agree” that such an attack would happen in their own country in the next two years. Read More
Black Hat Predicts Major Data Breach In Asia In Two Years [Black Hat Asia 2018]
As in Black Hat surveys conducted in the USA and Europe, security professionals in the Black Hat Asia study are concerned that recent incidents in their region may indicate that a major breach of critical infrastructure is forthcoming. Read More
More than 70% of security experts raise the possibility of massive data leakage in Asia [Black Hat Asia 2018]
This is described in detail in the CyberSecurity Risk in Asia report by Black Hat Asia. This report contains the results of surveys conducted by about 100 attendees of Black Hat Asia, and provides insight into major information security issues related to cybersecurity and vulnerability in Asia. Read More
Almost 60% of Asia-based cybersecurity pros fear malicious attacks on the horizon [Black Hat Asia 2018]
Such concerns are highlighted in Black Hat Asia’s research report titled “Cybersecurity Risk in Asia.” The report was compiled from a poll of about 100 current and former attendees at Black Hat Asia. Read More
Black Hat Predicts Major Data Breach In Asia In Two Years [Black Hat Asia 2018]
A new Black Hat study says nearly 60% of Asia-based cybersecurity professionals fear malicious attacks on the horizon from Russia, China and North Korea. Read More
Black Hat Asia Announces 'Cybersecurity Risk in Asia' Research Report [Black Hat Asia 2018]
Leveraging its own expert community, Black Hat draws insights from executives, executives, information technology and information security teams, network managers and security officers in Asia, including CEOs, CSOs and CIOs in Asia. Read More
Asia's Security Leaders Feel Underprepared for Future Threats: Report [Black Hat Asia 2018]
The study, Cyber Risk in Asia, is being published by Black Hat Asia, one of the region's top cybersecurity conferences. This year's event will take place Mar. 20-23 in Singapore. Read More
Design flaw in Microsoft’s Control Flow Guard allows complete bypass [Black Hat Asia 2018]
The Italian researchers have dubbed this exploit as the Back to the Epilogue (BATE) attack, which they will be explaining in detail at the Black Hat Asia Conference this month. Read More
Researchers say they have found severe Windows vulnerability - over 500 million PCs may be exposed [Black Hat Asia 2018]
According to reports, which can be read in its entirety here , more than 500 million PCs are exposed to attacks. The research team plans to demonstrate BATE weakness - using the Edge browser in Windows 10 - during the Black Hat Asia Conference, which will be released later this month. Read More
Why Wi-Fi Direct Isn’t as Secure as You Think [Black Hat Europe 2017]
Of course, no new technology is without downsides. According to research presented at Black Hat Europe 2017, Wi-Fi Direct may be compromising our security. In doing so, it unwittingly grants hackers an easy way into our digital lives—all in the pursuit of convenience. Read More
Intel SGX Can Be Used to Hide, Execute Malware [Black Hat Asia 2018]
In a talk at the Black Hat Asia conference later this month, researchers from the Graz University of Technology in Austria plan to show how attackers can abuse Intel's Software Guard Extensions (SGX) microprocessor security feature to steal cryptographic keys and other secrets. Read More
Securing the Web of Wearables, Smartphones & Cloud [Black Hat Asia 2018]
At this year's Black Hat Asia, taking place March 23–26 in Singapore, Naropanth will discuss security and privacy research related to the development of IoT devices, including a custom SDL designed to incorporate wearables, phones, and the cloud. Read More
Mind The Gap -- How Quantum Computers May Leave Today's Online Services Vulnerable [Black Hat USA 2017]
"In particular there are concerns that if your data needs to live longer than twenty years, you might be inside the window right now," said Chris Burchett, Vice President, Dell Endpoint Security during an interview at last summer's Black Hat USA 2017 conference. Read More
Facebook's 2FA bug lands social media giant in hot water [Black Hat USA 2017]
At Black Hat USA 2017, Facebook CSO Alex Stamos said “As a community we tend to punish people who implement imperfect solutions in an imperfect world.” Read More
10 Can't-Miss Talks at Black Hat Asia [Black Hat Asia 2018]
Mobile and platform security are popular topics for next month's Black Hat Asia conference in Singapore, where industry experts will meet from March 20-23 to learn about newly discovered exploits and the tools and techniques to defend against them. Read More
Researcher to Release Free Attack Obfuscation Tool [Black Hat Asia 2018]
Bohannon will release his new Invoke-DOSfuscation framework tool next month at Black Hat Asia in Singapore, where he will present his research on how attackers like FIN7 use the relatively basic cmd.exe to slip malware into their targets' systems. Read More
Jackpotting cyberattack hits US, forces ATMs to spit out money for hackers [Black Hat USA 2017]
Demonstrators at Black Hat 2017 were able to force open an ATM to gain access to an unprotected USB port, and within minutes were able to empty it of its cash reserves. Read More
‘Jackpotting’ attacks are now hitting US ATMs, report says [Black Hat USA 2010]
Jackpotting, in which thieves use a variety of tools to hack into ATMs and cause them to dispense large amounts of cash on demand, has been a legitimate threat for several years now. The late computer hacker Barnaby Jack famously showed off an ATM exploit at the Black Hat conference back in 2010. Read More
Secret Service warns banks of coming wave of ATM 'jackpotting' attacks [Black Hat USA 2010]
It's called "jackpotting." It works just like it sounds, an ATM machine is compromised to spit out cash to a fraudster at a furious rate of 40 bills every 23 seconds. Read More
ATM 'jackpotting' hacks reach the US [Black Hat USA 2016]
For some ATM thieves, swiping card data involves too much patience -- they'd rather just take the money and run. The US Secret Service has warned ATM makers Diebold Nixdorf and NCR that "jackpotting" hacks, where crooks force machine to cough up large sums of cash, have reached the US after years of creating problems in Asia, Europe and Mexico. Read More
Hackers are making U.S. ATMs spit out cash like slot machines [Black Hat USA 2010]
Hackers able to make ATMs spit cash like winning slot machines are now operating inside the United States, marking the arrival of “jackpotting” attacks after widespread heists in Europe and Asia, according to the world’s largest ATM makers and security news website, Krebs on Security. Read More
Vulnerable industrial controls directly connected to Internet? Why not? [Black Hat USA 2015]
Yet some of these attacks may go undocumented simply because the companies affected by them have had no cause to report them. At the Black Hat USA security conference in 2015, Marina Krotofil, a researcher at Hamburg University of Technology told attendees that utilities had been regularly blackmailed by ICS hackers on a large scale since at least 2006. Read More
Black Hat Asia 2018 addresses global information security vulnerabilities [Black Hat Asia 2018]
According to Black Hat, a global information security event provider, this year's event will be held at Marina Bay Sands in Singapore and will share information on vulnerabilities such as research, hacking and mobile hacking. Read More
CAPTCHA + reCAPTCHA: Are they the Best Fraud Prevention Solution for your Business? [Black Hat Asia 2017]
Despite the security and UX improvements, there are still many ways for bad actors to get around CAPTCHA systems. CAPTCHA bots and CAPTCHA farms even exist where low-skilled workers are utilized to mass solve CAPTCHAs for rates as low as 80 cents for 1,000 solved codes. CAPTCHA attack systems presented at Black Hat Asia in Singapore showed a more than 70% CAPTCHA-cracking success rate with an average running time of just 19.2 seconds. Read More
Taking complexity out of cyber security [Black Hat Asia 2017]
Tan: At Black Hat Asia last year, cyber security experts called for the software industry to do more to plug the vulnerabilities in their products. Read More
Drugs Tripped Up Suspects In First Known ATM “Jackpotting” Attacks in the US [Black Hat USA 2010]
Jackpotting has been a real threat to ATM owners and manufacturers since at least 2010, when the late security researcher Barnaby Michael Douglas Jack (known to most as simply “Barnaby Jack”) demonstrated the attack to a cheering audience at the Black Hat security conference. Read More
At Black Hat USA, a major cybersecurity conference in Las Vegas, in August 2016 a team from Graz Technical University presented their research from earlier in the year on a way to prevent attacks against the kernel memory of Intel chips. Read More
Enterprise endpoint protection failures will continue until accountability increases
A recent discovery of a new and terrifying malicious code attack technique helps begin to illustrate the acceptance of cyber inadequacy. It is called Process Doppleganging and researchers explained it at Black Hat Europe in December 2017. Read More
Security through suspicion: Tear the firmware out of the laptops and make builds in several places
During another speech at the Black Hat Europe conference, Mark Ermolov and Maxim Goryachy from Positive Technologies talked about a vulnerability found in the Intel Management Engine (ME) and which, in principle, makes it possible to compromise firmware on a computer. Read More
The US announced the involvement of the DPRK in the creation of the WannaCry virus
In the first decade of December, a new way was found to bypass any protection of the computer, even if it installed an antivirus. The method of hacking any version of the Windows operating system was presented by enSilo specialists at the Black Hat Europe 2017 conference. Read More
In her keynote address at Black Hat Europe last week, the hacker said that she had removed all microphones from her iPhone and was only using a Bluetooth headset on the phone. Read More
We need to talk about mathematical backdoors in encryption algorithms
During a presentation at Black Hat Europe last week, titled By-design Backdooring of Encryption System - Can We Trust Foreign Encryption Algorithms?, Filiol and his colleague Arnaud Bannier, explained how it is possible to design a mathematical backdoor. Read More
Intel to slap hardware lock on Management Engine code to thwart downgrade attacks
Last month, in response and ahead of Ermolov and Goryachy's public presentation of their research at Black Hat Europe, Chipzilla published eight vulnerability notices: the tech giant admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) could be attacked to give miscreants access to the controversial hidden administrative layer - effectively granting God-mode on the computer. Read More
As Version2 could report a week ago, experts from security company Positive Technologies held last week a presentation at the Black Hat Europe Conference, claiming that more of the vulnerabilities could still be exploited. Read More
You will no longer undo the firmware in the Intel chips: this is how the Management Engine has been secured
Only last month, just before the public presentation of these vulnerabilities at the Black Hat Europe conference , patches were released , which, however, have yet to be adapted by the equipment manufacturers and published as computer firmware updates. Read More
A vulnerability in a programming language puts the application at risk? - Researcher's report
This view was published by IOActive researcher Fernando Arnaboldi at the "Black Hat Europe 2017" conference held in London on December 4-7, local time . He says that serious vulnerabilities exist in interpreters used by the five popular programming languages, posing a danger to interpreted / executed applications. Read More
5 computer languages that introduce security vulnerabilities
The Security Researcher for IOActive (US IT Security Audit and Consulting Firm) took advantage of the Black Hat Europe conference held last week in London to highlight the risks involved in five programming languages. Read More
Vulnerabilities in programming languages make apps vulnerable
Fernando Arnaboldi, security researcher at IOActive, has presented severe security vulnerabilities in five programming languages at the Black Hat Europe conference. Read More
Doppelganging - there is still no answer to this type of attack. Antiviruses blind and helpless
During the Black Hat Europe 2017 conference, a completely new type of attack on Windows computers was presented. Antivirus programs and security built into the system remain blind and helpless. Read More
Black Hat Europe 2017: Security experts spotted the vulnerabilities in 5 of the most popular programming languages
This week at Black Hat Europe 2017 security conference, a security researcher disclosed vulnerabilities appear several currently very popular interpreted programming language. Programming languages that exist on these issues may make an application to use these language development and therefore very vulnerable to attack. Read More
WARNING! Your Windows may not be able to see a new generation virus
A new kind of virus does not leave traces and parasites on the internal mechanisms of AVS-scanners. This program community was told at the Black Hat Europe 2017 conference. Read More
Impossible to write secure code when the language itself has shortcomings
IOActive Security Consultant Fernando Arnaboldi presented a report at the Black Hat Europe Conference last week, describing this. His founding is that the language itself could mean that code works in a way that programmer can not predict. Among unexpected, undesired behaviors are security holes. Read More
These five programming languages have flaws that expose apps to attack
IOActive researcher Fernando Arnaboldi revealed at last week's Black Hat Europe conference that serious flaws in interpreters for five popular programming languages put applications parsed by them at risk. Read More
Five programming languages with hidden flaws vulnerable to hackers
At the recent Black Hat Europe conference, IOActive security services revealed it had identified flaws in five major, interpreted programming languages that could be used by hackers in crafting an attack. Read More
Language bugs infest downstream software, fuzzer finds
Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use. That's the conclusion of research presented last week at Black Hat Europe by IOActive's Fernando Arnaboldi. Read More
Researchers use radio to jump air gapped industrial control systems
The researchers presented their work at the Black Hat Europe conference in London on December 6. Researchers David Atch and George Lashenko demonstrated a method for reprogramming Siemens programmable logic controllers (PLCs) to generate "encoded radio signals" that could be received over ordinary AM radios. The signals could be used to steal (or "exfiltrate" sensitive data from the networks, the researchers claim. Read More
Severe flaws in most popular programming languages could expose to hack any secure application built on top of them
Last week, IOActive Senior Security Consultant Fernando Arnaboldi presented at the Black Hat Europe 2017 security conference the results of an interesting research about vulnerabilities in several popular interpreted programming languages. Read More
Researchers have been showing details of the Intel ME hack for months at the Black Hat Europe security conference. You can exploit security holes in the management engine of modern Intel CPUs even if it was actually partially disabled by kill bit. Read More
Major Intel ME Firmware Flaw Allows Attackers Get 'God Mode' On A Vulnerable Machine
In a recent presentation held at Black Hat Europe in London, security researchers from Positive Technologies, Mark Ermolov and Maxim Goryachy revealed how a buffer overflow they discovered in the Intel's secret Management Engine 11's firmware can be exploited by sophisticated attackers to gain unauthorized access to ME functionality even when it's turned 'off.' Read More
Intel Chip Flaw Enables Malware to Gain Full Access to Computer Assets
A flaw in Intel processors allows malware to reside undetectable on nearly any recent Intel-based computer manufactured since at least 2015, researchers from Positive Technologies revealed Dec. 6 at Black Hat Europe. Read More
North Korea is 'hacking soaring Bitcoin exchanges', say researchers
Ms Shen and her colleagues have tracked attacks by hacking groups Lazarus, Bluenoroff and Andariel - suspected to be North Korean operations - on financial institutions including banks in Europe and South Korea, an ATM company and Bitcoin exchange. Read More
Secure Apps Exposed to Hacking via Flaws in Underlying Programming Languages
Research presented this week at the Black Hat Europe 2017 security conference has revealed that several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks. Read More
Malwarebytes sees New Mafia launching cyber-attacks
Walking around Black Hat Europe this week we asked vendors should we 'out' companies over breaches? The majority agreed with Malwarebytes that the current headlines were not helpful and many suggested that they knew of clients who would pay to make the situation go away. Read More
All this is due to a new technique used by pests, details of which have been presented by security researchers at the recent Black Hat Europe conference . Read More
'Doppelganging' Attack Evades Antivirus, Hits All Windows Versions
A newly discovered malware attack affects all versions of Windows, often isn't detected by antivirus software and can't be patched. This isn't a riddle: it's the Process Doppelganging attack, which was presented today (Dec. 7) at the Black Hat Europe 2017 security conference in London. Read More
Process Doppelganging attack affects all Windows version & evades AV products
Dubbed 'Process Doppelganging' by Tal Liberman and Eugene Kogan of EnSilo, the attack was demonstrated during Black Hat Europe 2017 security conference in London earlier today. Read More
"In computer security, 'trusted' means this piece of code, or whatever is being trusted, is capable of destroying my whole security integrity," she said in her keynote entitled "Security Through Distrusting" here today at Black Hat Europe. She says we have too much trust in technology and this trust is leaving us vulnerable to attack. Read More
"Process Doppelganging" Attack Works on All Windows Versions
Today, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelganging." Read More
Market-leading security products broken by Doppelganging attack
Two researchers from enSilo, Eugene Kogan and Tal Liberman, revealed the 'Process Doppelganging' attack methodology at Black Hat Europe on this morning (Thursday). Read More
If you're thinking that this seems like an incredible security vulnerability then you're not alone, and a team at Black Hat Europe 2017 has demonstrated yet another flaw in this black box, allowing arbitrary code execution and bypassing many of the known ME protections. Read More
During the Black Hat Europe 2017 event, the security company demonstrated how it is possible to inject code into the operating system during file movement due to a flaw in the NTFS file system, circumventing security measures and the anti-virus systems themselves installed. Read More
Security industry needs to be less trusting to get more secure
Delegates to Black Hat Europe have been encouraged to turn conventional security thinking on its head by practicing security through distrust. Read More
The security firm disclosed its findings this week at the Black Hat Europe conference in London. Technical details and proof-of-concept (PoC) code will be made available shortly. Read More
New code injection method avoids malware detection on all versions of Windows
Presented at Black Hat Europe, a new fileless code injection technique has been detailed by security researchers Eugene Kogan and Tal Liberman. Dubbed Process Doppelganging, commonly available antivirus software is unable to detect processes that have been modified to include malicious code. Read More
#BHEU: Attackers and Spies Merge with Evolved Attacks
Speaking to Infosecurity at Black Hat Europe, Eward Driehuis, research chief at SecureLink said that convergence is happening now, as cyber-criminals are doing Big Data analysis on their victims to determine what would be of value. Read More
Speaking at Black Hat Europe in London, Joshua Crumbaugh, Chief Hacker and CEO at PeopleSec, gave live red teaming tips and recorded examples of how to successfully hack into a company using only a confident manner over the phone. Read More
Doppelganging: How to circumvent security products to execute code on Windows
At Black Hat Europe on Thursday, security professionals Eugene Kogan and Tal Liberman from endpoint security firm enSilo revealed research into how cybersecurity products on the market can be circumvented by exploiting how they scan for malware and interact with memory processes. Read More
"How many people think we're better off today than seventeen years ago?" Chris Painter, the former and first-appointed cyber coordinator for the US State Department asked in his keynote at Black Hat Europe, held this week in London. He didn't seem surprised at the response. Read More
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough. Read More
How the Major Intel ME Firmware Flaw Lets Attackers Get 'God Mode' on a Machine
Researchers who discovered the flaw went public today at Black Hat Europe in London with details of their finding, a stack buffer overflow bug in the Intel Management Engine (ME) 11 system that's found in most Intel chips shipped since 2015. ME, which contains its own operating system, is a system efficiency feature that runs during startup and while the computer is on or asleep, and handles much of the communications between the processor and external devices. Read More
Former US State Department cyber man: We didn't see the Russian threat coming
Chris Painter, former co-ordinator for cyber issues at the US State Department, told delegates at the Black Hat EU conference that cyber issues have emerged as a core topic for governments worldwide. Read More
#BHEU: Government Agreements Needed on How to Prevent Cyber-Conflict
Asking for a show of hands from the opening keynote at Black Hat Europe in London, Chris Painter, the first and former coordinator for cyber issues at the US State Department, found that only a few members of the audience felt governments were doing a good job of talking to the security industry about threats and problems. Read More
Black Hat Europe 2017: Blueborne trifft Alexa, Intel ME ausgehebelt
Alexa wurde per Bluetooth-Lucke ubernommen, Intels Management Engine uber einen komplizierten Exploit. Und auch sonst war einiges los am ersten Tag der Black Hat Europe in London. Read More
#BHEU: Security Created Fragility Without Consideration for the World
Kicking off the opening day of Black Hat Europe in London, founder Jeff Moss said that the event was "trying to be different and be more practical" and encouraged the audience to try at home or at work if they "see something on the screen." Read More
Newly Revealed Flaw in Intel Processors Allows Undetectable Malware
The vulnerability presented by researchers from Positive Technologies at Black Hat Europe Dec. 6 detail a nightmare scenario. The CPU flaw allows malware to reside on nearly any recent Intel-based computer manufactured since at least 2015 so that it's completely undetectable. Read More
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Saurabh Harit, managing consultant with Spirent, will present his findings on flaws in IV infusion pumps and digital smart pens at Black Hat Europe this week. Read More
AT&T Prepared for Court Battle to Defend Proposed Time Warner Merger
The vulnerabilities allow an attacker "to run unsigned code in [the Platform Controller Hub] on any motherboard via Skylake ," an abstract states from a Black Hat Europe security conference talk scheduled for Dec. 6. Read More
Managing Security Risk in the Face of Intel ME Vulnerabilities
Later in the year, researchers from Russia-based Positive Technologies discovered additional vulnerabilities in the firmware. The duo submitted the information to Black Hat Europe and announced that they plan to share it publicly in a 50-minute briefing on Dec. 6, 2017. Read More
Leaky Intel chips: many systems only patched next year
Next month at the hacker conference Black Hat Europe , the researchers will give a demonstration of the attack. Then more details of the problem must become clear. Read More
Samsung Pay reveals the data of mobile device owners
Samsung has already been informed about the problem. More information about the HC research will be presented at the Black Hat Europe 2017 conference, which will be held on December 4-7 in London. Read More
Millions of devices could be at risk from Intel Management Engine vulnerabilities
Intel has issued a security advisory over security flaws on its PC, server, and Internet-of-Things processors that make the platforms vulnerable to remote attacks. Mark Ermolov and Maxim Goryachy of Positive Technologies Research identified the issues, and will reveal full details of the Intel Management Engine flaws in a talk at the Black Hat Europe security conference on December 6. Read More
Feds urge companies to take Intel's latest security vulnerability seriously
Security researchers Mark Ermolov and Maxim Goryachy first described the situation in late August in an article posted to their company's blog. They plan to talk about their research at the Black Hat Europe conference next month in London. Read More
Fix multiple vulnerabilities - firmware for Intel's "Management Engine" and others
Mr. Goryachy and Ermolov are planning to announce the research results on ME at "Black Hat Europe" in December . An attacker is trying to reveal a method of moving unsigned code in a microprocessor in a form invisible from the main CPU and anti-malware software. Read More
Intel: millions of vulnerable PCs with 11 vulnerabilities (even extinct)
The two researchers are expected to present the results of their study in December 2017 at the Black Hat Europe conference, but Intel took the lead and conducted an audit of the affected systems, including the Management Engine (ME). Read More
Millions of Intel processors are vulnerable due to the secret code
This vulnerability, which the researcher will present at the Black Hat Europe November conference in depth, has spurred Intel with a thorough research. Read More
Intel CPUs Have Serious Security Flaws: What You Should Know
Two Russian researchers working for a firm called Positive Technologies claim to have found ways to attack the ME via a USB port and thus take over a PC. They'll be presenting their findings at the Black Hat Europe 2017 security conference on Dec. 6. Read More
Intel: We've found severe bugs in secretive Management Engine, affecting millions
Goryachy and Ermolov will present their research on an ME flaw at Blackhat in December, detailing how an attacker can run unsigned code in the microprocessor and remain invisible to the main CPU and any anti-malware software. Read More
INTEL CHIP FLAWS LEAVE MILLIONS OF DEVICES EXPOSED
Intel specifically undertook what spokesperson Agnes Kwan called a "proactive, extensive, rigorous evaluation of the product," in light of findings that Russian firmware researchers Maxim Goryachy and Mark Ermolov will present at Black Hat Europe next month. Read More
Intel Patches Management Engine for Critical Vulnerabilities
The flaws were reported to Intel by security researchers Mark Ermolov and Maxim Goryachy from Positive Technologies. The two researchers plan to provide full details of the Intel ME flaws in a talk on Dec. 6 at the Black Hat Europe security conference. The researchers said they found a vulnerability in a subsystem of Intel ME versions 11 and higher. Read More
Critical leaks with Intel chips: you too may be at risk
Next month at the hacker conference Black Hat Europe , the researchers will give a demonstration of the attack. Then more details of the problem must become clear. Read More
Hackers can remotely control computers with Intel chip due to vulnerability
Currently it is not yet known how serious the leak is. Security researcher Filippo Valsorda says to the Wired tech website: "This looks bad, but we do not yet know how easy it will be to abuse these vulnerabilities." According to expectation, researchers of the leak will publish more details next month, after the hacker conference Black Hat Europe. Read More
Black Hat's Newest Research: The Cyber Threat in Europe
Black Hat Europe's first-ever research report entitled, The Cyber Threat in Europe, details major concerns among the InfoSec community including infrastructure security, nation state attacks, enterprise security risks, and the implications of the NIS Directive and GDPR requirements. Read More
Europe not ready for imminent cyber strikes, say infosec professionals
According to a poll of more than 120 IT and security professionals registered to attend Black Hat Europe 2017, 42% said cyber espionage by major nation states such as Russia and China and attacks by rogue nations such as North Korea pose the biggest threat to EU critical infrastructure. Read More
Researcher Provides Insight Into North Korea Cyber-Army Tactics
Shen concluded her session by noting that she will be discussing more details about the cyber-crime activities of the North Korean hacker groups in December at a session at the Black Hat Europe conference. Read More
In December 2017 Forcepoint will be present at Black Hat Europe 2017, where we will provide more information about the evasion techniques that NSS discovered. Read More
Big security breach in Intel platforms from Skylake CPUs
The problem was revealed by the firm Positive Technologies which will give more details to the conference Black Hat Europe to be held on December 4th. Meanwhile, we know that they go through the Intel Management Engine, a module within the chipset with its own calculation units and operating system. Read More
"Game Over!" - Intel's Hidden, MINIX-powered ME Chip Can Be Hacked Over USB
The security firm Postive Technologies earlier promised to tell more about the God-Mode in December at Black Hat Europe and said that they had found a way for "an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard." Read More
Researchers at Black Hat Europe next month will demonstrate a data-exfiltration attack on Siemens PLCs that uses combination of code manipulation and Radio Frequency (RF) emissions. Read More
Cognitive Mindhacks: How Attackers Spread Disinformation Campaigns
In a few weeks, Kropotov will join fellow FTR senior researchers Fyodor Yarochkin and Lion Gu to present tools and techniques used among cyber propaganda perpetrators around the world in a Black Hat Europe presentation titled "Enraptured Minds: Strategic Gaming of Cognitive Mindhacks." Read More
He will present a recording of the call, lessons learned, and best practices from years of social engineering research, during his Black Hat Europe session "How to Rob a Bank Over the Phone - Lessons Learned and Real Audio from an Actual Social Engineering Engagement." Read More
More details are available in a research paper called a "Key Resinstallation Attacks: Forcing Nonce Reuse in WPA2," scheduled to be formally presented tomorrow at the Computer and Communications Security (CCS) conference and at Black Hat Europe. Read More
Wanna exorcise Intel's secretive hidden CPU from your hardware? Meet Purism's laptops
Positive Technologies, a London-based security biz, recently discovered how Intel does this, and at Black Hat Europe 2017 in December is expected to disclose a Management Engine flaw that allows the execution of unsigned code in the Platform Controller Hub, on motherboards sporting Skylake or later CPUs. Such code can switch off the engine by flipping an undocumented bit. Read More
The KRACK in Wi-Fi Security: What Partners Need to Know Now
'Any data or information that the victim transmits can be decrypted,' said Vanhoef in his write-up of the vulnerability. He has published the details in a research paper titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, and will present the findings at Black Hat Europe in December, as well as the Computer and Communications Security conference in Dallas next month. Read More
Researchers Reveal Critical KRACK Flaws in WPA WiFi Security
The researchers have disclosed the details of the KRACK attack in a research paper and plan on discussing it further in talks at the Computer and Communications Security (CCS) and Black Hat Europe conferences later this year. Read More
More details are available in a video, below, and in a research paper also published today called a 'Key Resinstallation Attacks: Forcing Nonce Reuse in WPA2,' scheduled to be formally presented Nov. 1 at the Computer and Communications Security (CCS) conference and at Black Hat Europe. Read More
The expert describes the attack in much more depth on a website dedicated to the KRACK attack, and in a research paper the expert plans to present at this year's Computer and Communications Security (CCS) and Black Hat Europe conference. Read More
The KRACK attacks work on all modern wireless networks using the WPA2 protocol and any device that supports WiFi is most likely impacted, the researchers said in a technical paper that they will present at the upcoming Black Hat Europe security conference. Read More
Update Every Device -- This KRACK Hack Kills Your Wi-Fi Privacy
The research appears to have been built on previously-released findings from July, when Vanhoef and colleagues discussed issues with Wi-Fi security at the Black Hat conference in Las Vegas. Read More
Multiple vulnerabilities in WPA 2 of Wi-Fi authentication? Researchers have announced the publication
Vulnerability information on "Wi-Fi Protected Access II" (WPA 2) of Wi-Fi certification is stated in the lecture notice of the security conference "Black Hat Europe 2017" to be held in early December in London and security researcher Ripples are spreading among them. Read More
Vanhoef has published his findings in a detailed research paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. He's due to present the findings on Nov. 1 at the Computer and Communications Security conference in Dallas, and in December at Black Hat Europe in London. Read More
WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto
Research behind the attack will be presented at the Computer and Communications Security (CCS) conference in November, and at the Black Hat Europe conference in December. Read More
Researchers promise demo of 'God-mode' pwnage of Intel mobos
Security researchers say they've found a way to exploit Intel's accident-prone Management Engine, and will reveal the problem at Black Hat Europe in December. Read More
Intel Management Engine scare again: chips not detectable infected?
This year's Black Hat Europe conference, which will take place in early December, will feature a spectacular attack on Intel Management Engine (ME), the first of its kind, and at the same time, posing a big question of the legitimacy of using such technologies. Read More
Security professionals name top causes of breaches
Nearly 55% of more than 130 attendees of the 2017 Black Hat security conference in Las Vegas admitted their organisations had been hit by cyber attacks. Read More
Hash of the Titan: How Google bakes security all the way into silicon
As Clune notes, the recent Black Hat conference in Las Vegas research on firmware vulnerabilities (PDF) might be used to plant software backdoors. Google acknowledges such outside interference as a risk it is trying to exclude. Read More
Microsoft's Bid to Save Powershell From Hackers Starts to Pay Off
At the Black Hat and DefCon security conferences in Las Vegas last month, Microsoft's Holmes gave multiple presentations tracking methods attackers could use to hide their activity in PowerShell. Read More
Inside the Black Hat USA Network Operations Center
Created five years after DEF CON, a more rowdy hacker conference which takes place the weekend after, Black Hat in the United States is perhaps the best known of the annual gatherings of information security professionals in the world. So the Black Hat USA NOC has its work cut out for it. Read More
72 percent of the respondents do not believe encryption backdoors would make their nations safer from terrorists, according to a Venafi survey of 296 IT security pros, conducted at Black Hat USA 2017. Read More
Why you need to implement security controls across your environment
In this podcast recorded at Black Hat USA 2017, Tim White, Director of Product Management, Policy Compliance at Qualys, discusses the importance of security configuration assessment as part of a comprehensive vulnerability management program, and why automating the configuration assessment and reporting of varied IT assets in a continuous manner is important to securing today's organizations. Read More
Hiring More People is Top Need for Better Security in 2017
The firm surveyed 108 pros at Black Hat USA last month and revealed that more than two-thirds (70%) of respondents who said 'people' consider hiring 'experienced professionals' as a priority whilst 30% said that they were willing to hire inexperienced individuals and train them on the job. Read More
Black Hat is one of the biggest hacker conventions and notorious for having attendees' phones breached. If you can survive Black Hat without your mobile device compromised, you can trust it to be reasonably secure anywhere. Here's how Ragan and Rashid stayed safe at Black Hat. Read More
72 percent of security pros say encryption backdoors won't stop terrorism
A new survey of information security professionals carried out at last month's Black Hat conference suggests that the majority think encryption backdoors are ineffective and potentially dangerous. Read More
Incident Response and Threat Intelligence: A Potent One-Two Punch to Fight Cybercrime
At the recent Black Hat event, Mike Oppenheim, global research lead for IBM X-Force Incident Response and Intelligence Services (IRIS), took the time to share his thoughts on some of the major threats that have wreaked havoc so far in 2017. Read More
We live in an imperfect world, as Alex Stamos, Chief Information Security Officer of Facebook pointed out in his recent BlackHat 2017 keynote address. Read More
The human point: Gaining visibility into the context behind user actions
In this podcast recorded at Black Hat USA 2017, Dr. Richard Ford, Chief Scientist at Forcepoint, talks about the security industry's need of a paradigm shift toward examining user behavior and intent. Read More
Locky Ransomware Returns with New IKARUSdilapidated Phishing Campaign
At Black Hat USA 2017 last month, researchers presented the results of a study by Google, Chainalysis, UC San Diego and the NYU Tandon School of Engineering, which found that 35 ransomware strains earned cybercriminals $25 million over the past two years. Read More
The cybersecurity 'walls' that organizations have built around sensitive information are failing to stop breaches: 73 percent of hackers surveyed at the recent 'Black Hat' convention believe traditional security perimeters of firewalls and antivirus are irrelevant or obsolete. Read More
Faulty firmware OTA update bricked hundreds of LockState smart locks
At the last Black Hat hacker conference security experts demonstrated how to hack electronic locks, and the news I'm going to tell you demonstrates how annoying could be an incident to occurred to hundreds of smart locks. Read More
Most Small to Mid-Sized Organizations Don't Use Multi-Factor Authentication
The impact can be significant. A recent Thycotic survey of more than 250 hackers at Black Hat 2017 found that 32 percent of respondents said accessing privileged accounts is the easiest and fastest way to get at sensitive data, while 27 percent said the same of accessing email accounts. Read More
Docker Adds IBM Mainframes, Enhanced Security Support to EE
Docker's Swarm container orchestration platform has been cited as the 'gold standard' in terms of security. However, the platform was the center of attention at several sessions dedicated to container security at the recent Black Hat USA event. Read More
Hacking From The Inside: A Report From The Black Hat Conference
What do hackers want, and how do they go about getting it? Those questions were answered - by hackers themselves - in a survey conducted by Thycotic at this year's Black Hat Conference in Las Vegas. Read More
Privileged account solutions specialist Thycotic carried out a survey of more than 250 hackers at 2017's Black Hat conference and found that 32 percent of respondents see privileged accounts as the best way of getting hold of sensitive data, with 27 percent preferring access to user email accounts. Read More
Hackers See Privileged Accounts as Best Route to Sensitive Data
When it comes to what works and doesn't work for protecting critical data, nearly one third (32%) of respondents at the recent Black Hat conference said that accessing privileged accounts was the number one choice for the easiest and fastest way to get access to critical data. Read More
JASK Employs Artificial Intelligence to Automate Smarter Security
Add JASK to the list of startups looking to relieve the burden on overwhelmed security teams through the use of artificial intelligence. The San Francisco-based company unveiled its JASK Trident platform at the recent Black Hat conference in Las Vegas. Read More
n some cases, upper management is putting a cap on spending and hiring. In the recently published 2017 Black Hat Attendee Survey, most security professionals say they are increasing hiring and spending. Read More
VMware Patches 'Hard-to-Exploit' DoS Vulnerability
Last month, at the Black Hat security conference in Las Vegas, researchers showed how attackers with limited vSphere accounts could abuse a VMware API to access the guest operating system without authentication. Read More
Time, Security Cited as Hurdles to Adoption of Containers
During the recent Black Hat USA event, there were several sessions dedicated to container security issues. Kirkland said from what he heard, most of the vulnerabilities noted were mundane issues he thought were highlighted for maximizing exposure. Read More
In a press conference at the Black Hat USA conference, Lee provided insight into how ICS security works (or doesn't) today and what more needs to be done. Read More
Are Organizations Safe From Cyber Attacks? Experts Say Most Still Vulnerable
Threat detection firm Tripwire surveyed 108 security professionals at the Black Hat USA hacker conference held in Las Vegas in July. It found a considerable number of experts who were dismayed by the response of organizations in the wake of attacks like WannaCry and Petya. Read More
'Visibility' was one of the five words that defined this year's Black Hat conference, and its importance to security professionals is amplified in the results of the Vanson Bourne survey sponsored by Gigamon. Read More
Top 10 Worst Tech Mistakes in the World of Android
To their credit, BLU says they were unaware that the software was installed on the phones and quickly rolled out a software update to remove it, but Kryptowire shared concerns at a Black Hat security conference this year that Chinese companies are just getting better at masking their server pings rather than removing the firmware altogether. Read More
District attorney: Gathering cybercrime evidence can be difficult
At Black Hat 2017, SearchSecurity sat down with Norman Barbosa, assistant U.S. state's attorney for the western district of Washington and the office's coordinator of computer hacking and intellectual property crimes, who is based in Seattle. Read More
Mr. Carson is a respected cybersecurity professional and ethical hacker with more than 25 years' experience in enterprise security. Joe speaks at global conferences such as Black Hat, and he serves as Chief Security Scientist at Thycotic. Read More
Hackers Say Humans Most Responsible for Security Breaches
Thycotic surveyed a cross section of hackers attending Black Hat. Fifty-one percent described themselves as white hats; 34% described themselves as grey hats using their skills for both good and bad causes; and 15% self-identified as out-and-out black hats. Read More
The 20th edition of Black Hat USA (BHUSA) did not disappoint, if your expectations were the largest exhibit floor, the most lasers, and the biggest attendance ever. Black Hat USA has become one of the most anticipated infosec conferences of the year Read More
Black Hat at 20, DefCon at 25: Not just about breaking things
One way Black Hat has prospered is by becoming the venue of choice for security researchers seeking to showcase new ways to hack something interesting, like cars, an ATM, or insulin pumps. But these events are not just about breaking things; in this post I point to one of several briefings this year which made that point quite effectively. Read More
Are international cyber attacks the wave of the future?
When cyber-security professionals were polled recently at their annual BlackHat conference in Las Vegas, 60% said they expected the United States to suffer a successful attack against its critical infrastructure in the next two years. Read More
Such notifications are customary to allow organizations time to fix problems. That's also despite the fact that representatives of both companies were together recently at the Black Hat security conference. Read More
Brandstetter revealed security problems with popular "smart" home and building automation systems at the recent Black Hat security conference. Read More
This New Squad of Internet Experts Will Try to Bring Order to Global Cyber Conflict
But 'cyberspace is not a jungle,' the new commission's chair, Marina Kaljurand, told an audience at the Black Hat computer security conference in Las Vegas last month. Read More
In this podcast recorded at Black Hat USA 2017, Mike Kirschner, Senior Vice President of Advanced Threat Intelligence at InfoArmor, talks about how they offer operatively-sourced threat intelligence, specialized cyber security services and real-time, client-specific alerts to protect your network and prevent data exfiltration. Read More
Is defense the 'new Black (Hat)'? Notes from 2017's 'security summer camp'
As security pros converged for their annual gathering in the Nevada desert, the growing maturity of the field is on display, along with a wide range of interests embracing both breakers and builders. But does Black Hat in particular back up its new emphasis on defense with action? Read More
IMO Black Hat USA continues to grow into a better version of the RSA Conference. Less vendor marketing nonsense. Fewer suited, disconnected executive types. Actual practitioners and 'real' people to talk to, both in terms of attendees and vendors. Read More
Carbon Black EDR Service Exposing Customer Data Through Cloud Scanning
Compromised computers with no direct access to the Internet could still have data exfiltrated by attackers using the security software's cloud sandbox as a channel to the Internet, security firm SafeBreach stated in research presented at the Black Hat Security Briefings in Las Vegas last month. Read More
Understanding your responsibility and security in the cloud
In this podcast recorded at Black Hat USA 2017, Chris Drake, CEO at Armor, talks about the difference between security of the cloud and security in the cloud. Read More
The security revolution: Is protecting critical infrastructure all talk and no action?
And a survey of leading security experts at the Black Hat conference in Las Vegas, Nevada, last month found that 60 percent believed there will be a successful attack on the nation's critical infrastructure within two years. Read More
How FBI cyber investigations handle obfuscation techniques
SearchSecurity sat down with David West, assistant section chief of the FBI's Cyber Division, operational section four, at the Black Hat conference in Las Vegas to talk about how the FBI performs cyber investigations. Read More
Google Patches 10 Critical Bugs in August Security Bulliten
Over the past several years, Google has prioritized shrinking the Android attack surface. Those efforts have included focusing on containment of key aspects the Android system such as the Media Framework and the Android kernel. Google calls these efforts architectural separation and architectural decomposition and were the subject of a Black Hat presentation last month. Read More
Recently, I saw him speak at the 20th anniversary of Black Hat, an annual cyber security conference in the desert attended by more than 15,000 people. Stamos had a simple message for the cyber security community that he refers to as a 'dysfunctional family': I love you, but you need to change. Read More
FBI: Cyber investigations no different from real world
SearchSecurity sat down with David West, assistant section chief of the FBI's Cyber Division, operational section four, at the Black Hat conference in Las Vegas to talk about how FBI cyber investigations are performed and how the agency meets the burden of proof. Read More
The Patching Dilemma: Should Microsoft Fix Flaws in Older Tech?
The company's decision to choose the latter was a topic of conversation at Black Hat USA and DEF CON last month. Researchers presented on security holes Microsoft had declined to patch and instead offered users guidance and workarounds to protect their systems from attack. Read More
n this podcast recorded at Black Hat USA 2017, Mike Banic, Vice President, Marketing, and Chris Morales, Head of Security Analytics at Vectra Networks, talk about the use of artificial intelligence to perform non-stop, automated threat hunting with always-learning behavioral models to find hidden and unknown attackers before they do damage. Read More
What Wall Street can teach Black Hat's 'Wall of Sheep'
Every July, thousands of the world's most savvy security professionals descend upon Las Vegas for the Black Hat conference. For the uninitiated, the well-understood rule of the conference is that mobile devices stay in your hotel room, lest you wind up on the 'Wall of Sheep,' a conference stalwart posting in which hackers happily embarrass those who aren't practicing 'safe' computing. Read More
Engineering firm exposes SCIF plans and power vulnerability reports
During the Black Hat conference in Las Vegas, CSO spoke with two experts about ICS threats, including locating sensitive information online due to misconfigurations and general OSINT research. Read More
Severe Deserialization Issues Also Affect .NET, Not Just Java
The research team presented their findings at this year's Black Hat and DEF CON security conferences, held in early August in Las Vegas, USA. Read More
But Blackhat, unlike its name suggests (the term Blackhat refers to a hacker who violates malicious security systems) is a business-oriented conference. According to Moss, the event was created to educate CSOs and information security professionals from large companies. Read More
Obama's cybersecurity advisor: We need to tackle 'statecraft'
Daniel served as President Obama's top cyber advisor during his second term in office. The MIT Technology Review recently caught up with him in an interview during the Black Hat cybersecurity conference. Read More
Maunder references a presentation at Black Hat 2017 which recently took place in Las Vegas. Security researcher Hanno Bock demonstrated a method to detect new WordPress sites by monitoring for new security certificates. Read More
Black Hat 2017 - GitPwnd tool could be used by attackers to communicate with compromised devices via Git repositories
Even if the Black Hat conference was ended a few days ago, here we are discussing interesting talks of cyber security experts that participated at the event. Read More
Cybersecurity headhunter shares 10 secrets from Black Hat 2017
Thousands of security-minded professionals gathered under one roof at the popular Black Hat USA 2017 Conference last week in Las Vegas. Recruiters from executive search firms, large organizations, and technology vendors were busy networking with the hacker crowd. Read More
Hackers Can Use Git Repos for Stealthy Attack on Developers
Malicious actors can abuse GitHub and other services that host Git repositories for stealthy attacks aimed at software developers, experts showed recently at the Black Hat security conference in Las Vegas. Read More
Paranoia and break dance battles: My first crazy hacker fest
Defcon is the second of two Las Vegas conferences -- the first being Black Hat earlier in the week -- that offers people in the information security community a chance to share updates on the latest hacks and ways to stop them. Read More
Privacy warnings spell trouble for millions of low-cost Android phone owners
Last week's presentation at the Black Hat security conference in Las Vegas by security firm Kryptowire came eight months after the same company first warmed about Android devices sold by Blu. Read More
Don't just fear the power grid hack. Fear how little engineers knows about it
Electrical grids were on the minds of those gathered at Black Hat, the world's biggest hacker convention - appropriately enough in Las Vegas - that took place last week. The confab draws 16,000 hackers and information technology experts from around the globe. Read More
"Weaponised AI" will be used to carry out cyber attacks "within the next 12 months"
The new research was conducted and analysed just last week at the annual Black Hat USA symposium held in Las Vegas, Nevada, For the past 20 years the Black Hat events (which are held all over the world) been central to the dissemination and discussion of the latest news, data and scuttlebutt on trends and developments in information security. Read More
At the time, Blu said it would remove the software from its phones, but during last week's Black Hat security conference, Kryptowire said the software from Shanghai Adups Technology continues to collect user data. Read More
The majority of information security professionals (62 percent) surveyed by Cylance at Black Hat USA 2017 think that hackers will weaponize AI, using it offensively over the next year. Read More
Amazon suspends sales of Blu Android phones amid spyware allegations
Amazon Monday announced it is suspending sales of certain Android phones manufactured by Blu after a Black Hat presentation claimed that three of the firm's model's sent sensitive information to third parties in China, a claim Blu denies. Read More
Weaponised AI. Davey Winder asks the industry - is that a thing yet?
That artificial intelligence was on the agenda at Black Hat should come as no surprise. The promise of AI, from machine learning through to automation, in cyber security has become a major marketing tool amongst vendors. Read More
Moving Forward with Machine Learning for Cybersecurity
At Black Hat last week, you couldn't pass a slot machine without some cybersecurity technology vendor crowing about machine learning or artificial intelligence. Yup, machine learning algorithms have great potential to help with security analytics and employee productivity, but this technology is in its infancy and not well understood. Read More
Blu, Amazon Tussle Over Smartphone Privacy Issues (Updated)
At last week's Black Hat conference, Kryptowire revealed that the firmware was still present on some devices. This time, however, it collected data in a much less obvious way. Read More
Black Hat 2017 was a vocabulary lesson for white hats, and yes, words matter. Words such as nihilism, empathy and inclusion have to matter, because what you're doing now matters so much. Read More
Privacy warnings spell trouble for millions of low-cost Android phone owners
Last week's presentation at the Black Hat security conference in Las Vegas by security firm Kryptowire came eight months after the same company first warned about Android devices sold by Blu. That Read More
How the Federal Government Wants to Improve IoT Security
At the Black Hat USA security conference on July 26, FTC Commissioner Terrell McSweeny outlined several steps her agency is already taking to help protect consumers of IoT devices. Sweeny's Black Hat talk was specifically about how vendors can market devices and make accurate claims about funcationality. Read More
Black Hat 2017 was filled with the usual assortment of fresh vulnerabilities and emerging threats, including a devastating proof-of-concept attack for mobile devices and the first-known example of malware designed to cripple electrical grid substations. Read More
How Cybersecurity Can Step Up Its Game Through Information Sharing
'Unfortunately, the trend lines are currently against us,' Daniel told Infosec Insider during a recent video interview at the Black Hat conference in Las Vegas, Nevada. Read More
Black Hat 2017 and Workforce Strategy for the Cybersecurity Talent Shortage
Black Hat 2017, held in Las Vegas from July 22 to 27, 2017, is one of the major cyber-security industry conferences of the year. This year's conference highlighted a growing need to reexamine the enterprise's workforce strategy when it comes to cybersecurity. Read More
Tech community confronts cyber policy at Black Hat
Jeff Moss, founder of the Black Hat cybersecurity conference, said the annual event here provides "a crystal ball" on upcoming information-technology issues, and that may apply to cyber policy too. Read More
Artificial Intelligence Taking a Bigger Role in Antimalware Technology
At the Black Hat conference here, McAfee announced that its flagship product, McAfee ATD (Advanced Threat Defense) 4.0, is now augmented with machine learning models. Read More
The first day of Black Hat was a whirlwind of InfoSec stories and information. While I already covered the great keynote presentation by Facebook CSO Alex Stamos, and tried to shine a light on the lack of printer security courtesy of HP, there are so many different topics being discussed at the conference that nobody can possibly see even a fraction of what is being presented. Read More
3 key cybersecurity trends and takeaways from Black Hat and DEF CON 2017
Unlike its name might suggest, Black Hat is the more business-oriented of the two conferences. Moss created it to educate CSOs and InfoSec security teams from large enterprises. Though the same speakers often attend both, the briefings at Black Hat are more professional and often focus on (or at least end with) defensive strategies. Read More
Amazon suspends sale of Blu phones amidst privacy concerns
Both Blue and Adups announced shortly after that they had taken steps to resolve the issue, but researchers showed at the Black Hat conference that phones made by Blue were still transmitting private information and were capable of installing apps, taking screenshots, recording screens, making calls, and wiping devices without users' permission. Read More
How to keep yourself safe from Chinese spyware on budged Android phones
Kryptowire appeared at July's Black Hat security conference in Las Vegas to say the spyware still existed on some of Blu's current phones, which led to Amazon's decision the following week. Read More
Microsoft Security Put to the Test at Black Hat, DEF CON
In his Black Hat presentation "Infecting the Enterprise: Abusing Office365 PowerShell for Covert C2," Craig Dods, chief architect of security at Juniper Networks, explained how Office 365 is ideal for a command and control infrastructure. He argued businesses aren't considering the risk of Office 365 adoption and demonstrated how attackers can take advantage. Read More
Amazon halts Blu phone sales over 'potential security issue'
However, at the Black Hat security conference last week, Kryptowire demonstrated that Adups was still transmitting users' private data and featured a command-and-control server capable of installing apps, taking screenshots, recording the screen, making calls, and wiping devices without the user's permission. Read More
Amazon Halts sale of Android Blu Phone Amid Spyware Concerns
The phone maker came under scrutiny last week by researchers at Kryptowire during a Black Hat session where they criticized the company for collecting personal identifiable information without user consent. Read More
Experts debate Vulnerabilities Equities Process disclosure
A panel of experts at the Black Hat conference in Las Vegas discussed the topic, including Jason Healey, senior research scholar at Columbia University, who said the Vulnerabilities Equities Process has two major aims. Read More
Amazon Pulls Blu Smartphones Over Spyware Concerns
But at Black Hat last week, Kryptowire revealed that several Blu phones, including the best-selling Blu Advance 5.0, still contain spying software created by Shanghai Adups Technology. Read More
But two recent research papers, presented together at Black Hat, argue that data analysis should carry more weight than 'speculation and anecdote' in setting government policy on the matter. Read More
Amazon halts sale of Blu phones preloaded with 'potential' Chinese spyware
At last week's Black Hat security conference, the company revealed that a spyware from Chinese software company Shanghai Adups Technology was present on a handful of Blu devices. Read More
Google Tracks Ransomware Payments at Scale With Machine Learning
Ransomware isn't just a hot topic in the media, it's a real and growing threat, according to a team of Google-led researchers. Google publicly presented its findings in a session titled "Tracking Ransomware End to End" at the Black Hat USA security conference in Las Vegas on July 26. Read More
Amazon finally suspends sales of $60 Blu Android phones after discovering they STILL secretly send user data to China eight months after the firm first claimed spyware was a mistake
'They replaced them with nicer versions,' Ryan Johnson, a research engineer and cofounder at Kryptowire, said last week at the Black Hat security conference in Las Vegas. Read More
Researchers find some phones secretly sending data to China
At the Black Hat security conference in Las Vegas on Wednesday, researchers from Kryptowire, a security firm, revealed that Adups' software is still sending a device's data to the company's server in Shanghai without alerting people. But now, it's being more secretive about it. Read More
The attack, known as the 'Ghost Telephonist', was presented at the ongoing hacker summit Black Hat USA 2017 and DEF CON in Las Vegas, Nevada. Read More
Numerous variants of so-called server-side-request-forgery attacks have been shown by James Kettle of Portswigger at the Black Hat conference in Las Vegas. Kettle's main focus was to confuse load balancers and web servers with cleverly chosen HTTP headers. Read More
Unicorn Team demonstrated the findings on Sunday at the Black Hat USA 2017 hacker summit. As per the team of researchers, CSFB's authentication step is missing from its procedure, which can allow easy access to hackers to the phone. Read More
Exposed IoT servers let hackers unlock prison cells, modify pacemakers
In one of the slides at his Black Hat talk, he described how a user-modified Tesla vehicle was leaking its real-time geolocation and other vital statistics. Read More
Same Chinese white hat group hacks into Tesla for second year
In an impressive video demoed at the on-going hacker summit Black Hat USA 2017 and DEF CON in Las Vegas, Nevada, Chinese security researchers from the Keen Security Lab at Tencent managed to remotely take control of Tesla Model X cars. Read More
Researchers from Italy's Politecnico di Milano unveiled at Black Hat last week an add-on Windows driver and filesystem that detects ransomware and recovers files. Read More
During a Black Hat session on hardening Android, Kralevich discussed the multi-year journey Google developers have been on to get to where it is today. Read More
Black Hat 2017: Hacked Car Wash Could 'Physically Attack' People
The internet-connected control interface used by a range of car washes made by PDQ, a Wisconsin-based manufacturer, contains security vulnerabilities that make it easy for hackers to access, Billy Rios of WhiteScope and Jonathan Butts of QED Secure Solutions said in a presentation at the Black Hat USA security conference in Las Vegas. Read More
Black Hat 2017 has come and gone, and attendees have scattered to the winds, going home to count their new t-shirts, run exhaustive anti-malware passes on their devices and take stock of everything they learned at the conference. Read More
Nuclear Power Plants at Risk Due to Radiation Monitoring Flaws
Ruben Santamarta, principal security consultant at IOActive, presented his findings in a white paper titled, 'Go Nuclear: Breaking Radiation Monitoring Devices' at the Black Hat USA event last week. He found that the security shortcomings in RMDs could be significant, since the devices help detect radiation leaks and can alert organizations to issues at nuclear power plants. Read More
Container Developers Viewed as New Security Attack Targets
Developers are often viewed as the aggressors when it comes to online security. But participants at a Black Hat USA session argued that developers were actually the new targets of attacks. This is increasingly coming to light as container developers become a bigger part of enterprise operations. Read More
BIOS Firmware Implementation Vulnerabilities Disclosed at Black Hat
At the Black Hat USA security conference in Las Vega, Alex Matrosov, principal research scientist at Cylance, detailed multiple issues he found in Intel UEFI firmware protections used by major motherboard vendors. Read More
Black Hat, DefCon Expose Flaws in Voting Machines to Smart Guns
The Black Hat show that was held at Mandalay Bay celebrated its 20th anniversary and was headlined by a keynote address from Facebook Chief Security Officer Alex Stamos. Read More
Iranian Hackers Ensnared Targets via Phony Female Photographer
Researchers at SecureWorks last week at Black Hat USA in Las Vegas published a report on their findings of this attack campaign, which began in January of this year, first as a pure phishing campaign that soon evolved with Mia Ash's phony LinkedIn, Facebook, and blog accounts to further social-engineer the targets and earn their trust. Read More
Hackers can hijack car washes, remotely trap and 'physically attack' people
It may sound like a scene from a science fiction horror flick, but security researchers Jonathan Butts, founder of QED, and Billy Rios, CEO of Whitescope, said at Black Hat vulnerabilities in 'smart,' internet-connected car wash systems could be exploited to make the car wash attacks users. Read More
A Botnet of Rogue Chrome Extensions Assaulted Wix in April 2016
The attack went unreported at the time, but last week, speaking at the Black Hat and DEF CON security conferences that took place in Las Vegas, Tomer Cohen, lead for Wix's security team, revealed more details about the incident. Read More
Smartphones, virtual-reality headsets, toy robots, quadcopter drones and self-balancing scooters can be hacked by powerful sonic blasts, a team of Chinese researchers demonstrated at the Black Hat security conference here last week. Read More
Spotlight: Could we live safer, more secure lives in 2038? A question for 20th hacker summit
During the past 20 years since the first Black Hat conference in 1997, the security community, tech industry and the world have been on a wild ride. Read More
Security this week: The very best hacks from Black Hat and Def Con
Here's a collection of some of our favorite talks from this week's Black Hat conference, including some we didn't get the chance to cover in depth. Read More
Four years ago, the deep state was the enemy. Edward Snowden had just revealed its machinations. The head of the NSA was angrily catcalled during his Black Hat keynote. Read More
"Power grid operators need to be aware that these styles of events are out there and they need to prepare for them," said Robert M Lee of Dragos Security during a talk at the Black Hat show which detailed its work to analyse the malware used in the Ukraine attack. Read More
Cloud-based antivirus programs are increasingly used. Suspicious files are uploaded into a system of the manufacturer and analyzed there in detail. Two security researchers from the company Safebreach could now show on the Black Hat that the files are run in some anti-virus programs in a sandbox with network access. This can also be exploited by attackers. Read More
How Hackers Can Use 'Evil Bubbles' to Destroy Industrial Pumps
In a talk at the Black Hat security conference Thursday, Honeywell security researcher Marina Krotofil showed one example of an attack on industrial systems meant to drive home just how surreptitious the hacking of so-called cyberphysical systems might be. Read More
The group, which includes the hackers Zenofex, 0x00string, and maximus64_, presented their flash memory hack this week at the Black Hat security conference in Las Vegas. Read More
IoT Evolution World Week in Review: Dell, Black Hat and IoT Awards
At the Black Hat USA 2017 conference in Las Vegas, a team of New York University researchers will disclose vulnerabilities in a component that combined with publicly available information provide sufficient information to model an advanced, persistent threat to the electrical grid. Read More
I play the security odds in Las Vegas by rolling the Wi-Fi dice
There's an entire network operations center at Black Hat, where the convention's security teams are working around the clock to keep people safe. Read More
Inside the ongoing fight to stamp out govt-grade Android spyware
'This was a known set of vulnerabilities,' Andrew Blaich, a security researcher at Lookout, told The Register this week at the Black Hat conference in Las Vegas. Read More
Flaws in web-connected, radiation-monitoring kit? What could go wrong?
Vulnerabilities in widely deployed Radiation Monitoring Devices (RDMs) present a potential mechanism for triggering false alarms and worse, according to research unveiled at Black Hat on Wednesday. Read More
Wallet-snatch hack: ApplePay 'vulnerable to attack', claim researchers
One of the attacks developed by the white hats, and presented at Black Hat USA yesterday, requires a jailbroken device to work, but the other assault does not. Read More
Malware? In my Docker container? It's more common than you think
Speaking at the 2017 Black Hat USA conference in Las Vegas, Aqua Security researchers Michael Cherny and Sagie Dulce said [PDF] the Docker API can be abused for remote code execution and security bypass. Read More
Systemd wins top gong for 'lamest vendor' in Pwnie security awards
The gongs are divided into categories, and nominations in each section are voted on by the hacker community. The ponies are then dished out every year at the Black Hat USA security conference in Sin City. Read More
Printers have been part of the modern home and office for decades, despite numerous attempts to go 'paperless.' But at the Black Hat conference her, Jens Muller of Ruhr University Bochum reminded attendees that just because something is ubiquitous doesn't mean it should be trusted. Read More
At Black Hat Hacker Summit, Cybersecurity Shift Urged
Against a backdrop of cyberattacks that amount to full-fledged sabotage, Facebook chief security officer Alex Stamos brought a sobering message to the hackers and security experts assembled at the Black Hat conference in Las Vegas. In effect, he said, it's time to grow up. Read More
Black Hat 2017: A Wi-Fi Hopping Worm Targeting Smartphones
Broadpwn, a vulnerability in a Wi-Fi chip found in more than a billion phones, could allow a hacker within Wi-Fi range to take over your smartphone, according to research presented on Thursday at the Black Hat security conference in Las Vegas. Read More
DefCon, Black Hat bring extra cybersecurity concerns to Las Vegas
DefCon comes on the heels of Black Hat, a conference and trade show for cybersecurity professionals. The six-day Black Hat show, which attracted more than 15,000 people, ended Thursday at Mandalay Bay. Read More
Black Hat roundup: Facebook CSO sounds off, and another warning on a social media scam
The annual Black Hat USA conference in Las Vegas is another opportunity for Infosec pros to exchange ideas on improving enterprise security as well as be criticized for their failings. We have a roundup of this week's coverage. Read More
At Blackhat, security researcher Nitay Artenstein revealed that he had detected a serious bug in the firmware--that is, the built-in software that controls and monitors--a Broadcom chip commonly used by smartphone providers (commonly meaning every iPhone and many modern Android phones including Google's Nexus and Samsung's Galaxy series) to deliver part of their WiFi capabilities. Read More
Also, their talk about the issues was accepted to Black Hat USA 2017, and the company obviously realized it could not afford to ignore them any longer Read More
Update your phone: Avoid being Pwned by bug residing in WiFi chip
Nitay Artenstein explained his findings at the Black Hat security conference on Thursday. As per Artenstein, the vulnerability in chipset would let hackers use Wi-Fi to control your phone by writing on the chip directly. Read More
The new reality is on display in Las Vegas this week at the annual Black Hat and Def Con security conferences, which now have a booming side business in recruiting. Read More
Aqua Security Reveals Developer Security Risks With Docker Containers
As Docker container use grows, so too is scrutiny into container security. In a session on July 27 at the Black Hat USA conference here, researchers from Aqua Security detailed vulnerabilities they found in Docker that could have put developers at risk. Read More
Details of Apple iCloud Keychain Flaw Emerge at Black Hat
At the Black Hat USA conference here, Radocea provided significantly more detail. In a session as well as a press conference, he revealed more insight into how he found the flaw and how bad it could have been for Apple's user base had it not been patched. Read More
Vendors Use Black Hat Event to Launch New Products, Announce Advances
This year marks the 20th anniversary of the Black Hat USA conference. In the early years of the Las Vegas event, security researcher presentations were the focus, as there were few vendor booths. Read More
Automatic Car Washes Can Be Hacked to Trap, Attack Drivers Inside, Researchers Say
The exploit was actually uncovered a couple of years ago, but it remains a theoretical possibility as they never had a chance to test it out. But a facility in Washington State finally agreed, and though they wouldn't allow the test to be filmed, it was successful (and scary) enough that they presented their findings at the annual Black Hat hacking conference in Las Vegas this week. Read More
Facebook responds to hackers: 'It's time to grow up'
Against a backdrop of cyber-attacks that amount to full-fledged sabotage, Facebook chief security officer Alex Stamos brought a sobering message to the hackers and security experts assembled at the Black Hat conference in Las Vegas. In effect, he said, it's time to grow up. Read More
33 Hot New Security Products Announced At Black Hat 2017
ecurity vendors took advantage of the Black Hat 2017 stage to show off their latest security innovations. The launches went head to head with some of the most nefarious threats and vulnerabilities, which were also on display this week at the conference in Las Vegas. Read More
At the Black Hat conference in Las Vegas this week, Lee explained how CrashOverride could be used as a blueprint for cyberattacks on energy facilities around the world. Read More
However, in a presentation at the Black Hat conference in Las Vegas, Billy Rios of security firm Whitescope and Jonathan Butts from the International Federation for Information Processing showed how easily the system could be hijacked. Read More
Broadcom chip bug opened 1 billion phones to a Wi-Fi-hopping worm attack
At the Black Hat security conference, Artenstein demonstrated proof-of-concept attack code that exploited a vulnerability in Wi-Fi chips manufactured by Broadcom. Read More
Alex Stamos, CISO of Facebook, during the keynote address earlier this week at Black Hat USA urged attendees to channel energy into innovative defensive solutions, rather than just breaking things. Read More
Again there is a serious security gap in the Broadcom WLAN firmware. The discoverer of the gap presented a particularly problematic scenario on the Black Hat : such a gap could be used for a WLAN worm that spreads itself. Read More
It's July in Las Vegas, and the cybersecurity community has once again gathered to attend Black Hat USA. As previously reported, there are a number of ways that small businesses can prepare for cyber attacks. Read More
The Black Hat community has a few asks for the 'old-hat' policy community in DC
Making the rounds of technologists, researchers and tech-security vendors at the just-concluded Black Hat 2017, a reporter usually got a shrug and a shake of the head when asking what the federal government could do to assist their efforts. Read More
Who are the Shadow Brokers? Signs point to an intelligence insider
Suiche, founder of managed threat detection company Comae Technologies, spoke at Black Hat 2017 about the Shadow Brokers, the entity which has been releasing files and hacking tools over the last year from the Equation Group, a hacking outfit connected to the U.S. National Security Agency. Read More
VMware API Allows Limited vSphere Users to Access Guest OS
In a presentation at the Black Hat security conference in Las Vegas, Ofri Ziv, VP of research at GuardiCore, revealed that an attacker can exploit the vulnerability to gain full control of the guest OS, including for arbitrary code execution with elevated privileges, lateral movement across the targeted data center (including to isolated networks), and data thef Read More
Researchers Demo Physical Attack via Car Wash Hack
The attack was detailed in a presentation at the Black Hat security conference this week by WhiteScope founder Billy Rios, a researcher best known for finding vulnerabilities in medical devices and industrial control systems (ICS), and Dr. Jonathan Butts, founder of QED Secure Solutions and committee chair for the IFIP Working Group on Critical Infrastructure Protection. Read More
Hacking for real damage still takes 'boutique' touch
The team of academics laid out their findings yesterday at the Black Hat cybersecurity conference here, intending to jump-start a conversation about electric sector security. But despite posing a provocative question - 'Are cyber-attacks on the power grid limited to nation-state actors?' - the three researchers emphasized that their methodical approach to attacking the grid isn't suited for the faint of heart. Read More
Obama cybersecurity czar: We gave Trump a head start
Michael Daniel was cybersecurity coordinator during Obama's last four years in office. We caught up with him at Black Hat on Thursday, more than six months after Obama left the White House, to talk about President Donald Trump's policies on security, what attacks Americans should be looking out for and the trouble with getting people to listen. Read More
What the world's hackers have been up to at their big annual meetings Black Hat and Def Con in Las Vegas. Plus the man behind Amazon's Alexa business Dave Limp talks to us about how the service might develop. And we witness a - thankfully fictional - hacking challenge that involves preventing a rogue state from firing nuclear missiles. Presented by Jane Wakefield, with BBC Online tech editor Leo Kelion, and special guest William Goodwin, Commissioning Editor at Computer Weekly. Read More
Peter Tran, RSA general manager and senior director of cyber defense, discusses the Black Hat USA 2017 conference and the biggest cybersecurity risks with Bloomberg's Emily Chang on "Bloomberg Technology." Read More
t the Black Hat conference here, a pair of researchers from Alibaba Security demonstrated how a gun that fires ultrasonic sound can mess with these critical sensors, sending phones spinning and hoverboards toppling over. Read More
Sounds bad: Researchers demonstrate 'sonic gun' threat against smart devices
At the Black Hat security conference on Thursday, a team of researchers from Alibaba Security demonstrated how sound and ultrasound could be used to attack devices that depend on sensor input from gyroscopes, accelerometers, and other microelectromechanical systems (MEMS). Read More
ShieldFS Promises to Stop Ransomware Dead in Its Tracks
The researchers began developing ShieldFS late in 2015, but it works on new ransomware as well as older strains. In a demonstration at the Black Hat security conference here this week, ShieldFS stopped the WannaCry ransomware, which first came to light in May 2017, and recovered all the files that the ransomware had managed to encrypt. Read More
BLACK HAT USA - Hackers turn car washing machines in a mortal trap
In a talk at the Black Hat 2017 conference in Las Vegas, the popular hacker Billy Rios, founder of security shop Whitescope, and Jonathan Butts, committee chair for the IFIP Working Group on Critical Infrastructure Protection, demonstrated how to compromise widely used control systems for car washing machines. The experts hacked: the Laserwash series manufactured by PDQ. Read More
Digital 'Epochalypse' Could Bring World to Grinding Halt
In 2038, the world will face a computer crisis greater than the "Y2K bug" of the year 2000, a prominent security researcher told the Black Hat security conference here yesterday (July 27). Read More
Black Hat 2017 was an adventure, as it always is, and to help make sense of it all, Dennis Fisher sat down with friends from across the security community for a long conversation. The discussion with Robert Hansen, Jessy Irwin, Jennifer Leggio of Flashpoint, Mike Mimoso of Threatpost, Patrick Gray of Risky Business, and Fahmida Rashid of CSO Online touches on vulnerability handling, security marketing, privacy, and a dozen other topics. Read More
These were the best hacks at Black Hat and Def Con this year
Black Hat Briefings and Def Con, the two annual security conferences you shouldn't miss, are drawing to a close. Each year, security researchers and hackers bring their exploits and discoveries to share with the common aim of making the world more secure. But if you weren't in Las Vegas for the heat and hacking, we've got you covered. Read More
ESET's Anton Cherepanov picks up Pwnie for Best Backdoor
Anton Cherepanov, a malware researcher at ESET has picked up a Pwnie Award for Best Backdoor at this year's ceremony at Black Hat USA 2017 in Las Vegas. Read More
Black Hat: Hacking the firmware, the next frontier
With the onslaught of embedded devices hitting the streets, we see such devices with the operating system, hardware interfaces, and user-facing applications baked into a single blob called firmware. Trick the firmware and you have access to the whole system. Here at Black Hat, there are a lot of people doing just that. Read More
2017 cybersecurity trends at the Black Hat conference
This week, bloggers look into 2017 cybersecurity trends leading up to the Black Hat conference, Movidius deep learning and Mist's approach to WLAN. Read More
Breaking down the Broadpwn exploit, world's first Wi-Fi worm
At Black Hat 2017, Exodus Intelligence researcher Nitay Artenstein unveiled the Broadpwn exploit, which he called the world's first Wi-Fi worm and which puts billions of iOS and Android devices at risk. Read More
Cyber-risk analysis, time are keys to infosec says game theory
Using game theory to describe the opportunities and challenges of cybersecurity may uncover new ways to secure enterprise networks, according to one talk at Black Hat 2017. Read More
This was the warning at this week's Black Hat Security 2017 conference after Nitay Artenstein a vulnerability researcher at Exodus Intelligence, discovered the flaw. Read More
I had a chance to sit down with Walker at Black Hat and we had a conversation that touched on a broad range of topics but the thing that brought me up short was when he said, "You know what really worries me?" That's a phrase guaranteed to get my attention. Read More
APT Group Uses Catfish Technique to Ensure Victims
Today during Black Hat, SecureWorks released a report on Ash titled 'The Curious Case of Mia Ash: Cobalt Gypsy Uses Social Media to Lure Victims.' Read More
Google ransomware warning: How to keep your business secure
The Google ransomware warning was made today at the Black Hat event today, with the company also outlining the effectiveness of ransomware over the last two years. Cyber criminals used this form of attack to steal $25 million, with 2016 proving to have been the most lucrative, according to Google. Read More
Researchers Release Free Tool to Analyze ICS Malware
Lipovsky announced the release of the tool during a session here at Black Hat yesterday, 'Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid.' Read More
Facebook works with Harvard against hackers targeting US elections
Facebook made its move on Wednesday during Black Hat, an annual security event held in Las Vegas. The project will be co-led by Robby Mook, Democrat Hillary Clinton`s 2016 presidential campaign manager and Matt Rhoades, Republican Mitt Romney`s 2012 campaign manager. Read More
Black Hat 2017 industrial hacking: The song remains the same
If industry cybersecurity frameworks are to inform and secure the critical infrastructure writ large, here at Black Hat there a lot of people punching holes in them, and in simple ways. Read More
Black Hat 2017: Non-standard hacking platforms reign supreme
This year at Black Hat, tiny automated hacking platforms are everywhere, loaded with tasty purpose-built tools that can be used to break into your systems. Read More
Ramped-Up Investments In IoT Security Mean Solution Providers Better Be Ready
As Internet of Things security threats continue to rise, solution providers and vendors say they are starting to see the tide turn when it comes to real investments in IoT security technologies. Read More
Companies and individuals have paid more than $25 million over the past two years to try to get their computer data back from hackers who hijacked it. This is according to new research by Google about the phenomenon. Read More
At Black Hat, Machine Learning Helps Scale Security - And Threats
As researchers and vendors apply machine learning to spot security vulnerabilities, cybercriminals are using the same techniques to train bots to outsmart detection tools, according to presentations this week at Black Hat in Las Vegas. Read More
Scary mobile wireless flaw lets hackers track your cellphone's location
If you're like a lot people, you've probably worried for many years about other parties spying on you. Maybe it's a weird and persistent feeling that somebody's tracking or watching you each time you make a phone call or go online. Read More
Attack Uses Docker Containters To Hide, Persist, Plant Malware
The proof of concept attack was developed by researchers at Aqua Security, and the technique was first demonstrated today at Black Hat by Sagie Dulce, senior security researcher, with Aqua Security. Read More
#BHUSA: Panel - Fad or Future? Getting Past the Bug Bounty Hype
At Black Hat 2017 in Las Vegas today, a panel of experts gathered to discuss the concept of bug bounty programs and share their experiences with running these within their respective companies. Read More
In the Black Hat NOC, we have very little time to establish such a rhythm. However, a process for distributing critical information isn't more important than here. We need to provide access to hacker tools, but then insure they aren't used to attack the Black Hat network or other attendees. Read More
Kaspersky Anti-Virus Can Actually Help Spies Steal Data, Warn Researchers
The researchers from cybersecurity start-up SafeBreach, who'll present their findings at both Black Hat and DEF CON conferences this week, put together a sneaker attack that took advantage of a feautre of modern anti-virus tools, namely Avira Antivirus Pro, ESET NOD32, Kaspersky Total Security 2017 and Comodo Client Security. Read More
LAS VEGAS - Clarity and the ShadowBrokers are strange bedfellows. We're closing in on the first anniversary of the mysterious group's initial dump of NSA hacking tools and we're still no closer to understanding who they are, where they got their stuff, and what their true motivations are. Read More
Symantec President: We Aren't Done Making Acquisitions Yet
Symantec has been on an acquisition tear, picking up two companies in the past month. But President and COO Michael Fey said the company isn't done yet. Read More
Facebook Boss Scolds Security Industry And Urges Attitude Change
This year's Black Hat conference is the 20th time it has been held. The conference provides security consulting, training, and briefings to both hackers, corporations, and government agencies. Read More
Bug in top smartphones could lead to unstoppable malware, researcher says
A recently patched bug found in the chips used to provide wifi in iPhones, Samsung Galaxies and Google Nexus devices could be used to build malware which jumps unstoppably from device to device, according to Nitay Artenstein, the researcher who discovered the flaw. Read More
Politicians scare you to stay in office. Police forces scare you to get worshipful adulation and military equipment. And the information security industry scares you to get more money, power, and influence. Read More
Day One of Black Hat begins in earnest with the keynote address. Black Hat keynotes tend to be memorable, with names well known in the security community taking the stage to inspire, frighten, confound, or excite the audience. Read More
Facebook CSO Lobbies for InfoSec Compassion, Diversity at Black Hat
Facebook Chief Security Officer (CSO) Alex Stamos extolled Black Hat USA attendees to focus more on the positive social impact the information security (InfoSec) industry can have on society. Read More
In a wide-ranging keynote address at Black Hat 2017 that touched on diversity in the cyber workforce and expanding obligations of the security community, Stamos urged attendees to "build relationships between security and developers" and get better at "engaging on a global level." Read More
How A Bug In An Obscure Chip Exposed A Billion Smartphones
If you haven't updated your iPhone or Android device lately, do it now. Until very recent patches, a bug in a little examined Wi-Fi chip would have allowed a hacker to invisibly hack into any one of a billion devices. Yes, billion with a b. Read More
When it comes to cybersecurity, employees are weakest link
Black Hat, now it its 20th year, attracts more than 15,000 cybersecurity professionals and 290 exhibitors. The six-day show, which features courses and nearly 120 talks on various issues, ends Thursday. Read More
Latest OpenFlow Combo with Open vSwitch Shows Security Chops
A presentation at this week's Black Hat USA conference provided some good and bad security news for the OpenFlow software-defined networking (SDN) standard. Read More
Facebook security boss challenges security industry to focus on people
In the opening keynote speech at the 2017 Black Hat security conference, Alex Stamos - the security boss at Facebook - made clear that the security industry was in need of an attitude adjustment. Read More
Researcher: In two decades adversaries at war could cause mass destruction via IoT attacks
Two decades from now, warring adversaries could conceivably attack each other by sabotaging a population's Internet-connected consumer devices en masse, respected cybersecurity expert Mikko Hypponen predicted at Black Hat on Thursday. Read More
Killer Car Wash: Hackers Can Trap and Attack Vehicles
The researchers, who will present their findings at the Black Hat security conference this week, say they've shared their findings with the Department of Homeland Security. Read More
3 tips for starting bug bounty programs: Be social, be human, be mature [Black Hat 2017]
Bug bounty programs - in which an agency or organization lets freelance hackers test their systems and report vulnerabilities for cash - are becoming all the rage in the public sector. Beginning with the Defense Department's Hack the Pentagon program to the IRS's managed crowdsource approach to the General Services Administration's 18F standing up a software-as-a-service platform, the trend is spreading. Read More
Science fiction author Isaac Asimov famously defined the Three Laws of Robotics, with the very first law being that a robot should do no harm to a human. At the Black Hat USA conference here, security researchers from Politecnico di Milano and Trend Micro are set to detail how that first law can be broken. Read More
Phishing research shows troubling trends for enterprise users
Karla Burnett of Stripe presented sobering results of phishing research from her company at Black Hat 2017, suggesting phishing training is ineffective against today's threats. Read More
Buckle in for a wild ride in the next two decades where the role of security professionals will rise in dramatic importance, Mikko Hypponen, F-Secure chief research officer, predicted at a Black Hat presentation today. Read More
Hackers can take over Car Wash, trap you and smash your vehicle
It is understandable to receive Internet of Things (IoT) related warnings like vulnerable public WiFi or charging spots that can be hacked but a drive-through car wash? Well, it turns out Internet connected car washes or smart car washes can be hacked and trap the customer inside with their vehicle or even smash it while you in there. Read More
Security Flaws In "Smart" Car Wash Can Be Exploited to Cause Physical Injuries
In a presentation at this year's Black Hat USA 2015 security conference, the research team said they discovered an authentication bypass in this server's login procedures that allowed them to access the rig's control panel. Read More
Researchers Reveal Secrets of SHA-1 Hash Collision
Elie Bursztein, Google's lead anti-fraud researcher, began his talk here at Black Hat 2017 with an understatement: "It has been a long and interesting journey over the last few years." Read More
Industroyer malware a turning point for ICS security
Security researchers at Black Hat 2017 analyzed the Industroyer malware, the attack on Ukraine's power grid and what it means for industrial control system security in the U.S. Read More
The data comes from a study debuted Wednesday at Black Hat by Google, Chainalysis, UC San Diego, and the NYU Tandom School of Engineering. The study is unique in that it based calculations on bitcoin payments and blockchains. Read More
Hackers can turn web-connected car washes into horrible death traps
n a presentation at the Black Hat conference in Las Vegas on Wednesday, Billy Rios, founder of security shop Whitescope, and Jonathan Butts, committee chair for the IFIP Working Group on Critical Infrastructure Protection, showed how easy it was to compromise a widely used car wash system: the Laserwash series manufactured by PDQ, based in Wisconsin, USA. Read More
The opsec blunders that landed a Russian politician's fraudster son in the clink for 27 years
This week, US Department of Justice prosecutors who worked on the case told the Black Hat security conference how the fraudster was brought down. Read More
BTC-e Owner Arrested for Laundering Stolen Bitcoin, Ransomware Payments
Coincidentally, a day earlier, a team of researchers speaking at the Black Hat USA 2017 security conference, said that 95% of the ransom payments they tracked during a yearlong experiment were cashed out through BTC-e as well. Read More
Black Hat founder, Facebook leader urge researchers to focus on cyber defense, common threats
The founder of Black Hat and Facebook's top security officer used their opening speeches here Wednesday to urge colleagues in the cyber research and security fields to focus more on cyber defense and the less 'sexy' everyday threats confronting users of the internet. Read More
ShieldFS Can Stop and Revert the Effect of Ransomware Infection
Italian researchers have developed a Windows drop-in driver and custom filesystem that are capable of detecting the telltale signs of a ransomware infection, stop any malicious actions and even revert any encrypted files to their previous state. Read More
95% of All Ransomware Payments Were Cashed out via BTC-e Platform
Research presented yesterday at the Black Hat USA 2017 security conference revealed that Bitcoin trading platform BTC-e is responsible for cashing out 95% of all ransomware payments made since the start of 2014. Read More
At Black Hat Conference, good guy hackers have a bleak view of US cybersecurity
In a dark conference room lit up by large electronic screens scattered across the walls, dozens of engineers are huddled over computers, trying to safeguard their network from hackers. Read More
How to Tackle the Expo Floor at Infosec Conferences
'Folks that are in the trenches, actually deploying these technologies, can get overwhelmed by the number of both logos on the floor, but also information and messages,' Spanbauer told Infosec Insider in a recent video interview at Black Hat 2017 in Las Vegas, Nevada. Read More
Researcher Reveals BIOS Firmware Implementation Flaws at Black Hat
LAS VEGAS - Intel has done a lot of work in recent years developing technologies that improve the security of firmware that underpins modern computing systems. At the Black Hat USA security conference here, Alex Matrosov, principal research scientist at Cylance, will detail multiple issues he found in UEFI firmware protections used by major motherboard vendors, in a session titled "Bettraying the BIOS: Where the Guardians of the BIOS Are Failing." Read More
Caches of content delivery networks and load balancers can be used to extract secret data from web services. However, two mistakes must be made. Among other Paypal was affected. Read More
The downside of machine learning: It helps scammers target 400 companies daily with fake emails
Thaware and his Symantec colleague, threat analyst Ankit Singh (right), presented their findings on Wednesday during the first day of the Black Hat USA 2017 cybersecurity conference briefings in Las Vegas. Read More
Ransomware Operators Now Have Customer Service Departments Just Like Legit Companies
The internet is constantly evolving and the same is true with how ransomware makers operate. At present, cybercriminals thrive not only by producing malicious software, but also by making it seem as though they are legit businesses with customer service staff. Read More
#BHUSA: Ransomware Profits Worth More than $25 Million (At Least)
Speaking at Black Hat 2017 in Las Vegas, Luca Invernizzi, Kylie McRoberts and Elie Bursztein presented findings from research into the recent prevalence and impact of ransomware, revealing that, of the ransomware payments they were able to track, authors have made at least $25m in profit so far. Read More
Can software containers be hacked? Yes, but Docker issues a fix
The research, presented at the Black Hat USA 2017 cybersecurity conference in Las Vegas late last week, was documented by Sagie Dulce, senior security researcher for Aqua Security, as a way to show how one developer who accesses a malicious web page can place an entire container ecosystem at risk. Docker makes software for distributing applications in containers, which allow applications to run across multiple kinds of computers. Read More
Facebook CTO blasts security industry for focusing on 'stunt hacks'
Facebook CTO Alex Stamos has told the security industry it needs to spend more time focusing on real-world problems, rather than worrying about high-concept 'stunt hacks'. Read More
Las Vegas Is More Hackable Than Ever - But That Might Be A Good Thing
You might as well rename Sin City "Sensor City." Las Vegas may be an iconic entertainment destination, but the city is also moving full speed ahead in its quest to become a smart city. Read More
Critical Vulnerabilities Found in Nuke Plant Radiation Monitors
In a paper delivered by Ruben Santamarta, principal security consultant at Seattle-based IOActive, at Black Hat Wednesday, it was disclosed that radiation monitors supplied by Ludlum, Mirion and Digi contain multiple vulnerabilities. Read More
Meet Mia Ash, The Fake Woman Iranian Hackers Used To Lure Victims
Mia Ash is a 30-year-old British woman with two art school degrees, a successful career as a photographer, and plenty of friends-more than 500 on Facebook, and just as many on LinkedIn. Read More
A quick Q&A with Chris Drake, Founder and CEO, Armor
CISOs need to make sure they fully understand their cloud service agreement Armor's founder and CEO Chris Drake told SC Media's Online Editor Doug Olenick when the two sat down for a brief chat with at Black Hat 2017. Read More
Easily guessed password led to downfall of Russian cybercriminal's empire, DOJ officials say
The fate of convicted Russian hacker Roman Seleznev was all but sealed after federal authorities were able to easily gain access to his confiscated laptop containing incriminating information, according to U.S. Department of Justice officials who spoke at Black Hat on Wednesday. Read More
At the Black Hat conference, researcher Jason Staggs demonstrated that just about every wind farm in America is woefully unprepared for a cyberattack. Read More
BlackHat: security researcher says ApplePay vulnerable to two separate attacks
Positive Technologies' Timur Yunusov says ApplePay's security measures mean that on paper it appears to have the perfect defence. But that's not case. Read More
Hackers warn of 'tipping point' for critical infrastructure
Such potential hacking catastrophes are under the spotlight at the annual Black Hat cybersecurity conference this week, fueled by a string of recent real-world incidents from Ukraine to U.S. nuclear power plants. Read More
Chinese group hacks a Tesla for the second year in a row
Charlie Miller, the hacker who gained fame in 2015 for hacking a Jeep with fellow researcher Chris Valasek, attended the group's presentation at the Black Hat conference Thursday. Read More
Flush times for hackers in booming cyber security job market
Chris Wysopal, co-founder of code auditor Veracode, bought in April by CA Technologies, said that he was initially skeptical of the MedSec approach but came around to it, in part because it worked. He appeared at Black Hat with Bone. Read More
NYU Security Researchers at Black Hat Reveal How to Protect the Power Grid
At the Black Hat USA 2017 conference in Las Vegas, a team of New York University researchers will challenge that notion by disclosing vulnerabilities in a component that combined with publicly available information provide sufficient information to model an advanced, persistent threat to the electrical grid. Read More
Google Finds and Blocks Spyware Linked to Cyberarms Group
That's how Google spotted Lipizzan, which it described in a blog post and presented with mobile security firm Lookout at the Black Hat security conference in Las Vegas on Wednesday. Read More
FACEBOOK SECURITY BOSS: EMPATHY, INCLUSION MUST COME TO SECURITY
Twenty years of Black Hat seemed to be the appropriate marker in time for Alex Stamos to remind security professionals of their unique position to affect change, not only in technology and business, but also in geopolitics and human rights. Read More
Vulnerable Radiation Monitoring Devices Won't Be Patched
Santamarta is scheduled today at Black Hat to present technical details about potential attack vectors against these devices, including radio-frequency based attacks, firmware- and hardware-based attacks. Read More
LAS VEGAS - Shanghai Adups Technology Co. was roundly criticized Wednesday during a Black Hat session for continuing to use spyware called Adups on at least two Android handset makers' phones. Researchers said the company was still collecting personal identifiable information without user consent despite coming under fire for the practice last year. Read More
In the era of Skype and Facetime, it's easy for introverts (and CFOs) to ask why face-to-face events like Black Hat are still important. I've asked similar questions myself but ten minutes at Black Hat provided multiple examples of the value a gathering still possesses. Read More
Facebook's Stamos on protecting elections from hostile attackers
Facebook wants you to know that it takes election hacking seriously. So seriously that it had its hacker-in-chief, Alex Stamos, kick off the 20th Black Hat computer security conference Wednesday morning with a keynote speech and blog post detailing company plans to help prevent hackers from again interfering with the country's democratic processes. Read More
An Open-Source Toolkit to Help Patch Cell Networks' Critical Flaw
In May, a well-known but long-ignored cell network flaw let cybercriminals drain bank accounts across Germany. The process of patching up the holes in Signaling System 7 has proven slow, and mostly reserved for large telecoms who can afford to invest in experimenting with defenses. Read More
Diversity to Drones: Black Hat Speakers Weigh in On Top Security Trends
In the 20 years since the first Black Hat conference in 1997, security hacks have become incredibly cheap to initiate, increasingly expensive and complex to mitigate, and have more real-world consequences than ever before, according to speakers and attendees at this year's conference. Read More
Google Finds and Blocks Spyware Linked to Cyberarms Group
Tonight, Google has discovered and blocked a new family of insidious Android spyware, called Lipizzan, that can surveil and capture user text messages, emails, voice calls, photos, location data, and other files. Read More
Broadpwn Flaw Shown at Black Hat Could Have Enabled WiFi Worm Attack
Today in a standing room only session at the Black Hat USA conference here, Nitay Artenstein, security researcher at Exodus Intelligence detailed how he discovered Broadpwn and what could have happened had a malicious hacker found it first. Read More
Hacker Warns Radioactivity Sensors Can Be Spoofed or Disabled
The notion of a hacker-induced nuclear meltdown is the stuff of cyberpunk nightmares. And let's be clear, there's no sign digital saboteurs are anywhere close to unleashing a nuclear apocalypse. Read More
For years, attacks against physical industrial plants have been either largely theoretical, or the sophisticated realm of nation-states. While we have spent time looking precisely at this style of attack in other posts, it seems a host of attack automation tools and techniques are starting to hit the streets, as highlighted here at Black Hat. Read More
Facebook invests in anti-hacking election initiative
Facebook has announced it will invest $500,000 in a Harvard-based nonprofit that aims to protect future elections from election hacking and foreign interference. Read More
Facebook will spend over $500,000 to help Harvard fight election hacking
The project, dubbed Defending Digital Democracy is also a bipartisan initiative and will reportedly be based at Harvard University's Kennedy School of Government. Speaking at the BlackHat event in Las Vegas on Wednesday, Facebook cybersecurity boss Alex Stamos said the tech giant hopes that the initiative to fend off attacks from hackers will be joined by others as well, Reuters reported. Read More
Facebook and Harvard Join Hands Against Hackers and Fake News
According to an announcement made by Facebook's Chief Security Officer, Alex Stamos, at the Black Hat security conference in Las Vegas on Wednesday, the company will be funding the project too. Read More
Stamos preaches defensive security research in Black Hat keynote
Black Hat 2017 marks the 20th anniversary of the conference and during the show's opening keynote, Facebook CSO Alex Stamos urged the community to take advantage of the voice it had and focus on bigger problems than just those that make good presentations and to expand that focus beyond traditional defensive security efforts. Read More
Facebook Shells Out $500,000 For Project to Fight Election Hacking
Facebook's chief security officer Alex Stamos announced the company's $500,000 investment in the effort, called Defending Digital Democracy, today during a keynote at the security conference Black Hat. Read More
At Black Hat 2017, an industry hits a milestone and finds new directions
Having arrived at its 20th year in Las Vegas, Black Hat USA 2017 is struggling with creating a new maturity in the security industry at the same time that it is, in a sense, starting over in the still relatively greenfield arena of securing firmware and hardware components. Read More
'I'm not going to tell you the FBI is the savior of the internet,' Grasso said during a briefing at the 2017 Black Hat convention in Las Vegas. Read More
Every summer, suited and/or black-clad security geeks flock en masse to the sun-drenched surreality of Las Vegas for Hacker Summer Camp: a full week of various security and hacker conferences, the fanciest of which, is called Black Hat. Read More
Speaking at the annual Black Hat conference in Las Vegas, Tom Grasso, supervisory special agent with the FBI's Cyber Division, continually reiterated the bureau's interest in working with the private sector, particularly when working with complex threats like botnets. Read More
Managing Third Party Risk: Outside Law Firm Exposes Wells Fargo Client Data
There is an increasing awareness of the need to manage those risks. In a recent survey [PDF] of 580 IT security pros at Black Hat USA 2017, when asked about the weakest link in today's enterprises defenses, 38 percent of IT security pros pointed to users who violate security policy, up significant from 28 percent a year ago. Read More
Facebook funds Harvard effort to fight election hacking, propaganda
Facebook Chief Security Officer Alex Stamos announced the company's backing at the opening of the Black Hat information security conference in Las Vegas on Wednesday. The event, named after the term for malicious hackers, is aimed mainly at corporate and government security professionals. Read More
Car Washes Can Be Hacked to Trap You Inside or Smash Up Your Car
This discovery comes by way of researchers at Whitescope security who spoke to Motherboard and plan to discuss their finding at this year's Black Hat security conference in Las Vegas. Read More
Hacker Says He Broke Through Samsung's Secure Smartphone Platform
That doesn't mean these phones are immune to hackers, however. In a presentation this week at Black Hat, one researcher will present how he thwarted the extra security mechanisms of Samsung's security-focused mobile platform KNOX. Read More
As Black Hat USA is in full swing, Las Vegas buzzed with questions about the government's process for disclosing newly discovered software vulnerabilities, even as the government is working to change the way the process works. Read More
Car Wash Hack Can Strike Vehicle, Trap Passengers, Douse Them With Water
The researchers reported their findings to the Department of Homeland Security and the vendor and are releasing a report this week in conjunction with their Black Hat talk. Read More
Black Hat 2017: 10 Security Threats To Watch Out For
Black Hat brings together some of the best security researchers in the industry every year to present new threat research and vulnerability findings. Read More
How the Best Security Operation Centers (SOCs) Hunt Threats
The McAfee 'Disrupting the Disruptors, Art or Science?' report, released during the Black Hat USA 2017 conference in Las Vegas, indicated that mature security operations centers (SOCs), i.e. those that use advanced threat hunting tools and technologies, are three times more willing than others to automate parts of the threat investigation process. Read More
Facebook CSO Calls For A Security Industry Attitude Adjustment
If the security industry wants to succeed in the long run, it needs to undergo a cultural shift, Facebook's Chief Security Officer Alex Stamos said in a keynote at Black Hat 2017 in Las Vegas on Wednesday. Read More
Facebook funds Harvard program to fight election hacking
Alex Stamos, chief security officer at Facebook, announced the company's involvement at the Black Hat security conference in Las Vegas on Wednesday. He is an adviser for the project. Read More
Facebook Security Chief: Cybersecurity Pros Need More Empathy to Protect Us
That will require something that's too often lacking in the security industry: more empathy. 'We have a real inability to put ourselves in the shoes of the people we are trying to protect,' Alex Stamos told the audience Wednesday at the Black Hat computer security conference in Las Vegas. Read More
Malware strains like Locky and Cerber helped make ransomware a $25 million industry in 2016 and its operators are starting to operate like conventional corporations with 'customer' service staff and outsourced resources, researchers explained Wednesday at Black Hat. Read More
Defending Against a Drone Isn't Easy, Black Hat Session Reveals
At the Black Hat USA 2016 event last year, Francis Brown, Managing Partner at security firm Bishop Fox demonstrated the Danger Drone, airborne hacking device. Read More
The findings, revealed Wednesday at the Black Hat conference in Las Vegas, detail a cryptographic flaw in the protocol used in 3G and 4G LTE networks which enables mobile devices to connect with the cell operator. Read More
Facebook pledges money to help keep elections safe
Facebook's chief security officer, Alex Stamos, announced the new funding on Wednesday at Black Hat USA, the largest conference dedicated to cybersecurity. Read More
Cybersecurity experts in Las Vegas told they're defenders of info
Black Hat, which runs through Thursday and is closed to the public, attracts more than 15,00 industry professionals from about 100 countries. Read More
Watch a Test of Anti-Drone Weapons, From Shotguns to Superdrones
Fran Brown, a security researcher with the group, had invited WIRED to join the group for that day of testing, the results of which he plans to present at the Black Hat conference today. Read More
The announcement, made Wednesday at the Black Hat information security conference in Las Vegas, marks the company's latest commitment to improving online security an getting involved in the fight against fake news. Read More
Facebook Donates $1M in New Funds for Internet Security at Black Hat
Facebook Chief Security Officer Alex Stamos outlined his views in an hour-long keynote at the Black Hat USA conference here on how the security industry should improve and also announced new investments to promote improved security. Read More
Black Hat founder sees software liability as major cybersecurity policy challenge
Jeff Moss, the founder of the Black Hat and DEF CON conferences taking place here this week, sees software liability as an increasingly urgent cybersecurity policy question but one that might take a decade to resolve. Read More
#BHUSA: Phishing Psychology: Why Training Fails & Attacks Prevail
Speaking at Black Hat 2017 in Las Vegas today Karla Burnett, security engineer at Stripe, explored phishing as a science, shining a light on the psychology of phishing and why attacks continue to be successful. Read More
Radiation detection devices open to cyber attack, researcher finds
Santamarta revealed the technical details of his research at Black Hat USA 2017 in a presentation entitled Go nuclear: breaking radiation monitoring devices. Read More
Facebook CISO: Company working with Harvard center on election systems info-sharing group
'We're going to work with Belfer to buil an ISAO that overs all the vulnerable areas of our democracy,' Stamos said in his keynote address at the 20th Black Hat conference here. He noted that the House and Senate campaigns, party organizations and state election offices all typically must build their own IT security systems. Read More
Google May Have Just Uncovered An Israeli Surveillance Start-Up Spying On Androids
Google said there were references to the firm in the code itself. Megan Ruthven, from Google's Android security team told Forbes during the Black Hat conference in Las Vegas that a config file within the app mentioned the Equus name. She said that was an indicator, but not guaranteed attribution. Read More
Car wash hack could be the first to cause the Internet of Things to 'physically attack someone'
They plan to present the attack at this week's Black Hat security conference in Las Vegas, but say they've already shared the details of the vulnerability with the system maker and the Department of Homeland Security. Read More
Black Hat 2017: Hackers using free apps to hack your phone
Black Hat brings together cyber security experts and hackers to talk about threats businesses and people around the world. Dickson's job is to protect phones and computers from those threats. Read More
Facebook Backs $1 Million Security Prizes and Anti-Election Hacking Group
Alex Stamos, Facebook's (FB, 2.89%) chief security officer and Fortune 40 Under 40 alum, announced that the company would contribute to the initiative during a keynote address at the Black Hat hacking conference in Las Vegas Read More
Inside the Black Hat USA 2017 Security Conference WiFi Network
Providing WiFi to 16,000 people in a busy conference center is not always an easy task, especially when many of the users are actively trying to hack the network. Yet, that's the situation at the Black Hat USA 2017 security conference underway here this week. Read More
Defending Against Drone Incursions Isn't Easy, Black Hat Session Reveals
At the Black Hat USA 2016 event last year, Francis Brown, Managing Partner at security firm Bishop Fox demonstrated the Danger Drone, an airborne hacking device. Read More
Facebook Donates $1M in New Funds for Internet Security at Black Hat
Facebook Chief Security Officer Alex Stamos outlined his views in an hour-long keynote at the Black Hat USA conference here on how the security industry should improve and also announced new investments to boost security. Read More
Black Hat: Building a Ransomware Resilient File System with ShieldFS
But what if there was a way that a backup could automatically be triggered whenever a possible ransomware attack were detected? That's the promise of the ShieldFS project that was presented at the Black Hat USA security conference here today by a team of researchers from Politecnico di Milano in Italy. Read More
The Dark Tangent Reflects on 20 Years of Black Hat
The Black Hat security conference is legendary in the information security industry today as being the place where some of the most interesting security research is first revealed, but that wasn't the original founding vision for the event. Read More
Facebook pledges funding to non-profit election security group
Facebook's chief of security Alex Stamos announced the initial amount during the opening of the Black Hat information security conference in Las Vegas, but did not reveal how much Facebook would spend in total. Read More
How Attackers Use Machine Learning to Predict BEC Success
ngh advised his Black Hat audience to be "very, very suspicious" when replying to emails. More than enough of their personal data is available publically and can be used for social engineering. Read More
Tom Grasso, unit chief of the FBI's cyber division, took the Black Hat stage to discuss the processes and partnerships leading up to the massive Avalanche takedown in December 2016. Read More
Malware strains like Locky and Cerber helped make ransomware a $25 million industry in 2016 and its operators are starting to operate like conventional corporations with "customer" service staff and outsourced resources, researchers explained Wednesday at Black Hat. Read More
These cheap phones come at a price -- your privacy
At the Black Hat security conference in Las Vegas on Wednesday, researchers from Kryptowire, a security firm, revealed that Adups' software is still sending a device's data to the company's server in Shanghai without alerting people. But now, it's being more secretive about it. Read More
Security researchers hack ATM to make it spew cash
During IOActive's "Breaking Embedded Devices" panel at Black Hat on Wednesday, researchers showed that it's not just computers, phones and servers that can be exploited -- it's anything with a chip or an internet connection, no matter how small its function. Read More
Facebook funds Harvard effort to fight election hacking, propaganda
acebook Chief Security Officer Alex Stamos announced the company's backing at the opening of the Black Hat information security conference in Las Vegas on Wednesday. Read More
At hacker summit, a new focus on preventing brazen attacks
Against a backdrop of cyberattacks that amount to full-fledged sabotage, Facebook chief security officer Alex Stamos brought a sobering message to the hackers and security experts assembled at the Black Hat conference in Las Vegas. In effect, he said, it's time to grow up. Read More
The 10 Best -- And Scariest -- Hacks From 20 Years Of Black Hat Conferences
Black Hat is one of the biggest stages for hackers and security researchers to demonstrate the latest and greatest hacks on devices, systems, and critical infrastructure. Read More
Protecting infrastructure on the agenda at Black Hat
I met Devost at Mandalay Bay, the day before Black Hat 2017 gets underway in earnest. The conference will attract more than 16,000 computer and information technology experts, talking about all aspects of computer intrusion and hacker prevention. Read More
Black Hat and DEF CON: The evolution of Hacker Summer Camp
If you had to select one symbol of cybersecurity industry, you'd be hard pressed to find a better choice than the pair of conference, Black Hat Briefings (Black Hat) and DEF CON. Read More
Cyber defenders have a message that US policymakers should hear
This week's 20th Black Hat USA conference and the 25th DEF CON hackers conference here offer cybersecurity researchers and technologists a chance to exchange notes on their often obscure trade, but they also provide a rare venue for discussion between corporate and government officials on one side and in-the-trenches cyber practitioners on the other. Read More
U.S Department of Homeland Security Showcases 10 Cybersecurity Apps at Black Hat Conference
The feds spent more than $1 billion annually on cybersecurity research last year but hardly any of it hits the commercial market, the document reads. In fact, the idea behind the Black Hat showcase is to bridge that divide. Read More
With hundreds of hackers headed to Vegas, here's how to keep your phone secure
Technology experts took over Las Vegas Boulevard this week as two major conferences brought thousands to the strip. The Black Hat Convention takes place at Mandalay Bay from July 22 - 27. Read More
How to Exploit RAT Command and Control Toolkits Detailed at Black Hat
Grange, who is also known by his alias Professor Plum, will discuss at the Black Hat security conference here on July 27 his insight and analysis in a session titled 'Digital Vengeance: Exploiting the Most Notorious C&C Toolkits.' Read More
Black Hat: The Next Generation of Red and Blue Security Testing is Purple Team
Justin Harvey, global lead for the Accenture Security's Incident Response and Threat Hunting practice, thinks that it's time to move beyond Red and Blue. In a session at the Black Hat USA security conference here, Harvey is set to detail how to use a Purple Team as part of an advanced pre-breach planning exercise that can help measure effectiveness. Read More
Google Warns Ransomware Boom Scored Crooks $2 Million A Month
Cerber is the current number one menace, making $6.9 million to date, according to the research, released ahead of the Black Hat conference in Las Vegas this week. Read More
After cash machines were hacked in Thailand and Taiwan in 2016, Click asks if the same thing could happen again. Leigh-Anne Galloway, a security expert with Positive Technologies, says most cash machines are effectively a Windows XP computer attached to a safe. Read More
Black Hat USA 2017: Machine learning is not a silver bullet for security
Hyrum Anderson, technical director of data science for cybersecurity provider Endgame, presented research on machine learning malware evasion at this week's Black Hat USA 2017 conference in Las Vegas. Read More
Black Hat, DefCon 2017 Security Conferences to Reveal New Threats
The annual week of security conferences in Las Vegas gets underway as security researchers prepare to detail all manner of threats that put the modern connected world at risk. Read More
Black Hat: How Hackers Brief the Board to Improve Security Outcomes
Devost is planning on sharing his lessons learned in a session at the Black Hat USA conference here on July 26. In an interview in advance of his session, Devost provided eWEEK with some insights on things that security professionals can do to improve executive management security briefings. Read More
A Clever New Tool Shuts Down Ransomeware Before it's Too Late
The group, based out of the Politecnico di Milano in Italy, will present ShieldFS at the Black Hat security conference in Las Vegas on Wednesday. Read More
10 Tips to Stay Safe When You're at Black Hat or Everywhere Else
The annual Black Hat USA security conference is underway this week, with training running from July 22-25 and briefings on July 26 and 27 at the Mandalay Bay in Las Vegas Read More
Herr, along with security guru Bruce Schneier and Christopher Morris, a research assistant from the Harvard school of engineering, published their findings this week after a lengthy peer-review process, and will present them at the Black Hat USA conference in Las Vegas next week. Read More
iCloud security flaw put iPhone, Mac passwords at risk
'The bug we found is exactly the kind of bug law enforcement or intelligence would look for in an end-to-end encryption system,' said Alex Radocea, co-founder of Longterm Security, who is set to reveal more details about the now-fixed vulnerability at the Black Hat conference in Las Vegas on Wednesday. Read More
Dump the snake oil and show security researchers some respect
The next several days of Black Hat USA, DEF CON, BSides, and other great events kick off the 2017 edition of what's been lovably known for years as 'Hacker Summer Camp.' Read More
2017 Cybersecurity Conferences Offer Information and Possibilities
Black Hat 2017, a world-class information security event, will hold four days of technical training courses from July 22 to 25. These courses will be followed by two days of briefings and discussions on topics such as cryptography, data forensics, incident response, exploit development, malware, network defense and platform security. Another current topic is smart grid/industrial security. Read More
Either way, Black Hat is an exciting experience that's as much about learning as it is about making contact with other professionals who share your interests in security. Read More
He will present his findings next week at the Black Hat USA computer security convention in Las Vegas. They are the latest in a series of setbacks for Segway, whose devices were among half a million hoverboards that had to be recalled last year after reports that their battery packs were exploding or catching fire. Read More
Cybersecurity Experts Anticipate Major Attack in the Next Two Years
Now, a survey of nearly 600 cybersecurity professionals has found that 60 percent of respondents believe a major breach of U.S. infrastructure will occur in the next two years. They also don't believe that the relevant defense and government agencies are prepared to respond. The findings come from Black Hat, a conference of cybersecurity researchers and enterprise information security professionals. Read More
Ahead of this year's Black Hat USA Conference on July 26-27 at Mandalay Bay, we chatted with Chris Coleman, CEO of LookingGlass Cyber Solutions, which specializes in cybersecurity and threat intelligence solutions, to get some answers. Read More
Black Hat brings cybersecurity experts to Las Vegas
Black Hat USA, which will be held at the Mandalay Bay, attracts more than 15,000 cybersecurity specialists representing both private industry and government from approximately 100 countries. Read More
Nitay Artenstein, the researcher with Exodus Intelligence who discovered the vulnerability, is scheduled to do a talk on the vulnerability at Black Hat next week. Read More
Apple's iOS 10.3.3 update protects against 'Broadpwn' Wi-Fi exploit
While the flaw isn't mentioned by name in Apple's security notes, its discovery is credited to Nitay Artenstein from Exodus Intelligence, who helped find the Android equivalent and is preparing a presentation at this month's annual Black Hat conference in Las Vegas, according to CNET. Read More
If you use Wi-Fi on your iOS device, get this security update
Nitay Artenstein, a security researcher at Exodus Intelligence, discovered the exploit and will be providing more details about his findings at a Black Hat presentation in Las Vegas on July 27. Read More
Vulnerabilities as severe as this one are rare, as the Wi-Fi chip is separate from the device's main processor and it's hard to escalate a vulnerability from one to the other. Artenstein will describe how he did it at the Black Hat conference. His talk is scheduled for July 27. Read More
The flaw affects millions of Apple and Android devices; Google's Android team released a patch for that platform earlier this month. Artenstein will be presenting the details of his findings at the Black Hat security conference next week. Read More
Apple Updates IOS and macOS Security Ahead of Black Hat
Among the most noteworthy issued patched by Apple this month is a vulnerability that has been dubbed 'Broadpwn' which is set to be discussed in detail at the Black Hat USA conference on July 27. Read More
Watch Hackers Take Over A Segway With Someone on It
When Thomas Kilbride got a Segway MiniPro, its paired mobile app piqued his interest; by day, Kilbride works as an embedded device security consultant at IOActive. Read More
Heads Up, Hoverboarders: Hackers Could've Hijacked Your Deck Mid-Hover
Earlier this year, a researcher at Washington-based security firm IOActive discovered a way of hacking into these Segway scooters through the app, meaning they could be remotely hijacked while a rider is moving. Read More
Can Hoverboards Be Hacked? Security Flaws Found In Segway Ninebot MiniPRO Hoverboard
The vulnerabilities, discovered by researchers at cybersecurity firm IOActive, affect the Segway Ninebot miniPRO hoverboard and, if exploited, would allow an attacker to bypass safety mechanisms and gain the ability to remotely control the hoverboard. Read More
In celebration of Black Hat's 20th birthday, we take a look back at the most memorable presentations and demos since the show's inception in 1997. Read More
How To Hack Someone Off A Segway Scooter In 20 Seconds
Attacks could be carried out with just 20 seconds of continuous Bluetooth connection to a Segway hoverboard, said IOActive researcher Thomas Kilbride. 'It may be sped up using other means,' he told Forbes. 'It's a little bit alarming.' Read More
Segway hoverboard hijack hack could make hipsters eat pavement
In a talk due to be given at next week's Black Hat conference in Las Vegas, Thomas Kilbride, embedded devices security consultant for IOActive, will explain how it was possible to disable the anti-theft system on the miniPro in seconds via Bluetooth, with full control achievable in less than half a minute using a smartphone. Read More
A $945 class teaches online scammers of the future
The company will disclose more information during a presentation at the Black Hat cybersecurity conference, set for July 26 and 27 in Las Vegas. Read More
Stopping Self-Driving Cars From Becoming Cybersecurity Weapons
At the upcoming 20th annual Black Hat Conference (July 22-27), Billy Rios of Whitescope and Jonathan Butts of QED will present When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices. The talk will demonstrate how to make an IoT device intentionally strike a person. Read More
The best of Black Hat: The consequential, the controversial, the canceled
Over the past two decades, the annual Black Hat conference has had its share of controversy. CSO looks back at the most significant talks and demonstrations. Read More
Researchers Create Framework to Evaluate Endpoint Security Products
Black Hat USA researchers tested more than 30,000 types of malware to learn the effectiveness of endpoint security tools - and they'll demonstrate how they did it. Read More
Despite its hacking prowess, Russia appears to have very messy networks
He added that, in reports on future data, including one being prepared for release at Black Hat, he would examine malware infections over time. Read More
Radiation Monitoring Devices At Risk For Attack From Hackers
hough the Black Hat USA conference is not taking place until late July, there have been interesting previews of certain scheduled presentations. One of these is Go Nuclear: Breaking Radiation Monitoring Devices by Ruben Santamarta, principal security consultant at IOActive. Read More
Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing. Read More
At this event you'll see hacking, drones, artificial intelligence, you name it. If it's something to do with security then it will probably be at Black Hat. Read More
NTT Security to give away Gap Assessment at Black Hat USA 2017
This year at Black Hat USA 2017, NTT Security is focusing on incident response readiness with a promotion called Swimming with the Sharks: The Need for Proactive Critical Incident Response. Read More
Those are just some of the topics we'll explore in-depth during the 'Making Diversity a Priority' panel discussion on July 26 at 3 p.m. PT during the Black Hat USA conference in Las Vegas. Read More
ESET to take on Industroyer malware & 'post-truth plague' at Black Hat
ESET is set to reveal the underside of the notorious Industroyer malware and the 'post-truth plague' that muddies the waters of cybersecurity advice at the upcoming Black Hat information security conference in Las Vegas later this month. Read More
EFF offers legal advice to researchers at Black Hat, B-Sides and DEF CON
But for those attending the Black Hat, B-Sides and DEF CON conferences in Las Vegas, there is another option: visit the EFF booths in person, and make an appointment with the staff lawyers directly. Read More
How Active Intrusion Detection Can Seek and Block Attacks
Researchers at Black Hat USA will demonstrate how active intrusion detection strategies can help administrators detect hackers who are overly reliant on popular attack tools and techniques. Read More
Hackers Use Ultrasonic Waves to Disrupt VR Headsets
They also plan on further demonstrating their new method of attack on a wider spectrum of devices at this year's Black Hat Conference in July, such as sonic strikes on DJI drones. Read More
Threats to U.S. Nuclear Power Plants Highlight Need for Real-Time Intrusion Detection and Prevention
A recent Black Hat survey of 580 cyber security professionals found that 60 percent of respondents expect to see a successful cyber attack on U.S. critical infrastructure within the next two years, and just 26 percent believe U.S. government and defense forces are equipped and trained to respond appropriately. Read More
U.S. Critical Infrastructure Will Be Attacked Within 2 Years, According to 2017 Black Hat Survey
According to a 2017 Black Hat Attendee Survey, cyberattacks on U.S. enterprise and critical infrastructure are coming soon, and in most cases defenders are not prepared. Read More
Small Businesses Are Going to Need Bug Bounties to Combat Cyber Attacks
According to data released last week by Black Hat USA, cyber security professionals do not feel confident that their organizations are prepared for attacks on their infrastructure. Read More
Want To Ruin Someone's Oculus Rift Fun? Fire This Sonic Gun At Their Head
They plan to reveal attacks on a wide range of systems at the Black Hat conference in Las Vegas this July, where they've promised to show off hits on DJI drones, potentially causing them to crash. Read More
Later this month at Black Hat USA in Las Vegas, Lundgren plans to demonstrate how an attacker could compromise exposed MQTT-based servers and issue phony commands in order to alter their operation or outcomes of their IoT-attached equipment. Read More
Google credited security researcher Nitay Artenstein of Exodus Intelligence for his work on the patched Broadcom issue. According to eWEEK, Artenstein will provide more insight into this vulnerability at the Black Hat security conference on July 27. Read More
So far, the one who discovered the bug has not given any solution but he will present his findings and conclusions in Vegas at the Black Hat conference. Read More
Broadpwn Bug Affects Millions of Android and iOS Devices
Artenstein has not disclosed any information about the bug or exploit to the public, and he's set to give a presentation about Broadpwn at this year's Black Hat USA security conference that will be held in Las Vegas at the start of August. Read More
Google Patches Critical Android Vulnerabilities in July Update
Google credits the discovery of the newly patched CVE-2017-9417 Broadcom issue to security researcher Nitay Artenstein of Exodus Intelligence. Artenstein is scheduled to deliver a talk at the Black Hat security conference on July 27 that will provide more insight into the Broadcom vulnerabilities. Read More
Flawed Broadcom Wi-Fi chipsets get a fix, but flaw remains a mystery
Google's July 2017 Android Security Bulletin included a fix for the vulnerability known as Broadpwn, but the details of the flaw won't be disclosed until the Black Hat USA 2017 conference later this month. Read More
Reports: Feds issue alert after adversary breaches power plant business networks
In a newly released Black Hat USA survey of 580 recent conference attendees, 60 percent of information security professionals said they believe that a successful cyberattack on U.S. critical infrastructure will take place within the next two years. Read More
Survey: Cyberattack on Critical U.S. Infrastructure Will Happen in Next 2 Years
Steve Wylie, Black Hat's general manager, tells Channel Partners it's clear from the survey that security leaders are not confident in the technology and services they've gotten so far, and are expecting more breaches in the near term. Read More
IoT Physical Attack Exploit to be Revealed at Black Hat
One of the first examples of such an IoT exploit that will do just that is slated to be presented by renowned researcher Billy Rios later this month at Black Hat USA in Las Vegas. Read More
Massive cyberattack on US critical infrastructure will hit within 2 years, say 60% of security pros
New Black Hat Research suggests that a major breach on US infrastructure could be imminent, and government agencies won't be able to react appropriately. Read More
Security for IoT is a Growing Concern for IT and Executives
According to a new report and survey released by Black Hat, enterprise IT department concerns over attacks or exploits on cloud services, applications, or storage systems increased from 11 percent last year to 15 percent this year. At the executive level, concern increased only slightly from 7 percent last year to 8 percent this year. Read More
At one of the largest gatherings of cybersecurity professionals, attendees voiced their concerns about an attack on the nation's critical infrastructure and enterprise vulnerabilities. Read More
Cybersecurity skills gap fixes must support minorities
In a survey of 580 scheduled attendees of the 2017 Black Hat conference to be held in Las Vegas, Black Hat found that 71% of respondents felt their companies lacked sufficient staff to defend itself against current cyber threats. Read More
Google Patches Critical 'Broadpwn' Bug in July Security Update
Artenstein, who is scheduled to present his research on the Broadpwn vulnerability at Black Hat USA 2017, said in a preview of his talk the vulnerability, 'can be triggered remotely, without user interaction.' Read More
Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years
These serious concerns are among those registered by respondents to the 2017 Black Hat Attendee Survey, the results of which are being published Wednesday. The survey offers insights on the plans and attitudes of 580 experienced security professionals, including many cybersecurity leaders who work in critical-infrastructure industries. Read More
Help! Hackers Stole My Password Just By Listening To Me Type On Skype!
"If you were taking a conference call from your office, and let's assume you're working in an open space where there are other people, the possibility could be we're able to eavesdrop your keystrokes, your colleague's keystrokes and maybe it'll be possible to distinguish the two different sets," Conti said. "We think it's possible, we're working on this now." They'll present their latest version of Skype&Type at the Black Hat conference in Las Vegas this July. Read More
Las Vegas. Hate it or love it, for seven days each year Sin City is the gathering place for BSides Las Vegas, Black Hat, and DEF CON. Combined, these events are arguably the largest security gathering in North America, with professionals and enthusiasts both in attendance. Here's how to get the most out of your trip to the desert this summer. Read More
In August 2016, Apple's head of security Ivan Krstic stole the show at one of the biggest security conferences in the world with an unexpected announcement. "I wanna share some news with you," Krstic said at the Black Hat conference, before announcing that Apple was finally launching a bug bounty program to reward friendly hackers who report bugs to the company. Read More
Millions of Android Devices Using Broadcom Wi-Fi Chip Can Be Hacked Remotely
The BroadPwn vulnerability (CVE-2017-3544) has been discovered by Exodus Intelligence researcher Nitay Artenstein, who says the flawed Wi-Fi chipset also impacts Apple iOS devices. Since Artenstein will be presenting his finding at Black Hat 2017 event, details about the BroadPwn bug is scarce at this moment. Read More
Survey: Cyber pros fear attack on critical infrastructure
The Black Hat survey of nearly 600 security professionals, 40 percent of whom work in critical infrastructure sectors, showed that 60 percent believe a successful attack will happen within two years, and only 10 percent do not. Read More
Security researchers will release an open-source SS7 firewall at Black Hat USA that aims to bolster security of mobile operators' core networks. Read More
What About Facebook's Alex Stamos' Black Hat Keynote Got My Attention
In fact, when I first saw the title of the Facebook chief security officer's Black Hat USA keynote address, I almost spit out my coffee: Stepping Up Our Game: Re-focusing the Security Community on Defense Read More
Hacking Factory Robot Arms for Sabotage, Fun & Profit
Black Hat talk will discuss how hackers could take over robotic arms, create micro-defects in products, and open up a new world of subtle blackmail. Read More
Researchers Found They Could Hack Entire Wind Farms
In interviews with WIRED and a presentation they plan to give at the Black Hat security conference next month, they're detailing the security vulnerabilities they uncovered. Read More
Security Startup Jask Raises $14.5M for AI-Based Network Monitoring
The company will release its security platform, called Trident, at Black Hat USA 2017 in July. The platform focuses on discovery, investigation, and incident response. Read More
At this year's Black Hat USA conference in Las Vegas, Grange will disclose several exploits that could allow for remote execution or remote information disclosure on machines running these common C&C components. His talk is titled "Digital Vengeance: Exploiting the Most Notorious C&C Toolkits." Read More
Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices
Santamarta won't name the affected vendors or provide many of the technical details of his findings until his presentation on his research next month at Black Hat USA, Go Nuclear: Breaking Radiation Monitoring Devices. Read More
Major Websites Vulnerable to their Own Back-End Servers
"People are basically just plopping down really complex servers to do caching, analytics, and loads of fancy complex functionality in front of their Web server without much thought as to whether these features might carry risks," says Kettle, who next month at Black Hat USA in Las Vegas will reveal the details of the hacks in his Cracking The Lens: Targeting Http's Hidden Attack-Surface presentation there. Read More
Researcher at Black Hat USA will reveal Samsung KNOX 2.6 vulnerabilities and bypass techniques, and notes that new KNOX 2.8 may be at risk as well Read More
Sensitivity analysis tweaks inputs for machine learning models to see how output is affected. Sanders will present sensitivity results in her presentation titled "Garbage In Garbage Out: How Purportedly Great Machine Learning Models Can Be Screwed Up By Bad Data" at this year's Black Hat USA conference in Las Vegas. Read More
Cops Think This Tijuana Biker Gang Hacked Into and Stole Over 100 Jeeps
Just a couple years ago, a pair of hackers won a standing ovation at the Black Hat security conference in Las Vegas (as well as international media attention) after they figured out how to remotely gain control of a Jeep Grand Cherokee. Chrysler later recalled 1.4 million of the SUVs due to the hacking threat. Read More
Homebrew crypto SNAFU on electrical grid sees GE rush patches
The company hasn't published much by way of detail, but spoke to Reuters after this Black Hat abstract was published (the talk will be delivered to the July conference in Las Vegas). Read More
GE fixing bug in software after warning about power grid hacks
The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to "disconnect sectors of the power grid at will," according to an abstract posted late last week on the Black Hat security conference website. Read More
Black Hat Asia: In the era of 'trust attacks', what can we trust now? [Black Hat Asia 2017]
Cyber-attacks, phishing and malware is creating a culture of mistrust, according to a speaker from Darktrace at Black Hat Asia. Nothing can be trusted nor wished away. Read More
At this year’s BlackHat Asia security conference, researchers from Cylance disclosed two potentially fatal flaws in the UEFI firmware of Gigabyte BRIX small computers which allow a would-be attacker unfettered low-level access to the computer. Read More
Researchers from security specialist Cylance revealed the vulnerabilities at the BlackHat Asia 2017 event, following hints at the earlier RSA Conference 2017 and after contacting Gigabyte privately with its findings. Read More
At BlackHat Asia 2017 held in Marina Bay Sands, Singapore from March 28th to 31st, I was able to meet a Black Duck official who is famous for managing open source security vulnerabilities. Read More
Wassenaar Arrangement: When small words have the power to shatter security
At Black Hat USA last year, in an interview with Dark Reading, Moussouris called the agreement a "dragnet" which sweeps in software used for legitimate purposes, as well as offensive software which can be used for illegal purposes. Read More
Bugs in the firmware of Gigabyte BRIX enable putting malware directly into UEFI
During the event BlackHat Asia 2017, specialists Cylance presented a special report about the vulnerabilities in the firmware of minicomputer Gigabyte BRIX. These vulnerabilities allow deployment of malware in UEFI. Read More
[BlackHat Asia 2017] Judge Lee Seung-jin, CEO of Gray Hash Interview
BlackHat Asia 2017 was held at Marina Bay Sands, Singapore from March 28 to 31, with a large number of hacking security experts and global security companies from around the world attending. I met a nice face here.It is Lee Seung-jin (Beist) of GrayHash.com, an offensive security research specialist attending the BlackHat Asia 2017 judging committee. Read More
UEFI flaws can be exploited to install highly persistent ransomware
On Friday, at the Black Hat Asia security conference, the team revealed how they did it: by exploiting vulnerabilities in the firmware of two models of ultra compact PCs from Taiwanese computer manufacturer Gigabyte Technology. Read More
Last week, I had the pleasure to lead High-Tech Bridge’s team at Black Hat Asia 2017 in Singapore and present a session entitled "Modern challenges of Web Application Security”. At the event, many great companies were presenting exciting cybersecurity products and solutions, with very attractive and quite well-thought out marketing claims. Read More
Gigabyte two mini quasi-system UEFI firmware was detonated loopholes, there are risk of implantation of eligibility software
Security industry Cylance in the last week's black hat hacking conference to expose two Gigabyte mini quasi-system, the use of UEFI firmware loopholes, may be hacker implantation eligibility software, Gigabyte is ready for one of the products release patch , Another product due to termination of the product will not repair. Read More
[Black Hat Asia 2017] Keynote Day 2 "Saumil Shah" 7 Facts About Security
This article is a summary of the session Keynote Day 2 of the conference Black Hat Asia 2017 by Saumil Shah, Founder and President of Net Square, which is described in the section "THE SEVEN AXIOMS OF SECURITY" about the fact 7 reasons to develop a strategy for. Proactive protection To deal with cyber threats in the future. Read More
Reactive to Proactive: 7 Principles Of Intelligence-Driven Defense
"Bugs are around, they're going to be around forever. That's fine," admitted Net Square CEO Saumil Shah in his keynote "The Seven Axioms of Security" at Black Hat Asia 2017. This isn't because all software is buggy, he noted, but because today's technology is complex. Read More
Bugs in the firmware allows Gigabyte BRIX introduce malware directly into the UEFI
The conference BlackHat Asia 2017 Cylance of experts presented a report on vulnerability in the firmware minicomputers Gigabyte BRIX, whereby in UEFI, you can embed malicious code. Read More
BlackHat Asia 2017] Han Seung-hun, Researcher Kang Jeong-hwan,
'BlackHat Asia 2017' was held from March 28th to 31st in Marina Bay Sands, Singapore. Many security experts from around the world attended the event, including global security issues, vulnerability announcements, training courses and security exhibits. Black Hat can be seen as a medium-sized conference between the commercial conference "RSA" and the hacker festival "Defcon". Read More
Gigabyte Firmware Flaws Allow the Installation of UEFI Ransomware
Yesterday, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware. Read More
Tencent computer housekeeper Hubble analysis system selected Black Hat "weapons spectrum"
As the only selected Black Hat weapons spectrum of China's open source system, Hubble analysis system with automation, from the massive data extracted from the threat of intelligence and automatically identify millions of malicious files and attacks, the number of Tencent computer housekeeper users Security escort. Read More
[Black Hat Asia 2017] sees a simple picture using Machine Learning to detect malware.
Many people have heard of the product owner. Next-generation Endpoint Protection / Antivirus Speaking of Artificial Intelligence or Machine Learning techniques to detect threats or abnormalities never seen before at the recent Black Hat Asia 2017 , Greg Singh, Director of Pre-Sales Engineering. Cylance has come up with a technique to get us to see more of Machine Learning. Read More
[Black Hat Asia 2017] Keynote Session First Day of Black Hat Asia 2017 by Halvar Flake
Ended with Black Hat Asia 2017 International Security Conference at Marina Bay Sands, Singapore. TechTalkThai team has the opportunity to attend this event. I will gradually summarize the content of each session to read it offline. Start with the first, which summarizes yesterday's Keynote session, by Halvar Flake, Google's Big Data and Machine Learning expert on "WHY WE ARE NOT BUILDING A DEFENDABLE INTERNET" Read More
Thomas Dullien, a reverse engineer and vulnerability researcher at Google, told a packed audience of IT security practitioners at Black Hat Asia in Singapore that part of the problem lays with the fact that the IT market is dominated by a few large suppliers. Read More
Researchers steal data from CPU cache shared by two VMs
The results sound scarily impressive: a Black Hat Asia session detailing their work promised to peer into a host's cache and stream video from VM to VM. Read More
SDN solves a lot of network problems, but security isn't one of them
In his Black Hat 2015 presentation, Abusing Software Defined Networks, Pickett said that SDN offers the ability to have the network respond on its own to threats. While it offers promise, SDN still has security holes. Read More
BEWARE iPhone Owners! Your Smartphones Can Be Hacked By Just Connecting To Any Wi-Fi
“The victim will only have to join the Wi-Fi network, and then the device will be compromised without any user interaction, bypassing all iOS mitigations and sandboxes,” reads a blurb of Grassi’s presentation for the Black Hat Asia hacking conference. Read More
Google engineer Halvar Flake discussed the actors, incentives, and industry challenges impeding Internet security as part of his keynote "Why We Are Not Building A Defendable Internet" here this week at Black Hat Asia 2017. Protected devices are part of the solution, but there's more to risk management, he said. Read More
iPhone Owners Beware, Your Smartphones Can Be Hacked Using Wi-Fi
The hack was described as "remotely compromising iOS via Wi-Fi and escaping the Sandbox". Marco Grassi, the Senior Security Researcher of Keen Lab of Tencent, will discuss the possibility of hacking iPhones using Wi-Fi in a talk which will be held on March 30 at the Black Asia Hat hacking conference. Read More
A Great Reason To Update Your iPhone: This Hack Breaks iOS Security With Just A Wi-Fi Connection [Black Hat Asia 2017]
The blurb for a presentation at the Black Hat Asia hacking conference this week would likely concern any iPhone owner: "The victim will only have to join the Wi-Fi network, and then the device will be compromised without any user interaction, bypassing all iOS mitigations and sandboxes." Read More
Both Liu and Song will be at Black Hat Asia 2017 to discuss design misconceptions and implementation mistakes that developers may overlook in IoT devices. Their briefing is entitled "Daily-Life Peeper: Bug Hunting and Exploit Techniques in IoT." Read More
HomeNewsFeatured4 Ways Your Devices are Spying on you Right now 4 Ways Your Devices are Spying on you Right now
Researchers discovered this potential privacy attack and presented their findings during Black Hat Europe 2016. Although no law enforcement has officially confirmed they are using this technology, it appears to be a tool up the sleeve of agencies such as the NSA and FBI. Ultrasound cross-device tracking is a grave threat to privacy all over the world and it will not go away anytime soon. Read More
The little security flaw that enables you to immediately log into one billion Android app accounts
At Black Hat Europe 2016, the researchers demonstrated that if the attacker could discover the email address associated with your Facebook profile, and your name that they could then get out their own mobile device, download the IMDB app and use a man-in-the-middle proxy to replace your profile with their profile. Read More
Former intelligence officer David Venable gave a crowd at Blackhat EU 2016, a rundown of what big data, and bad data in the private sector could mean for your privacy. Read More
Belkin WeMo devices could be hacking your smartphone – here's why you need to update now
The outcome of the hack could give a cybercriminal the ability to steal photos and even track locations in real time, the researchers said. The findings will be revealed in greater detail at Black Hat Europe in a talk titled 'Breaking BHAD: Abusing Belkin Home Automation Devices'. Read More
Security experts reveal secret to catching online scammers and counterfeiters
Taking to the stage at Black Hat Europe 2016, attended by IBTimes UK, the researchers demonstrated how Passive DNS – a collection of domain names and IP addresses – can be mixed with advanced "web crawling" to create a visualisation of sellers and counterfeiters. Read More
The study into the security vulnerabilities will be presented on Friday at Black Hat Europe 2016 in London by the two Invincea researchers who detected the flaws: Scott Tenaglia, research director and principal research engineer, and Joseph Tanen, lead research engineer. Read More
Mobile subscriber identity numbers can be exposed over Wi-Fi
For example, someone could set up a device that creates spoofed access points for all the Auto Wi-Fi profiles hard-coded into iOS and then grab the IMSI numbers for all nearby iPhones, O'Hanlon said Thursday during a presentation at the Black Hat Europe security conference in London. Read More
The great smartphone security scare: Your mobile can be hijacked and tracked without you knowing
Cybersecurity researchers Piers O'Hanlon and Ravishankar Borgaonkar from Oxford University have demonstrated a new attack at Black Hat Europe 2016 that enables hackers to capture a smartphone's unique 15-digit IMSI number within a second as they walk past, and then use that number to spy on the user's movements. Read More
This Hack Can Silently Break Into 1 Billion Android App Accounts
As they will note in the paper, released this week in anticipation of the researchers' Black Hat Europe talk on Friday, the flaws can be exploited remotely by an attacker to sign into a victim’s mobile app account without any awareness of the victim. Previously, attacks required some interaction from the user, the researchers said. Read More
Your WeMo Smart Home Can Spy On Your Android Smartphone
The update landed as Invincea Lab researchers Scott Tenaglia and Joe Tanen prepared to talk about the hacks at the Black Hat Europe conference taking place in London this week. And whilst Belkin's update addresses the issues, the hackers told FORBES it was possible to completely kill the update process on already-compromised devices, preventing any fix from ever being delivered. Read More
Security Firm to Detail Vulnerabilities in WeMo Switch and Android App
On Friday, at Black Hat Europe, an annual conference for the information security industry, Invincea Labs will detail two security vulnerabilities that it has discovered in smart-home products and an app made by WeMo—one of which would expose a user's smartphone photos and location to an attacker. Read More
Belkin Fixes Security Flaws in Its WEMO IoT Devices
At Black Hat Europe, Invincea researchers will talk about vulnerabilities they found in Belkin's home automation devices. Belkin has since patched the flaws. Read More
Browser Address Bar Spoofing Vulnerability Disclosed
Some details about the flaw were disclosed yesterday by researcher Rafay Baloch, who presented a paper on the broader topic of address bar spoofing in March at Black Hat Asia in Singapore. Read More
Black Hat 2016: Ransomware Could Lock Your Brakes ... At 75 MPH
Black Hat's most recent iteration this month drew more than 15,000 cybersecurity-minded professionals to Las Vegas, topping last year's event by at least 4,000. Neon was seemingly the color du jour, in theme with the Strip's bright lights. Read More
Certifications and Ratings in the Cybersecurity Guarantee Market
Having written on the topic of cyber insurance in the past—and having seen Jeremiah Grossman, Chief of Security Strategy at SentinelOne, speak on the topic of cyber insurance and software guarantees at no fewer than three InfoSec conferences in the past year (AppSec California 2016, ISSA Los Angeles 2016, and Black Hat USA 2016)—I decided to explore the guarantee portion of the topic. This article is a result of Grossman’s presentation materials combined with interviews conducted with the software guarantee champion. Read More
We played with the extreme $1,000 case that stops your phone from spying on you
Amid a huge number of cybersecurity companies pitching their wares at the Black Hat security conference last week in Las Vegas, one was offering a product geared toward CEOs and government officials — or the ultraparanoid. Read More
Samsung both denies and admits mobile payment vulnerability
Security researcher Salvador Mendoza demonstrated a flaw in Samsung Pay at Black Hat last week, in which the tokens used to secure transactions could be predicted, and used to authorize fraudulent payments. Read More
PLC Worms Pose Stealthy Threat To Industrial Systems
Researchers at Black Hat USA demonstrated 'PLC Blaster' worm capable of infecting programmable logic controllers and spreading to other systems. Read More
Computer researchers may have found a flaw in chip-based credit cards. Though the cards are designed to combat fraudulent cloning, apparently there’s a way to rewrite the magnetic strip code so it resembles the standard Europay, MasterCard and Visa (EMV) card. Researchers at the payment technology company NCR presented their findings at the Black Hat computer security conference last Wednesday, CNN Money reported. “There’s a common misperception EMV solves everything,” Patrick Watson, one of the researchers, reportedly told the site. “It doesn’t.” Read More
It's not every day you hear the chief technologist at the Federal Trade Commission brag about learning how to pick a lock. But that small side trip during the recent Black Hat USA conference in Las Vegas proved illuminating for the FTC's Lorrie Faith Cranor and underscored the changing relationship between government and the hacker community. Read More
The Black Hat conference has long been the security conference where speakers announce fairly frightening breaks in security. In the past, a lot of the energy went into targeting desktop and mobile operating systems, along with a steady stream of ways to convert the uncharted territory in widely used internet protocols into “weaponizable” exploits. Read More
Tucked away among the booths in a far corner on the showroom floor at the Black Hat cybersecurity conference this year, one company’s signage—a ghostly silhouette on a vertically-oriented, lemon-hued banner—stood out like the sore thumb of an avid selfie-snapper: Snapchat. Read More
These two guys just hacked the chip card that was supposed to keep your credit card safe
In a demonstration of the research on Wednesday, Valtman and his colleague Patrick Watson showed that an attacker can capture what is called Track 2 data that's transmitted from the card to the card reader using a small Raspberry Pi computer. The captured data, which is sent unencrypted, can then be used to create a normal magstripe card for use on older, offline systems. Read More
Bringing security into IT and application infrastructures
In this podcast recorded at Black Hat USA 2016, Chris Carlson, VP of Product Management, Cloud Agent Platform at Qualys, talks about a new trend in bringing security into IT and application infrastructures, as well as working with the DevOps team for increased security. Read More
At the Black Hat security conference in Las Vegas, Laurie Segall talks to CrowdStrike CEO George Kurtz about the DNC hack, and learns how electronic voting machines could be vulnerable to hackers. Read More
Nigerian Scammers Accidentally Infect Themselves With Own Malware
The scheme, detailed in a report presented at the Black Hat security conference in Las Vegas last week, is a more sophisticated version previously used by scammers called a Business Email Compromise (BEC). Read More
Researcher warns of flaws in Samsung Pay tokenisation and mag stripe features
A researcher presenting at Black Hat claims to have found vulnerabilities in Samsung Pay's tokenisation mechanism and its magnetic secure transmission (MST) contactless payment technology that could allow hackers to steal users' tokens and make fraudulent purchases. Read More
n the midst of the Black Hat mayhem last week, Dennis Fisher took some time to sit down for a group podcast with some fellow journalists and other guests, including Patrick Gray of the Risky Business podcast, Jessy Irwin, Mike Mimoso of Threatpost, Fahmida Rashid of InfoWorld, Chris Brook of Threatpost, and Brian Donohue of Booz Allen Hamilton’s Cyber4Sight team. This episode covers a wide range of topics, including the most interesting sessions at the conference, 0-day sales, security research on security products, and how the media covers it all. Read More
Samsung is all talk, no fix after researcher finds Pay flaw
In security, how a company responds to a potential flaw matters. Samsung may learn that lesson as it dueled on social media after a researcher revealed a flaw in Samsung Pay.The Korean electronics giant has disputed a security researcher's findings, who last week at the Black Hat security and hacking conference detailed what he described as "limitations" in the company's mobile payments system, Samsung Pay. Read More
Samsung denies its mobile payment platform is insecure
Every year the Black Hat conference highlights and analyzes security vulnerabilities in common services public awareness and a little infamy. On Sunday, a researcher released a paper criticizing the point-of-service purchasing system Samsung Pay for perceived weakness in its algorithm that could be exploited by hackers. In its security blog, the Korean tech giant refuted the claims, insisting that its math is different than described in the report and therefore still sound. Read More
Black Hat Las Vegas: Miller, Valasek unveil new attack, retire from car hacking
Famed car hackers Chris Valasek and Charlie Miller hung up their spikes Friday at Black Hat, announcing at the end of their presentation that they were moving on, but not before revealing a few more vulnerabilities in a Jeep Cherokee. Read More
Apple last week patched a critical iOS memory corruption vulnerability that could allow attackers to execute code on compromised devices. The flaw was found by Team Pangu, a Chinese hacker group that specializes in building iOS jailbreak tools. The vulnerability is fixed in iOS 9.3.4. Read More
You've heard by now that Apple announced a new bug bounty program at the recent Black Hat conference. In an unusual appearance, Ivan Krstic, Apple's head of security engineering and architecture, made the announcement himself. Read More
10 Scenes From Black Hat 2016 That Show Security Is Red Hot
More than 15,000 hackers and security professionals gathered at the Mandalay Bay hotel in Las Vegas last week for Black Hat 2016. With that came bunch of seriously wacky and wild sights, including giant robots, alien bars and booths to physically bash competitive security solutions. However, there were also some serious sights, including a keynote addressing the future of iInternet security, new vendor debuts and the latest in car hacking vulnerabilities. CRN was on site at the event last week – here are 10 sights that stood out from the show floor this year. Read More
Last week’s Black Hat 2016 conference was a whirlwind of activity. Here are a few of my takeaways. I kind of like Black Hat better than the RSA Conference. At Black Hat, you talk about the real challenges facing our industry and discuss intellectual ways to overcome them. Read More
When cybersecurity professionals converged in Las Vegas last week to expose vulnerabilities and swap hacking techniques at Black Hat and Defcon, a consistent theme emerged: the internet is broken, and if we don’t do something soon, we risk permanent damage to our economy. Read More
Greetings from Las Vegas, where Black Hat and Defcon, the world’s biggest code cracking confabs, took place this week. If you tried to contact me, our communications were probably intercepted. Oh well. Read More
SDN Security Researchers State Their Case at Black Hat
Presenting at Black Hat on Thursday, Yoon and Lee introduced SDNSecurity.org, an organization focusing on identifying SDN security issues and their possible solutions. The group has been at work for a little while, finishing eight projects with eight more in the hopper, and a relaunch of the website is due in September. Read More
Equal Respect: Removing Roadblocks to Diversity in Infosec
Although there’s been a big push for decades to bring in more diverse candidates among those who qualify, the women on this panel illustrated how their industries are still inadvertently putting up a roadblock to diversity right from the initial recruiting and hiring stage. And women and minorities are being excluded – from job descriptions to informal company events – by people who aren’t necessarily aware that they are subscribing to some form of -ism (racism, sexism, heterosexism). Read More
Cybersecurity? There's No Accounting for Human Weakness
The common thread I heard in the majority of the sessions at this year’s Black Hat conference was: the human factor. In other words, security only works if you actually implement it, rigorously stick to it, and consistently update it. It’s like having a state-of-the art alarm system on your house but then leaving the bedroom window open for fresh air. Or hiding the door key under the front mat. Read More
With the largest Black Hat to date now in the rear view mirror, it’s clear there is edginess not only in the hacker community, but also in hot cybersecurity market segments where vendors are competing for thought leadership as well as wallet share. Read More
Malware hidden in digitally signed executables can bypass AV protection
Researchers have shown that it’s possible to hide malicious code in digitally signed executables without invalidating the certificate, and execute this code – all without triggering AV solutions. Tom Nipravsky, from Tel Aviv-based Deep Instinct, presented the results of their research at Black Hat USA 2016, but didn’t release PoC code as it would be too dangerous. Read More
Black Hat USA Shows Enterprises Fail to Learn Security 101 Lessons
There was plenty of news last week during Black Hat USA about new cyber-threats, vulnerabilities and exploits. The good news is that security technologies are more advanced than ever and researchers are getting better at spotting hacks and malware. Read More
The Good and the Terrifying Things at Black Hat 2016
Black Hat is a gathering of security researchers, hackers, and industry that meets in Las Vegas to do three things: outline the latest threats, show how the good guys and the bad guys can be defeated, and launch attacks on the attendees. Read More
Top 5 scary hacks that emerged from the Black Hat USA hacker conference
The annual Black Hat USA conference attracts thousands in the cybersecurity community every year and thanks to the milling hackers, new and innovative cyber-exploits have emerged, which can be both fascinating and scary. This year's conference has produced an impressive array of attacks, highlighting how hackers can manipulate every gadget and even the Internet of Things (IoT) to launch attacks. Read More
When you think of the Internet decades ago never really thought about their safety. A large group of hackers, who this week together in Las Vegas, is therefore concerned about the future of the web. "We need to make the Internet safer really," said hacker Dan Kaminsky at Black Hat, one of the two security conferences in Las Vegas. Read More
Thousands of hackers and security professionals turned out in Las Vegas this week to the annual Black Hat conference, looking to see the latest and greatest threats facing the security space today. In presentations throughout the week, security researchers and hackers presented their exploit and vulnerability findings, revealing vulnerabilities in connected devices, business infrastructure and more. Read More
Imagine driving down the highway with your foot on the gas and hands on the steering wheel, only to come to a screeching halt without ever hitting the brakes. Two security researchers who detailed an apparent hack into a 2014 Jeep Cherokee last year shared their latest exploits at the Black Hat hacker conference on Thursday in Las Vegas. Read More
Car Hackers Return to Black Hat with New Attacks to Drive You Off the Road
Over the last few years, Charlie Miller and Chris Valasek have done dramatic work attacking connected cars. Now, they return to Black Hat to show off their most recent research. And this time, they can do even more. Read More
Two American security researchers hacked again a Jeep Cherokee. They told at Black Hat, a security conference in Las Vegas. They could send a sudden upset or turn on the brakes. Read More
Afraid of the Dark? Too Bad, Your Smart Bulbs Can Be Hacked
Ronen and Colin O’Flynn, a PhD student at Dalhousie University in Canada, detailed these risks in a presentation at the Black Hat Security conference in Las Vegas on Thursday. The two conducted independent, separate research into the Philips Hue. Read More
Your Airbnb Wi-Fi Is Not Secure: How to Protect Yourself When Traveling
Ask a room of security professionals, like a group of BlackHat attendees, whether they are willing to connect to wi-fi without using some secondary form of protection, and the answer will be a resounding “No.” But plenty of business travelers operate under the assumption that wi-fi security is increased at an Airbnb as opposed to connecting to the same network as hundreds of other visitors. Read More
Cybersecurity researchers took advantage of the lag time on a chip card to steal its information and route it to a hacked ATM, making the machine pour out cash. Read More
#BUHSA Attacks on Activists are Prevalent, but Unsophisticated
Speaking at the Black Hat conference in Las Vegas, EFF staff technologist Cooper Quintin and global policy analyst Eva Galperin revealed research about how activists and journalists were targeted. In particular, in what it called "Operation Manul". Read More
Presenting before an audience at the Black Hat USA conference in Las Vegas on “Iran and the Soft War for Internet Dominance,” Collin Anderson, a Washington D.C.-based computer scientist focused on internet controls and restrictions on communications, and Claudio Guarnieri, senior research fellow at Citizen Lab, discussed the research they are doing into how groups in Iran use social media and applications to wage its propaganda war, and attack opponents. Read More
Speaking at the Black Hat conference in Las Vegas, Ivan Krstic, Apple’s head of security engineering and architecture, outlined the new security program, which launches in September. Citing “the increasing difficulty to find its most critical security issues,” Krstic says the added help from the white-hat hacking community is important to find flaws as Apple’s iOS security mechanisms are getting strong with the release of iOS 10. Read More
#BHUSA Researchers Present Deep Sea Phishing Exercise
Presenting at the Black Hat conference in Las Vegas, John Seymour, data scientist, and Philip Tully, senior data scientist, both with ZeroFOX, discussed how they used a combination of traditional natural language processing, histograms, and parsing information from user profiles to build a much more effective automated phishing campaign. Read More
Black Hat 2016: Apple iPhone Updates Drub Android Counterparts
Apple (AAPL) iPhones are drubbing their Android counterparts on the mobile security front, say Atredis Partners founders Shawn Moyer and Josh Thomas. But Apple's dominance isn't necessarily tied to a more potent security posture. Read More
Apple offers big cash rewards for help finding security bugs
The maker of iPhones and iPads provided Reuters with details of the plan, which includes some of the biggest bounties offered to date, ahead of unveiling it on Thursday afternoon at the Black Hat cyber security conference in Las Vegas. Read More
How much is a flaw in Apple software worth? The answer to that question has long been a mystery, because Apple didn't pay security researchers who reported bugs to the company. Read More
Starting this fall, Apple will pay up to $200,000 for iOS and iCloud bugs
As part of a security presentation given at this year's Black Hat conference, Apple today announced that it would be starting up a bug bounty program in the fall. The program will reward security researchers who uncover vulnerabilities in Apple's products and bring them to the company's attention. Google, Microsoft, Facebook, and many other companies have offered bug bounty programs for some time now, but this is Apple's first. Read More
'BadTunnel' Flaw Threatens All Versions of Windows
An implementation flaw in an ancient Windows networking service lets attackers remotely seize control of the internet connections on every Windows PC made in the past 20 years, security researcher Yang Yu said at the Black Hat security conference here today (Aug. 4). Read More
While security has been a crucial part of its corporate narrative, Apple has quietly refused to pay for bug reports, at times frustrating security researchers who found it difficult to report flaws to the company. That changed today, as Apple’s head of security engineering and architecture, Ivan Krstic, announced to Black Hat attendees that Apple will begin offering cash bounties of up to $200,000 to researchers who discover vulnerabilities in its products. Read More
Apple is launching an invite-only bug bounty program
Apple is planning a new bug bounty program that will offer cash in exchange for undiscovered vulnerabilities in its products, the company announced onstage at the Black Hat conference today. Launching in September, the program will offer cash rewards for working exploits that target the latest version of iOS or the most recent generation of hardware. Read More
In 2015, automotive cybersecurity researchers Charlie Miller and Chris Valasek showed how they could remotely stop a car and disable its brakes when it was going below five miles per hour. This year, they unveiled a new exploit: while in the car, plugging into the car's electronic system to hijack its steering and brake systems, while going at a much faster clip. Read More
Hacking Hue: Researchers Worm into the Internet of Things
A presentation at this year's Black Hat conference in Nevada discusses a nightmare scenario: a digital worm spreading between Internet of Things and smart devices. Try to act natural, because your lightbulb might be watching you. Read More
At Black Hat, a Reminder That Decryption Can’t Be Legally Mandated
WHAT KIND INFORMATION can the US legally demand that a company hand over? And under what circumstances? And which laws give the government and law enforcement those rights? Eh, it’s not currently very clear, as was recently proven by the Apple/FBI battle over unlocking one of the San Bernardino shooters’ iPhones and the death of secure email service Lavabit after its founder refused to produce its Secure Sockets Layer (SSL) private keys for an FBI probe. Read More
The four cybersecurity terms everyone is talking about at Black Hat
As the saying goes, knowledge is power. And when it comes to cybersecurity knowledge, every year thousands descend on Las Vegas for the Black Hat conference to acquire as much of it as they can. For some, it’s an opportunity to share research and to demonstrate the fragility of computing systems. For others, it’s a chance to show off new tools and technologies to defend against threats. Read More
Two researchers at the University of Leuven have on the security conference Black Hat in Las Vegas a new attack against HTTPS encrypted Web pages called HEIST presented (HTTP Encrypted information can be Stolen through TCP windows). This combines a timing attack using with known weaknesses of TLS in combination with compressed data. Read More
More than 10 years ago in Europe and Canada credit cards included a chip and not just a magnetic strip. This component that a combination of four numbers sum, the popular PIN, serves as a double safety factor to prevent theft. Two members of the company Rapid7, specializing in security, have demonstrated their weakness at Black Hat, the more relevant hacker conference taking place this week in Las Vegas. Read More
New security flaw in credit card chip system revealed
Computer security researchers at the payment technology company NCR demonstrated how credit card thieves can rewrite the magnetic stripe code to make it appear like a chipless card again. This allows them to keep counterfeiting -- just like they did before the nationwide switch to chip cards.They presented their findings at the Black Hat computer security conference on Wednesday. Read More
Black Hat: Google Project Zero Researcher Details the Year in Flash Flaws #BHUSA
Few people have ever found as many bugs in Adobe's Flash as Google Project Zero security researcher Natalie Silvanovich. In a session at the Black Hat USA conference here Silvanovich detailed the year in Flash bugs and what a year it has been. Read More
Smart Bots Create Phishing Messages to Slide into Your Mentions
To a smart attacker, Twitter and other social networks are veritable cornucopias of personal information being broadcast for the world to see. Scammers are already employing them for so-called "open source information gathering," but the researchers at this year's Black Hat conference felt that they could do better. They created a machine-learning model that creates highly clickable spear phishing links for Twitter. Read More
Attendees mill about the Black Hat 2016 trade show floor seeking tools they need to do their work. See how vendors make every effort to have them stop by. Read More
At the Black Hat USA conference here, Kaminsky answered a few questions about the current state of DNS as well as DNSSEC, which was originally seen in 2008 as being the long-term solution for DNS security. Read More
HEIST attack on SSL/TLS can grab personal info, Black Hat
The exploit of the HTTPS cryptographic scheme dupes end-users by hiding a file in a web ad or directly on a webpage. The attack, named HEIST by its developers, Mathy Vanhoef and Tom Van Goethem, doctoral candidates at the University of Leuven in Belgium, enables the exploit of flaws in network protocols without having to sniff actual traffic. The two presented their findings [pdf] at Black Hat on Wednesday. Read More
Black Hat Las Vegas: MasterCard workers go "phishing" for malware
With the ever increasing amounts of ransomware and general spam pouring into all companies, Green told SCMagazine.com in an exclusive interview at Black Hat that MasterCard wanted to come up with a way to not only spot the malware, but make everyone feel as if they are playing an important role in keeping the company safe. Read More
Severe vulnerabilities discovered in HTTP/2 protocol
On Wednesday at Black Hat USA, cybersecurity firm Imperva released new research into a number of high-profile flaws found within the latest version of HTTP, HTTP/2, which underpins the worldwide web's underlying protocols and communication systems. Read More
Teaching Machines to Hunt for Hackers, Sing Taylor Swift
At this year's Black Hat conference here, Cylance Senior Researcher Brian Wallace and Data Scientist Xuan Zhao walked attendees through some simply applications that could take the grunt work out of cyber security and, perhaps, generate new discoveries. They also generated a Taylor Swift song, but more on that later. Read More
Top infosec top bods praise and damn in Pwnie Awards
Black Hat It’s Black Hat time and that means the Pwnie Awards ceremony, honoring the highlights and bottom feeders of the IT security industry. The ceremony - which hands out gold and technicolored toy ponies that would make a brony salivate - was held on Wednesday night at the Black Hat convention in Las Vegas. The judges that included Dark Tangent (aka the show’s founder Jeff Moss), HD Moore, car hackers Charlie Miller and Chris Valasek, and Dino Dai Zovi. Read More
A lack of understanding of modern VoIP and unified communications security opens many service providers and businesses to cyber attack, a Context IS researcher warns at Black Hat USA Read More
A lack of understanding of modern VoIP and unified communications security opens many service providers and businesses to cyber attack, a Context IS researcher warns at Black Hat USA Read More
Chip-and-PIN credit cards hacked easily, Black Hat conference proves
The new credit card with a chip in it in your wallet ‒ touted as being less vulnerable than the old magnetic swipe version ‒ isn’t as safe as you think. Hackers at Black Hat proved once again the chip-and-PIN cards are not as impenetrable as they seem. Read More
Earlier this year, a whitepaper was released which revealed the results of an experiment where malicious USB sticks were dropped around the campus of the University of Illinois. Working with researcher Elie Bursztein, the test gained further exposure this week at the Black Hat Conference in Las Vegas, with Bursztein declaring that they had been able to drop the USBs and it was “job done”. Read More
n theory, hackers could break into a company by leaving a lot of USB drives for employees to find; surely at least one will be daft enough to plug it in. Elie Bursztein, anti-fraud and abuse research lead at Google, wondered if this would really work, so he put it to the test. At the Black Hat conference in Las Vegas, he reported on what he learned, and proceeded to instruct attendees on the creation of a USB drive that can pwn any Windows, OS/X, or Linux device in seconds. Read More
Never Trust a Found USB Drive, Black Hat Demo Shows Why
At Black Hat USA, security researcher Elie Bursztein shared the results of an experiment where he dropped 297 USB drives with phone-home capabilities on the University of Illinois Urbana-Champaign campus. He also explained how an attacker might program and camouflage a malicious USB drive outfitted with a Teensy development board to take over a target’s computer within seconds after plugging the drive in. Read More
How Drones Could Help Hackers Shut Down Power Plants
When hackers took down the power grid in parts of Ukraine last year, local authorities sent operators to manually switch on power, coordinating the recovery efforts via cellphone. But what if the attackers could jam the cellphone network—perhaps using drones? That’s the hypothetical, though realistic, scenario that a security researcher posited on Wednesday during a presentation at the Black Hat security conference in Las Vegas. In the future, warned researcher Jeff Melrose, drones will be used to support and amplify cyberattacks against critical infrastructure. Read More
Black Hat includes a variety of security topics from how USB drives are a menace and how drones are fast becoming a threat you need to pay attention to and much more. Here we take a look at just a few of the hot topics presented at the conference. Read More
A Peek Inside the Black Hat Network Operations Center
Every year, the Black Hat conference presents two days of briefings that reveal amazing discoveries in the security realm. Those briefings are preceded by several days of trainings—hands-on classrooms teaching all aspects of hardware, software, and network hacking (and protection against hacking). Read More
Black Hat: ATM spits out cash after chip and pin hack
Black Hat USA attendees who watched an ATM spit out hundreds of dollars might tend to agree. The demonstration was part of Hacking Next-Gen ATMs: From Capture to Washout, which was presented by Rapid7’s Weston Hecker. The abstract of his talk said the system he devised could “cash out around $20,000/$50,000 in 15 minutes.” Read More
Black Hat: How to make and deploy malicious USB keys
USB keys were famously used as part of the Stuxnet attack on the Iranian nuclear program and for good reason: it’s got a high rate of effectiveness, according to a researcher at Black Hat 2016. Read More
Black Hat 2016: Drone Attacks, Ukraine's Digital War, Apple Domination
The speed limit of a Terminator is 25 miles per hour, quipped Jeff Melrose, principal technology strategist for Yokogawa US, on Wednesday. And the U.S. Federal Aviation Administration just ruled it illegal to shoot down a drone. Read More
The Black Hat session began very boldly. Nir Valtman, Head of Application Security for NCR Corporation, and his colleague, Application Security Architect Patrick Watson, promised to bypass chip and PIN, and they delivered. Read More
Charlie Miller and Chris Valasek figuratively drove off into the sunset today at Black Hat, hanging up their car hacking exploits for good and leaving behind a pioneering legacy that elevated this type of research into the mainstream. Read More
For the third year in a row, security researchers Charlie Miller and Chris Valasek gave a talk at the Black Hat USA conference here about car hacking. Despite the high-profile recall of 1.4 million cars in 2015 after their talk, there are still risks in vehicles that can enable an attacker to take control of steering and brakes. Read More
Black Hat 2016: Jeep Cherokee Hacking Tops 2015 'Parlor Tricks'
Miller and Valasek, researchers at the Uber Advanced Technologies Center, returned Thursday to the Black Hat cybersecurity conference in Las Vegas, expanding on research that allowed them to perform "parlor tricks" on a Jeep Cherokee in 2015. Read More
Black Hat volunteers fight to keep hacking mayhem at bay
Welcome to the NOC, or the network operations center, of Black Hat, an annual conference in Las Vegas where cybersecurity researchers gather to trade hacking secrets. The purpose of the conference, in theory, is to get better at stopping bad guys. But in practice, that means learning to think like a skilled hacker as new techniques are presented and taught. Read More
The Philips Hue is a light bulb that connects to an Ethernet network. So you know there’s got to be a way to hack it. Granted, light bulbs aren’t as ominous as, say, nuclear weapons. But what could you do if you loaded malicious firmware onto a smart bulb? Could you unleash a worm that jumps from bulb to bulb? Could this be a conduit for hacking into the network? Read More
Maybe Security Isn’t Just a ‘Human Stupidity’ Problem
One easy way to explain IT security problems is to say it’s all Layer 8 — that is, the root cause is human stupidity, and networks would be more secure if people would just follow instructions. Jelle Niemantsverdriet believes that’s not correct. Read More
Jeep Hackers Back at Black Hat With New and Scarier Method
Charlie Miller and Chris Valasek grabbed headlines last year by showing how they could kill a Jeep's engine while it was traveling down a highway. At the Black Hat hacker conference on Thursday the pair demonstrated how they could again take control of the Jeep Cherokee, this time by sending false messages to its internal network. Read More
Apple Will Pay a ‘Bug Bounty’ to Hackers Who Report Flaws
At the Black Hat hacking conference, Apple announced a list of vulnerabilities that would command big bounties, including $25,000 for ways around Apple’s digital compartments and into its customers’ data, $50,000 for bugs that give hackers a way into iCloud data, and $200,000 to turn over critical vulnerabilities in Apple’s firmware — the software that lies closest to the bare metal of the machine. Read More
So what else is buzzing among the cybersecurity professionals at Black Hat? Across all the conversations I had today, two concerns emerged again and again: ransomware and insider threats. Ransomware is a type of malware that encrypts information or stops a device from working until a ransom is paid, usually using Bitcoin in order to preserve the anonymity of the attacker. An “insider threat” is a person within an organization who, through malice or negligence, causes damage to the organization’s networks or data. Read More
Hackers from around the world gathered in Las Vegas
When you think of Las Vegas, thinks more likely to gamble than to hack. Yet gather here this week thousands of hackers for two major conferences: Black Hat and Def Con . There will subsequently 12,000 and 20,000 visitors away. Read More
How Drones Could Help Hackers Shut Down Power Plants
That’s the hypothetical, though realistic, scenario that a security researcher posited on Wednesday during a presentation at the Black Hat security conference in Las Vegas. In the future, warned researcher Jeff Melrose, drones will be used to support and amplify cyberattacks against critical infrastructure. Read More
With more organizations turning to VoIP (Voice over Internet Protocol) and cloud-based Unified Communications (UC) systems to underpin their commercial services and corporate communications, IT response and security testing teams are struggling to keep pace with the VoIP attack surface and growing number of threats in the wild, according to Fatih Ozavci from Context Information Security, speaking at the Black Hat USA 2016 on Thursday. Read More
Black Hat Las Vegas: Point-of-sale experts bypass security measures in popular PIN pad, including EMV protections
After physically demonstrating how to hijack retail point-of-sale transactions – including those using EMV-standard chip cards – two security experts from NCR Corporation offered attendees at Black Hat critical tips on preventing such incidents in real life. Read More
Researchers Bypass Chip-and-Pin Protections at Black Hat
Nir Valtman and Patrick Watson, researchers with NCR Corporation, staged a series of malicious transactions in a talk here at Black Hat on Wednesday, demonstrating how they could capture Track 2 data and bypass chip and pin protections. Read More
Cybersecurity Conference Includes 'Hackers For Hillary' Fundraiser
A Hillary Clinton fundraiser will take place at BlackHat in Las Vegas. Cybersecurity experts there say they support her over Donald Trump despite all the controversy over her email server. Read More
Hackers reveal their cybersecurity secrets at Black Hat summit
Heavy metal and hackers - it's a pair only Sin City could bring together. At the 19th annual Black Hat conference, an expected 11,000 hackers from 108 countries are trying to solve the cybersecurity problems of the future, reports CBS News correspondent Mireya Villarreal. Read More
The best way to keep data safe is to keep it away from the Internet. This is what's called an "air gap," and it's considered the most practical and effective means to keep hackers out. But the wide availability of drones makes jumping the air gap easier than ever, as Yokogawa Senior Prinicpal Tech Specialist Jeff Melrose explained at this year's Black Hat conference. Read More
The Black Hat Kaminsky DNS Flaw: Eight Years Later
In the summer of 2008, my Black Hat USA experience was dominated by a single topic, from a single speaker, Dan Kaminsky and his big DNS flaw. On July 8, 2008, Kaminsky made a big splash announcing that he had found a huge flaw in the internet and that he had brought together the world's IT vendors to help fix the flaw. Read More
Forget card skimmers, chip-card shimmers will be your next nightmare
At the Black Hat 2016 security conference in Las Vegas this week, engineers from Rapid7 demonstrated how a few small pieces of electronics could be used to stage a man-in-the-middle attack against an ATM. Read More
A common feature of most Airbnb rentals is WiFi access, but providing that connectivity might well come with risks for both the person providing the space and the guest, according to a Black Hat USA talk scheduled for Aug. 4 in Las Vegas. Read More
Android’s version fragmentation puts Apple ahead in the mobile device security race, claim researchers at Black Hat. In a session titled ‘Can you trust me now? An exploration into the mobile threat landscape’, Atredis Partner researchers Josh Thomas and Shawn Moyer set out to contextualise the rest of the Black Hat mobile track. Read More
Researchers speaking at the Black Hat conference in Las Vegas demonstrated how small modifications to equipment would allow attackers to intercept the systems used to authorise payments. Read More
Windows 10 Credential Guard Risk Exposed at Black Hat
Microsoft's Windows 10 includes many innovative security features that are intended to help minimize risk and improve user experience. One such feature is Credential Guard, which aims to protect users against attacks. However, according to security firm Bromium, many risks remain. Read More
#BHUSA Kaminsky Highlights Flaws of Leaderless Internet
Delivering the opening keynote at Black Hat USA in Las Vegas, security researcher and chief scientist of White Ops Dan Kaminsky highlighted the challenges of what he called ‘this’ internet is facing, and why the likes of Minitel, AOL and AT&T (a company which he said is the equivalent of a kid putting on their Dad’s coat) had failed to deliver a lasting solution. Read More
There is no guarantee that the internet will succeed. And if we aren’t careful we can really screw it up. It has happened before and we can do it again. The warning comes from technologist Dan Kaminsky who says there is a need to treat the internet similarly to the way the National Institutes of Health is devoted to medical research. Kaminsky, who was delivering the keynote to over 6,000 Black Hat USA 2016 attendees, said problems that need to be addressed within the security community are political, technical and how the security community collaborates. Read More
Security guru Dan Kaminsky is calling for the security industry to embrace the “isolation” architecture of virtual machine and cloud technology as a way to protect online data and end users. Kaminsky, who delivered the keynote address here and detailed his prototype IronFrame browser and a new firewalling technology Autoclave, says the security industry has an opportunity to better secure the Internet. Read More
During his keynote at the Black Hat security conference Wednesday, the chief scientist for White Ops Security called on researchers, engineers and lawmakers to rethink what is possible with the internet and work toward making things work simpler and more secure at the same time. Read More
Kaminsky: The internet is germ-ridden and it's time to sterilize it
Black Hat Dan Kaminsky, the savior of DNS and chief scientist for White Ops, has used the opening keynote of Black Hat 2016 to outline three technologies he has been working on that could make working online a lot safer – if they are adopted. Read More
Kaminsky Warns Black Hat Audience of Risks to the Internet
During his Black Hat keynote, Dan Kaminsky outlines a litany of risks to the continued functioning of the modern internet and identifies the keys for moving it forward. Read More
Black Hat 2016: We Need To Step Up Our Security Or Risk Losing The Internet As We Know It
There’s something wrong, big time, with privacy and security around the Internet, and the security industry needs to step up or risk losing it altogether, Dan Kaminsky, chief scientist and founder of White Ops, said in a keynote speech Wednesday at Black Hat 2016 in Las Vegas. Read More
Donald Trump is a troll looking to say whatever will stir up the most people, according to security expert Dan Kaminsky who delivered the keynote at Black Hat today. Read More
Black Hat 2016 keynote: We need sharing, not competition, in security
Black Hat 2016 keynote speaker Dan Kaminsky called for more information sharing and in security and more long-term public work in the cybersecurity space. Read More
Researchers at Black Hat describe finding four flaws – now fixed - in the way the major server vendors implemented HTTP/2, but warn that the year-old Web protocol remains fertile ground for hackers seeking weaknesses in the way it’s rolled out. Read More
How Dangerous Is the Black Hat Network Operations Center?
In a dark room on a busy floor at the Mandalay Bay Hotel here sits the Black Hat Network Operations Center (NOC), which could well be one of the most hostile environments many IT people will ever see. Read More
Kaspersky Lab is using Black Hat’s hacker-rich environment as the launch pad for its first bug-bounty program that seeks talent to hack the company’s anti-malware software. Read More
Black Hat 2016: Apple iPhone Updates Drub Android Counterparts
Apple (AAPL) iPhones are drubbing their Android counterparts on the mobile security front, say Atredis Partners founders Shawn Moyer and Josh Thomas. But Apple's dominance isn't necessarily tied to a more potent security posture. Read More
Cyber security a spotlight at Black Hat convention
It's grown to become one of the premiere cyber security conventions around the world. The Black Hat conference has the reputation as a hacker convention but for those attending it's really about protecting your information from the bad guys. Read More
Thousands of hackers and other cybersecurity professionals converged on Las Vegas on Wednesday for the annual Black Hat conference. Here are some highlights of the day's events. Read More
Black Hat: 5 Ways to Avoid Losing the Internet We Love
Kaminsky, a well known security researcher, chief scientist at White Ops, and frequent speaker at the Black Hat conference, opened this year’s Black Hat with a kinetic and often rambling talk, peppered with random bits of prickly, amusing opinion. Read More
Researchers Show How To Steal Payment Card Data From PIN Pads
The manner in which many PIN pads used by consumers to pay for purchases and communicate with point-of-sale systems make it very easy for attackers to steal payment card data, researchers warned here this week. Read More
When automotive security researchers Charlie Miller and Chris Valasek take the stage Thursday morning (Aug. 4) at the Black Hat conference in Las Vegas, they will outline new methods of CAN message injection. Read More
The computer security industry's annual pilgrimage to Las Vegas this week for a trio of conferences will hash out the myriad, creepy ways criminals can breach our increasingly connected world. Among this year's talks: the possibility drones perched high up on buildings could link into unsecured networks, the ease even a bored teen-ager could take over an Airbnb rental’s Wi-Fi, ransomware used to hijack connected cars, and how a hacked roof-top solar array could destabilize an entire power grid. Read More
Car hackers Charlie Miller and Chris Valasek have again hacked a 2014 Jeep Cherokee, this time by physically linking a laptop to commandeer its steering and kill the brakes. The duo have captured the hack to be presented at Black Hat Las Vegas this week in video proof-of-concept demonstrations. Read More
Mike Mimoso, Tom Spring, and Chris Brook preview Black Hat 2016, including Ivan Krstic’s talk on Apple/iOS security, Dan Kaminsky’s keynote, IoT, PAC malware, and more. Read More
Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry. Read More
Platform security a hot topic at this week’s hacker conference
With over 12,000 expected participants from more than 100 countries at this week’s Black Hat Briefings convention, one of the world’s premier hacker conferences is anticipating record numbers for its 19th year in Las Vegas. Read More
Black Hat basics: Ruminations on 19 years of Black Hat Briefings
Las Vegas in August. Common sense might suggest those things go together about as well as wearing mohair in the Mojave. From a security perspective, however, it means making the annual pilgrimage to the land where what happens there stays there, to participate in the week-long activities surrounding one of the oldest standing (and best) security conferences: the Black Hat Briefings. Read More
16 Hot New Security Products Launched At Black Hat 2016
The security industry turned out in force to Las Vegas this week to attend the annual Black Hat Conference. Vendors used the opportunity to showcase their latest and greatest technology releases. Read More
Dark Reading Radio at Black Hat 2016: 2 Shows, 4 #BHUSA Presenters
Even if you can't physically be at Black Hat USA 2016, Dark Reading offers a virtual alternative to engage with presenters about hot show topics and trends. Read More
Each Black Hat begins with a major keynote speech that sets the tone for conference and is an opportunity for a noted individual to bring important issues to the security community's attention. This year, the keynote will be given by security researcher Dan Kaminsky. Read More
When computer hackers and security pros gather for twin conferences in Las Vegas this week, the focus will be on risks related to the growing assortment of connected thermostats, smartwatches, cars and other devices that the tech industry calls the “Internet of Things”. The side-by-side conferences, known as Black Hat and Defcon, offer both a snapshot of the current state of computer security and an early peek at tomorrow’s cybersecurity problems. Read More
Black Hat USA and DefCon: Finding Security Risks in All the Things
No week in the information security calendar is quite like this one, with the annual Black Hat USA and DefCon security conferences descending on Las Vegas. The mythos of the two security conferences runs deep across more than two decades as the places where new research is revealed and zero-day exploits are announced, and the 2016 events are no exception. Read More
This Time, Miller & Valasek Hack The Jeep At Speed
Miller and Valasek, both security experts with Uber’s Advanced Technology Center, on Thursday here at Black Hat USA will present their latest car hacks, which basically build upon the work they demonstrated a year ago on how they could control the 2014 Jeep Cherokee’s electronic functions from afar. Read More
The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse
At the Black Hat security conference later this week, automotive cybersecurity researchers Charlie Miller and Chris Valasek will present a new arsenal of attacks against the same 2014 Jeep Cherokee they hacked in 2015. Read More
At Black Hat, the ‘Internet of Things’ Gets Put Through Its Paces
When computer hackers and security pros gather for twin conferences in Las Vegas this week, the focus will be on risks related to the growing assortment of connected thermostats, smartwatches, cars and other devices that the tech industry calls the “internet of things.” Read More
Amid the parties, the deal making and the overall catching up between security compatriots at the annual Black Hat pow wow in Las Vegas every year, there's a body of seriously good work that comes out of the show. Beyond the big vulnerability revelations, some of the most lasting contributions to ongoing security research and protection work comes in the form of new open source tools released by presenters at the show. Read More
Black Hat: 9 free security tools for defense & attacking
When Black Hat convenes next week in Las Vegas, it will be a rich environment for gathering tools that can be used to tighten security but also - in the wrong hands - to carry out exploits. Read More
And off you go. Which is to say creating a plan for Black Hat next week, be it which sessions to attend, what tech to look for, what trends to double-click on (never mind what parties to hit), can be challenging. With an attempt to keep some of the squirrels out of my peripheral vision, here a few of the ones I’ll be chasing next week at Black Hat 2016. Read More
Are you attending Black Hat for the first time this year? As you try to manage your schedule and prepare for a few days in the blazing Vegas heat, perhaps you are starting to feel a little overwhelmed. I find it's always beneficial to manage my expectations, so If you've never been, I can tell you that it's a little overwhelming upon arrival. Read More
Apple, notoriously closed-mouthed about its security technology, plans to detail three new security features of the upcoming iOS 10 operating system at the Black Hat conference next week. Read More
Apple’s security chief to go behind the scenes of iOS security during upcoming BlackHat USA 2016 briefing
Apple is planning on discussing various aspects of iOS 10 security in “unprecedented detail” at the upcoming BlackHat USA 2016 security conference. Ivan Krstic, head of Apple Security Engineering and Architecture, will give a 50-minute briefing to discuss cryptographic design, the Secure Enclave found in Touch ID-enabled devices, and a new JIT hardening mechanism in iOS 10. Read More
Bugs & Bugs: National Moth Week, PHP, Black Hat & more
As my colleague Tim Greene, our resident IT security editor discusses, next week's Black Hat event in Las Vegas will be filled with intriguing presentations by white hat hackers sharing their latest exploits, including one involving Bluetooth Low Energy that could impact internet of things devices. Read More
The conference heads back to Vegas next week, with a big interest in anti-ransomware, endpoint security, security analytics, cloud and IoT security Read More
Are you attending Black Hat for the first time this year? As you try to manage your schedule and prepare for a few days in the blazing Vegas heat, perhaps you are starting to feel a little overwhelmed. I find it's always beneficial to manage my expectations, so If you've never been, I can tell you that it's a little overwhelming upon arrival. Read More
How To Stay Safe On The Black Hat Network: ‘Don’t Connect To It’
As one of the guys that’s kept the network running at Black Hat for the last 14 years, I’m often asked the same question, “How do I stay safe on the Black Hat network?” It’s a simple and straightforward question and I always respond with a simple and straightforward answer: “Don’t connect to it.” Read More
How a new breed of hack compromised 2,500 gambling sites at once
Now, new details of the attack are surfacing thanks to work by security researchers Gaby Nakibly, Jaime Schcolnik and Yossi Rubin, which will be presented at the Black Hat conference next month. Read More
Black Hat Brings Hackers, Cybersecurity Experts To Las Vegas
The episode should provide food for thought at the Black Hat cybersecurity conference, which brings together hackers and those who want to stop them. Read More
The Black Hat USA 2016 Conference is fast approaching—bringing scores of new briefings to life. Created nearly 20 years ago, the conference provides InfoSec professionals with a place to gather and learn from the very best. Attendees can learn about the latest risks and trends in the information security world. Read More
At Black Hat: A free tool for spear phishing Twitter
A spear phishing tool to automate the creation of phony tweets - complete with malicious URLs – with messages victims are likely to click on will be released at Black Hat by researchers from ZeroFOX.wrestler windows 10 luchador9 ways to bend Windows 10 to your willCustomize Windows 10 to your liking, not theirs.READ NOW Read More
Black Hat survey reveals critical security concerns facing enterprises
Black Hat has released the results of its 2016: The Rising Tide of Cybersecurity Concern report, revealing some critical concerns about the information security industry and emerging cyber risks faced by today’s enterprises. Read More
Flawed code hooking engines open endpoints to compromise
EnSilo didn’t share any details about the discovered vulnerabilities – the researchers will present them at Black Hat 2016 – but said that most of these could allow an attacker to easily bypass the operating system and third-party exploit mitigations, and the worst ones would allow him to remain undetected on the victim’s machine or to inject code into any process in the system. Read More
Security Product Flaws Allow Attackers to Compromise Systems
enSilo will provide additional details about the vulnerabilities on August 3 at the Black Hat conference in a presentation titled “Captain Hook: Pirating AVs to Bypass Exploit Mitigations.” Read More
Security software that uses 'code hooking' opens the door to hackers
The researchers plan to release technical details of the vulnerabilities during the upcoming Black Hat security conference in Las Vegas in early August. Read More
iOS 9.3.2 Jailbreak Rumors: Pangu Expected To Release Crack Before iOS 10 Launch Date, Possibly At Black Hat USA 2016
As it is, everything lies in Pangu’s hands. It could happen at Black Hat USA 2016, which takes place in Las Vegas from July 30 to Aug. 4. But like most rumors, that is another speculation that adds to the iOS jailbreak wait woes. Read More
Black Hat Attendees Worry about IoT Security — Just Not Right Now
Last year’s survey — the first one Black Hat ever conducted, with 460 respondents — had a similar result, with only 7 percent citing IoT as a top current concern. Read More
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Here's what piques my interest this year. Read More
Experts: UK Driverless Car Consultation Must Consider Hacker Threat
That hack, demonstrated at Black Hat last year, enabled researchers Charlie Miller and Chris Valasek to move laterally inside the embedded computing systems of a 2014 Jeep Cherokee and modify key firmware to remotely control functions such as the steering and brakes. Read More
Dark Reading Launches Best Of Black Hat Awards Program; Finalists Selected
Dark Reading today is announcing the launch of a new annual awards program, the Best of Black Hat Awards, which recognizes innovative companies and business leaders on the conference’s exhibit floor. Read More
Yet another diversity hiring panel, but when will decision makers wake up?
With hacks and cyberattacks in the news daily, everyone's got an eye on our industry. Starting July 30 and running through August 4, everyone will watching the news for reports at cybersecurity conference Black Hat USA 2016. Read More
McGrew over the past few years has been examining vulnerabilities and security weaknesses in penetration testing tools, processes, and practices, and will present his latest findings next month in Las Vegas at Black Hat USA. Read More
Upcoming Black Hat USA talk will highlight vulns in Good Technology platform and discuss the dangers of overreliance on enterprise mobility security suites. Read More
Preparing to attend your first Black Hat conference can feel a little daunting. Between its reputation for having the most hostile network in the world and a dizzying agenda of security’s best and brightest presenting their most newsworthy research, where do you even start? Here is a checklist to help prepare you to get the most out of the festivities. Read More
The concept for the so-called CANSPY auditing tool for cars evolved out of vulnerability assessment work that Jonathan-Christofer Demay and Arnaud Lebrun were doing for a major European carmaker, which they declined to identify. Demay and Lebrun in August will release the tool’s firmware as well as demonstrate CANSPY at Black Hat USA in Las Vegas. Read More
Windows 'BadTunnel' Attack Hijacks Network Traffic
Microsoft this week issued a patch for the so-called “BadTunnel” bug found by Yang Yu, director of Xuanwu Lab of Tencent in Beijing. Yu will detail and demonstrate his findings on the Windows flaw in August at Black Hat USA in Las Vegas in his presentation BadTunnel: How Do I Get Big Brother Power? Read More
Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge?
Kaveh Razavi, one of the Vrije Universiteit researchers, told El Reg: “The previously published Google exploit is very practical. What has not been shown to be practical so far is exploiting Rowhammer 'in the browser', which significantly increases its impact given that every internet user is now a potential target.” Read More
Forbidden attack” makes dozens of HTTPS Visa sites vulnerable to tampering
"This results in catastrophic failure of authenticity, even if a nonce is only re-used a single time and enables us to carry out a practical forgery attack against HTTPS," the researchers wrote in a paper titled Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. The research will also serve as the basis for a briefing scheduled in August at the Black Hat security conference in Las Vegas. Read More
The vulnerability is called SideStepper, according to Check Point Software Technologies, which will demonstrate the vulnerability at Black Hat Asia April 1. Read More
iOS SideStepper Vulnerability Undermines MDM Services: Check Point
Security researchers from Check Point plan to disclose a flaw at the Black Hat Asia conference which they claim endangers the way mobile device management software interacts with iPhones and iPads. Read More
Hackers can abuse the iOS mobile device management protocol to deliver malware
In a presentation at the Black Hat Asia security conference on Friday, researchers from Check Point Software Technologies will demonstrate that the communication between MDM products and iOS devices is susceptible to man-in-the-middle attacks and can be hijacked to install malware on non-jailbroken devices with little user interaction. Read More
Weakness in iOS enterprise hooks could let bad apps sneak in
And new research by Check Point being presented at Black Hat Asia 2016 shows that even with security improvements in iOS 9, attackers can kick that backdoor in by hijacking the enterprise management connection. Read More
Company-Authorized iPhones May Be Vulnerable to Attack
Apple iPhones and iPads running mobile-device-management (MDM) software may be vulnerable to attack, Israeli security firm Check Point plan to demonstrate tomorrow (April 1) at the Black Hat Asia security conference in Singapore. Read More
Billions Of Apple iPhones May Be Vulnerable To Attack: Check Point
Bllions of Apple (AAPL) iPhones and iPads could be exposed in an iOS 9 vulnerability, Check Point Software Technology (CHKP) researchers announced early Thursday, in preparation of presenting their findings at Singapore’s Black Hat Asia 2016 conference late Thursday U.S. time. Read More
Android's unpatched dead device jungle is good for security
But Dai Zovi, who today spoke at the Black Hat Asia conference in Singapore, says this fragmented heterogenous ecosystem brings safety to the un-patched masses because exploiting dangerous vulnerabilities like Stagefright requires tailoring for each device make Read More
Black Hat Asia: Decentralise security, devalue cyberattacks
With billions of Internet of Things (IoT) devices expected to be connected to the web by end-2016, a more appropriate tactic would be required to better combat potential attacks, said Dino Dai Zovi, mobile security lead at Square, during his keynote Thursday at Black Hat Asia 2016 held in Singapore. Read More
Unpatched stealthy iOS MDM hack spells ruin for Apple tech enterprises
Black Hat Asia Enterprises the world over are at risk from a seamless new attack that allows the latest Apple devices to be quietly compromised in what researchers say requires a total overhaul of Cupertino's enterprise provisioning architecture for mobile device management. Read More
There’s a wealth of technical information security conferences all over the globe, but Black Hat USA is the only one that gathers so many of the world’s top researchers under the same roof at the same time. In fact, last year more than 11,000 people showed up in Las Vegas to network and attend 110 research-based briefings presented by more than 190 researchers. Read More
Black Hat Amsterdam: Oil & Gas cyber-vulnerabilities
There is no air gap between IT and OT – that was the key message for oil and gas sector CISOs coming out of the Black Hat Amsterdam talk by Alexander Polyakov and Mathieu Geli. Read More
Black Hat Amsterdam: Oil & Gas cyber-vulnerabilities
There is no air gap between IT and OT – that was the key message for oil and gas sector CISOs coming out of the Black Hat Amsterdam talk by Alexander Polyakov and Mathieu Geli. Read More
If there was a self-help book for the information security community, the title might be: "What Got You Here Won't Get You There." Of course, that title has already been taken - it's the name of Marshall Goldsmith's 2007 business-focused, self-help bestseller - noted Haroon Meer, founder of South African applied research firm Thinkst, during his opening keynote at the Black Hat Europe 2015 briefings Nov. 12 in Amsterdam Read More
Self-encrypting drives are hardly any better than software-based encryption
Daniel Boteanu and Kevvie Fowler from KPMG Canada demonstrated three data recovery methods against laptops using SEDs at the Black Hat Europe security conference in Amsterdam Thursday. Read More
When temperatures plummet, the leaves turn to yellow and red, and a large number of hackers begin flocking to Amsterdam, you know it's time for the annual Black Hat Europe information security conference. Read More
Olivier Boireau, CEO of Design SHIFT, stopped by InformationWeek's San Francisco office last week to demonstrate ORWL (pronounced Orwell), a small, tamper-resistant computer scheduled to ship around May 2016. He visited in advance of a presentation at Black Hat Europe and a Kickstarter funding campaign planned for today. Read More
Cybersecurity Skills Gap: Too Good To Be True For Job Seekers?
New track at Black Hat Europe explores the special challenges of managing an information security career for both job hunters and job hirers. Read More
The Mayo Clinic had assembled an all-star team of about a dozen computer jocks, investigators from some of the biggest cybersecurity firms in the country, as well as the kind of hackers who draw crowds at conferences such as Black Hat and Def Con. Read More
AndroBugs: A Framework For Android Vulnerability Scanning
At Black Hat Europe next week, a researcher will present a framework he says is more systematic than the vulnerability scanners popping up on the market. Read More
How Hackers Can Hack The Oil & Gas Industry Via ERP Systems
Researchers at Black Hat Europe next month will demonstrate how SAP applications can be used as a stepping-stone to sabotage oil & gas processes. Read More
This Next-Gen Stingray Uses Facebook and WhatsApp Messages to Track Users
Researchers will demonstrate a Stingray capable of launching attacks on LTE networks at the t2 infosec conference in Helsinki on Friday, and later at Black Hat Europe. Read More
Europe seeks a few good geeks for hacking cars and homes
More than a few of the presentations at this year's DEFCON and Black Hat security conferences focused on car hacking, which is this year's sexy topic for many. Read More
Cars That Talk to Each Other Are Much Easier to Spy On
Everyone around you can listen to that,” says Jonathan Petit, one of the authors of the study, which will be presented at the Black Hat Europe security conference next month and was first reported by IEEE Spectrum. Read More
In a paper to be presented at the Black Hat Europe security conference in November, he describes being able to place a security vehicle within either the residential or the business zones of the campus with 78 percent accuracy, and even locate it on individual roads 40 percent of the time. Read More
Behind the Scenes / IoT devices vulnerable to cyber-attacks
Every August, Las Vegas is home to two international conferences for hackers, Black Hat and DEF CON. This year, many warned of the vulnerability of the Internet of Things (IoT) (see below) and of potential exploitation of this system by cyberterrorists. By the Tokyo Olympics in 2020, it is estimated that there will be over 25 billion IoT devices worldwide. So what kind of threat does this present, and how are we to combat it? Read More
How to hack self-driving cars with a laser pointer
In a paper due to be presented at Black Hat Europe in November, Petit says a simple $60 "off the shelf" setup including a laser pointer and pulse generator -- or Raspberry Pi, should you prefer -- is all that's needed to send self-driving car sensors haywire. Read More
Hackers can trick self-driving cars into taking evasive action
In the paper, to be presented at November’s Black Hat Europe security conference, Petit describes a system built with off-the-shelf components including a Raspberry Pi or Arduino computer that can effectively spoof the car at a range of up to 100m. Read More
In a paper written while he was a research fellow in the University of Cork’s Computer Security Group and due to be presented at the Black Hat Europe security conference in November, Petit describes a simple setup he designed using a low-power laser and a pulse generator. Read More
Black Hat survey reveals a disconnect between losses and security program focus
The Black Hat study focused on the concerns of practitioners, including how they actually spent their times and the losses that they incurred. Read More
FTC to Black Hat Attendees: Help Us Make Good Tech Policy
Government needs the help of security, privacy, and technology communities to inform policymakers and politicians on technical topics, Ashkan Soltani, chief technologist at the Federal Trade Commission, told Black Hat attendees last week. Read More
DEF CON is often regarded as the zany younger sibling of the Black Hat Briefings, an annual gathering of information security professionals. If Black Hat is the Super Bowl of hacker meet ups, however, DEF CON would be the scrappy, anything-goes tackle game without pads for the people who don’t want to buy the expensive tickets. Black Hat reminds you that hackers are out there; DEF CON insists that they’re coming to get you. Read More
During the first week of August, like-minded individuals converged on Las Vegas to celebrate their shared love of a future deeply imbued with technology and a society improved by science and rational thought. Those people were at the Star Trek convention. A few casinos away, a similar group of people gathered to talk about all the new and exciting ways to steal information and hack into systems. Those people were at Black Hat. Read More
Security researchers and hackers gathered in Las Vegas over the past week to show off and learn about the latest vulnerabilities that affect devices and software that the world relies on every day. Black Hat and DEF CON, the world’s top security conferences, did not disappoint. Read More
FTC: Bridging the divide between hackers and the ‘flip phone caucus’
Ashkan Soltani, chief technologist of the Federal Trade Commission, and commissioner Terrell McSweeny spoke with Passcode while in Las Vegas for the Black Hat and DEF CON hacker conferences. Read More
Black Hat 2015: 5 Takeaways on Mobile App Security
There was a wide spectrum of experts – from hackers to security communities – at the annual Black Hat conference in Las Vegas, concluding last week. The conference always provides a great perspective on the state of security today through technical briefings and hacking workshops, led by the premier minds in the field. Read More
A researcher discovered a zero-day vulnerability inside Intel processors released between 1997 and 2010 that allows attackers to install deeply persistent rootkits, hardware modifications and system destruction, according to a release. Read More
Lesson from Black Hat: Cyber pros far from trusting feds
"I'm from the government and I'm here to help," Alejandro Mayorkas, deputy secretary at the Department of Homeland Security, told hackers and cybersecurity professionals half ironically during a keynote at this year's Black Hat conference. Read More
10-Plus Hot New Security Products Launched At Black Hat 2015
Security vendors took advantage of one of the biggest security conferences of the year to launch some of their hottest new security products. At Black Hat 2015, companies launched new mobile, cloud and endpoint security offerings and formed partnerships with their peers for joint solutions to address some of security's biggest challenges. Read More
By the time I arrived at Defcon—Black Hat’s less mainstream sister conference, attended by die-hard hackers—I was keeping my devices completely off. The two conferences are known for being digitally dangerous. After all, the attendees are all cybersecurity professionals who thrive on the intellectual challenge of hacking. I had taken all of the usual precautions like withdrawing cash before I got to Vegas (so I wouldn't fall prey to compromised ATMs or credit card skimmers), avoiding Wi-Fi, and bringing a laptop that didn't have any personal data on it. I even remembered to put a Ninja Turtles band-aid over the webcam. Read More
I spent all of last week in Las Vegas at Black Hat 2015. I used to pass on Black Hat but no longer – it is a great opportunity for getting into the cybersecurity weeds with the right people who can talk about evasion techniques, malware, threat actors, and vulnerabilities. Alternatively, RSA Security conference conversations tend to center on things like IPOs, market trends, and PowerPoint presentations. Read More
Ten years after the sellout, Black Hat is solidly corporate and that’s fine
Each day's briefings include nine sessions every hour, from 0900 to 1800, so prior planning is essential. Jeff Moss still has the most influence on the keynote speaker however, and this year he picked a doozy – Jennifer Granick, director of civil liberties at the Stanford Center for Internet and Society. Read More
BlackHat 2015: Industrial hacking - the untold story
Hackers have been penetrating industrial control systems of utility companies on a large scale for extortion since at least 2006, she told visitors to BlackHat USA 2015 security conference in Las Vegas. Read More
Speaking at the Black Hat USA conference in Las Vegas recently, Cognosec senior IS auditor Tobias Zillner named the principle security risks in ZigBee implementations, revealed which devices are affected by them and demonstrated practical exploitations of actual product vulnerabilities. Read More
Black Hat Reveals Expanding Threat Landscape, Code Analytics Potential
Black Hat 2015 showed that security technology is better, smarter and faster than ever before, but still one step or more behind the bad guys. Read More
With the trend of hacking Encryption,Certs and Keys; how do you really know who to trust?
Have you ever lost your keys and had that moment of panic where you are not sure who might have them? This is not a good feeling. You do not know if someone has them and might use them to gain access to your things. This is the same feeling that should be running through the minds of every IT security professional right now when they think about their certificates and keys, but sadly this is just not happening. The reason that there is not more concern is that far too many even realize just how vulnerable they are. Read More
Trustwave shows off an impressive copromise of RIG's admin servers at Black Hat 2015
n addition to seeing more than a few products and ideas during Black Hat and DEF CON we also had the chance to see something really cool from the team at Trustwave. This was not a product, but a chance to see the back end of the command and control servers for a new and improved version of the RIG exploit kit. To say that what they showed was impressive is an understatement. Read More
A look inside the hostile, helpful world of hacking conventions
Shortly after lunch on Tuesday, James Cabe and Derek Manky, of cybersecurity company Fortinet, got a call from CenturyLink, an Internet service provider. Amazon had reported an attempted hack, and CenturyLink traced an unusual amount of web traffic aimed at the site back to the Mandalay Bay hotel in Las Vegas, which was hosting the Black Hat conference, an annual congregation of security professionals and professional hackers. Read More
Top Internet lawyer warns Black Hat crowd that the free Internet is dying
The annual Black Hat computer security conference in Las Vegas kicked off Wednesday with a keynote address from Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society. Read More
At the Black Hat security researchers have indicate a problem with TLS certification bodies: The test of who owns a domain, will take place over an unsecured network. This path is vulnerable - for example by means of the routing protocol BGP. Read More
In January OpenSSL released a security update , in which an error has been fixed in a mathematical function. In very rare cases, OpenSSL netted when trying to square a large number. This error in the function BN_sqr () was the occasion for Ralph-Philipp Weinmann to investigate potential vulnerabilities due to incorrect calculations in so-called Bignum functions. At the Black Hat conference in Las Vegas , he presented his results . Read More
Mark Jaycox, legislative analyst at the Electronic Frontier Foundation (EFF) and Jamil Jafger, former Republican Chief Counsel and Senior Advisor, U.S. Senate Committee on Foreign Relations, squared off at Black Hat USA 2015 in a friendly, but sometime lively, debate on the recently passed USA Freedom Act. Read More
The Hip Trend of 2015 Is Designer Government Malware
At the Black Hat conference this week, cybersecurity experts are owning the trend. They’re often the people who discover and publically disclose the malware, and once it’s out in the open, they’re the ones reverse-engineering it, picking it apart, and trying to figure out where it came from. Read More
Black Hat, DefCon Put Car Hacking, Web Privacy on Center Stage
For more than a decade at the Black Hat USA and DefCon security conferences, researchers have studied and hacked computing technology. At the 2015 events held here from Aug. 3 to 9, a key theme was the growing world of the Internet of things, particularly the connected car. A highlight of the Black Hat USA 2015 event was a session detailing how two researchers found flaws that led to the recall of 1.4 million Chrysler vehicles. DefCon housed a whole car hacking village, including real cars like the Tesla that attendees could touch and attempt to hack. Read More
15 Wackiest Sights And Signs From Black Hat USA 2015
With massive marketing budgets and an often quirky sense of humor, security conferences are frequently full of weird and wacky sights and signs. Black Hat USA 2015 was no exception. From celebrity impersonators to magic tricks, video games and more, security vendors were pulling out all the stops to stand out from the rest. Read More
OPM breach a shadow over Homeland Security's appeals to security pros
The Deputy Homeland Security Secretary urged attendees of the Black Hat conference not to let the massive government breach foil plans for improving information sharing about cybersecurity threats between the private sector and the government. Read More
It is easy to grow depressed at Black Hat, the annual gathering of security researchers, corporate information security officers, cybersecurity lawyers, government prosecutors, spooks, weirdos, and hackers in the hellish heat of Las Vegas in August. Read More
Who dismantled modern technology in order to be able to understand the world and so is liable to prosecution. This hacking belongs promoted, says lawyer Jennifer Granick. Read More
At the Black Hat sit this information elites in the audience, sometimes they are even on the stage. The conference is not exclusively but primarily to security companies and authorities, certainly also on law enforcement, intelligence agencies and their subcontractors. The Keynote two years ago about the then NSA director Keith Alexander was allowed to hold. Jennifer Granick belongs rather to the opposite side: As a lawyer, she has hackers as Aaron Swartz and Kevin Poulsen defended. Today, she is Director of Civil Liberties at the Stanford Center for Internet and Society . Read More
At the Black Hat conference Joshua Drake explains the background to the Stagefright vulnerabilities. At least eleven different ways can an Android system attack According to his lecture. Progress is in the Android updates. Read More
OPM Wins Pwnie for Most Epic Fail at Black Hat Awards Show
The annual Pwnie Awards at the Black Hat USA conference here celebrate the best security vulnerabilities found by researchers and also ridicule the worst security responses. The Pwnies are a somewhat satirical event that doesn't take itself all that seriously, but it does represent a snapshot of the year that was in security. Read More
OPM won a cybersecurity award. For ‘most epic FAIL.’
The government agency was "honored" at The Pwnies, a comedic awards show held at the Black Hat USA cybersecurity conference, for breaches that exposed the personal information of tens of millions of current and former federal workers, including the fingerprints of more than a million people who applied for government background checks. Read More
Black Hat USA 2015: Hackers Explain How They Can Take Control Of Vehicles
Ethical hackers Charlie Miller, a security researcher at Twitter, and Chris Valasek, director of vehicle security research at IOActive made news in 2013 after they took control of a Toyota Prius and a Ford Escape. While in control, the duo demonstrated how they could honk the horn, disable the brakes and control the steering wheel. But there was a catch: they needed to physically connect their computers to the vehicles. Read More
OPM wins Pwnie, Google on Android security, DoJ on CFAA: Black Hat 2015 roundup
Black Hat USA is finishing up in Las Vegas. News from its 18th year includes nuclear nightmares, Department of Justice on computer crime and research, Google on the state of Android security and much more. Read More
Jeep hackers: Only a dramatic stunt could force a Chrysler recall ( video)
At this week’s Black Hat security conference, researchers Charlie Miller and Chris Valasek said hacking a reporter’s car on a highway – which some called needlessly reckless – was the only real way to effect change. Read More
Fuel-level monitors of the sort used by many U.S. gas stations may be under attack by hackers in Iran and Syria, two researchers told attendees of the Black Hat security conference here yesterday (Aug. 5). Read More
Black Hat 2015: Honeypots gather data on gas pump monitoring system attacks
The researchers, Kyle Wilhoit and Stephen Hilt, presented their findings at a Wednesday session at Black Hat USA 2015 in Las Vegas. The duo said they were spurred to investigate after identifying an attack against the Guardian AST Monitoring System, which is deployed at gas stations to monitor the volume, temperature, water content and more of underground tanks at gas stations. Read More
Hacker Turns Secure Computers Into Secret-Spewing Radios
Modern technology relies on electricity for everything. But a researcher at Black Hat 2015 demonstrated how to turn electronic devices into secret radio transmitters, thanks to physics. Read More
“Funtenna” software hack turns a laser printer into a covert radio
The result of the work of his research team is Funtenna, a software exploit he demonstrated at Black Hat today that can turn a device with embedded computing power into a radio-based backchannel to broadcast data to an attacker without using Wi-Fi, Bluetooth, or other known (and monitored) wireless communications channels. Read More
Malware Hunter Finds Spyware Used Against Dead Argentine Prosecutor
At the Black Hat security conference in Las Vegas on Wednesday, Marquis-Boire revealed he had personally analyzed a sample of the malware used to spy on Nisman, in a talk he gave alongside fellow malware hunter Marion Marschalek, who recently helped uncover the French malware Babar. Read More
Why Researchers Tricked Hackers into Attacking Fake Gas Pumps
But a fake gas pump set up in DC received a denial of service attack lasting two days. Wilhoit and Hilt saw that the attack traced back to Syrian IP addresses previously associated with the Syrian Electronic Army, the researchers said during their talk at the Black Hat security conference in Las Vegas on Thursday. Read More
Black Hat 2015: IoT devices can become transmitters to steal data
It’s possible to get a printer and other inexpensive network and Internet of Things devices to transmit radio signals that are detectable far enough away that they could be used to steal data from compromised networks, a researcher tells the Black Hat 2015 conference. Read More
Researchers Demo How They Hacked a Jeep Remotely: Black Hat
Every year, there is always one marquee session at the Black Hat USA conference that captures the imagination of the public like no other. At this year's conference here, it was the remote car hacking attack, which led Fiat Chrysler Automobiles (FCA) to recall 1.4 million autos. Read More
Black Hat 2015: Hacker shows how to alter messages on satellite network
Globalstar satellite transmissions used for tracking truck fleets and wilderness hikers can be hacked to alter messages being sent with possibly dire consequences for pilots, shipping lines, war correspondents and businesses that use the system to keep an eye on their remote assets. Read More
Every week, almost every day, hackers are poking holes in the devices we carry, drive and use. Over the past couple of weeks the numbers and severity of the flaws these technical wizards have found have hit fever pitch. Read More
Dream of Internet freedom dying, Black Hat keynoter says
Today the dream of Internet freedom is dying as the global network becomes more centralized, regulated and globalized, according to Jennifer Granick, who delivered the opening keynote Wednesday at the annual Black Hat USA Conference in Las Vegas. Read More
Far from being a place of freedom, innovation and information, the Internet as we know it is dying, Stanford University's Jennifer Granick told a packed house at the Black Hat computer security conference. Read More
Black Hat Keynote Speaker Says Dream of Internet Freedom Is Dying
The annual Black Hat computer security conference in Las Vegas kicked off Wednesday with a keynote address from Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society. Granick said that while the Internet needs to be reasonably safe in order to be functional, it's no longer the revolutionary place it was 20 years ago. Read More
Reporter's Notebook: In Cyber Security, All Eyes on Car Hacking
A few hundred people crowded into an expansive ballroom in Las Vegas are laughing and clapping at a joke I don't get. That happens a lot here. Read More
Black Hat: Hackers urged to protect Internet freedom
Security researchers need to fight for the rights to study, modify and reverse engineer Internet hardware and software or the general population risks losing Internet freedom, the Black Hat 2015 conference was told. Read More
Jeep hackers: Only a dramatic stunt could force a Chrysler recall
But the researchers say the shock value of their demonstration – and added publicity of the Black Hat and DEF CON hacker conferences taking place this week in Las Vegas – was the reason they raised enough awareness of the security weaknesses to spur Fiat Chrysler Automobiles and Sprint Corp. to fix the problem affecting potentially 1.4 million cars and trucks. Read More
In presentations at the Black Hat 2015 conference, demonstrations showed how the rise of the Internet of Things, connected devices, new mobile technologies and other developments have opened up the door to more threats than ever before. Read More
Hacked Cars, Rifles, and More: What to Expect at Black Hat 2015
With data breaches part of the typical news cycle and Edward Snowden now a household name, the general public has a deep interest in digital security. And the biggest show for offensive security is Black Hat, the conference that sees hackers rubbing elbows with industry and government figures to show off the latest hacks, attacks, and vulnerabilities. Read More
Security experts detail Jeep hacking at Black Hat conference
With both Wi-Fi and cellular access vulnerabilities in the 2014 Jeep Cherokee's internal computer system, hacking the car and changing everything from its radio volume to speed could be done in a matter of seconds, speakers at this week's Black Hat conference in Las Vegas said. Read More
A Printer That Sings Your Data for Hackers to Hear
At the Black Hat cybersecurity conference Wednesday, researcher Ang Cui is presenting this “Funtenna” project, which is a proof of concept that an attacker who has compromised an embedded device like a printer can manipulate its hardware through software alone to transmit data over audible sound waves or even the radio spectrum. Read More
At the Black Hat cybersecurity conference on Wednesday, keynote speaker Jennifer Granick had a depressing refrain: “This dream of Internet freedom is dying.” Granick is the director of civil liberties at the Stanford Center for Internet and Society and a defense lawyer often referred to as “the first person that hackers call” when they’re in trouble. And at Black Hat, she was trying to share a reality check with a room full of cybersecurity professionals. Read More
Alien Vault is bringing threat intel to the masses with their latest version of Open Threat Exchange
One of the truths in security is that while an attacker can stay hidden they can continue to operate. In short, if you do not know about something, there is nothing you can do. Now you would think that this fact would encourage firms to talk about breaches and hacks more openly, but this is still not the case. One of the things I have seen over the years is that every company operates as an island. They do not share threat information (they might share your private data, but not threat information). This has created an environment where threat actors can continue to maintain attacks even after discovery at a different It is also why we tend to see the same threat vectors used over and over again. Read More
Black Hat 2015 is underway, and the corporate side of hacking has taken center stage. There are plenty of hot topics this year, but the mess at the OPM is something that is still generating buzz months after the fact. Read More
Consumers are purchasing smartwatches to pair with their mobile devices to track health information, but also to access corporate email, calendar, contacts and corporate apps. This can present a risk to enterprise data leading to possible data loss, but to what extent? Read More
Researchers who planted honeypots posing as gas gauge monitoring systems in the US, Brazil, United Kingdom, Germany, Jordan, Russia, and the United Arab Emirates, say their phony systems were DDoS'ed, defaced, and queried for information by infamous hacktivist groups from Iran and Syria. Read More
Black Hat 2015: Mac OS X malware is mediocre, but could be better
In a jam-packed Wednesday session at Black Hat USA 2015 in Las Vegas, Patrick Wardle, director of research with Synack, explained that the current state of OS X malware is pretty mediocre, but has the potential to be a whole lot better. Read More
How To Turn a Cheap Printer Into A Stealthy Bugging Device
Ang Cui, the chief scientist at Red Balloon Security and a recent PhD graduate from Columbia University, showed me how Funtenna works during a demo at his office in Manhattan a couple of weeks ago. He’s going to present his research at the Black Hat security conference in Las Vegas on Wednesday. Read More
U.S. researchers show computers can be hijacked to send data as sound waves
A team of security researchers has demonstrated the ability to hijack standard equipment inside computers, printers and millions of other devices in order to send information out of an office through sound waves. Read More
Imagine hackers stealing top secret files from a military base. Except they don't need the Internet to pull data out of the facility's computers. Instead, they can just infect an office printer and -- with software alone -- turn it into a radio. Read More
A Printer That Sings Your Data for Hackers to Hear
At the Black Hat cybersecurity conference Wednesday, researcher Ang Cui is presenting this “Funtenna” project, which is a proof of concept that an attacker who has compromised an embedded device like a printer can manipulate its hardware through software alone to transmit data over audible sound waves or even the radio spectrum. Read More
'Funtenna' uses sound waves, radio to hack internet of things
A new hacking technique that uses sound and radio waves can siphon data from devices even without internet access. Showcased at the Black Hat security summit in Las Vegas, the ‘Funtenna’ hack has the potential to unravel the Internet of Things. Read More
Security experts detail Jeep hacking at Black Hat conference
With both Wi-Fi and cellular access vulnerabilities in the 2014 Jeep Cherokee's internal computer system, hacking the car and changing everything from its radio volume to speed could be done in a matter of seconds, speakers at this week's Black Hat conference in Las Vegas said. Read More
Tuesday, at the annual Black Hat conference in Las Vegas, 10,000 security professionals including hackers, security analysts and government agents gathered to discuss the latest cybersecurity vulnerabilities. When it comes to modern American corporations, those working in the industry say the threat from cybercrime is a real and growing risk. Read More
IT security staff have a job for life – possibly a grim, frustrating life
Speaking at the opening of the 18th Black Hat security conference, its founder Jeff Moss warned the assembled throng that while they might have job security, they weren't going to have fun in the next decade. Read More
It’s summer camp for hackers in Las Vegas this week. That’s how event organizers describe three tech conferences — Black Hat USA, DEF CON and B-Sides LV — that are scheduled concurrently each summer. When the hackers are in town, mischief is often close behind. Read More
So says Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and Society, who gave the keynote address at the (somewhat infamous) Black Hat security conference today. Read More
That’s the fear that today Black Hat keynoter Jennifer Granick drilled into an overflowing room, exposing the current landscape of surveillance, censorship and centralized control of content, and the complacency in which society has allowed this to happen. Read More
Keep Dream of a Free and Open Internet Alive, Black Hat Keynoter Urges
Black Hat keynoter Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society, discusses the need for legal and policy change to defend Internet freedom. Read More
Black Hat 2015 Keynote: Security Professionals Need To Stand Up For Open Internet
The Internet was founded on the dream of an open platform with freedom of speech and global communication, but recent changes around regulation, centralization and globalization are threatening that opportunity, Jennifer Granick said in the Wednesday opening keynote at Black Hat 2015 in Las Vegas. Read More
From The Black Hat Keynote Stage: Jennifer Granick
Jennifer Granick, renowned defender of Internet privacy and civil liberties, took to the Black Hat USA keynote stage this morning and told a packed audience to resounding applause that "we have secret laws in this country and that is an abomination in a democratic society." Read More
Top Internet lawyer warns Black Hat crowd that the free Internet is dying
The annual Black Hat computer security conference in Las Vegas kicked off Wednesday with a keynote address from Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society. Read More
Biggest security update in history coming up: Google patches Android hijack bug Stagefright
Black Hat 2015 For those of you worried about the Stagefright flaw in Android, be reassured, a patch will be coming down the line in the next few days. Read More
A panel of influential women in the security industry will share their insights and identify resources for fostering professional development (and recruiting) of women in the field. Read More
A chat with Black Hat's unconventional keynote speaker
The most interesting thing about Black Hat 2015 keynote speaker Jennifer Granick isn't her gender -- though she appears against a backdrop of historically male keynotes. It's that Granick is director of civil liberties at the Stanford Center for Internet and Society. Read More
Hacking cars, power plants and rifles at Black Hat
More than 10,000 computer security professionals, researchers and government workers are expected to attend the conference, which features 290 sessions describing network security flaws, attacks past, present and future, and how to guard against them. Read More
Why This Is the Best Week of the Year for Hackers — and the Scariest for Everyone Else
It can only mean one thing: Las Vegas is about to be taken over by some of the world’s craftiest hackers, in town for the wildest and most terrifying security conference of the year. Read More
Black Hat, DEF CON Founder Offers Insight Into Security Shows, Trends
The Black Hat professional security conference is under way in Las Vegas through Aug. 6, and several thousand software developers, security administrators, vendors, government operatives, analysts and military officials are communing in Sin City to exchange ideas and sip a brew -- or a few. Read More
How experts stay safe at the Black Hat security conference
en and paper instead of a laptop. Cash instead of credit cards. Face-to-face chats instead of cell phones. That's the drill for the most cautious at two big computer security conferences taking place this week in Las Vegas. Read More
Researchers Turn Square Reader Into Credit Card Skimmer in Under 10 Minutes
The three researchers found a way to physically tamper with the device and disable the encryption that normally protects the credit card data being transmitted to the smartphone. (The researchers will show exactly how they did during a talk on Wednesday at the Black Hat security conference in Las Vegas.) Read More
Black Hat: Hackers set sights beyond smart gadgets, targeting sniper rifles, home appliances
Hackers are no longer just breaking into computers; connected devices including cars, home security systems and even sniper rifles are now targets for those looking to steal or cause mischief. Read More
This $1,000 Device Lets Hackers Hijack Satellite Communications
Taking advantage of this flaw, criminal hackers could track and hijack valuable cargo, such as military supplies or cash and gold stored in an armored car, according to Colby Moore, a researcher at security firm Synack, who plans to show off his findings at the upcoming Black Hat security conference. Read More
Mr Moore is planning to release more details about his work at the Black Hat hacker conference in Las Vegas next week. This month has seen the early release of other investigations into the security of cars and Android phones that will also feature at Black Hat. Read More
Satellite Hacking Can Wreak Havoc, Black Hat Talk to Demonstrate
Satellite tracking systems are used for myriad activities, including monitoring the progress of semi-trailers and armored car bank deliveries. In a session at the Black Hat USA conference on Aug. 5 in Las Vegas, Colby Moore, manager of special activities at Synack, will detail security risks in the GlobalStar simplex satcom protocol that could potentially enable attackers to do all manner of malicious things. Read More
This week is hacker week in Las Vegas. The desert playground is hosting three conferences dedicated to computer security - Black Hat USA, Def Con and BSides LV. Read More
Globalstar GPS network (allegedly) vulnerable to hackers
Researcher Colby Moore will be presenting findings related to a security issue with the Globalstar satellite network at Black Hat in Las Vegas next week. The researcher found that devices using the Globalstar network reportedly can be fed false data or have their data transmissions intercepted. Read More
Married Couple Plans to Hack Smart Rifles at Black Hat Conference
At this years Black Hat hacker conference, security researchers, Runa Sandvik and Michael Auger, will demonstrate how they are able to exploit the vulnerabilities of a self-targeting sniper rifle to change the scope’s variables when planning out a shot, and even bricking the rifle altogether. Read More
Researchers at the Black Hat 2015 conference next week will show how to crack Internet routing protocols, malware-detecting honeypots, radio-frequency ID gear that gates building access, and more, but also offer tips on how to avoid becoming victims to their new attacks. Read More
9 Basic Tips For Not Getting Pwned At Blackhat 2015
Honestly, does anyone even say ‘pwned’ anymore? Am I exposing myself even more by putting it into the headline? What I want to provide are some basic tips for anyone heading to Blackhat/Defcon next week in Vegas. Now, most of the actual security folks there will already do this basic stuff and be onto more sophisticated levels of protection. But, it’s important for all of us in the industry (I’m looking at you sales and marketing) that might not have the same technical chops to get prepped before landing in Sin City. Read More
There was the Jeep hack that demonstrated Chrysler cars could be taken over via their infotainment systems, a revelation that led to the recall of 1.4 million vehicles. And another vulnerability exposed in General Motors cars with OnStar. And the scary Stagefright bug that puts 95 percent of all Android smartphones at risk. Read More
Seven Highly Anticipated Talks at Black Hat, DefCon Events
The Black Hat USA 2015 and DefCon 23 security conferences in Las Vegas from Aug. 4 to Aug. 9 will tackle an unmatched range of topics and some excitement—and concern—over the technologies shown to be at risk from hackers. While there are nine concurrent sessions at any given time at the Black Hat USA conference, in any given year, a few key sessions always receive more attention than others. Read More
This $1,000 Device Lets Hackers Hijack Satellite Communications
Taking advantage of this flaw, criminal hackers could track and hijack valuable cargo, such as military supplies or cash and gold stored in an armored car, according to Colby Moore, a researcher at security firm Synack, who plans to show off his findings at the upcoming Black Hat security conference. Read More
Globalstar location-tracking network vulnerable to hacking: researcher
The problem is that unlike Globalstar's satellite phone services, data from the devices is not encrypted in transit, said Synack Inc researcher Colby Moore, who will present his findings at next week's Black Hat security conference in Las Vegas. Read More
Hackers Identify Weak Link in Thousands of Industrial Control Systems
As it turns out, popular network switches made by Siemens, GE, Garrettcom and Opengear, have flaws that make them easy to hack, according to new research by Colin Cassidy, Eireann Leverett, and Lee himself. The three plan to show their findings at the security and hacking conferences Black Hat and Def Con in Las Vegas next week. Read More
5 tips to avoid being victim of 'spot the fed' at Black Hat
Federal employees planning to attend Black Hat 2015 — the annual cybersecurity event bringing together hackers and industry — should be prepared to have their devices tested. Read More
With Black Hat USA 2015 starting in just a few days, we've got a shortlist of the hottest talks slated for this year's largest domestic professional infosec conference. Read More
1,000 self-targeting sniper rifles can be hacked: Nice work, dummies
At the forthcoming Black Hat hacking conference, Runa Sandvik and her husband Michael Auger plan to present the results of a year’s work on exploiting two of the $13,000 self-aiming rifles. Read More
The researchers, married couple Run Sandvik and Michael Auger, plan to present the results at the Black Hat hacker conference in two weeks, but gave Wired magazine a demonstration ahead of time. In the video, you can see the two dial in changes to the scope’s targeting system that sends a bullet straight to their own bullseye instead of the original target. Read More
Hacking a smart sniper rifle can make it fire at the wrong target
According to Wired, the user of the rifle is able to use a smart scope which users laser precision to tell the person firing the gun when they are in line for a perfect shot, but is also Wi-Fi enabled so as to be socially connected and stream footage from the scope to a nearby device. Read More
Scary: Hackers Infiltrate High-Tech Rifle System, Causing Shooters to Miss Targets or Disable It All Together
The hackers, who plan to present some of their findings at the Black Hat security conference in Las Vegas next week, demonstrated to Wired how they were able to “change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing.” Read More
Researchers hack into self-aiming rifle through Wi-Fi
The couple was able to exploit vulnerabilities in the Linux-powered gun's software through its Wi-Fi connection, used to allow users to stream video of a shot to a nearby device. Read More
Hackers Can Disable a Sniper Rifle—Or Change Its Target
At the Black Hat hacker conference in two weeks, security researchers Runa Sandvik and Michael Auger plan to present the results of a year of work hacking a pair of $13,000 TrackingPoint self-aiming rifles. Read More
Researcher to talk at Black Hat on 'scary' area in Android
Drake, co-author of Android Hacker's Handbook, plans to present his research at the Black Hat security conference next month. His talk is titled "Stagefright: Scary Code in the Heart of Android." Read More
Researcher to talk at Black Hat on 'scary' area in Android
Drake, co-author of Android Hacker's Handbook, plans to present his research at the Black Hat security conference next month. His talk is titled "Stagefright: Scary Code in the Heart of Android." Read More
The ‘Extremely Dangerous’ Smartphone Flaw That Can Be ‘Triggered While You Sleep’
Joshua Drake with the mobile security firm Zimperium zLabs discovered the vulnerability he calls “Stagefright,” which he will be presenting at the Black Hat security conference next week. He said if the “Heartbleed” flaw (remember Heartbleed, which exposed bank data, emails and other private info through a flaw in Internet server coding) “sends chill down your spine, this is much worse.” Read More
This $10 Device Lets You Easily Clone Office Access Cards
The two researchers who created BLEkey are Mark Baseggio, from security firm Accuvant, and Eric Evenchick, who works at Faraday Future. They are going to release the device’s designs online after their talk at the Black Hat security conference in Las Vegas next week, where they will also distribute 200 BLEkeys, each worth just $10. Read More
Android Stagefright Flaws Put 950 Million Devices at Risk
Drake estimates that 950 million Android devices could be exposed by the half-dozen bugs and implementation issues he’s expected to detail in a presentation next week during the Black Hat conference in Las Vegas. Read More
Bad News: Security Hole Can Let An Attacker Take Over Your Android Phone With A Single Text
Drake will be speaking about his process for discovering vulnerabilities in Android at the Black Hat InfoSec conference in Las Vegas next week. Read More
Vulnerability in Stagefright could expose 95 percent of Android devices to risk
Zimperium zLabs VP of Platform Research and Exploitation, Joshua J Drake, carried out the research which will be presented at Black Hat USA on August 5. Read More
These Bugs Could Leave 950 Million Android Devices Vulnerable to Hackers
Drake found the bugs in an Android media playback engine called Stagefright, which makes the operating system play popular multimedia files. Drake will reveal all the details of his research at the upcoming Black Hat and Def Con security and hacking conferences in Las Vegas. Read More
Most Android phones can be hacked with a simple MMS message or multimedia file
Drake plans to present more details about the vulnerabilities along with proof-of-concept exploit code at the Black Hat Security conference on Aug. 5. Read More
950 million Android phones can be hijacked by malicious text messages
The vulnerability can be exploited using other attack techniques, including luring targets to malicious websites. Drake will outline six or so additional techniques at next month's Black Hat security conference in Las Vegas, where he's scheduled to deliver a talk titled Stagefright: Scary Code in the Heart of Android. Read More
A Simple MMS Could Be Used To Exploit Android Devices
Drake also shared the patches with other parties including Silent Circle and Mozilla with Mozilla fixing it in Firefox 38. He plans on presenting more details regarding the vulnerabilities and exploits with a proof-of-concept exploit code at the Black Hat Security conference on Aug. 5. Read More
Most Android phones at risk from simple text hack, researcher says
According to Zimperium's blog, it will show exactly how Stagefright works and can be exploited at the Black Hat hacker conference in Las Vegas, which starts August 1. Read More
Researchers have found a new texting vulnerability in Android
Zimperium hasn't released all the details of the attack, pending a more detailed presentation at the Black Hat conference next month, but it appears to target how Android processes video, specifically in the phone's MMS messaging capability. Attackers could exploit that vulnerability sending out malicious code disguised as a video message. Once the exploit takes hold, an attacker would gain the power to execute code remotely, compromising the phone's microphone, cameras, or any number of other core functions. In the most vulnerable cases, a user would not even have to interact with the message in order for the code to execute. Read More
950M phones at risk for ‘Stagefright’ text exploit thanks to Android fragmentation
Well, this isn’t exactly what we expected to wake up to: Joshua Drake of Zimperium zLabs says a simple text message hack could put 950 million Android phones at risk, he said to Forbes, in what could be one of the most serious exploits ever to hit the mobile OS — with only devices running Android 2.2 or older not affected by it. Read More
Major Flaw In Android Phones Would Let Hackers In With Just A Text
"This happens even before the sound that you've received a message has even occurred," says Joshua Drake, security researcher with Zimperium and co-author of Android Hacker's Handbook. "That's what makes it so dangerous. [It] could be absolutely silent. You may not even see anything." Read More
Report: Black Hat Survey Notes Disconnect in IT Spending, Current Threats
A Black Hat survey of information technology security professionals found that IT spending priorities and security tasks at enterprises do not match or keep pace with current threats in the cybersecurity environment, GCN reported Thursday. Read More
Stagefright: It Only Takes One Text To Hack 950 Million Android Phones
Even more information will be made available by Drake, who deserves much credit for his work in finding and fixing the issues from his extraordinary phone lab containing a “Droid Army”, when he explains his findings in full at the Black Hat and Defcon security events taking place in Las Vegas next week. Read More
Hackers and cybersecurity professionals are getting ready for the annual Black Hat convention in Las Vegas next week, which will have plenty for feds to learn and see about the latest intrusion techniques and how to defend against them. Read More
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
The vulnerability was discovered by Joshua J. Drake, vice-president of platform research and exploitation at Zimperium zLabs, who will be presenting his findings at Black Hat Las Vegas next week. Drake actually discovered a variety of implementation issues in Stagefright that could be used to commit of variety of attacks, including denials of service and remote code execution. Read More
When cars are the hackable mobile device: Fiat issues recall on 1.4 million Dodge, Jeep, and Chrysler vehicles
The two hackers plan on publishing their findings and sharing the most of the methodology at the Black Hat conference next month. They have also shared their findings with Fiat so the company could issue a security patch recall to Chrysler vehicles equipped with U-Connect. While Fiat is not a fan of the idea of Miller and Valasek sharing this knowledge with the hacker community, the two defend the action as necessary for peer review, proof of concept, and to bring the issue into the limelight. Read More
Fiat Chrysler Recalls 1.4 Million Vehicles To Make Them Hack-Proof: Is Your Car Safe?
It makes sense that FCA, or Fiat Chrysler Automobiles, would want to quickly patch the issue. Those responsible for the hack have said that they would publish "a portion of their exploit" on the Web, essentially meaning that anyone can access it. This publishing would coincide with a Black Hat security conference, scheduled to take place in August. Read More
They kept the manufacturer, Fiat Chrysler, informed of their project. The somewhat miffed company is offering a software update it says will repel electronic intruders. The hackers, who will describe their project at the Black Hat computer security conference next month, have kept some key details secret. Read More
That wasn’t just hypothetical scenario for a "Wired" magazine journalist two hackers took on a journey that was anything but a joy ride. Though the researchers' work has focused on three brands of vehicles, they are expected to demonstrate at next Saturday’s Black Hat security conference in Las Vegas how they hacked the vehicles via the UConnect infotainment system and, certainly, some other surprises too. Read More
Fiat Chrysler announces recall after hackers gain control of moving car
Still, Fiat Chrysler condemned the duo’s plans to share data about the security flaw in conjunction with their upcoming talk at the Black Hat security conference in Las Vegas next month. The company told Wired that it “appreciates” the hackers’ work, but also said, “Under no circumstances does [Fiat Chrysler] condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.” Read More
Hacking fears make Fiat Chrysler recall 1.4 Million cars
In the meantime, Miller and Valasek are gearing up to disclose findings of their exploit during the Black Hat security conference in Las Vegas on the Internet next month. On the other hand, FCA is requesting its customers to get the software update to avoid hackers from taking over their vehicles. Read More
Now car hackers can bust in through your motor's DAB RADIO
NCC is not saying what infotainment system it hacked or giving details of its attack, which it plans to outline at greater length at the upcoming Black Hat conference in Las Vegas next month. Valasek and Miller also plan to outline their work at Black Hat in a presentation billed as Remote Exploitation of an Unaltered Passenger Vehicle, which is likely to be the hottest ticket in Vegas in a couple of weeks' time Read More
If reading this frightens you, that's precisely the point of the pair's exploits. More specifically, they hope to scare the public and in turn jolt automakers into action on cybersecurity. Their latest publicity stunt is a prelude to presenting their remote hacking research at the Black Hat security conference in Las Vegas next month, without revealing the details to malicious hackers. Miller and Valasek also notified Fiat Chrysler Automobiles months ago so that the automaker could issue a patch for all affected Uconnect systems—as many as 471,000 Chrysler, Dodge, Jeep, and Ram vehicles equipped with the 8.4-inch U-Connect touch-screen system. Read More
A flaw in several Chrysler models lets hackers remotely control them, posing an unprecedented danger for American drivers. Hackers can cut the brakes, shut down the engine, drive it off the road, or make all the electronics go haywire. Read More
Fiat Chrysler Recalling 1.4 Million Autos Over Remote Hacking Fears
Chris Valasek, director of vehicle security research at IOactive, and Charlie Miller, security researcher at Twitter, are the two researchers who were able to hack the Jeep remotely. They are scheduled to provide full details of their exploit at a Black Hat USA session on Aug. 5. Read More
Alleged car hack prompts call for vehicle security act, DMCA exemption
Miller and Valasek, who will not disclose the vulnerable entry point of Uconnect until their scheduled appearance at Black Hat next month, said once their code was written onto the car's entertainment system hardware chip, they could send commands through the car's internal network to physical components. The hack reportedly works on all Chrysler vehicles with Uconnect, including late 2013, all 2014 and early 2015 models. The researchers have not tried the hack on other makes or models, but believe that with some tweaks, the hacks would likely be successful. Read More
Fiat Chrysler recalls 1.4 million vehicles after remote hack
FCA is obviously acting fast to patch the problem, and it's clear why. As Wired details, the hack makes it possible to "kill" the engine, remotely activate or disable the brakes, and keep tabs on a vehicle's Full steering control is currently being worked on. The party responsible for the hack revealed it would "publish a portion of their exploit" openly on the web, timed to coincide with the Black Hat security conference in August. Read More
How Worried Should You Be About Your Car Getting Hacked?
Miller and Valasek plan to release a paper on their work and present it at the Black Hat conference, which focuses on digital security issues, in August. The vulnerability, according to the Wired article where the hack was revealed, is in the Uconnect system used by Fiat Chrysler in several models. The company has released a patch for the vulnerability. Read More
Fiat Pushing For A Software Update After Hackers Take Over Cherokee Jeep
The European automobile manufacturer has responded a day after Wired Magazine published the write-up by Andy Greensberg about his experience when cyber experts Charlie Miller and Chris Valasek were able to infiltrate the car's flawed internet connection and halt its functions from 10 miles away. The two promised to present part of the codes used to compromise the system during this year's Black Hat conference. While Fiat has ensured that the company has not received any reports of the same incidents happening in the real circumstances, this update ought to protect consumers from the possibility. Read More
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it. Read More
Wired reports that Miller and Valasek plan to reveal a portion of their exploit on the Internet next month during the Black Hat security conference in Las Vegas. That said, FCA is urging customers to get the software update to prevent hackers from taking over their vehicles. Read More
A primer on dealing with the media as a hacker, and dealing with hackers as the media
Next month, thousands of hackers will travel to Las Vegas, and hundreds of journalists are going follow them. The adversarial relationship between hackers and the press has existed for years, but there are ways to navigate the playing field and strike a balance. Read More
It's extremely important that everyone at risk protect his vehicles immediately because the researchers plan to unveil the technical details of how they did it at the upcoming Black Hat hacker conference in early August. Read More
At the Black Hat USA conference in Las Vegas next month, researchers will bring to light even more threats lurking in Web infrastructure. Here's a glimpse at what's to come. Read More
Miller and Valasek will present their research at Black Hat U.S.A. 2015, to be held in Las Vegas August 1-4, although they will leave out details of how their attack rewrites the chip's firmware. Read More
Next week at the Black Hat cyber security conference in Las Vegas, Miller and Valasek plan to release the code that gained them access to Greenberg’s Jeep – a move that FCA opposes as dangerous. In the hackers’ view, the release will help automakers gain awareness and skill at blocking intrusions. Read More
Dennis Fisher talks with Chris Valasek of IOActive about the new research he did with Charlie Miller on remotely hacking a Jeep, how the disclosure process worked, what auto makers can do to secure their vehicles’ on-board systems, and how much of a threat these attacks pose to drivers. Read More
Almost half a million late-model Fiat/Chrysler owners are at risk of a remote hacker attack
Or, as Greenberg put it for Wired: “Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect … controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country.” Read More
Hurry up and patch your Chrysler against this wireless hack
Last week Chrysler quietly released a software update for its optional Uconnect in-car entertainment system. And while the official purpose was "to improve vehicle electronic security", Wired reports that the patch is really aimed at fixing a terrifying flaw in the system's security. One that could allow hackers to remotely shut down your vehicle at slow speeds or hijack its steering, brakes, and transmission. Read More
Hackers could take control of your Chrysler without this critical patch
A recent Wired report has highlighted how two hackers were able to wirelessly control a new, unmodified Jeep Cherokee via Uconnect. Charlie Miller and Chris Valasek spent a year writing a software which exploited a vulnerability in the web-connected system, which works with Sprint's cellular network. Miller and Valasek were able to determine the IP address of a car and control all its functions via a remote computer. Read More
Security experts hack into moving car and seize control
Former National Security Agency hacker Charlie Miller, now at Twitter, and IOActive researcher Chris Valasek used a feature in the Fiat Chrysler telematics system Uconnect to break into a car being driven on the highway by a reporter for technology news site Wired.com. Read More
Miller and Valasek plan to reveal more information about how they pulled off the Jeep stunt at the Black Hat conference next month. In the meantime, all they’ve said is that the trick involves using a cellular connection to break into the car’s entertainment system through a feature called UConnect. Read More
At the annual Black Hat and Def Con hacking conferences in Las Vegas in August, Mr. Miller and Mr. Valasek plan to demonstrate how, after two years of research, they have discovered a way to control hundreds of thousands of vehicles remotely. Read More
Patch your Chrysler vehicle before hackers kill you
It took hackers Charlie Miller and Chris Valasek nearly a year to discover and exploit the Uconnect flaw, of which they plan to provide more details at next month's Black Hat security conference in Las Vegas. The flaw let them remotely install a malicious firmware update that gave them control of the vehicle. Read More
Hackers Have the Power to Remotely Hijack Half a Million Chrysler Cars
Longtime car hackers Charlie Miller and Chris Valasek recently demonstrated the dangerous possibilities of the Chrysler exploit to Wired’s Andy Greenberg. Read More
Hackers hijack Jeep’s computer system, crash it from miles away
Unimpressed by the sluggish response, they plan to release their code at the Black Hat hackers convention in August so it can be peer-reviewed. Read More
Chris Valasek (left) and Charlie Miller talk about hacking into vehicle computer systems during the Black Hat USA 2014 hacker conference in Las Vegas last August. Read More
Hack of connected car raises alarm over driver safety
Miller and Valasek, who have been exploring the automobile's growing digital vulnerabilities for a number of years, plan to report most of the details of the hack at Black Hat, the security conference that begins in Las Vegas Aug. 1. They'll leave out enough key elements so other hackers won't be able to replicate their mischief, the magazine reports. Read More
Baby, you can hack my car: researchers take over a Jeep from 10 miles away
The duo previewed their Black Hat talk in a just-published Wired article, in which journalist Andy Greenberg recounts how the hackers wirelessly took control of a Jeep he was driving - from a location 10 miles away. Read More
Survey: Black Hat 2015 attendees most concerned about targeted attacks
In a survey of 460 management and staff security professionals attending the upcoming Black Hat 2015 conference, 57 percent indicated that sophisticated attacks targeted directly at the organization is their greatest concern. Read More
Jeep owners urged to update their cars after hackers take remote control
The hack was demonstrated by Charlie Miller and Chris Valasek, two security researchers who previous demonstrated attacks on a Toyota Prius and a Ford Escape. Using a laptop and a mobile phone on the Sprint network, they took control of a Jeep Cherokee while Wired reporter Andy Greenberg was driving, demonstrating their ability to control it and eventually forcing it into a ditch. Read More
Car-hacking expert urges Jeep owners to install security update
Well, what do you know... no sooner do I publish my article, than Andy Greenberg reveals he has been on another car journey with Charlie Miller and Chris Valasek - this time in a Jeep Cherokee. Read More
The team plans on speaking about their exploit at Black Hat 2015, an event dedicated to software hacks, exploits, and most important of all SECURITY. Read More
Miller and Valasek have kept some of the flaws they uncovered under wraps to prevent copy cats from wreaking havoc on the highway. But they do show in a video that they can effectively zap a car’s transmission or, when it’s moving at slower speeds, its brakes. The two researchers say they will show more details during their talk at the Black Hat hacker conference next month. Read More
Hackers took control of a car and crashed it into a ditch by remotely breaking into its dashboard computer from 10 miles away, while sitting on their sofa. Read More
Hackers have the power to remotely hijack half a million Chrysler cars
Longtime car hackers Charlie Miller and Chris Valasek recently demonstrated the dangerous possibilities of the Chrysler exploit to Wired’s Andy Greenberg. The journalist actually took a Jeep Cherokee onto the highway outside St. Louis, while the hackers took over control of the car. Read More
InfoSec pros spend most time, money on self-inflicted problems
According to a new survey of Black Hat attendees released last week, InfoSec professionals are spending the biggest amount of their time and budgets on security problems created within the organization itself. Read More
From the entry point – which the researchers will reveal during the Black Hat conference in Las Vegas in August – they move to another chip in the car’s head unit. Read More
Hackers Demonstrate Frightening Ability to Control a Jeep: ‘This Is Reality’
Systems like OnStar have already demonstrated the remote ability to shut down cars. Miller and Valasek’s experiment with Greenberg builds on their car hacking expertise from the last couple of years and shows how they could hijack the vehicle wirelessly. Greenberg noted that they plan to report their latest findings at the Black Hat security conference in August. Read More
Watch hackers immobilize a car while it's traveling on a highway
Miller and Valasek are planning to release more information on the exploit they used to perform the hack in accordance with their presentation at the Black Hat security conference in Las Vegas next month. The video shows Greenberg go through this process. Read More
Car hackers urge you to patch your Chrysler, Ram, Durango, or Jeep
A hacker duo pretty much just made the case for going old school and steering clear of "smart" and "connected" vehicles as they remotely attacked one. Charlie Miller and Chris Valasek revealed 20 of the "most hackable" vehicles last year, but this year at Black Hat they will blow people's mind when they present "Remote Exploitation of an Unaltered Passenger Vehicle." Read More
What It’s Like To Be Inside A Car When Hackers Take Control From Miles Away
Miller and Valasek are planning to publish some of their work on the Internet pegged to a talk they’re giving at the upcoming Black Hat security conference. Wired.com says their work on wireless hacking has inspired new legislation from senators Ed Markey and Richard Blumenthal, who are planning to introduce an automotive security bill on Tuesday to set new digital security standards for cars and trucks. Read More
Jeep drivers can be HACKED to DEATH: All you need is the car's IP address
At next month's Black Hat hacking conference in Las Vegas, Charlie Miller and Chris Valasek – a duo who have hacked more cars than Mad Max – will show off an attack on a Jeep Cherokee that enables the remote control of the car's engine, brakes, and minor systems from miles away simply by knowing the car's public IP address. Read More
Patch Your Chrysler Vehicle Now Against a Wireless Hacking Technique
At the Black Hat security conference next month, they plan to publish a portion of that exploit to allow for peer review of their work. They’re also sending a message: “Cars should be secure,” says Miller. “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers.” Read More
Jeep Owners Urged To Update Cars To Stop Hackers Taking Them Off The Road
Thus far they’ve only tested on a Jeep Cherokee, but they believe any Chrysler vehicle with Uconnect manufactured from late 2013, all of 2014, and early 2015 is affected. The long-time car hacking buddies plan to detail their full exploits at the Blackhat security conference in two weeks’ time in Las Vegas. Read More
Hackers Remotely Kill a Jeep on the Highway—With Me in It
A mere two years later, that carjacking has gone wireless. Miller and Valasek plan to publish a portion of their exploit on the Internet, timed to a talk they’re giving at the Black Hat security conference in Las Vegas next month. Read More
This week the folks of Black Hat released the results of a survey of previous conference attendees to get the pulse of the security community on a number of fronts. Particularly illuminating were several of the answers to career-related questions. Read More
Carmakers point out that most of these attacks have required a laptop to be plugged into the vehicle. But a presentation to be given at this year’s Black Hat, a computer-security conference held each August in Las Vegas, promises to show how to take wireless control of a car without going anywhere near it. Read More
Significant gap found between security concerns & IT spend
A new survey has revealed that the majority of organisations are not spending their time, budget, and staffing resources on issues that most security professionals consider to be the greatest threats. Read More
Black Hat Set to Expose More Than 30 Zero-Day Flaws
Over the years, the Black Hat USA security conference has built a reputation around being the place where new security vulnerabilities are disclosed, and 2015 will be no exception. Defensive approaches to security will also be a key theme at the upcoming Black Hat USA 2015 briefings event, which starts Aug. 4. Read More
Black Hat attendee report highlights the mess we're in
Black Hat has released its first-ever attendee research report, highlighting infosec's ongoing hiring crisis and a sector that feels poorly prepared to face current threats. Read More
Black Hat Attendees Fear a Major Breach But Few are Prepared
Almost three quarters of security pros interviewed by Black Hat USA said they think their organization will suffer a breach in the next 12 months, yet just a quarter (27%) feel they’re able to deal with it. Read More
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
According to the 2015 Black Hat Attendee Survey, nearly three quarters (73 percent) of top security professionals think it likely that their organizations will be hit with a major data breach in the next 12 months -- but they won't have enough time, money, or skilled staff to handle the crisis. Read More
This survey asked almost 500 top-tier past attendees of the event what threats they see as most dangerous, both now and in a few years, and broadly returned the result that most sophisticated security professionals say enterprise security priorities don’t address those threats appropriately. Read More
This year’s edition of the world-famous Black Hat USA conference for IT security experts (both the good and sort-of-bad guys) will kick off in about a month, but for the first time ever, the organizers have given us a preview of what’s concerning its attendees with its 2015 Black Hat Attendee Survey: Time to Rethink Enterprise IT Security. Read More
The annual Black Hat information security conference is just a few short weeks away. Security professionals, executives, vendors, and hackers will converge on Las Vegas to learn and share the very latest vulnerabilities, defenses, security holes, and hacking techniques. Read More
Internet Of Things Hacking Village Debuts At DEF CON
Sandvik and security expert Michael Auger next month at Black Hat USA in Las Vegas will reveal their findings of security and privacy vulnerabilities in an interesting and unusual IoT thing: a long-range, precision-guided rifle from TrackingPoint. Read More
What happens in Vegas stays in Vegas. But for newbies, these helpful hints will make sure you get the most out of the Black Hat USA experience. Read More
Social Engineering & Black Hat: Do As I Do Not As I Say
One of the distinctive new features at Black Hat this year is the Career Zone. Last year I noticed that there were many CISOs in the house whose sole purpose of attending was recruiting. Read More
Should security providers be held liable for data breaches?
Black Hat Asia ended with a discussion started by Black Hat founder Jeff Moss on if security providers, should be held liable for data breaches, because of the critical data they claim to "secure". Read More
Chris Thomas of RSA shares his views on hacking incidents in the corporate world
In an exclusive interview at Black Hat Asia 2015, Chris Thomas, Security Analytics and Advanced Security Operations Specialist, Asia Pacific & Japan, RSA speaks to Krishna Bahirwani and shares his thoughts on where organizations are going wrong. Read More
That was what cyber security analyst and penetration tester Daniel Cuthbert did while sitting in at the keynote address at the information security conference Black Hat Asia held in Singapore recently. Read More
According to an INTERPOL cybersecurity leader and a Kaspersky Lab specialist that came from the Research and Innovation unit at INTERPOL’s Global Complex for Innovation, the open space on the blockchain that enabled to public ledge of transactions is the aspect that could be hacked by malware threats. The research was unveiled at the Black Hat Asia 2015 event in Singapore. Read More
Cryptocurrency round-up: Blockchain offers 'safe haven' for child porn and Secret Service scepticism
Christian Karam, a cyberthreat researcher at Interpol's Research and Innovation Sub-Directorate (R&I), told the audience at the Black Hat Asia conference that the blockchain could be used to store malware or illegal content such as child abuse images. Read More
$60 DIY car hacking device is an inexpensive and easy way to hack cars
At the Black Hat Asia security conference, former Tesla intern and embedded systems developer Eric Evenchick released open source Python-based CANard software and CANtact hardware designs that will allow anyone to hack their connected cars. Read More
Mobile banking apps more vulnerable than you think: Researcher
Speaking to Digital News Asia (DNA) on the sidelines of the Black Hat Asia security conference in Singapore, Paul Irolla, an IT engineer working at the ESIEA (C V)^O Lab in France, pointed out that a lot of trust and personal information gets fed into these banking apps. Read More
'Bar Mitzvah attack' should see off ancient and crocked RC4 algo
In a paper Attacking SSL when using RC4 (pdf) written for a presentation given at Black Hat Asia yesterday Mantin describes how attackers can passively sniff SSL connections to pinch data. Read More
Bitcoin's Blockchain Offers Safe Haven For Malware And Child Abuse, Warns Interpol
According to Interpol’s Christian Karam, speaking from the Black Hat Asia conference, it could be abused to store malware control mechanisms or provide access to illicit content such as child abuse images that would be extremely difficult to take down. Read More
Tomorrow at the Black Hat Asia security conference in Singapore, 24-year-old Eric Evenchick plans to present a new device he calls the CANtact. Read More
Evenchick, a freelance embedded systems developer, presented the CANtact device on Thursday at the Black Hat Asia security conference in Singapore, and demonstrated its effectiveness to the audience. Read More
How is your car vulnerable to a cyber attack while driving ?
According to the Black Hat Asia Conference, on Thursday , March 26th, former Telsa software engineer Eric Evenchick planned to showcase an open source tool that makes communication with the Controller Area Network (CAN), which is the protocol used in automobiles. Read More
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications. Read More
At the Black Hat Asia conference in Singapore this week, Eric Evenchick, a hacker and former intern at Tesla, presented an open source toolkit designed to interact with the Controller Area Network (CAN) bus that controls most of the functions in many connected cars. Read More
Tomorrow at the Black Hat Asia security conference in Singapore, 24-year-old Eric Evenchick plans to present a new device he calls the CANtact. Read More
Former Tesla Intern Releases $60 Full Open Source Car Hacking Kit For The Masses
When we speak over encrypted call app RedPhone, he’s stuck in Hong Kong airport waiting for a delayed flight to Singapore, where he’ll announce the open sourcing of the CANard tool during the BlackHat Asia conference. Read More