News & Commentary

Latest Content tagged with Black Hat
Page 1 / 2   >   >>
New Security Woes for Popular IoT Protocols
News  |  10/18/2018  | 
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training
News  |  10/15/2018  | 
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
How Secure are our Voting Systems for November 2018?
How Secure are our Voting Systems for November 2018?
Dark Reading Videos  |  9/14/2018  | 
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.
4 Practical Measures to Improve Election Security Now
Commentary  |  9/11/2018  | 
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
Lessons From the Black Hat USA NOC
Commentary  |  8/30/2018  | 
The conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Dark Reading Videos  |  8/29/2018  | 
Although WebAssembly technology promises both better performance and better security to developers, it also creates a new risk for native exploits in the browser.
Researcher Cracks San Francisco's Emergency Siren System
Researcher Cracks San Francisco's Emergency Siren System
Dark Reading Videos  |  8/24/2018  | 
Bastille researcher Balint Seeber discusses the process of creating SirenJack and cracking one of a city's critical safety systems.
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
Dark Reading Videos  |  8/22/2018  | 
University of Copenhagen associate professor discusses what he found when he dug into some decommissioned WinVote voting machines.
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Videos  |  8/20/2018  | 
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
How Better Intel Can Reduce, Prevent Payment Card Fraud
How Better Intel Can Reduce, Prevent Payment Card Fraud
Dark Reading Videos  |  8/20/2018  | 
Royal Bank of Canada machine learning researcher and Terbium Labs chief scientist discuss how they use intelligence about the carding market to predict the next payment card fraud victims.
Malicious Cryptomining & Other Shifting Threats
Malicious Cryptomining & Other Shifting Threats
Dark Reading Videos  |  8/17/2018  | 
Skybox Security CMO Michelle Johnson Cobb discloses research results that include a spike in malicious cryptomining during Bitcoins peak, a shift to outside-the-perimeter mobile threats, and more.
The Economics of AI-Enabled Security
The Economics of AI-Enabled Security
Dark Reading Videos  |  8/17/2018  | 
While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.
Using Threat Deception on Malicious Insiders
Using Threat Deception on Malicious Insiders
Dark Reading Videos  |  8/17/2018  | 
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
Filtering the Threat Intelligence Tsunami
Filtering the Threat Intelligence Tsunami
Dark Reading Videos  |  8/17/2018  | 
Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.
Ensuring Web Applications Are Hardened, Secure
Ensuring Web Applications Are Hardened, Secure
Dark Reading Videos  |  8/17/2018  | 
Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.
Supplementing the SOC with Cyber-as-a-Service
Supplementing the SOC with Cyber-as-a-Service
Dark Reading Videos  |  8/17/2018  | 
Raytheon Cyber Protection Solutions CTO Mark Orlando suggests under-resourced SOCs enhance their effectiveness at-scale by tapping the advanced cyber defense automation his company has developed.
Assessing & Mitigating Increased Exposure to Third-Party Risk
Assessing & Mitigating Increased Exposure to Third-Party Risk
Dark Reading Videos  |  8/17/2018  | 
As we increasingly connect with each other digitally, CyberGRX CRO Scott Schneider believes we need to be much more diligent about sharing validated insight into the infosec maturity of our organizations.
Leveraging the Power of your End-Users Human Cognition
Leveraging the Power of your End-Users Human Cognition
Dark Reading Videos  |  8/17/2018  | 
Cofense CEO Rohyt Belani makes a case for more aggressively leveraging the unique ability of your most perceptive and well-trained end-users to help you more quickly spot and stop email threats.
How Orchestration, Automation Help SOCs Do More With Less
How Orchestration, Automation Help SOCs Do More With Less
Dark Reading Videos  |  8/17/2018  | 
Splunks Haiyan Song and Oliver Friedrichs - co-founder of recently acquired Phantom - explain how security orchestration, automation, and response (SOAR) can empower SOCs to do more with less.
Simplifying Defense Across the MITRE ATT&CK Matrix
Simplifying Defense Across the MITRE ATT&CK Matrix
Dark Reading Videos  |  8/17/2018  | 
Endgames Mark Dufresne says SOCs can achieve better results within their existing staff and budget constraints with AI- and visualization-empowered, unified defense across the MITRE ATT&CK matrix.
The Rise of Bespoke Ransomware
The Rise of Bespoke Ransomware
Dark Reading Videos  |  8/17/2018  | 
Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.
Miller & Valasek: Security Stakes Higher for Autonomous Vehicles
News  |  8/15/2018  | 
Car hacking specialists shift gears and work on car defense in their latest gigs - at GM subsidiary Cruise Automation.
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Slideshows  |  8/15/2018  | 
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
New PHP Exploit Chain Highlights Dangers of Deserialization
News  |  8/15/2018  | 
PHP unserialization can be triggered by other vulnerabilities previously considered low-risk.
Hacker Unlocks 'God Mode' and Shares the 'Key'
News  |  8/13/2018  | 
At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.
NSA Brings Nation-State Details to DEF CON
News  |  8/10/2018  | 
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships
News  |  8/9/2018  | 
Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network and other findings at Black Hat USA today.
Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft
News  |  8/9/2018  | 
A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.
Dark Reading News Desk Live at Black Hat USA 2018
News  |  8/9/2018  | 
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
No, The Mafia Doesn't Own Cybercrime: Study
News  |  8/8/2018  | 
Organized crime does, however, sometimes provide money-laundering and other expertise to cybercriminals.
Researchers Release Free TRITON/TRISIS Malware Detection Tools
News  |  8/8/2018  | 
Team of experts re-creates the TRITON/TRISIS attack to better understand the epic hack of an energy plant that ultimately failed.
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
News  |  8/8/2018  | 
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
Understanding Firewalls: Build Them Up, Tear Them Down
News  |  8/8/2018  | 
A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
Spot the Bot: Researchers Open-Source Tools to Hunt Twitter Bots
News  |  8/6/2018  | 
Their goal? To create a means of differentiating legitimate from automated accounts and detail the process so other researchers can replicate it.
Google Researcher Unpacks Rare Android Malware Obfuscation Library
News  |  8/1/2018  | 
Analysis exposes the lengths malware authors will go to in order to protect their code from disassembly and reverse engineering.
10 More Women in Security You May Not Know But Should
Slideshows  |  7/31/2018  | 
The second installment in a series highlighting women who are driving change in cybersecurity but may not be on your radar yet.
Automating Kernel Exploitation for Better Flaw Remediation
News  |  7/27/2018  | 
Black Hat researchers plan on open sourcing a new framework they say can help organizations get a better rein on vulnerability fixes for kernel bugs.
Stealth Mango Proves Malware Success Doesn't Require Advanced Tech
News  |  7/26/2018  | 
At Black Hat USA, a pair of researchers will show how unsophisticated software can still be part of a successful surveillance campaign.
The ABCs of Hacking a Voting Machine
News  |  7/25/2018  | 
A hacker who successfully infiltrated a voting machine at last year's DEF CON will demonstrate at Black Hat USA how he did it, as well as what he later found stored on other decommissioned WinVote machines.
Iranian Hacker Group Waging Widespread Espionage Campaign in Middle East
News  |  7/25/2018  | 
Unlike other threat actors that have a narrow set of targets, Leafminer has over 800 organizations in its sights, Symantec says.
Software is Achilles Heel of Hardware Cryptocurrency Wallets
News  |  7/23/2018  | 
Upcoming Black Hat talk will detail software vulnerabilities that can put private cryptocurrency wallets and currency exchange services at risk.
8 Big Processor Vulnerabilities in 2018
Slideshows  |  7/13/2018  | 
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
Microsoft July Security Updates Mostly Browser-Related
News  |  7/10/2018  | 
Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
Trading Platforms Riddled With Severe Flaws
News  |  7/6/2018  | 
In spite of routing trillions of dollars of stock and commodity trades every day, financial cousins to online banking applications are written very insecurely.
6 Drivers of Mental and Emotional Stress in Infosec
Slideshows  |  7/2/2018  | 
Pressure comes in many forms but often with the same end result: stress and burnout within the security community.
Natural Language Processing Fights Social Engineers
News  |  6/29/2018  | 
Instead of trying to detect social engineering attacks based on a subject line or URL, a new tool conducts semantic analysis of text to determine malicious intent.
Black Hat Survey: Enterprise Tech, US Government Unprepared for Cyberattacks
News  |  6/26/2018  | 
The 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure.
Cracking Cortana: The Dangers of Flawed Voice Assistants
News  |  6/22/2018  | 
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
Demystifying Mental Health in the Infosec Community
News  |  6/14/2018  | 
Security experts talk about burnout, diversity, mental health, and legal issues in a new Community track at Black Hat USA.
New Hack Weaponizes the Web Cache
News  |  6/12/2018  | 
Researcher exploits design flaws in Web caching to take control of popular websites, frameworks and the Mozilla Firefox browser infrastructure.
Page 1 / 2   >   >>


12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.