Risk

7/23/2010
04:56 PM
50%
50%

Black Hat USA 2010: Complete Coverage

A round-up of articles leading up to and live coverage from Black Hat USA 2010, July 24 to 29, Las Vegas

>> Building Botnets For Fun And Profit
Creating a botnet business can be lucrative -- and isn't as hard as you might think, Black Hat speaker says

>> Ghost In The Machine: Database Weaknesses Expose SAP Deployments
Attacker can create a nearly undetectable user account in SAP once he gains unauthorized access, Black Hat USA researcher says

>> Researcher Reads RFID Tag From Hundreds Of Feet Away
Demonstration raises privacy and security concerns with RFID EPC Class 1 Generation 2 used in some passport cards, inventory tags, and driver's licenses

>> Metasploit To Get More Powerful Web Attack Features
Rapid7 sponsors open-source w3af Web assessment and exploit project

>> Design Flaws Make All Browsers Vulnerable, Black Hat Speaker Says
In series of hacks, researcher demonstrates inherent flaws in currently used browsers

>> Most SSL Sites Poorly Configured
Half of all SSL servers run older, insecure version of SSL; attacks against HTTPS browser sessions detailed at Black Hat

>> Former NSA, CIA Director Says Intelligence-Gathering Isn't Cyberwar
Efforts to crack U.S. cyberdefenses are standard operating procedure, Hayden tells Black Hat audience

>> New Tool Allows Websites To Keep Serving Pages After Infection
"Mod_antimalware" strips out malware instead of blocking infected pages, Black Hat presenter says

>> Adobe Joins Microsoft's Advance-Alert Program For Security Vendors
Microsoft's MAPP program will now include advance information on Adobe product vulnerabilities

>> Malware Authors Leave Their Fingerprints On Their Work, Black Hat Researcher Says
Careful study of malware can help experts recognize its source and protect against it

>> ATMs At Risk, Researcher Warns At Black Hat
Barnaby Jack demonstrates remote and local exploits that work on popular bank machines

>> Researcher Exposes Massive Automated Check Counterfeiting Operation Out of Russia
'Big Boss' operation used VPN-tunneling botnet, Zeus Trojan, database-hacking, and money mules to help print and cash phony checks

>> 'App Genome Project' Exposes Potential Smartphone Risks
Researchers from Lookout will present their findings thus far in study of freebie Android, iPhone apps

>> Security Pros Feel Underpaid, But In Some Cases Would Take A Pay Cut
New survey shows value IT security professionals place on job security, training, quality of life; authors to discuss career issues at Black Hat

>> Researcher Says Home Routers Are Vulnerable
Black Hat presentation will demonstrate hacks that could work on many existing routers

>> Researcher 'Fingerprints' The Bad Guys Behind The Malware
Black Hat USA researcher will demonstrate how to find clues to help ID actual attackers, plans to release free fingerprinting tool

>> 'Robin Sage' Profile Duped Military Intelligence, IT Security Pros
Social networking experiment of phony female military intelligence profile fooled even the most security-savvy on LinkedIn, Facebook, Twitter -- and also led to the leakage of sensitive military information

>> 'BlindElephant' To ID Outdated Or Unknown Web Apps, Plug-Ins
New freebie tool fingerprints out-of-date apps

>> SAP, Other ERP Applications At Risk Of Targeted Attacks
Black Hat Europe researcher demonstrates techniques for inserting 'backdoors' into popular enterprise resource planning apps that aren't properly secured

>> New Hack Pinpoints Cell Phone User's Location, Personal And Business Relationships
Researchers demonstrate a technique that exploits the cell phone infrastructure to compromise cell user's privacy

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8354
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
CVE-2019-8355
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.
CVE-2019-8356
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
CVE-2019-8357
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
CVE-2013-2516
PUBLISHED: 2019-02-15
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.