Risk
6/12/2012
04:59 PM
Connect Directly
RSS
E-Mail
50%
50%

Black Hat USA 2012: Complete Coverage

A round-up of articles leading up to and live coverage from Black Hat USA 2012, July 21-26, Las Vegas

>> Slide Show: Memorable Moments From Black Hat 2012
A look at some of the demos, hacks, awards, and parties at this year's Black Hat USA 2012 convention

>> Top 3 HTML5 Vulnerability Risk Categories
Forrester urges HTML5 adoption, but security researchers say secure coding should be in place from the start

>> Study: Phishing Messages Elude Filters, Frequently Hit Untrained Users
Many users don't know how to respond to fraudulent email, according to survey of Black Hat attendees

>> Slide Show: 11 Security Sights Seen Only At Black Hat
Who says fun, sun, malware, and penetration testing don't mix? This year's Black Hat conference in Las Vegas offered information security training, hardware hacking, pool time, and more

>> Study: Phishing Messages Elude Filters, Frequently Hit Untrained Users
Many users don't know how to respond to fraudulent email, according to survey of Black Hat attendees

>> Tech Insight: Offensive Countermeasures Help Defenders Fight Back
Defenders desperate to prevent attacks have begun taking measures to fight back against the attackers

>> Don't Become Cats Chasing Mobile Security Laser Pointers
Mobile security threats may pose some risks, but do a risk analysis on the entire situation before diverting funds to fundamental security activities

>> Scope Of APTs More Widespread Than Thought
Researcher uncovers hundreds of different custom malware families used by cyberspies -- and discovers an Asian security company conducting cyberespionage

>> Hacking Oracle Database Indexes
Database indexes the new "low-hanging" fruit for database vulnerabilities

>> Black Hat: Researcher Demonstrates Hardware Backdoor
One security professional shows off techniques for backdooring computer hardware to allow a compromise to better hide and be more persistent

>> More Than Half Of Top 20 Fortune 500 Firms Infected With 'Gameover' Zeus Botnet
Financial botnet has amassed some 680,000 bots

>> Hiding SAP Attacks In Plain Sight
Black Hat presenter uses test service and server-side request forgery to root SAP deployments

>> Web Browser Weaknesses Make Tracking Easy
Researcher kicks off effort to catalog all the ways that browsers and popular add-ons can be used to track users

>> Strike Back At Hackers? Get A Lawyer
Don't risk legal troubles. Get advice before taking the offensive against cybercriminals, military security expert says at Black Hat

>> Mass Router Infection Possible: Black Hat
Black Hat presenters detail how an HTML5-compliant browser could deliver malicious firmware, bring network-connected hardware under attackers' control

>> JavaScript Botnet Sheds Light On Criminal Activity
A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals

>> More Than Half Of Major Banks Infected With Conficker, Zeus, Fake AV, Other Malware
Most users infected with malware suffer reinfection

>> Apple Makes Black Hat Debut
But presentation by Apple security team member doesn't reveal any new security details or plans for iOS

>> Black Hat Attendees Expect Changes At Symantec Following Salem's Departure
General consensus is that the Cupertino, Calif.-based company now stands at a crossroads

>> FAA's New Flight Control System Has Security Holes: Researcher
At the Black Hat conference, a computer scientist demonstrates how 'fake airplanes' can be inserted into FAA's upcoming air traffic control system

>> Simplifying SQL Injection Detection
Black Hat researcher releases new lexical analysis tool that doesn't rely on regular expressions

>> Android Takeover With The Swipe Of A Smartphone
Security researcher discovers near-field communication (NFC) is a greenfield of security risks

>> Black Hat: 6 Lessons To Tighten Enterprise Security
Opening the Black Hat conference, former FBI executive assistant director says businesses can learn from how the FBI now fights terrorists

>> Microsoft Adds BlueHat Prize Finalist's Technology To Its Free Toolkit
New security defense method may or may not end up the grand-prize winner of the contest

>> Impersonating Microsoft Exchange Servers To Manipulate Mobile Devices
Black Hat researcher demonstrates mobile man-in-the-middle proof-of-concept attack that allows for unauthorized remote wipes

>> Free Advanced Evasion Technique Tool Unleashed
'Evader' to demonstrate how attacks slip by popular network security devices

>> Black Hat, BSides, Def Con: Defenders Take Note
Summer security conferences include defense-related topics on top of the usual offensive fare

>> Black Hat Goes Back To The Future
Five speakers who spoke at the first Black Hat conference will appear together on a panel titled 'Smashing the Future for Fun and Profit' on Wednesday

>> Black Hat Researcher Finds Holes In ARM, x86, Embedded Systems
Black Hat session aims to expose sometimes shocking vulnerabilities in widely used products

>> Dark Reading, Black Hat Partner To Produce Daily Conference Newsletter
Dark Reading newsletter subscribers, conference attendees will receive three days of Black Hat show coverage

>> DARPA-Funded Service Seeks Flaws In Smartphones
The brainchild of start-up Duo Security, the X-Ray service will let users know if their smartphone has vulnerable systems software

>> Using Chip Malfunction To Leak Private Keys
Black Hat researcher shows attackers could manipulate Linux machines running Open SSL and RSA authentication to gain access to encryption keys for spoofing

>> Black Hat: The Phishing Scare That Wasn't
Email glitch causes concern among security pros attending major industry event, but ends with humor

>> Smart Grid Researcher Releases Open Source Meter-Hacking Tool
'Termineter' unleashed prior to presentations on smart meter security next week at BSides, Black Hat USA

>> Black Hat Marks 15th Anniversary By Bringing Back Experts Who Presented 15 Years Ago
Black Hat "futurist panel" brings together these industry veterans to discuss today's cutting-edge research and emergent technologies

>> Will Advanced Attackers Laugh At Your WAF?
Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses

>> 'Waldo' Finds Ways To Abuse HTML5 WebSockets
Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic

>> Black Hat Researcher: Rethink And Refine Your IDS
Attackers routinely go unnoticed, both because intrusion detection systems are failing to do their job and because security teams need to rethink how they use them

>> Crimeware Developers Shift To More Obfuscation, Java Exploits
After making their code harder to reverse-engineer, exploit kits are now focusing on improving attacks

>> Stealing Documents Through Social Media Image-Sharing
Innocent-looking vacation pictures on Facebook could conceivably traffic exfiltrated documents, Black Hat researchers warn

>> Apple 'Ban' Gives Miller Time To Hack Other Things
Charlie Miller reflects on how his NSA chops were a natural progression to Apple hacking, how hard hacking has become -- and his obsession with reality TV shows about stage moms

>> 'Clonewise' Security Service Helps Identify Vulnerable Code
Researcher at Black Hat to demonstrate service that can help find vulnerable libraries built into larger bodies of code

>> Black Hat: Hacking iOS Applications Under The Spotlight
Security researcher Jonathan Zdziarski will demonstrate some of the techniques cybercrooks use in the wild, and what developers can do about them

>> Seemingly Insignificant SQL Injections Lead To Rooted Routers
Black Hat researcher to show how vulnerable databases with temporary router information can lead to root-level access of Netgear routers

>> Researchers Use Cloud To Clear Up Malware Evasion
An analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware

>> Black Hat: Developer Aims To Make Attack Recovery More Intelligent
One company uses threat information, virtualization and analysis to build a better way to disinfect compromised systems

>> PIN Pads Put Millions At Risk, Researchers Say
Payment terminals handled more than 852 million card payments in the U.K. alone in April 2012

>> New Forensics Method May Nab Insider Thieves
Black Hat presentation features a new methodology that has already produced real-world results

>> Researchers Beat Up Google's Bouncer
The gatekeeper for the Android app store has major growing pains ahead, as security researchers find ways to bypass it

>> Broader Digital Landscape Means More Places To Hide
With IPv6, a deluge of new top-level domains, and DNSSEC all coming, the Internet will become a much bigger place. Defenses that worked in the past won't work in the future

>> Advanced JavaScript Attack Threatens SOHO Routers
Using JavaScript and cross-site request forgery, two researchers plan to show it's possible to attack routers leveraging computers on the internal network

>> Black Hat Releases Complete Event Schedule
Among the news breaking will be 36 tools, 17 0-days, and 49 live on-stage demonstrations

>> Malware 'Licensing' Could Stymie Automated Analysis
The use of encryption and digital-rights management techniques by the authors of malicious code could make automated analysis of malware take longer and require human intervention more often

>> Security Teams Need Better Intel, More Offense
Adversaries go through five steps to prepare and execute an attack, but defenders only react to the last two steps. It's time for defenders to add intelligence gathering, counterintel, and even offense to the game, security experts say

>> Black Hat Expands Content Review Board
Chris Rohlf and Chris Wysopal join board

>> Register For Black Hat 2012 Here

>> Black Hat USA 2011: Complete Coverage

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.