Vulnerabilities / Threats
5/27/2013
08:48 PM
50%
50%

Black Hat USA 2013: Complete Coverage

Articles leading up to, live coverage from, and post-event analysis of Black Hat USA 2013, July 27 - Aug. 1

>> Can We End CSRF With Header-Based Browser Policies?
Newly proposed Storage Origin Security (SOS) policy presented at Black Hat could offer a simpler way to combat cross-site request forgery

>> Attackers' Toolbox Makes Malware Detection More Difficult
From virtual-machine detection to taking a 30-minute nap, the array of techniques used by attackers to stymie malware analysis is growing

>> A New Framework For Detecting Advanced Rootkits
Last week the security community gained another way to help secure endpoints as researchers released a new framework meant to root out rootkits in UEFI

>> Black Hat: The Problems Don't Change, But The Solutions Have (Blog)
An increase in attacker capabilities has drawn an innovative response from industry, and emerging research promises more to come

>> Maltego Gets More 'Teeth'
New features in Maltego, an open-source intelligence tool for defenders, allow penetration testers and attackers to gather data on vulnerable systems and manage botnets

>> Timing Attacks On Browsers Leak Sensitive Information
Variations in the redraw times of graphical elements could allow an attacker to see sites a user has visited, sensitive information

>> Black Hat: Moving Security Outside The Lines (Blog)
Enterprises clearly define security's responsibilities; attackers don't. It's time to think more like the attacker

>> Medical-Device Flaws Will Take Time To Heal
Manufacturers are slow to patch up security issues, despite increasing pressure from patients, researchers and federal agencies

>> Slide Show: The Sights Of Black Hat
A photo recap of a week of research, crowds and parties at Black Hat USA 2013

>> Black Hat: Lessons For SMBs From The Dark Side Of Security
Issues affecting large enterprises are the bread and butter of Black Hat, but even smaller firms have something to learn

>> Cutting Through The Mystique Of Testing The Mainframe
Mainframes are not enterprise dinosaurs -- they're modern systems running mission critical data that must be scrutinized as much as any other part of the IT infrastructure

>> Water-Utility Honeynet Illuminates Real-World SCADA Threats
After a researcher constructs a fake water-utility network and puts it online, attackers quickly target the systems

>> Too Smart For Their Own Good: Attacking Smart TVs
Black Hat researchers show how the watchers can become the watched through smart TV attack techniques

>> SCADA Experts Simulate 'Catastrophic' Attack
Lack of security in remote oil drilling stations and other similar environments vulnerable to rudimentary but potentially disastrous attacks

>> 'Comfoo' APT Cyberespionage Campaign Exposed
Trojan used in the breach of RSA in 2010 remains active and prolific in targeted attacks

>> iOS Weaknesses Allow Compromise Via Trojan Chargers
Using weaknesses in Apple's flagship operating system, a simple computer disguised as a charging station can pair with, and then install malware on, any iPhone or iPad that connects to it

>> Creating Browser-Based Botnets Through Online Ad Networks
Researchers demonstrate how ads invoking JavaScript on viewers' browsers en masse could create untraceable networks to wreak DDoS damage

>> NSA Director Faces Cybersecurity Community At Black Hat
Gen. Keith Alexander aims to set the record straight on controversial NSA spying programs, calling out how leaked surveillance programs helped derail specific terror plots

>> New Free Service Cracks Weak Passwords
Cloud-based tool released for password auditing

>> Microsoft Extends MAPP To Incident Responders And Offers Free Online URL, File Scanner
Microsoft Active Protections Program evolving to a protection, detection, and remediation program

>> Cheap Monitoring Highlights Dangers Of Internet Of Things
Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices

>> Moving Away From Rash Hashing Decisions
Black Hat talk will discuss shortcomings of the latest technical evolution of hashing passwords for safe storage in databases, propose a competition to design something better

>> Getting Physical At Black Hat
Researchers offer up work on breaking into buildings by hacking alarm key pad sensors and key card access control systems

>> SIM Card Hack A Wakeup Call
Crack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone

>> 3 Briefings That Highlight Infosec's High-Stakes Game
Spectacular exploits and worrying implications await

>> 'Hangover' Persists, More Mac Malware Found
Attackers behind the Operation Hangover cyberspying campaign out of India found dropping OS X malware, covering their tracks online

>> Researchers To Highlight Weaknesses In Secure Mobile Data Stores
At Black Hat USA, a team of mobile-security researchers plans to show off ways to circumvent the security of encrypted containers meant to protect data on mobile devices

>> Service, Denied
Black Hat USA 2013 has lined up three DDoS-related Briefings, covering the topic from multiple angles

>> 'Tortilla' Spices Up Active Defense Ops
New free Tor tool due out at Black Hat USA aims to make the Tor anonymizing network easier to use for all types of intel-gathering

>> How Attackers Thwart Malware Investigation
A researcher at Black Hat USA this month will dissect a recent attack, showing off attackers' techniques for making malware analysis harder and intelligence gathering more time consuming

>> Commercial DDoS Services Proliferate, Are Responsible For Many Recent Attacks
Customers can DDoS a website for as little as $10, Vigilant by Deloitte speaker will tell Black Hat audience

>> Preparing For Possible Future Crypto Attacks
Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure

>> New Techniques Obfuscate, Optimize SQL Injection Attacks
Black Hat researcher to demonstrate new methods for getting around defenses even more quickly to extract database data through SQLi

>> HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft
Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds

>> Machine-Learning Project Sifts Through Big Security Data
As the volume of data created by security and network devices multiplies, researchers look for ways to teach computer to better highlight attack patterns

>> 3 Stupid Corporation Tricks
With exactly one month to go before the start of Black Hat USA 2013, we highlight a trio of Briefings that focus on data security in corporate environments.

>> Black Hat Releases Official Schedule
With 110 unique Briefings and workshops, Black Hat USA boasts nearly 94 hours of high-intensity research and vulnerability disclosure

>> 'BinaryPig' Uses Hadoop To Sniff Out Patterns In Malware
At Black Hat next month, researchers will release new set of big-data tools that can find patterns in the data among security firms' massive databases of malware

>> Researcher To Demo Spy-Phone At Black Hat
Using the ability to inject malicious code into applications on Android devices, a researcher will demonstrate at Black Hat how to create the infrastructure to spy on mobile users

>> Vulnerability Severity Scores Make For Poor Patching Priority, Researchers Find
A bug's Common Vulnerability Scoring System (CVSS) score doesn't necessarily correlate with whether the vulnerability is being used in attacks

>> Black Hat USA: T-Minus One Month And Counting
This highlighted trio of Briefings range widely in topic, yet they all sport that certain cool factor

>> Microsoft Establishes Rewards Programs For Windows 8.1, Internet Explorer 11 Preview Security Bugs
Microsoft is launching new programs to get its hands on cutting-edge exploits developed by researchers

>> Researcher To Open-Source Tools For Finding Odd Authentication Behavior
Rather than watching for communications between infected systems and command-and-control servers, companies can detect stealthy malware when it attempts to spread

>> Black Hat USA 2013 Reveals Turbo Talks On Top Topics
High-speed sessions will focus on content from almost every corner of security space

>> Don't Take Vulnerability Counts At Face Value
With flaw tallies varying by up to 75 percent, vulnerability data needs to be taken with a grain of salt, yet reports based on the data fail to include caveats, Black Hat presenters say

>> Cyberespionage Operators Work In Groups, Process Enormous Data Workloads
A group of Taiwanese researchers peer into the operations center of a group behind one large espionage campaign

>> Black Hat USA 2013 Showcases NAND, Windows 8 Secure Boot Hacking Talks
Organizers confirm another trio of Briefings from the show

>> Black Hat USA Reminds Early Reg Deadline For July Show Ends Friday
Organizers are expecting at least 6,500 security industry professionals at the exclusive gathering

>> Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches
Lectures delve deep into technical specifics regarding exploits and rootkits

>> Getting A Jump On Black Hat USA
Dark Reading initiates early coverage on July Black Hat USA event, launches dedicated news page

>> Myth-Busting SQL- And Other Injection Attacks
Black Hat injection-attacks instructor dishes on the complexity of SQL injection and the prevalence of lesser-known injection attacks

>> Focused Black Hat 2013 Trainings Examine Incident Response, Malware
Infosec trainings aim to provide needed skills to properly respond to incidents large and small

>> BIOS Bummer: New Malware Can Bypass BIOS Security
Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine

>> Black Hat: Chief Engineer of NASA's Jet Propulsion Laboratory To Keynote Day Two Of Black Hat USA 2013
Brian Muirhead has unique experience in solving the challenges of both robotic and human exploration of space

>> Black Hat 2013 Showcases Home Security, Bootkits, Cellular OPSEC Failures
Black Hat announces three more featured talks

>> Black Hat USA 2013 Rolls Out SIM Card, Femtocell Hacking Talks
Organizers have confirmed some early details on Briefings talks

>> U.S. Cyber Command Head General Alexander To Keynote Black Hat USA 2013
Success is measured by how well the government collaborates with partners and customers, according to Gen. Alexander

>> Register For Black Hat 2013 Here

>> Black Hat USA 2012: Complete Coverage

>> Black Hat USA 2011: Complete Coverage

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.