Vulnerabilities / Threats

5/27/2013
08:48 PM
50%
50%

Black Hat USA 2013: Complete Coverage

Articles leading up to, live coverage from, and post-event analysis of Black Hat USA 2013, July 27 - Aug. 1

>> Can We End CSRF With Header-Based Browser Policies?
Newly proposed Storage Origin Security (SOS) policy presented at Black Hat could offer a simpler way to combat cross-site request forgery

>> Attackers' Toolbox Makes Malware Detection More Difficult
From virtual-machine detection to taking a 30-minute nap, the array of techniques used by attackers to stymie malware analysis is growing

>> A New Framework For Detecting Advanced Rootkits
Last week the security community gained another way to help secure endpoints as researchers released a new framework meant to root out rootkits in UEFI

>> Black Hat: The Problems Don't Change, But The Solutions Have (Blog)
An increase in attacker capabilities has drawn an innovative response from industry, and emerging research promises more to come

>> Maltego Gets More 'Teeth'
New features in Maltego, an open-source intelligence tool for defenders, allow penetration testers and attackers to gather data on vulnerable systems and manage botnets

>> Timing Attacks On Browsers Leak Sensitive Information
Variations in the redraw times of graphical elements could allow an attacker to see sites a user has visited, sensitive information

>> Black Hat: Moving Security Outside The Lines (Blog)
Enterprises clearly define security's responsibilities; attackers don't. It's time to think more like the attacker

>> Medical-Device Flaws Will Take Time To Heal
Manufacturers are slow to patch up security issues, despite increasing pressure from patients, researchers and federal agencies

>> Slide Show: The Sights Of Black Hat
A photo recap of a week of research, crowds and parties at Black Hat USA 2013

>> Black Hat: Lessons For SMBs From The Dark Side Of Security
Issues affecting large enterprises are the bread and butter of Black Hat, but even smaller firms have something to learn

>> Cutting Through The Mystique Of Testing The Mainframe
Mainframes are not enterprise dinosaurs -- they're modern systems running mission critical data that must be scrutinized as much as any other part of the IT infrastructure

>> Water-Utility Honeynet Illuminates Real-World SCADA Threats
After a researcher constructs a fake water-utility network and puts it online, attackers quickly target the systems

>> Too Smart For Their Own Good: Attacking Smart TVs
Black Hat researchers show how the watchers can become the watched through smart TV attack techniques

>> SCADA Experts Simulate 'Catastrophic' Attack
Lack of security in remote oil drilling stations and other similar environments vulnerable to rudimentary but potentially disastrous attacks

>> 'Comfoo' APT Cyberespionage Campaign Exposed
Trojan used in the breach of RSA in 2010 remains active and prolific in targeted attacks

>> iOS Weaknesses Allow Compromise Via Trojan Chargers
Using weaknesses in Apple's flagship operating system, a simple computer disguised as a charging station can pair with, and then install malware on, any iPhone or iPad that connects to it

>> Creating Browser-Based Botnets Through Online Ad Networks
Researchers demonstrate how ads invoking JavaScript on viewers' browsers en masse could create untraceable networks to wreak DDoS damage

>> NSA Director Faces Cybersecurity Community At Black Hat
Gen. Keith Alexander aims to set the record straight on controversial NSA spying programs, calling out how leaked surveillance programs helped derail specific terror plots

>> New Free Service Cracks Weak Passwords
Cloud-based tool released for password auditing

>> Microsoft Extends MAPP To Incident Responders And Offers Free Online URL, File Scanner
Microsoft Active Protections Program evolving to a protection, detection, and remediation program

>> Cheap Monitoring Highlights Dangers Of Internet Of Things
Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices

>> Moving Away From Rash Hashing Decisions
Black Hat talk will discuss shortcomings of the latest technical evolution of hashing passwords for safe storage in databases, propose a competition to design something better

>> Getting Physical At Black Hat
Researchers offer up work on breaking into buildings by hacking alarm key pad sensors and key card access control systems

>> SIM Card Hack A Wakeup Call
Crack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone

>> 3 Briefings That Highlight Infosec's High-Stakes Game
Spectacular exploits and worrying implications await

>> 'Hangover' Persists, More Mac Malware Found
Attackers behind the Operation Hangover cyberspying campaign out of India found dropping OS X malware, covering their tracks online

>> Researchers To Highlight Weaknesses In Secure Mobile Data Stores
At Black Hat USA, a team of mobile-security researchers plans to show off ways to circumvent the security of encrypted containers meant to protect data on mobile devices

>> Service, Denied
Black Hat USA 2013 has lined up three DDoS-related Briefings, covering the topic from multiple angles

>> 'Tortilla' Spices Up Active Defense Ops
New free Tor tool due out at Black Hat USA aims to make the Tor anonymizing network easier to use for all types of intel-gathering

>> How Attackers Thwart Malware Investigation
A researcher at Black Hat USA this month will dissect a recent attack, showing off attackers' techniques for making malware analysis harder and intelligence gathering more time consuming

>> Commercial DDoS Services Proliferate, Are Responsible For Many Recent Attacks
Customers can DDoS a website for as little as $10, Vigilant by Deloitte speaker will tell Black Hat audience

>> Preparing For Possible Future Crypto Attacks
Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure

>> New Techniques Obfuscate, Optimize SQL Injection Attacks
Black Hat researcher to demonstrate new methods for getting around defenses even more quickly to extract database data through SQLi

>> HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft
Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds

>> Machine-Learning Project Sifts Through Big Security Data
As the volume of data created by security and network devices multiplies, researchers look for ways to teach computer to better highlight attack patterns

>> 3 Stupid Corporation Tricks
With exactly one month to go before the start of Black Hat USA 2013, we highlight a trio of Briefings that focus on data security in corporate environments.

>> Black Hat Releases Official Schedule
With 110 unique Briefings and workshops, Black Hat USA boasts nearly 94 hours of high-intensity research and vulnerability disclosure

>> 'BinaryPig' Uses Hadoop To Sniff Out Patterns In Malware
At Black Hat next month, researchers will release new set of big-data tools that can find patterns in the data among security firms' massive databases of malware

>> Researcher To Demo Spy-Phone At Black Hat
Using the ability to inject malicious code into applications on Android devices, a researcher will demonstrate at Black Hat how to create the infrastructure to spy on mobile users

>> Vulnerability Severity Scores Make For Poor Patching Priority, Researchers Find
A bug's Common Vulnerability Scoring System (CVSS) score doesn't necessarily correlate with whether the vulnerability is being used in attacks

>> Black Hat USA: T-Minus One Month And Counting
This highlighted trio of Briefings range widely in topic, yet they all sport that certain cool factor

>> Microsoft Establishes Rewards Programs For Windows 8.1, Internet Explorer 11 Preview Security Bugs
Microsoft is launching new programs to get its hands on cutting-edge exploits developed by researchers

>> Researcher To Open-Source Tools For Finding Odd Authentication Behavior
Rather than watching for communications between infected systems and command-and-control servers, companies can detect stealthy malware when it attempts to spread

>> Black Hat USA 2013 Reveals Turbo Talks On Top Topics
High-speed sessions will focus on content from almost every corner of security space

>> Don't Take Vulnerability Counts At Face Value
With flaw tallies varying by up to 75 percent, vulnerability data needs to be taken with a grain of salt, yet reports based on the data fail to include caveats, Black Hat presenters say

>> Cyberespionage Operators Work In Groups, Process Enormous Data Workloads
A group of Taiwanese researchers peer into the operations center of a group behind one large espionage campaign

>> Black Hat USA 2013 Showcases NAND, Windows 8 Secure Boot Hacking Talks
Organizers confirm another trio of Briefings from the show

>> Black Hat USA Reminds Early Reg Deadline For July Show Ends Friday
Organizers are expecting at least 6,500 security industry professionals at the exclusive gathering

>> Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches
Lectures delve deep into technical specifics regarding exploits and rootkits

>> Getting A Jump On Black Hat USA
Dark Reading initiates early coverage on July Black Hat USA event, launches dedicated news page

>> Myth-Busting SQL- And Other Injection Attacks
Black Hat injection-attacks instructor dishes on the complexity of SQL injection and the prevalence of lesser-known injection attacks

>> Focused Black Hat 2013 Trainings Examine Incident Response, Malware
Infosec trainings aim to provide needed skills to properly respond to incidents large and small

>> BIOS Bummer: New Malware Can Bypass BIOS Security
Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine

>> Black Hat: Chief Engineer of NASA's Jet Propulsion Laboratory To Keynote Day Two Of Black Hat USA 2013
Brian Muirhead has unique experience in solving the challenges of both robotic and human exploration of space

>> Black Hat 2013 Showcases Home Security, Bootkits, Cellular OPSEC Failures
Black Hat announces three more featured talks

>> Black Hat USA 2013 Rolls Out SIM Card, Femtocell Hacking Talks
Organizers have confirmed some early details on Briefings talks

>> U.S. Cyber Command Head General Alexander To Keynote Black Hat USA 2013
Success is measured by how well the government collaborates with partners and customers, according to Gen. Alexander

>> Register For Black Hat 2013 Here

>> Black Hat USA 2012: Complete Coverage

>> Black Hat USA 2011: Complete Coverage

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Companies Blindly Believe They've Locked Down Users' Mobile Use
Dawn Kawamoto, Associate Editor, Dark Reading,  11/14/2017
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark Reading,  11/14/2017
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.