News & Commentary

Latest Content tagged with Black Hat
Page 1 / 2   >   >>
Why Cybersecurity Must Be an International Effort
News  |  12/6/2017  | 
The former head of cyber for the US State Department calls for agreements across countries to improve government cybersecurity.
How the Major Intel ME Firmware Flaw Lets Attackers Get 'God Mode' on a Machine
News  |  12/6/2017  | 
Researchers at Black Hat Europe today revealed how a buffer overflow they discovered in the chip's firmware can be abused to take control of a machine - even when it's turned 'off.'
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
News  |  12/4/2017  | 
Researcher to reveal IoT medical device dangers at Black Hat Europe this week.
Intel Firmware Flaws Found
News  |  11/22/2017  | 
Another big firmware security issue affecting Intel processors, requires OEM updates.
Samsung Pay Leaks Mobile Device Information
News  |  11/22/2017  | 
Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.
Stealthy New PLC Hack Jumps the Air Gap
News  |  11/9/2017  | 
Researchers at Black Hat Europe next month will demonstrate a data-exfiltration attack on Siemens PLCs that uses combination of code manipulation and Radio Frequency (RF) emissions.
Cognitive Mindhacks: How Attackers Spread Disinformation Campaigns
News  |  11/6/2017  | 
Researchers investigate the tools and techniques behind cyber propaganda and fake news and how it changes public opinion.
Social Engineer Spills Tricks of the Trade
News  |  11/2/2017  | 
A social engineer points out gaping holes in businesses' human security and shares lessons learned from years of phishing research.
Secure Wifi Hijacked by KRACK Vulns in WPA2
News  |  10/16/2017  | 
All modern WiFi access points and devices that have implemented the protocol vulnerable to attacks that allow decryption, traffic hijacking other attacks. Second, unrelated crypto vulnerability also found in RSA code library in TPM chips.
How Security Metrics Fail Us & How We Fail Them
How Security Metrics Fail Us & How We Fail Them
Dark Reading Videos  |  9/26/2017  | 
Joseph Carson of Thycotic discusses how infosec professionals buy security products they don't need and make other bad decisions, because of poor use of metrics.
Attacking Developers Using 'Shadow Containers'
Attacking Developers Using 'Shadow Containers'
Dark Reading Videos  |  9/15/2017  | 
Sagie Dulce describes why developers are such attractive targets and how the Docker API can be exploited to use one of developers' favorite tools against them in sneaky, obfuscated attacks.
A New Model for 'Mathematically Provable Security'
A New Model for 'Mathematically Provable Security'
Dark Reading Videos  |  9/14/2017  | 
Winn Schwartau, CEO of The Security Awareness Company, says we all know the old model of security is broken and it's time for a new one.
Deception: A Convincing New Approach to Cyber Defense
Commentary  |  9/12/2017  | 
How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.
Tesla Hacks: The Good, The Bad, & The Ugly
Tesla Hacks: The Good, The Bad, & The Ugly
Dark Reading Videos  |  9/12/2017  | 
Keen Security Lab found multiple holes in the isolation layer Tesla uses to protect drive systems from infotainment systems, but were impressed by the auto company's security in other ways.
Paul Vixie: How CISOs Can Use DNS to Up Security
Paul Vixie: How CISOs Can Use DNS to Up Security
Dark Reading Videos  |  9/11/2017  | 
FarSight CEO and DNS master Paul Vixie explains how enterprises, not just telecoms and infrastructure providers, can use DNS to improve cybersecurity.
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Dark Reading Videos  |  9/8/2017  | 
Ruben Santamarta shows radio-based vulnerabilities and investigates how the integrity of critical data can be manipulated to simulate, complicate or exacerbate emergency situations.
How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced
How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced
Dark Reading Videos  |  9/6/2017  | 
Assistant US Attorney Norman Barbosa visits the Dark Reading News Desk to discuss details of the credit card hacking case that led to an unprecedented 27-year prison sentence.
Activists Beware: The Latest In 3G & 4G Spying
Activists Beware: The Latest In 3G & 4G Spying
Dark Reading Videos  |  9/5/2017  | 
Ravi Borgaonkar describes new 3G & 4G vulnerabilities that enable IMSI catchers to be smarter, stealthier snoopers.
To Improve Diversity, 'Have the Uncomfortable Conversations'
To Improve Diversity, 'Have the Uncomfortable Conversations'
Dark Reading Videos  |  9/5/2017  | 
Jules Okafor of Fortress Information Security explains that diversity efforts cannot shy away from discussions of racism and sexism.
Mikko Hypponen's Vision of the Cybersecurity Future
Mikko Hypponen's Vision of the Cybersecurity Future
Dark Reading Videos  |  9/4/2017  | 
Twenty years from now, will everything be in the Internet of Things, and if so, how does the security industry need to prepare? F-Secure's chief research officer weighs in on this and what else the future promises (and threatens).
Using Market Pressures to Improve Cybersecurity
Using Market Pressures to Improve Cybersecurity
Dark Reading Videos  |  8/31/2017  | 
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
The Active Directory Botnet
The Active Directory Botnet
Dark Reading Videos  |  8/30/2017  | 
It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Dark Reading Videos  |  8/29/2017  | 
Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.
IoTCandyJar: A HoneyPot for any IoT Device
IoTCandyJar: A HoneyPot for any IoT Device
Dark Reading Videos  |  8/29/2017  | 
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
Insecure IoT Devices Pose Physical Threat to General Public
Insecure IoT Devices Pose Physical Threat to General Public
Dark Reading Videos  |  8/24/2017  | 
At the car wash, look out for attack robots. Billy Rios discusses how IoT devices could be hacked to physically attack people -- not just on factory floors, but in everyday public settings.
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dark Reading Videos  |  8/23/2017  | 
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Why Most Security Awareness Training Fails (And What To Do About It)
Why Most Security Awareness Training Fails (And What To Do About It)
Dark Reading Videos  |  8/22/2017  | 
Arun Vishwanath discusses why awareness training shouldn't apply the same cure to every ailment then blame the patient when the treatment doesn't work.
The Benefits of Exploiting Attackers' Favorite Tools
The Benefits of Exploiting Attackers' Favorite Tools
Dark Reading Videos  |  8/22/2017  | 
Symantec senior threat researcher Waylon Grange explains that attackers write vulnerable code, too.
How To Avoid Legal Trouble When Protecting Client Data
How To Avoid Legal Trouble When Protecting Client Data
Dark Reading Videos  |  8/21/2017  | 
Attorneys discuss how cybersecurity consultants can manage conflicts between e-discovery demands and client agreements.
ShieldFS Hits 'Rewind' on Ransomware
ShieldFS Hits 'Rewind' on Ransomware
Dark Reading Videos  |  8/18/2017  | 
Federico Maggi and Andrea Continella discuss a new tool to protect filesystems by disrupting and undoing ransomware's encryption activities.
How Bad Teachers Ruin Good Machine Learning
How Bad Teachers Ruin Good Machine Learning
Dark Reading Videos  |  8/18/2017  | 
Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
The Shadow Brokers: How They Changed 'Cyber Fear'
The Shadow Brokers: How They Changed 'Cyber Fear'
Dark Reading Videos  |  8/17/2017  | 
At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.
Behind the Briefings: How Black Hat Sessions Get Chosen
Behind the Briefings: How Black Hat Sessions Get Chosen
Dark Reading Videos  |  8/17/2017  | 
Daniel Cuthbert and Stefano Zanero explain what the Black Hat review board is looking for in an abstract submission for the Briefings.
WannaCry Hero Hutchins Pleads Not Guilty
Quick Hits  |  8/14/2017  | 
Lawyers for MalwareTech 'confident he will be fully vindicated.'
WannaCry Hero Garners Security Industry Support Following Arrest
News  |  8/7/2017  | 
US law enforcement arrested British security researcher Marcus Hutchins for allegedly developing and selling the Kronos banking Trojan.
2017 Pwnie Awards: Who Won, Lost, and Pwned
Slideshows  |  8/3/2017  | 
Security pros corralled the best and worst of cybersecurity into an award show highlighting exploits, bugs, achievements, and attacks from the past year.
Microsoft Security Put to the Test at Black Hat, DEF CON
News  |  8/1/2017  | 
Researchers at both conferences demonstrated workarounds and flaws in applications and services including Office 365, PowerShell, Windows 10, Active Directory and Windows BITs.
Iranian Hackers Ensnared Targets via Phony Female Photographer
News  |  7/31/2017  | 
US, Indian, Saudi Arabian, Israeli, Iraqi IT, security, executives in oil/gas and aerospace swept up in elaborate social media ruse used for cyber espionage operations.
Researchers Release Free Tool to Analyze ICS Malware
News  |  7/27/2017  | 
CrashOverride/Industroyer malware used against Ukraine's power grid the inspiration for the reverse-engineering tool.
Broadcom Chipset Bug in Android, iOS Smartphones Allows Remote Attack
News  |  7/27/2017  | 
Security researcher found a common flaw in Android and iOS smartphone chipsets that could allow a remote exploit to be unleashed on millions of devices.
Inside the Investigation and Trial of Roman Seleznev
News  |  7/27/2017  | 
The officials who convicted the credit card thief discussed the investigation, evidence, trial, and challenges involved in his case.
Get Ready for the 2038 'Epocholypse' (and Worse)
News  |  7/27/2017  | 
A leading security researcher predicts a sea of technology changes that will rock our world, including the Internet of Things, cryptocurrency, SSL encryption and national security.
Dark Reading News Desk Live at Black Hat USA 2017
Commentary  |  7/27/2017  | 
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
How to Build a Path Toward Diversity in Information Security
News  |  7/27/2017  | 
Hiring women and minorities only addresses half the issue for the IT security industry -- the next step is retaining these workers.
How Attackers Use Machine Learning to Predict BEC Success
News  |  7/26/2017  | 
Researchers show how scammers defeat other machines, increase their success rate, and get more money from their targets.
FBI Talks Avalanche Botnet Takedown
News  |  7/26/2017  | 
FBI unit chief Tom Grasso explains the takedown of Avalanche and how the agency approaches botnet infrastructures.
Hacking the Wind
News  |  7/26/2017  | 
A security researcher at Black Hat USA shows how wind turbine systems are susceptible to potentially damaging cyberattacks.
The Wild West of Security Post-Secondary Education
News  |  7/26/2017  | 
Black Hat researchers will show how inconsistent security schooling is at the university level.
Facebook Offers $1 Million for New Security Defenses
News  |  7/26/2017  | 
The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
How 'Postcript' Exploits Networked Printers
News  |  7/25/2017  | 
At Black Hat 2017, a university researcher will demo how attackers can drill into networked printers by way of the ubiquitous PostScript programming language.
Page 1 / 2   >   >>


5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: That's it, next year we start outsourcing toy production.
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.