Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

News & Commentary

Latest Content tagged with Black Hat
Page 1 / 2   >   >>
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues
News  |  11/14/2018  | 
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data – and are fearful of a near-term breach of critical infrastructure.
7 Cool New Security Tools to be Revealed at Black Hat Europe
Slideshows  |  11/12/2018  | 
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
Finding Gold in the Threat Intelligence Rush
News  |  11/7/2018  | 
Researchers sift through millions of threat intel observations to determine where to best find valuable threat data.
New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points
News  |  11/1/2018  | 
'BleedingBit' could give attackers control of the wireless network from a remote vantage point.
Hardware Cyberattacks: How Worried Should You Be?
News  |  10/31/2018  | 
How to fit hardware threats into your security model as hardware becomes smaller, faster, cheaper, and more complex.
DeepPhish: Simulating Malicious AI to Act Like an Adversary
News  |  10/26/2018  | 
How researchers developed an algorithm to simulate cybercriminals' use of artificial intelligence and explore the future of phishing.
Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites
News  |  10/25/2018  | 
Researcher will demonstrate at Black Hat Europe his team's recent discovery: a way to exploit popular user-blocking feature on social media and other sites.
New Security Woes for Popular IoT Protocols
News  |  10/18/2018  | 
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training
News  |  10/15/2018  | 
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
How Secure are our Voting Systems for November 2018?
How Secure are our Voting Systems for November 2018?
Dark Reading Videos  |  9/14/2018  | 
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the country’s highly decentralized voting systems to safeguard the integrity of upcoming elections.
4 Practical Measures to Improve Election Security Now
Commentary  |  9/11/2018  | 
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
Lessons From the Black Hat USA NOC
Commentary  |  8/30/2018  | 
The conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Dark Reading Videos  |  8/29/2018  | 
Although WebAssembly technology promises both better performance and better security to developers, it also creates a new risk for native exploits in the browser.
Researcher Cracks San Francisco's Emergency Siren System
Researcher Cracks San Francisco's Emergency Siren System
Dark Reading Videos  |  8/24/2018  | 
Bastille researcher Balint Seeber discusses the process of creating SirenJack and cracking one of a city's critical safety systems.
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
Dark Reading Videos  |  8/22/2018  | 
University of Copenhagen associate professor discusses what he found when he dug into some decommissioned WinVote voting machines.
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Videos  |  8/20/2018  | 
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
How Better Intel Can Reduce, Prevent Payment Card Fraud
How Better Intel Can Reduce, Prevent Payment Card Fraud
Dark Reading Videos  |  8/20/2018  | 
Royal Bank of Canada machine learning researcher and Terbium Labs chief scientist discuss how they use intelligence about the carding market to predict the next payment card fraud victims.
Malicious Cryptomining & Other Shifting Threats
Malicious Cryptomining & Other Shifting Threats
Dark Reading Videos  |  8/17/2018  | 
Skybox Security CMO Michelle Johnson Cobb discloses research results that include a spike in malicious cryptomining during Bitcoin’s peak, a shift to outside-the-perimeter mobile threats, and more.
The Economics of AI-Enabled Security
The Economics of AI-Enabled Security
Dark Reading Videos  |  8/17/2018  | 
While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.
Using Threat Deception on Malicious Insiders
Using Threat Deception on Malicious Insiders
Dark Reading Videos  |  8/17/2018  | 
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
Filtering the Threat Intelligence Tsunami
Filtering the Threat Intelligence Tsunami
Dark Reading Videos  |  8/17/2018  | 
Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.
Ensuring Web Applications Are Hardened, Secure
Ensuring Web Applications Are Hardened, Secure
Dark Reading Videos  |  8/17/2018  | 
Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.
Supplementing the SOC with Cyber-as-a-Service
Supplementing the SOC with Cyber-as-a-Service
Dark Reading Videos  |  8/17/2018  | 
Raytheon Cyber Protection Solutions CTO Mark Orlando suggests under-resourced SOCs enhance their effectiveness at-scale by tapping the advanced cyber defense automation his company has developed.
Assessing & Mitigating Increased Exposure to Third-Party Risk
Assessing & Mitigating Increased Exposure to Third-Party Risk
Dark Reading Videos  |  8/17/2018  | 
As we increasingly connect with each other digitally, CyberGRX CRO Scott Schneider believes we need to be much more diligent about sharing validated insight into the infosec maturity of our organizations.
Leveraging the Power of your End-Users’ Human Cognition
Leveraging the Power of your End-Users’ Human Cognition
Dark Reading Videos  |  8/17/2018  | 
Cofense CEO Rohyt Belani makes a case for more aggressively leveraging the unique ability of your most perceptive and well-trained end-users to help you more quickly spot and stop email threats.
How Orchestration, Automation Help SOCs Do More With Less
How Orchestration, Automation Help SOCs Do More With Less
Dark Reading Videos  |  8/17/2018  | 
Splunk’s Haiyan Song and Oliver Friedrichs - co-founder of recently acquired Phantom - explain how security orchestration, automation, and response (SOAR) can empower SOCs to do more with less.
Simplifying Defense Across the MITRE ATT&CK Matrix
Simplifying Defense Across the MITRE ATT&CK Matrix
Dark Reading Videos  |  8/17/2018  | 
Endgame’s Mark Dufresne says SOCs can achieve better results within their existing staff and budget constraints with AI- and visualization-empowered, unified defense across the MITRE ATT&CK™ matrix.
The Rise of Bespoke Ransomware
The Rise of Bespoke Ransomware
Dark Reading Videos  |  8/17/2018  | 
Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.
Miller & Valasek: Security Stakes Higher for Autonomous Vehicles
News  |  8/15/2018  | 
Car hacking specialists shift gears and work on car defense in their latest gigs - at GM subsidiary Cruise Automation.
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Slideshows  |  8/15/2018  | 
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
New PHP Exploit Chain Highlights Dangers of Deserialization
News  |  8/15/2018  | 
PHP unserialization can be triggered by other vulnerabilities previously considered low-risk.
Hacker Unlocks 'God Mode' and Shares the 'Key'
News  |  8/13/2018  | 
At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.
NSA Brings Nation-State Details to DEF CON
News  |  8/10/2018  | 
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships
News  |  8/9/2018  | 
Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network – and other findings – at Black Hat USA today.
Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft
News  |  8/9/2018  | 
A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.
Dark Reading News Desk Live at Black Hat USA 2018
News  |  8/9/2018  | 
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
No, The Mafia Doesn't Own Cybercrime: Study
News  |  8/8/2018  | 
Organized crime does, however, sometimes provide money-laundering and other expertise to cybercriminals.
Researchers Release Free TRITON/TRISIS Malware Detection Tools
News  |  8/8/2018  | 
Team of experts re-creates the TRITON/TRISIS attack to better understand the epic hack of an energy plant that ultimately failed.
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
News  |  8/8/2018  | 
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
Understanding Firewalls: Build Them Up, Tear Them Down
News  |  8/8/2018  | 
A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
Spot the Bot: Researchers Open-Source Tools to Hunt Twitter Bots
News  |  8/6/2018  | 
Their goal? To create a means of differentiating legitimate from automated accounts and detail the process so other researchers can replicate it.
Google Researcher Unpacks Rare Android Malware Obfuscation Library
News  |  8/1/2018  | 
Analysis exposes the lengths malware authors will go to in order to protect their code from disassembly and reverse engineering.
10 More Women in Security You May Not Know But Should
Slideshows  |  7/31/2018  | 
The second installment in a series highlighting women who are driving change in cybersecurity but may not be on your radar – yet.
Automating Kernel Exploitation for Better Flaw Remediation
News  |  7/27/2018  | 
Black Hat researchers plan on open sourcing a new framework they say can help organizations get a better rein on vulnerability fixes for kernel bugs.
Stealth Mango Proves Malware Success Doesn't Require Advanced Tech
News  |  7/26/2018  | 
At Black Hat USA, a pair of researchers will show how unsophisticated software can still be part of a successful surveillance campaign.
The ABCs of Hacking a Voting Machine
News  |  7/25/2018  | 
A hacker who successfully infiltrated a voting machine at last year's DEF CON will demonstrate at Black Hat USA how he did it, as well as what he later found stored on other decommissioned WinVote machines.
Iranian Hacker Group Waging Widespread Espionage Campaign in Middle East
News  |  7/25/2018  | 
Unlike other threat actors that have a narrow set of targets, Leafminer has over 800 organizations in its sights, Symantec says.
Software is Achilles Heel of Hardware Cryptocurrency Wallets
News  |  7/23/2018  | 
Upcoming Black Hat talk will detail software vulnerabilities that can put private cryptocurrency wallets and currency exchange services at risk.
8 Big Processor Vulnerabilities in 2018
Slideshows  |  7/13/2018  | 
Security researchers have been working in overdrive examining processors for issues — and they haven't come up empty-handed.
Microsoft July Security Updates Mostly Browser-Related
News  |  7/10/2018  | 
Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
Page 1 / 2   >   >>


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-9541
PUBLISHED: 2018-11-14
In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi...
CVE-2018-9542
PUBLISHED: 2018-11-14
In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 ...
CVE-2018-9543
PUBLISHED: 2018-11-14
In f2fs_format_utils.c WITH_BLKDISCARD is not defined, which may cause the data partition to not be wiped at factory reset, leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. ...
CVE-2018-9544
PUBLISHED: 2018-11-14
In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: A...
CVE-2018-9545
PUBLISHED: 2018-11-14
In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Androi...