Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
How Advanced Attackers Take Aim at Office 365
Researchers discuss how adversaries use components of Office 365 that are poorly understood and not closely monitored.
A Most Personal Threat: Implantable Devices in Secure Spaces
Do implantable medical devices pose a threat to secure communication facilities? A Virginia Tech researcher says they do, and the problem is growing.
Building Security Strategies in Sub-Saharan Africa: Trends and Concerns
Security experts discuss the rise in cybercrime affecting sub-Saharan Africa and the necessary changes to improve security.
Chinese Software Company Aisino Uninstalls GoldenSpy Malware
Follow-up sandbox research confirms Aisino knew about the malware in its tax software, though it's still unclear whether it was culpable.
Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19
Annual "Black Hat USA Attendee Survey" indicates unprecedented concern over possible compromises of enterprise networks and US critical infrastructure.
Have Your Say: Dark Reading Video News Desk Seeks Reader Contributions
We've got questions for you on black infosec, burnout, vulnerabilities, COVID-19, and much more. Send us your video responses and we'll play them in our News Desk broadcast during Black Hat Virtual.
Schneier on Hacking Society
How the hacker mindset and skill set could play a role in improving and securing societal systems, according to renowned security technologist Bruce Schneier.
Maersk CISO Says NotPeyta Devastated Several Unnamed US firms
At least two companies may have been dealt even more damage than the shipping giant, which lost nearly its entire global IT infrastructure.
What's in a Botnet? Researchers Spy on Geost Operators
The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism
Investigative journalist Geoff White chats about why now is the right time for his Black Hat Europe Briefing on hackers, journalists, and the ethical ramifications of cybersecurity journalism.
When Rogue Insiders Go to the Dark Web
Employees gone bad sell stolen company information, sometimes openly touting their companies, researchers say.
Siemens Offers Workarounds for Newly Found PLC Vulnerability
An undocumented hardware-based special access feature recently found by researchers in Siemens' S7-1200 can be used by attackers to gain control of the industrial devices.
New Free Emulator Challenges Apple's Control of iOS
An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system — and gives Apple a new headache.
Researchers Explore How Mental Health Is Tracked Online
An analysis of popular mental health-related websites revealed a vast number of trackers, many of which are used for targeted advertising.
Black Hat Europe Q&A: Unveiling the Underground World of Anti-Cheats
Security consultant Joel Noguera describes how he got involved in testing anti-cheat software security, and what to expect from his upcoming Black Hat Europe talk.
Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visa’s contactless payments security system vulnerabilities.
Windows Hello for Business Opens Door to New Attack Vectors
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
Researchers Find New Approach to Attacking Cloud Infrastructure
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
Black Hat Q&A: Hacking a '90s Sports Car
Security researcher Stanislas Lejay offers a preview of his upcoming Black Hat Europe talk on automotive engine computer management and hardware reverse engineering.
Siemens PLC Feature Can Be Exploited for Evil - and for Good
A hidden feature in some newer models of the vendor's programmable logic controllers leaves the devices open to attack. Siemens says it plans to fix it.
Security Pros and 'Black Hats' Agree on Most Tempting Targets
Malicious actors look for accounts that are springboards to other systems, according to nearly 300 attendees of Black Hat USA.
Splunk Buys SignalFx for $1.05 Billion
Deal will yield 'one platform that can monitor the entire enterprise application lifecycle,' Splunk CEO says.
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
Researchers Show How SQLite Can Be Modified to Attack Apps
New technique involves query hijacking to trigger a wide range of memory safety issues within the widely used database engine, Check Point says.
Skepticism About Symantec and Trepidation About IoT
BLACK HAT 2019 -- Expert analysts from Informa, Eric Parizo and Tanner Johnson visit the Dark Reading News Desk to talk about the shake-ups at Symantec and trends in IoT security.
Significant Vulnerabilities Found in 6 Common Printer Brands
In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution.
How Behavioral Data Shaped a Security Training Makeover
A new program leveraged behavioral data of employees to determine when they excelled at security and where they needed improvement.
Equifax CISO: 'Trust Starts and Ends with You'
Organizational culture is key to good enterprise security posture, Jamil Farshchi told Black Hat attendees.
Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find
Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC.
Dark Reading News Desk Live at Black Hat USA 2019
Watch right here for 40 video interviews with speakers and sponsors. Streaming live from Black Hat USA Wednesday and Thursday 2 p.m. to 6 p.m. Eastern.
WhatsApp Messages Can Be Intercepted, Manipulated
Check Point security researchers demonstrate how a dangerous security weakness in the messaging application can be abused to spread fake news and carry out online scams.
Black Hat 2019: Security Culture Is Everyone's Culture
In his Black Hat USA keynote, Square's Dino Dai Zovi discussed lessons learned throughout his cybersecurity career and why culture trumps strategy.
Researchers Show Vulnerabilities in Facial Recognition
The algorithms that check for a user's 'liveness' have blind spots that can lead to vulnerabilities.
Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says
Boeing disputes IOActive findings ahead of security firm's Black Hat USA presentation.
Mimecast Rejected Over 67 Billion Emails. Here's What It Learned
New research warns that security pros must guard against updates to older malware and more manipulative social-engineering techniques.
Ransomware Used in Multimillion-Dollar Attacks Gets More Automated
The authors of MegaCortex appear to have traded security for convenience and speed, say researchers at Accenture iDefense.
Microsoft Opens Azure Security Lab, Raises Top Azure Bounty to $40K
Microsoft has invited security experts to 'come and do their worst' to mimic cybercriminals in the Azure Security Lab.
Black Hat: A Summer Break from the Mundane and Controllable
Enjoy the respite from the security tasks that await you back at home. Then prepare yourself for the uphill battles to come. Here's how.
8 Free Tools to Be Showcased at Black Hat and DEF CON
Expect a full slate of enterprise-class open source tools to take the spotlight when security researchers share their bounties with the community at large.
Black Hat Q&A: Cracking Apple's T2 Security Chip
Duo Labs’ Mikhail Davidow and Jeremy Erickson speak about their research on the Apple’s T2 security chip, and why they’re sharing it at Black Hat USA.
Black Hat Q&A: Inside the Black Hat NOC
Cybersecurity expert Bart Stump explains what it’s like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.
Security Training That Keeps Up with Modern Development
Black Hat USA speakers to discuss what it will take to 'shift knowledge left' to build up a corps of security-savvy software engineers.
How Cybercriminals Break into the Microsoft Cloud
Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.
Open Source Hacking Tool Grows Up
Koadic toolkit gets upgrades — and a little love from nation-state hackers.
RDP Bug Takes New Approach to Host Compromise
Researchers show how simply connecting to a rogue machine can silently compromise the host.
DevOps' Inevitable Disruption of Security Strategy
Black Hat USA programming will dive into the ways DevOps-driven shifts in practices and tools are introducing both new vulnerabilities and new ways of securing enterprises.
Researchers Poke Holes in Siemens Simatic S7 PLCs
Black Hat USA session will reveal how they reverse-engineered the proprietary cryptographic protocol to attack the popular programmable logic controller.
7 Hot Cybersecurity Trends to Be Highlighted at Black Hat
Just some of the research and ideas worth checking out at this year's 'security summer camp.'
Black Hat Q&A: Understanding NSA’s Quest to Open Source Ghidra
National Security Agency researcher Brian Knighton offers a preview of his August Black Hat USA talk on the evolution of Ghidra.
'Human Side-Channels': Behavioral Traces We Leave Behind
How writing patterns, online activities, and other unintentional identifiers can be used in cyber offense and defense.
|
Special Report: Computing's New Normal, a Dark Reading PerspectiveThis special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Tweet This
19 Comments
