Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Black Hat
Page 1 / 2   >   >>
Cartoon Caption Winner: Insider Threat
Commentary  |  2/8/2021  | 
And the winner of Dark Reading's January cartoon caption contest is ...
DoJ's Microsoft 365 Email Accounts Compromised in SolarWinds Attacks
Quick Hits  |  1/6/2021  | 
Three percent of email accounts were breached, the Department of Justice reports.
'Fingerprint-Jacking' Attack Technique Manipulates Android UI
News  |  12/10/2020  | 
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
Black Hat Europe: Dark Reading Video News Desk Coverage
News  |  12/10/2020  | 
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
Researcher Developed New Kernel-Level Exploits for Old Vulns in Windows
News  |  12/9/2020  | 
Problem has to do with a print driver component found in all versions of Windows going back to Windows 7, security researcher from Singular Security Lab says at Black Hat Europe 2020.
Security Incidents Are 'Tip of the Iceberg,' Says UK Security Official
News  |  12/9/2020  | 
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.
Researchers Bypass Next-Generation Endpoint Protection
News  |  12/3/2020  | 
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.
Inside North Korea's Rapid Evolution to Cyber Superpower
News  |  12/1/2020  | 
Researchers examine North Korea's rapid evolution from destructive campaigns to complex and efficient cyber operations.
Do You Know Who's Lurking in Your Cloud Environment?
News  |  11/25/2020  | 
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
Alexa, Disarm the Victim's Home Security System
News  |  11/24/2020  | 
Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.
Ransomware Grows Easier to Spread, Harder to Block
News  |  11/23/2020  | 
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
Evidence-Based Trust Gets Black Hat Europe Spotlight
News  |  11/23/2020  | 
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
7 Cool Cyberattack and Audit Tools to be Highlighted at Black Hat Europe
Slideshows  |  11/12/2020  | 
Platforms, open source tools, and other toolkits for penetration testers and other security practitioners will be showcased at this week's virtual event.
Android Camera Bug Under the Microscope
News  |  10/5/2020  | 
Critical Android vulnerability CVE-2019-2234 could enable attackers to take control of a victim's camera and take photos, record videos, and learn location.
Researchers Adapt AI With Aim to Identify Anonymous Authors
News  |  10/2/2020  | 
At Black Hat Asia, artificial intelligence and cybersecurity researchers use neural networks to attempt to identify authors, but accuracy is still wanting.
Singapore Asks Big Cybersecurity Questions to Improve National Defense
News  |  10/1/2020  | 
An executive from Singapore's Cyber Security Agency examines the role of security in a nation increasingly dependent on technology.
Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay
Commentary  |  8/20/2020  | 
Black Hat USA 2020 was nothing like an in-person event, but it was incredibly useful for all involved, providing even the most grizzled industry veterans with fresh perspectives.
Black Hat USA 2020 Recap: Experts Discuss Election Security Questions, but Offer Few Answers
Commentary  |  8/20/2020  | 
The U.S. election in November is once again expected to be a target of digital adversaries. Experts at Black Hat USA 2020 highlighted the many election security questions authorities must address.
The Race to Hack a Satellite at DEF CON
News  |  8/13/2020  | 
Eight teams competed to win cash, bragging rights, and the chance to control a satellite in space.
Boeing's DEF CON Debut a Sign of the Times
News  |  8/13/2020  | 
In the wake of a stalemate between the airplane manufacturer and a security researcher over vulns found in its 787 aircraft's network, Boeing says it's ready to "embrace" the hacker community.
Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity
Commentary  |  8/13/2020  | 
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
News  |  8/12/2020  | 
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
Researchers Trick Facial-Recognition Systems
News  |  8/11/2020  | 
Goal was to see if computer-generated images that look like one person would get classified as another person.
Is Edtech the Greatest APT?
News  |  8/11/2020  | 
Educational technology is critical but can come at huge costs to student and teacher privacy and security. Are those costs too high?
Digital Clones Could Cause Problems for Identity Systems
News  |  8/8/2020  | 
Three fundamental technologies -- chatbots, audio fakes, and deepfake videos -- have improved to the point that creating digital, real-time clones of people is merely a matter of integrating the systems.
Researcher Finds New Office Macro Attacks for MacOS
News  |  8/7/2020  | 
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
Getting to the Root: How Researchers Identify Zero-Days in the Wild
News  |  8/6/2020  | 
Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it.
Researchers Create New Framework to Evaluate User Security Awareness
News  |  8/6/2020  | 
Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats.
A Mix of Optimism and Pessimism for Security of the 2020 Election
News  |  8/6/2020  | 
DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election.
Dark Reading Video News Desk Returns to Black Hat
News  |  8/6/2020  | 
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
Where Dark Reading Goes Next
News  |  8/6/2020  | 
Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.
On 'Invisible Salamanders' and Insecure Messages
News  |  8/6/2020  | 
Cornell researcher Paul Grubbsdiscusses how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.
Exploiting Google Cloud Platform With Ease
News  |  8/6/2020  | 
Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
News  |  8/6/2020  | 
Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks theyve detected, and suggest mitigations as businesses rely more heavily on the cloud.
Information Operations Spotlighted at Black Hat as Election Worries Rise
News  |  8/6/2020  | 
From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.
OpenText Blends Security, Data Protection for Greater Cyber Resilience
News  |  8/6/2020  | 
SPONSORED CONTENT: Infosec professionals are taking advantage of technology hybrids to keep users, data, and their networks more safe, according to Hal Lonas of OpenText's Webroot division. And they're also finding new ways to use artificial intelligence and machine learning to improve security management and reduce risk.
Why Satellite Communication Eavesdropping Will Remain A Problem
News  |  8/6/2020  | 
Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.
Using IoT Botnets to Manipulate the Energy Market
News  |  8/6/2020  | 
Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.
Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl
News  |  8/6/2020  | 
SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets.
The Long Shadow of Stuxnet: New Microsoft Print Spooler Vulns Revealed
News  |  8/6/2020  | 
Researchers Peleg Hader and Tomer Bar ofSafeBreachshare details of the three vulnerabilities they found in Windows Print Spoolerthat could allow an attacker to sneak into the network throughan old printer service mechanism.
Remotely Hacking Operations Technology Systems
News  |  8/6/2020  | 
Marco Balduzzi senior research scientist with Trend Micro, tells us how the often-overlooked ICS protocol gateways contain serious vulnerabilities that allow attackers to hack OT systems remotely.
New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet
News  |  8/6/2020  | 
Researchers find new flaws in the ubiquitous decades-old printer software in Windows, including one that bypasses a recent Microsoft patch.
Platform Security: Intel Pushes to Reduce Supply Chain Attacks
News  |  8/6/2020  | 
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.
Counting for Good: Hardware Counters Un-mask Malware
News  |  8/6/2020  | 
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic.
A Real-World Tool for Organizing, Integrating Your Other Tools
News  |  8/6/2020  | 
Omdia Cybersecurity Accelerator analyst Eric Parizo describes the value overwhelmed security managers may find in a SPIF.
Energy Market Manipulation with High-Wattage IoT Botnets
News  |  8/6/2020  | 
Attackers that can compromise enough products such as smart ACs and heaters can tweak power demand in subtle ways for financial gain or to hurt market players, researchers at Black Hat say.
Ripple20: More Vulnerable Devices Identified
Quick Hits  |  8/6/2020  | 
Security researchers find 34 additional vendors, and 47 devices, affected by the widespread Ripple20 vulnerabilities.
What a Security Engineer & Software Engineer Learned by Swapping Roles
News  |  8/5/2020  | 
A security engineer and infrastructure engineer with Salesforce share lessons learned from their professional role reversal, and advice for people on both teams.
Tales from the Trenches Show Security Issues Endemic to Healthcare
News  |  8/5/2020  | 
The CISO for Indiana University Health says simple policies, good communication, and strong authentication go much further than vendor tools in solving security problems.
Supporting Women in InfoSec
News  |  8/5/2020  | 
Maxine Holt, research director from Omdia, explains why the time is right for women to step into more cybersecurity jobs now.
Page 1 / 2   >   >>


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9051
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
CVE-2020-9052
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
CVE-2020-9053
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
CVE-2021-1231
PUBLISHED: 2021-02-24
A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to inc...
CVE-2021-1361
PUBLISHED: 2021-02-24
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitr...