Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Black Hat
<<   <   Page 2 / 2
What to Tell Young People of Color About InfoSec Careers
News  |  8/5/2020  | 
CEO and founder of Revolution Cyber Juliet Okafor and Baker Hughes Director of Global OT Security Programs Paul Brager talk about the unique lessons and hard truths they provide when mentoring young black cybersecurity professionals.
SynerComm Reboots a Security Staple with 'Continuous' Pentesting
News  |  8/5/2020  | 
SPONSORED CONTENT: Penetration testing has evolved well beyond a couple guys you hire to try and break into your network, according to SynerComm's Brian Judd. In addition to a service that offers round-the-clock pen testing, SynerComm also provides purple team testing, effectively splitting the difference with red- and blue-team exercises.
Pen Testers Share the Inside Story of Their Arrest and Exoneration
News  |  8/5/2020  | 
Coalfire'sGary De Mercurio and Justin Wynnshare the inside story of their infamous arrest last year while conducting a contractedred-team engagement in an Iowa courthouse -- and what it took to clear their names.
Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
News  |  8/5/2020  | 
SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software development needn't be a drag on productivity, says Tim Mackey from the Synopsys Cybersecurity Research Center.
HealthScare: Prioritizing Medical AppSec Research
News  |  8/5/2020  | 
Seth Fogie, information security director at Penn Medicine, explains which healthcare app vulnerabilities really matter in the day-to-day business of providing patient care.
A Most Personal Threat: Implantable Medical Devices
News  |  8/5/2020  | 
Alan Michaels,director of the Electronic Systems Lab at the Virginia Tech Hume Center, explains why implanted medical devices could pose a threat to secure communication facilities.
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
News  |  8/5/2020  | 
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
A Paramedic's Guide to Cybersecurity: Video
News  |  8/5/2020  | 
In this video segment, the Dark Reading News Desk speaks to several guests about healthcare cybersecurity. We begin with Rich Mogull, infosec pro and paramedic, for a discussion about what lessons cybersecurity can learn from emergency medical services and the parallels that already exist.
Voatz Delivers Multilayered Security to Protect Electronic Voting
News  |  8/5/2020  | 
SPONSORED CONTENT: While electronic voting has been plagued by fears of tampering or fraud, Voatz is looking to make the process more transparent and auditable, according to company founder Nimit Sawhney. He offers learning points from three recent pilots that highlight how governments can improve the integrity and better protect the voting process and its data.
Russian Election Interference: Whats Next?
News  |  8/5/2020  | 
Nate Beach-Westmoreland gives a look back at the past 10 years of Russian election interference and disinformation campaigns. What can we learn from the past and what should we expect as the 2020 US presidential election approaches?
Attack of the Clone: Next-Gen Social Engineering
News  |  8/5/2020  | 
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.
Pen Testers Who Got Arrested Doing Their Jobs Tell All
News  |  8/5/2020  | 
Coalfire's Gary De Mercurio and Justin Wynn share the details of their physical penetration-testing engagement gone wrong, as well as recommendations for protecting all red teamers.
11 Hot Startups to Watch at Black Hat USA
Slideshows  |  8/3/2020  | 
A sneak peek at the up-and-coming organizations to check out on the Black Hat USA virtual show floor.
Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020
Commentary  |  8/3/2020  | 
Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees.
'Hidden Property Abusing' Allows Attacks on Node.js Applications
News  |  7/31/2020  | 
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
Black Hat Virtually: An Important Time to Come Together as a Community
Commentary  |  7/30/2020  | 
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Slideshows  |  7/29/2020  | 
More than 130 security researchers and developers are ready to showcase their work.
Email Security Features Fail to Prevent Phishable 'From' Addresses
News  |  7/24/2020  | 
The security features for verifying the source of an email header fail to work together properly in many implementations, according to a team of researchers.
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Slideshows  |  7/23/2020  | 
Here are the trends and topics that'll capture the limelight at this year's virtual event.
Q&A: How Systemic Racism Weakens Cybersecurity
News  |  7/22/2020  | 
Cybersecurity policy expert and attorney Camille Stewart explains how to dismantle systemic racism in the industry and build a more diverse and representative workforce.
Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems
News  |  7/15/2020  | 
A researcher shares the unexpected lessons learned in years of creating puzzles and riddles for his cybersecurity colleagues.
A Paramedic's Lessons for Cybersecurity Pros
News  |  7/13/2020  | 
A paramedic turned cybersecurity expert shares his experiences in both fields, highlights their similarities, and explains how they can learn from each other.
Lost in Translation: Serious Flaws Found in ICS Protocol Gateways
News  |  7/13/2020  | 
These oft-forgotten devices contain serious vulnerabilities that allow attackers to hack OT systems remotely, researchers will reveal at Black Hat USA next month.
How Advanced Attackers Take Aim at Office 365
News  |  7/8/2020  | 
Researchers discuss how adversaries use components of Office 365 that are poorly understood and not closely monitored.
A Most Personal Threat: Implantable Devices in Secure Spaces
News  |  7/8/2020  | 
Do implantable medical devices pose a threat to secure communication facilities? A Virginia Tech researcher says they do, and the problem is growing.
Building Security Strategies in Sub-Saharan Africa: Trends and Concerns
News  |  7/2/2020  | 
Security experts discuss the rise in cybercrime affecting sub-Saharan Africa and the necessary changes to improve security.
Chinese Software Company Aisino Uninstalls GoldenSpy Malware
News  |  7/1/2020  | 
Follow-up sandbox research confirms Aisino knew about the malware in its tax software, though it's still unclear whether it was culpable.
Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19
News  |  6/24/2020  | 
Annual "Black Hat USA Attendee Survey" indicates unprecedented concern over possible compromises of enterprise networks and US critical infrastructure.
Have Your Say: Dark Reading Video News Desk Seeks Reader Contributions
News  |  6/18/2020  | 
We've got questions for you on black infosec, burnout, vulnerabilities, COVID-19, and much more. Send us your video responses and we'll play them in our News Desk broadcast during Black Hat Virtual.
Schneier on Hacking Society
News  |  4/9/2020  | 
How the hacker mindset and skill set could play a role in improving and securing societal systems, according to renowned security technologist Bruce Schneier.
Maersk CISO Says NotPeyta Devastated Several Unnamed US firms
Commentary  |  12/9/2019  | 
At least two companies may have been dealt even more damage than the shipping giant, which lost nearly its entire global IT infrastructure.
What's in a Botnet? Researchers Spy on Geost Operators
News  |  12/4/2019  | 
The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism
News  |  12/4/2019  | 
Investigative journalist Geoff White chats about why now is the right time for his Black Hat Europe Briefing on hackers, journalists, and the ethical ramifications of cybersecurity journalism.
When Rogue Insiders Go to the Dark Web
News  |  12/3/2019  | 
Employees gone bad sell stolen company information, sometimes openly touting their companies, researchers say.
Siemens Offers Workarounds for Newly Found PLC Vulnerability
Quick Hits  |  12/3/2019  | 
An undocumented hardware-based special access feature recently found by researchers in Siemens' S7-1200 can be used by attackers to gain control of the industrial devices.
New Free Emulator Challenges Apple's Control of iOS
News  |  11/27/2019  | 
An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system and gives Apple a new headache.
Researchers Explore How Mental Health Is Tracked Online
News  |  11/22/2019  | 
An analysis of popular mental health-related websites revealed a vast number of trackers, many of which are used for targeted advertising.
Black Hat Europe Q&A: Unveiling the Underground World of Anti-Cheats
News  |  11/22/2019  | 
Security consultant Joel Noguera describes how he got involved in testing anti-cheat software security, and what to expect from his upcoming Black Hat Europe talk.
Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments
News  |  11/20/2019  | 
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visas contactless payments security system vulnerabilities.
Windows Hello for Business Opens Door to New Attack Vectors
News  |  11/18/2019  | 
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
Researchers Find New Approach to Attacking Cloud Infrastructure
News  |  11/11/2019  | 
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
Black Hat Q&A: Hacking a '90s Sports Car
News  |  11/7/2019  | 
Security researcher Stanislas Lejay offers a preview of his upcoming Black Hat Europe talk on automotive engine computer management and hardware reverse engineering.
Siemens PLC Feature Can Be Exploited for Evil - and for Good
News  |  11/5/2019  | 
A hidden feature in some newer models of the vendor's programmable logic controllers leaves the devices open to attack. Siemens says it plans to fix it.
Security Pros and 'Black Hats' Agree on Most Tempting Targets
Quick Hits  |  9/5/2019  | 
Malicious actors look for accounts that are springboards to other systems, according to nearly 300 attendees of Black Hat USA.
Splunk Buys SignalFx for $1.05 Billion
Quick Hits  |  8/21/2019  | 
Deal will yield 'one platform that can monitor the entire enterprise application lifecycle,' Splunk CEO says.
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
News  |  8/16/2019  | 
At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
Researchers Show How SQLite Can Be Modified to Attack Apps
News  |  8/12/2019  | 
New technique involves query hijacking to trigger a wide range of memory safety issues within the widely used database engine, Check Point says.
Skepticism About Symantec and Trepidation About IoT
News  |  8/10/2019  | 
BLACK HAT 2019 -- Expert analysts from Informa, Eric Parizo and Tanner Johnson visit the Dark Reading News Desk to talk about the shake-ups at Symantec and trends in IoT security.
Significant Vulnerabilities Found in 6 Common Printer Brands
News  |  8/9/2019  | 
In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution.
How Behavioral Data Shaped a Security Training Makeover
News  |  8/8/2019  | 
A new program leveraged behavioral data of employees to determine when they excelled at security and where they needed improvement.
<<   <   Page 2 / 2


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader(&quot;File-Name&quot;)`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...