Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Black Hat posted in July 2012
More Than Half Of Top 20 Fortune 500 Firms Infected With 'Gameover' Zeus Botnet
Quick Hits  |  7/31/2012  | 
Financial botnet has amassed some 680,000 bots
Hiding SAP Attacks In Plain Sight
News  |  7/31/2012  | 
Black Hat presenter uses test service and server-side request forgery to root SAP deployments
Web Browser Weaknesses Make Tracking Easy
News  |  7/27/2012  | 
Researcher kicks off effort to catalog all the ways that browsers and popular add-ons can be used to track users
JavaScript Botnet Sheds Light On Criminal Activity
News  |  7/27/2012  | 
A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals
More Than Half Of Major Banks Infected With Conficker, Zeus, Fake AV, Other Malware
Quick Hits  |  7/26/2012  | 
Most users infected with malware suffer reinfection
Apple Makes Black Hat Debut
News  |  7/26/2012  | 
But presentation by Apple security team member doesn't reveal any new security details or plans for iOS
Simplifying SQL Injection Detection
News  |  7/26/2012  | 
Black Hat researcher releases new lexical analysis tool that doesn't rely on regular expressions
Android Takeover With The Swipe Of A Smartphone
News  |  7/25/2012  | 
Security researcher discovers near-field communication (NFC) is a greenfield of security risks
Microsoft Adds BlueHat Prize Finalist's Technology To Its Free Toolkit
News  |  7/25/2012  | 
New security defense method may or may not end up the grand-prize winner of the contest
Impersonating Microsoft Exchange Servers To Manipulate Mobile Devices
News  |  7/25/2012  | 
Black Hat researcher demonstrates mobile man-in-the-middle proof-of-concept attack that allows for unauthorized remote wipes
Free Advanced Evasion Technique Tool Unleashed
News  |  7/25/2012  | 
'Evader' to demonstrate how attacks slip by popular network security devices
Black Hat Researcher Finds Holes In ARM, x86, Embedded Systems
News  |  7/24/2012  | 
Black Hat session aims to expose sometimes shocking vulnerabilities in widely used products
Black Hat Goes Back To The Future
News  |  7/24/2012  | 
Five speakers who spoke at the first Black Hat conference will appear together on a panel titled 'Smashing the Future for Fun and Profit' on Wednesday
Black Hat, BSides, Def Con: Defenders, Take Note
Commentary  |  7/24/2012  | 
Summer security conferences include defense-related topics on top of the usual offensive fare
Dark Reading, Black Hat Partner To Produce Daily Conference Newsletter
Quick Hits  |  7/24/2012  | 
Dark Reading newsletter subscribers, conference attendees will receive three days of Black Hat show coverage
DARPA-Funded Service Seeks Flaws In Smartphones
News  |  7/24/2012  | 
The brainchild of start-up Duo Security, the X-Ray service will let users know whether their smartphones have vulnerable systems software
Using Chip Malfunction To Leak Private Keys
News  |  7/23/2012  | 
Black Hat researcher shows attackers could manipulate Linux machines running Open SSL and RSA encryption to gain access to authentication encryption keys for spoofing
Black Hat: The Phishing Scare That Wasn't
Quick Hits  |  7/23/2012  | 
Email glitch causes concern among security pros attending major industry event, but ends with humor
Smart Grid Researcher Releases Open Source Meter-Hacking Tool
News  |  7/19/2012  | 
'Termineter' unleashed prior to presentations on smart meter security next week at BSides, Black Hat USA
Will Advanced Attackers Laugh At Your WAF?
News  |  7/17/2012  | 
Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses
'Waldo' Finds Ways To Abuse HTML5 WebSockets
News  |  7/17/2012  | 
Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic
Black Hat Researcher: Rethink And Refine Your IDS
News  |  7/13/2012  | 
Attackers routinely go unnoticed, both because intrusion detection systems are failing to do their jobs and because security teams need to rethink how they use them
Crimeware Developers Shift To More Obfuscation, Java Exploits
News  |  7/12/2012  | 
After making their code harder to reverse-engineer, exploit kits are now focusing on improving attacks
Stealing Documents Through Social Media Image-Sharing
News  |  7/11/2012  | 
Innocent-looking vacation pictures on Facebook could conceivably traffic exfiltrated documents, Black Hat researchers warn
Apple 'Ban' Gives Miller Time To Hack Other Things
News  |  7/10/2012  | 
Charlie Miller reflects on how his NSA chops were a natural progression to Apple hacking, how hard hacking has become -- and his obsession with reality TV shows about stage moms
'Clonewise' Security Service Helps Identify Vulnerable Code
News  |  7/9/2012  | 
Researcher at Black Hat to demonstrate service that can help find vulnerable libraries built into larger bodies of code
Black Hat: Hacking iOS Applications Under The Spotlight
News  |  7/6/2012  | 
Security researcher Jonathan Zdziarski will demonstrate some of the techniques cybercrooks use in the wild, and what developers can do about them
Seemingly Insignificant SQL Injections Lead To Rooted Routers
News  |  7/5/2012  | 
Black Hat researcher to show how vulnerable databases with temporary router information can lead to root-level access of Netgear routers
Researchers Use Cloud To Clear Up Malware Evasion
News  |  7/3/2012  | 
An analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3035
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
CVE-2021-3036
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
CVE-2021-3037
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
CVE-2021-3038
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
CVE-2021-3506
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...