Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Black Hat posted in July 2012
More Than Half Of Top 20 Fortune 500 Firms Infected With 'Gameover' Zeus Botnet
Quick Hits  |  7/31/2012  | 
Financial botnet has amassed some 680,000 bots
Hiding SAP Attacks In Plain Sight
News  |  7/31/2012  | 
Black Hat presenter uses test service and server-side request forgery to root SAP deployments
Web Browser Weaknesses Make Tracking Easy
News  |  7/27/2012  | 
Researcher kicks off effort to catalog all the ways that browsers and popular add-ons can be used to track users
JavaScript Botnet Sheds Light On Criminal Activity
News  |  7/27/2012  | 
A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals
More Than Half Of Major Banks Infected With Conficker, Zeus, Fake AV, Other Malware
Quick Hits  |  7/26/2012  | 
Most users infected with malware suffer reinfection
Apple Makes Black Hat Debut
News  |  7/26/2012  | 
But presentation by Apple security team member doesn't reveal any new security details or plans for iOS
Simplifying SQL Injection Detection
News  |  7/26/2012  | 
Black Hat researcher releases new lexical analysis tool that doesn't rely on regular expressions
Android Takeover With The Swipe Of A Smartphone
News  |  7/25/2012  | 
Security researcher discovers near-field communication (NFC) is a greenfield of security risks
Microsoft Adds BlueHat Prize Finalist's Technology To Its Free Toolkit
News  |  7/25/2012  | 
New security defense method may or may not end up the grand-prize winner of the contest
Impersonating Microsoft Exchange Servers To Manipulate Mobile Devices
News  |  7/25/2012  | 
Black Hat researcher demonstrates mobile man-in-the-middle proof-of-concept attack that allows for unauthorized remote wipes
Free Advanced Evasion Technique Tool Unleashed
News  |  7/25/2012  | 
'Evader' to demonstrate how attacks slip by popular network security devices
Black Hat Researcher Finds Holes In ARM, x86, Embedded Systems
News  |  7/24/2012  | 
Black Hat session aims to expose sometimes shocking vulnerabilities in widely used products
Black Hat Goes Back To The Future
News  |  7/24/2012  | 
Five speakers who spoke at the first Black Hat conference will appear together on a panel titled 'Smashing the Future for Fun and Profit' on Wednesday
Black Hat, BSides, Def Con: Defenders, Take Note
Commentary  |  7/24/2012  | 
Summer security conferences include defense-related topics on top of the usual offensive fare
Dark Reading, Black Hat Partner To Produce Daily Conference Newsletter
Quick Hits  |  7/24/2012  | 
Dark Reading newsletter subscribers, conference attendees will receive three days of Black Hat show coverage
DARPA-Funded Service Seeks Flaws In Smartphones
News  |  7/24/2012  | 
The brainchild of start-up Duo Security, the X-Ray service will let users know whether their smartphones have vulnerable systems software
Using Chip Malfunction To Leak Private Keys
News  |  7/23/2012  | 
Black Hat researcher shows attackers could manipulate Linux machines running Open SSL and RSA encryption to gain access to authentication encryption keys for spoofing
Black Hat: The Phishing Scare That Wasn't
Quick Hits  |  7/23/2012  | 
Email glitch causes concern among security pros attending major industry event, but ends with humor
Smart Grid Researcher Releases Open Source Meter-Hacking Tool
News  |  7/19/2012  | 
'Termineter' unleashed prior to presentations on smart meter security next week at BSides, Black Hat USA
Will Advanced Attackers Laugh At Your WAF?
News  |  7/17/2012  | 
Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses
'Waldo' Finds Ways To Abuse HTML5 WebSockets
News  |  7/17/2012  | 
Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic
Black Hat Researcher: Rethink And Refine Your IDS
News  |  7/13/2012  | 
Attackers routinely go unnoticed, both because intrusion detection systems are failing to do their jobs and because security teams need to rethink how they use them
Crimeware Developers Shift To More Obfuscation, Java Exploits
News  |  7/12/2012  | 
After making their code harder to reverse-engineer, exploit kits are now focusing on improving attacks
Stealing Documents Through Social Media Image-Sharing
News  |  7/11/2012  | 
Innocent-looking vacation pictures on Facebook could conceivably traffic exfiltrated documents, Black Hat researchers warn
Apple 'Ban' Gives Miller Time To Hack Other Things
News  |  7/10/2012  | 
Charlie Miller reflects on how his NSA chops were a natural progression to Apple hacking, how hard hacking has become -- and his obsession with reality TV shows about stage moms
'Clonewise' Security Service Helps Identify Vulnerable Code
News  |  7/9/2012  | 
Researcher at Black Hat to demonstrate service that can help find vulnerable libraries built into larger bodies of code
Black Hat: Hacking iOS Applications Under The Spotlight
News  |  7/6/2012  | 
Security researcher Jonathan Zdziarski will demonstrate some of the techniques cybercrooks use in the wild, and what developers can do about them
Seemingly Insignificant SQL Injections Lead To Rooted Routers
News  |  7/5/2012  | 
Black Hat researcher to show how vulnerable databases with temporary router information can lead to root-level access of Netgear routers
Researchers Use Cloud To Clear Up Malware Evasion
News  |  7/3/2012  | 
An analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware


More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22850
PUBLISHED: 2021-01-19
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
CVE-2021-22851
PUBLISHED: 2021-01-19
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
CVE-2021-22852
PUBLISHED: 2021-01-19
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.
CVE-2021-3178
PUBLISHED: 2021-01-19
** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to preven...
CVE-2021-3177
PUBLISHED: 2021-01-19
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf i...