Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Black Hat posted in July 2012
More Than Half Of Top 20 Fortune 500 Firms Infected With 'Gameover' Zeus Botnet
Quick Hits  |  7/31/2012  | 
Financial botnet has amassed some 680,000 bots
Hiding SAP Attacks In Plain Sight
News  |  7/31/2012  | 
Black Hat presenter uses test service and server-side request forgery to root SAP deployments
Web Browser Weaknesses Make Tracking Easy
News  |  7/27/2012  | 
Researcher kicks off effort to catalog all the ways that browsers and popular add-ons can be used to track users
JavaScript Botnet Sheds Light On Criminal Activity
News  |  7/27/2012  | 
A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals
More Than Half Of Major Banks Infected With Conficker, Zeus, Fake AV, Other Malware
Quick Hits  |  7/26/2012  | 
Most users infected with malware suffer reinfection
Apple Makes Black Hat Debut
News  |  7/26/2012  | 
But presentation by Apple security team member doesn't reveal any new security details or plans for iOS
Simplifying SQL Injection Detection
News  |  7/26/2012  | 
Black Hat researcher releases new lexical analysis tool that doesn't rely on regular expressions
Android Takeover With The Swipe Of A Smartphone
News  |  7/25/2012  | 
Security researcher discovers near-field communication (NFC) is a greenfield of security risks
Microsoft Adds BlueHat Prize Finalist's Technology To Its Free Toolkit
News  |  7/25/2012  | 
New security defense method may or may not end up the grand-prize winner of the contest
Impersonating Microsoft Exchange Servers To Manipulate Mobile Devices
News  |  7/25/2012  | 
Black Hat researcher demonstrates mobile man-in-the-middle proof-of-concept attack that allows for unauthorized remote wipes
Free Advanced Evasion Technique Tool Unleashed
News  |  7/25/2012  | 
'Evader' to demonstrate how attacks slip by popular network security devices
Black Hat Researcher Finds Holes In ARM, x86, Embedded Systems
News  |  7/24/2012  | 
Black Hat session aims to expose sometimes shocking vulnerabilities in widely used products
Black Hat Goes Back To The Future
News  |  7/24/2012  | 
Five speakers who spoke at the first Black Hat conference will appear together on a panel titled 'Smashing the Future for Fun and Profit' on Wednesday
Black Hat, BSides, Def Con: Defenders, Take Note
Commentary  |  7/24/2012  | 
Summer security conferences include defense-related topics on top of the usual offensive fare
Dark Reading, Black Hat Partner To Produce Daily Conference Newsletter
Quick Hits  |  7/24/2012  | 
Dark Reading newsletter subscribers, conference attendees will receive three days of Black Hat show coverage
DARPA-Funded Service Seeks Flaws In Smartphones
News  |  7/24/2012  | 
The brainchild of start-up Duo Security, the X-Ray service will let users know whether their smartphones have vulnerable systems software
Using Chip Malfunction To Leak Private Keys
News  |  7/23/2012  | 
Black Hat researcher shows attackers could manipulate Linux machines running Open SSL and RSA encryption to gain access to authentication encryption keys for spoofing
Black Hat: The Phishing Scare That Wasn't
Quick Hits  |  7/23/2012  | 
Email glitch causes concern among security pros attending major industry event, but ends with humor
Smart Grid Researcher Releases Open Source Meter-Hacking Tool
News  |  7/19/2012  | 
'Termineter' unleashed prior to presentations on smart meter security next week at BSides, Black Hat USA
Will Advanced Attackers Laugh At Your WAF?
News  |  7/17/2012  | 
Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses
'Waldo' Finds Ways To Abuse HTML5 WebSockets
News  |  7/17/2012  | 
Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic
Black Hat Researcher: Rethink And Refine Your IDS
News  |  7/13/2012  | 
Attackers routinely go unnoticed, both because intrusion detection systems are failing to do their jobs and because security teams need to rethink how they use them
Crimeware Developers Shift To More Obfuscation, Java Exploits
News  |  7/12/2012  | 
After making their code harder to reverse-engineer, exploit kits are now focusing on improving attacks
Stealing Documents Through Social Media Image-Sharing
News  |  7/11/2012  | 
Innocent-looking vacation pictures on Facebook could conceivably traffic exfiltrated documents, Black Hat researchers warn
Apple 'Ban' Gives Miller Time To Hack Other Things
News  |  7/10/2012  | 
Charlie Miller reflects on how his NSA chops were a natural progression to Apple hacking, how hard hacking has become -- and his obsession with reality TV shows about stage moms
'Clonewise' Security Service Helps Identify Vulnerable Code
News  |  7/9/2012  | 
Researcher at Black Hat to demonstrate service that can help find vulnerable libraries built into larger bodies of code
Black Hat: Hacking iOS Applications Under The Spotlight
News  |  7/6/2012  | 
Security researcher Jonathan Zdziarski will demonstrate some of the techniques cybercrooks use in the wild, and what developers can do about them
Seemingly Insignificant SQL Injections Lead To Rooted Routers
News  |  7/5/2012  | 
Black Hat researcher to show how vulnerable databases with temporary router information can lead to root-level access of Netgear routers
Researchers Use Cloud To Clear Up Malware Evasion
News  |  7/3/2012  | 
An analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.