Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Black Hat posted in July 2013
NSA Director Faces Cybersecurity Community At Black Hat
News  |  7/31/2013  | 
Gen. Keith Alexander aims to set the record straight on controversial NSA spying programs, calling out how leaked surveillance programs helped derail specific terror plots
New Free Service Cracks Weak Passwords
News  |  7/31/2013  | 
Cloud-based tool released for password auditing
Microsoft Extends MAPP To Incident Responders And Offers Free Online URL, File Scanner
News  |  7/29/2013  | 
Microsoft Active Protections Program evolving to a protection, detection, and remediation program
Cheap Monitoring Highlights Dangers Of Internet Of Things
News  |  7/27/2013  | 
Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices
Moving Away From Rash Hashing Decisions
News  |  7/24/2013  | 
Black Hat talk will discuss shortcomings of the latest technical evolution of hashing passwords for safe storage in databases, propose a competition to design something better
Getting Physical At Black Hat
News  |  7/23/2013  | 
Researchers offer up work on breaking into buildings by hacking alarm key pad sensors and key card access control systems
SIM Card Hack A Wakeup Call
News  |  7/22/2013  | 
Crack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone
3 Briefings That Highlight Infosec's High-Stakes Game
News  |  7/19/2013  | 
Spectacular exploits and worrying implications await
'Hangover' Persists, More Mac Malware Found
News  |  7/18/2013  | 
Attackers behind the Operation Hangover cyberspying campaign out of India found dropping OS X malware, covering their tracks online
Researchers To Highlight Weaknesses In Secure Mobile Data Stores
News  |  7/18/2013  | 
At Black Hat USA, a team of mobile-security researchers plans to show off ways to circumvent the security of encrypted containers meant to protect data on mobile devices
Service, Denied
News  |  7/17/2013  | 
Black Hat USA 2013 has lined up three DDoS-related Briefings, covering the topic from multiple angles
'Tortilla' Spices Up Active Defense Ops
News  |  7/16/2013  | 
New free Tor tool, due out at Black Hat USA, aims to make the Tor anonymizing network easier to use for all types of intel-gathering
How Attackers Thwart Malware Investigation
News  |  7/11/2013  | 
A researcher at Black Hat USA this month will dissect a recent attack, showing off attackers' techniques for making malware analysis harder and intelligence gathering more time consuming
Commercial DDoS Services Proliferate, Are Responsible For Many Recent Attacks
Commentary  |  7/10/2013  | 
Customers can DDoS a website for as little as $10, Vigilant by Deloitte speaker will tell Black Hat audience
Preparing For Possible Future Crypto Attacks
News  |  7/10/2013  | 
Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure
New Techniques Obfuscate, Optimize SQL Injection Attacks
News  |  7/5/2013  | 
Black Hat researcher to demonstrate new methods for getting around defenses even more quickly to extract database data through SQLi


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...