Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Black Hat posted in July 2015
Researchers Steal Door Badge Credentials Using Smartphone Bluetooth
News  |  7/28/2015  | 
Weakness in facility access control protocol leaves most badge-in systems open to attack.
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
News  |  7/27/2015  | 
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Quick Hits  |  7/24/2015  | 
National Highway Traffic Safety Administration will be watching to see if it works.
Car Hacking Shifts Into High Gear
News  |  7/23/2015  | 
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
Emerging Web Infrastructure Threats
Slideshows  |  7/23/2015  | 
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
Researchers Enlist Machine Learning In Malware Detection
News  |  7/22/2015  | 
No sandbox required for schooling software to speedily spot malware, researchers will demonstrate at Black Hat USA.
10 Trends In Infosec Careers And Staffing
Slideshows  |  7/16/2015  | 
Employment stable for job-seekers, but staffing gaps persist for employers who need better security teams to counter threats
Researchers To Offer Free BGP Security Alert Tool Via Twitter
News  |  7/15/2015  | 
New tool to be unveiled at Black Hat USA next month will tweet out route hijacking attacks on the Net.
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
News  |  7/15/2015  | 
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
Most Ransomware's Not So Bad
News  |  7/14/2015  | 
Although some ransomware is getting smarter and scarier, most of it is pretty dumb, as one researcher will show at Black Hat.
Internet Of Things Hacking Village Debuts At DEF CON
News  |  7/13/2015  | 
Apple network storage, Fitbit, a fridge, blood pressure monitor and a HappyCow toy are all fair game in the IoT hacking Village network.
Black Hat For Beginners: 4 Tips
Commentary  |  7/10/2015  | 
What happens in Vegas stays in Vegas. But for newbies, these helpful hints will make sure you get the most out of the Black Hat USA experience.
Creating Your Own Threat Intel Through Hunting & Visualization
Commentary  |  7/9/2015  | 
How security analysts armed with a visual interface can use data science to find hidden attacks and the unknown unknowns.
Hacking Team 0-Day Shows Widespread Dangers Of All Offense, No Defense
News  |  7/8/2015  | 
While the Italian surveillance company sells government agencies high-end zero-day proof-of-concept exploits, it secures root systems with the password 'P4ssword.' What's vulnerability commoditization got to do with it?
6 Emerging Android Threats
Slideshows  |  7/7/2015  | 
A peek at some of the Android vulnerabilities and malware that will be revealed at Black Hat USA next month.
Underwriters Laboratories To Launch Cyber Security Certification Program
News  |  7/6/2015  | 
Meanwhile, UL is also in discussion with the White House on its plans to foster standards for Internet of Things security.
Italian Surveillance Software Maker Falls Victim To Doxing Attack
News  |  7/6/2015  | 
Milan-based Hacking Team tells customers to stop using its products after leaked documents reveal the product's source code and the company's history of selling to governments with records of human rights abuses.
IoT Flaw Discoveries Not Impactful--Yet
News  |  7/6/2015  | 
As flaws announced at Black Hat USA and elsewhere highlight IoT weaknesses, the impact of these vulns still remains low in the face of vast distribution. But that could change with market consolidation.
Smart Cities' 4 Biggest Security Challenges
News  |  7/1/2015  | 
The messiness of politics and the vulnerability of the Internet of Things in one big, unwieldy package.
Why We Need In-depth SAP Security Training
Commentary  |  7/1/2015  | 
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...