Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Black Hat posted in August 2013
Can We End CSRF With Header-Based Browser Policies?
News  |  8/13/2013  | 
Newly proposed Storage Origin Security (SOS) policy presented at Black Hat could offer a simpler way to combat cross-site request forgery
Attackers' Toolbox Makes Malware Detection More Difficult
News  |  8/12/2013  | 
From virtual-machine detection to taking a 30-minute nap, the array of techniques used by attackers to stymie malware analysis is growing
A New Framework For Detecting Advanced Rootkits
News  |  8/9/2013  | 
Last week the security community gained another way to help secure endpoints as researchers released a new framework meant to root out rootkits in UEFI
Black Hat: The Problems Don't Change, But The Solutions Have
Commentary  |  8/9/2013  | 
An increase in attacker capabilities has drawn an innovative response from industry, and emerging research promises more to come
Maltego Gets More 'Teeth'
News  |  8/9/2013  | 
New features in Maltego, an open-source intelligence tool for defenders, allow penetration testers and attackers to gather data on vulnerable systems and manage botnets
Timing Attacks On Browsers Leak Sensitive Information
News  |  8/8/2013  | 
Variations in the redraw times of graphical elements could allow an attacker to see sites a user has visited, sensitive information
Medical-Device Flaws Will Take Time To Heal
News  |  8/7/2013  | 
Manufacturers are slow to patch up security issues, despite increasing pressure from patients, researchers and federal agencies
Slide Show: The Sights Of Black Hat
Slideshows  |  8/6/2013  | 
A photo recap of a week of research, crowds and parties at Black Hat USA 2013
Black Hat: Lessons For SMBs From The Dark Side Of Security
News  |  8/6/2013  | 
Issues affecting large enterprises are the bread and butter of Black Hat, but even smaller firms have something to learn
Black Hat: Moving Security Outside The Lines
Commentary  |  8/5/2013  | 
Enterprises clearly define security's responsibilities; attackers don't. It's time to think more like the attacker
Cutting Through The Mystique Of Testing The Mainframe
News  |  8/3/2013  | 
Mainframes are not enterprise dinosaurs -- they're modern systems running mission-critical data that must be scrutinized as much as any other part of the IT infrastructure
Water-Utility Honeynet Illuminates Real-World SCADA Threats
News  |  8/2/2013  | 
After a researcher constructs a fake water-utility network and puts it online, attackers quickly target the systems
Too Smart For Their Own Good: Attacking Smart TVs
News  |  8/2/2013  | 
Black Hat researchers show how the watchers can become the watched through smart TV attack techniques
SCADA Experts Simulate 'Catastrophic' Attack
News  |  8/1/2013  | 
Lack of security in remote oil drilling stations and other similar environments vulnerable to rudimentary but potentially disastrous attacks
'Comfoo' APT Cyberespionage Campaign Exposed
Quick Hits  |  8/1/2013  | 
Trojan used in the breach of RSA in 2010 remains active and prolific in targeted attacks
iOS Weaknesses Allow Attacks Via Trojan Chargers
News  |  8/1/2013  | 
Using weaknesses in Apple's flagship operating system, a simple computer disguised as a charging station can pair with, and then install malware on, any iPhone or iPad that connects to it
Creating Browser-Based Botnets Through Online Ad Networks
News  |  8/1/2013  | 
Researchers demonstrate how ads invoking JavaScript on viewers' browsers en masse could create untraceable networks to wreak DDoS damage


More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20619
PUBLISHED: 2021-01-19
Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2020-29450
PUBLISHED: 2021-01-19
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.
CVE-2020-36192
PUBLISHED: 2021-01-18
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php p...
CVE-2020-36193
PUBLISHED: 2021-01-18
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.