Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/1/2014
02:00 PM
Marilyn Cohodas
Marilyn Cohodas
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

LIVE From Las Vegas: Dark Reading Radio at Black Hat

If you can't physically be at Black Hat USA 2014, Dark Reading offers a virtual alternative where you can engage with presenters and attendees about hot show topics and trends.

Over the last few weeks Dark Reading editors have peppered you with stories about the glories of Black Hat past and sneak previews of what's to come when security professionals from around the globe convene for the 17th annual Black Hat USA 2014.

Can't make the trip? Not to worry. Dark Reading has a created a virtual alternative. We've commandeered space at the Mandalay Bay for a temporary radio studio where we will broadcast four live episodes of Dark Reading complete with audio interviews and live text chats with our guests.

Here's the schedule, so be sure to bookmark the date and time:

Wednesday, August 6
The State of Cloud Security, 1:00 p.m. ET (10:00 a.m. PT)

Our guest, Jim Reavis, co-founder and executive director of the Cloud Security Alliance, will preview the latest CSA research report on the current state of global cloud adoption, security barriers in the cloud, and offer some predictions on the direction of the cloud market based on his interactions with global enterprises.

Jim is the President of Reavis Consulting Group LLC, where he advises organizations on how to take advantage of the latest security trends. He has served as an international board member of the Information Systems Security Association and was co-founder of the Alliance for Enterprise Security Risk Management.

Airport Security: Can A Weapon Get Past TSA? 8:00 p.m. ET (5:00 p.m. PT)
Join us as for a recap of Billy Rios's Black Hat presentation on how a variety of airport security systems actually work, and where their weaknesses are. We'll discuss modern airport security procedures, how these devices are used to detect threats, and findings about some bugs he's discovered.

Billy studies emerging threats with a focus on embedded devices, Industrial Control Systems (ICS), and Critical Infrastructure (CI). Before Qualys, Billy was a technical lead at Google where he led the frontline response for externally reported security issues and incidents. Prior to Google, he was the security program manager at Internet Explorer (Microsoft). During his time at Microsoft, Billy led the company's response for several high-profile incidents, including the response for Operation Aurora. Before Microsoft, he worked as a penetration tester, an intrusion detection analyst, and served as an active duty Marine Corps Officer.

Thursday, August 7
Military Strategies & Cyber Security 1:00 p.m. ET (10:00 a.m. PT)
Just as one should never bring a knife to a gun fight, a network defender should not rely on tired maxims such as "perimeter defense" and "defense in depth." Today's adversaries are well past that. Tom Cross, director of security research at Lancope will share the highlights of his Black Hat talk, "The Library of Sparta," the playbook nation-state adversaries are using to target and attack your organizations, and the new approaches you must use to defeat them.

Tom works on advancing the state-of-the-art in network behavioral anomaly detection with netflow. He has over a decade of experience as a computer security researcher and thought leader. He is credited with discovering a number of critical security vulnerabilities in enterprise-class software and has published papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He was previously manager of X-Force Research at IBM Internet Security Systems. He has spoken at numerous security conferences, including Black Hat, DEF CON, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides.

Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT)
Every Android application has its own unique identity, typically inherited from the corporate developer's identity. The Bluebox Security research team recently discovered a new vulnerability in Android, which allows these identities to be copied and used for nefarious purposes. Fresh from his Black Hat presentation, Jeff Forristal will walk through the technical root cause of this responsibly disclosed vulnerability and explain why it's a problem and how an attacker could create an exploit for it.

Jeff is a security technology professional with over a decade of experience in the security industry. He has written multiple features and cover-story articles for Network Computing and Secure Enterprise magazines; he is also a contributing author to multiple books. Under the pseudonym "Rain Forest Puppy," Jeff has been recognized as an industry expert in web application security and was responsible for the first publicized responsible security disclosure policy (2000), the first publicized recognition of SQL injection (Phrack, 1998), and the first intelligent open source web application scanner (Whisker, 1999).

If you can't make the live session, you can revisit the broadcast from our Dark Reading Radio archives. We'll also be prerecording a number of Black Hat speaker interviews from the show, which we will rebroadcast with accompanying live text chats in the coming weeks. So stay tuned!

As always, if you have any questions or comments about the upcoming Dark Reading Radio @Black Hat shows, please post them in the comments and we will bring them to the broadcasts in Las Vegas.

Marilyn has been covering technology for business, government, and consumer audiences for over 20 years. Prior to joining UBM, Marilyn worked for nine years as editorial director at TechTarget Inc., where she launched six Websites for IT managers and administrators supporting ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/7/2014 | 3:10:45 PM
Re: Don't Miss Thursday's Dark Reading Radio @ Black Hat
Next up today --  Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT) with Jeff Forristal  of Blue Box Security.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/7/2014 | 7:27:07 AM
Don't Miss Thursday's Dark Reading Radio @ Black Hat
We've already had two great radio shows at Black Hat so far this week. So don't miss our upcoming broadcasts today: 

Military Strategies & Cyber Security 1:00 p.m. ET (10:00 a.m. PT) with Tom Cross,director of security research at Lancope.

Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT) with Jeff Forristal  of Blue Box Security.

And maybe some surprise guests....
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
Ericka Chickowski, Contributing Writer,  12/2/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19647
PUBLISHED: 2019-12-09
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2019-19648
PUBLISHED: 2019-12-09
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.