Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/23/2010
04:56 PM
50%
50%

Black Hat USA 2010: Complete Coverage

A round-up of articles leading up to and live coverage from Black Hat USA 2010, July 24 to 29, Las Vegas

>> Building Botnets For Fun And Profit
Creating a botnet business can be lucrative -- and isn't as hard as you might think, Black Hat speaker says

>> Ghost In The Machine: Database Weaknesses Expose SAP Deployments
Attacker can create a nearly undetectable user account in SAP once he gains unauthorized access, Black Hat USA researcher says

>> Researcher Reads RFID Tag From Hundreds Of Feet Away
Demonstration raises privacy and security concerns with RFID EPC Class 1 Generation 2 used in some passport cards, inventory tags, and driver's licenses

>> Metasploit To Get More Powerful Web Attack Features
Rapid7 sponsors open-source w3af Web assessment and exploit project

>> Design Flaws Make All Browsers Vulnerable, Black Hat Speaker Says
In series of hacks, researcher demonstrates inherent flaws in currently used browsers

>> Most SSL Sites Poorly Configured
Half of all SSL servers run older, insecure version of SSL; attacks against HTTPS browser sessions detailed at Black Hat

>> Former NSA, CIA Director Says Intelligence-Gathering Isn't Cyberwar
Efforts to crack U.S. cyberdefenses are standard operating procedure, Hayden tells Black Hat audience

>> New Tool Allows Websites To Keep Serving Pages After Infection
"Mod_antimalware" strips out malware instead of blocking infected pages, Black Hat presenter says

>> Adobe Joins Microsoft's Advance-Alert Program For Security Vendors
Microsoft's MAPP program will now include advance information on Adobe product vulnerabilities

>> Malware Authors Leave Their Fingerprints On Their Work, Black Hat Researcher Says
Careful study of malware can help experts recognize its source and protect against it

>> ATMs At Risk, Researcher Warns At Black Hat
Barnaby Jack demonstrates remote and local exploits that work on popular bank machines

>> Researcher Exposes Massive Automated Check Counterfeiting Operation Out of Russia
'Big Boss' operation used VPN-tunneling botnet, Zeus Trojan, database-hacking, and money mules to help print and cash phony checks

>> 'App Genome Project' Exposes Potential Smartphone Risks
Researchers from Lookout will present their findings thus far in study of freebie Android, iPhone apps

>> Security Pros Feel Underpaid, But In Some Cases Would Take A Pay Cut
New survey shows value IT security professionals place on job security, training, quality of life; authors to discuss career issues at Black Hat

>> Researcher Says Home Routers Are Vulnerable
Black Hat presentation will demonstrate hacks that could work on many existing routers

>> Researcher 'Fingerprints' The Bad Guys Behind The Malware
Black Hat USA researcher will demonstrate how to find clues to help ID actual attackers, plans to release free fingerprinting tool

>> 'Robin Sage' Profile Duped Military Intelligence, IT Security Pros
Social networking experiment of phony female military intelligence profile fooled even the most security-savvy on LinkedIn, Facebook, Twitter -- and also led to the leakage of sensitive military information

>> 'BlindElephant' To ID Outdated Or Unknown Web Apps, Plug-Ins
New freebie tool fingerprints out-of-date apps

>> SAP, Other ERP Applications At Risk Of Targeted Attacks
Black Hat Europe researcher demonstrates techniques for inserting 'backdoors' into popular enterprise resource planning apps that aren't properly secured

>> New Hack Pinpoints Cell Phone User's Location, Personal And Business Relationships
Researchers demonstrate a technique that exploits the cell phone infrastructure to compromise cell user's privacy

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16695
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
CVE-2019-16696
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
CVE-2018-21018
PUBLISHED: 2019-09-22
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
CVE-2019-16692
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
CVE-2019-16693
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.