Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:59 PM

Black Hat USA 2012: Complete Coverage

A round-up of articles leading up to and live coverage from Black Hat USA 2012, July 21-26, Las Vegas

>> Slide Show: Memorable Moments From Black Hat 2012
A look at some of the demos, hacks, awards, and parties at this year's Black Hat USA 2012 convention

>> Top 3 HTML5 Vulnerability Risk Categories
Forrester urges HTML5 adoption, but security researchers say secure coding should be in place from the start

>> Study: Phishing Messages Elude Filters, Frequently Hit Untrained Users
Many users don't know how to respond to fraudulent email, according to survey of Black Hat attendees

>> Slide Show: 11 Security Sights Seen Only At Black Hat
Who says fun, sun, malware, and penetration testing don't mix? This year's Black Hat conference in Las Vegas offered information security training, hardware hacking, pool time, and more

>> Study: Phishing Messages Elude Filters, Frequently Hit Untrained Users
Many users don't know how to respond to fraudulent email, according to survey of Black Hat attendees

>> Tech Insight: Offensive Countermeasures Help Defenders Fight Back
Defenders desperate to prevent attacks have begun taking measures to fight back against the attackers

>> Don't Become Cats Chasing Mobile Security Laser Pointers
Mobile security threats may pose some risks, but do a risk analysis on the entire situation before diverting funds to fundamental security activities

>> Scope Of APTs More Widespread Than Thought
Researcher uncovers hundreds of different custom malware families used by cyberspies -- and discovers an Asian security company conducting cyberespionage

>> Hacking Oracle Database Indexes
Database indexes the new "low-hanging" fruit for database vulnerabilities

>> Black Hat: Researcher Demonstrates Hardware Backdoor
One security professional shows off techniques for backdooring computer hardware to allow a compromise to better hide and be more persistent

>> More Than Half Of Top 20 Fortune 500 Firms Infected With 'Gameover' Zeus Botnet
Financial botnet has amassed some 680,000 bots

>> Hiding SAP Attacks In Plain Sight
Black Hat presenter uses test service and server-side request forgery to root SAP deployments

>> Web Browser Weaknesses Make Tracking Easy
Researcher kicks off effort to catalog all the ways that browsers and popular add-ons can be used to track users

>> Strike Back At Hackers? Get A Lawyer
Don't risk legal troubles. Get advice before taking the offensive against cybercriminals, military security expert says at Black Hat

>> Mass Router Infection Possible: Black Hat
Black Hat presenters detail how an HTML5-compliant browser could deliver malicious firmware, bring network-connected hardware under attackers' control

>> JavaScript Botnet Sheds Light On Criminal Activity
A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals

>> More Than Half Of Major Banks Infected With Conficker, Zeus, Fake AV, Other Malware
Most users infected with malware suffer reinfection

>> Apple Makes Black Hat Debut
But presentation by Apple security team member doesn't reveal any new security details or plans for iOS

>> Black Hat Attendees Expect Changes At Symantec Following Salem's Departure
General consensus is that the Cupertino, Calif.-based company now stands at a crossroads

>> FAA's New Flight Control System Has Security Holes: Researcher
At the Black Hat conference, a computer scientist demonstrates how 'fake airplanes' can be inserted into FAA's upcoming air traffic control system

>> Simplifying SQL Injection Detection
Black Hat researcher releases new lexical analysis tool that doesn't rely on regular expressions

>> Android Takeover With The Swipe Of A Smartphone
Security researcher discovers near-field communication (NFC) is a greenfield of security risks

>> Black Hat: 6 Lessons To Tighten Enterprise Security
Opening the Black Hat conference, former FBI executive assistant director says businesses can learn from how the FBI now fights terrorists

>> Microsoft Adds BlueHat Prize Finalist's Technology To Its Free Toolkit
New security defense method may or may not end up the grand-prize winner of the contest

>> Impersonating Microsoft Exchange Servers To Manipulate Mobile Devices
Black Hat researcher demonstrates mobile man-in-the-middle proof-of-concept attack that allows for unauthorized remote wipes

>> Free Advanced Evasion Technique Tool Unleashed
'Evader' to demonstrate how attacks slip by popular network security devices

>> Black Hat, BSides, Def Con: Defenders Take Note
Summer security conferences include defense-related topics on top of the usual offensive fare

>> Black Hat Goes Back To The Future
Five speakers who spoke at the first Black Hat conference will appear together on a panel titled 'Smashing the Future for Fun and Profit' on Wednesday

>> Black Hat Researcher Finds Holes In ARM, x86, Embedded Systems
Black Hat session aims to expose sometimes shocking vulnerabilities in widely used products

>> Dark Reading, Black Hat Partner To Produce Daily Conference Newsletter
Dark Reading newsletter subscribers, conference attendees will receive three days of Black Hat show coverage

>> DARPA-Funded Service Seeks Flaws In Smartphones
The brainchild of start-up Duo Security, the X-Ray service will let users know if their smartphone has vulnerable systems software

>> Using Chip Malfunction To Leak Private Keys
Black Hat researcher shows attackers could manipulate Linux machines running Open SSL and RSA authentication to gain access to encryption keys for spoofing

>> Black Hat: The Phishing Scare That Wasn't
Email glitch causes concern among security pros attending major industry event, but ends with humor

>> Smart Grid Researcher Releases Open Source Meter-Hacking Tool
'Termineter' unleashed prior to presentations on smart meter security next week at BSides, Black Hat USA

>> Black Hat Marks 15th Anniversary By Bringing Back Experts Who Presented 15 Years Ago
Black Hat "futurist panel" brings together these industry veterans to discuss today's cutting-edge research and emergent technologies

>> Will Advanced Attackers Laugh At Your WAF?
Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses

>> 'Waldo' Finds Ways To Abuse HTML5 WebSockets
Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic

>> Black Hat Researcher: Rethink And Refine Your IDS
Attackers routinely go unnoticed, both because intrusion detection systems are failing to do their job and because security teams need to rethink how they use them

>> Crimeware Developers Shift To More Obfuscation, Java Exploits
After making their code harder to reverse-engineer, exploit kits are now focusing on improving attacks

>> Stealing Documents Through Social Media Image-Sharing
Innocent-looking vacation pictures on Facebook could conceivably traffic exfiltrated documents, Black Hat researchers warn

>> Apple 'Ban' Gives Miller Time To Hack Other Things
Charlie Miller reflects on how his NSA chops were a natural progression to Apple hacking, how hard hacking has become -- and his obsession with reality TV shows about stage moms

>> 'Clonewise' Security Service Helps Identify Vulnerable Code
Researcher at Black Hat to demonstrate service that can help find vulnerable libraries built into larger bodies of code

>> Black Hat: Hacking iOS Applications Under The Spotlight
Security researcher Jonathan Zdziarski will demonstrate some of the techniques cybercrooks use in the wild, and what developers can do about them

>> Seemingly Insignificant SQL Injections Lead To Rooted Routers
Black Hat researcher to show how vulnerable databases with temporary router information can lead to root-level access of Netgear routers

>> Researchers Use Cloud To Clear Up Malware Evasion
An analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware

>> Black Hat: Developer Aims To Make Attack Recovery More Intelligent
One company uses threat information, virtualization and analysis to build a better way to disinfect compromised systems

>> PIN Pads Put Millions At Risk, Researchers Say
Payment terminals handled more than 852 million card payments in the U.K. alone in April 2012

>> New Forensics Method May Nab Insider Thieves
Black Hat presentation features a new methodology that has already produced real-world results

>> Researchers Beat Up Google's Bouncer
The gatekeeper for the Android app store has major growing pains ahead, as security researchers find ways to bypass it

>> Broader Digital Landscape Means More Places To Hide
With IPv6, a deluge of new top-level domains, and DNSSEC all coming, the Internet will become a much bigger place. Defenses that worked in the past won't work in the future

>> Advanced JavaScript Attack Threatens SOHO Routers
Using JavaScript and cross-site request forgery, two researchers plan to show it's possible to attack routers leveraging computers on the internal network

>> Black Hat Releases Complete Event Schedule
Among the news breaking will be 36 tools, 17 0-days, and 49 live on-stage demonstrations

>> Malware 'Licensing' Could Stymie Automated Analysis
The use of encryption and digital-rights management techniques by the authors of malicious code could make automated analysis of malware take longer and require human intervention more often

>> Security Teams Need Better Intel, More Offense
Adversaries go through five steps to prepare and execute an attack, but defenders only react to the last two steps. It's time for defenders to add intelligence gathering, counterintel, and even offense to the game, security experts say

>> Black Hat Expands Content Review Board
Chris Rohlf and Chris Wysopal join board

>> Register For Black Hat 2012 Here

>> Black Hat USA 2011: Complete Coverage

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-30
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://v...
PUBLISHED: 2020-10-30
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vu...
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the targ...
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privi...
PUBLISHED: 2020-10-29
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s pass...