Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/27/2013
08:48 PM
50%
50%

Black Hat USA 2013: Complete Coverage

Articles leading up to, live coverage from, and post-event analysis of Black Hat USA 2013, July 27 - Aug. 1

>> Can We End CSRF With Header-Based Browser Policies?
Newly proposed Storage Origin Security (SOS) policy presented at Black Hat could offer a simpler way to combat cross-site request forgery

>> Attackers' Toolbox Makes Malware Detection More Difficult
From virtual-machine detection to taking a 30-minute nap, the array of techniques used by attackers to stymie malware analysis is growing

>> A New Framework For Detecting Advanced Rootkits
Last week the security community gained another way to help secure endpoints as researchers released a new framework meant to root out rootkits in UEFI

>> Black Hat: The Problems Don't Change, But The Solutions Have (Blog)
An increase in attacker capabilities has drawn an innovative response from industry, and emerging research promises more to come

>> Maltego Gets More 'Teeth'
New features in Maltego, an open-source intelligence tool for defenders, allow penetration testers and attackers to gather data on vulnerable systems and manage botnets

>> Timing Attacks On Browsers Leak Sensitive Information
Variations in the redraw times of graphical elements could allow an attacker to see sites a user has visited, sensitive information

>> Black Hat: Moving Security Outside The Lines (Blog)
Enterprises clearly define security's responsibilities; attackers don't. It's time to think more like the attacker

>> Medical-Device Flaws Will Take Time To Heal
Manufacturers are slow to patch up security issues, despite increasing pressure from patients, researchers and federal agencies

>> Slide Show: The Sights Of Black Hat
A photo recap of a week of research, crowds and parties at Black Hat USA 2013

>> Black Hat: Lessons For SMBs From The Dark Side Of Security
Issues affecting large enterprises are the bread and butter of Black Hat, but even smaller firms have something to learn

>> Cutting Through The Mystique Of Testing The Mainframe
Mainframes are not enterprise dinosaurs -- they're modern systems running mission critical data that must be scrutinized as much as any other part of the IT infrastructure

>> Water-Utility Honeynet Illuminates Real-World SCADA Threats
After a researcher constructs a fake water-utility network and puts it online, attackers quickly target the systems

>> Too Smart For Their Own Good: Attacking Smart TVs
Black Hat researchers show how the watchers can become the watched through smart TV attack techniques

>> SCADA Experts Simulate 'Catastrophic' Attack
Lack of security in remote oil drilling stations and other similar environments vulnerable to rudimentary but potentially disastrous attacks

>> 'Comfoo' APT Cyberespionage Campaign Exposed
Trojan used in the breach of RSA in 2010 remains active and prolific in targeted attacks

>> iOS Weaknesses Allow Compromise Via Trojan Chargers
Using weaknesses in Apple's flagship operating system, a simple computer disguised as a charging station can pair with, and then install malware on, any iPhone or iPad that connects to it

>> Creating Browser-Based Botnets Through Online Ad Networks
Researchers demonstrate how ads invoking JavaScript on viewers' browsers en masse could create untraceable networks to wreak DDoS damage

>> NSA Director Faces Cybersecurity Community At Black Hat
Gen. Keith Alexander aims to set the record straight on controversial NSA spying programs, calling out how leaked surveillance programs helped derail specific terror plots

>> New Free Service Cracks Weak Passwords
Cloud-based tool released for password auditing

>> Microsoft Extends MAPP To Incident Responders And Offers Free Online URL, File Scanner
Microsoft Active Protections Program evolving to a protection, detection, and remediation program

>> Cheap Monitoring Highlights Dangers Of Internet Of Things
Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices

>> Moving Away From Rash Hashing Decisions
Black Hat talk will discuss shortcomings of the latest technical evolution of hashing passwords for safe storage in databases, propose a competition to design something better

>> Getting Physical At Black Hat
Researchers offer up work on breaking into buildings by hacking alarm key pad sensors and key card access control systems

>> SIM Card Hack A Wakeup Call
Crack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone

>> 3 Briefings That Highlight Infosec's High-Stakes Game
Spectacular exploits and worrying implications await

>> 'Hangover' Persists, More Mac Malware Found
Attackers behind the Operation Hangover cyberspying campaign out of India found dropping OS X malware, covering their tracks online

>> Researchers To Highlight Weaknesses In Secure Mobile Data Stores
At Black Hat USA, a team of mobile-security researchers plans to show off ways to circumvent the security of encrypted containers meant to protect data on mobile devices

>> Service, Denied
Black Hat USA 2013 has lined up three DDoS-related Briefings, covering the topic from multiple angles

>> 'Tortilla' Spices Up Active Defense Ops
New free Tor tool due out at Black Hat USA aims to make the Tor anonymizing network easier to use for all types of intel-gathering

>> How Attackers Thwart Malware Investigation
A researcher at Black Hat USA this month will dissect a recent attack, showing off attackers' techniques for making malware analysis harder and intelligence gathering more time consuming

>> Commercial DDoS Services Proliferate, Are Responsible For Many Recent Attacks
Customers can DDoS a website for as little as $10, Vigilant by Deloitte speaker will tell Black Hat audience

>> Preparing For Possible Future Crypto Attacks
Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure

>> New Techniques Obfuscate, Optimize SQL Injection Attacks
Black Hat researcher to demonstrate new methods for getting around defenses even more quickly to extract database data through SQLi

>> HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft
Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds

>> Machine-Learning Project Sifts Through Big Security Data
As the volume of data created by security and network devices multiplies, researchers look for ways to teach computer to better highlight attack patterns

>> 3 Stupid Corporation Tricks
With exactly one month to go before the start of Black Hat USA 2013, we highlight a trio of Briefings that focus on data security in corporate environments.

>> Black Hat Releases Official Schedule
With 110 unique Briefings and workshops, Black Hat USA boasts nearly 94 hours of high-intensity research and vulnerability disclosure

>> 'BinaryPig' Uses Hadoop To Sniff Out Patterns In Malware
At Black Hat next month, researchers will release new set of big-data tools that can find patterns in the data among security firms' massive databases of malware

>> Researcher To Demo Spy-Phone At Black Hat
Using the ability to inject malicious code into applications on Android devices, a researcher will demonstrate at Black Hat how to create the infrastructure to spy on mobile users

>> Vulnerability Severity Scores Make For Poor Patching Priority, Researchers Find
A bug's Common Vulnerability Scoring System (CVSS) score doesn't necessarily correlate with whether the vulnerability is being used in attacks

>> Black Hat USA: T-Minus One Month And Counting
This highlighted trio of Briefings range widely in topic, yet they all sport that certain cool factor

>> Microsoft Establishes Rewards Programs For Windows 8.1, Internet Explorer 11 Preview Security Bugs
Microsoft is launching new programs to get its hands on cutting-edge exploits developed by researchers

>> Researcher To Open-Source Tools For Finding Odd Authentication Behavior
Rather than watching for communications between infected systems and command-and-control servers, companies can detect stealthy malware when it attempts to spread

>> Black Hat USA 2013 Reveals Turbo Talks On Top Topics
High-speed sessions will focus on content from almost every corner of security space

>> Don't Take Vulnerability Counts At Face Value
With flaw tallies varying by up to 75 percent, vulnerability data needs to be taken with a grain of salt, yet reports based on the data fail to include caveats, Black Hat presenters say

>> Cyberespionage Operators Work In Groups, Process Enormous Data Workloads
A group of Taiwanese researchers peer into the operations center of a group behind one large espionage campaign

>> Black Hat USA 2013 Showcases NAND, Windows 8 Secure Boot Hacking Talks
Organizers confirm another trio of Briefings from the show

>> Black Hat USA Reminds Early Reg Deadline For July Show Ends Friday
Organizers are expecting at least 6,500 security industry professionals at the exclusive gathering

>> Black Hat 2013 Goes Mobile With Reveals As Reg Deadline Approaches
Lectures delve deep into technical specifics regarding exploits and rootkits

>> Getting A Jump On Black Hat USA
Dark Reading initiates early coverage on July Black Hat USA event, launches dedicated news page

>> Myth-Busting SQL- And Other Injection Attacks
Black Hat injection-attacks instructor dishes on the complexity of SQL injection and the prevalence of lesser-known injection attacks

>> Focused Black Hat 2013 Trainings Examine Incident Response, Malware
Infosec trainings aim to provide needed skills to properly respond to incidents large and small

>> BIOS Bummer: New Malware Can Bypass BIOS Security
Researchers expect to release proofs-of-concept at Black Hat that show how malware can infect BIOS, persist past updates, and fool the TPM into thinking everything's fine

>> Black Hat: Chief Engineer of NASA's Jet Propulsion Laboratory To Keynote Day Two Of Black Hat USA 2013
Brian Muirhead has unique experience in solving the challenges of both robotic and human exploration of space

>> Black Hat 2013 Showcases Home Security, Bootkits, Cellular OPSEC Failures
Black Hat announces three more featured talks

>> Black Hat USA 2013 Rolls Out SIM Card, Femtocell Hacking Talks
Organizers have confirmed some early details on Briefings talks

>> U.S. Cyber Command Head General Alexander To Keynote Black Hat USA 2013
Success is measured by how well the government collaborates with partners and customers, according to Gen. Alexander

>> Register For Black Hat 2013 Here

>> Black Hat USA 2012: Complete Coverage

>> Black Hat USA 2011: Complete Coverage

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19807
PUBLISHED: 2019-12-15
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
CVE-2014-8650
PUBLISHED: 2019-12-15
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-3536
PUBLISHED: 2019-12-15
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2014-3643
PUBLISHED: 2019-12-15
jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVE-2014-3652
PUBLISHED: 2019-12-15
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.