This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
SecTor 2024 Announces Record-Breaking Attendance Following Successful Close of Toronto Event [SecTor 2024]
SecTor, Canada’s largest cybersecurity conference, today announced the successful completion of the in-person component of SecTor 2024. The event welcomed 5,000 unique attendees joining in-person from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto. Read More
Takeaways from the SecTor 2024 conference [SecTor 2024]
I couldn’t get to all of the sessions, but here’s a few things I came away with on Wednesday: Keynote speaker Leigh Honeywell of Tall Poppy, which advises firms on dealing with online harassment of employees, said infosec pros have a role in helping protect democracy and elections. They can do it by warning friends and relatives about not trusting everything online. Read More
SecTor Announces Leigh Honeywell and Omkhar Arasaratnam as Keynote Speakers for SecTor 2024 [SecTor 2024]
SecTor, Canada’s largest cybersecurity conference, today announced Leigh Honeywell, founder and CEO of Tall Poppy; and Omkhar Arasaratnam, Guest Lecturer, New York University (NYU) Tandon School of Engineering: Graduate School, as Keynote speakers for SecTor 2024. The live, in-person event will take place at the Metro Toronto Convention Centre in downtown Toronto from October 22 to October 24. Keynote speakers will present on Wednesday, October 23 and Thursday, October 24. Read More
A Sneak Peek into SecTor 2024: AI, Open-Source, and Cybersecurity Trends with Steve Wylie [SecTor 2024]
Discover the highlights of the upcoming Black Hat SecTor Conference in Toronto, featuring insightful discussions on AI, open-source security, and more. Join Steve Wylie, Sean Martin, and Marco Ciappelli as they preview keynotes, summits, and unique aspects of this premier cybersecurity event. Read More
Hacking Deepfake Image Detection System with White and Black Box Attacks | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Sagar Bhure | On Location Coverage with Sean Martin and Marco Ciappelli [SecTor 2024]
In this episode of SecTor 2024, Sean Martin, Marco Ciappelli, and security researcher Sagar Bhure discuss the escalating threat of deepfake technology and its implications for misinformation, financial fraud, and cybersecurity. Tune in to explore real-world examples and learn about innovative detection methods that aim to stay ahead of this complex challenge. Read More
Election security faces threat from cyberattacks and disinformation [Black Hat USA 2024]
It is estimated that more than half of the world’s population will cast ballots by the end of this year, with elections held across a number of countries including the United States. Election security has been a major concern, with threats looming from cyberattacks and disinformation. CNA's Ira Spitzer attended the recent Black Hat cybersecurity conference in Las Vegas and filed this report. Read More
3 Lessons From a Hacker Conference That Can Keep You Safe Online [Black Hat USA 2024]
If you go to Las Vegas for the Black Hat cybersecurity conference, don't bet on spotting people there using burner phones in place of their usual smartphones. Nor should you plan on seeing attendees anxiously using a burner laptop, stripped of most of its usual apps and data. Read More
Black Hat USA 2024 Showcases New Defenses For Cybersecurity Pros [Black Hat USA 2024]
Black Hat has always been an intriguing event to me. It takes its name from the malicious hackers who take on ethical “white hat” defenders, yet the audience is full of (figurative) white hats from the corporate IT world. Read More
The Shakedown From Black Hat USA, 2024 [Black Hat USA 2024]
My colleagues Allie Mellen, Paddy Harrington, Erik Nost, Cody Scott, and I assembled in Las Vegas last week for the Black Hat USA 2024 event. We spent the week attending sessions; meeting with clients; looking for trends, highlights, and lowlights in the festival of vendor marketing (on the show floor and in the convention center hallways); and making sure to drink a lot of water to survive the stifling 110-degree heat. Read More
Three insights you might have missed from Black Hat USA [Black Hat USA 2024]
The growing threat of cybersecurity attacks along the increasingly complex AI landscape reflects one reason Black Hat USA 2024 is one of the biggest cybersecurity conferences of the year. Read More
What a glimpse inside the Black Hat NOC reveals about infosec pros' security habits [Black Hat USA 2024]
The large network that materializes along with legions of infosec professionals at Black Hat every year presents the perfect opportunity to see how well the security community practices what it preaches. Read More
Presidential campaigns in the cyber spotlight [Black Hat USA 2024]
HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! Seeing everyone at Black Hat and DEF CON was great, now excuse me while I recharge my social battery by staring at the wall for the next three days. If you need me (no you don’t), John’s inbox can’t wait to hear all the details. Read More
Windows Downdate attack totally undermines Windows security; fix not yet ready [Black Hat USA 2024]
The security of Windows 11 can be completely undermined by corrupting the Windows Update process with a simple edit to the Windows Registry, forcing a downgrade to vulnerable older versions of Windows and other system processes. As of this writing, there is no patch preventing this attack, although Microsoft has offered steps that reduce the risk. Read More
Just the Hacks: How Journalists Work With Hackers to Break News [Black Hat USA 2024]
Hackers are known for using any available resource to get the money or data they want. Many times, that involves using media contacts to apply public pressure to the companies they are seeking to extort. Read More
Vulnerability Allowed Eavesdropping via Sonos Smart Speakers [Black Hat USA 2024]
NCC Group researchers have disclosed vulnerabilities found in Sonos smart speakers, including a flaw that could have been exploited to eavesdrop on users. One of the vulnerabilities, tracked as CVE-2023-50809, can be exploited by an attacker who is in Wi-Fi range of the targeted Sonos smart speaker for remote code execution. Read More
Design flaw could allow hackers to roll back Microsoft Windows updates [Black Hat USA 2024]
Some of Microsoft’s most important tools for protecting Windows users from malicious hackers can be twisted into being used in attacks, according to research presented here Wednesday at the annual Black Hat security conference. Read More
Windows Update downgrade attack "unpatches" fully-updated systems [Black Hat USA 2024]
SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to "unpatch" fully updated Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities. Read More
Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal [Black Hat USA 2024]
Android-based infotainment systems used in Ford, GM, Honda, and other major vehicle brands can be turned into data-stealing devices, Cisco Talos researchers have uncovered. As with virtually any electronic device, vehicle infotainment systems, colloquially known as head units, can be engineered to steal user data. Read More
CISA: Election infrastructure has never been more secure [Black Hat USA 2024]
CISA Director Jen Easterly said U.S. election infrastructure "has never been more secure" during a Wednesday keynote panel at Black Hat USA 2024. Read More
10 Hot Security Tools Unveiled At Black Hat 2024 [Black Hat USA 2024]
This week in Las Vegas, hundreds of cybersecurity vendors are on hand for the Black Hat USA 2024 conference—many of them with new tools or product capabilities ready to unveil. Read More
Taking Stock with Trinity Chavez: The Cyber Series - Black Hat [Black Hat USA 2024]
Step into the realm of cutting-edge cybersecurity insights at Black Hat in Las Vegas, the second largest cyber security conference in the world! Join NYSE TV’s Lead Anchor, Trinity Chavez, as she gets exclusive access and has riveting conversations with CEOs and other leading cybersecurity experts to explore their strategies, innovations, and groundbreaking perspectives that mold the digital defense landscape. Read More
Could Intel Have Fixed Spectre & Meltdown Bugs Earlier? [Black Hat USA 2024]
The Spectre and Meltdown chip vulnerabilities could have been resolved much earlier had chip makers taken reports from academic researchers more seriously, says one researcher who helped unveiled the hardware bug. Read More
Behind the Scenes at Black Hat USA 2024: An Exclusive Pre-Event Conversation | A Black Hat USA 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli [Black Hat USA 2024]
Black Hat USA 2024 promises to be an exciting and groundbreaking conference, and we caught up with Steve Wylie, the General Manager of Black Hat, to get an inside look at this year's event. Read More
Black Hat Asia 2024: A focus on regulation and reducing complexity in the security stack [Black Hat Asia 2024]
At 2024's Black Hat Asia event, we heard about increasing regulation and fines, ransomware attacks, securing devices in critical infrastructure, MDR's growth in APAC, and the need to reduce complexity in the security stack. Read More
Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities [Black Hat Asia 2024]
Ever since the first Hack@DAC hacking competition in 2017, thousands of security engineers have helped discover hardware-based vulnerabilities, develop mitigation methods, and perform root cause analysis of issues found. Read More
Researchers claim Windows Defender can be fooled into deleting databases [Black Hat Asia 2024]
Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem. Read More
Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers [Black Hat Asia 2024]
New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. Read More
CSA warns of emerging security risks with cloud and AI [Black Hat Asia 2024]
The rapid adoption of emerging technologies such as cloud computing and artificial intelligence (AI) is posing new cyber security risks, adding to the increasingly complex cyber threat landscape. Read More
EP 32: Using ChatGPT To Perform Side Channel Attacks On Real Hardware [Black Hat Europe 2023]
There’s a lot of talk about using AI and LLM in security. For example, could ChatGPT detect the vulnerable spots for power for analysis in particular pieces of code using Advanced Encryption Standard? Witold Waligora, CEO of CloudVA, talks about his Black Hat Europe presentation, How We Taught ChatGPT-4 to Break mbedTLS AES With Side-Channel Attacks. Read More
Increased Cyber Regulation in the Offing as Attacks Mount [Black Hat Europe 2023]
Expect governments to impose greater levels of cybersecurity regulation if businesses cannot defend against major attacks and stop breaches from happening. Read More
LogoFAIL vulnerabilities impact vast majority of devices [Black Hat Europe 2023]
A set of major vulnerabilities that impact nearly all devices allows hackers to bypass most modern security checks through the logo that shows up when the computer starts.
Discovered by the cybersecurity firm Binarly and presented at Black Hat Europe on Wednesday, LogoFAIL is a set of vulnerabilities that impact all x86 and ARM-based devices, like Windows and Linux, through the software that shows the manufacturer logo at the start of a bootup process. Read More
Liability Fears Damaging CISO Role, Says Former Uber CISO [Black Hat Europe 2023]
The growing trend of finding CISOs personally liable for security failings is making security professionals more reluctant to take up these positions.
This according to former Uber CISO Joe Sullivan, speaking during Black Hat Europe 2023. Read More
Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images [Black Hat Europe 2023]
Firmware security company Binarly on Wednesday disclosed the details of an attack method that can be used to compromise many consumer and enterprise devices by leveraging malicious UEFI logo images. Read More
NCSC's Ollie Whitehouse on Why Cybersecurity is Essential, Not Optional [Black Hat Europe 2023]
Ollie Whitehouse is the first-ever chief technical officer (CTO) the UK’s National Cyber Security Centre (NCSC) has appointed. Whitehouse formally began his role in October 2023 following the initial appointment in September. Read More
How I Learned to Stop Worrying and Build a Modern Detection & Response Program | A Black Hat Europe 2023 Event Coverage Conversation with Allyn Stott [Black Hat Europe 2023]
In this episode of the ITSPmagazine On Location Event Coverage series, host Sean Martin and guest Allyn Stott discuss the intricacies of building a modern detection response program, the role of threat intelligence, and the importance of aligning with business risk. Read More
We Need to Stop the Temperature From Rising If We Don't Want to Ice the CISO Role | A Black Hat Europe 2023 Event Coverage Conversation with Joe Sullivan [Black Hat Europe 2023]
Most of the time, for these event coverage conversations, we get to connect with keynote speakers to learn more about the topic they plan to share at the event. During our conversation with Joe Sullivan, we did that ... and so, so much more. Tune in to this (dare we say, approaching emotional) conversation to hear about Joe's journey and all the things he is doing to help keep the CISO role safe and successful. Read More
EP 84: When Old Medical Devices Keep Pre-shared Keys [SecTor 2023]
You would think there is a procedure to End-of-Life a medical device, right? Erase personal health info. Erase network configuration info. Speaking at SecTor 2023, Deral Heiland from Rapid 7 said he found that he was able to buy infusion pumps on the secondary market with the network credentials for the original Health Care Delivery Organization in tact. Read More
SecTor: Top cybersecurity predictions for 2024 [SecTor 2023]
It’s Halloween, and what could possibly be scarier than a look at cybersecurity threats for the year ahead?
Canadian infosec veteran Laura Payne served up her list of 10 cybersecurity predictions for 2024 during a keynote at the 17th annual SecTor conference in Toronto last week. Read More
Cyber Security Today, Week in Review for the week ending Friday, Oct. 27, 2023 [SecTor 2023]
Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, October 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S. Read More
SecTor 2023: A call to Canadian IT pros for political action [SecTor 2023]
IT pros should become more involved in technology policy issues to prevent the Trudeau government from making bad choices, attendees at the annual SecTor cybersecurity conference have been told. Read More
Keynote: 2024 Predictions in Future-Hindsight View - Get Ready! | A SecTor Event Coverage Conversation with Laura Payne [SecTor 2023]
In this episode, hosts Marco and Sean embark on a road trip to SecTor cybersecurity conference in Toronto, Canada, and sit down with cybersecurity expert Laura Payne to discuss cybersecurity's future and artificial intelligence's impact on technology and society. Read More
Do We Really Need to Worry about Critical Infrastructure? | A Discussion about Cyber Operations in the Context of the Leaked Vulkan Files | A SecTor Event Coverage Conversation with Marina Krotofil [SecTor 2023]
In this episode of Chats on the Road to the SecTor Security conference in Toronto, hosts Marco and Sean are joined by Marina Krotofil to explore the complexities of cyber warfare, the leaked Vulkan files, and the need for independent thinking in the face of evolving cyber threats. Read More
The Future of Secure Business Browsing: Isolation and Protection | Browser Security: Isolation-101 | A SecTor Event Coverage Conversation with Evgeniy Kharam [SecTor 2023]
In this episode of the Redefining CyberSecurity Podcast, Sean Martin and guest Evgeniy Kharam discuss browser security, remote browser isolation, enterprise browsers, and the impact on security programs. Read More
SecTor 2023: Full Schedule Programming for Toronto Event [SecTor 2023]
SecTor, Canada’s largest cybersecurity conference, today announced its full schedule programming for SecTor 2023. Taking place in Toronto at the Metro Toronto Convention Centre, this year’s event will feature 42 Briefings, two days of Trainings, 45 Sponsored Sessions, and for the first time at SecTor, Black Hat Arsenal will debut with 36 tool demos. Read More
White Tuque CNO, Laura Payne, to Give Keynote Address at SecTor 2023 [SecTor 2023]
SecTor, Canada's largest cybersecurity conference, will be taking place this October 23rd through 26th at the Metro Toronto Convention Centre. Now in its 17th year, SecTor annually connects IT and security experts from around the world. Thought leaders share the very latest in information security research, development, and trends, providing relevant, engaging, and reputable content for the benefit of the Canadian cybersecurity community. Read More
Black Hat USA 2023: AI's Impact On the Future of Cybersecurity [Black Hat USA 2023]
Artificial intelligence is having a massive impact on our society. “It’s forcing us, for economic reasons, to take all of our problems and turn them into prediction problems,” said Jeff Moss, founder of Black Hat. In an opening keynote for Black Hat USA 2023 in Las Vegas, experts shared just how dramatically generative AI is changing the game. Read More
AI for security, security for AI: 2 aspects of the intersection of 2 hot topics [Black Hat USA 2023]
AI has been a trending topic in technology for many years, but nothing has fueled interest like the explosive emergence of generative AI over the past year. As with many nascent trends, security often rises to the top of opportunities as well as concerns, and this is no less true with AI — it was a central focus of this year's RSA Conference. It was also the theme of the opening keynote at Black Hat, where the AI Cyber Challenge, a Defense Advanced Research Projects Agency (DARPA) initiative launched by the Biden-Harris administration, was announced. That same week, DEF CON hosted the largest public "red teaming" (penetration testing) exercise against AI models to date. Read More
Key takeaways from Black Hat 2023 [Black Hat USA 2023]
At Black Hat USA 2023, Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Victor Zhora, Deputy Chairman and Chief Digital Transformation Officer of the State Service of Special Communication and Information Protection of Ukraine, gave a joint presentation on the need for resilience. Read More
Cyber security experts lament west’s failure to learn lessons from Ukraine [Black Hat USA 2023]
Viktor Zhora, the public face of Ukraine’s success against Russian cyber attacks, received a hero’s welcome earlier this month on stage at Black Hat, the world’s biggest cyber security gathering, in Las Vegas. Read More
Black Hat 2023 Recap Report by The Readable [Black Hat USA 2023]
The Black Hat USA 2023 Recap Report by The Readable was just published. The Readable covered the Black Hat USA 2023 in person, along with the annual DEF CON and USENIX events that took place during the same week. Read More
When it comes to data protection, Black Hat puts its money where its mouth is [Black Hat USA 2023]
From embarrassing dating profiles to unprotected corporate earning reports, Cybernews discovers what really happens to all that sensitive information flowing through the Black Hat Network Operations Center (NOC) once summer camp for hackers finally ends. Read More
Generative AI: Cybersecurity Weapon, But Not Without Adaptable, Creative (Human) Thinkers [Black Hat USA 2023]
Generative AI was — not surprisingly — the conversational coin of the realm at Black Hat 2023, with various panels and keynotes mulling the extent to which AI can replace or bolster humans in security operations. Read More
Publisher’s Spotlight: Black Hat USA 2023 Closes on Record-Breaking Event in Las Vegas [Black Hat USA 2023]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, today announced the successful completion of the in-person component of Black Hat USA 2023. The event welcomed more than 22,750 unique attendees, with 19,750 joining in-person at the Mandalay Bay Convention Center in Las Vegas, while more than 3,000 registered for On-Demand Access to the event. Read More
Playing to Win: Generative AI, Cloud Security, and More at Black Hat 2023 [Black Hat USA 2023]
The stage was set, the players were ready, and Black Hat USA 2023 delivered a cybersecurity spectacle that left no doubt—this was a game-changing event. As we unpack the highlights, one overarching theme emerges: a united front against ever-evolving threats. From generative AI to cloud security and a glimpse into the future of defense, this year's conference illuminated the power of collaboration and innovation. Amidst these pivotal discussions, one revelation—the TETRA:BURST vulnerabilities—took center stage, leaving an indelible mark on the field. Read More
CISA Officials Share Plans for Secure-by-Design Ecosystem [Black Hat USA 2023]
The Cybersecurity and Infrastructure Security Agency (CISA) is looking to change the technology ecosystem through its secure-by-design and -default guidelines, and CISA officials explained the agency’s plan to foster this ecosystem at the Black Hat USA Conference in Las Vegas last week. Read More
Artificial Intelligence: Stopping the Big Unknown in Application, Data Security [Black Hat USA 2023]
Artificial intelligence, particularly large language models of the GPT type, were the talk of the town during last week’s Black Hat and Def Con in Las Vegas. But even the experts disagreed to what extent AI changes the security posture companies should take, from protecting internal data to developing applications. Read More
Password Security is Still Top-of-Mind but Evolving Away, Study Finds [Black Hat USA 2023]
Password security remains relevant but cybersecurity is trending toward a password-less strategy, according to a new survey conducted by Delinea at the recent Black Hat USA conference. Read More
Looks like people are ready to move away from passwords [Black Hat USA 2023]
It appears that many people are ready to embrace the brave new world of passwordless security, as they voice their support for the idea. The Privileged access management (PAM) firm Delinea conducted a survey at this year's Black Hat USA security conference and found that over half (54%) of respondents believe that passwordless solutions are a viable concept. A fifth were also already using passkeys instead of or in addition to passwords. Read More
Passwords are Evolving as a Passwordless Future Draws Nearer [Black Hat USA 2023]
Enterprises are developing strategies now to protect identities from being stolen and abused even as a true passwordless future is slowly coming into view, according to Joseph Carson, chief security scientist and advisory CISO at privileged access manager (PAM) vendor Delinea. Read More
‘Defender Pretender’ turns Windows’ malware protections against itself [Black Hat USA 2023]
Windows Defender can be hijacked to ignore malware, falsely recognize benign files as malicious and even delete critical system files to render a machine inoperable, two Israeli researchers demonstrated at the Black Hat security conference here on Aug. 9. Read More
Cyber Security Today, August 14, 2023 — A huge insurance company hack, presentations at the Black Hat conference, and more [Black Hat USA 2023]
One of the presentations at last week’s Black Hat USA security conference showed the advantages of setting up a honeypot to lure and then record the activities of hackers. Two researchers from GoSecure said they captured 100 hours of videos over three years showing the techniques threat actors use to access and exfiltrate data. Read More
Inside the Black Hat network operations center, volunteers work in geek heaven [Black Hat USA 2023]
Every summer, pandemics permitting, a group of volunteers gather in a Las Vegas hotel to run one of the more unusual examples of IT infrastructure on the planet: the Black Hat network operations center. Read More
For the first time, U.S. government lets hackers break into satellite in space [Black Hat USA 2023]
Hackers in a desert in the Southwest are lobbing a barrage of cyberattacks at a U.S. government satellite on Friday — and it’s exactly what the Pentagon wanted to happen. Read More
Black Hat USA 2023 – Announcements Summary [Black Hat USA 2023]
Hundreds of companies and organizations showcased their cybersecurity products and services this week at the 2023 edition of the Black Hat conference in Las Vegas. Read More
GitHub’s Hardcore Plan to Roll Out Mandatory Two-Factor [Black Hat USA 2023]
You've heard the advice for years: Turn on two-factor authentication everywhere it’s offered. It’s long been clear that using only a username and password to secure digital accounts isn’t enough. But layering on an additional authentication “factor”—like a randomly generated code or a physical token—makes the keys to your kingdom much tougher to guess or steal. Read More
Black Hat USA Unwrapped: Top 5 Cybersecurity Insights You Can't Afford to Miss [Black Hat USA 2023]
There is an enduring nature to many cybersecurity challenges while at the same time cyber practitioners must be aware of the evolving scale of threats, including the rapid global impact of AI-related issues. Read More
4 ways organizations can take back the advantage from attackers [Black Hat USA 2023]
Kelly Shortridge is on a mission — a “resilience revolution” as she describes it — to help defenders outmaneuver threat actors by using the same tactics they employ against other organizations. Read More
Dark Reading News Desk at Black Hat USA 2023 [Black Hat USA 2023]
Dark Reading News Desk was live for two days during Black Hat USA, at Mandalay Bay in Las Vegas. Dark Reading editor Becky Bracken hosted a bevy of Black Hat newsmakers including cybersecurity journalists, experts, and researchers for on-the-scene interviews. Read More
20 Hottest New Cybersecurity Tools At Black Hat 2023 [Black Hat USA 2023]
At Black Hat 2023 this week, vendors are showcasing new products in segments including XDR, application security, vulnerability management and cloud security. Read More
CISA Director: US has lessons to learn about anticipating threats, disruption [Black Hat USA 2023]
U.S. residents and businesses need to be better prepared for inevitable disruptions caused by cyberattacks, according to the head of the country’s cybersecurity agency. Speaking alongside Ukrainian cybersecurity chief Viktor Zhora at the Black Hat cybersecurity conference, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said Americans need to mirror Ukraine’s resilience in the face of an onslaught of damaging cyberattacks. Read More
The top new cybersecurity products at Black Hat USA 2023 [Black Hat USA 2023]
Black Hat USA 2023 served as launchpad for a host of cybersecurity products and services, with many notable vendors as well as up-and-coming startups showcasing their innovations at the annual conference, held this week in Las Vegas. Read More
The US Wants Americans To Learn From Its Cyber Partnership With Ukraine [Black Hat USA 2023]
The United States’ partnership with Ukraine to fend off Russian hackers during the ongoing war has proven to be an excellent model for helping other countries deal with similar digital assaults, a top U.S. cyber official said Wednesday. Read More
Hackers to compete for nearly $20 million in prizes by using A.I. for cybersecurity, Biden administration announces [Black Hat USA 2023]
Hackers will have the chance to compete for millions of dollars in prizes by using artificial intelligence to protect critical U.S. infrastructure from cybersecurity risks, the Biden administration announced Wednesday. Read More
White House launches contest to improve critical infrastructure cybersecurity with AI [Black Hat USA 2023]
The White House today announced the AI Cyber Challenge, a contest designed to improve the cybersecurity of the United States’ critical infrastructure. The contest was detailed during Black Hat USA 2023, a major cybersecurity event taking place this week in Las Vegas. Read More
White House launches AI Cyber Challenge to test how top AI models protect software [Black Hat USA 2023]
At the Black Hat USA conference in Las Vegas today — the nation’s largest hacking conference — the Biden-Harris administration announced the launch of a two-year open competition to explore how AI can be used to protect and defend the U.S.’s most vital software, including computer code that keeps the internet and critical infrastructure running. Read More
Black Hat USA: Cybersecurity Experts Optimistic About Generative AI [Black Hat USA 2023]
Cybersecurity as an industry is likely going to be the biggest benefactor of AI. A panel of cybersecurity experts from Amazon Web Services (AWS), Barracuda, Splunk and more agreed they are optimistic about the future of generative AI in spite of increasing threats. The panel took place Tuesday at this week’s Black Hat USA. Read More
‘Downfall’ vulnerability leaves billions of Intel CPUs at risk [Black Hat USA 2023]
Computer security operates on a few basic principles, and one of them is that data in use by one application should not be available to another without permission. This basic architecture should in theory keep one application from snooping on another and stealing, for example, a bank key from a password manager. When that principle breaks down, it can be devastating. Read More
New Downfall attacks on Intel CPUs steal encryption keys, data [Black Hat USA 2023]
A senior research scientist at Google has devised new CPU attacks to exploit a vulnerability dubbed Downfall that affects multiple Intel microprocessor families and allows stealing passwords, encryption keys, and private data like emails, messages, or banking info from users that share the same computer. Read More
Cybersecurity is everyone’s responsibility [Black Hat USA 2023]
Ahead of Black Hat 2023, Omdia Senior Director of Research Maxine Holt discusses the state of the cybersecurity landscape and what lies ahead for businesses not adequately prepared for the threat of cybercrime. Read More
What to Expect at Black Hat 2023 [Black Hat USA 2023]
Every summer, hackers and researchers from around the world brave the broiling Las Vegas heat, coming together for the hacking extravaganza known as Black Hat. This is the opportunity for academics and professional testers to wow their colleagues by showcasing the vulnerabilities they’ve discovered or new protection techniques they’ve invented. Read More
Tesla Jailbreak Unlocks Theft of In-Car Paid Features [Black Hat USA 2023]
Tesla cars are susceptible to a nearly irreversible jailbreak of their onboard infotainment systems that would allow owners to unlock a bevy of paid in-car features for free. The stolen perks can run the gamut from better bandwidth to faster acceleration and heated seats, according to a team of academic researchers. Read More
Summer Documentary Watch Party: 8 Sizzling Cybersecurity Tales [Black Hat USA 2023]
It's almost August, which means Hacker Summer Camp — the confluence of BSides Las Vegas, Black Hat USA, and DEF CON — is nearly upon us. If you're going to Las Vegas to take part in the annual celebration of probing every system for any possible weakness, we've got a wide selection of documentaries to get you in the investigative mood. Read More
Meet the Finalists for the 2023 Pwnie Awards [Black Hat USA 2023]
With Black Hat USA 2023 looming, it's time to start thinking about the Oscars of cybersecurity, the Pwnie Awards. The statuettes will be handed out live in Las Vegas on Wednesday, Aug. 9, at 6:30 p.m. – with the exception of this year's Lifetime Achievement Pwnie, which was awarded at the Summercon hackers' meetup in Brooklyn, New York, on July 14, when the other nominees were announced. Read More
Satellites Are Rife With Basic Security Flaws [Black Hat USA 2023]
Hundreds of miles above Earth, thousands of satellites are orbiting the planet to keep the world running smoothly. Timing systems, GPS, and communications technologies are all powered by satellites. But for years, security researchers have warned that more needs to be done to secure the satellites against cyberattacks. Read More
Microsoft users on high alert over dangerous RCE zero-day [Black Hat USA 2023]
Microsoft has disclosed a potentially serious remote code execution (RCE) zero-day under active exploitation – by a group with alleged links to the Russian intelligence services – among more than 100 other vulnerabilities in its July Patch Tuesday update, but the company has not yet issued an actual patch for it. Read More
Black Hat USA Announces Over 90 Briefings for its 26th Anniversary Event in Las Vegas [Black Hat USA 2023]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, returns to Las Vegas celebrating Black Hat USA’s 26th anniversary with a live, in-person 6-day program from August 5 – August 10. The event will take place at the Mandalay Bay Convention Center, featuring over 90 Briefings hand selected by the Black Hat Review Board. Read More
Black Hat Asia 2023: Data exposure, privacy, and minimization [Black Hat Asia 2023]
Black Hat Asia 2023 in Singapore and its flurry of activities make for an exciting time of the year. Cybersecurity is nascent among organizations in Asia, with plenty of opportunities to rise above in the race to build digital resilience. Read More
Millions of Android Devices Loaded with Malware Infected OEM Images [Black Hat Asia 2023]
TrendMicro made a shocking revelation at Black Hat Asia 2023 where they disclosed an operation that has been running since 2018 targeting Android devices. The scheme was uncovered in 2021 while researchers at TrendMicro were looking into SMS PVA (Phone Verified Accounts) mobile bot net. They identified that the botnet had been helped along by a supply chain attack targeting the image used by OEM to rapidly deploy the OS onto the devices. Read More
This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide [Black Hat Asia 2023]
A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks. Read More
Vulnerabilities in router vendors’ cloud management platforms detailed [Black Hat Asia 2023]
Hundreds of thousands of operational technology networks and devices are at risk of hijacking attacks stemming from the exploitation of several security vulnerabilities impacting the cloud management platforms of industrial cellular router vendors Sierra Wireless, InHand Networks, and Teltonika Wireless, The Hacker News reports. Read More
Black Hat Asia 2023 Closes on Record-Breaking, In-Person Event in Singapore [Black Hat Asia 2023]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, today announced the successful completion of the in-person component of Black Hat Asia 2023. The event welcomed a record number of attendees from May 9 through May 12, with more than 3,000 attendees joining at the Marina Bay Sands Expo & Convention Centre in Singapore. Read More
Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cybercrime Enterprise [Black Hat Asia 2023]
Millions of Android phone users around the world are contributing daily to the financial wellbeing of an outfit called the Lemon Group, merely by virtue of owning the devices. Unbeknownst to those users, the operators of the Lemon Group have pre-infected their devices before they even bought them. Now, they're quietly using their phones as tools for stealing and selling SMS messages and one-time passwords (OTPs), serving up unwanted ads, setting up online messaging and social media accounts, and other purposes. Read More
Arm acknowledges side-channel attack but denies Cortex-M is crocked [Black Hat Asia 2023]
Arm issued a statement last Friday declaring that a successful side attack on its TrustZone-enabled Cortex-M based systems was "not a failure of the protection offered by the architecture.” Read More
Millions of mobile phones come pre-infected with malware, say researchers [Black Hat Asia 2023]
Miscreants have infected millions of Androids worldwide with malicious firmware before the devices even shipped from their factories, according to Trend Micro researchers at Black Hat Asia. Read More
Firmware Looms as the Next Frontier for Cybersecurity [Black Hat Asia 2023]
Last December, researchers discovered a series of five vulnerabilities affecting servers run by more than a dozen major vendors — brand names like Huawei, Qualcomm, Nvidia, AMD, Dell, and HP. The vulnerabilities were nothing to scoff at, either, with CVSS scores ranging from 5.3 (Medium severity) to 9.8 (Critical). Read More
Shout-out to whoever went to Black Hat and had North Korean malware on their PC [Black Hat USA 2022]
The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents. Read More
The Black Hat Conference At 25: Still Fighting The Good Fight [Black Hat USA 2022]
Out on the Nevada desert sand, a phenomenon 25 years running has again grabbed the attention of the not only the tech industry, but also IT professionals from every industry. The annual Black Hat security convention proves there is no respite in a world of never-ending security threats – from the known, to the unknown, likely and unlikely sources. The conference attracts participants of all stripes, with its insights, breakthroughs, and aspirations. Founded in 1997, the Black Hat event is a yearly cybersecurity community geek-fest with the latest cutting-edge research, developments, and trends. Read More
Why patching quality, vendor info on vulnerabilities are declining [Black Hat USA 2022]
Those who apply security patches are finding that it’s becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren’t fixed right or variant bugs that could have been patched the first time. Read More
How cybersecurity vendors are misrepresenting zero trust [Black Hat USA 2022]
The zero-trust vision that cybersecurity vendors are selling isn’t the reality enterprises are experiencing. The disconnect begins during initial sales cycles, where the promises of ease of use, streamlined API integration and responsive service lead to enterprises buying solutions that don’t work. Unfortunately, enterprises are getting more challenges than the vision vendors sold. Read More
What Black Hat 2022 reveals about securing the supercloud [Black Hat USA 2022]
Black Hat 2022 was held in Las Vegas last week, at the same time as theCUBE’s supercloud event. Unlike AWS re:Inforce, where words are carefully chosen to put a positive spin on security, Black Hat exposes all the warts of cybersecurity and openly discusses its hard truths. It’s a conference attended by technical experts who proudly share some of the vulnerabilities they’ve discovered and of course by numerous vendors marketing their products and services. Read More
Black Hat USA 2022 Closes on a Record Breaking Event in Las Vegas & Online [Black Hat USA 2022]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, closes a successful hybrid event for Black Hat USA 2022. The event welcomed more than 21,000 unique attendees, with over 17,400 joining in person at the Mandalay Bay Convention Center in Las Vegas, while over 15,488 actively logged into the virtual platform. Security professionals from 111 countries joined the hybrid event, to experience the robust lineup of groundbreaking content led by security experts who showcased the latest and greatest research currently impacting the industry including more than 90 deeply technical Briefings. Read More
State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims [Black Hat USA 2022]
Fake job offers have become a top phishing tactic for state-sponsored threat actors to lure in unsuspecting targets in the wake of the COVID-19 pandemic, as many reconsider their careers amid growing demand for skilled workers and managers. Read More
As Black Hat security conference turns 25, a lesson: security doesn’t have an end point [Black Hat USA 2022]
At the start of the Black Hat information-security conference here, founder Jeff Moss took a moment to reflect on the state of cybersecurity today compared to the hopes of industry professionals at the first such gathering 25 years earlier. Read More
Black Hat Postmortem: Geopolitical Risks and Complexity on the Rise [Black Hat USA 2022]
Last week’s Black Hat USA 2022 conference solidly framed the cybersecurity issues IT and network managers are facing. From the keynotes throughout the conference sessions, the message was clear. Security challenges are increasing, and the complexity of modern applications and infrastructures makes it all the more harder to secure networks and defend against attacks. Read More
Head of Ukraine’s Cybersecurity Says Russia Has Committed ‘Cyber War Crimes’ [Black Hat USA 2022]
The head of Ukraine’s cybersecurity agency was in Las Vegas this week, at Black Hat, one of the largest hacking conferences in the world. He said he was there to promote the idea that "we should be united to create some kind of cyber coalition to counter the threats." Read More
Former CISA chief wants new, cross-cutting agency to lead fed cyber [Black Hat USA 2022]
The federal government should establish a new "U.S. Digital Agency" to counter risks associated with emerging digital threats and to further bolster national security around privacy and data management, according to the first-ever director of the Cybersecurity and Infrastructure Security Agency. Read More
Election disinformation fears loom over hacker confab [Black Hat USA 2022]
HAPPY MONDAY, and welcome to Morning Cybersecurity! I’m your host, Eric Geller, and I’m marveling at these gorgeous supermoon photos from around the world. Read More
Black Hat 2022: Why machine identities are the most vulnerable [Black Hat USA 2022]
Enterprises are struggling to secure machine identities because hybrid cloud configurations are too complex to manage, leading to security gaps cyberattackers exploit. Adding to the confusion are differences between public cloud providers’ approaches to defining machine-based identities using their native identity access management (IAM) applications. Additionally, due to differences in how IAM and machine identity management are handled across cloud platforms, it can be challenging to enforce zero-trust principles, enabling least-privileged access in a hybrid cloud environment. Read More
Black Hat 2022 reveals enterprise security trends [Black Hat USA 2022]
The blast radius of cyberattacks on an enterprise is projected to keep growing, extending several layers deep into software supply chains, devops and tech stacks. Black Hat 2022’s presentations and announcements for enterprise security provide a sobering look at how enterprises’ tech stacks are at risk of more complex, devastating cyberattacks. Held last week in Las Vegas and in its 25th consecutive year, Black Hat‘s reputation for investigative analysis and reporting large-scale security flaws, gaps and breaches are unparalleled in cybersecurity. Read More
Man vs. Dish: How one researcher used a $25 homemade device to hack into Elon Musk's Starlink system [Black Hat USA 2022]
With over 3,000 small satellites in orbit, Elon Musk's Starlink has created an excellent fleet orbiting Earth at the moment providing satellite internet access coverage in 36 countries. However, all it took was one Belgian cyber security researcher, a $25 homemade device, and a dream to reveal the first major security flaw in Starlink's user terminals. Read More
Researchers Find Vulnerability in Software Underlying Discord, Microsoft Teams, and Other Apps [Black Hat USA 2022]
A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others, which are used by tens of millions of people all over the world. Read More
Vulnerabilities Allowed Researchers to Remotely Lock and Unlock Doors [Black Hat USA 2022]
If you have worked or still work in an office, you have probably swiped an access card in front of one of those black devices with a light that toggles from red to green, which lets you get into the building. Thanks to a series of vulnerabilities into one of the most popular access control panels in the world, hackers could get into the building too. Read More
KREBS: ‘WE’VE OVER-FETISHIZED THE APT THREAT’ [Black Hat USA 2022]
The government and industry focus in recent years on the operations and tactics of highline threat actors such as Russian and Chinese APT teams has allowed cybercrime and ransomware groups to have a field day and grow stronger and more technologically advanced in the interim, the former director of the Cybersecurity and Infrastructure Security Agency said. Read More
New Cross-Industry Group Launches Open Cybersecurity Framework [Black Hat USA 2022]
Amazon Web Services (AWS) and Splunk are leading an industry effort of 18 systems and security vendors to standardize how different monitoring systems share security alerts. The goal is to deliver a simplified and vendor-agnostic taxonomy to help security teams ingest and analyze security data faster. Read More
4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls [Black Hat USA 2022]
Cisco's enterprise-class firewalls have at least a dozen vulnerabilities — four of which have been assigned CVE identifiers — that could allow attackers to infiltrate networks protected by the devices, a security researcher from vulnerability management firm Rapid7 plans to say in a presentation at the Black Hat USA conference on Aug. 11. Read More
Sloppy Software Patches Are a 'Disturbing Trend' [Black Hat USA 2022]
THE WHOLE PURPOSE of vulnerability disclosure is to notify software developers about flaws in their code so they can create fixes, or patches, and improve the security of their products. But after 17 years and more than 10,000 vulnerability disclosures, the Zero Day Initiative is calling out a “disturbing trend” at the Black Hat security conference in Las Vegas today and announcing a plan to apply some counterpressure. Read More
Log4j was the right incident for inaugural review, safety board says [Black Hat USA 2022]
Two leading members of the Cyber Safety Review Board, speaking at the Black Hat USA conference in Las Vegas Wednesday, praised the inaugural investigation of the Log4j vulnerability Read More
SpaceX Invites Security Researchers to Hack Starlink [Black Hat USA 2022]
To secure Starlink, SpaceX is inviting security researchers to try and hack the satellite internet system and then report any vulnerabilities to the company. Read More
Three ransomware attacks hit single company over two weeks [Black Hat USA 2022]
Three of the most prolific ransomware gangs currently in operation targeted the same company over a period of two weeks, according to cyber security researchers. Read More
WTF Just Happened? Why Your Org Needs a Cybersecurity Incident Review Board [Black Hat USA 2022]
"People don't do shit about cybersecurity until they have to," Tarah Wheeler, a Fulbright scholar and CEO at Red Queen Dynamics, Inc., remarked during her panel at Black Hat. Read More
Black Hat at 25: Why Cybersecurity Is Going to Get Worse Before It Gets Better [Black Hat USA 2022]
Chris Krebs, the first director of the Cybersecurity and Infrastructure Security Agency (CISA), a part of the US Department of Homeland Security, believes that information security will get worse before it gets better. Krebs, now a founding partner of consulting firm Krebs Stamos Group, opened information security conference Black Hat USA 2022 with a keynote speech on August 10. Read More
Black Hat USA: Former CISA Director Says Cybercrime to Get a Lot Worse Before Better [Black Hat USA 2022]
Former Cybersecurity and Infrastructure Agency (CISA) director Chris Krebs says when it comes to cybercrime, things are going to get a lot worse before they get better. Read More
Browser-powered desync: New class of HTTP request smuggling attacks showcased at Black Hat USA [Black Hat USA 2022]
A new class of HTTP request smuggling attack allowed a security researcher to compromise multiple popular websites including Amazon and Akamai, break TLS, and exploit Apache servers. Read More
Black Hat USA: Deliberately vulnerable AWS, Azure cloud infrastructure is a pen tester’s playground [Black Hat USA 2022]
Security pros from INE enjoyed a double billing at Black Hat USA yesterday (August 10) as they showcased penetration testing tools AWSGoat and AzureGoat. Read More
ReNgine upgrade: New subscan feature, PDF reports, expanded toolbox showcased at Black Hat USA [Black Hat USA 2022]
Black Hat USA attendees were given a firsthand look at the new and improved ReNgine, which includes several new features for penetration testers and red teamers. Read More
Black Hat USA: Log4j de-obfuscator Ox4Shell ‘dramatically’ reduces analysis time [Black Hat USA 2022]
A Log4Shell de-obfuscation tool that promises simple, rapid payload analysis without the risk of “critical side effects” has been showcased at Black Hat USA. Read More
This Anti-Tracking Tool Checks If You're Being Followed [Black Hat USA 2022]
MATT EDMONDSON, A federal agent with the Department of Homeland Security for the last 21 years, got a call for help last year. A friend working in another part of government—he won’t say which one—was worried that someone might have been tailing them when they were meeting a confidential informant who had links to a terrorist organization. If they were being followed, their source’s cover may have been blown. “It was literally a matter of life and death,” Edmondson says. Read More
#BHUSA: Chris Krebs Explains How Cybersecurity Can Improve [Black Hat USA 2022]
Why is cybersecurity so bad right now? That is the question with which the Black Hat USA 2022 security conference got underway on August 10 in an opening keynote address from former CISA director Chris Krebs. Read More
Tech, Cyber Companies Launch Security Standard to Monitor Hacking Attempts [Black Hat USA 2022]
A group of 18 tech and cyber companies said Wednesday they are building a common data standard for sharing cybersecurity information. They aim to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to fully assess hacking threats. Read More
MAJOR CYBERSECURITY COMPANIES CREATE NEW OPEN-SOURCE CONSORTIUM TO SHARE KEY DATA [Black Hat USA 2022]
Black Hat USA 2022 started off with a bang Wednesday with a group of major cybersecurity companies unveiling the formation of a new open-source consortium to share key data and with DNSFilter separately saying it’s acquiring Guardian, a firewall and VPN platform. Read More
Researcher Hacks Starlink Terminal to Warn SpaceX of Dangerous Flaws [Black Hat USA 2022]
A researcher from Belgium created a $25 hacking tool that could glitch Starlink’s internet terminals, and he is reportedly going to make this tool available for others to copy. Lennert Wouters, a security researcher at KU Leuven, demonstrated how he was able to hack into Elon Musk’s satellite dishes at the Black Hat Security Conference being held this week in Las Vegas, Wired reported. Read More
More than a dozen companies developing single standard to detect cyberattacks faster [Black Hat USA 2022]
More than a dozen companies in the cybersecurity space are developing a single, open standard for sharing data about hacking threats, a project the companies say could help organizations detect cyberattacks more quickly. Read More
AWS, Splunk lead open source effort to spot and curb cyberattacks [Black Hat USA 2022]
A coalition of 18 companies on Wednesday introduced a project aimed at creating a universal model for sharing data deemed essential to spot and curb cyberattacks. Read More
Group of security companies launches open source project to ease data sharing [Black Hat USA 2022]
It’s long been known that security is not a problem that companies, even large corporations, can solve on their own. It takes a community working together to battle the kinds of problems that companies are facing today when it comes to cybersecurity. Read More
Black Hat USA 2022: DNSFilter, NetWitness, BlackBerry, CrowdStrike, More [Black Hat USA 2022]
Black Hat USA 2022 kicked off Wednesday in Las Vegas with a flurry of news and research from DNSFilter, NetWitness, BlackBerry, CrowdStrike and more. Read More
Looking Back at 25 Years of Black Hat [Black Hat USA 2022]
Back in 1997, when tech companies didn't understand hackers very well and didn't take them seriously, the founder of DEF CON, Jeff Moss, decided to create an event that would give everyone the chance to peek inside the minds of these creative geniuses. Black Hat was born. Read More
The Hacking of Starlink Terminals Has Begun [Black Hat USA 2022]
Since 2018, Elon Musk’s Starlink has launched more than 3,000 small satellites into orbit. This satellite network beams internet connections to hard-to-reach locations on Earth and has been a vital source of connectivity during Russia’s war in Ukraine. Thousands more satellites are planned for launch as the industry booms. Now, like any emerging technology, those satellite components are being hacked.
Read More
One of 5G's Biggest Features Is a Security Minefield [Black Hat USA 2022]
TRUE 5G WIRELESS data, with its ultrafast speeds and enhanced security protections, has been slow to roll out around the world. As the mobile technology proliferates—combining expanded speed and bandwidth with low-latency connections—one of its most touted features is starting to come in to focus. But the upgrade comes with its own raft of potential security exposures. Read More
What to watch for as 'Hacker Summer Camp' gets underway in Las Vegas [Black Hat USA 2022]
A trio of cybersecurity conferences — BSidesLV, Black Hat USA and DEF CON — kicks off this week in Las Vegas in what’s collectively known as Hacker Summer Camp, bringing together policymakers, executives, experts, hackers and enthusiasts against a backdrop of some of the most unsettled international events of recent years. Read More
Sophos Says Attackers are Ganging Up on Victims [Black Hat USA 2022]
Ransomware victims are being targeted by multiple attackers within weeks, days, and even hours, according to a new whitepaper from security vendor Sophos. Read More
Russia-Ukraine Conflict Holds Cyberwar Lessons [Black Hat USA 2022]
The online attacks against infrastructure and information operations used by both sides in the conflict between Russia and Ukraine fulfill the definition of cyberwar and hold lessons for governments and companies, two researchers plan to say this week at the Black Hat USA conference in Las Vegas. Read More
Abusing Kerberos for Local Privilege Escalation [Black Hat USA 2022]
As the main authentication protocol for Windows enterprise networks, Kerberos has long been a favored hacking playground for security researchers and cybercriminals alike. While the focus has been on attacking Kerberos authentication to carry out remote exploits and aid in lateral movement across the network, new research explores how Kerberos can also be abused to great effect in carrying out a variety of local privilege escalation (LPE) attacks. Read More
Early Log4j mitigation, asset inventory led to a better security position [Black Hat USA 2022]
Third-party scans suggest that a significant number of large businesses that spent the first months in the wake of the Log4j discovery conducting rigorous asset inventory and rooting out instances in their software or hardware were able to reduce their risk from the vulnerability to near zero in the following months. Meanwhile, those that were sluggish to initially address the flaw early often saw their risk increase or compound as new, vulnerable assets were brought online over the year. Read More
Simple IDOR vulnerability in Reddit allowed mischief-makers to perform mod actions [Black Hat USA 2022]
A vulnerability in Reddit allowed attackers to perform moderator actions or elevate regular users to mod status without the appropriate permissions. Read More
NetSPI rolls out 2 new open-source pen-testing tools at Black Hat [Black Hat USA 2022]
Preventing and mitigating cyberattacks is a day-to-day — sometimes hour-to-hour — is a massive endeavor for enterprises. New, more advanced techniques are revealed constantly, especially with the rise in ransomware-as-a-service, crime syndicates and cybercrime commoditization. Likewise, statistics are seemingly endless, with a regular churn of new, updated reports and research studies revealing worsening conditions. Read More
Treasury cracks down on a tool that helped launder billions [Black Hat USA 2022]
Welcome to The Cybersecurity 202! Go watch “Sandman” now, if you haven't. Those comics were a formative part of my youth, but I never thought a TV adaptation could work. Thankfully, I was wrong. Read More
IBM reveals ways to use native source-code management functionality in attacks [Black Hat USA 2022]
IBM’s pen testing group X-Force Red released a new source-code management (SCM) attack simulation toolkit Tuesday, with new research revealing ways to use native SCM functionality in attacks. Read More
What to Expect at Black Hat 2022 [Black Hat USA 2022]
Almost every August, Las Vegas fills to the brim with a curious cross-section of visitors: hackers, researchers, hobbyists, and everyone else who has an interest in making computers do things they shouldn't. They're in town for Black Hat (and its less formal sibling event, DEF CON), and PCMag will be there, too. Here's what we're looking forward to this year. Read More
A marquee week for cybersecurity in Vegas [Black Hat USA 2022]
HAPPY MONDAY, and welcome back to Morning Cybersecurity! I’m your host, Maggie Miller, and we’re officially into the part of summer where Washington, D.C., is filled exclusively with tourists while Capitol Hill clears out for the month. The “stand on the right, walk on the left” thoughts are about to go into overdrive. Read More
Phone Numbers Used for Identification, Hacker Summer Camp Advice, Samsung Repair Mode [Black Hat USA 2022]
Why your phone number is becoming a popular way to identify you, our advise on how to best protect your privacy at hacker summer camp in Las Vegas (BSides, BlackHat, DEF CON), and details on Samsung’s new repair mode which will protect your private data on your smartphone when you take it in for repairs. Read More
VMware: The threat of lateral movement is growing [Black Hat USA 2022]
Lateral movement was observed in 25% of all attacks that VMware tracked for its annual "Global Incident Response Threat Report," released Monday. Read More
Cybercriminals Are Using Bots to Steal Online Pharmacy Accounts [Black Hat USA 2022]
Cybercriminals are increasingly deploying software Bots to commandeer the online pharmacy accounts of everyday people, according to new research, allowing hackers to illegally buy prescription drugs and depriving patients of needed medications. Read More
DARKTRACE TO PRESENT KEY SESSIONS AT BLACK HAT USA 2022 [Black Hat USA 2022]
BLACK HAT USA 2022 – Darktrace, a global leader in cyber security artificial intelligence, today announced it will present two sessions at Black Hat USA 2022. Listed below, Darktrace speakers will explore preventative approaches to cyber security that are redefining how organizations and smart cities mitigate cyber risk. Read More
BlackCloak Brings Digital Executive Protection to Black Hat 2022 [Black Hat USA 2022]
Next week, members of both BlackCloak’s executive and revenue teams will descend on Las Vegas for the annual Black Hat Conference. This year will be the first for us as an exhibitor. You can find us setup in Innovation City Booth #52. Read More
Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Report: Emergency Alert System vulnerable to hijacking. [Black Hat USA 2022]
The Security Service of Ukraine (SSU) says it dismantled a large Russian botnet operation that was being used to spread Russian propaganda and disinformation. The bots, about a million strong, were herded from locations within Ukraine itself, in the cities of Kyiv, Kharkiv, and Vinnytsia, BleepingComputer reports. Their output took the form of social media posts from inauthentic accounts associated with fictitious personae. The SSU describes the operation as follows: "Their latest ‘activities’ include the distribution of content on the alleged conflict between the leadership of the President’s Office and the Commander-in-Chief of the Armed Forces of Ukraine as well as a campaign to discredit the first lady. To spin destabilizing content, perpetrators administered over 1 million of their own bots and numerous groups in social networks with an audience of almost 400,000 users. In the course of a multi-stage special operation, the SSU exposed the leader of this criminal group. He is a russian citizen who has lived in Kyiv and positioned himself as a ‘political expert.’" Read More
Wordfence Intelligence Launching at Black Hat 2022 in Las Vegas Next Week [Black Hat USA 2022]
Wordfence protects over 4 million websites around the world on 12,000 unique networks, and we block over 1.8 billion attacks targeting those websites every month. For years we have had a relationship with our customers that is a virtuous cycle: We receive attack reports from our customers at a rate of over 700 reports per second, and we distill those attacks into malware signatures, firewall rules, and an IP blocklist, and we give that data back to our customers in the form of a threat intelligence feed. Read More
Expel Heads to Las Vegas and Makes its Black Hat Debut [Black Hat USA 2022]
Fresh off its successful RSA Conference debut, Expel is again making its first-time appearance at a landmark industry event—Black Hat USA 2022. Expel, the managed security provider that aims to make security easy to understand, use and improve, is exhibiting in the Black Hat business hall, and will be located in booth #2861, August 10-11. Read More
IronNet to Help Secure Black Hat USA 2022 through Network Operations Center [Black Hat USA 2022]
IronNet, Inc. (NYSE: IRNT), an innovative leader Transforming Cybersecurity Through Collective DefenseSM, today announced it will participate in the Black Hat Network Operations Center (NOC) to provide a highly secure, high-availability network in one of the most demanding environments in the world–the Black Hat USA 2022 event. Read More
How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes [Black Hat USA 2022]
It's a well-known fact that humans are — and will remain — one of the weakest links in any company's cyber defenses. Security admins have tried to help the situation through random phishing tests and training, ultimatums, eliminating local control over a given device, and even naming and shaming those unlucky souls who clicked on the wrong link in an email. Read More
Black Hat USA Research: Supply Chain and Cloud Security Risks Are Top of Mind [Black Hat USA 2022]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, releases its eighth annual community survey Supply Chain and Cloud Security Risks Are Top of Mind. The report highlights important findings from more than 180 of the industry’s most experienced cybersecurity professionals who reported concerns over attacks against cloud services, ransomware and the growing risks to the global supply chain. Read More
Black Hat USA 2022: What you need to know [Black Hat USA 2022]
Following a successful hybrid event in 2021 that saw more than 6,000 in-person, and more than 14,500 virtual attendees, Black Hat USA returns in 2022 to the Mandalay Bay Convention Centre in Las Vegas, Nevada. Now in its 25th year, this year’s event has three key components, each equally unmissable, namely these are Trainings, Briefings, and The Business Hall. Read More
Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine [Black Hat USA 2022]
The infamous Sandworm threat group operating out of Russia's military GRU unit has no qualms about taunting researchers when it finds it is being watched. Just ask Robert Lipovsky and his fellow researchers at ESET, who got the message loud and clear when they dissected one of Sandworm's newer malware variants earlier this year: The Sandworm attackers disguised the loader for one of its data-wiping variants as the IDAPro reverse-engineering tool — the very same tool the researchers had used to analyze the attackers' malware. Read More
Why Should you Visit Black Hat this Year? [Black Hat USA 2022]
Ever since it was introduced in 1997 by Jeff Moss, Black Hat has emerged to become one of the most promising information security events across the world. Apart from informative discussions and briefings, the Black Hat event also comes up as a promising opportunity for the networking and security vendors to unveil their ground-breaking products and services in front of an audience, which consists of thousands of security professionals, C-Suite executives, and small-business owners. Read More
Rezilion Unveils Broad Lineup Platform Enhancements, Providing Organizations with Holistic and Automated Toolset to Accelerate Software Security [Black Hat USA 2022]
Rezilion announced today the full availability of its new, automated vulnerability management solution to identify, prioritize, and remediate vulnerable software. Read More
Don't Have a COW: Containers on Windows and Other Container-Escape Research [Black Hat USA 2022]
In what's shaping up to be a summer of container escapes, a pair of talks slated for Black Hat USA next month will explore the kinds of architectural weaknesses in operating systems and in container platforms that can make it easy for attackers break down the barriers of container isolation and run roughshod over cloud infrastructure. Read More
Hackers lifting fingerprints from your Android phone? [Black Hat USA 2022]
Researcher duo reveals that fingerprint sensors on your Android device can be hacked to reveal all you fingerprint dataBy Digit NewsDesk | Published 04 Jul 2022 14:04 IST
HIGHLIGHTS
Research duo reveals that fingerprint sensors on your Android device can be hacked to reveal your fingerprint data
Hackers lifting fingerprints from your Android phone?Hackers lifting fingerprints from your Android phone?GOBASS 400 Headphones Operate calls and music on the go with multi function control Make crystal clear calls with a high def mic Click here to know moreAdvertisementsYour fingerprints on your Android phone might not be as safe as you think. Recently, two security researchers at the annual Black Hat conference revealed that the fingerprint scanner on your Android devices is quite vulnerable. Researchers Tao Wei and Yulong Zhong of FireEye Inc., showed that Hackers can remotely lift fingerprints from Android devices. The duo talked about how design flaws in TrustZone, the ARM technology that comes embedded in modern day smartphones, will simply let a 'sensor spying attack' harvest a user fingerprints. Read More
The Artemis Red Team, a new subgroup within the Synack Red Team, was formed to encourage women, trans and nonbinary people to excel in their pentesting careers. There are vast numbers of untapped and underrepresented hacking talent in the world, and the Artemis Red Team is actively seeking these individuals out, giving them a home for mentorship and helping them develop their professional skills. Read More
Police Linked to Hacking Campaign to Frame Indian Activists [Black Hat USA 2022]
Now the researchers have gone further in nailing down the group’s affiliations. Working with a security analyst at a certain email provider—who also spoke to WIRED but asked that neither they nor their employer be named—SentinelOne learned that three of the victim email accounts compromised by the hackers in 2018 and 2019 had a recovery email address and phone number added as a backup mechanism. Read More
The Ghostwriter team recently released v3.0.0. This release represents a significant milestone for the project, and there has never been a better time to try out Ghostwriter. Our goal was to make it much simpler to install and manage the application and make it possible to add external functionality via an API. This release accomplishes all of this and more, and we’re excited for you to see it. DevOps Connect:DevSecOps @ RSAC 2022 Introducing Ghostwriter CLI For this release, we created an all-new tool to help you manage Ghostwriter’s services, Ghostwriter CLI! GitHub – GhostManager/Ghostwriter_CLI: Golang CLI binary used for installing and managing Ghostwriter Written entirely in Go, this command-line tool can be cross-compiled to support Windows, macOS, and Linux, so you can use whichever operating system you like as your host system for Ghostwriter. You only need to have Docker installed. Ghostwriter CLI greatly simplifies server management. Current Ghostwriter users will notice we have removed the need for the old environment files. We even removed the requirement for you to generate the TLS/SSL certificates for production environments (unless you want to use your own signed certificates). $ ./ghostwriter-cli help Ghostwriter-CLI Read More
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, returns to Las Vegas celebrating Black Hat USA’s 25th anniversary with a hybrid event on August 6 – August 11. The event will take place at Mandalay Bay Convention Center with both a virtual experience and an in-person event, offering a robust lineup of over 80 Briefings hand selected by the Black Hat Review Board, comprised of some of the industry’s most respected experts. Read More
US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional [Black Hat Asia 2022]
The future of cybersecurity public-private partnerships (PPP) will be about sharing efforts and pooling resources to provide a common defense, explained US national cyber director Chris Inglis during a fireside chat at Black Hat Asia Read More
How to Turn a Coke Can Into an Eavesdropping Device [Black Hat Asia 2022]
A soda can, a smartphone stand, or any shiny, lightweight desk decoration could pose a threat of eavesdropping, even in a soundproof room, if an attacker can see the object, according to a team of researchers from Ben-Gurion University of the Negev. Read More
Black Hat Asia: Democracy's Survival Depends on Taming Technology [Black Hat Asia 2022]
Technology is an existential threat to global democracy — requiring a shift to a transnationally regulated, culturally sensitive tech ecosystem that provides space for democracies to flourish. Read More
CISO Shares Top Strategies to Communicate Security's Value to the Biz [Black Hat Asia 2022]
When it comes to demonstrating the value of cybersecurity to a business, one of the biggest challenges is communicating ROI to the C-suite. The entrenched perception of security as an obstacle to productivity and other areas makes it very difficult for security engineers and nontechnical management to be on the same page. Read More
Black Hat Asia: ‘If democracy is to survive, technology will have to be tamed’ [Black Hat Asia 2022]
The internet is not currently, as its earliest advocates foresaw, “a great liberator of human expression and catalyst for pluralism and democratic thought”, reflects tech and geopolitics expert Samir Saran. Read More
'Peacetime in cyberspace is a chaotic environment' says senior US advisor [Black Hat Asia 2022]
Cyber war has become an emerged aspect of broader armed conflicts, commencing before the first shot is fired, cybersecurity expert Kenneth Geers told the audience at the Black Hat Asia conference on Friday. Read More
Software patching must work like car safety recalls, says US cyber boss [Black Hat Asia 2022]
Software made unsafe by dependencies should be fixed without users needing to interact with the source of the problem, according to US National Cyber Director Chris Inglis, who serves in the Executive Office of the President. Read More
Researchers find 134 flaws in the way Word, PDFs, handle scripts [Black Hat Asia 2022]
Security researchers have devised a tool that detects flaws in the way apps like Microsoft Word and Adobe Acrobat process JavaScript, and it's proven so effective they've found 134 bugs – 59 of them considered worthy of a fix by vendors, 33 assigned a CVE number, and 17 producing bug bounty payments totaling $22,000. Read More
To predict the targets of Chinese malware, look at the target of Chinese laws [Black Hat Asia 2022]
BLACK HAT ASIA Keep an eye on new Chinese government policies, if you want to anticipate malware attacks, a threat intelligence analyst suggested at the Black Hat Asia conference on Thursday. Read More
Black Hat founder on cyber-governance and Ukraine war [Black Hat Asia 2022]
BLACK HAT ASIA The war in Ukraine, and the Declaration for the Future of the Internet signed by 60 nations in late April, should be understood in the context of a global effort to recruit the nations of the world into blocs with different attitudes to internet governance. Read More
APT gang 'Sidewinder' goes on two-year attack spree across Asia [Black Hat Asia 2022]
BLACK HAT ASIA The advanced persistent threat gang known as SideWinder has gone on an attack spree in the last two years, conducting almost 1,000 raids and deploying increasingly sophisticated attack methods. Read More
Transforming SQL Queries Bypasses WAF Security [Black Hat Asia 2022]
A team of university researchers used basic machine learning to identify patterns that common Web application firewalls (WAFs) fail to detect as malicious, but which can still deliver an attacker's payload, one of the researchers said in a presentation at the Black Hat Asia security conference in Singapore on Thursday. Read More
Black Hat Asia: Firmware Supply Chain Woes Plague Device Security [Black Hat Asia 2022]
When it comes to developing the firmware that powers computing devices, the ecosystem consists of complex supply chains that have multiple contributors. For any given device, firmware could be made up of a hodgepodge of components from different sources. And that means that when it's time to address security vulnerabilities, it's far from a straightforward process to get a patch out to the public. Read More
On the Air With Dark Reading News Desk at Black Hat Asia 2022 [Black Hat Asia 2022]
Like many things since 2020, Dark Reading News Desk has had to adapt. Instead of broadcasting live interviews with security researchers presenting at Black Hat, News Desk shifted to prerecorded interviews with the speakers. Read More
It's time to kick China off social media, says tech governance expert [Black Hat Asia 2022]
BLACK HAT ASIA The time has come to remove Chinese voices from global social media, according to Samir Saran, president of Delhi-based think tank Observer Research Foundation (ORF), a commissioner of The Global Commission on the Stability of Cyberspace, and a member of Microsoft's Digital Peace Now Initiative. Read More
Known macOS Vulnerabilities Led Researcher to Root Out New Flaws [Black Hat Asia 2022]
Sometimes all it takes to root out a new software vulnerability is to study and analyze previous bug reports. That's how researcher Csaba Fitzl says he sniffed out some new Apple macOS vulnerabilities, one of which was a mirror image of a logic flaw that a group of researchers competing in the 2020 Pwn2Own contest found and executed there. Read More
1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin [Black Hat Asia 2022]
It's one of the more prolific yet lesser-known nation-state hacking groups in the world, and it's not out of China or Russia. The so-called SideWinder (aka Rattlesnake or T-APT4) group has been on a tear over the past two years, launching more than 1,000 targeted attacks. Read More
Black Hat Announces Keynote Speakers for Black Hat Asia 2022 Hybrid Event [Black Hat Asia 2022]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces Samir Saran, President of the Observer Research Foundation, and George Do, Chief Information Security Officer at Gojek and GoTo Financial, as Keynote speakers for Black Hat Asia 2022 hybrid event. Registration is open for the hybrid event offering a virtual only pass and an in-person pass, taking place at Marina Bay Sands in Singapore on May 10 – 13 (GMT +8h). Read More
Black Hat Announces Content Lineup for Black Hat Asia 2022 Hybrid Event [Black Hat Asia 2022]
SAN FRANCISCO--(BUSINESS WIRE)--Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces the release of its Briefings and content lineup for Black Hat Asia 2022. Registration is open for the hybrid event offering a virtual only pass and an in-person pass, taking place at Marina Bay Sands in Singapore on May 10 – 13 (GMT +8h). This year’s Briefings lineup will include over 30 talks spanning many topics on information security such as malware, reverse engineering, applied security, exploit development, cloud and platform security and more. Read More
An Optical Spy Trick Can Turn Any Shiny Object Into a Bug [Black Hat Asia 2022]
THE MOST PARANOID among us already know the checklist to avoid modern audio eavesdropping: Sweep your home or office for bugs. Put your phone in a Faraday bag—or a fridge. Consider even stripping internal microphones from your devices. Now one group of researchers offers a surprising addition to that list: Remove every lightweight, metallic object from the room that's visible from a window. Read More
Removing need to unlock mobile wallets for contactless payments has eroded security protections, researchers warn [Black Hat Europe 2021]
Moves to make it easier to use contactless payments on public transport systems have eroded the security of mobile wallets, security researchers have discovered. Read More
IoT Protocol Used by NASA, Siemens and Volkswagen Can Be Exploited by Hackers [Black Hat Europe 2021]
Maintained by the standards development organization Object Management Group (OMG), DDS is a middleware protocol and API standard for data connectivity that is advertised as ideal for business-critical IoT systems. DDS has been used in sectors such as public transportation, air traffic management, aerospace, autonomous driving, industrial robotics, medical devices, and missile and other military systems. Read More
How to Negotiate With Ransomware Attackers [Black Hat Europe 2021]
Organizations hit with ransomware often find themselves in a crisis: To pay or not to pay? Most security experts agree payment is not the ideal response to a ransomware attack. But the truth is, some organizations don't have a choice — and in these cases, they need to have a strategy. Read More
Black Hat Europe: Strong security relies on a 'culture of openness' [Black Hat Europe 2021]
Executives and managers need to do a better job of creating a safe space for knowledge-sharing if they hope to make their organisations more secure. Read More
Black Hat Europe on SOC psychology [Black Hat Europe 2021]
So much of cyber security is about technicalities, and seldom about workplace psychology. That’s as true of this week’s annual Black Hat Europe conference, online and in London; where titles of talks have included the intriguing ‘how your e-book might be reading you’; VPN exploits, ransomware, cloud account hacking, hacked databases of Azure customers, and so on. Read More
#BHEU: Zero Trust Protects Against Ransomware, Claims Engineer [Black Hat Europe 2021]
“A zero trust architecture can protect against ransomware” was the resounding claim made by Ben Jenkins, senior solutions engineer at ThreatLocker, during a session at Black Hat Europe 2021. Read More
#BHEU: Can Time Be Hacked? [Black Hat Europe 2021]
Time synchronization is a fragile ecosystem that is vulnerable to being hacked, with the potential for enormous damage to be caused. This was the message of Adam Laurie, global associate partner and lead hardware hacker, IBM X-Force Red, during the keynote address on day two of Black Hat Europe 2021. Read More
Zero tolerance: How infosec’s online ‘cancel culture’ is stunting industry growth [Black Hat Europe 2021]
Social media backlash and online squabbling is stopping the information security industry from learning from its mistakes, Black Hat Europe attendees heard today. Read More
What Happens If Time Gets Hacked [Black Hat Europe 2021]
Most people take time synchronization for granted, but it operates on what hardware security expert Adam Laurie calls a "fragile ecosystem." Laurie, a renowned hardware hacker, here today demonstrated an unnervingly simple way to alter time on a clock. Read More
#BHEU: 5 Ways to Approach Ransomware Negotiations [Black Hat Europe 2021]
Five key approaches organizations should take during ransomware negotiations with extorters to improve the outcome were outlined by Pepijn Hack, cybersecurity analyst of Fox-TT, part of NCC Group, in a session at Black Hat Europe 2021. Read More
Cloud Attack Analysis Unearths Lessons for Security Pros [Black Hat Europe 2021]
An attack group known for cloud-specific campaigns targeting Amazon Web Services (AWS) credentials has recently expanded its toolkit to steal more credentials from targeted cloud systems and deploy new tactics to exploit containerized Kubernetes systems. Read More
Black Hat Europe: ‘Failures in tech governance are eroding democracy’ [Black Hat Europe 2021]
Public and private sector bodies in charge of governing the use of technology in society are “effectively condoning” attacks on democracy, a leading expert on cyber security has said. Read More
#BHEU: Ransomware is The New Terrorism, Contends Cyber Expert [Black Hat Europe 2021]
“The continued survival and future of your organization cannot be based upon negotiations with criminals,” was the stark message given by Tanner Johnson, principal analyst of OMDIA, during his session at Black Hat Europe 2021. Read More
Apiiro Unveils Open Source Software Toolkit to Combat Dependency Confusion Attacks [Black Hat Europe 2021]
Apiiro, the leader in Application Risk Management, announced the release of the Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. The Dependency Combobulator allows organizations to safeguard against this newly uncovered type of risk, which has been on the rise this year as a key vector in supply chain attacks targeting dependencies within software packages. This new solution is a critical element in Apiiro’s multidimensional approach to securing the Software Development Lifecycle to prevent both direct and supply chain attacks. Read More
Businesses don't know how to manage VPN security properly - and cyber criminals are taking advantage [Black Hat Europe 2021]
Cyber attacks targeting vulnerabilities in virtual private networks (VPN) are on the rise, and many organisations are struggling to protect their networks.
Read More
Researcher Details Vulnerabilities Found in AWS API Gateway [Black Hat Europe 2021]
All it took was a space between characters and a few random letters, and Web researcher Daniel Thatcher was able to modify the HTTP header sent to Amazon API Gateway. Read More
Cybersecurity: This prolific hacker-for-hire operation has targeted thousands of victims around the world [Black Hat Europe 2021]
A hacker-for-hire operation offered by cyber mercenaries has targeted thousands of individuals and organisations around the world, in a prolific campaign of financially driven attacks that have been ongoing since 2015. Read More
#BHEU: Zero Trust Protects Against Ransomware, Claims Engineer [Black Hat Europe 2021]
“A zero trust architecture can protect against ransomware” was the resounding claim made by Ben Jenkins, senior solutions engineer at ThreatLocker, during a session at Black Hat Europe 2021. Read More
Dark Reading Video News Desk Comes to Black Hat Europe [Black Hat Europe 2021]
The Dark Reading News Desk has, in past years, come to you live from Black Hat with live video interviews featuring top security researchers who discuss the details of their presentations at the show. But as the world has changed, so too has our News Desk. Read More
#BHEU: How to Create a Safe and Democratic Digital Infrastructure [Black Hat Europe 2021]
Liberal nations must act now to ensure the digital ecosystem operates in a way that is conducive to democratic values. This was the message of Marrietje Schaake, international policy director at Stanford University’s Cyber Policy Center, speaking during the opening keynote session on day three of Black Hat Europe 2021. Read More
Black Hat Europe: Laws and regulations need to change to secure world’s digital infrastructure [Black Hat Europe 2021]
Tighter restrictions against digital weapons and a reframing of the economics of cybersecurity are needed to stop the erosion of democratic institutions and values, delegates at Black Hat Europe heard today (November 10).
Marietje Schaake, international policy director at Stanford University’s Cyber Policy Center, warned that the way the digital infrastructure currently operates is eroding democratic principles in ways that and leave us vulnerable to cyber-attacks. Read More
Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors [Black Hat Europe 2021]
A stakeout in digital investigations looks very different to the traditional images of sleuths camped out in blacked-out vans. Just ask Netherlands-based cybersecurity researcher Feike Hacquebord, who’d spent some months behind his computer screen tracking the activities of a hacker-for-hire crew called RocketHack when, in October 2020, he had a slice of luck. Data collected by his employer, Trend Micro, pointed to a web page used by RocketHack to monitor its victims. Requiring no password to enter, it effectively gave him a shop floor view of a bustling hacker-for-hire operation. Read More
Securing the Public: Who Should Take Charge? [Black Hat Europe 2021]
When governments rely on private organizations to build and protect their digital infrastructure, who is charged with protecting the public? How can troves of information stay secure at a time when the attack surface is rapidly expanding? Read More
Hacker-for-Hire Group Spied on More Than 3,500 Targets in 18 Months [Black Hat Europe 2021]
A Russian-speaking hacker-for-hire group has been quietly spying on thousands of individuals and organizations worldwide and selling highly private information about them to various customers, motivated by financial gain and by politically driven agendas. Read More
When Liza Minnelli sang that famous tune, “Money makes the world go around,” she should have added one more word: time. Time makes the world go around. It’s that one agreed-upon part of life that the world shares. From laptops to phones to wall clocks to just about every other technology, time is everywhere, controlling our important life responsibilities. In cybersecurity, time is also critical. Event log files rely on time. Forensic investigations rely on time. Networks rely on time. In fact, Network Time Protocol (NTP) is one of the oldest internet protocols still in use. Read More
Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks [Black Hat Europe 2021]
A researcher has created a method for testing and identifying how HTTP/HTTPS headers can be abused to sneak malicious code into back-end servers. Read More
APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm [Black Hat Europe 2021]
Virtual private networks (VPNs), which have become essential for many organizations that provide remote employees with access to private networks since the pandemic's onset, are a popular target for cyberattacks. Incident response teams say these attacks on VPNs aren't new, but attackers are finding new and sophisticated ways to compromise enterprise VPNs. Read More
Read Between the Lines: Finding Flaws in EPUB Reading Systems [Black Hat Europe 2021]
How secure is your e-reader? A team of security researchers curious to explore e-book security analyzed free EPUB reading applications and physical e-readers and found that many apps don't comply with security recommendations, and some popular applications are vulnerable to exploitation. Read More
Who's In Your Wallet? Exploring Mobile Wallet Security [Black Hat Europe 2021]
The rise of mobile wallet apps like Apple Pay, Google Pay, and Samsung Pay has made it easier for smartphone owners to pay for goods and services without touching a payment terminal. But as researchers found, some inconsistencies could make it easier for cybercriminals to commit fraud on stolen devices. Read More
Who's In Your Wallet? Exploring Mobile Wallet Security [Black Hat Europe 2021]
The rise of mobile wallet apps like Apple Pay, Google Pay, and Samsung Pay has made it easier for smartphone owners to pay for goods and services without touching a payment terminal. But as researchers found, some inconsistencies could make it easier for cybercriminals to commit fraud on stolen devices. Read More
10 Hot Red Team Tools Set to Hit Black Hat Europe [Black Hat Europe 2021]
The latest round of Black Hat Arsenal, next month at Black Hat Europe, is set to put the spotlight on a range of new and evolving tools tailor-made for penetration testers, red teamers, and other offensive security professionals. Some tools are brand new, while others are evolving and unveiling new features at the show. Either way, Arsenal will offer up plenty of tools for discovering misconfigurations, building out exploits, delivering payloads, tracking penetration testing campaigns, and more. Read More
Applying Behavioral Psychology to Strengthen Your Incident Response Team [Black Hat Europe 2021]
Cybersecurity incident response teams (CSIRTs) rely on technical and social skills. But focusing mostly on technical knowledge can come at the expense of communication and teamwork, according to a new study. Read More
Your Apple Pay payments can be stolen over the air — here's what to do [Black Hat Europe 2021]
Apple Pay payments can be stolen from your iPhone over the air, and the problem still exists because neither Apple nor Visa wants to be the one to fix it, UK-based researchers say.
Read More
Microsoft Azure Cloud Vulnerability Exposed Thousands of Databases [Black Hat USA 2021]
Microsoft's Azure cloud platform exposed the database keys of 3,300 customers, including Fortune 500 enterprises, that had used a data-science feature available on the platform since 2019, cloud security firm Wiz said this week. Read More
CISA: ProxyShell flaws being actively exploited, patch now [Black Hat USA 2021]
Nearly three weeks after the vulnerability set gained greater prominence at the Black Hat 2021 conference, the ProxyShell flaws are now being actively exploited by threat actors, according to an urgent CISA advisory published Saturday. Read More
Nasty new malware targets Microsoft Exchange servers [Black Hat USA 2021]
A new ransomware operator known as LockFile encrypts Windows domains after breaking into vulnerable Microsoft Exchange servers using the recently disclosed ProxyShell exploit. Read More
LockFile Ransomware Targets Microsoft Exchange Servers [Black Hat USA 2021]
Security researchers have discovered a new ransomware family called LockFile that appears to have been used to attack Microsoft Exchange servers in the US and Asia since at least July 20. Read More
Scaring up enterprise cybersecurity innovation at a pandemic-constrained Black Hat [Black Hat USA 2021]
The cybersecurity conference Black Hat roared back to Las Vegas last week in spite of a renewed mask mandate and a virtual event alternative. My mission: Uncover what’s next in the world of enterprise cybersecurity. Read More
Black Hat 2021: What we don’t know may be the greatest cybersecurity threat [Black Hat USA 2021]
I always come away from the Black Hat USA cybersecurity conference having learned something new, feeling inspired, and imbued with just the right amount of angsty determination to do my part to help improve what is, in my opinion, one of the most pressing collective problems of our time. Read More
More SolarWinds-style attacks are coming. Here's how to stop them [Black Hat USA 2021]
Supply-chain hacks are an information-security problem we probably had coming. In retrospect, these hacks—which target the mechanisms companies employ to manage and update their software and systems—seem as inevitable as a virus evolving to infect more people. Read More
The Ripple Effect: How increasing the number of women in the infosec can result in a happier workplace [Black Hat USA 2021]
The issue of diversity in the information security industry was a hot topic at Black Hat USA last week, as more companies look to create a more inclusive workplace. Read More
Top Hacks from Black Hat and DEF CON 2021 [Black Hat USA 2021]
Security researchers made up for the lack of audience interaction by showing that – like the athletes competing at this month’s Olympics and Paralympics – they could go faster, higher, and stronger together.
Still catching up on the proceedings? Look no further: Read More
Security of Open Source Components Requires More Collaborative Efforts [Black Hat USA 2021]
When security researchers and the open source community disclosed the Heartbleed vulnerability in OpenSSL in April 2014, the project — which underpins much of the secure communications for the Web — only had two full-time developers. The lack of resources for such a critical open source project highlights the issues open source projects and components continue to have: a lack of funding, slow patching, and — increasingly — a great deal of interest from attackers. Read More
The 20 Hottest Cybersecurity Products At Black Hat 2021 [Black Hat USA 2021]
Vendors are taking advantage of Black Hat 2021’s bright spotlight to launch new cybersecurity products, features, platforms and tools that will set the stage for the months and years to come. For the hundreds of exhibitors found at Black Hat, the Business Hall provides a chance to promote new products and highlight strategic shifts to an in-person audience of approximately 5,000. Read More
Black Hat Conference Yields New Cybersecurity Products [Black Hat USA 2021]
Black Hat USA, one of the premier cybersecurity conferences held yearly, is prime time for vendors to announce new cybersecurity products, and this year was no exception. Read More
Black Hat security conference returns to Las Vegas – complete with hacks to quiet the hotel guest from hell [Black Hat USA 2021]
After a year off due to a certain virus, the Black Hat and DEF CON security conferences returned to Las Vegas last week, just in time for the US government's attempts to foster more collaboration across the infosec industry. Read More
Microsoft Exchange servers are once again under attack [Black Hat USA 2021]
Threat actors have once again started scanning for the now-patched vulnerabilities in Microsoft Exchange, cybersecurity experts shared at the recent Black Hat 2021 conference. Read More
Apple plan to scan users’ iCloud photos raises new fears of government-mandated data access [Black Hat USA 2021]
A firestorm emerged on Friday and raged during the weekend over Apple's new "Expanded Protections for Children," a series of measures across Apple's platforms aimed at cracking down on child sexual abuse material (CSAM). The new protections address three areas, including communications tools for parents and updates to Siri and search to help children and parents deal with unsafe situations. Read More
At Black Hat, mobile and open-source software emerge as key cybersecurity dangers [Black Hat USA 2021]
Mobile platforms and open-source software emerged as key cybersecurity issues at the annual Black Hat USA cybersecurity conference this week, judging from presentations by a mix of onsite attendees and virtual streaming of briefings from security researchers around the globe. Read More
FragAttacks Foil 2 Decades of Wireless Security [Black Hat USA 2021]
The evolution of wireless security could at best be described as trial and error. The initial standard that debuted in the late 1990s — Wired Equivalent Privacy (WEP) — had significant security problems, and the first two version of Wireless Protected Access, WPA and WPA2, both have been found to be vulnerable to a variety of other security issues. Read More
White House officials share cybercrime strategy at conference [Black Hat USA 2021]
Department of Homeland Security Secretary Alejandro Mayorkas and CISA director Jen Easterly laid out the federal government's plan to tackle the recent uptick in ransomware attacks earlier this week. The two were keynote speakers at the annual Black Hat USA cybersecurity conference in Las Vegas. CBS News technology reporter Dan Patterson joined CBSN to discuss. Read More
#BHUSA: CISA Director Advocates for New Partnership to Improve Cybersecurity [Black Hat USA 2021]
Jen Easterly has only been on the job as the director of the United States’ Cybersecurity and Infrastructure Agency (CISA) for a few weeks, but she's looking to make a quick impact.
In a keynote at the Black Hat US 2021 hybrid event on August 5, Easterly outlined the goals of CISA and announced a series of new initiatives designed to help enable closer coordination and partnership between the US government and the private sector. The big news was the announcement of the Joint Cyber Defense Collaborative (JCDC) with an initial group of partners that includes CrowdStrike, Palo Alto Networks, FireEye, Microsoft, Google, Amazon Web Services, AT&T, Verizon, and Lumen. Read More
#BHUSA: DHS Chief: ‘We are Competing for the Future of Cyberspace’ [Black Hat USA 2021]
Alejandro Mayorkas, Secretary of the U.S. Department of Homeland Security (DHS), sees the future of cyberspace as being a contest of ideals, between openness and authoritarianism.
Mayorkas delivered his remarks in a keynote at the Black Hat US 2021 hybrid event on August 5. He noted that in recent years the cybersecurity landscape has shifted, with news headlines about data breaches; ransomware attacks disrupting hospitals, schools, food suppliers and pipelines; as well as interference in elections. The events of the last few years, according to Mayorkas, have served to reinforce the importance of cybersecurity, how it is governed and why there is a need for a free and secure cyberspace. Read More
AI Wrote Better Phishing Emails Than Humans in a Recent Test [Black Hat USA 2021]
NATURAL LANGUAGE PROCESSING continues to find its way into unexpected corners. This time, it's phishing emails. In a small study, researchers found that they could use the deep learning language model GPT-3, along with other AI-as-a-service platforms, to significantly lower the barrier to entry for crafting spearphishing campaigns at a massive scale. Read More
Security News This Week: Microsoft Edge’s ‘Super Duper Secure Mode’ Does What It Says [Black Hat USA 2021]
THIS WEEK, APPLE made an announcement as surprising as it was controversial. The company will begin scanning both iCloud and user devices for child sex abuse materials. It's using clever cryptography to do so, and it won't actually be able to view the images on a user's iPhone, iPad, or Mac unless it detects multiple instances of CSAM. But some cryptographers sounded the alarm over how the technology could be used in the future, especially by authoritarian governments. Read More
Security News in Review: Zero Trust, The Government, and You [Black Hat USA 2021]
This week in security has seen some new moves from the federal government on zero trust, tighter collaboration with the private tech sector, and more than a few new attacks from groups operating in China and Iran. With that said, here’s the security news in review. Read More
Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now [Black Hat USA 2021]
Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference.
Before we get to the active scanning of these vulnerabilities, it is important to understand how they have been disclosed. Read More
CISA to partner with Amazon, Google, Microsoft, Verizon, AT&T and more for cyberdefense initiative [Black Hat USA 2021]
CISA director Jen Easterly announced a new cyberdefense collaborative that will see government bodies partner with Google, Microsoft, Verizon and more on protective cybersecurity measures. Read More
Jen Easterly at Black Hat: Top cyber official calls for more 'ambitious' defenses while encouraging people to join CISA [Black Hat USA 2021]
In her first major speech since taking office, Cybersecurity and Infrastructure Security Agency Director Jen Easterly sought to elevate the young agency, pushing for more cybersecurity talent across the US and announcing a new initiative collaborating with the private sector on ransomware and other issues.
Read More
The U.S. wants Amazon, Google, Microsoft, and others to join them in the fight against cybercrime [Black Hat USA 2021]
The US government wants Big Tech to support its efforts to improve the security of the country's critical infrastructure against cyber threats. According to a report from the Wall Street Journal, the initiative is led by the Department of Homeland Security and is meant to bring the government and the private sector together in defending the country against cyberattacks. Read More
Black Hat USA: HTTP/2 flaws expose organizations to fresh wave of request smuggling attacks [Black Hat USA 2021]
HTTP/2 specification pitfalls and implementation errors have resulted in some of the world’s biggest tech companies exposing themselves to high-impact web attacks, new research shows. Read More
CISA Launches JCDC, the Joint Cyber Defense Collaborative [Black Hat USA 2021]
Jen Easterly, the newly appointed director of the Cybersecurity and Infrastructure Security Agency (CISA), officially invited the security industry to team up with the federal government to proactively address and defend against the growing wave of cyberattacks on US organizations and government agencies that have intensified over the past year. Read More
Bow to the USBsamurai: Malicious USB cable leaves air-gapped networks open to attack [Black Hat USA 2021]
Penetration testers tasked with auditing industrial environments for susceptibility to USB implants have been offered a new utility for their hacking toolbox. Read More
I Watched a Training Video for Iranian Hackers [Black Hat USA 2021]
Security researchers generally don’t discuss the little mistakes hackers make, and they never show hacking group training videos. But that’s exactly what happened at this year’s Black Hat, where a pair of researchers examined the eccentricities of an Iranian hacking group. Read More
The Scariest Things We Saw at Black Hat 2021 [Black Hat USA 2021]
Every year, the Black Hat security conference gathers the best and most frightening security research in one (sometimes digital) place. Here's what impressed and worried us in 2021. Read More
Black Hat USA: Downgrade attack against Let’s Encrypt lowers the bar for printing fraudulent SSL certificates [Black Hat USA 2021]
Security shortcomings in the mechanism used by Let’s Encrypt to validate web domain ownership create a loophole that allow cybercriminals to get digital certificates for domains more easily. Read More
DNS loophole could allow hackers to carry out “nation-state level spying” [Black Hat USA 2021]
Security researchers have discovered a flaw within major DNS-as-a-Service (DNSaaS) providers that could allow hackers to access confidential data within corporate networks. Read More
DHS secretary asks for more participation and cooperation with cybersecurity pros [Black Hat USA 2021]
Secretary of Homeland Security Alejandro Mayorkas closed Black Hat Thursday evening with a keynote address asking cybersecurity professionals to consider working for the Department of Homeland Security and, if that is not for them, help in other ways, including helping foster a diverse next generation of cyber talent. Read More
Black Hat Is Back: Scenes From The Show [Black Hat USA 2021]
Black Hat 2021 was one of the first large-scale technology conferences to take place in person since the arrival of COVID-19 last spring, with 5,000 cybersecurity enthusiasts convening in Las Vegas’ Mandalay Bay Convention Center to hear about ransomware, supply chain and critical infrastructure attacks from leaders including Homeland Security (DHS) Secretary Alejandro Mayorkas and CISA Director Jen Easterly. Read More
All your DNS were belong to us: AWS and Google Cloud shut down spying vulnerability [Black Hat USA 2021]
Until February this year, Amazon Route53's DNS service offered largely unappreciated network eavesdropping capabilities. And this undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider. Read More
Hybrid Black Hat Conference Features ‘Intimate’ Setting, Meaningful Conversations [Black Hat USA 2021]
The ongoing COVID-19 pandemic didn’t stop this year’s Black Hat conference from going live again in Las Vegas.
This time, the Black Hat conference was a virtual event, with most participants opting for virtual, while around 5,000 chose to attend in person. In addition, the business hall was noticeably smaller, lacking the presence of cybersecurity giants such as Mircrosoft, IBM, FireEye, Palo Alto Networks and more. That gave the startups and smaller providers a chance to stand out during this Black Hat conference. Read More
Cybersecurity conference goes ahead in Las Vegas [Black Hat USA 2021]
Despite the coronavirus pandemic, one of the world’s largest cyber security conferences – Black Hat is taking place in Las Vegas.
This year it’s part in-person and part virtual. Read More
Top cyber official calls for more 'ambitious' defenses while encouraging people to join CISA [Black Hat USA 2021]
In her first major speech since taking office, Cybersecurity and Infrastructure Security Agency Director Jen Easterly sought to elevate the young agency, pushing for more cybersecurity talent across the US and announcing a new initiative collaborating with the private sector on ransomware and other issues. Read More
The Cybersecurity 202: CISA’s new director brought a unique style to Black Hat [Black Hat USA 2021]
The government’s new cybersecurity quarterback made a strong appeal at the Black Hat conference for industry cyber pros to partner with government to counter hacking threats.
The entreaty from Cybersecurity and Infrastructure Security Agency Director Jen Easterly comes amid an unprecedented wave of cyberattacks against critical industry sectors that are threatening to disrupt the flow of electricity, water and gas and dramatically affect national and economic security. Read More
Black Hat: Charming Kitten Leaves More Paw Prints [Black Hat USA 2021]
The suspected Iranian threat group that IBM Security X-Force calls ITG18 and which overlaps with the group known as Charming Kitten keeps leaving a trail of paw prints. Read More
Hillicon Valley: Senators highlight security threats from China during rare public hearing | Facebook suspends accounts of NYU researchers who've criticized platform [Black Hat USA 2021]
The leaders of the Senate Intelligence Committee and other officials warned Wednesday of increasing threats from China on a number of fronts, including the stealing of intellectual property, malign influence and cyberattacks. Read More
Shutterstock START SLIDESHOW Black Hat USA: Worst Supply Chain Attacks Are Yet to Come [Black Hat USA 2021]
It’s early days in terms of supply chain cyberattacks, according to the opening keynote speaker at Black Hat USA 2021. Furthermore, the size and scope of what’s to come will make what’s happened so far look like “peanuts.” Read More
Why Supply Chain Attacks Are Destined to Escalate [Black Hat USA 2021]
The epic software supply chain attacks over the past year, including the high-profile breaches of SolarWinds, Microsoft Exchange Server, Kaseya, and Codecov, were only the beginning. Read More
Google, Amazon forced to patch DNS platforms after serious bug discovered [Black Hat USA 2021]
Cybersecurity researchers have disclosed a security issue that affected hosted DNS service providers and can be exploited to monitor incoming traffic and map the victim’s internal networks. Read More
Pew! Pew! Researcher Uses Laser to Steal Data From a Tiny Chip [Black Hat USA 2021]
The Black Hat conference is often about spectacle, and few things are more attention-grabbing than lasers. In his virtual presentation, Ledger's Hardware Security Expert Olivier Heriveaux used precisely timed laser blasts to trick a chip into giving up its secrets. Read More
I Watched a Training Video for Iranian Hackers [Black Hat USA 2021]
Security researchers generally don't discuss the little mistakes hackers make, and they never show hacking group training videos. But that's exactly what happened at this year's Black Hat, where a pair of researchers examined the eccentricities of an Iranian hacking group. Read More
Amazon, Google and other tech companies join government effort to fight ransomware [Black Hat USA 2021]
Amazon, Google and Microsoft are among several tech companies that have agreed to join a government effort to fight ransomware as cyber attacks have become regular threats to U.S. organizations. Read More
Beware Your Browser Messing With Your Files [Black Hat USA 2021]
Using just a browser and some clever tricks, a researcher presenting at the Black Hat security conference demonstrated how to weaponize a tool intended to make websites more like apps. Read More
Researchers Find Significant Vulnerabilities in macOS Privacy Protections [Black Hat USA 2021]
Applications that are allowed to run on Apple's operating system, macOS, can exceed the permissions granted to them by the user and the operation system, allowing a variety of privacy attacks, such as grabbing address book information, taking screenshots, and gaining access to system files, two researchers stated at a Black Hat USA briefing on Aug. 4. Read More
Organizations Still Struggle to Hire & Retain Infosec Employees: Report [Black Hat USA 2021]
Is the cybersecurity skills shortage overstated? No, according to a recent survey of Information Systems Security Association (ISSA) members. The majority of respondents report the skills shortage is a significant problem that is hurting organizations. Read More
Strong Encryption Is 'Absolutely Fundamental,' US Cybersecurity Chief Says [Black Hat USA 2021]
Encryption technology sometimes seems at odds with the goals of government and law enforcement, but Jen Easterly, the recently confirmed director of the Cybersecurity and Infrastructure Security Agency (CISA), gave it her stamp of approval during today's Black Hat security conference. Read More
Black Hat: How cybersecurity incidents can become legal minefields [Black Hat USA 2021]
When a company becomes the victim of a cyberattack, executives are faced with a tsunami of challenges: containing a breach, remediation, informing customers and stakeholders, identifying those responsible, and conducting a forensic analysis of the incident -- to name but a few. Read More
New DNS vulnerability allows 'nation-state level spying' on companies [Black Hat USA 2021]
Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks. Read More
4 things I learned at Black Hat 2021 [Black Hat USA 2021]
The Black Hat 2021 cybersecurity conference took place in Las Vegas this week, and it’s been a whirlwind few days. The awkwardness of returning to face-to-face events and the sensory overload of walking through the Mandalay Bay casino gave way to some fantastic content from the sessions and engaging discussions on the show floor. It was great to get back together with the security community and really reconnect after a truly extraordinary year in security — and in society. As I head home, a few themes that seemed to underpin so much of the show are now coalescing in my mind. Read More
Federal cyber agency kicks off collaborative to defend the U.S. against cyberattacks [Black Hat USA 2021]
The Cybersecurity and Infrastructure Security Agency (CISA) on Thursday kicked off a new effort to help defend the U.S. against cyberattacks, which have multiplied in recent months. Read More
Black Hat: New CISA Head Woos Crowd With Public-Private Task Force [Black Hat USA 2021]
Just weeks after the U.S. Senate confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency (CISA), the new director spoke at Black Hat USA 2021 on Thursday, albeit virtually, announcing a major public-private partnership to fight cybercrime. Read More
Some Cyber Experts Want to Investigate Hacks Like Plane Crashes [Black Hat USA 2021]
President Biden in May ordered the Department of Homeland Security to create a public-private board to investigate major hacks but offered few details on how the initiative would work. Some security wonks say the administration should look to transportation disasters for clues. Read More
The 20 Hottest Cybersecurity Products At Black Hat 2021 [Black Hat USA 2021]
Vendors are taking advantage of Black Hat 2021’s bright spotlight to launch new cybersecurity products, features, platforms and tools that will set the stage for the months and years to come. For the hundreds of exhibitors found at Black Hat, the Business Hall provides a chance to promote new products and highlight strategic shifts to an in-person audience of approximately 5,000. Read More
What to Expect at Black Hat 2021 [Black Hat USA 2021]
The COVID-19 outbreak forced many large conferences to either move online or cancel altogether. In 2020, the Black Hat hacker convention chose to go online-only for the first time in its decades-long history. This year, Black Hat is back in its natural habitat (the Mandalay Bay Convention Center in Las Vegas), but some of us will still be attending from home. Read More
Watch a Hacker Hijack a Capsule Hotel's Lights, Fans, and Beds [Black Hat USA 2021]
When staying in a “capsule hotel,” the Japanese style of budget accommodation that packs guests into tiny, adjoining rooms not much bigger than their bodies, be considerate of your neighbors. Especially if the capsule hotel you're staying in offers digital automation features—and a hacker is staying in the next room over. Read More
Kaseya Ransomware Attack: 10 Things MSPs Must Do To Protect Themselves [Black Hat USA 2021]
The REvil gang pulled off one of the biggest ransomware heists in years, exploiting a vulnerability in Kaseya’s on-premise VSA remote monitoring and management (RMM) tool to compromise nearly 60 MSPs and encrypt the data and demand ransom payments from up to 1,500 of their end user customers. Read More
Black Hat: Let’s All Help Cyber-Immunize Each Other [Black Hat USA 2021]
The in-person Black Hat USA 2021 cybersecurity conference is back, after a pandemic-forced, year-long hiatus, with attendance notably down but spirts up among attendees eager to get back to networking, learning and returning to some normalcy. Read More
You Are Not Alone: Hacking a Capsule Hotel [Black Hat USA 2021]
Capsule hotels aren’t common in the US, but those who’ve traveled in Asia, especially Japan, may have encountered them. Instead of a room, you get a tiny capsule, barely bigger than the one-person bed. On checking in to such a hotel, Kya Supa, security consultant for LEXFO did what any security researcher would do—he hacked the system. Read More
Several Malware Families Targeting IIS Web Servers With Malicious Modules [Black Hat USA 2021]
A systematic analysis of attacks against Microsoft's Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years. Read More
What App Stores Get Right (and Very Wrong) About Security [Black Hat USA 2021]
The Black Hat security conference's keynote was a sobering evaluation of how supply chain attacks have changed the entire economics of hacking, and served as a pointed call for mobile app stores to provide greater transparency to third-party security companies. Read More
Black Hat 2021: WARCannon simplifies web-wide vulnerability research [Black Hat USA 2021]
An open source tool that makes grepping the internet for web vulnerabilities simpler, faster, and cheaper was unveiled at Black Hat USA today.
Read More
Black Hat 2021: Zero-days, ransoms, supply chains, oh my! [Black Hat USA 2021]
Software supply chain attacks are growing at an alarming pace, in a stark development that upends the delicate balance cybersecurity relies on, infosec luminary Matt Tait told delegates at the Black Hat USA conference today (August 4). Read More
Excel 4 Is Alive and Well, and Ready to Attack [Black Hat USA 2021]
You've got to be a real cybergeezer to remember using Excel 4, given that it was replaced by Excel 5 in 1993. After almost 30 years, surely everyone is running a more up-to-date version of Microsoft's popular spreadsheet software. So why do we care about Excel 4? It turns out that Excel 4's macro system is alive, armed, and dangerous. Read More
A New Approach to Securing Authentication Systems' Core Secrets [Black Hat USA 2021]
dvanced persistent threat (APT) groups have long sought credentials to access, move laterally throughout, and persist in target networks. Defenders have attempted to mitigate the risk with multifactor authentication (MFA), which, while effective in most cases, can fall short of protecting the most lucrative data. Read More
This dangerous security bug affects nearly all hospitals in North America [Black Hat USA 2021]
Researchers from the IoT security firm Armis have discovered nine critical vulnerabilities in the Nexus Control Panel which is used to power all current models of Translogic's pneumatic tube system (PTS) stations by Swisslog Healthcare. Read More
Black Hat: The NOC’s eye view [Black Hat USA 2021]
Around infosec campfires, spooky tales are told about the horrors of logging on to the public networks at Black Hat and DEF CON, culminating in the legendarily adversarial network of the latter. But Bill Swearingen, strategist with Black Hat network operations center vendor IronNet, says that if his firm does its job well, Black Hat will not be such a scary place to be. Read More
Hospitals Still Use Pneumatic Tubes-and They Can Be Hacked [Black Hat USA 2021]
IT'S ALL TOO common to find hackable flaws in medical devices, from mammography machines and CT scanners to pacemakers and insulin pumps. But it turns out that the potential exposure extends into the walls: Researchers have found almost a dozen vulnerabilities in a popular brand of pneumatic tube delivery system that many hospitals use to to carry and distribute vital cargo like lab samples and medicine. Read More
There's yet another new PrintNightmare hack [Black Hat USA 2021]
The PrintNightmare vulnerability is living up to its name with another cybersecurity researcher exploiting the bug in a privilege escalation attack Read More
Black Hat USA 2021 and DEF CON 29: What to expect from the security events [Black Hat USA 2021]
Following a string of major cyberattacks and proposed initiatives by the U.S. government to better thwart them, cybersecurity has never been so uppermost on the minds of organizations and individuals around the world. That's why this week's Black Hat and DEF CON conferences promise to run hot and heavy with a host of topics in the world of security. But what discussions should we expect at this year's events? Here are some thoughts from a variety of analysts. Read More
Inside the Famed Black Hat NOC [Black Hat USA 2021]
It's been called one of the most "hostile" networks in the world, but the managers of the Black Hat network operations center (NOC) contend that it's merely the most unique. After all, they can't just block all malicious-looking network traffic because they could inadvertently disrupt legitimate Black Hat activities, such as on-stage hacking tool demo or Trainings course exercise. Read More
Hackers Got Past Windows Hello by Tricking a Webcam [Black Hat USA 2021]
BIOMETRIC AUTHENTICATION IS a key piece of the tech industry's plans to make the world password-less. But a new method for duping Microsoft's Windows Hello facial-recognition system shows that a little hardware fiddling can trick the system into unlocking when it shouldn't. Read More
Researchers Create New Approach to Detect Brand Impersonation [Black Hat USA 2021]
Security researchers have designed a new way to detect brand impersonation using Siamese Neural Networks, which can learn and make predictions based on smaller amounts of data. Read More
Beyond Kaseya: Everyday IT tools can offer ‘God Mode’ for hackers [Black Hat USA 2021]
ACROSS THE INTERNET, more than a thousand companies spent the past week digging out from a mass ransomware incident. In the wake of the devastating compromise of Kaseya's popular IT management tool, researchers and security professionals are warning that the debacle isn't a one-off event, but part of a troubling trend. Hackers are increasingly scrutinizing the entire class of tools that administrators use to remotely manage IT systems, seeing in them potential skeleton keys that can give them the run of a victim's network. Read More
New Framework Aims to Describe & Address Complex Social Engineering Attacks [Black Hat USA 2021]
Deepfake and related synthetic media technologies have helped attackers develop ever-more-realistic social engineering attacks in recent years, putting pressure on defenders to change the strategies they use to detect and address them. Read More
Microsoft Releases Emergency Patch for 'PrintNightmare' Vuln [Black Hat USA 2021]
Microsoft has rushed out an emergency security update for "PrintNightmare," a critical remote code execution vulnerability present in all versions of its Windows operating system. Read More
Black Hat Announces Matt Tait as One of Its Keynote Speakers for Black Hat USA 2021 Hybrid Event [Black Hat USA 2021]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces Matt Tait, Chief Operating Officer at Corellium, as a Keynote speaker for the Black Hat USA 2021 hybrid event. Tait will present his Keynote talk "Supply Chain Infections and the Future of Contactless Deliveries" taking place in Las Vegas at Mandalay Bay Events Center on Wednesday, Aug. 4 at 9 a.m. PT. Read More
Black Hat Announces Matt Tait as One of Its Keynote Speakers for Black Hat USA 2021 Hybrid Event [Black Hat USA 2021]
Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces Matt Tait, Chief Operating Officer at Corellium, as a Keynote speaker for the Black Hat USA 2021 hybrid event. Tait will present his Keynote talk “Supply Chain Infections and the Future of Contactless Deliveries” taking place in Las Vegas at Mandalay Bay Events Center on Wednesday, Aug. 4 at 9 a.m. PT. Read More
Researchers Learn From Nation-State Attackers' OpSec Mistakes [Black Hat USA 2021]
When security intelligence teams talk about human error, the conversation typically focuses on the victim of a cyberattack. What might they learn if they analyzed attackers' mistakes instead? Read More
Black Hat USA 2021: PortSwigger's latest research to be unveiled [Black Hat USA 2021]
Two years ago, PortSwigger's director of research James Kettle presented "HTTP Desync Attacks" on-stage at BlackHat USA and kicked off a wave of request smuggling, but at that time HTTP/2 escaped serious analysis. At this year's BlackHat USA event, James will be unveiling his latest research, "HTTP/2: The Sequel is Always Worse". Read More
Black Hat USA 2021: Full Schedule & Hybrid Event Programming [Black Hat USA 2021]
Black Hat, the world’s leading producer of information security events, announces its full schedule including in-person and virtual programs for Black Hat USA 2021. Taking place in Las Vegas at the Mandalay Bay Convention Center and virtually, this year’s event will feature over 90 Briefings, four days of virtual Trainings and new virtual programs. Read More
Attackers Already Unleashing Malware for Apple macOS M1 Chip [Black Hat USA 2021]
It was only a matter of time. Apple Macs are growing in popularity in the enterprise - as is the number of malware variants targeting macOS. But the much-anticipated arrival of Apple's new system-on-a-chip, the M1, has spawned a new generation of macOS-specific malware that anti-malware tools, threat hunters, and researchers must quickly learn to spot and, ultimately, thwart. Read More
The Danger of Action Bias: Is It Always Better to Act Quickly? [Black Hat USA 2021]
When a data breach hits, the best response is to act quickly and forcefully … right?
Not necessarily, experts say. The impulse for cybersecurity pros to have control over a situation is common — after all, you don't want to be the CISO who didn't act after learning about an attack — but hastily made decisions may do more harm than good or create a problem where one didn't exist. Read More
New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies [Black Hat USA 2021]
Cloud security researchers from Wiz.io were poking around at Amazon Web Services' Route53 Domain Name Service (DNS) earlier this year when they suddenly realized that its self-service domain registration system let them set up a new hosted zone with the same name as the real AWS name server it was using. Within seconds, they watched in shock as their phony name server got flooded with DNS queries from other AWS customers' networks: external and internal IP addresses, computer names for finance, human resources, production servers, and organization names. Read More
Misconfigurations in most Active Directory environments create serious security holes, researchers find [Black Hat USA 2021]
Common misconfigurations in Active Directory Certificate Services can allow attackers to steal credentials, escalate privileges, and achieve domain persistence, security researchers have found.
“In our experience, almost every Active Directory installation we’ve looked at over the last decade has had some kind of misconfiguration issue,” said Lee Christensen and Will Schroeder, Technical Architects at SpecterOps.
The researchers have detailed their findings in a comprehensive white paper (PDF) and a blog post, and will present them at this year’s Black Hat USA security conference. Read More
Report: Active Directory Certificate Services a big security blindspot on enterprise networks [Black Hat USA 2021]
As the core of Windows enterprise networks, Active Directory, the service that handles user and computer authentication and authorization, has been well studied and probed by security researchers for decades. Its public key infrastructure (PKI) component, however, has not received the same level of scrutiny and, according to a team of researchers, deployments are rife with serious configuration mistakes that can lead to account and domain-level privilege escalation and compromise. Read More
Your Guide to Hacker Summer Camp 2021 [Black Hat USA 2021]
This will be my 21st year attending Hacker Summer Camp. Back in 2000, it was just Black Hat USA followed by DEF CON, and only a handful of people knew about it. Now it’s a full nine days of technical conferences starting with Black Hat training sessions on early Saturday, followed by BSidesLV, then the Black Hat briefings themselves, followed by DEF CON ending the following Sunday. And several thousand of my closest friends all in one place. It’s draining to stay for the whole thing; and it’s even draining if you attend just a small part. So pace yourself. Read More
Black Hat Announces Briefings Lineup for Black Hat USA 2021 Hybrid Event [Black Hat USA 2021]
Black Hat, the world’s leading producer of information security events, will return to Las Vegas with its hybrid event Black Hat USA on July 31 – August 5. The event will take place at the Mandalay Bay Convention Center with both a virtual experience and an in-person event, offering a robust lineup of over 90 Briefings hand selected by the Black Hat Review Board, comprised of some of the industry’s most respected experts. Read More
‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices [Black Hat USA 2021]
A Belgian security researcher specializing in Wi-Fi bugs has unearthed a clutch of new ones, which he called FragAttacks, that affect the Wi-Fi standard itself. The name is short for “fragmentation and aggregation attacks.”
Some bugs date back to 1997, meaning that computers, smartphones or other smart devices as old as 24 years may be vulnerable to attackers in Wi-Fi range. If attackers are near enough, they could intercept the owner’s information, trigger malicious code, and/or take over the device. Read More
This Guy Designed an Android App That Deletes All Your Phone's Data When Police Try to Crack It [Black Hat Asia 2021]
These days, if you’re arrested and charged with a crime, the first thing cops will probably try to do is look at the contents of your phone. Digital forensics is increasingly a favorite way to secure a conviction, or at least gain a broader understanding of a crime. Read More
[BHAsia 2021] แอปพลิเคชันมือถือไม่ละเมิดข้อมูลผู้ใช้ ตามคำประกาศจริงหรือไม่ [Black Hat Asia 2021]
เมื่อเราติดตั้งแอปพลิเคชันมือถือเรามักจะได้รับข้อความที่แสดงเจตนาการขอเข้าใช้งานข้อมูลบางอย่าง เพื่อนำไปใช้ในการให้บริการ เคยสงสัยไหมว่าจริงหรือไม่ที่แอปพลิเคชันเหล่านั้นจะรักษาข้อตกลงว่าจะไม่ละเมิดสิทธิในข้อมูลอันแสนเปราะบางเหล่านั้น ที่งาน Black Hat Asia 2021 มีงานศึกษาหนึ่งที่ได้เข้าไปทดสอบแอปพลิเคชันกว่า 1,400 ตัว Read More
Surveillance Is Affecting the Interests of Potential Security Experts – Black Hat Asia 2021 [Black Hat Asia 2021]
The demand for cybersecurity experts is thriving, especially in today’s digital landscape where threats actors are utilising more and more advanced threats for their nefarious acts. Such a profession needs a conducive environment, however, allowing them to perform in cyberspace with little to no restrictions from authorities. Read More
Onderzoekers foppen computer vision met onverwacht naastliggend object [Black Hat Asia 2021]
Computer vision-algoritmen blijken op een opvallende manier in de war te brengen te zijn. Wanneer er een volledig ongerelateerd object naast het bedoelde object staat, blijken computers niet meer te snappen wat ze zien. Door deze kennis toe te passen, kunnen bijvoorbeeld zelfrijdende auto’s gefopt worden. Read More
This Android App Promises To Wipe Your Phone If Cops Try To Hack It [Black Hat Asia 2021]
If the police get hold of a smartphone and they have a warrant to search it, they’ll often turn to a tool from Israeli company Cellebrite that can hack into it and download the data within. But on Friday a security researcher is releasing an app that he says can detect when a Cellebrite is about to raid the device, turn the phone off and wipe it. Read More
How North Korean APT Kimsuky Is Evolving Its Tactics [Black Hat Asia 2021]
North Korean APT group Kimsuky is adopting new tactics, techniques, and procedures in global attacks, report researchers whose findings indicate the group's operations have sufficient differences to warrant splitting it into two smaller subgroups: CloudDragon and KimDragon. Read More
Black Hat Asia 2021: Are We Leaking Data Without Knowing it? [Black Hat Asia 2021]
Black Hat Asia 2021 kicked off with an interesting opening keynote presentation by Troy Hunt, a security researcher and founder of “Have I Been Pwned”, a website that helps people check and see if their emails have been compromised. Read More
Researchers say objects can hide from computer vision by seeking out unusual company that trips correlation bias [Black Hat Asia 2021]
Computer vision systems display “correlation bias” that makes it possible to create adversarial images, that could have real-world consequences such as messing with self-driving cars’ ability to accurately interpret road signs. Read More
Kids in Hong Kong and other highly surveilled states worry infosec careers are just asking for trouble [Black Hat Asia 2021]
Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire. Read More
[BHAsia 2021] 6 บทเรียนจากข้อมูลที่รั่วกว่า 11,000 ล้านรายการบน Have I Been Pwned [Black Hat Asia 2021]
ภายในงานสัมมนา Black Hat Asia 2021 ที่กำลังจัดอยู่ในขณะนี้ Troy Hunt ผู้ก่อตั้งเว็บ Have I Been Pwned ได้มาบรรยายในเซสชัน Keynote และแชร์สิ่งที่เขาได้เรียนรู้หลังจากเก็บรวบรวมข้อมูลที่รั่วไหลมากกว่า 11,000 ล้านรายการตลอด 8 ปีที่ผ่านมา ซึ่งสามารถสรุปได้ 6 บทเรียน ดังนี้ Read More
New Techniques Emerge for Abusing Windows Services to Gain System Control [Black Hat Asia 2021]
Several new techniques have become available recently that give attackers a way to abuse legitimate Windows services and relatively easily escalate low-level privileges on a system to gain full control of it. Read More
Troy Hunt at Black Hat Asia: ‘We’re making it very difficult for people to make good security decisions’ [Black Hat Asia 2021]
Imagine a parent’s terror when the geolocation of their child’s smart watch suddenly switches from tennis practice to the middle of the ocean. Read More
Troy Hunt: Organizations Make Security Choices Tough for Users [Black Hat Asia 2021]
Data breach notification website Have I Been Pwned (HIBP) has processed more than 11 billion compromised records from breached websites and publicly accessible databases since it was launched in 2013, offering a window into attacks and security issues that put users' data at risk. Read More
Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security [Black Hat Asia 2021]
'Enter Sandbox': Automating Linux Seccomp for Better AppSec: Linux seccomp is a powerful way to build secure applications, but it’s a grueling manual process. At Black Hat Asia, security researchers (slash Metallica fans) show how they’ve now automated the process to expand its use. Claudio Canella, phD candidate at Graz University of Technology tells Dark Reading about the session "Enter Sandbox," co-presented by Graz University of Technology postdoctoral researcher Mario Werner and Hemoltz Center for Information Security faculty Michael Schwarz. Read More
Researcher Finds New Vulnerabilities in Cellebrite's Tools [Black Hat Asia 2021]
The question was posed late last month by Signal, the messaging app that is a recent new target for Cellebrite's data-collecting tools for law enforcement. Signal's founder, Moxie Marlinspike, contended that software vulnerabilities found in Cellebrite's tools could be used to tamper with evidence. As a result, one lawyer has already filed a motion for a new trial. (see: Signal Founder Says Cellebrite's Forensics Tools Flawed). Read More
Researchers Explore Active Directory Attack Vectors [Black Hat Asia 2021]
Active Directory is a massive and complex attack surface that has long been a prime target for criminals seeking valuable privileges and data. Incident responders find the service is involved in the bulk of attacks they investigate, underscoring major security challenges for defenders. Read More
Researchers Connect Complex Specs to Software Vulnerabilities [Black Hat Asia 2021]
Six common mistakes in implementing network software led to scores of vulnerabilities, highlighting the impact that complex design requirements and ambiguous specifications can have on software security, according to two security researchers who plan to talk about at next week's Black Hat Asia conference. Read More
Do Cyberattacks Affect Stock Prices? It Depends on the Breach [Black Hat Asia 2021]
In the aftermath of a data breach, ransomware attack, or vulnerability disclosure, organizations may think about how the news will cause their stock price to dip. New research indicates that although security incidents do affect stock price, the size of this impact largely depends on the circumstances — and rarely lasts. Read More
SniperPhish: An all-in-one open-source phishing toolkit [Black Hat Asia 2021]
SniperPhish is an all-in-one open-source phishing toolkit that pentesters and other security professionals can use for setting up and executing email and web-based spear phishing campaigns. Read More
Cloud Sniper: Manage and automate cloud security operations [Black Hat Asia 2021]
Cloud Sniper is an open-source platform for managing cloud security operations that aims to make it easy for cloud teams to deal with security incidents. Read More
10 Free Security Tools at Black Hat Asia 2021 [Black Hat Asia 2021]
As in previous years, next month's Black Hat Asia 2021 virtual event will feature a full lineup of free security tools -- some new and some updated versions of existing tools. Read More
The World’s Largest Hacking Conferences Are Back IRL This Summer [Black Hat USA 2021]
For thousands of people in the hacking and cybersecurity world, the back-to-back Def Con and Black Hat conferences in Las Vegas are marked in red on their calendars. With its legendary badges, extravagant parties, and diverse set of activities—talks, movie viewings, and the massive capture the flag event—Def Con is widely considered the hacking conference. Read More
Security Gaps in IoT Access Control Threaten Devices and Users [Black Hat Asia 2021]
A team of Internet of Things security researchers has discovered vulnerabilities in the way IoT device vendors manage access across multiple clouds and users, putting both individuals and vendors at risk. Read More
A huge new hacking threat was just discovered [Black Hat Asia 2021]
“You have the watches,” goes a famous quote with different variations throughout history but most recently attributed to a captured Taliban commander, “but we have the time.” Read More
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices [Black Hat Asia 2021]
Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Read More
NAME:WRECK vulnerabilities could impact 100 million servers, IoT devices [Black Hat Asia 2021]
Security researchers say they have uncovered nine vulnerabilities in four TCP/IP stacks that could be used to target a range of servers, medical and industrial devices. Read More
Touch and go: Contactless payment security controls defeated by security researchers [Black Hat Asia 2020]
In follow-up research presented at Black Hat Asia last week, Galloway and Yunusov showed how it was possible to bypass multi-factor authentication controls designed to guard against tap-and-go fraud with contactless credit and debit cards. Read More
Android Camera Bug Under the Microscope [Black Hat Asia 2020]
This vulnerability could be exploited even if the phone was locked, its screen was turned off, or if the person was on a call, explained Erez Yalon, director of security research at Checkmarx, where a team of researchers discovered the flaw last summer. Yalon offered a hacker's perspective of discovering and reporting the flaw in a talk at this year's virtual Black Hat Asia. Read More
4G and 5G networks are vulnerable due to their mix with old technologies [Black Hat Asia 2020]
During a Black Hat Asia presentation on Friday, Sergey Puzankov, a security expert at Positive Technologies, highlighted the SS7 protocol as one of the problems still plaguing the telecommunications industry. This protocol was developed in 1975 and has not evolved much since then. Read More
Vulnerability to Old Tech – How 5G May Face Problems [Black Hat Asia 2020]
Black Hat Asia, a tech security conference held in Singapore, included researchers who demonstrated how modern networks such as 5G could be vulnerable to systems that are decades old and yet are still able to connect to such networks. Read More
Sharkcop: Google Chrome extension uses machine learning to detect phishing URLs [Black Hat Asia 2020]
A Google Chrome browser extension that identifies suspected phishing URLs with a machine learning algorithm was unveiled at Black Hat Asia last week. Read More
Vulmap: Aiding privilege escalation with CVE-mapping vulnerability scanner [Black Hat Asia 2020]
A hacking tool designed to aid privilege escalation by leveraging known security vulnerabilities was demonstrated at Black Hat Asia last week. Read More
Researching vulnerabilities in computer systems is becoming similar to watching wildlife. [Black Hat Asia 2020]
Computer security researcher Daniel Gruss, an assistant professor at the Austrian University of Technology in Graz, spoke at the Black Hat Asia conference yesterday in Singapore's time zone. It was Gruess' team that discovered the Meltdown and Specter vulnerabilities in Intel processor architectures and beyond. According to the expert, computer security has been irreparably damaged by the increased complexity of the systems. But there is a cure, although not absolute. Read More
Searching for vulnerabilities in computer systems is becoming akin to observing life in wildlife [Black Hat Asia 2020]
Computer security researcher Daniel Gruss, assistant professor at the Austrian University of Technology Graz, spoke at the Black Hat Asia conference yesterday in the Singapore time zone . It was Gruess's team that discovered the Meltdown and Specter vulnerabilities in Intel processor architectures and beyond. According to the expert, computer security has been irreparably disturbed by the increased complexity of systems. But there is a cure, although not absolute. Read More
Protocols from the 1970s pose a risk to 5g users [Black Hat Asia 2020]
In connection with this year's edition of the conference Black Hat Asia, security expert Sergey Puzankov from Positive Technologies has described a wide range of potential security problems with the 5g network. Read More
5G networks are vulnerable due to "bad" old technologies [Black Hat Asia 2020]
During a presentation at Black Hat Asia on Friday entitled "Back to the Future. Cross-Protocol Attacks in the Era of 5G ", positive security expert Sergey Puzankov stressed how pending issues in the SS7 protocol still plague the telecommunications industry. Read More
Grinder Framework helps overcome Shodan false negatives and blind spots [Black Hat Asia 2020]
“The Grinder Framework is an open source security research toolkit adopted to Internet-wide surveys and allows you to use the full power of tools like Nmap, Shodan, Censys, Vulners, and TLS-attacker, and bringing the light through tailored scanning and threat intelligence approach,” the researchers explain in a preview for a presentation for an Arsenal session held during Black Hat Asia today (October 1). Read More
4G, 5G networks could be vulnerable to exploit due to ‘mishmash’ of old technologies [Black Hat Asia 2020]
During a presentation at Black Hat Asia on Friday called "Back to the Future. Cross-Protocol Attacks in the Era of 5G," Positive Technologies security expert Sergey Puzankov highlighted how outstanding issues in the SS7 protocol still plague the telecommunications industry. Read More
Computer scientist behind Meltdown discovery prescribes biological approach to securing complex systems [Black Hat Asia 2020]
Treat this as the new normal, Daniel Gruss, a member of one of three teams that uncovered the Meltdown vulnerability, said during a keynote presentation on Friday at the Black Hat Asia security conference. Read More
Black Hat Asia 2020: Android vulnerability scanners tackle code obfuscation and false positives [Black Hat Asia 2020]
Android apps can be probed comprehensively for known security vulnerabilities without being fooled by code obfuscation techniques, attendees at Black Hat Asia heard yesterday. Read More
Vulnerabilities in Kata containers could be chained to achieve RCE on host [Black Hat Asia 2020]
A talk delivered at the virtual Black Hat Asia conference today by security researcher Yuval Avrahami detailed how the flaws in Kata’s containers could also be exploited to compromise other guest users. Read More
Biometric Data Collection Demands Scrutiny of Privacy Law [Black Hat Asia 2020]
"One of the things that has been so great about technology is not only the convenience, but we've really started to look at privacy, and privacy is coming to the forefront," said Melissa Wingard, special counsel at law firm Phillips Ormonde Fitzpatrick, in a virtual Black Hat Asia talk. Read More
Researchers Adapt AI With Aim to Identify Anonymous Authors [Black Hat Asia 2020]
At Black Hat Asia, artificial intelligence and cybersecurity researchers use neural networks to attempt to identify authors, but accuracy is still wanting. Read More
Singapore authorities suggested treating information security as a public good [Black Hat Asia 2020]
Information security is as much a public good as clean drinking water. This was announced on Thursday, October 1, by Brigadier General Gaurav Keerthi, Assistant Chief of the Cybersecurity Agency of Singapore, at the Black Hat Asia conference. Read More
BitLocker sleep mode vulnerability can bypass Windows’ full disk encryption [Black Hat Asia 2020]
At the virtual Black Hat Asia security conference today, researcher Seunghun Han introduced a tool that can be used to subvert BitLocker security protections. Read More
Black Hat Asia: Need for global security perspectives underlined at virtual event [Black Hat Asia 2020]
The Asia edition of the information security and hacking conference has more than justified its place in the infosec calendar, with the spring event becoming a firm fixture in the diary of security professionals, researchers, CISOs, journalists, and other industry-watchers. Read More
Singapore Asks Big Cybersecurity Questions to Improve National Defense [Black Hat Asia 2020]
As Singapore pursues its journey to become a "Smart Nation," it's asking these tough questions and many others as officials wrestle with the role of cybersecurity in a country increasingly dependent on technology, explained Gaurav Keerthi, deputy chief executive of development at Singapore's Cyber Security Agency, in his keynote talk at this week's virtual Black Hat Asia. Read More
Black Hat Asia 2020 | Balancing User Awareness And Public Trust That Is Riddled With Complexities | With Gaurav Keerthi, Melissa Wingard And Daniel Gruss [Black Hat Asia 2020]
In this conversation, we bring these three very diverse topics and the Black Hat Asia 2020 speakers that present them together on a conversation that will undoubtedly make you think forward. Each one of them represents very different perspectives and aspects of security and privacy—government, industry, legal, academia, and society—and the complexities they bring with them, coupled with the complexities they also introduce when building trust within and across many stakeholders. Read More
Navigating the Asia-Pacific Threat Landscape: Experts Dive In [Black Hat Asia 2020]
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare. Read More
Top U.S. cybersecurity expert on mail-in voting: "If you've got paper, you've got receipts" [Black Hat USA 2020]
Other high-profile security researchers also affirmed the value of mail-in systems at Black Hat. In his virtual keynote address, Georgetown Law professor Matt Blaze said that while mail-in and absentee voting systems are not foolproof, the systems are reliable, widely available, and lack many of the risks that plague digital voting systems. Read More
How CISOs Can Play a New Role in Defining the Future of Work [Black Hat USA 2020]
The theme of remote security has stayed top of mind since March: Cybersecurity experts correctly predicted that cybercrime in a virtual workforce would be a central topic at the recent Black Hat conference, and CISOs have had to rethink 2020 strategy with remote work leading the way. Read More
At Black Hat, James Pavur, a Rhodes Scholar working on a PhD in cybersecurity at Oxford University's Department of Computer Science, cited examples of communications he'd been able to intercept. Read More
Disinformation Spurs a Thriving Industry as U.S. Election Looms [Black Hat USA 2020]
The 2020 Presidential Election is the topic of a recent Threatpost feature Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem and the focus of a Black Hat 2020 keynote address earlier this month by Renée DiResta, research manager at the Stanford Internet Observatory. Read More
How to secure vulnerable printers on a Windows network [Black Hat USA 2020]
At the recent Black Hat conference, Peleg Hadar and Tumar Bar of SafeBreach Labs pointed out that the way to a network’s heart is often through its printers. Read More
Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem [Black Hat USA 2020]
Meanwhile, recent stats from the Black Hat USA 2020 Attendee Survey show that 85 percent of respondents believe that cyber-threat actors will have at least some impact on the U.S. elections in 2020. And disturbingly, nearly one third of respondents believe that the impact will be critical, and that the results of the 2020 election will always be in doubt as a result. Read More
IoT botnets: Smart homes ripe for a new type of cyberattack [Black Hat USA 2020]
By powering on a large number of devices an energy supplier or utility company could artificially increase demand to boost profits. This idea is at the core of Black Hat USA 2020 presentation titled led by Georgia Tech researchers Tohid Shekari and Raheem Beyah. Read More
Cash machine hackers are getting better at stealing your money [Black Hat USA 2020]
During Black Hat, Kevin Perlow, the technical threat intelligence team lead at a large, private financial institution, analysed two cash-out tactics that represent different current approaches to jackpotting. Read More
'Next-Gen' Supply Chain Attacks Surge 430% [Black Hat USA 2020]
Meantime, at Black Hat USA earlier this month, researchers showed how a next-gen approach could be used to attack Node.js applications by manipulating the hidden properties used to track internal program states. Read More
Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay [Black Hat USA 2020]
To its credit, Black Hat USA 2020 turned hard left once it was clear that large live events wouldn’t be happening in the second half of 2020, and what they managed to pull off was nothing short of a miracle. Even if, from an analyst’s perspective, the event was nothing like an in-person event, it was incredibly useful for all involved. Read More
Exposed: China's hacking campaign to unsettle Taiwan economy [Black Hat USA 2020]
At the Black Hat security conference last week, researchers from CyCraft presented details of a hacking campaign that may have compromised internal data of at least seven Taiwanese chip firms over the past two years. Read More
Mail-In Votes Require Special Cybersecurity Attention [Black Hat USA 2020]
“It’s night and day compared to what existed in 2016,” CISA Director Christopher Krebs said at the Black Hat USA 2020 cybersecurity conference this month. “2020 will be the most protected and most secure election in modern history.” Read More
AWS launches open source tool to protect against HTTP request smuggling attacks [Black Hat USA 2020]
At Black Hat USA 2019, PortSwigger Web Security’s director of research James Kettle demonstrated how the somewhat forgotten hacking technique could be leveraged to poison web caches and desynchronize entire systems. Read More
Black Hat USA 2020 Recap And What Is Happening Next | With Kymberlee Price And Steve Wylie [Black Hat USA 2020]
Beyond the content itself, there's a lot to be learned for how we will consume content moving forward and how we will likely expect to engage with each other in a world where in-person-only events may be a thing of the past.
Steve and Kymberlee provide some interesting insights into the future of Black Hat in this context. Read More
Open-source library dependence puts digital currency exchanges at risk: report [Black Hat USA 2020]
At the recent Black Hat security conference, researchers detailed potential weaknesses in the exchanges secured wallet schemes that have now been patched. Read More
Pardon the Intrusion #24: The clock is TikToking [Black Hat USA 2020]
At the Black Hat conference last week, a security researcher revealed how insecure satellite-based Internet allows attackers to snoop on companies and sometimes tamper with data. Read More
Open-source library dependence puts digital currency exchanges at risk: report [Black Hat USA 2020]
At the recent Black Hat security conference, researchers detailed potential weaknesses in the exchanges secured wallet schemes that have now been patched. Read More
Your Work-From-Home Future: Now’s the Time to Think About Security [Black Hat USA 2020]
In time for the Black Hat 2020 virtual conference earlier this month, AT&T released a study about cybersecurity and working from home that included responses from 800 security professionals working in the U.K., France and Germany. Of those surveyed, 88 percent reported that, while they initially felt well-prepared for the switch to WFH, a majority (55 percent) now feel that ongoing remote working is making their companies more vulnerable to cyber-threats. Read More
ATM Hackers Have Picked Up Some Clever New Tricks [Black Hat USA 2020]
At last week's Black Hat and Defcon security conferences, researchers dug through recent evolutions in ATM hacking. Criminals have increasingly tuned their malware to manipulate even niche proprietary bank software to cash out ATMs, while still incorporating the best of the classics—including uncovering new remote attacks to target specific ATMs. Read More
Decrypted: Hackers Show Off Their Exploits as Black Hat Goes Virtual [Black Hat USA 2020]
But with less than three months until millions of Americans go to the polls, Black Hat sharpened its focus on election security and integrity more so than any previous year. Read More
Risk & Repeat: Black Hat 2020 highlights [Black Hat USA 2020]
This week's Risk & Repeat podcast recaps the highlights and trends of Black Hat USA 2020, which was held as a fully virtual conference for the first time because of the COVID-19 pandemic. Read More
Electionland 2020: USPS Chaos, Election Cybersecurity, August Voting and More [Black Hat USA 2020]
At this month’s Black Hat hacker conference, voting tech company Election Systems & Software announced new policies that will allow cybersecurity researchers to test the company’s technology. Also at the conference, the director of CISA touted the government’s progress on cybersecurity since 2016, saying it was “like night and day.” Read More
Deepfake of Tom Hanks that 'easily passes as real' made for less than $100 [Black Hat USA 2020]
It read: "There are many photos of Tom Hanks, but none like the images of the leading everyman shown at the Black Hat computer security conference Wednesday: They were made by machine-learning algorithms, not a camera." Read More
These Are the Apps We Miss Right Now [Black Hat USA 2020]
I watched virtual Black Hat presentations from the comfort of my own home instead of the Mandalay Bay casino in Las Vegas. I don’t really miss the app, truth be told, but I have found myself missing the bustle of conferences. Read More
Cyber Threat First Responders Fight COVID-19 Attacks Amid Pandemic [Black Hat USA 2020]
Okta Executive Director of Cybersecurity Marc Rogers, like many of us, has lost all concept of time during the COVID-19 pandemic. There’s pre-COVID life and work, and then there’s the Groundhog’s Day existence that has become our collective reality. “I measure things in 2020 units now,” he said, during a virtual interview at Black Hat. “Some of it’s turned into a daily grind.” Read More
DHS Worried About Ransomware Attacks for 2020 Election [Black Hat USA 2020]
According to an intelligence report issued by the Department of Homeland Security, one of the top 2020 election security concerns is ransomware. A report entitled “Cybercriminals and Criminal Hackers Capable of Disrupting Election Infrastructure”, echos concerns CISA head Chris Krebs articulate at the Black Hat security conference in early August. Read More
Boeing's DEF CON Debut a Sign of the Times [Black Hat USA 2020]
IOActive's Santamarta — who had presented his research over at Black Hat USA in Las Vegas just a few days before DEF CON kicked off — maintained that an attacker exploiting the flaws could remotely gain access to the aircraft's sensitive avionics network, also known as the crew information systems network. Read More
Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity [Black Hat USA 2020]
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them. Read More
Big hole in BIG-IP. How the new vulnerability in F5 products works [Black Hat USA 2020]
We need to look at how the URI is passed to Tomcat. It is worth referring here to Orange Tsai 's great study on path normalization in various applications that he presented at Black Hat USA 2018 and DEF CON 26 Read More
BlackBerry releases free reverse engineering tools to help resist cyber security attacks [Black Hat USA 2020]
Also this week at Black Hat USA 2020, Kevin Livelli, the director of BlackBerry threatening the IntelliSense system, will be presenting the Rat Decade on August 5, 11-11:40 am PT. BlackBerry will also hold a webinar about its cooperation with Intel to stop encryption hijacking malware, and in-depth study of BlackBerry Optics AI-based EDR technology for Linux. Read More
Mercedes-Benz E-Class. 19 safety risks detected, already resolved [Black Hat USA 2020]
According to TechCrunch , the facts were revealed by Minrui Yan, head of Sky-Go's security research team, during this year's Black Hat security conference. Read More
Chinese computer scientists uncover the vulnerability of the Mercedes-Benz E-Class [Black Hat USA 2020]
Through a coordinated attack, Qihoo 360 computer scientists were able to unlock the car doors, lower the windows, control the lighting system and even start the car's engine without the owner's key, as explained in a Black Hat cybersecurity conference, focused on the risks of hacking. Read More
Patchday: Microsoft closes actively exploited Windows and browser holes [Black Hat USA 2020]
As part of a lecture at the Black Hat Conference 2020, a team of researchers warned last week about a new version of a security hole that the Stuxnet computer worm had previously misused to switch from Windows systems to industrial control systems via the printer spooler. Read More
Microsoft plugs 2 zero-days on August Patch Tuesday [Black Hat USA 2020]
The patch resolved a lingering printer spooler issue that had been patched multiple times -- most recently in May -- but security researchers found a way to bypass the patch and gave a recent Black Hat USA presentation on the flaw, which has its origins in the Stuxnet worm from 2010. Despite public knowledge of the bug, Microsft's CVE did not report this as publicly disclosed. Read More
Researchers claim that hackers attack cryptoburses in three ways [Black Hat USA 2020]
Researchers at the Black Hat security conference have revealed that cryptoburses can be vulnerable to hackers . Although cryptocurrencies provide a high level of privacy and security to protect their resources, scientists have found that hackers can attack in three ways. Read More
Black Hat 2020: How to Boost Security Problem-Solving [Black Hat USA 2020]
But problem-solving isn’t necessarily a trait you’re born with. At Black Hat USA 2020, Matt Wixey, research lead at PwC U.K., said that it’s something that can be trained. Read More
They hack the Mercedes E-Class and even get to start it [Black Hat USA 2020]
They could even have started the engine without having to enter the cabin . The investigation was started a couple of years ago and the results were sent to Daimler, from where we assume that they remedied the problem. Now they have been unveiled at the Black Hat cybersecurity conference. Read More
Sky-Go Discusses How to Hack and Remotely Control the Mercedes-Benz E-Class [Black Hat USA 2020]
In 2017, a video surfaced showing two thieves in the UK using a relay hacking method to exploit the keyless entry system of a Mercedes car. It only took them less than 30 seconds to drive off with it. This is just one of the examples that Sky-Go demonstrated in its presentation at a recent Black Hat cybersecurity conference. Read More
Security team analyzes data breach costs for better metrics [Black Hat USA 2020]
Severski and Baker published their findings on the cost of data breaches in the Cyentia Information Risk Insights Study (IRIS 20/20) and the ripple effects of breaches in Ripples Across the Risk Surface (in collaboration with automated risk assessment firm RiskRecon). They discussed the topic at Black Hat 2020. Read More
Mercedes-Benz security bug — a sign of connected vehicle security issues? [Black Hat USA 2020]
A team of security researchers at the Sky-Go Team detailed the way they were able to form an attack chain and remotely take control of the vehicle. The head of Sky-Go’s security research team, Minrui Yan, shared the findings at this year’s Black Hat security conference, as reported in TechCrunch. Read More
Latest Mimecast research finds threat actors more motivated by money than intelligence or IP [Black Hat USA 2020]
Mimecast Limited, a leading email security and cyber-resilience company, has launched the Threat Intelligence Report: Black Hat U.S.A. Edition 2020. Read More
Black Hat 2020: How to Boost Security Problem-Solving [Black Hat USA 2020]
But problem-solving isn’t necessarily a trait you’re born with. At Black Hat USA 2020, Matt Wixey, research lead at PwC U.K., said that it’s something that can be trained. Read More
Blackhat: Innovation and case studies around cybersecurity [Black Hat USA 2020]
The Blackchat event is a space that for 20 years has been dedicated to solving the doubts that may arise around cybersecurity and presenting innovations and research on the subject of the event. Read More
An elections security progress report: Black Hat edition [Black Hat USA 2020]
As you might expect, the election was a core topic at the virtual Black Hat and DEFCON voting village conferences held in early August. It has become a core feature of “hacker summer camp” to share the latest in election security from the perspective of the professionals doing the work. Read More
Researchers Trick Facial-Recognition Systems [Black Hat USA 2020]
At the Black Hat USA 2020 virtual event last week, researchers from McAfee showed how they were able to use such technologies to successfully trick a facial-recognition system into misclassifying one individual as an entirely different person. Read More
Spying On Satellite Internet Now Possible With $300 Setup [Black Hat USA 2020]
Researchers have devised a new strategy for spying on satellite internet traffic. Sharing the details in the recent Black Hat USA 2020, they revealed that anyone with mere home television equipment could intercept satellite internet traffic to snoop into the data. Read More
Researchers discover a bug in Windows and prevent an attack [Black Hat USA 2020]
" As a bonus, various Windows services loaded our DLL (wbemcomn.dll) as they did not verify the signature and tried to load the DLL from a non-existent path, which means we also got the code executed ," Hadar and Bar said. , who presented their finding at the Blackhat security conference . Read More
Qualcomm, MediaTek Wi-Fi chip found loopholes, signal transmission, data packets may be intercepted [Black Hat USA 2020]
At the Black Hat USA 2020 security conference held recently, ESET announced the vulnerability of the "Kr00k" variant, and emphasized that the key will be invalidated by disassociation, so that the original WPA2-type encryption protection will lose its function, and it can be blocked through Wi-Fi. The Fi signal transmits the content of the data packet. Read More
Suspected mainland hackers stealing Taiwan semiconductor secrets, reason: working hours 996 [Black Hat USA 2020]
A few days ago, the US technology media "Wired" reported that a cybersecurity company called CyCraft in Taiwan revealed at the "Black Hat USA" Black Hat Conference held last week, since the company released it in April this year. Since the white paper on cyber attacks on the semiconductor industry in Taiwan, many responses have been received, showing that at least 7 semiconductor companies in Taiwan have been locked down by the same mainland Chinese hacker group "Chimera". Read More
The cost of hacking a satellite is only 350,000 won? [Black Hat USA 2020]
Research results showing that a satellite can be hacked for about $300 (about 350,000 won) is drawing attention from the industry. At'Black Hat 2020', a global information security conference held online from August 1 to 6, University of Oxford academic researcher James Pavur said that satellite Internet communication (ISP) is vulnerable to eavesdropping and signal blocking. Read More
Black Hat 2020: The Security Implications of Disinformation Campaigns [Black Hat USA 2020]
While this has been a known threat in the public space, businesses are at risk as well. At Black Hat USA 2020, Stanford Internet Observatory Research Manager Renee DiResta said that the vast opportunities of the internet and social media have left us with an avalanche of material at our fingertips, and some of it is ill-intentioned. Read More
Chinese hackers target Taiwan's semiconductor factories and look for technology secrets [Black Hat USA 2020]
Due to the coronavirus pandemic, this year's Black Hat cybersecurity conference was held as an online event. One of the conference participants was CyCraft, whose experts presented an interesting report on the results of the investigation into a series of incidents related to attacks on Taiwanese companies operating in the semiconductor industry. Read More
Jeff Moss, creator of the cybersecurity and hacker conferences Black Hat and DEF CON, talked about 2020 election security, the Chinese-owned Tik Tok and We Chat social media platforms, and where the internet is heading. Mr. Moss spoke from Singapore. Read More
Vulnerabilities in popular Bitcoin exchanges revealed [Black Hat USA 2020]
The Black Hat IT security conference took place at the beginning of the month. Due to the COVID-19 pandemic, this year's event took place online. Read More
Forum software vBulletin: New attack technique leverages old security patch [Black Hat USA 2020]
The researcher apparently decided not to wait for the vBulletin team to publish a patch. In any case, this should be informed or alarmed: Jeff Moss, founder of the IT security conferences Black Hat and Def Con, announced via Twitter that the Def Con forum was already three hours after the PoC code was published in the researcher's blog entry had been attacked. Read More
The deplorable situation with satellite Internet security [Black Hat USA 2020]
Black Hat presented a report on security problems in satellite Internet access systems . The author of the report demonstrated the ability to intercept Internet traffic transmitted through satellite communication channels using a low-cost DVB receiver. Read More
How they could easily spy on satellite connections [Black Hat USA 2020]
At the 2020 Black Hat , a computer security researcher from the University of Oxford has shown how it is possible to access confidential information from corporate networks that use satellites to transmit the signal. Read More
Healthcare CISO offers alternatives to 'snake oil' companies [Black Hat USA 2020]
Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his Black Hat USA 2020 talk. Read More
Mercedes E-Class Had 19 Security Risks, Which Were Patched Last Year [Black Hat USA 2020]
According to TechCrunch, the breakdown came from Minrui Yan, head of Sky-Go’s security research team, during this year’s Black Hat security conference. The team found 19 vulnerabilities in a Mercedes E-Class that gave researchers vast control over the vehicle. Read More
Researcher Publishes Patch Bypass for vBulletin 0-Day [Black Hat USA 2020]
Indeed, hackers wasted no time in using Etemadieh’s bypass to try to hack into the forum at the DEF CON security conference, according to a post on Twitter by DEFCON and Black Hat founder Jeff Moss. However, administrators quickly applied Etemadieh’s advice to disable PHP to thwart the attack, he tweeted. Read More
High-value users with no control over their infrastructure or security practices seem like characters in a dystopian novel, but Michelle Wolfe, who works with local governments in the UK, spoke at Black Hat USA about students in classrooms using dystopian terms. Read More
Baking And Boiling Botnets Could Drive Energy Market Swings And Damage [Black Hat USA 2020]
Evil armies of internet-connected EV chargers, ovens, hot-water heaters, air-conditioners, and other high-wattage appliances could be hijacked to slightly manipulate energy demand, potentially driving price swings and creating financial damage to deregulated energy markets, warns a new report scheduled to be presented Aug. 5 at the Black Hat USA 2020 conference. Read More
Microsoft Patch Tuesday, August 2020 Edition [Black Hat USA 2020]
Narang said researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 at the Black Hat security conference earlier this month. Read More
Anatomy of a healthcare data breach dissected at Black Hat 2020 [Black Hat USA 2020]
Insecure technologies are making healthcare organizations easy prey for cybercriminals, as well as lucrative and egregious targets, attendees at Black Hat USA 2020 heard last week. Read More
Chinese experts remotely hacked Mercedes-Benz E-class [Black Hat USA 2020]
Now Sky-Go experts have finally made their findings public by presenting a talk at the Black Hat conference (this year's event is being held remotely). At the same time, some details of the bugs were deliberately omitted, both to protect Daimler's intellectual property and to prevent exploitation of vulnerabilities. Read More
Chinese state hackers are targeting Taiwanese chip companies [Black Hat USA 2020]
This is reported by security company CyCraft at the Black Hat conference, which will be held online this year. Wired writes that the attacks are attributed to Chinese hackers for various reasons. Read More
The Station: Uber Eats ride, the next micromobility trend, Levandowski's day in court [Black Hat USA 2020]
The Black Hat security conference is that annual event that reminds me of how vulnerable connected cars can be. This year, security researchers at the Sky-Go Team, the car hacking unit at Qihoo 360, found more than a dozen vulnerabilities in a Mercedes-Benz E-Class car that allowed them to remotely open its doors and start the engine. Read More
Mercedes-Benz E-Class Is Surprisingly Easy To Hack [Black Hat USA 2020]
During a recent Black Hat cybersecurity conference, Sky-Go demonstrated how these flaws could have been exploited to remotely access a number of the car's functions and even start the engine without even touching the car. Read More
Games, not shame: Why security awareness training needs a makeover [Black Hat USA 2020]
Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior. Read More
Election 2020: Will Disinformation Trump Election Security? [Black Hat USA 2020]
Election security took center stage at Black Hat, but not in the usual, who can hack a voting machine way. Hardware and software vulnerabilities still exist. But the COVID-19 pandemic, rampant disinformation campaigns, disenfranchisement, and impatient voters may pose far greater security risks. Read More
Exploring the (lack of) security in a typical Docker and Kubernets installation [Black Hat USA 2020]
To get up to speed, I signed up for the Black Hat 2020 session entitled, “From Zero to Hero: Pentesting and Securing Docker Swarm and Kubernetes Environments." The course, taught by Sheila A. Berta and Sol Ozzan, literally started with a description of how Docker containers worked and went all the way through a Kubernetes deployment. Read More
Bugs in Office and macOS gave full control of Mac [Black Hat USA 2020]
Security researcher Patrick Wardle (former NSA hacker and now head of security at Jamf) has an impressive track record for finding flaws security flaws on the Mac platform. His latest report was shared at this year's Black Hat conference (held virtually). He has also published a blog post where he goes in depth into how the attack works. Read More
Black Hat 2020: Cybersecurity trends, tools, and threats [Black Hat USA 2020]
This year’s Black Hat USA 2020 computer security conference was entirely virtual for the first time and took place from August 1-6. This is the 23rd year for the conference, which traditionally takes a close look at some of the top cybersecurity trends. Read More
Protocol gateway flaws reveal ICS environment weak points [Black Hat USA 2020]
Security researchers warn about widespread vulnerabilities in protocol gateways, small devices that connect industrial machinery and sensors to TCP/IP networks that are used to automate and control them. New research published by Trend Micro and presented at the Black Hat USA virtual security conference highlights a new threat via protocol translation attacks and reveals nine flaws found in protocol gateways from different vendors. Read More
18 (new) ways attackers can compromise email [Black Hat USA 2020]
Vern Paxson, Professor of Computer Science at UC Berkeley and Co-Founder and Chief Scientist at Corelight, Jianjun Chen, Post-Doc researcher at the International Computer Science Institute and Jian Jiang, Senior Director of Engineering at F5 (Shape Security), presented the result of their research at Black Hat last week in a talk entitled “You Have No Idea Who Sent That Email: 18 Attacks on Email Sender Authentication.” Read More
Researchers Find Bugs that Could Expose Crypto Wallets on Exchanges [Black Hat USA 2020]
At a recent Black Hat cybersecurity conference, experts said that some of the issues that affected exchanges have now been fixed – but claimed that others still pose a threat to their owners. Read More
Chinese Hackers Steal From Taiwan's Semiconductor Industry [Black Hat USA 2020]
At the Black Hat security conference, reports will be presented that detail the damage. The report shows that at least seven Taiwanese chip firms over the past two years were compromised by hackers. Read More
Researchers Uncover Stuxnet-Style Flaw In Windows [Black Hat USA 2020]
At the Black Hat USA 2020 security conference Bar and Hadar said the privilege escalation flaw could be used by an attacker who has physical access to a system to gain escalated privileges. Read More
Top hacks from Black Hat and DEF CON 2020 [Black Hat USA 2020]
As well as tackling core enterprise and web security threats, presenters at both Black Hat and DEF CON 2020 took hacking to weird and wonderful places.
Anything with a computer inside was a target – a definition that these days includes cars, ATMs, medical devices, traffic lights, voting systems and much, much more. Read More
Black Hat 2020: Fixing voting – boiling the ocean? [Black Hat USA 2020]
Following the Black Hat keynote about voting security, we wonder how fixing elections might be possible in the next few months amidst pressure of U.S. elections rapidly approaching, requiring massive, coordinated effort at immense expense. Is that possible? If so, how likely? Read More
vBulletin fixes ridiculously easy to exploit zero-day RCE bug [Black Hat USA 2020]
According to Jeff Moss, aka The Dark Tangent and the creator of the Black Hat and Defcon security conferences, the defcon.org forum was attacked with this exploit three hours after it was disclosed. Read More
Over 30 Vulnerabilities Discovered Across 20 CMS Products [Black Hat USA 2020]
Muñoz and Mirosh, who presented their findings last week at the Black Hat cybersecurity conference, focused on .NET and Java-based products, and they showed how an unprivileged attacker can escape template sandboxes and achieve remote code execution. Read More
Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight [Black Hat USA 2020]
The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year. Read More
Researchers Claim Crypto Exchange Hacks Happen in Three Ways [Black Hat USA 2020]
Researchers at the Black Hat security conference revealed that crypto exchanges might be vulnerable to hackers. Although crypto exchanges have high privacy and security to protect their funds, researchers still found three ways hackers can attack these crypto exchanges, according to Wired on August 9. Read More
Flaws Could Have Exposed Cryptocurrency Exchanges to Hackers [Black Hat USA 2020]
At the Black Hat security conference on Thursday, researchers detailed potential weaknesses in these specially secured wallet schemes, including some that affected real exchanges that have now been fixed. Read More
As the pandemic hastens a cyberpunk future, hackers put democracy at risk [Black Hat USA 2020]
Reflecting on a dystopian future described in a subgenre of science fiction known as “cyberpunk” in the 1980s, a somber Jeff Moss, Black Hat’s founder, opened this year’s all-digital event by capturing the state of computer security in a newly altered world. Read More
Security News This Week: The NSA's Tips to Keep Your Phone From Tracking You [Black Hat USA 2020]
This week marked the first-ever online-only Black Hat and Defcon security conferences, both of which still produced impactful work despite going remote. But before you dive into everything that's broken, start off with a tale of perseverance that starts with the private keys needed to recover $300,000 of bitcoin trapped in an old zip file. Read More
Digital Clones Could Cause Problems for Identity Systems [Black Hat USA 2020]
The fundamental technologies for creating digital clones of people — text, audio, and video that sound and look like a specific person — have rapidly advanced and are within striking distance of a future in which digital avatars can sound and act like specific people, Tamaghna Basu, co-founder and chief technology officer of neoEYED, a behavioral analytics firm, told attendees at the virtual Black Hat conference on Aug. 6. Read More
Black Hat 2020: Security Needs Better Data for Better Policies [Black Hat USA 2020]
But what if the information they’re basing their decisions on is skewed? What if it doesn’t take the right things into consideration? What if the data isn’t accurately represented?
That is exactly what is happening when it comes to security, according to research presented this week at Black Hat USA 2020. Virginia Tech University professor and Cyentia Institute co-founder Wade Baker said that some well-known cybersecurity statistics, such as the notion that 60 percent of small businesses close within six months of a data breach, are widely repeated despite the original source of the information being unclear. Read More
McAfee Scopes Threat Landscape, Sees Deep Fakes, Zombies [Black Hat USA 2020]
“I think we’re going to continue to see these more advanced and evolution of [attack] techniques,” Povolny said, during an interview at this week’s virtual Black Hat. “We’re going to see the consistent use of ransomware, we’re going to see the same breaches we’ve been seeing forever. After 20 years, if it’s not changing, it’s not going anywhere for the foreseeable future.” Read More
Not just politics: Disinformation campaigns hit enterprises, too [Black Hat USA 2020]
In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises. Read More
Cybersecurity Training? Try the Carrot Instead of the Stick [Black Hat USA 2020]
Masha Sedova leveraged her experience as a defense analyst for the government and Director of Trust Engagement at Salesforce to co-found Elevate Security, a company dedicated to using behavioral science to change security behaviors in ways that work. Per Sedova’s bio, her company can “transform employees into security super-humans.” In her Black Hat presentation this week, she demonstrated why traditional training doesn Read More
Protocol gateway flaws reveal a weak point in ICS environments [Black Hat USA 2020]
Research presented at this week's Black Hat conference highlights a new threat via protocol translation attacks and reveals 9 flaws found in protocol gateways from different vendors. Read More
Spectra Attack Turns Bluetooth and Wi-Fi Against Each Other [Black Hat USA 2020]
Our smart devices need to communicate wirelessly and seamlessly with many other devices, in order to be useful. All these devices' radios also need to talk with one another. And that allowed researchers at the Black Hat security conference to show off a new kind of attack they dubbed Spectra. Read More
Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler [Black Hat USA 2020]
While presenting their findings at the Black Hat hacking conference this week, Hadar and Bar release proof-of-concept code on GitHub designed to help detect attacks on the spooler service. Read More
The Scariest Things We Saw at Black Hat 2020 [Black Hat USA 2020]
Every year, hackers and researchers flock to Las Vegas for the Black Hat security conference (and some stay on for the free-wheeling DEF CON) to see and share the latest in security research. This year, everyone had to stay at home because of COVID-19, but there was still plenty to be worried about at this year's conference. Read More
10 years after Stuxnet, new zero-days discovered [Black Hat USA 2020]
A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020. Read More
Researcher Finds New Office Macro Attacks for MacOS [Black Hat USA 2020]
Microsoft Office is no stranger to vulnerabilities and exploits. Most of those vulnerabilities led from Microsoft Office to Microsoft Windows, but it's possible for an attacker to take an exploit path from Microsoft Office to macOS — a path that Patrick Wardle, principal security researcher at Jamf, discussed in his presentation on Wednesday at Black Hat USA. Read More
Researchers: IoT Botnets Could Influence Energy Prices [Black Hat USA 2020]
High-wattage IoT devices and appliances, such as connected refrigerators, air conditioners and heaters, could be turned into massive botnets by malicious actors and used to influence energy prices, according to an academic study released at Black Hat 2020. Read More
Chinese Researchers Show How They Remotely Hacked a Mercedes-Benz [Black Hat USA 2020]
Representatives of Sky-Go and Daimler disclosed the findings this week at the Black Hat cybersecurity conference and published a research paper detailing the findings. However, some information was not made public to protect Daimler’s intellectual property and to prevent malicious exploitation. Read More
VMware Reports Destructive Attacks Surge During COVID-19 [Black Hat USA 2020]
“We noted a dramatic increase in destructive attacks — the use of wipers and ransomware, NotPetya style, within networks,” said Tom Kellermann, head cybersecurity strategist at VMware Carbon Black, during a virtual Black Hat happy hour panel. Read More
Exploring the Forgotten Roots of 'Cyber' [Black Hat USA 2020]
At the same time, the word cyber arguably points to what is inherently leading-edge and subject to change. Entering the world of cybersecurity today, for example, "you're leaving the reality of what you know, for a fantasy world you know nothing about," Amanda Rousseau, an offensive security engineer at Facebook, said in a keynote speech at last year's Black Hat Europe conference in London. Read More
The Cybersecurity 202: Trump’s government is working to protect mail voting while Trump attacks it [Black Hat USA 2020]
About 28 percent of voters cast ballots on such machines in 2016, according to a study by the Pew Research Center. CISA was estimating that figure would drop to about 8 percent in 2020 but it might be even lower because of mail voting, CISA Director Chris Krebs said during an address at the Black Hat cybersecurity conference this week. Read More
Here's a Bright Idea: Use a Lightbulb to Eavesdrop [Black Hat USA 2020]
The primary question Nassi and his team set out to answer was whether a hanging lightbulb can be used as a microphone—a challenge since "lightbulbs were not exactly designed to be used as microphones," Nassi said at this year's virtual Black Hat conference. Read More
Researchers Create New Framework to Evaluate User Security Awareness [Black Hat USA 2020]
In a presentation at the Black Hat USA event this week, Ron Bitton, principal research manager at BGU's cybersecurity research center, said the framework addresses some of the shortcomings of current approaches to evaluating user security awareness. Read More
Black Hat 2020: xGitGuard uses AI to detect inadvertently exposed data on GitHub [Black Hat USA 2020]
Security researchers at Comcast have developed a tool that detects organizations’ secrets and user credentials in cases where they inadvertently spill onto GitHub. The tool, called xGitGuard, is designed to be both scalable and rapid.
The tool was demonstrated during an Arsenal session at the Black Hat 2020 virtual conference on Thursday (August 7). Read More
When TLS hacks you: Security friend becomes a foe [Black Hat USA 2020]
During a session entitled ‘When TLS Hacks You’, during the Black Hat virtual conference on Wednesday, Maddux showed how “dangerous properties” of TLS can be abused to target internal services. Read More
Satellite Comms Globally Open to $300 Eavesdropping Hack [Black Hat USA 2020]
At the virtual Black Hat 2020 conference, academic researcher and Oxford University doctoral candidate James Pavur spoke about the risk of satellite hacking. Pavur stated that attackers can use basic home television gear to listen in on internet traffic occurring across the globe, including high-value targets such as shipping fleets and oil installations. Read More
Mercedes-Benz E-Series Rife with 19 Bugs [Black Hat USA 2020]
At Black Hat 2020, a famous cybersecurity conference held virtually this year, researchers explained the process of discovery and disclosure of security flaws found in Mercedes Benz vehicles. Although the flaws have since been fixed, the bugs impacted roughly 2 million Mercedes Benz connected cars before they were patched. Read More
Chinese Hackers Have Pillaged Taiwan’s Semiconductor Industry [Black Hat USA 2020]
Yesterday at the Black Hat security conferences, CyCraft researchers presented details of a previously unknown hacking campaign that compromised Taiwanese chip firms. CyCraft is a Taiwanese cybersecurity firm that has been investigating the campaign, which allegedly compromised at least seven firms over a two year period. Read More
Week in security with Tony Anscombe [Black Hat USA 2020]
This week, the cybersecurity community ‘met up’ at the virtual Black Hat 2020, and ESET researchers elaborated on their discovery of the KrØØk vulnerability, revealing that variants of the same bug also affect Wi-Fi chips produced by other brands. Read More
Black Hat: Public Opinion Hacking Hits Fever Pitch [Black Hat USA 2020]
This week’s virtual Black Hat USA 2020 conference featured a keynote on how information operations are working overtime to manipulate public opinion. Renee DiResta, research manager at Stanford Internet Observatory, heads up research in this area. Read More
Mole in your network: Out-of-band exploitation framework showcased at Black Hat 2020 [Black Hat USA 2020]
Mole, a new open source framework for identifying and exploiting out-of-band (OOB) application vulnerabilities, was launched at Black Hat 2020 this week. Read More
Mole in your network: Out-of-band exploitation framework showcased at Black Hat 2020 [Black Hat USA 2020]
Mole, a new open source framework for identifying and exploiting out-of-band (OOB) application vulnerabilities, was launched at Black Hat 2020 this week. Read More
What becoming a poll worker taught me about securing the 2020 election [Black Hat USA 2020]
In a keynote that opened the Black Hat conference Wednesday, security researcher and Georgetown Law professor of secure systems and cryptology Matt Blaze offered advice for our current situation. But his solution doesn’t center around software or protocols. Instead, it’s all about people. Read More
From Russia With Lure: Why We’re Still Beset By Bots And Trolls Pushing Disinformation [Black Hat USA 2020]
In a keynote at the Black Hat security conference Thursday, Renee DiResta, research manager at the Stanford Internet Observatory, offered a disinformation dissection that broke down how those two countries have worked to exploit social media and what to watch for as the election nears. Read More
#BHUSA: Researchers Reveal Attacks Against Email Sender Authentication [Black Hat USA 2020]
The ‘from’ address field in an email is supposed to identify the person that sent an email, but unfortunately that’s not always the case. In a Black Hat USA 2020 virtual conference session researchers outlined 18 different attacks against email sender authentication systems. Read More
#BHUSA: Lack of Electronic Medical Record Security Amplified Opioid Crisis [Black Hat USA 2020]
According to Mitchell Parker, CISO at Indiana University Health, a small part of the human suffering could have potentially been alleviated, if there was better control and security for Electronic Medical Record (EMR) systems. Parker presented his views during a session at the Black Hat USA 2020 virtual conference, where he outlined what has gone wrong with EMR systems and what can be done to make them more secure. Read More
#BHUSA: How Nation States Hack Public Opinion [Black Hat USA 2020]
Nation state threat actors, including Russia and China, are using multiple techniques to effectively ‘hack’ public opinion around the world, according to Renée DiResta. DiResta expressed her views in a keynote session at the Black Hat USA 2020 virtual conference. Read More
Black Hat keynoter DiResta: Disinformation an effective, readily available tool for cyber adversaries [Black Hat USA 2020]
She spoke Thursday on “Hacking Public Opinion,” on the final day of the all-digital Black Hat USA 2020. Cyber researcher Matt Blaze delivered the keynote on Wednesday, discussing election security challenges including securing software. Read More
What security functions should small medical providers outsource? [Black Hat USA 2020]
Lamenting the recent scourge of ransomware and data breach attacks against health care organizations, along with what he believes is lack of specific cybersecurity guidance and an overabundance of “snake oil” infosec companies that provide expensive risk assessments “while not delivering anything of value,” Parker presented a series of recommendations for smaller medical providers in a presentation at the 2020 virtual Black Hat conference. Read More
Spooler alert: A decade after Stuxnet, Windows printer component still a playground for zero-days [Black Hat USA 2020]
Revisiting their discovery at the virtual Black Hat USA 2020 today, a pair of security researchers said they were astounded to find that the flaws in the Windows print spooler component were still exploitable, using fresh techniques. Read More
Palo Alto Networks Discloses Kata Container Flaws [Black Hat USA 2020]
At the online Black Hat USA 2020 conference today, researchers from the Unit 42 arm of Palo Alto Networks disclosed how they had enabled malicious code to escape from a Kata Container runtime environment that makes use of lightweight virtual machines to isolate workloads. Read More
Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack [Black Hat USA 2020]
That’s the word from James Pavur, an academic researcher and doctoral candidate at Oxford University, speaking at Black Hat 2020 on Wednesday. Read More
What will it take for a secure election? [Black Hat USA 2020]
The virus "added a whole new set of concerns that were always there, but that got brought very sharply into focus" such as how to conduct voting in a state of emergency and what exceptions to make, said computer scientist and election security expert Matt Blaze during a speech at the Black Hat cybersecurity conference this week. Read More
Information Operations Spotlighted at Black Hat as Election Worries Rise [Black Hat USA 2020]
While the Russian government spends a fraction of the People's Republic of China on overt state-sponsored media properties, the covert activities targeting Western democracies and other rivals is "best-in-class," Renée DiResta, a research manager at the Stanford Internet Observatory, told attendees during an Aug. 6 keynote on information operations at virtual Black Hat USA. Read More
Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry [Black Hat USA 2020]
"This is very much a state-based attack trying to manipulate Taiwan's standing and power," says Chad Duffy, one of the CyCraft researchers who worked on the company's long-running investigation. The sort of wholesale theft of intellectual property CyCraft observed "fundamentally damages a corporation's entire ability to do business," adds Chung-Kuan Chen, another CyCraft researcher who will present the company's research at Black Hat today. "It's a strategic attack on the entire industry." Read More
Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs [Black Hat USA 2020]
Researchers say the flaws, detailed at Black Hat USA on Thursday, potentially impacted over 2 million Mercedes-Benz connected cars before they were fixed. Read More
Hacking group has hit Taiwan's prized semiconductor industry, Taiwanese firm says [Black Hat USA 2020]
“Based on the stolen data, we infer that the actor’s goal was to harvest company trade secrets,” CyCraft wrote in a report they are presenting Thursday at the 2020 Black Hat security conference. Read More
Black Hat: Hackers are using skeleton keys to target chip vendors [Black Hat USA 2020]
At Black Hat USA on Thursday, CyCraft Technology researchers Chung-Kuan Chen and Inndy Lin described a set of attacks believed to have been conducted by the same Chinese APT group in the quest for semiconductor designs, source code, software development kits (SDKs), and other proprietary information. Read More
Security bugs let these car hackers remotely control a Mercedes-Benz [Black Hat USA 2020]
Since then, the car hacking world has bustled with security researchers looking to find new bugs — and ways to exploit them — in a new wave of internet-connected cars that have only existed the past decade.
This year’s Black Hat security conference — albeit virtual, thanks to the coronavirus pandemic — is no different. Read More
How to Be a Better Security Problem Solver [Black Hat USA 2020]
His Thursday talk fell in the Black Hat conference’s Human Factors track, which has been growing in popularity the last several years. Most talks in this track involve guiding employees into doing the right thing security-wise, or devising systems that work even when employees do the wrong thing. With this session, Wixey focused on honing the skills of the security elite—a refreshing change. Read More
A Mix of Optimism and Pessimism for Security of the 2020 Election [Black Hat USA 2020]
DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election. Read More
State Dept. offers $10 million reward for info on cyberattackers targeting US elections [Black Hat USA 2020]
Nearly a third of cybersecurity experts and hackers attending the Black Hat USA 2020 conference think cyberattacks and disinformation will ensure the upcoming election’s results will “always be in doubt,” according to a survey of 273 attendees conducted in advance of the conference. Read More
How Security Research Can Get You Arrested [Black Hat USA 2020]
Hiring a red team is a common practice among security-conscious companies and government entities. Getting the red team arrested on federal felony charges is not common, but that’s what happened to two security experts from Coalfire Systems. They presented their cautionary tale, along with a call for action, at this week's virtual Black Hat conference. Read More
Are Police Spying on Your Phone? Ask the Crocodile Hunter [Black Hat USA 2020]
Nefarious devices have long masqueraded as cell towers in a bid to intercept data from mobile devices. But at this week's (virtual) Black Hat, Cooper Quintin, Senior Staff Technologist at the Electronic Frontier Foundation, outlined a way to detect these bogus base stations, and offered suggestions on how to prevent their use altogether. Read More
Election Day 2020: Why security experts predict a chaotic mess [Black Hat USA 2020]
This fall's U.S. presidential election may end up being a chaotic mess that won't yield a winner on Election Night, three election-security experts told the Black Hat 2020 security conference during its opening day Wednesday (Aug. 5). Read More
Coronavirus Borked the 2020 Election, But We Can Still Save It [Black Hat USA 2020]
At the Black Hat security conference, security researcher Matt Blaze outlines the difficulty of securing US elections in unprecedented times. Read More
Sensitive Satellite Internet Data Is Easily Accessible, If You Know Where to Look [Black Hat USA 2020]
At Black Hat, an Oxford University student outlines how his team intercepted unencrypted satellite internet data across a 'massive attack area' from government agencies, major shipping companies, Greek billionaires, and more. Read More
New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet [Black Hat USA 2020]
"We started digging in, looking at the original Stuxnet propagation, and then we found out there were problems. ... We decided to take the Spooler service to the next level, and eventually we found it was not fully patched," explains Tomer Bar, research team leader at Safe Breach, who along with his colleague Peleg Hadar found the flaws that they plan to detail today at Black Hat USA. Read More
Voting vendor ES&S unveils vulnerability disclosure program [Black Hat USA 2020]
At Black Hat USA 2020 Wednesday, Chris Wlaschin, vice president of systems security for Election Systems & Software, (ES&S) formally announced the voting-machine manufacturer's vulnerability disclosure program, which aims to strengthen election security by working with independent security researchers. Read More
Researcher Discovers New HTTP Request Smuggling Attack Variants [Black Hat USA 2020]
Klein told SecurityWeek ahead of his talk on HTTP request smuggling at the Black Hat conference that an attacker needs to find combinations of web servers and proxy servers with “matching” vulnerabilities in order to launch an attack, which makes it difficult to determine exactly how many servers are impacted. Read More
Internet communication via satellite “Danger of leakage” pointed out by a British researcher [Black Hat USA 2020]
It was held online at the world's largest international cybersecurity conference, "Blackhat," reported by James Pavo of Oxford University on Thursday. Read More
Black Hat: Entropy - the solution to malvertising and malspam? [Black Hat USA 2020]
Speaking to attendees of Black Hat USA on Thursday, lead Cisco threat researcher Shyam Sundar Ramaswami revealed recent uses of steganography to hide malicious payloads in connection to the COVID-19 pandemic. Read More
CISA chief: Ransomware could threaten election security [Black Hat USA 2020]
During a Black Hat USA 2020 session, CISA Chief Christopher Krebs said ransomware attacks on city, state and local governments are a major concern for election security. Read More
Energy Market Manipulation with High-Wattage IoT Botnets [Black Hat USA 2020]
Attackers that can compromise enough products such as smart ACs and heaters can tweak power demand in subtle ways for financial gain or to hurt market players, researchers at Black Hat say. Read More
HTTP Request Smuggling now has 4 New Variants – Cyber Security Research 2020 [Black Hat USA 2020]
HTTP Request smuggling attack now has four new variants and this was identified thanks to the new research presented by Amit Klein (VP of Security Research at SafeBreach) thus confirming the findings today at Black Hat Security Conference. Read More
Black Hat 2020: Temi assistant robot has serious security gaps [Black Hat USA 2020]
For the IT security experts, this was reason enough to get one of the robots, test their network capabilities and, for example, also take a close look at the firmware and update procedures. As they explained on Thursday at the Black Hat hacker conference held virtually this year and in a technical report , they quickly came across massive targets. Read More
Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros [Black Hat USA 2020]
The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at Black Hat USA 2020, runs macros without an alert or prompt from the Microsoft Office application that prompts explicit user approval – meaning that when a user opens the document, the macro is automatically executed. Read More
Ripple20 vulnerabilities still plaguing IoT devices [Black Hat USA 2020]
Months after Ripple20 vulnerabilities were reported, things haven't gotten much better, say experts at Black Hat USA 2020. In fact, the world may never be fully rid of the flaws. Read More
Tool that turns Domain Name System into a security layer unveiled at Black Hat 2020 [Black Hat USA 2020]
Vadim Pavlov, Senior Security Product Manager, at Infoblox, outlined the benefits of ioc2rpz service as a defense against malware the during an Arsenal session of the Black Hat conference yesterday (August 5). Read More
Election Systems & Software Unveils Vulnerability Disclosure Policy; Chris Wlaschin Quoted [Black Hat USA 2020]
The new policy announced at the virtual Black Hat conference will provide ES&S 90 days to address the cyber vulnerabilities before security researchers can publicly report those issues. Read More
Ripple20: More Vulnerable Devices Identified [Black Hat USA 2020]
JSOF researchers shared their findings this week at the virtual Black Hat USA conference, with a technical deep dive into DNS vulnerability CVE-2020-11901. The remote code execution (RCE) flaw has a CVSS score of 9.0 and can be triggered by answering a single DNS request made from the device. Read More
Your Personal Health Data Is Not Safe [Black Hat USA 2020]
You go to the doctor to get well, or check your health. You don’t expect the doctor’s apps to expose your privacy. But they do, as Penn Medicine's Information Security Director outlined at Black Hat Read More
#BHUSA: How Public Standards Help to Enable Financial Fraud [Black Hat USA 2020]
In a session at the Black Hat USA 2020 virtual conference on August 5, Kevin Perlow, technical intelligence team lead for one of the largest banks in the US, explained how cyber-attackers are using public standards for financial transactions to enable multiple forms of fraud. Read More
BLACK HAT 2020 KEYNOTE: STRESS-TESTING DEMOCRACY [Black Hat USA 2020]
Black Hat 2020 is all-virtual, which I rather like. The fog machines and laser shows are good eye candy, but they distract us from what event founder Jeff Moss calls Black Hat’s “community of ideas.” People were watching from 117 countries, ready to dig into dozens of online presentations. Read More
Election security depends on addressing software issues, says Black Hat keynoter Matt Blaze [Black Hat USA 2020]
Cyber researcher Matt Blaze, in an opening keynote at the all-virtual Black Hat USA 2020, framed election security as largely a software issue and said solutions are available between the extremes of completely eliminating computers from the process or going all-in with a blockchain approach. Read More
$10 Million Reward For Info Foreign Hackers Trying To Interfere With US Election [Black Hat USA 2020]
“On the election infrastructure targeting, there is just not near anything of what we were seeing in 2016,” Krebs said during a virtual Black Hat cybersecurity conference. “Shifting over to the disinformation space and the potential for hack and leak, Russia has never taken its foot off the gas, China’s in the game, Iran’s in the game, so I just really encourage everyone to pay attention to your sources of information, think before you click, think before you share.” Read More
#BHUSA: Can the US Election be Held During the Pandemic? [Black Hat USA 2020]
The Black Hat USA 2020 virtual conference kicked off on August 5 with a keynote session exploring the challenges of modern election security in the US and the impact of the COVID-19 pandemic. Read More
Black Hat 2020: Threagile toolkit enables code-driven threat modeling [Black Hat USA 2020]
‘Threat modelling as code’ is poised to supplant whiteboard diagrams as the definitive AppSec risk mapping paradigm, Black Hat USA attendees heard yesterday. Read More
How hackers could spy on satellite internet traffic with just $300 of home TV equipment [Black Hat USA 2020]
PhD candidate in the Department of Computer Science James Pavur revealed his research at the Black Hat USA virtual conference after previously disclosing his findings to the affected parties in order to help them improve security. Read More
U.S. Offers Reward of $10M for Info Leading to Discovery of Election Meddling [Black Hat USA 2020]
The COVID-19 pandemic has created new concerns in the upcoming election. Election security has been a hot topics at this year’s Black Hat USA 2020, which is being held this week for the first time virtually due to the pandemic. Read More
Getting to the Root: How Researchers Identify Zero-Days in the Wild [Black Hat USA 2020]
"We care a lot about making it harder for people to exploit users using zero-days," said Google Project Zero researcher Maddie Stone in a Black Hat presentation on the topic. "When zero-day exploits are detected in the wild, that's the failure case for these attackers. And so we need to learn as much as possible each time that happens." Read More
Deepfakes Are Getting Better, Easier to Make, and Cheaper [Black Hat USA 2020]
In the paper published online today and presented (virtually) at the cybersecurity conference Black Hat, researchers Philip Tully and Lee Foster write that it takes thousands of dollars and weeks to produce new software tools for synthetic media generation. Read More
#BHUSA: Android Phones at Risk of BlueRepli Bluetooth Attack [Black Hat USA 2020]
There has been no shortage of Bluetooth related attacks disclosed in recent years, including BlueBorne and BadBlueTooth among numerous others. At the Black Hat USA 2020 virtual event on August 5, a new attack was added to the list of Bluetooth vulnerabilities, with the public disclosure of BlueRepli. Read More
Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem [Black Hat USA 2020]
The use of social media to sway opinion, sow division and hurt reputations is now part of a threat-actor’s playbook, according DiResta. During a keynote address at Black Hat on Thursday entitled “Hacking Public Opinion,” she said threat actors are fine-tuning these attacks. Read More
Linux Spyware Stack Ties Together 5 Chinese APTs [Black Hat USA 2020]
On Wednesday, BlackBerry released an analysis to the Black Hat 2020 conference group in which evidence linking five Chinese APT groups was presented. The five groups are allegedly splinters of the Winnti group, which is a supply-chain specialist threat actor group. Read More
America was getting on top of its electronic voting machine security – then suddenly... A wild pandemic appears [Black Hat USA 2020]
Just as America was getting a grip on improving the security of its electronic ballot boxes, the coronavirus pandemic hit, throwing a potential surge in remote voting unexpectedly into the mix, the Black Hat hacking conference was told today. Read More
Ever wonder how a pentest turns into felony charges? Coalfire duo explain Iowa courthouse arrest debacle [Black Hat USA 2020]
Part of the problem, the two professional attackers told the Black Hat online conference today, was the imprecise terms of the penetration tests Coalfire was hired to perform at the request of the US state of Iowa. Read More
Tales from the Trenches Show Security Issues Endemic to Healthcare [Black Hat USA 2020]
As the chief information security officer for Indiana University Health, he has seen a spectrum of issues: information overload from risk assessments, ancient — in Internet years — computers managing physical systems and devices, a chaotic mess of password systems that don't interoperate, and legacy data that cannot be decrypted, he said during a virtual Black Hat USA presentation on Aug. 5. Read More
Black Hat: Election Security Issues Aplenty with ‘Interference,’ ‘Lots of Misinformation’ [Black Hat USA 2020]
This week’s virtual Black Hat USA 2020 conference kicked off with a call to arms for cybersecurity professionals to help with election security issues this November. Read More
Insecure satellite Internet is threatening ship and plane safety [Black Hat USA 2020]
In a briefing delivered on Wednesday at the Black Hat security conference online, researcher and Oxford Ph.D. candidate James Pavur presented findings that show that satellite-based Internet is putting millions of people at risk, despite providers adopting new technologies that are supposed to be more advanced. Read More
Now-fixed exploit used Microsoft Office macros to hack macOS [Black Hat USA 2020]
The exploit was developed by Jamf security engineer and ex-NSA hacker Patrick Wardle, who has long specialized in hacking Macs. Wardle showed off the attack method at the Black Hat 2020 security conference Wednesday. Read More
Researchers found another way to hack Android cellphones via Bluetooth [Black Hat USA 2020]
Attackers looking to steal sensitive information like contacts, call history, and SMS verification codes from Android devices only need to target Bluetooth protocols, according to new DBAPPSecurity research presented at the 2020 Black Hat conference Wednesday. Read More
Top federal official says 'more details coming' on foreign election interference [Black Hat USA 2020]
“That was the beginning of a conversation with the American people about these threats, about the risks we face, more is absolutely coming, more details and more granular information,” Krebs said during the virtual Black Hat cybersecurity conference. Read More
'Unprecedented' challenges to safe, secure 2020 vote [Black Hat USA 2020]
The virus "added a whole new set of concerns that were always there, but that got brought very sharply into focus" such as how to conduct voting in a state of emergency and what exceptions to make, said computer scientist and election security expert Matt Blaze during a speech at Black Hat this week. Read More
ATTPwn: Adversary emulation tool allows pen testers to identify security holes before attackers do [Black Hat USA 2020]
A new security tool designed to emulate adversaries conducting malware campaigns or probing networks for secrets was presented at Black Hat USA today. Read More
Matt Blaze warns of election security challenges amid COVID-19 [Black Hat USA 2020]
In his Black Hat USA 2020 keynote, Security researcher Matt Blaze discussed the challenges facing U.S. elections this year and what must be done to solve them. Read More
KubiScan: Open source Kubernetes security tool showcased at Black Hat 2020 [Black Hat USA 2020]
On the opening morning of Black Hat 2020’s virtual Arsenal program, security researcher Eviatar Gerzi explained how KubiScan trawls Kubernetes environments for risky permissions that attackers could potentially exploit to compromise the clusters. Read More
New EtherOops attack takes advantage of faulty Ethernet cables [Black Hat USA 2020]
Tomorrow at the Black Hat USA security conference, security researchers from IoT research outfit Armis are set to present details about a new technique that can be used to attack devices located inside internal corporate networks. Read More
Attack of the Clone: Next-Gen Social Engineering [Black Hat USA 2020]
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections. Read More
Tales from the Trenches Show Security Issues Endemic to Healthcare [Black Hat USA 2020]
As the chief information security officer for Indiana University Health, he has seen a spectrum of issues: information overload from risk assessments, ancient — in Internet years — computers managing physical systems and devices, a chaotic mess of password systems that don't interoperate, and legacy data that cannot be decrypted, he said during a virtual Black Hat USA presentation on Aug. 5.
Read More
Cheap, Easy Deepfakes Are Getting Closer to the Real Thing [Black Hat USA 2020]
THERE ARE MANY photos of Tom Hanks, but none like the images of the leading everyman shown at the Black Hat computer security conference Wednesday: They were made by machine-learning algorithms, not a camera. Read More
Building Cybersecurity Strategies in Sub-Saharan Africa [Black Hat USA 2020]
Evelyn Kilel and Laura Tich of Shehacks Ke discuss how they are working to build cybersecurity strategies that suit the needs and capabilities of developing nations. Read More
‘We want to have more protection’: Arrested pen testers push for Good Samaritan law [Black Hat USA 2020]
Coalfire employees Gary DeMercurio, managing senior, and Justin Wynn, senior security consultant, lobbied Wednesday at the virtual Black Hat conference for a Good Samaritan law that would protect their industry peers from the kind of overzealous prosecution they say they experienced for roughly five months, after a local sheriff had them arrested on Sept. 11, 2019 for alleged third-degree burglary. Read More
What a Security Engineer & Software Engineer Learned by Swapping Roles [Black Hat USA 2020]
As part of the swap, principal security engineer Craig Ingram was dropped into the Salesforce runtime team. Principal infrastructure engineer Camille Mackinnon joined the platform security assessment team. In a Black Hat briefing on Aug. 5, the two shared stories and lessons learned. Read More
Voting Machine Makers Are Finally Playing Nice With Hackers [Black Hat USA 2020]
At the Black Hat security conference today, Chris Wlaschin, vice president of systems security and chief information security officer of the election technology giant ES&S, and Mark Kuhr, chief technology officer of the security firm Synack, detailed how the two companies would work together to allow for so-caled penetration testing on some ES&S products—and pointed to the larger project of bridging the longstanding gap between their two worlds. Read More
Black Hat 2020: Scaling Mail-In Voting Spawns Broad Challenges [Black Hat USA 2020]
Security researcher Matt Blaze opened Black Hat 2020 with a call-to-arms for cybersecurity experts, asking them during his keynote to leverage their passion for election security to help secure the upcoming U.S. presidential elections, which will likely be a mostly vote-by-mail affair. Read More
Black Hat 2020: Web cache poisoning offers fresh ways to smash through the web stack [Black Hat USA 2020]
The potentially devastating consequences of attacks against contemporary web caches were once again pulled into stark focus at Black Hat USA this week, as security researcher James Kettle documented his ongoing study in the field. Read More
How do you solve a problem like election security? Matt Blaze tackles the age-old question at Black Hat 2020 [Black Hat USA 2020]
Matt Blaze provided a Black Hat 2020 keynote on election security
Confidence in the outcome of an election increasingly depends on the integrity of the voting systems themselves, cryptographer Matt Blaze told Black Hat 2020 attendees today. Read More
Why Cisco Duo’s on a Quest to Kill the Password [Black Hat USA 2020]
However, while it’s highly irrational and unlikely to happen, this innate fear of losing fingers and eyeballs proves Goerlich’s point, which he hopes to hammer home during his Black Hat session about passwordless security. “What can we do from an enterprise security perspective to increase the trust in passwordless authentication? That’s what’s important right now.” Read More
Black Hat: When penetration testing earns you a felony arrest record [Black Hat USA 2020]
Speaking at Black Hat USA on Wednesday, Demercurio and Wynn said that after-hours testing, at night, was originally only what the client wanted -- and this was then extended to day and evening testing. Read More
Cybersecurity professionals: Upcoming elections vulnerable to hackers [Black Hat USA 2020]
The organizers of the Black Hat USA 2020 cybersecurity conference found that 31% of those attending think the level of cyberattacks and disinformation will be so great that the election results will “always be in doubt,” according to a survey of 273 attendees conducted in advance of the conference. Read More
Black Hat 2020: Open-Source AI to Spur Wave of ‘Synthetic Media’ Attacks [Black Hat USA 2020]
At a Wednesday session at Black Hat USA 2020, researchers with FireEye demonstrated how freely-available, open-source tools – which offer pre-trained natural language processing, computer vision, and speech recognition tools – can be used to create malicious the synthetic media. Read More
Hackers encouraged to breach US voting technology to test security before election day [Black Hat USA 2020]
Election Systems & Software LLC Chief Information Security Officer Chris Wlaschin on Wednesday is expected to unveil an outreach program to security researchers during the annual Black Hat USA convention for hackers, which will be hosted remotely this year amid the coronavirus pandemic, the Wall Street Journal first reported. Read More
Former NSA Hacker to Demonstrate How to Hack Mac Users Via Microsoft Office [Black Hat USA 2020]
During the annual Black Hat security conference, which is being held online this year due to the COVID-19 pandemic, security researcher and former NSA hacker Patrick Wardle will demonstrate how he was able to create a chain of exploits that can take control of a Mac by simply convincing the target to open a Microsoft Office file. Read More
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis [Black Hat USA 2020]
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost. Read More
CISA Director Identifies Main Targets of Russian Adversaries in Election Security Efforts [Black Hat USA 2020]
Interagency collaboration has informed a focus on defending election night reporting and voter registration databases from ransomware attacks by Russian adversaries, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs told attendees of the annual Black Hat information security conference Wednesday. Read More
Live From Black Hat: Stress-Testing Democracy - Election Integrity During a Global Pandemic with Matt Blaze [Black Hat USA 2020]
Matt Blaze, this year’s Black Hat keynote speaker, is a researcher in the areas of secure systems, cryptography, and trust management. He is currently the McDevitt Chair of Computer Science and Law at Georgetown University. Read More
Black Hat: How your pacemaker could become an insider threat to national security [Black Hat USA 2020]
At Black Hat USA on Wednesday, Dr. Alan Michaels, Director of the Electronic Systems Lab at the Hume Center for National Security and Technology at the Virginia Polytechnic Institute and State University, echoed the same sentiment. Read More
Black Hat: How hackers gain root access to SAP enterprise servers through SolMan [Black Hat USA 2020]
Speaking at Black Hat USA on Wednesday, Onapsis cybersecurity researchers Pablo Artuso and Yvan Genuer explained how the bugs were found in SAP Solution Manager (SolMan), a system comparable to Windows Active Directory. Read More
Coronavirus brings election security threats. Experts say tech community must help [Black Hat USA 2020]
Election security, meet the coronavirus pandemic. That was the theme of the Black Hat security conference Wednesday, a meeting of cybersecurity experts from around the world that is taking place virtually this year to help limit the spread of COVID-19. Read More
Security Researcher Shows Off Now-Fixed macOS Hack That Used Microsoft Office [Black Hat USA 2020]
Wardle shared a blog post on the exploit that he found for manipulating Office files to impact Macs, which he's highlighting during today's online Black Hat security conference. Read More
Pen Testers Who Got Arrested Doing Their Jobs Tell All [Black Hat USA 2020]
De Mercurio and Wynn, who were fully exonerated in January after all charges against them were dropped, today at Black Hat USA Virtual will publicly share the full story of their harrowing experience and how it's shaped new pen-testing engagement protocols at their company — and their advice and recommendations for fellow physical pen testers so they can avoid a similar backlash to their social engineering and physical pen-test engagements. Read More
He has now presented his experiment in the virtual edition of the Black Hat IT security conference, which usually takes place every summer in Las Vegas. Read More
Black Hat 2020: CISO Summit Advisory Board Members Reflect on the State of Security [Black Hat USA 2020]
As part of Black Hat USA 2020, BizTech spoke with advisory board members of the event’s CISO Summit about the state of the industry. Wendy Nather, head of advisory CISOs at Cisco’s Duo Security; Trey Ford, vice president of trust and strategy at Salesforce; and Justine Bone, CEO of MedSec, discussed current security trends, the evolving role of the CISO and what they believe businesses should be preparing for. Read More
Black Hat 2020: In a Turnaround, Voting Machine Vendor Embraces Ethical Hackers [Black Hat USA 2020]
Voting machine technology seller Election Systems & Software (ES&S) offered an olive branch to security researchers with new safe harbor terms and vulnerability disclosure policies at Black Hat USA 2020. Read More
Ex-NSA Hacker Finds a Way to Hack Mac Users Via Microsoft Office [Black Hat USA 2020]
As it turns out, they could. Wardle published a blog post on Wednesday morning, and will demonstrate his findings during the Black Hat security conference on Wednesday, which is being held online this year due to the coronavirus pandemic. Read More
“Most endpoints are behind an edge network now, so the IP address and the stuff you can get by watching the network connection doesn’t tell you much anymore. So people are turning to DNS for monitoring or infection,” said Eldridge Alexander, security tools manager at Duo, who is speaking about DoH benefits and concerns during the Black Hat conference Wednesday. Read More
Baking and boiling botnets could drive energy market swings and damage [Black Hat USA 2020]
Evil armies of internet-connected EV chargers, ovens, hot-water heaters, air-conditioners, and other high-wattage appliances could be hijacked to slightly manipulate energy demand, potentially driving price swings and creating financial damage to deregulated energy markets, warns a new report scheduled to be presented Aug. 5 at the Black Hat U.S. 2020 conference. Read More
An '80s File Format Enabled Stealthy Mac Hacking [Black Hat USA 2020]
At the Black Hat security conference today, former NSA hacker Patrick Wardle plans to detail that technique, which exploits a series of vulnerabilities in both Microsoft Office and macOS to gain full access to the target Mac. Read More
A Flaw Used by Stuxnet Wasn't Fully Fixed [Black Hat USA 2020]
Hadar and his colleague, Tomer Bar, a research team manager at SafeBreach, will present their research Thursday at the Black Hat security conference, which is a virtual event this year due to the pandemic. Read More
Hackers Get Green Light to Test Election Voting Systems [Black Hat USA 2020]
With the U.S. presidential election less than three months away, ES&S Chief Information Security Officer Chris Wlaschin on Wednesday will unveil the company’s outreach effort to security researchers at the annual Black Hat hacker convention that is taking place virtually this year, according to ES&S. Read More
A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return [Black Hat USA 2020]
During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet’s recent return -and how a cyber vigilante is attempting to thwart the malware’s comeback. Read More
Researchers uncover vulnerabilities in devices used at industrial facilities [Black Hat USA 2020]
“These devices tend to be overlooked,” said Trend Micro’s Marco Balduzzi, who will present his findings at the Black Hat virtual hacking conference this week. “There are some vendors that are security-conscious and others that are not.” Read More
5 Tools Out of Black Hat to Gain Better IoT Visibility [Black Hat USA 2020]
Even in the COVID era, August can’t officially start for the cybersecurity community without Black Hat USA researchers offering up some juicy exploit announcements and dropping useful security tools onto GitHub. This year’s event is fully virtual, which means no rockin’ Vegas parties—but still plenty of interesting research lined up. Read More
Top voting vendor ES&S publishes vulnerability disclosure policy [Black Hat USA 2020]
On Wednesday at the Black Hat virtual conference, CISA Director Chris Krebs urged voters to be vigilant in the face of disinformation campaigns and patient in waiting for votes to be counted. “The last measure of resilience in the 2020 election is going to be an informed, patient voter,” he said. Read More
HACKING MEDICAL DEVICES TO HIJACK SECURE FACILITIES [Black Hat USA 2020]
Michaels described how implanted medical devices—such as pacemakers and insulin pumps— could be compromised to listen to conversations, access classified information, even expose the location of these secure facilities in his presentation at this year’s Black Hat conference (which was offered virtually). Read More
The Cybersecurity World Strives To Fill The Void Of Large Conferences And Events [Black Hat USA 2020]
I should be in Las Vegas right now at the Black Hat security conference—known affectionately in cybersecurity circles as “Hacker Summer Camp”. I had it penciled in on my calendar since this time last year, but the COVID-19 pandemic derailed the plan. Read More
What to Expect at Black Hat 2020 [Black Hat USA 2020]
While Black Hat lasts a week, most of that time is devoted to training sessions that help researchers hone their skills. The two days of Black Hat briefings, open to the press and others, are where the latest revelations come to light. Each day has a keynote, and both keynotes relate to election security. Read More
Decades-Old Email Flaws Could Let Attackers Mask Their Identities [Black Hat USA 2020]
At the Black Hat security conference on Thursday, researchers will present "darn subtle" flaws in industry-wide protections used to ensure that emails come from the address they claim to. Read More
Robots Running the Industrial World Are Open to Cyber Attacks [Black Hat USA 2020]
“Attacks on industrial environments in these sectors could have serious consequences, including operational failure, physical damage, environmental harm and injury or loss of life,” according to Federico Maggi, a researcher at Trend Micro Inc., and Marcello Pogliani, an information security researcher at Politecnico di Milano, in a research report reviewed by Bloomberg News. The report will be presented Wednesday at a virtual forum organized by Black Hat, which hosts cybersecurity events around the world. Read More
Hackers Could Use IoT Botnets to Manipulate Energy Markets [Black Hat USA 2020]
At the Black Hat security conference on Wednesday, the researchers will present their findings theorizing that high-wattage IoT botnets—those made up of power-guzzling devices like air conditioners, car chargers, and smart thermostats—could be deployed strategically to increase demand at certain times in any of the nine private energy markets around the US. Read More
2020 election could be under threat from "old adversaries" and "domestic disinformation campaigns" [Black Hat USA 2020]
"The new stuff we're hearing about now, this is really interesting," said Patterson, who is covering the annual Black Hat cybersecurity conference this week. Read More
Microsoft has paid security researchers $13.7 million for bug bounties in 12 months [Black Hat USA 2020]
But the timing is no coincidence: The Black Hat USA 2020 security conference kicks off tomorrow. Microsoft is championing its holistic approach to customer security, which includes the wider security community engaging in its bug bounties. Read More
High-Wattage IoT Botnets Can Manipulate Energy Market: Researchers [Black Hat USA 2020]
The notorious IoT botnet Mirai was powered by 600,000 devices, but those were mostly low-wattage devices. However, the researchers told SecurityWeek in an interview ahead of a talk at the Black Hat cybersecurity conference, an attacker with large resources could create a botnet of high-wattage devices from scratch, by searching for vulnerabilities in the targeted IoT devices and then exploiting them in an effort to ensnare them in a botnet. Read More
Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020 [Black Hat USA 2020]
Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees. Read More
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes [Black Hat USA 2020]
Critical flaws in the popular Meetup platform were revealed Monday as part of research unleashed at this week’s Black Hat USA 2020. The flaws, which have been patched, enable the full takeover of Meetup “Groups” by threat actors, who can also redirects payments and carryout other malicious actions. Read More
Satellite Broadband Security - James Pavur - BH2020 [Black Hat USA 2020]
In my upcoming Blackhat and DEFCON briefings, I will be presenting the result of several experiments looking at real-world security and privacy in satellite broadband communications. Read More
Why Secure Remote Access Is Like The Emperors New Clothes - Charl van der Walt, Wicus Ross - BH20 #1 [Black Hat USA 2020]
Our research for Black Hat demonstrates that the Secure Remote Access or so-called 'VPN' technologies typically used by enterprises to facilitate access to their networks for remote employees are poorly understood, improperly configured and don't provide the full level of protection typically expected of them. Read More
Black Hat and Def Con 2020 go into ‘safe mode,’ offering a week of virtual trainings, briefings [Black Hat USA 2020]
The annual Black Hat USA mega-conference has launched as a virtual event with training sessions already underway, and moves into keynotes and briefings Wednesday with an opening speech by researcher Matt Blaze on election security, and on Thursday with a keynote by Renee DiResta of the Stanford Internet Observatory on “Hacking Public Opinion.” Read More
Common Container and Kubernetes Vulnerabilities [Black Hat USA 2020]
I recently spoke with Rory McCune, principal security consultant at NCC Group, to discover what common vulnerabilities exist in today’s containers and container orchestration environments. McClune will be leading the Mastering Container Security IV training, a deep two-day dive into mastering container security, during the Black Hat virtual conference Aug. 3–4. Read More
Enjoy Black Hat and DEF CON from home [Black Hat USA 2020]
In normal times, the first week of August sees a huge chunk of the cybersecurity community — researchers, journalists, vendors and policymakers — converge on Las Vegas for talks, demos, announcements and schmoozing at Black Hat and DEF CON, two of the year’s biggest hacker conferences. The coronavirus pandemic has ruled out those giant in-person confabs this year, but both conferences have adapted by implementing virtual formats, and there’s still a smorgasbord of good programming coming our way this week. Read More
Black Hat USA: Your guide to the top web hacking sessions in 2020 [Black Hat USA 2020]
All eyes are on the upcoming US Presidential Election, so it’s perhaps unsurprising that voter security is top of the agenda for Black Hat USA this year. Read More
Annual Black Hat convention travels from the Las Vegas Strip to the digital world [Black Hat USA 2020]
“Security researchers spend a lot of time finding bugs and trying to investigate how to make our digital world more secure. So, they come to Black Hat to share the results of that,” said Steve Wylie, Black Hat General Manger. Read More
'Hidden Property Abusing' Allows Attacks on Node.js Applications [Black Hat USA 2020]
A team made up of security researchers from the Georgia Institute of Technology has found a way to exploit Node.js applications by manipulating the hidden properties used to track internal program states, the group plans to announce at the virtual Black Hat USA security conference next week. Read More
IT security conference Black Hat USA 2020 starts on Saturday [Black Hat USA 2020]
Due to the corona virus pandemic, this year's Black Hat Conference, one of the most important annual IT security events, will take place from August 1st through August 6th. The necessity of social distancing gives conference visitors from all over the world the advantage of being able to attend from the comfort of their own home. Read More
Anti-NATO Disinformation Campaign Leveraged CMS Compromises [Black Hat USA 2020]
The topic of disinformation and influence campaigns is slated to be a big topic this year at Black Hat USA 2020, with keynotes surrounding election security and COVID-19 disinformation over the past few months. Read More
'Hidden Property Abusing' Allows Attacks on Node.js Applications [Black Hat USA 2020]
A team made up of security researchers from the Georgia Institute of Technology has found a way to exploit Node.js applications by manipulating the hidden properties used to track internal program states, the group plans to announce at the virtual Black Hat USA security conference next week. Read More
Top 6 cybersecurity trends to watch for at Black Hat USA 2020 [Black Hat USA 2020]
At this year's Black Hat USA 2020 computer security conference, some of the top trends expected to surface include ransomware, election security and how to protect a remote workforce. Read More
Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More [Black Hat USA 2020]
Despite COVID-19 pushing the Black Hat USA 2020 conference to go virtual for the first time, you can expect a steady stream of new security research, threat intel and an impressive lineup of high-profile speakers. Read More
Universities Explore A Path For A Safe And Secure Healthcare Ecosystem | Black Hat USA 2020 Coverage [Black Hat USA 2020]
The healthcare train is barreling down the tracks of society, fueled by new technologies and massive amounts of data. Security companies offer products and services for traditional protection/detection/response but many miss the mark on the interconnected core of the healthcare ecosystem: healthcare apps, devices, data, and 3rd-party vendors. Upon further inspection, the safety train may be running wild in the healthcare space.
And that's exactly why we decided to bring these 3 Black Hat presenters together. Read More
Black Hat Virtually: An Important Time to Come Together as a Community [Black Hat USA 2020]
It's an odd dichotomy for cybersecurity leaders and vendors this summer: Many of us are gearing up for Black Hat USA 2020, long one of the most influential conferences in the industry. But none of us are booking plane tickets, setting aside (just a little bit of) cash for the blackjack tables, or booking dinner meetings at whichever steakhouse doesn't require going out into the Las Vegas heat. Read More
Universities Explore A Path For A Safe And Secure Healthcare Ecosystem | Black Hat USA 2020 Coverage | With Seth Fogie, Alan Michaels, And Mitchell Parker [Black Hat USA 2020]
The healthcare train is barreling down the tracks of society, fueled by new technologies and massive amounts of data. Security companies offer products and services for traditional protection/detection/response but many miss the mark on the interconnected core of the healthcare ecosystem: healthcare apps, devices, data, and 3rd-party vendors. Read More
Election Security: Securing America's Future | With Christopher Krebs, CISA | Black Hat USA 2020 [Black Hat USA 2020]
Listen to this podcast we had with Christopher Krebs, Director at the Cybersecurity and Infrastructure Security Agency (CISA) as he presents his upcoming session at Black Hat 2020 Virtual Edition; and so much more. Read More
Dark Reading Video News Desk Returns to Black Hat [Black Hat USA 2020]
For 2020, Black Hat USA has transformed into Black Hat Virtual, moving out of Vegas and onto the Internet. And when the action kicks off next week, the Dark Reading News Desk team will be there. (The desk won't.) Read More
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event [Black Hat USA 2020]
lack Hat Arsenal is a venue for developers and researchers to showcase the latest open source tools to members of the cybersecurity community. Read More
How CISOs can deal with cybersecurity stress and burnout [Black Hat USA 2020]
Cybersecurity stress and mental health conversations have become more frequent recently, and Mogull said the security industry can learn a lot from EMS. Mogull is presenting on the topic at Black Hat 2020. Read More
Election Security: Securing America's Future | With Christopher Krebs, CISA | Black Hat USA 2020 [Black Hat USA 2020]
Seems that now, more than ever, we found ourselves in a situation where the outcome of a Democratic election could be manipulated by external actors — or at least we are very worried that it is a possibility. We know for a fact that various sorts and levels of cultural propaganda have been tried for many decades, but it has never been as powerful as it has been since the advent of the Internet and social media. At this point, we know that not only is it possible; it is also a fact. Read More
Email Security Features Fail to Prevent Phishable 'From' Addresses [Black Hat USA 2020]
Three standards for email security that are supposed to verify the source of a message have critical implementation differences that could allow attackers to send emails from one domain and have them verified as sent from a different — more legitimate-seeming — domain, says a research team who will present their findings at the virtual Black Hat conference next month. Read More
Google lead says he’s ‘disappointed’ with Apple’s new iPhone security program [Black Hat USA 2020]
Apple’s Security Research Device program has been long overdue and was first mentioned last year at the Black Hat security conference by the company’s head of security, Ivan Krstic. Read More
8 Cybersecurity Themes to Expect at Black Hat USA 2020 [Black Hat USA 2020]
While many a security professional currently laments the inability to meet up with peers for real-life security summer camp this year, the good news is that Black Hat USA 2020 is a go for virtual attendees. The conference organizers have still managed to capture the zeitgeist of the security industry through Black Hat programming, which will feature the same kinds of vulnerability disclosures, attack research, and exploit tools that regulars have come to expect. Read More
Black Hat USA 2020 Coverage The Virtual Experience | With BH General Manager Steve Wylie [Black Hat USA 2020]
While we will miss being there, here is what we won't miss as it's all still happening: training, tracks, an amazing conversation about election security, healthcare, mobile, digital transformation, and obviously, cybersecurity's new world connected to the work-from-home new normal.
Listen to our chat with Steve to find out all that the Black Hat virtual experience has to offer. Read More
Apple is now supplying bug bounty hunters with special iPhones [Black Hat USA 2020]
During the Black Hat security conference last year, Apple said that it intended to provide special iPhones to bug hunters. The idea was to help them find bugs so that Apple could squash them and the company is now coming good. Read More
Apple's New iPhone Rewards Hackers for Bugs [Black Hat USA 2020]
At last year's Black Hat hacker conference in Las Vegas, Apple announced that it would be releasing hackable iPhones to help security researchers investigate the smartphones for vulnerabilities. Read More
Apple's new security program gives special iPhone hardware, with restrictions attached [Black Hat USA 2020]
At last year's Black Hat cybersecurity conference, Apple first said it would be providing modified iPhones for security researchers. It launched the program Wednesday, saying it would be accepting applications immediately and that researchers who apply should expect to get their devices very soon. Read More
Apple Starts Giving 'Hacker Friendly' iPhones to Top Bug Hunters [Black Hat USA 2020]
Last year at the Black Hat security conference, Apple’s head of security Ivan Krstic told a crowd of security researchers that it would give its most-trusted researchers a “special” iPhone with unprecedented access to the the device’s underbelly, making it easier to find and report security vulnerabilities that Apple can fix in what it called the iOS Security Research Device program. Read More
An Overview of Black Hat USA 2020 - Steve Wylie - ESW #191 [Black Hat USA 2020]
Tune-in to get the inside scoop on Blackhat 2020! Steve Wylie, Black Hat General Manager, joins us to talk about to what attendees can expect from this year's virtual Blackhat event. Steve discusses the highly-anticipated briefings, trainings, new tracks, community programs, and the all new virtual conference platform. Read More
Q&A: How Systemic Racism Weakens Cybersecurity [Black Hat USA 2020]
Stewart will lead a discussion session at Black Hat USA Virtual on "Taking Steps to Break Down Systemic Racism in Cybersecurity," in the event's Community track, on Thursday, Aug. 6, at 10 a.m. PT. Read More
Checkmate: Cybersecurity Strategy on the Modern Battlefield [Black Hat USA 2020]
The same technique can be applied to security. In fact, according to recent research conducted at Black Hat conference in 2019, over 70% of respondents said their businesses conduct ‘red team’ exercises. Simulated attacks can be employed to actively seek out vulnerabilities in their own security infrastructure – an effective way to proactively prepare for real attacks in the future. Read More
Infosec pro Vandana Verma on improving diversity and helping to grow the Indian security community [Black Hat USA 2020]
“Keeping pace with the current restrictions due to the spread of Covid-19, OWASP Bangalore Chapter has also gone online and our sessions are published on our YouTube channel.”
This is part of a wider move towards online events: Verma was due to speak at Black Hat in August. Read More
Researcher Matt Blaze tapped for Black Hat keynote on election security issues [Black Hat USA 2020]
Matt Blaze, cyber researcher and professor of computer science and law at Georgetown University, will deliver a keynote on election security to help launch this year’s all-digital Black Hat conference in August. Read More
Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems [Black Hat USA 2020]
Wixey will share more puzzles, riddles, and observations made while creating this initiative in his upcoming Black Hat USA talk, "Breaking Brains, Solving Problems: Lessons Learned from Two Years of Setting Puzzles and Riddles for Infosec Professionals" on Thursday, August 6. Read More
Lost in Translation: Serious Flaws Found in ICS Protocol Gateways [Black Hat USA 2020]
Marco Balduzzi, senior research scientist with Trend Micro, next month at the Black Hat USA virtual event will disclose details of multiple vulnerabilities he and his team discovered in a sampling study of five popular ICS gateway products. Their findings focused not on the gateways' software nor the industrial protocols as in previous research, but rather on a lesser-studied function: the protocol translation process the devices conduct. Read More
A Paramedic's Lessons for Cybersecurity Pros [Black Hat USA 2020]
Mogull will share stories and lessons about his parallel careers in an upcoming Black Hat USA talk, "The Paramedic's Guide to Surviving Cybersecurity," on Thursday, August 6. Read More
Black Hat announces first keynote for August virtual conference, focusing on disinformation [Black Hat USA 2020]
The first announced keynote speech for Black Hat’s all-digital 2020 conference will focus on disinformation, with a presentation from a leading researcher into one of the hottest and most difficult issues facing policymakers. Read More
A Most Personal Threat: Implantable Devices in Secure Spaces [Black Hat USA 2020]
Michaels will be presenting results of his research at Black Hat, in a session titled "Carrying Our Insecurities with Us: The Risks of Implanted Medical Devices in Secure Spaces" at 10:00 a.m. on Wednesday, August 5. Read More
How Advanced Attackers Take Aim at Office 365 [Black Hat USA 2020]
Madeley and Bienstock will discuss more of these attack methods in their upcoming Black Hat USA talk, "My Cloud is APT's Cloud: Investigating and Defending Office 365," on August 6, 2020. Read More
Building Security Strategies in Sub-Saharan Africa: Trends and Concerns [Black Hat USA 2020]
Tich and Kilel will share insights into the sub-Saharan security landscape, along with proposed policies and solutions, in their upcoming Black Hat USA talk, "Building Cyber Security Strategies for Emerging Industries in Sub-Saharan Africa," to take place on Aug. 6, 2020. Read More
COVID-19 pandemic has changed cybersecurity utterly [Black Hat USA 2020]
A survey of more than 270 cybersecurity professionals published this week by the host of the Black Hat Conference finds 80 percent of respondents said they believe the pandemic will lead to significant changes in cybersecurity operations. Only 15 percent said they believe cybersecurity operations and threat flow will return to normal once the COVID-19 pandemic subsides. Read More
Cybersecurity Risks Increase as Nation Adapts to Effects of COVID-19; Bryan Ware Quoted [Black Hat USA 2020]
COVID-19 has triggered a wave of cybersecurity threats in a variety of industries, and security professionals predict that there will be no return to normality. Black Hat has found that 94 percent of current and former attendees believe that COVID-19 increases the cyber threat to enterprise systems and data. Read More
Security Predictions: COVID-19 Edition [Black Hat USA 2020]
Black Hat's survey, Cyber Threats in Turbulent Times, describes how the COVID-19 pandemic will have a huge impact on the information security industry in the second half of 2020. Read More
COVID-19-triggered threat changes will linger beyond crisis, say most security pros [Black Hat USA 2020]
A commanding 94% majority of respondents to a new Black Hat survey says the pandemic has increased cybersecurity threats to enterprise systems and data – and many say it will continue to. Read More
Black Hat survey: Unprecedented stress in cyber ecosystem amid COVID-19 upheaval [Black Hat USA 2020]
Black Hat USA on Tuesday released the results of its sixth annual survey of attendees at one of the world’s largest conferences for cyber professionals – to be held online this year – finding deep concerns about the lasting impact of the pandemic on cybersecurity. Read More
Administration officials under spotlight [Black Hat USA 2020]
Only 15 percent of experts “believe that cyber operations and threat flow will return to normal” after the pandemic ends, the organizers of the Black Hat security conference said in their annual survey of past attendees. Eighty-four percent of respondents “believe that significant, lasting changes will occur, at least in some industries.” Read More
Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19 [Black Hat USA 2020]
Annual "Black Hat USA Attendee Survey" indicates unprecedented concern over possible compromises of enterprise networks and US critical infrastructure. Read More
Coronavirus creating big cyber risks that will persist in long term, experts say [Black Hat USA 2020]
Only 15 percent of experts “believe that cyber operations and threat flow will return to normal” after the pandemic ends, the organizers of the Black Hat security conference said in their annual survey of past attendees. Eighty-four percent of respondents “believe that significant, lasting changes will occur, at least in some industries.” Read More
‘Lamphone’ Hack Uses Lightbulb Vibrations to Eavesdrop on Homes [Black Hat USA 2020]
“Fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time,” said researchers with the Ben-Gurion University of the Negev and Weizmann Institute of Science, in a paper published this week. The research will be further presented at the Black Hat USA 2020 virtual conference in August. Read More
Lamphone attack lets threat actors recover conversations from your light bulb [Black Hat USA 2020]
Additional details are available in the research team's academic paper, entitled "Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations". The research team's work will be presented in August at the Black Hat security conference. Read More
How You Can Use a Light Bulb to Eavesdrop on People's Conversations [Black Hat USA 2020]
"We show how fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time," the researchers write in their new paper, which they plan to present later this year at the Black Hat USA security conference. Read More
Spies Can Eavesdrop by Watching a Light Bulb's Vibrations [Black Hat USA 2020]
"Any sound in the room can be recovered from the room with no requirement to hack anything and no device in the room," says Ben Nassi, a security researcher at Ben-Gurion who developed the technique with fellow researchers Yaron Pirutin and Boris Zadov, and who plans to present their findings at the Black Hat security conference in August. "You just need line of sight to a hanging bulb, and this is it." Read More
Hacker Used £270 of TV Equipment to Eavesdrop on Sensitive Satellite Communications [Black Hat USA 2020]
James Pavur, a Rhodes Scholar and DPhil student at Oxford, will detail the attack in a session at the Black Hat security conference in early August. Read More
New Spectra attack breaks the separation between Wi-Fi and Bluetooth [Black Hat USA 2020]
"Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum, and wireless chips need to arbitrate the channel access," the research team said today in a short abstract detailing an upcoming Black Hat talk. Read More
Tech's Volkswagen moment? Trend Micro accused of cheating Microsoft driver QA by detecting test suite [Black Hat USA 2020]
"Most of the security concerns I have with Trend Micro's driver were shocking because most of them were not mistakes," said Demirkapi, who has presented at hacking super-conference DEF CON and is due to discuss Windows rootkits at Black Hat USA 2020. Read More
PrintDemon vulnerability impacts all Windows versions [Black Hat USA 2020]
PrintDemon is tracked under the CVE-2020-1048 identifier. Two security researchers from SafeBreach Labs, Peleg Hadar and Tomer Bar, were the first to discover the issue and report it to Microsoft. The two will be presenting their own report on the issue at the Black Hat security conference in August. Read More
New flaw in the Intel Thunderbolt port puts millions of laptops in risk of being hacked [Black Hat USA 2020]
Ruytenberg also said that no software update can patch this issue, and Intel has to get back to the drawing board and make hardware changes to fix this issue.
Ruytenberg plans to present his Thunderspy research at the Black Hat security conference this summer. Read More
Hacking technique makes millions of devices vulnerable, research finds [Black Hat USA 2020]
The researcher will be detailing his discovery at a Black Hat security conference this summer, and is releasing a tool so that people can see if their computers might be vulnerable to the hack. Read More
Millions of Thunderbolt-Equipped Devices Open to ‘ThunderSpy’ Attack [Black Hat USA 2020]
A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes.
Ruytenberg plans to present his research at the Black Hat USA conference this summer. Read More
Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking [Black Hat USA 2020]
"All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop," says Ruytenberg, who plans to present his Thunderspy research at the Black Hat security conference this summer—or the virtual conference that may replace it. Read More
The best security conferences of 2020 [Black Hat Asia 2020]
This is the Asian sister of the famous North American conference for hackers held in Las Vegas. It combines hands-on training sessions taught by industry experts with briefings containing cutting-edge research, including the latest zero-day vulnerabilities. There's also a business hall for solutions and service providers, and an "arsenal" feature where the latest open-source security tools are demonstrated. Read More
Ransomware Attackers May Lurk for Months, FBI Warns [Black Hat Europe 2019]
Or in the case of nation-state hacking operations, attackers may deploy ransomware to make the intrusion look like a criminal undertaking, while helpfully wiping their digital forensic tracks, as Jake Williams, head of cybersecurity consultancy Rendition Infosec, told me at this month's Black Hat Europe conference in London Read More
Ransomware 2.0: Cybercrime Gangs Apply APT-Style Tactics [Black Hat Europe 2019]
In this interview (see audio link below the image) recorded a the recent Black Hat Europe 2019 conference, Williams also discusses how hackers are "surgically targeting backup solutions" before deploying ransomware Read More
Google charts progress in developing Site Isolation browser technology [Black Hat Europe 2019]
During a presentation at the Black Hat Europe conference in London earlier this month, Google software engineers Nasko Oskov and Charlie Reis offered an update (PDF) on the development of its Site Isolation technology. Read More
#SocialSec – Hot takes on this week’s biggest cybersecurity news (Dec 13) [Black Hat Europe 2019]
Google believes the feature will help to combat SMS phishing attacks – a topic covered at Black Hat Europe last week – that seek to deceive users with “things like one-time passwords, account alerts, or appointment confirmations”. Read More
YouTube users be aware: Your viewing habits can be tracked [Black Hat Europe 2019]
Ran Dubin, a doctoral student in the BGU Department of Communication Systems Engineering who is an expert in cyber security, presented this research at the Black Hat Europe meeting in London. Read More
Visual Journal: Black Hat Europe 2019 [Black Hat Europe 2019]
Black Hat Europe returned to London last week. Once again held at the ExCeL conference center in the city's Docklands quarter, the annual cybersecurity conference featured in-depth training as well as two days of briefings, vendor exhibitions in a packed business hall, sessions run by vendors, in-depth technical demonstrations and more. Read More
Cybersecurity: How Facebook's red team is pushing boundaries to keep your data safe [Black Hat Europe 2019]
Amanda Rousseau, offensive research engineer at Facebook, who was formerly a malware researcher and a computer forensic examiner, detailed how the red teaming at Facebook works – and the challenges it involves – at the Black Hat Europe 2019 cybersecurity conference in London. Read More
‘Alexa, hack my serverless technology’ – attacking web apps with voice commands [Black Hat Europe 2019]
Speaking at the Black Hat Europe conference in London last week, researcher Tal Melamed took control of vulnerable applications hosted on serverless environments using Alexa-guided SQL injection attacks. Read More
Top Ten: Things We Learned in 2019 [Black Hat USA 2019]
Deepfakes have been an emerging trend in 2019, with claims that their use could have political impact. At the Black Hat conference in Las Vegas in August, security vendor ZeroFOX disclosed research on deepfakes, and how to improve detection. Read More
Panasonic Use Honeypot for the Safety of its IoT Products [Black Hat Europe 2019]
Panasonic uses two web sites honeypots that are built specifically and have the effect of exposing the device to the internet. "This is to lure cyber criminals to attack the device," ZDNet wrote , Monday (9 December 2019) which summarizes the presentations of two Panasonic officials at the "Black Hat Europe" event in London. Read More
SIEMs like a stretch: Elastic searches for cash from IT pros with security budgets [Black Hat Europe 2019]
They're a bit coy about it, though. The global biz's James Spiteri told The Register at Black Hat Europe that this was all about offering customers a better choice of integrated tools, with eating a slice of the pies being baked by others on its Elasticsearch tool as a very distant second priority. Of course. Read More
When it rappels in the cloud container [Black Hat Europe 2019]
Fork Bombs are not new, but they seem to be able to dislodge a Kubernetes. How the bomb can be defused and what other potential problems lurk in build environments was a topic at Black Hat Europe. Read More
Maersk CISO Says NotPeyta Devastated Several Unnamed US firms [Black Hat Europe 2019]
Speaking at Black Hat Europe 2019, A.P. Moller Maersk A/S Chief Information Security Officer Andrew Powell said he believes globally approximately 600 companies were damaged by NotPetya around the time of the Maersk attack. Read More
Honeypots: Best Bet for IoT Security? [Black Hat Europe 2019]
In a recent presentation at Black Hat Europe in London, security researchers from Panasonic, Hikohiro Y Lin and Yuki Osawa, detailed that how they’re executing honeypots. Read More
How Panasonic is using internet honeypots to improve IoT device security [Black Hat Europe 2019]
The process was detailed by Hikohiro Y Lin, general manager and head of the product security incident response team, and Yuki Osawa, senior engineer at Panasonic Corporation, presenting a session at Black Hat Europe in London. Read More
When the screens went black: How NotPetya taught Maersk to rely on resilience – not luck – to mitigate future cyber-attacks [Black Hat Europe 2019]
ecounting the remarkable stroke of luck at the Black Hat Europe conference in London last week, Maersk CISO Andy Powell said the malware wiped out almost all online backups of the company’s Active Directory – save, mercifully, for a piece held in its powered-down Lagos office. Read More
8 Takeaways: Black Hat Europe's Closing 'Locknote' Panel [Black Hat Europe 2019]
On Thursday, the final day of this year's annual cybersecurity conference, Black Hat founder and organizer Jeff Moss (@thedarktangent) took to the stage, joined by several member of the Black Hat review board. The board reviews and selects all of the conference briefings. Read More
SEC Xtractor – Experts released an open-source hardware analysis tool [Black Hat Europe 2019]
An open-source bootloader was used to program the device via USB. No external programmer is needed to reflash the ATXmega microcontroller. The black color for the main PCB and the NAND/NOR adapters were chosen because the launch was made during Black Hat Europe 2019 Arsenal. Read More
Maersk CISO: I don't trust the built-in security of the cloud [Black Hat Europe 2019]
At Maersk, CISO (Chief Information Security Officer) Andy Powell does not immediately have the big scam of the built-in security on the cloud platforms. He came up with the topic during a presentation at the Black Hat Europe Security Conference taking place in London this week. Read More
How the Adversarial Mindset Is Making Cybersecurity Better [Black Hat Europe 2019]
In this interview (see audio link below the image) recorded at Black Hat Europe 2019, Moss also discusses the increased use of red teams to help organizations' blue teams and engineers to be more effective Read More
The best hacks from Black Hat Europe 2019 [Black Hat Europe 2019]
If there was still any semblance of doubt, security researchers proved once again that anything based on a computer can and will be hacked during the Black Hat Europe conference this week. Read More
Search engine detects security holes in security cameras [Black Hat Europe 2019]
At Black Hat Europe 2019, Japanese security researchers from NTT have launched an online search that will help them discover security holes in no-name security cameras. Read More
Doors of Durin: backdoor in Siemens PLC [Black Hat Europe 2019]
After a welcome by the Black Hat founder Jeff Moss started yesterday the 19th Black Hat Europe in London. Among other things, security researchers from the University of Bochum showed that there is a backdoor in a Siemens PLC. Read More
How to fool infosec wonks into pinning a cyber attack on China, Russia, Iran, whomever [Black Hat Europe 2019]
Faking digital evidence during a cyber attack – planting a false flag – is simple if you know how, as noted infosec veteran Jake Williams told London's Black Hat Europe conference. Read More
Behind the story: Journalist Geoff White takes a closer look at the fragile ties between security and the media [Black Hat Europe 2019]
Speaking at the Black Hat Europe conference in London yesterday (December 4), White noted that media outlets published the story on public interest grounds. Read More
Barq: Post-exploitation framework plays havoc with AWS infrastructure [Black Hat Europe 2019]
Barq, a post-exploitation framework that allows penetration testers and red teamers to easily perform attacks on running AWS infrastructure, was showcased during the Arsenal sessions at Black Hat Europe today (December 5). Read More
Black Hat Europe: Mental health websites are leaking user data [Black Hat Europe 2019]
At Black Hat Europe in London, researchers reveal the extent to which confidential data is being leaked to third parties by online mental health websites Read More
Black Hat Europe: New tool offers Metasploit-like framework for hacking into drones [Black Hat Europe 2019]
Progress in developing the tool, dubbed ‘DroneSploit’, was outlined by its developers, Alexandre D’Hondt and Yannick Pasquazzo, during an Arsenal session at the Black Hat Europe conference in London today (December 5). Read More
Black Hat Europe 2019: Did your employee leave with the data? [Black Hat Europe 2019]
Departing employees account for more than half of all insider threat incidents; Two out of three professionals openly admit to taking data with them when they quit Read More
"Hackers hack - but you should know the tools they use" [Black Hat Europe 2019]
Lars Dobos attends the Black Hat conference in London and is struck by the fact that the world certainly does not suffer from a lack of hacking tools. Read More
#BHEU: Mental Health and Depression Websites Share Details in Plain Text [Black Hat Europe 2019]
Revealing research around web and cookie security at Black Hat Europe in London, Eliot Bendinelli, technologist at Privacy International and Frederike Kaltheuner, formerly of Privacy International and now tech policy fellow at Mozilla, described how a number of websites offering “tests” on mental health and depression shared results with third parties. Read More
False flag cyber operations likely to further muddle the complex attribution puzzle [Black Hat Europe 2019]
Jake Williams, principal consultant at Rendition Infosec and former US Department of Defense (DoD) cybersecurity expert who has taken part in offensive ops, told delegates at this year’s Black Hat Europe that conducting a false flag cyber operation is a lot easier than people tend to think. Read More
Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism [Black Hat Europe 2019]
Now that major data leaks are a semi-regular occurrence it’s more important than ever for cybersecurity professionals to understand how the media covers them, and there’s no better place to do that than Black Hat Europe in London this week. Read More
Black Hat Europe 2019: Facebook’s Amanda Rousseau on rabbit holes, red team ops, and challenging security assumptions [Black Hat Europe 2019]
Facebook red teamer Amanda Rousseau lamented an incipient hyper-specialization among infosec professionals during her keynote address at Black Hat Europe 2019 today (December 4). Read More
#BHEU: Consider Adversarial Thinking, Ask If the Tool Works [Black Hat Europe 2019]
Delivering the opening keynote at Black Hat Europe, offensive security engineer Amanda Rousseau talked about the move from a defensive to offensive role, and how narrow that has made our thinking. Read More
Gates wide open to contactless fraud [Black Hat Europe 2019]
But two security researchers, speaking at the Black Hat Europe 2019 conference in London on December 4, painted a much darker picture of contactless payment risks. Read More
WHID Elite: Weaponized USB gadgets boast multiple features for the stealthy red teamer [Black Hat Europe 2019]
Presenting the tool on the Arsenal track at this year’s Black Hat Europe, Bongiorni explained how he wanted to develop the capabilities of a previous iteration, WHID Injector – a USB device that, once plugged into a target’s machine, could allow an attacker to remotely inject keystrokes without the need for physical access. Read More
#BHEU: Foster the Right Skills, Culture and Share Knowledge [Black Hat Europe 2019]
Opening the 19th Black Hat Europe in London, founder Jeff Moss said that over the years the diversity of the security community has grown as well has the expansion of skills to include both hard and soft skills. Read More
Unknown error in Windows Hello for Business - fix released today, but not by Microsoft [Black Hat Europe 2019]
A hitherto unknown error in Windows Hello for Business has been discovered by a Czech security researcher presenting his findings at the Black Hat conference in London. The researcher has developed his own tool, but Microsoft's own patch may be delayed. Read More
Black Hat Europe: Red teams and blue teams must evolve in the 2020s [Black Hat Europe 2019]
The concepts of red teams and blue teams in cyber security should be redefined for the 2020s, and both sides need to come together and learn from each other, according to Facebook offensive security engineer Amanda Rousseau, who opened Black Hat Europe 2019 by calling for a new approach to this fundamental aspect of security culture. Read More
Attack detection: Zhouhe uses machine learning to hunt for network traffic threats [Black Hat Europe 2019]
“Meanwhile, our machine learning algorithms let us know some unknown threats or 0day that cannot be detected by the ruleset, so that we can better write rules.” Rui Xiao and Rui Zhang demonstrated their tool during a Black Hat Europe Arsenal presentation earlier today (December 4). Read More
The Future of Texting Is Far Too Easy to Hack [Black Hat Europe 2019]
At the Black Hat security conference in London on Tuesday, German security consultancy SRLabs demonstrated a collection of problems in how RCS is implemented by both phone carriers and Google in modern Android phones. Those implementation flaws, the researchers say, could allow texts and calls to be intercepted, spoofed, or altered at will, in some cases by a hacker merely sitting on the same Wi-Fi network and using relatively simple tricks Read More
What's in a Botnet? Researchers Spy on Geost Operators [Black Hat Europe 2019]
García, Shirokova, and their fellow researcher María José Erquiaga, also of the Czech Technical University in Prague, presented their findings today at Black Hat Europe. Read More
Password-Cracking Teams Up in CrackQ Release [Black Hat Europe 2019]
Security services firm Trustwave has released an open source project aimed at companies that want to provide password-cracking as a service to their security teams and red teams, the company announced today at the Black Hat Europe conference. Read More
Cybersecurity Defenders: Channel Your Adversary's Mindset [Black Hat Europe 2019]
A clear theme Wednesday throughout the first day of the Black Hat Europe conference was the importance of approaching the design and defense of networks and systems by thinking like the enemy. Read More
SMS phishing: TapIt framework enables large-scale social engineering campaigns [Black Hat Europe 2019]
A framework for automating large-scale SMS phishing campaigns, including SMS tracking, web payloads, and credential harvesting, has been showcased at this year’s Black Hat Europe. Read More
Hack that lifts limits on contactless card payments debuts at Black Hat Europe 2019 [Black Hat Europe 2019]
During a presentation at the Black Hat Europe conference in London today (December 4) the researchers demonstrated for the first time how to bypass the UK £30 ($39) limit for contactless payments made using physical cards. Read More
Vulnerabilities In RCS Technology Exposes Android Users To Cyber Attacks Attribution link: https://latesthackingnews.com/2019/12/03/vulnerabilities-in-rcs-technology-exposes-android-users-to-cyber-attacks/ [Black Hat Europe 2019]
Presently, researchers have briefly hinted towards their findings. Whereas, they plan to reveal more about the RCS vulnerabilities in the upcoming Black Hat Europe 2019. Read More
15 Hot Sessions at Black Hat Europe 2019 [Black Hat Europe 2019]
Black Hat Europe returns this week to London. Now in its 18th year, the conference features 100 speakers and researchers delivering 15 in-depth technical training sessions and more than 40 briefings. Read More
Siemens Offers Workarounds for Newly Found PLC Vulnerability [Black Hat Europe 2019]
Ali Abbasi, a research scholar at Ruhr-University Bochum, doctoral student Tobias Scharnowski, and professor Thorsten Holz will present their findings this week in London at Black Hat Europe. The researchers alerted Siemen, which says it plans to fix the flaw. Read More
When Rogue Insiders Go to the Dark Web [Black Hat Europe 2019]
"In English-language forums, they tend to be a lot more cautious and suspicious," especially now that they are aware of researchers and law enforcement infiltrating their spaces, she says. And because law enforcement has been shuttering some of these forums over the past couple of years, it's harder to track where the rogue insiders go next, notes Wright, who will present some of IntSights' latest Dark Web findings at Black Hat Europe in London this week. Read More
RCS delivers new texting features—and old security vulnerabilities [Black Hat Europe 2019]
Since our original interview in November, Nohl has uncovered another method of intercepting RCS texts and calls that exploits how the messaging app validates the certificate. SR Labs plans to include this discovery in its Black Hat Europe presentation. Read More
20 TOP CYBERSECURITY TRAINING PROGRAMS [Black Hat Europe 2019]
Black Hat hosts multi-day labs in urban centers (like Las Vegas and Singapore) that are focused on topics like penetration testing and web application vulnerabilities. The professional organization for cybersecurity vendors and professionals has hosted those types of educational events for more than two decades. Read More
RCS messaging features may entice you, but its carrier implementation is reportedly not safe [Black Hat Europe 2019]
Though it seems to be a major security threat, for now, there is no evidence that hackers have done any such thing. Hopefully, researchers would reveal more information when they talk about the findings at the Black Hat Europe conference in December. Read More
Some carrier RCS implementations have security issues [Black Hat Europe 2019]
Full details will be revealed at the Black Hat Europe conference later this week, but the short version is that, while nothing is wrong with the base RCS standard, it is partly undefined, leaving certain details up to the carriers. It's those parts that are prone to security issues. Read More
RCS is being implemented dangerously, leaving users vulnerable to attack [Black Hat Europe 2019]
While SRLabs's full research is due to be presented at December's Black Hat Europe conference, the group has given a summary of its findings ahead of this. It found that RCS left users exposed to the risk of message interception, impersonation, tracking, and much more. Read More
New SMS Alternative ‘RCS Standard’ Is Exposing Users To Security Threats [Black Hat Europe 2019]
GSM told Vice that while they appreciate the efforts made by SLabs to the public the security issues; however, the research includes “no new, vulnerabilities” that the body wasn’t aware of. The SLabs researchers will report their findings in the Black Hat December conference in Europe. Read More
New Android Text Messaging Update ‘Exposes Most Users To Hacking’ [Black Hat Europe 2019]
The issues raised by SRLabs are more straightforward. And with RCS already being deployed in around 70 countries, it needs fixing quickly. The good news is that the major networks seem to be open to reviewing the research and adapting deployments.
SRLabs will present more of its findings at Black Hat Europe in December. Read More
The new RCS services are not all bed and roses: they hide serious security problems [Black Hat Europe 2019]
But there is more: according to Nohl it is indeed a scandal that important Telco companies such as Vodafone , AT&T, Verizon, Sprint and many others have embraced the RCS services without the consent of their users, obviously exposing them to such important security problems. Researchers Luca Melette and Sina Yazdanmehr will present all their findings during the Black Hat Europe conference this December, showing all the limitations discovered so far. Read More
Bad RCS implementations are creating big vulnerabilities, security researchers claim [Black Hat Europe 2019]
SRLabs will be presenting its findings at the Black Hat Europe conference in December, after showing off some of its work at the DeepSec conference today. Read More
Google’s RCS messaging could rival iMessage, but for now it’s a security nightmare [Black Hat Europe 2019]
The good news is that the GSMA and the carriers are aware of these issues, and fixes are probably on the way. The researchers will further explain their RCS findings at the Black Hat Europe conference next December. Read More
SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos [Black Hat Europe 2019]
SRLabs researchers Luca Melette and Sina Yazdanmehr will present their RCS findings at the upcoming Black Hat Europe conference in December, and discussed some of their work at security conference DeepSec on Friday Read More
The hidden reason why companies are struggling to secure cloud infrastructure [Black Hat Europe 2019]
In an upcoming talk for Black Hat Europe 2019 ("Inside Out: The Cloud Has Never Been So Close"), XM Cyber senior security researchers will outline a new approach to attacking cloud infrastructure. This technique illustrates the relationships between various identities, resources and policies, in the process identifying vulnerable choke points that require immediate remediation. Read More
New Free Emulator Challenges Apple's Control of iOS [Black Hat Europe 2019]
A security researcher at Black Hat Europe in London next week plans to release an open source low-level emulator that can run a version of Apple's mobile operating system. Read More
Researchers Explore How Mental Health Is Tracked Online [Black Hat Europe 2019]
Bendinelli and Frederike Kaltheuner, tech policy fellow with the Mozilla Foundation, will present more of these research findings at the Black Hat Europe 2019 conference in a briefing entitled "Is Your Mental Health for Sale?" Read More
Black Hat Europe Q&A: Unveiling the Underground World of Anti-Cheats [Black Hat Europe 2019]
Anti-cheat software safeguards countless online game players every year, but it’s not bulletproof. At Black Hat Europe in London next month attendees will learn firsthand where the chinks are in the armor of modern anti-cheat solutions Read More
Global Witness urges UK authorities to investigate links between illicit crypto exchanges and Russian security services [Black Hat USA 2019]
Thus, the FSB-Bilyuchenko case could further highlight the emerging trend os "infighting among Russian security services in the cyber sphere," a theme that headlined a briefing given by Kimberly Zenz, an American cyber-threat intelligence expert who focuses on Russia, at the 2019 Black Hat hacker conference in Las Vegas last August. Read More
Windows Hello for Business Opens Door to New Attack Vectors [Black Hat Europe 2019]
To learn more about how WHfB operates, Grafnetter has spent the past year studying the feature and the past two months doing a deep dive. He will present his findings at the upcoming Black Hat Europe show in a briefing entitled "Exploiting Windows Hello for Business." Read More
Undocumented Access Feature Exposes Siemens PLCs to Attacks [Black Hat Europe 2019]
Abbasi says they have reported their findings to Siemens in March and the company released an advisory this week to inform customers that it’s working on a solution. In the meantime, customers have been advised to ensure protection against physical access and apply defense-in-depth recommendations. The industrial giant told the researchers that it would remove the problematic access mode from PLCs.
The researchers plan on presenting their findings next month at the Black Hat Europe conference in London. Read More
Android users beware: 146 bugs found in preinstalled apps [Black Hat USA 2019]
In a Black Hat 2019 presentation, Google security researcher Maddie Stone said an Android device often has 100 to 400 preinstalled apps. If you're a malicious actor, Stone said in the presentation, you "only have to convince one company to include your app, rather than thousands of users." Read More
Officials warn about the dangers of using public USB charging stations [Black Hat USA 2019]
Across the years, several proofs-of-concept were created. The most notorious is Mactans, presented at the Black Hat 2013 security conference, which was a malicious USB wall charger that could deploy malware on iOS devices. Read More
Chinese Hackers Now Stealing Text Messages, Phone Records From Telecom Companies [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas, FireEye detailed how APT41 Chinese hackers broke into the production environment of a video gaming company, so as to manipulate the amount of virtual currency available to them. They are also using ransomware to shake down companies in exchange for cryptocurrency ransom payments. Read More
Researchers Find New Approach to Attacking Cloud Infrastructure [Black Hat Europe 2019]
At this year's Black Hat Europe, Gofman and Shani plan to demonstrate an alternative new approach to attacking cloud infrastructure in a talk titled "Inside Out — The Cloud Has Never Been So Close." Their methodology involves using a graph to show permission relationships between different entities, revealing risky choke points that need to be addressed and eliminated. Read More
Hidden access function detected in Siemens PLC [Black Hat Europe 2019]
Researchers reported the find of Siemens, now the company is working to eliminate the vulnerability. Experts will present detailed results of the study at the Black Hat Europe conference in December 2019. Read More
Black Hat Q&A: Hacking a '90s Sports Car [Black Hat Europe 2019]
Communicating with your car and building your own tools is easier than you think, and well worth the effort, says Stanislas Lejay who will be briefing attendees in London at Black Hat Europe next month on Unleashing the Power of My 20+ Years Old Car. It's a fun and fascinating look at Lejay's efforts to bypass the speed limiter (set at ~180 km/h) and still pass inspection. Read More
Siemens PLC Feature Can Be Exploited for Evil - and for Good [Black Hat Europe 2019]
The researchers built a tool that performs this forensic memory dump, which they will release at Black Hat Europe next month in London when they will present their research findings Read More
The CyberWire Daily Podcast, Wednesday, October 16, 2019 [Black Hat Europe 2019]
It's a great way to demonstrate that either you have the offensive capabilities or that you have the defense capabilities. The capture the flag scenarios and games that are being run at conferences like Black Hat and Defcon are serving several purposes. - See more at: https://thecyberwire.com/podcasts/cw-podcasts-daily-2019-10-16.html#.dpuf Read More
Developers' Code Reuse Security Conundrum: Cut, Paste, Fail [Black Hat Europe 2019]
That question was posed at the December 2018 Black Hat Europe in London. At the ending "locknote" panel discussion, an audience member asked Black Hat founder Jeff Moss if it was time to get tough on vendors that produce poor software, because the basics - including the Open Web Application Security Project's top 10 most critical application security risks - haven't changed fundamentally in years. Read More
Targeted threat intelligence and what your organization might be missing [Black Hat USA 2019]
In this Help Net Security podcast recorded at Black Hat USA 2019, Adam Darrah (Director of Intelligence), Mike Kirschner (Chief Operating Officer) and Christian Lees (Chief Technology Officer) from Vigilante, talk about how their global threat hunting and dark web cyber intelligence research team extends the reach of a company’s security resources, and lives within the underground community to remain ahead of emerging threats. Read More
Security pros need more and better visibility into their cloud networks [Black Hat USA 2019]
In this Help Net Security podcast, Kevin Sheu, VP Product Marketing and Marcus Hartwig, Senior Product Marketing Manager at Vectra AI, discuss the Vectra superhero survey from Black Hat USA 2019, which provides insight into the current cloud adoption and top-of-mind concerns of attendees. Read More
Cyber Insurance: You Get What You Pay For [Black Hat USA 2019]
These risks were highlighted recently by a study from mutual insurance giant FM Global, and summit helmed by cyber insurance experts at the annual Black Hat USA security conference in Las Vegas. Read More
This Has Been the Worst Year for iPhone Security Yet [Black Hat USA 2019]
Before Solnik’s Black Hat talk, Apple had yet to provide decrypted kernels to the public. Analysing the kernel is a key step to hacking the iPhone and to understanding how iOS really works under the hood. And these dev-fused iPhones, available on the gray market for four or five figures, are the perfect tool to do that. Read More
Week in review: Mass iPhone hacking, SSL VPNs under attack, SOC analysts overwhelmed [Black Hat USA 2019]
According to a survey of 476 IT security professionals at Black Hat USA 2019, nearly one in four (24%) said they would take company information to help apply for a position at a competitor. Read More
What’s changing in the cyber domain? We ask industry experts [Black Hat USA 2019]
Fifth Domain posed this question to cybersecurity experts at Black Hat, a cybersecurity conference in Las Vegas, Nevada, that ran from Aug. 3-8. With the cyber domain rapidly evolving, we wanted to know how conversations within the cyber community are changing. Read More
Google uncovers 2-year iPhone hack that was ‘sustained’ and ‘indiscriminate’ [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas earlier this month, Apple’s head of security engineering said the company will pay as much as $1.5 million for a “bug bounty” to any researcher who discovers iOS attack techniques and discreetly reports them to Apple. Read More
How the Cloud Security Alliance helps businesses identify and mitigate cybersecurity risks [Black Hat USA 2019]
At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with Cloud Security Alliance's John Yeoh about how implementing new technology leads to success. The following transcript has been edited for clarity purposes. Read More
How To Make $1 Million From Hacking: Meet Six Hacker Millionaires [Black Hat USA 2019]
If you need any more convincing that hacking can be a very profitable career path, then you only have to look at the Hacker Summer Camp this year. This is the name given to the week in August that sees both Black Hat USA and DEF CON hacker conferences happening in Las Vegas. Read More
Business VPN flaws exploited by hackers [Black Hat USA 2019]
Pulse Secure VPN and Fortinet's FortiGate VPN were targeted after flaws in both products were made public during a talk at this month's Black Hat security conference. Read More
Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs [Black Hat USA 2019]
Fixes exist for both: Pulse Secure released them in April and Fortinet in May, months before Devcore researchers Meh Chang and Orange Tsai shared their discovery with the audience at Black Hat USA 2019. Read More
Hackers are actively trying to steal passwords from two widely used VPNs [Black Hat USA 2019]
The vulnerabilities can be exploited by sending unpatched servers Web requests that contain a special sequence of characters, researchers at the Black Hat security conference in Las Vegas said earlier this month. Read More
Using deep learning and natural language understanding to protect enterprise communication [Black Hat USA 2019]
In this Help Net Security podcast recorded at Black Hat USA 2019, Dhananjay Sampath, CEO at Armorblox, talks about how they use natural language understanding and deep learning to automatically create and adapt policies, continuously measure risk exposure, and prevent attacks and data loss. Read More
Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs [Black Hat USA 2019]
But if this week started bad, it ended even worse. By Friday, attackers also started exploiting another set of vulnerabilities, also disclosed at a security conference -- but this time at Black Hat. Read More
SECURITY NEWS THIS WEEK: CRYPTOCURRENCY MINERS EXPOSE NUCLEAR PLANT TO INTERNET [Black Hat USA 2019]
While the cybersecurity world took a collective deep breath after the Black Hat and Defcon hacker conferences, there was still plenty of news to be had this week. Read More
How can the government improve its cyber posture? [Black Hat USA 2019]
Several industry experts interviewed by Fifth Domain at Black Hat USA, a cybersecurity conference held in Las Vegas, Nevada, from Aug. 3-8, expressed concern that government agencies don’t know what’s on their networks. Read More
4 takeaways from Black Hat 2019 [Black Hat USA 2019]
The Black Hat conference not only sheds light on the IT security issues currently plaguing organizations, but the emerging issues that will soon affect people and companies. At the latest Black Hat, held in the Mandalay Bay in Las Vegas in August, industry experts offered their insights on how cybercriminals are upping the ante and what IT security professionals can do to combat the constant and unyielding tide of attacks. Read More
The challenge of creating a 2,500 person security team [Black Hat USA 2019]
One of the major challenges is how to align, integrate and organise complimentary business units into single functions that operate across the new business. Matthew Gyde is the new CEO of NTT Security. At Black Hat 2019, in a very hot Las Vegas, he sat with Enterprise Times to talk through some of the challenges he and the new company face. Read More
HTTPS everywhere? Cloudflare planning improvements to middleware detection utility [Black Hat USA 2019]
At Black Hat USA earlier this month, Cloudflare’s Gabriele Fisher and Luke Valenta offered a deep dive into HTTPS interception practices, in which TLS-terminating middleboxes or middleware can be used to potentially snoop on internet users, or even steal private data. Read More
Aviation Faces Increasing Cybersecurity Scrutiny [Black Hat USA 2019]
Boeing pushed back hard on the research just prior to the presentation at Black Hat, saying its existing network defenses would thwart the attack cases Santamarta posed, and that an attacker could not reach its avionics systems via those attack methods. IOActive had been in contact with Boeing for months after the initial findings, holding weekly teleconferences. Read More
Yubikey 5Ci for iPhone, biometric attacks, and other odds and ends from Black Hat [Black Hat USA 2019]
I laid out my initial thoughts from Black Hat 2019 last week and also took a deeper look at Apple’s session around their new bug bounty program and research devices. Read More
Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson [Black Hat USA 2019]
In this week’s episode of the Podcast, # 156: we’re back at “hacker summer camp” in Las Vegas this week – also known as the Black Hat, B-Sides and DEF CON conferences, which bring tens of thousands of the world’s top security experts to the Las Vegas Strip. Read More
The Future of Cyber security: Putting the capital “C” in Community! [Black Hat USA 2019]
As you know, Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a variety of people interested in information security ranging from non-technical individuals, executives, hackers, and industry-leading security professionals. Read More
Black Hat 2019 brings out new security, protection offerings [Black Hat USA 2019]
The 22nd Black Hat conference in Las Vegas brought together a slew of vendors in network and data security with a variety of security offerings to pitch. Read More
KNOB turns up the heat on Bluetooth encryption, hotels leak guest info, city hands $1m to crook, and much, much more [Black Hat USA 2019]
Let's run through all the bits and bytes of security news beyond what we've already covered. Also, don't forget our articles from this year's Black Hat, DEF CON, and BSides Las Vegas conferences in the American desert. Read More
Post GandCrab, Cybercriminals Scouring the Dark Web for the Next Top Ransomware [Black Hat USA 2019]
Hi, everyone. I’m Lindsey O’Donnell with Threatpost and I’m here today at Black Hat USA 2019, here with Winnona DeSombre with Recorded Future. Winnona, how are you doing? Read More
Black Hat 2019: Building Communities of Women in Security [Black Hat USA 2019]
But also at Black Hat, I noted many initiatives and sessions to foster diversity in information security. One thing that surprised me was an on-site daycare offered this year where attendees could drop kids to attend sessions. Several other booths and groups along the floor were promoting women in infosec. As much as women are still few in number, there is movement and gains to increase their ranks in security. Read More
Black Hat USA 2019 Event Coverage | A Conversation With Kymberlee Price [Black Hat USA 2019]
Fortunately, both of these activities came together in a single setting during Black Hat, as Marco and I got to meet Kymberlee not only to discuss the micro summit, but to also hear about her journey in InfoSec and her role in establishing some of the best practices being leveraged by the industry for some time now—specifically via her work at Microsoft, at Bugcrowd, and Microsoft (again). Read More
Diverse Set of Security Innovators Converge at Black Hat 2019 [Black Hat USA 2019]
Black Hat 2019 has come and gone and I am still recovering from the sensory overload caused by the 19K+ attendees of this big conference amidst the backdrop of Las Vegas. My focus going into the conference was mainly on meeting startups… I was looking for something new – a solution that attacks the cyber problem from a new angle. Read More
Voyage’s driverless future, ghost work, B2B growth strategies, and Black Hat takeaways [Black Hat USA 2019]
In the autonomous vehicle space, startups have taken radically different strategies to building our AV future. Some companies like Waymo have driven all across different types of environments in order to rack up the datasets that they believe will be needed to effectively maneuver without a human driver. Read More
Last week at the Black Hat cybersecurity conference in Las Vegas, the Democratic National Committee tried to raise awareness of the dangers of AI-doctored videos by displaying a deepfaked video of DNC Chair Tom Perez. Deepfakes are videos that have been manipulated, using deep learning tools, to superimpose a person’s face onto a video of someone else. Read More
Apple’s Face ID Can Be Bypassed By Using A Pair Of Glasses &Tape [Black Hat USA 2019]
The details of the attack were explained on Black Hat USA 2019 which is an annual security conference. Researchers were able to get into the victim’s iPhone by using a modified pair of glasses. The glasses have a combination of white and black tape pasted on them and they call it the “X-glasses”- which you can see below Read More
Key Themes from Black Hat Conference 2019 [Black Hat USA 2019]
It hasn’t even been a week since Black Hat Conference 2019. Somehow, it seems like it’s been longer than that. Speaking from both the vendor and attendee perspective, it was a fantastic event overall. I managed to squeeze in a couple sessions, and I had the opportunity to speak to a variety of attendees and visit vendor booths on the show floor. After 4 days and nearly 50,000 steps—some of it in 100-plus degree heat outdoors—I’m back in Houston and back to the daily grind and I’ve had some time to reflect on the time in Las Vegas. Read More
Cause for alarm: Advice from a cyber summit [Black Hat USA 2019]
From phony iPhones preloaded with malware to election meddling and the rules of cyberwar, Black Hat USA 2019 wrapped up in Nevada last week with something for everyone to lie awake worrying about. Unlike most of us, Shawn Murray was there, with about 17,000 other infosec professionals. He’s a cybersecurity consultant with the Pikes Pea Read More
Apple sues Corellium for creating virtual copies of iOS [Black Hat USA 2019]
Apple also makes a point of highlighting its recent decision to give security researchers customized iPhones with fewer security barriers as to make it easier for serious exploits and bugs to be discovered. Ivan Krstic, Apple’s head of security and engineering, announced the new program at the Black Hat security conference earlier this month. Read More
GCU students log in to ‘hacker summer camp’ [Black Hat USA 2019]
The GCU student, whose IT emphasis is in cybersecurity, was just one of 52 Lopes who made their way to Vegas for, not just Defcon, but for Black Hat, the world’s largest IT event. The back-to-back IT security and hacker gatherings — together they’re dubbed “hacker summer camp” — attracted tens of thousands of cyber professionals and enthusiasts. Read More
News Wrap: DejaBlue Bugs and Biometrics Data Breaches [Black Hat USA 2019]
On the heels of Black Hat USA 2019 and DEF CON, Threatpost editors break down the biggest news of this past week ended Aug. 16, from Patch Tuesday craziness to publicly-exposed databases. Read More
Trend Micro fixes DLL hijacking vulnerability [Black Hat USA 2019]
Hot on the heels of Black Hat where security vendors spoke to audiences about their ability to protect against breaches, SafeBreach discovered a new vulnerability in Trend Micro Password Manager software that could have led to DLL hijacking, privilege escalation, and code execution attacks. Read More
7 Can’t-Miss Cybersecurity Lessons From Black Hat USA and Vegas Security Week [Black Hat USA 2019]
As Black Hat USA and DEF CON 2019 draw to a close, the security industry continues to buzz over events from the annual Las Vegas security week. Each year, nearly 20,000 security professionals, researchers and hackers convene on the Las Vegas strip for a week of cutting-edge security trainings, sessions and research. Black Hat and DEF CON sessions served up a shocking amount of internet of things (IoT) vulnerabilities and research on security best practices. Read More
APPLE SUES MOBILE DEVICE VIRTUALISATION FIRM CORELLIUM ALLEGING IT ‘ILLEGALLY REPLICATED’ IOS, APPS [Black Hat USA 2019]
Apple argues that Corellium’s iOS virtualisation product infringes on Apple's copyrights. The iPhone-maker says that Corellium has simply copied everything: the code, the graphical user interface, the icons -- all of it, in exacting detail. In fact, at the two-day Black Hat USA conference that concluded on August 8, Corellium emphasised that its “Apple product” is an exact copy of iOS, macrumours reported. Read More
Hackers Stole Over $4 Billion From Crypto Crimes In 2019 So Far, Up From $1.7 Billion In All Of 2018 [Black Hat USA 2019]
As we’ve seen so many times again—most recently with the latest massive data breaches (Equifax, Capital One…), and the new exploits revealed at the Black Hat and DefCon hacking conferences — the Cloud is far from being the most secure place to store your data, even less your hard-earned money, especially in digital form. Read More
Software Vulnerabilities in the Boeing 787 [Black Hat USA 2019]
At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called electronic flight bag, a collection of navigation documents and manuals used by pilots. Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane’s network. An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane’s safety-critical systems, including its engine, brakes, and sensors. Boeing maintains that other security barriers in the 787’s network architecture would make that progression impossible. Read More
Apple sues mobile device virtualization company Corellium for selling iOS clones [Black Hat USA 2019]
What just happened? At the Black Hat Conference earlier this month, a small startup called Corellium showcased a tool that is claimed to provide customers access to virtual iOS devices inside a web browser. Apple has sued for damages and asked for an immediate ban on the sale of Corellium's product. The iPhone maker argues the tool is an "unlawful commercialization of Apple's valuable copyrighted works," or in other words an exact replica of iOS down to the underlying code. Read More
Apple’s Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market [Black Hat USA 2019]
These announcements, made to much fanfare at the Black Hat security conference in Las Vegas, were met with delight and enthusiasm by the jailbreaking and iOS hacking community, who saw this as a “historic moment” for the security of iPhones all over the world. Read More
Black Hat USA 2019 Event Coverage | A Conversation With Stephanie “Snow” Carruthers [Black Hat USA 2019]
Next time you think that a social engineer is a social media expert or a criminal of some sort, do me a favor and look at yourself in the mirror — chances are you won't see either. One thing that you will see is a social engineer; all humans are social engineers—it is in our nature, and we are damn good at it. Read More
Cybersecurity conference attendees possibly exposed to IRL virus [Black Hat USA 2019]
Hackers and cybersecurity researchers who attended this year's annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in Vegas over the course of the conference may have been exposed to measles. Read More
Aug 16, 2019 |
[Black Hat USA 2019]
Hackers and cybersecurity researchers who attended this year's annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in Vegas over the course of the conference may have been exposed to measles. Read More
But also at Black Hat, I noted many initiatives and sessions to foster diversity in information security. One thing that surprised me was an on-site daycare offered this year where attendees could drop kids to attend sessions. Several other booths and groups along the floor were promoting women in infosec. As much as women are still few in number, [Black Hat USA 2019]
Black Hat and Def Con came and went as quickly as it ever does. The week-long pair of back-to-back conferences, referred to as “hacker summer camp,” draws in the security crowd from across the world onto Las Vegas, where startups tout their technologies as hackers and researchers reveal their findings. Read More
MASS MARKET VS. TARGETED MARKETING: TECHNIQUES AND TECHNOLOGY BEHIND THESE TWO STRATEGIE [Black Hat USA 2019]
One of the takeaways from the recently released report, Mimecast Threat Intelligence Report: Black Hat Edition 2019, is that some attackers use more simplistic attack strategies that are broadly deployed, whereas other attackers use more complex and sophisticated strategies that are deployed much more narrowly. The data for this report came from three months of analysis from Mimecast’s processing of nearly 160 billion emails on behalf of our customers. Not a small sample! Read More
Apple Files Lawsuit Against Virtualization Company Corellium for Illegally Replicating iOS and Apple Apps [Black Hat USA 2019]
Corellium's product creates digital replicas of iOS, iTunes, and user interface elements available on a web-based platform or a custom platform built by Corellium. It is designed to create virtual iOS devices for the purpose of running iOS, and at the recent Black Hat USA conference, Corellium emphasized that its "Apple product" is an exact copy of iOS, able to allow researchers and hackers to find and test vulnerabilities. Read More
How to limit the impact of data breaches [Black Hat USA 2019]
At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Wendi Whitmore about how to defend against and respond to data breaches.The following is an edited transcript of the interview. Read More
5 Things to Know About Cyber Insurance [Black Hat USA 2019]
After years of trying, Risk Based Security CISO Jake Kouns finally managed to get cyber insurance the attention he thinks it deserves. He had been submitting ideas for insurance-related talks for the annual Black Hat USA event since 2012 - and had been rejected four times. But at last week's Black Hat in Las Vegas, he led one of the sessions during a dedicated micro summit about cyber insurance. Read More
What security pros need to know from Black Hat & Def Con 2019 [Black Hat USA 2019]
Black Hat and Def Con came and went as quickly as it ever does. The week-long pair of back-to-back conferences, referred to as “hacker summer camp,” draws in the security crowd from across the world onto Las Vegas, where startups tout their technologies as hackers and researchers reveal their findings. Read More
How to prevent data destruction from cybersecurity attacks [Black Hat USA 2019]
At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Global Remediation Lead Christopher Scott about how cyberattackers get into environments, and why using multifactor authentication is crucial if you use an online service. The following is an edited transcript of the interview. Read More
The Best Of Black Hat And DEF CON 2019 | Avast [Black Hat USA 2019]
If you didn’t go to the Black Hat or DEF CON cybersecurity conferences last week in Las Vegas, we’ve got a quick summary of some of the best stories, presentations, social media, and just plain weirdness. Read More
Falha no WhatsApp permite alterar a resposta de mensagens citadas [Black Hat USA 2019]
Durante uma apresentação realizada na conferência Black Hat, na semana passada, em Las Vegas (EUA), os pesquisadores, Dikla Barda, Roman Zaikin e Oded Vanunu, apresentaram uma ferramenta usada como prova de conceito. Read More
Not anymore. At the recent Black Hat security conference in Las Vegas, Ivan Krstić, Apple's head of security engineering and architecture, announced an overhaul of Apple’s bug bounty program that massively sweetens the payouts—the top award will jump from $200,000 to $1 million—and also opens it up to all researchers. Read More
The cost of replacing paperless voting machines [Black Hat USA 2019]
RED TEAM > BLUE TEAM — Nearly 70 percent of IT pros consider red team hackers more effective than the blue teams trying to stop them, Exabeam reported in a survey out today. More than one-third of those defensive teams fail to halt the red teams, the pros said in a survey conducted at Black Hat. Overall, 72 percent said their organizations perform red team tests, while 60 percent practice blue team. Read More
Defeating Apple's Faceid's proof-of-life by putting tape over glasses' lenses [Black Hat USA 2019]
Researchers from Tencent demo'ed the attack at Black Hat last week and used it to unlock a phone and approve a cash transfer from the owner's Apple Pay account to their own. Read More
IBM's Wendi Whitmore explains why a data breach isn't a one-time cost and recommends cost-saving tips, which include having access to an incident response team. [Black Hat USA 2019]
At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Wendi Whitmore about why a data breach isn't a one-time cost and recommends cost-saving tips, The following is an edited transcript of the interview. Read More
Hackers Stole Over $4 Billion From Crypto Crimes In 2019 So Far, Up From $1.7 Billion In All Of 2018 [Black Hat USA 2019]
As we've seen so many times again—most recently with the latest massive data breaches (Equifax, Capital One...), and the new exploits revealed at the Black Hat and DefCon hacking conferences— the Cloud is far from being the most secure place to store your data, even less your hard-earned money, especially in digital form. Read More
68% of Companies Say Red Teaming Beats Blue Teaming [Black Hat USA 2019]
A survey conducted by Exabeam at Black Hat USA 2019 found red teams, which are made up of internal or hired security experts who imitate cybercriminals' behavior to test a business' security defenses, are also more popular. Seventy-two percent of respondents conduct red team exercises, with 23% performing them monthly, 17% quarterly, 17% annually, and 15% biannually. Read More
Cybersecurity Roundup: Black Hat USA 2019 Edition [Black Hat USA 2019]
Last week’s Black Hat USA 2019 conference in Las Vegas drew record attendance and highlighted the latest hot topics in the fight against cybercriminals. Read More
Apple to offer up to $1.5 million to hackers who find flaws and report them to the company [Black Hat USA 2019]
At a recent Black Hat security conference in Las Vegas, the tech giant took the opportunity to announce that it’s raising its reward to ethical hackers who uncover and disclose problematic susceptibilities directly to the company. Read More
Apple Offers $1 Million to Anyone Who Can Break into iPhone [Black Hat USA 2019]
The Black Hat conference is attended by many security researchers who attempt to hack the computer systems of companies and governments. The researchers seek security weaknesses that need to be fixed to prevent outside attackers from breaking into systems and devices. Read More
Huge Survey of Firmware Finds No Security Gains in 15 Years [Black Hat USA 2019]
Zatko presented the findings of CITL’s extensive study in Las Vegas on Friday on the sidelines of the Black Hat and DEF CON conferences at an event hosted by The Hewlett Foundation. CITL was started by Sarah and her husband Peiter (aka “Mudge”) Zatko. It bills itself as a kind of “Consumer Reports” for cyber security, partnering with that organization as well as The Ford Foundation, The Digital Standard and online payments firm Stripe. Read More
Apple reveals special new iPhones for security researchers [Black Hat USA 2019]
Apple is planning to supply special iPhones to security researchers next year to help them find security flaws in iOS. The devices will be made available to researchers that report bugs through the company’s invitation-only bug bounty program for iOS. Apple first launched this bug bounty program three years ago at the Black Hat conference, and it’s now extending its use at the same conference today to cover macOS, Apple Watch, Apple TV, and more. Read More
New Vulnerabilities Can Alter Your WhatsApp Messages [Black Hat USA 2019]
WhatsApp, a popular instant messaging platform now owned by Facebook with over 1.5 billion users across the globe has a major vulnerability that has not been fixed completely so far. The vulnerability was discovered by researchers at Check Point and was made public in Black Hat 2019, an annual Black Hat security conference. Read More
Black Hat, DEF CON, And BSides 2019: Highlights And Emerging Industry Trends [Black Hat USA 2019]
As Hacker Summer Camp comes to a close, we sat down with a few friends in the security space to discuss the major highlights from Black Hat, DEF CON, and BSides and what have emerged as the latest industry trends over the past week. Read More
Black Hat 2019: Investment, Interest in AI for Security Ramps Up [Black Hat USA 2019]
An emphasis on AI was clear at this year’s Black Hat event in Las Vegas, where several vendors were promoting platforms that leverage AI and machine learning capabilities to address threat detection. Read More
TikTok Scammers Cash In On Adult Dating, Impersonation Tricks [Black Hat USA 2019]
LO: I’m good just coming off of Black Hat craziness, so a little tired. So Tenable on the kind of outskirts of Black Hat has come out with some new research today about several popular scams that are taking a hold of the popular video platform TikTok, which is very prevalent. I mean, it’s the number one app for App Store downloads and the number three download overall in terms of apps. So with that kind of success, obviously comes security issues, as we’ve seen in the past with other apps and social media platforms. So Satnam, can you give us some context about TikTok, what do we need to know about the social platform as it relates to the attacks that you’ve outlined in your research? Read More
NEW TECH: Trend Micro inserts ‘X’ factor into ‘EDR’ – endpoint detection and response [Black Hat USA 2019]
With all the talk of escalating cyber warfare, the spread of counterfeit smartphones and new forms of self-replicating malware, I came away from Black Hat USA 2019 (my 15th) marveling, once more, at the panache of modern cyber criminals. Read More
Black Hat Recap: Automation is Key to Managing Threats and Scaling the Future of Security (Video) [Black Hat USA 2019]
Another Black Hat USA is in the books, and anyone leaving the festivities feeling apprehensive about the state of security seems well justified. Read More
Meet FumbleChain, the Deliberately Flawed Blockchain [Black Hat USA 2019]
Demonstrated for the first time last Thursday at the Black Hat infosec event, the deliberately flawed technology is meant to act as an educational tool for crypto developers. Read More
Thoughts from Defcon 27 – This is why I do what I do [Black Hat USA 2019]
Every year, thousands of security professionals descend upon Las Vegas to take part in a series of conferences known as Hacker Summer Camp. This year, Black Hat, BSides Las Vegas, Defcon 27 and the Diana Initiative took up the majority of the conference space. So, what makes this one of the most relevant and successful security conferences? Read More
Apple’s New Bug Bounty Is a ‘Historical Moment’ For the iPhone’s Security [Black Hat USA 2019]
The company’s head of security engineering Ivan Krstic made these announcements at the Black Hat security conference on Thursday of last week. What he didn’t say is that this is a major win not only for iOS hackers and jailbreakers, but also for users—and ultimately even for Apple. Read More
Qualys Has a Prescription for Better Cybersecurity [Black Hat USA 2019]
One of the first things I saw when I arrived in Las Vegas for Black Hat—aside from the flashing lights of the banks of slot machines and the large neon “Welcome to Las Vegas” sign in the airport terminal—was an ad on the wall for Qualys. The ad shows a red and white pill with the Qualys logo, accompanied by the tagline “A New Prescription for Security and It’s Free.” Read More
Apple finally expands bug bounty program, talks about research devices at Black Hat [Black Hat USA 2019]
On the last day of Black Hat 2019, I attended an interesting session where Apple provided a peek behind the curtain on macOS and iOS security, as well as finally announced an expansion to Apple’s bug bounty program and its new iOS Security Research Devices. Read More
Threat hunting, attribution and identifying what motives threat actors [Black Hat USA 2019]
Jaime Blasco is the AVP Product Development at Alien Labs, part of AT&T Cybersecurity. At Black Hat 2019, Jaime sat down with Enterprise Times to talk about threat intelligence. It’s a subject that is high on a lot of organisations agenda. The problem, is that many organisations don’t know what to do with it. They are overwhelmed by the intelligence they gather and when they try and DIY, they lack the tools. But when they go to many vendors, what they get are a series of alerts which often lack an actionable element. Read More
Millions of Android phones at risk of shipping with malware pre-installed [Black Hat USA 2019]
Millions of Android phones are at risk of shipping with malicious pre-installed apps, a recent report from Black Hat has uncovered. The findings were presented by Maddie Stone, a former employee of Android Security and current member of the Project Zero team, who revealed that it’s near-impossible to protect your device against the flaw. Read More
Last week, a number of nCipher employees attended the 2019 Black Hat USA conference. The booth, which saw around 1,000 visitors, was home to a mix of activity. Read More
New Switch Vulnerability Discovered by Nozomi Networks Labs [Black Hat USA 2019]
Nozomi Networks Labs responsibly disclosed the security issue to Siemens CERT and CISA. This effort is part of ongoing research conducted by Nozomi Networks Labs to test common devices for vulnerabilities. For example, the Labs team recently presented its research on securing intelligent electronic devices (IEDs) using the IEC 62351-7 Standard for Monitoring at BlackHat 2019. While doing this analysis, we discovered a previously unknown device vulnerability. Read More
Optimizing the patch management process [Black Hat USA 2019]
In this podcast recorded at Black Hat USA 2019, Jimmy Graham, Senior Director of Product Management at Qualys, discusses the importance of a tailored patch management process. Read More
Forscher manipulieren Inhalt und Absender von WhatsApp-Nachrichten [Black Hat USA 2019]
Auf der diesjährigen Black-Hat-Konferenz demonstrierte ein Forscherteam live, dass Angreifer unter bestimmten Voraussetzungen Inhalt und Absender per WhatsApp verschickter Kurznachrichten auf verschiedene Arten verändern könnten. Read More
‘Bug bounty’: Apple to pay hackers more than $1m to find security flaws | Technology [Black Hat USA 2019]
Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas. Read More
Pre-installed apps in 7 million Android devices found containing malware [Black Hat USA 2019]
At the Black Hat cybersecurity conference in Las Vegas, Maddie Stone, a security researcher on Project Zero and who previously served as Senior Reverse Engineer & Tech Lead on Android Security team, revealed that her team discovered three instances of Android malware being pre-installed in budget Android phones in the recent past. Read More
Black Hat 2019 brings out new security, protection offerings [Black Hat USA 2019]
At the 22nd annual Black Hat conference in Las Vegas for computer security consulting, training and briefing, industry experts came together from Aug. 3 to 8 to discuss emerging threats in cybersecurity, such as new attack methods and critical vulnerabilities across various industries. The conference also served as the birthplace for many potential answers to the security issues highlighted. Vendors in security and networking used Black Hat as an opportunity to unveil their newest products and services to the tens of thousands of attendees that ranged from executives and security professionals to small-business owners to individuals with an interest in the cybersecurity world. Read More
Car Makers Befriend Hackers to Learn About Cyber Vulnerabilities [Black Hat USA 2019]
Known for its sprawling resorts and casinos, Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference. Read More
The team presented their findings at the recent Black Hat USA conference in Las Vegas, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7. Read More
Zero-trust in a cloud-native world: Best practices emerge [Black Hat USA 2019]
How the industry should update zero-trust in today’s cloud-native computing world is the question I hoped to answer at this year’s Black Hat USA conference in Las Vegas. To this end, I whittled the list of vendor PR pitches down to four from companies that were breaking the zero-trust mold. Read More
Millions of New Android Phones Sold With Preinstalled Malware [Black Hat USA 2019]
Stone shared her team’s findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file. Read More
"Apple Is Offering A $1 Million Reward For Anyone Who Can Hack An iPhone " [Black Hat USA 2019]
Ivan Krstić — the Head of Security Engineering and Architecture at Apple — announced the bug bounty at Black Hat. And Apple is also launching a bug bounty program for Macs, watchOS, and Apple TV. Apple will also give developer devices to bug bounty participants. Read More
What government can do to keep its cyber workforce [Black Hat USA 2019]
“They have to value these people, and I don’t know that they’re fully valued,” said Greg Conti, current senior security strategist at IronNet, former director of the Army Cyber Institute and a senior cyber warfare adviser to U.S. Cyber Command, in an Aug. 8 interview at Black Hat 2019, held in the Mandalay Bay Resort & Casino. Read More
Leaked Dreamliner Code Reveals “Startling” Vulnerabilities [Black Hat USA 2019]
A cybersecurity researcher has offered a presentation on exploitable bugs he discovered in the code used in Boeing Dreamliner aircraft this week at the Black Hat cybersecurity conference in Las Vegas. Ruben Santamarta says he was surprised to find the code used in Boeing’s 737 and 787 aircraft readily available online, but he was even more shocked to find flaws in the software which could allow hackers to take control of some of the Dreamliner’s systems. Read More
Google Researchers Say Android Malware Could Come Pre-Installed on Devices [Black Hat USA 2019]
"In a talk called “Securing The System” at last week’s Black Hat cybersecurity conference, Google researcher Maddie Stone outlined how pre-installed applications are exploited to run malware without the user’s knowledge. This security vulnerability is especially acute for Android’s open-source operating system, which is a favorite for low-budget Android device-makers. Typically, an Android device has about 100-400 pre-installed applications (don’t confuse them with the other sense of the word apps—not all of them have icons on your home screen). Since these apps are pre-installed, anti-virus software does not detect them if they behave maliciously, and they can never be entirely deleted from the device, only deactivated. Read More
"Hackers can Change the Messages received on WhatsApp" [Black Hat USA 2019]
"An annual Black Hat security conference was held on 7th August in Las Vegas. At conference Israeli Security Company, Check Point disclosed the WhatsApp's vulnerability that let hackers change the message and also modify the sender’s identity. Read More
BGP Hijackings Take on New Meaning in Cybersecurity Climate [Black Hat USA 2019]
The Border Gateway Protocol is vulnerable to malicious actors -- and as of right now, little can be done about it from a security perspective, although there have been attempts to make it more reliable. Despite the apparent risk, last week's Black Hat and Def Con events didn't have one session that mentioned BGP hijackings. Read More
Black Hat 2019: The Promise of 5G Also Brings Security Concerns [Black Hat USA 2019]
While several large cities in the US are rolling out 5G networks, before we get to a world with the widespread use of 5G, a lot obviously needs to be worked out with the security around it too. Hailed initially as an ultra-secure protocol, one session at Black Hat proved that to be far from true. Read More
Microsoft opens security lab to test vulnerabilities [Black Hat USA 2019]
Microsoft has introduced the Azure Security Lab — a dedicated customer-safe Cloud environment, at the Black Hat USA 2019 conference. The Azure Security Lab is a set of dedicated Cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. Read More
Hacking my airplane – BlackHat edition [Black Hat USA 2019]
Until it did. Here at BlackHat a while back we got to see videos of vehicles swerving out of control following a hack. Thankfully, the automotive industry came to terms with the hacking reality, and (some) even sponsored hacking opportunities like the automotive hacking village here at DefCon later in the week. It was a very positive turn of events. By engaging the hacker culture in a more open way, automobile technology started to get better at defending against hacks, which helps to keep us all safe. Read More
What I learned at the Black Hat USA 2019 Conference [Black Hat USA 2019]
The phrase ‘black hat’ refers to a hacker with criminal intentions, so I expected my first trip to the Black Hat USA conference held in Las Vegas this year to give me exposure to the shady underbelly of the cybersecurity world. Read More
Apple offers $1 million Bug Bounty to hack its iPhone [Black Hat USA 2019]
Speaking at the Black Hat technology security conference in Las Vegas, Krstic stated that the company is also going to reward another $500,000 (£415,500) to those who can find a Network Attack or any other technical flaws in its devices, making it more lucrative to security researchers. Read More
Apple Will Give You $1 Million if You Can Do This 1 Thing (and Why It's Happy to Do So) [Black Hat USA 2019]
"Apple's bug-bounty program has been around since 2016, but the company just upped the ante last week during the Black Hat cybersecurity conference in Las Vegas. Of course, in order to get paid, you have to show that you're able to gain remote access to the core functionality of iOS without the device's owner doing anything at all. Read More
2019 Pwnie Award Winners (And Those Who Wish They Weren't) [Black Hat USA 2019]
The awards ceremony, held at the Black Hat USA security conference, bears little resemblance to the Oscars, Grammys, Emmys, or pretty much any other awards show. There's no glitz or glamour. The dress code is strictly informal; shorts and T-shirt are perfectly acceptable sartorial choices. Judges lightheartedly B-box and/or thigh-slap the drumrolls, and the awards themselves recognize not just excellence in the field of information security, but also the more dubious distinctions and epic fails. Read More
Building a Culture of Security: 73 articles Summarizing Black Hat USA 2019 [Black Hat USA 2019]
If there was a common theme at the 2019 Black Hat USA conference in Las Vegas, it may well have been security culture. Culture emerged in some of the most prominent sessions and talks, including, notably, a keynote address by Dai Zovi and a session presented by Equifax CISO Jamil Farshchi. Read More
Fake news doesn’t (always) fool mice [Black Hat USA 2019]
Still, the ability of mice to recognize real vs. fake phonetic construction can come in handy for sniffing out deep fakes. According to researchers at the University of Oregon’s Institute of Neuroscience, who presented their findings during a presentation at the Black Hat security conference last Wednesday (7 August), recent work has shown that “the auditory system of mice resembles closely that of humans in the ability to recognize many complex sound groups.” Read More
Google Finds Phishing Success Based on Targeted Nature, Evolving Variants [Black Hat USA 2019]
Presented at Black Hat last week, the report showed that Google blocks more than 100 million phishing emails every day. Google Safe Browsing protects about 4 billion devices from phishing and other malicious sites. Read More
Apple Is Offering A $1 Million Reward For Anyone Who Can Hack An iPhone [Black Hat USA 2019]
Apple is providing a reward of up to $1 million for hackers who can break into an iPhone and inform the company about how it was done. Apple announced the massive bug bounty at the annual Black Hat hacker convention in Las Vegas last week. This is Apple’s largest-ever bug bounty and it is five times bigger than its previous largest payout. Read More
Cyber insurance policies currently fetch a surprisingly low premium, as TechTarget notes from discussions it heard at Black Hat. The low cost is a supply-side phenomenon: a lot of insurers are working to get into the market, and they're competing on price. But the low premiums being charged probably mean that the underwriters are still working without the actuarial data and models they need to be fully comfortable with the risk they're accepting in transfer from their customers. Expect prices to change as the actuaries catch up with the consequences of cyber incidents. Read More
"More on the UN Security Council’s report on North Korean state-sponsored cyber crime. PsiXBot evolves. BITTER APT probes Chinese government networks in an apparent espionage campaign. A study looks at the state of spearphishing. It’s not just the three-letter agencies out securing US voting systems; it’s the four-letter agencies who are taking point. And a last look back at Black Hat and Def Con. Jonathan Katz from UMD on Apple’s clever new cryptographic protocol. Guest is Mike Overly from Foley and Lardner LLP on the House’s hold on the State Department’s proposal for a Bureau of Cyberspace Securities and Emerging Technologies. Read More
Hack in the box: Hacking into companies with “warshipping” [Black Hat USA 2019]
Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque. At the Black Hat security conference here last week, Ars got a close look at the hardware that has weaponized cardboard. Read More
Don't Fear DevOps: Black Hat 2019 [Black Hat USA 2019]
BLACK HAT 23, LAS VEGAS — During his keynote at the Black Hat security conference last Wednesday, Dino Dai Zovi, Staff Security Engineer at Square, challenged the audience to fully immerse themselves in DevOps in order to support today's pace of web- and cloud-based business. Read More
Una blockchain vulnerable para aprender sobre las trampas de seguridad [Black Hat USA 2019]
Un ejemplo de ello es el proyecto, Hack the Block! FumbleChain, desarrollado por la compañía Kudelski, el cual fue lanzado durante la conferencia de Black Hat, evento realizado en Las Vegas, Estados Unidos del 3 al 8 de agosto. Read More
WhatsApp Flaw Lets Hackers Alter Your Chats [Black Hat USA 2019]
During a recent Black Hat security conference held in Las Vegas, it has been revealed by the researchers that there are several WhatsApp flaws in which it would allow chat messages to be altered. This means that in theory, a hacker could take a message and change its contents to make it seem like a completely different message. Read More
Apple Offering Insane Payday for This Type of Bug [Black Hat USA 2019]
At this year’s edition of the Black Hat security conference in Las Vegas, Ivan Krstic, Apple’s head of security engineering and architecture, told the audience (and the world at large) that Apple would give that million-dollar payday to anyone who discovered a remote attack that allowed an attacker to gain total control of a user’s iPhone without that user doing anything to help. Read More
Researchers Use Tape and Glasses to Spoof Face ID Liveness Detection [Black Hat USA 2019]
The technique is effective because the Face ID algorithm does not make a complete scan when the user is wearing glasses. Tencent’s researchers were able to use the “X-Glasses” to unlock someone’s phone and authorize a financial transaction, and presented their findings at the recent Black Hat conference in Las Vegas. Read More
Hackers Go Pro, Seeking Bounties for Bugs [Black Hat USA 2019]
LAS VEGAS—Finding fundamental flaws in software used to be a shady business. Companies often mistrusted the researchers who brought bugs to their attention, dealing with them at arm’s length, if at all. Read More
WiFi can be a free-for-all for hackers. Heres how to stop them from taking your data [Black Hat USA 2019]
LAS VEGAS — The connectivity at Black Hat and DEF CON is not where you want to gamble. Both conferences attract thousands of information-security professionals, some of whom will snoop around networks here. Read More
HACKERS ARE ROASTING A TERRIBLE SPONSORED TALK AT BLACK HAT [Black Hat USA 2019]
Cybersecurity experts at the Black Hat security conference in Las Vegas last week ridiculed a bizarre, sponsored presentation by a company called Crown Sterling to the point that its materials got taken off of the conference website. Read More
Google Hackers Found 10 Ways to Hack an iPhone Without Touching It [Black Hat USA 2019]
Project Zero has returned with a new report by researcher Natalie Silvanovich highlighting 10 new ways that the iPhone can be covertly compromised by hackers. Silvanovich and fellow Project Zero researcher Samuel Groß revealed the flaws last week at the Black Hat hacking and security conference in Las Vegas. Read More
Tencent Researchers Beat Face ID Liveness Detection with Glasses and Tape [Black Hat USA 2019]
The technique is effective because the Face ID algorithm does not make a complete scan when the user is wearing glasses. Tencent’s researchers were able to use the “X-Glasses” to unlock someone’s phone and authorize a financial transaction, and presented their findings at the recent Black Hat conference in Las Vegas. Read More
Black Hat 2019 Recap: Transformation & the New Cybersecurity Culture [Black Hat USA 2019]
As the security industry finally leaves Las Vegas after a full week of Black Hat, Defcon, and Bsides, we wanted to set aside some time to take stock and think about all the trainings, presentations, research, and conversations during our week in the desert. One of the overarching takeaways that was cemented by Dino Dai Zovi’s keynote is the critical need for security to become embedded in our culture. Read More
TAU and TechnionResearchers Hack One of World's Most Secure PLCs [Black Hat USA 2019]
The team is slated to present their findings at Black Hat USA week in Las Vegas this month, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7. Read More
Black Hat 2019: Can Products Make Up Security Talent Shortfall? [Black Hat USA 2019]
At this year’s Black Hat event in Las Vegas, several vendors in the talent and training space introduced new concepts and ideas for addressing the so-called skills gap that's leaving roles in security departments empty. Read More
Black Hat 2019: Investment, Interest in AI for Security Ramps Up [Black Hat USA 2019]
An emphasis on AI was clear at this year’s Black Hat event in Las Vegas, where several vendors were promoting platforms that leverage AI and machine learning capabilities to address threat detection. Read More
GDPR privacy can be defeated using right of access requests [Black Hat USA 2019]
In his session entitled GDPArrrrr: Using Privacy Laws to Steal Identities at this week’s Black Hat show, Pavur documents how he decided to see how easy it would be to use right of access requests to ‘steal’ the personal data of his fiancée (with her permission). Read More
Apple will hand out unlocked iPhones to vetted researchers [Black Hat USA 2019]
Well, here’s some good news for a select group of researchers: at the Black Hat 2019 security conference on Thursday, Apple’s head of security, Ivan Krstic, unveiled a new program through which the company is offering some form of pre-dev iPhones, specifically for security researchers. Read More
PHISHERS PLAY ON EMOTIONS TO FOOL VICTIMS [Black Hat USA 2019]
The researchers presented their results at the Black Hat USA conference here, and in addition to the findings on emotional responses, they found that targeted phishing is more common and effective than bulk campaigns. The massive phishing spam runs pushing pharmaceuticals, lottery scams, and gift cards are still out there, but those emails rarely make it into users’ inboxes these days, thanks to better detection methods. The ones that present the clear and present danger to most people are the spear phishing or boutique phishing campaigns. Spear phishing targets a handful of individual people or organizations and boutique campaigns go after a few dozen companies or people. Google’s numbers show that enterprises are 4.8 times more likely to be targeted by phishing campaigns than any other group. Read More
5 Biggest Cybersecurity Updates From Black Hat 2019 You Should Know [Black Hat USA 2019]
The biggest event for hackers concluded in Las Vegas last week. During the conference, there were many revelations that threw light on the cybersecurity space and some of them were shocking enough to get all the eyes. Here are the top updates that came out of Black Hat conference that you need to know about: Read More
1. Black Hat 2019 and 2020: The Black Hat 2020 cybersecurity conference dates and location are now confirmed. Track all of our Black Hat conference news and analysis here. Special thanks to the more than 30 executives and companies with whom we met at last week’s event. We’ll be sharing more event thoughts soon. Read More
Black Hat 2019: Learning about the latest in authentication, workspaces, and security [Black Hat USA 2019]
Black Hat 2019 felt like a blur to me as I ran from meeting to session to meeting (while still finding time for the business hall). I sat down with over a half dozen vendors, some old and new to me, and attended several interesting sessions. Read More
Why cyber insurance policies are so 'ridiculously cheap' [Black Hat USA 2019]
The cyber insurance market is growing rapidly and policies are incredibly inexpensive -- but experts at Black Hat 2019 had concerns about those low prices. Read More
Google flags preinstalled malware as hidden threat on millions of Android phones [Black Hat USA 2019]
Stone shared her team’s findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file. Read More
Black Hat 2019: Election security gets top billing at Black Hat, Def Con [Black Hat USA 2019]
LAS VEGAS — With the U.S. still dealing with the fallout of the 2016 presidential election, and with the 2020 vote just 15 months away, the state of election security was top of mind at the Black Hat and Def Con security conferences last week. Read More
Microsoft Azure Security Lab will Offer Cybersecurity Researchers a New Guinea Pig [Black Hat USA 2019]
Microsoft has introduced the Azure Security Lab -- a dedicated customer-safe Cloud environment, at the Black Hat USA 2019 conference which convened here this week. The Azure Security Lab is a set of dedicated Cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers, according to Microsoft, Xinhua news agency reported. Read More
Automakers' vulnerabilities on display at hackers convention in Vegas [Black Hat USA 2019]
Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference. Read More
Black Hat 2019 News Wrap: The Best and Worst of the Show [Black Hat USA 2019]
Threatpost breaks down the highs and lows from Black Hat 2019, from new vulnerabilities and industry collaboration to a scandal around a sponsored session. Read More
Bug bounty': Apple to pay hackers more than $1m to find security flaws [Black Hat USA 2019]
Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas. Read More
http://www.smbnation.com/big-data-analytics/2938-black-hat-the-cyber-shell-game-war-information-warfare-and-the-darkening-web [Black Hat USA 2019]
Alexander Klimburg’s speech at Black Hat was well received and combined hacking, security and geopolitical topics. In this 1:1 interview after his presentation, Klimburg shares the six stages of cyber warfare and much more. Read More
'Bug bounty': Apple to pay hackers more than $1m to find security flaws [Black Hat USA 2019]
Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas. Read More
Researcher Breaches iPhone by Sending an iMessage [Black Hat USA 2019]
At Black Hat, a Google security researcher details numerous bugs in iMessage that could be exploited remotely without interaction from the victim. Read More
All you need is some sunglasses and some tape to bypass the iPhone’s FaceID [Black Hat USA 2019]
There was a flaw in the liveness detection function of the biometric authentication system that is used by Apple for unlocking an iPhone using face recognition and that dangerous discovery has shocked attendees of the Black Hat hacker convention held in Las Vegas when cybersecurity researchers have managed to bypass the iPhone’s face recognition feature in just a mere 120 seconds and some things you can find in your desk. Read More
Apple Will Give You $1 Million to Hack an iPhone [Black Hat USA 2019]
The bounty, which was announced by the iPhone-maker at the annual Black Hat hacker convention in Las Vegas on Thursday, is the company’s biggest ever -- in fact, it’s five times bigger than its previous largest payout. Read More
Black Hat researchers demonstrate unlocking Face ID using ‘X-Glasses’ [Black Hat USA 2019]
Tencent researchers have found a way to unlock another person’s iPhone by using tape, glasses and the unconscious person’s facial features. At the Las Vegas Black Hat conference, the group from Tencent demonstrated how they could fool the iPhone’s liveness detection feature, which was advertised to distinguish between real and fake facial features. Read More
Black Hat Talk About ‘Time AI’ Causes Uproar, Is Deleted By Conference [Black Hat USA 2019]
A controversial sponsored talk at the Black Hat security conference caused an uproar among security professionals and prompted the conference to delete the talk from the internet. Read More
Two weird ways your iPhone or Mac can be hacked [Black Hat USA 2019]
As for hacking into an iPhone, security researchers at the Black Hat hacker convention in Las Vegas managed to bypass the iPhone's Face ID authentication system in 120 seconds. Read More
You Can Unlock an iPhone Protected with Face ID Using Glasses and Tape [Black Hat USA 2019]
The details of the attack were explained on Black Hat USA 2019 which is an annual security conference. Researchers were able to get into the victim’s iPhone by using a modified pair of glasses. The glasses have a combination of white and black tape pasted on them and they call it the “X-glasses“. Read More
Microsoft introduces security lab to test vulnerabilities, attacks [Black Hat USA 2019]
Microsoft has introduced the Azure Security Lab, a dedicated customer-safe cloud environment, at the Black Hat USA 2019 conference which convened here this week. Read More
Automakers warm up to friendly hackers at cybersecurity conference [Black Hat USA 2019]
Known for its sprawling resorts and casinos, Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference. Read More
Black Hat USA 2019 conference explores new trends in cybersecurity [Black Hat USA 2019]
LAS VEGAS, Aug. 8 (Xinhua) -- Tens of thousands of the world's best cybersecurity professionals gathered in Las Vegas this week for the Black Hat USA 2019 cybersecurity conference, which focuses on latest development and new trend in cybersecurity. Read More
Apple offers $1 million if you can hack an iPhone [Black Hat USA 2019]
The bounty was announced by the company at the annual Black Hat hacker convention in Las Vegas last week. It is said to be the biggest ever payout by the iPhone-maker. Read More
Inside Black Hat, the world’s biggest ethical hacker conference in Las Vegas [Black Hat USA 2019]
Black Hat, the world’s biggest annual cyber security conference, opened its doors in 1997 and has since grown from an obscure “hacker summer camp” for geeks into a vast and increasingly mainstream event sponsored by blue chip companies such as Cisco and Accenture. Attendees pay $3,000 a ticket to join hacking lessons, to network and relax in casinos. Read More
SECURITY NEWS THIS WEEK: ELECTION SYSTEMS ARE WAY MORE VULNERABLE THAN WE THOUGHT [Black Hat USA 2019]
HACKER SUMMER CAMP is here again! You know what that means: WIRED is back in Las Vegas for the annual Black Hat and Defcon security conferences, where we’re digging into the latest and greatest hacks on display. First, let’s talk about iPhones. A researcher found it’s possible to break into one just by sending a text message. To help uncover similar vulnerabilities in the future, Apple is handing out new, hacker-friendly iPhones to its favorite security researchers, and paying up to $1.5 million in bug bounties. Read More
Black Hat Attendees: Sponsored Session Was 'Snake Oil Crypto' [Black Hat USA 2019]
LAS VEGAS—The Black Hat security conference is no stranger to controversy, but that's usually limited to daring hacks or heated debates about privacy. This year, a sponsored session drew ridicule from attendees who claim it was little more than pseudoscience, and the uproar prompted Black Hat organizers to remove the content from the website. Read More
Soziale Netzwerke: Zweifelhafte Phishing-Tests mit Mitarbeitern [Black Hat USA 2019]
Das erste Tool, das Jacob Wilkin im Rahmen einer Präsentation auf der Black-Hat-Konferenz vorstellte, nennt sich "Social Attacker". Die in Python geschriebene Software dient der weitgehenden Automatisierung von Phishing-Angriffen innerhalb von Facebook, LinkedIn, Twitter und VKontakte. Read More
Biometrics: Life detection in biometric authentication on the iPhone undone [Black Hat USA 2019]
HC Ma of Tencent Security demonstrated during the Black Hat 2019 the research results of his colleagues who could not present themselves due to lack of visa. The hackers studied the ways in which face, voice, fingerprint, iris, or palm detection sensors determine whether a living human is interacting with them - or just a photo or voice record. This sets them apart from the researchers, who focused exclusively on kicking off the sensors themselves, while leaving aside features such as Apple's "attention checking for face ID". Read More
New report describes acute threat from criminal cyber actors in Russia [Black Hat USA 2019]
“The first rule of Russian dark web communities is to never target victims in CIS countries, especially Russia,” according to “The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime,” released Thursday at the Black Hat USA 2019 conference here. Read More
Researcher details how GDPR, privacy laws can be manipulated for identity theft [Black Hat USA 2019]
James Pavur used the GDPR’s “right of access” provision, requiring companies to reveal information they hold on citizens upon their request, to collect data including his girlfriend’s social security number, date of birth, credit card activity and even account passwords. Pavur detailed the experience in a white paper released here at Black Hat. Read More
Live From Black Hat USA: Making Big Things Better the Dead Cow Way [Black Hat USA 2019]
In InfoSec, we know and understand that hackers are not inherently bad. Many of them are hactivists looking to make positive change in the world. During the Black Hat panel discussion, “Making Big Things Better the Dead Cow Way,” Menn talked about how O’Rourke was 14 or 15 years old when he joined the cDc and left before the organization grew in notoriety, and that he interviewed a neo-Nazi in Texas and proceeded to let him hang himself with his own words. Even at that young age, he was all about diversity and engagement, especially within the cDc. Read More
Black Hat 2019 smokes out vulnerabilities in WhatsApp, iOS, Azure [Black Hat USA 2019]
Your favourite messenger's end-to-end encryption may not be as secure as you think. At the Black Hat cybersecurity conference 2019 (August 7-8) in Las Vegas, security researchers from CheckPoint reverse-engineered WhatsApp's web source code to successfully intercept and manipulate private messages. WhatsApp isn't the only major platform that is under scrutiny at the conference. Read More
While Face ID was hacked at the Black Hat Conference, the Plausibility of it occurring could only be found in a bad B-Movie [Black Hat USA 2019]
The Black Hat 2019 Conference ran from August 3-8 and we reported earlier this week that Microsoft and Apple Leveled up their Hacker Bug Bounties. Yesterday Forbes posted a report titled "Black Hat USA 2019: Apple iOS New Flaws Let Hackers Break Into All iPhones." The report pointed out that "the Google team exploited the iOS vulnerabilities to hack and take control of an iPhone by just sending text messages." Read More
Report from Black Hat: Escalating cyberthreats swirl around Apple, IoT and 5G [Black Hat USA 2019]
“The thing that has really stood out to us is more IoT-based attacks,” Andrew Tsonchev, director of technology at Darktrace, said in an exclusive interview with SiliconANGLE at the Black Hat USA 2019 cybersecurity conference this past week in Las Vegas. “They slip under the radar and the impact is huge. IoT puts this in the firing line and so does 5G,” the next generation of wireless carrier networks. Read More
What a security researcher learned from monitoring traffic at Defcon [Black Hat USA 2019]
The first time I saw Mike Spicer, I spotted him from a mile away. He was hard to miss as he threaded his way through the crowd at the 2017 Black Hat hacking conference in Las Vegas with 35 pounds of gear on his back. Read More
Apple announces a new iPhone (and you can’t have it) [Black Hat USA 2019]
Ivan Krstić, Apple’s head of security engineering, provided big insights into Apple’s platform security during his presentation at Black Hat U.S. 2019. Read More
Black Hat 2019 trends: Social media influence campaigns, big business, ATM hacking [Black Hat USA 2019]
CNET and CBS News Senior Producer Dan Patterson is reporting on the Black Hat USA 2019 cybersecurity conference in Las Vegas. He spoke with TechRepublic's Karen Roby about the main topics at Black Hat 2019. Read More
Black Hat: Using Tech to Offset User Behavior Risks [Black Hat USA 2019]
At Black Hat 2019, several sessions looked at the human factors in security, and offered suggestions on preventing people from making costly errors. Read More
Black Hat 2019: Security Pros Must Start Informing Govt. Policies [Black Hat USA 2019]
In two sessions at Black Hat 2019, security luminary Bruce Schneier, currently a fellow at the Harvard Kennedy School, made the argument for the need for the role public interest technologist and offered suggestions to address ways to get more individuals prepared for it, and to create more roles that demand the background. Read More
Spotlight: Black Hat USA 2019 conference focuses on new trend in cybersecurity [Black Hat USA 2019]
Tens of thousands of the world's best cybersecurity professionals gathered in Las Vegas this week for the Black Hat USA 2019 cybersecurity conference, which focuses on latest development and new trend in cybersecurity. Read More
Researcher Exploits GDPR Fears to Obtain Private Data [Black Hat USA 2019]
GDPR grants you the right to access any personal data a company or other entity holds about you. But how are companies verifying that those data requests are legitimate? Some are not, one researcher revealed at Black Hat. Read More
Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage [Black Hat USA 2019]
Western audiences might view the disarray in Russian's intelligence agencies as a good thing, but security expert Kimberly Zenz argues at Black Hat that it just encourages risky behavior. Read More
Black Hat USA: perímetro controlado e além [Black Hat USA 2019]
De volta a Las Vegas, a Black Hat USA encerrou nesta quinta-feira (08/08) a sua jornada, iniciada no dia 03 de agosto, apresentando as principais tendências e novidades em segurança da informação, cobrindo desde vulnerabilidades críticas encontradas em máquinas de votação, aeronaves, carros, dispositivos móveis, plataformas de mídia social e muito mais. Read More
Apple is offering a $1 million reward to anyone who can pull off this specific iPhone hack (AAPL) [Black Hat USA 2019]
Apple announced the changes to its bug bounty program during the Black Hat cybersecurity conference in Las Vegas alongside other critical updates. In addition to the new $1 million reward, Apple also revealed that it's expanding the program to its other platforms such as macOS, tvOS, and watchOS, the software that powers its Mac, Apple TV, and Apple Watch products. Read More
Hackers Disable MSP Backups, Launch Ransomeware Attacks [Black Hat USA 2019]
Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. Read More
Out in Vegas: DOJ, BlueKeep, VoIP phones [Black Hat USA 2019]
The financial services industry has proven best at patching BlueKeep, the vulnerability that sparked worries about a massive attack on the scale of WannaCry or NotPetya, according to a SecurityScorecard analysis that coincides with a Black Hat presentation today. Across the industry, systems vulnerable to BlueKeep that were patched were typically patched within 13 days. Overall, the response to the vulnerability has been very slow, SecurityScorecard assessed. Read More
#BHUSA: DevSecOps, Looking Beyond the Buzzword [Black Hat USA 2019]
DevSecOps isn't just yet another meaningless buzzword, it's an approach that has a number of steps and real technologies that can be used to help effectively reduce risk. That's the message coming out of a session at the Black Hat USA conference in Las Vegas titled, "DevSecOps: What, Why and How." Read More
Consumers feel privacy is no safer under GDPR [Black Hat USA 2019]
Dave Meltzer, CTO at Tripwire, chatted with SC Media at Black Hat on the survey and sais that while some of the perceptions uncovered in the survey do reflect people’s gut reaction to the situation there is some evidence to prove that corporations are behaving differently under GDPR. He noted significant investment being made by companies in people, technology and processes by companies in order to comply with GDPR. Read More
NSA to build new features into its open-source malware analysis tool Ghidra [Black Hat USA 2019]
Knighton and Delikat discussed their plans with specialist website Cyber Scoop before a session of the Black Hat security conference held in Las Vegas, California this week. Read More
#BHUSA: Cult of the Dead Cow Members Discuss Hacktivism, Influence & Politicians [Black Hat USA 2019]
In a panel at Black Hat USA, former members of the hacking collective Cult of the Dead Cow were joined by author Joseph Menn, who wrote the recent memoir Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. Read More
Destructive malware attacks double as attackers pair ransomware with disk wipers [Black Hat USA 2019]
“Now you have to not only recover the data that you lost, but you have to recover the entire operating system along with that and that’s a larger effort for a company to work with,” said Christopher Scott, global remediation lead at X-Force IRIS, in a video interview with SC Media at Black Hat in Las Vegas. And that places more pressure on impacted organizations to acquiesce to the attackers’ demands. Read More
Apple to release super-exclusive new iPhone you’ll probably never get to try out [Black Hat USA 2019]
Ivan Krstić told a group of tech security experts at the Black Hat conference that Apple would soon begin to hand out new iPhones to a chosen group of researchers. Read More
Significant Vulnerabilities Found in 6 Common Printer Brands [Black Hat USA 2019]
Printers have long been a target of vulnerability researchers and hackers. At the Black Hat Security Briefings in 2002, two security researchers demonstrated that HP printers could be remotely exploited using security weaknesses in a variety of access methods. In 2017, a graduate thesis presented a survey of the security flaws in printers and multifunction devices, identifying more than 125 printer vulnerabilities in the National Vulnerability Database dating back nearly 20 years. Read More
Misinformation to Voting Machine Flaws [Black Hat USA 2019]
At Black Hat USA 2019, Threatpost caught up with Matt Olney, director of threat intelligence at Cisco Talos, to discuss the challenges that elections are facing. On one hand, election security is now top of mind for the information operations space in Facebook, Twitter and other social media companies looking to battle misinformation campaigns, cyber-influence operations and other, newer threats like deep fakes Read More
‘This happens a lot more than many customers realize, it's often just brushed under the carpet’ [Black Hat USA 2019]
What’s a show without an award? In the case of Black Hat, it’s the Pwnie Awards, where Bloomberg’s controversial story about Super Micro won in the “most overhyped bug” category. Read More
New DoS attack exploits algorithms to knock sites offline [Black Hat USA 2019]
The exploit was detailed at the Black Hat cybersecurity conference in Las Vegas by Nathan Hauke and David Renardy security company Two Six Labs, as reported by Wired. Read More
A Simple Text Message Can Put iPhone Users At Risk, Project Zero Reports [Black Hat USA 2019]
Natalie Silvanovich, a Google Project Zero researcher, unveiled a presentation Wednesday on how hackers will be able to break into iPhone users’ data through a simple text message. The presentation was done in a Black Hat security conference held in Las Vegas. Read More
Why security culture needs to change [Black Hat USA 2019]
In a Black Hat conference keynote heralded by rock concert lighting and sound effects, a security engineer from Square told a packed arena in Las Vegas that culture is a key lever to automate security in an organisation. Read More
Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage [Black Hat USA 2019]
Instead of thinking of Russia and its myriad intelligence agencies as a single, monolithic entity, we need to view it as a collection of individual groups that are often at odds with each other, Zenz explained here at Black Hat. Unfortunately, that chaos is bad for US, too. Read More
Phishing emails: Here's why we are still getting caught out after all these years [Black Hat USA 2019]
In a talk at the Black Hat 2019 security conference Google security researcher Elie Bursztein and University of Florida professor Daniela Oliveira detailed why these social engineering attacks remain effective, even though they have been around for decades Read More
We keep falling for phishing emails, and Google just revealed why [Black Hat USA 2019]
At a briefing Wednesday evening at the Black Hat security conference in Las Vegas, Google security researcher Elie Bursztein and University of Florida security professor Daniela Oliveira shared that and other insights about the business of coaxing people into giving up their usernames and passwords. Read More
How technologists in government could shape better tech policy [Black Hat USA 2019]
The resounding message out of BSides Las Vegas and Black Hat — two information security conferences that took place the week of Aug. 5 — is that government is falling far short in the technology space. Read More
Early warning: Website defacement alert utility debuts in the desert [Black Hat USA 2019]
A tool that provides an automatic warning about web site defacements was among the range of utilities released during the Black Hat Arsenal sessions this week. Read More
Detecting Deepfakes May Mean Reading Lips [Black Hat USA 2019]
At Black Hat here, ZeroFox researchers presented their techniques for identifying deepfake videos. CTO Mike Price ran through the history of deepfakes and outliend the process used to create them. ZeroFox Principal Research Engineer Matt Price (no relation) then ran through the available detection tools, and their respective drawbacks, before introducing his own. Read More
Apple Offers New Bug Bounty of up to $1.5 Million [Black Hat USA 2019]
Apple will now offer bug bounty payouts for vulnerabilities found in macOS, watchOS, tvOS, iPadOS, and iCloud. Its head of security engineering and architecture, Ivan Krstic, laid out the plans at the Black Hat conference. Read More
WhatsApp Security Flaw Could Let Hackers Manipulate Messages [Black Hat USA 2019]
The flaw was revealed at the Black Hat conference, and to make matters worse it seems that Facebook was informed about the vulnerability over a year ago but has failed to patch it. Read More
Hackers can alter WhatsApp chats to show fake information [Black Hat USA 2019]
The flaw, published at the Black Hat security conference in Las Vegas, could affect both private and public chats, potentially leading to the spread of false information or "fake news" by what were thought to be trusted sources. Read More
Microsoft names top security researchers, zero-day contributors [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas, Microsoft announced the top security researchers and enterprise partners who contributed the most vulnerability and zero-day reports affecting the company's products. Read More
NSA's reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy [Black Hat USA 2019]
In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday. Read More
The Russians are coming! The Russians are … complicated! [Black Hat USA 2019]
Of course it’s nothing of the sort. Instead it is a complex, seething, tiered morass of many figures and institutions, often incentivized against one another, in a time of profound and rapid change. Today I attended a Black Hat talk by Kimberley Zenz, who opened with a plea for nuanced consideration of Russia and Russian activities. She’s right, of course, but sadly the internet tends to be where nuance goes to die. Read More
Talk about unintended consequences: GDPR is an identity thief's dream ticket to Europeans' data [Black Hat USA 2019]
In a presentation at the Black Hat security conference in Las Vegas James Pavur, a PhD student at Oxford University who usually specialises in satellite hacking, explained how he was able to game the GDPR system to get all kinds of useful information on his fiancée, including credit card and social security numbers, passwords, and even her mother's maiden name. Read More
Who will save us from deepfakes? Other AIs? Humans? What about vastly hyperintelligent pandimensional beings? [Black Hat USA 2019]
In a presentation at the Black Hat security conference in Las Vegas, data scientists examined various ways to identify deepfake videos – something that is going to become increasingly important as US elections approach in 2020. Read More
You can easily secure America's e-voting systems tomorrow. Use paper – Bruce Schneier [Black Hat USA 2019]
“Paper ballots are almost 100 per cent reliable and provide a voter-verifiable paper trail,” he told your humble Reg vulture and other hacks at Black Hat in Las Vegas on Thursday. “This isn’t hard or controversial. We use then all the time in Minnesota, and you make your vote and it’s easily tabulated.” Read More
Black Hat: Using Tech to Offset User Behavior Risks [Black Hat USA 2019]
At Black Hat 2019, several sessions looked at the human factors in security, and offered suggestions on preventing people from making costly errors. Read More
Black Hat USA 2019: IBM X-Force Red Reveals New 'Warshipping' Hack To Infiltrate Corporate Networks [Black Hat USA 2019]
At the annual Black Hat cybersecurity conference happening this week in Las Vegas, Nevada, IBM’s X-Force Red presented in front of more than 19,000 security professionals from roughly 90 countries a new attack technique they’ve nicknamed "warshipping". Read More
Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc [Black Hat USA 2019]
Following the best practices of responsible disclosure, the research findings were shared with Siemens well in advance of the scheduled Black Hat USA 2019 presentation, allowing the manufacturer to prepare. Read More
Apple offers $1 million reward to anyone who can hack an iPhone [Black Hat USA 2019]
The bug bounty program, which previously offered rewards of up to $200,000 for finding problems in iOS devices, first launched in 2016. Apple head of security Ivan Krstić announced major changes to the program on stage at the Black Hat conference in Las Vegas Thursday, CNET reports. Read More
Pwnie Awards 2019: Even the press gets her fat away [Black Hat USA 2019]
Like every year, the Pwnie Awards were held at the Black Hat conference in Las Vegas. They are almost the Oscars of the security scene and award spectacular failure as well as outstanding achievements around IT security. Read More
Boeing 787: Forscher dokumentiert Schwachstellen in Netzwerkkomponenten-Firmware [Black Hat USA 2019]
Da der Sicherheitsexperte Rubens Santamarta nach eigener Auskunft unter Flugangst leidet, setzt er sich besonders gründlich mit der Sicherheit in der Luftfahrt auseinander. Wie der in den Diensten von IOActive stehende Forscher in einem Vortrag während der Black Hat 2019 in Las Vegas ausführte, brachte ihn eine Google-Suche im Herbst 2018 zu einem öffentlich zugänglichen Server von Boeing, auf dem sich diverse Firmware-Files fanden. Read More
New NSS Labs analysis shows ‘technology suites’ can meet claims of enhanced protection [Black Hat USA 2019]
Brvenik and Peter Armstrong of Munich Re Group are on a panel today here at Black Hat to discuss “Trendspotting through Cybersecurity Testing. Read More
Commerce’s Friedman says ‘champions’ can promote software bill of materials, avoiding regulation [Black Hat USA 2019]
The public-private initiative’s four working groups will discuss “baseline” SBOM drafts at a Sept. 5 meeting in Washington, DC, an important milestone, Friedman noted in a presentation Wednesday at the Black Hat conference here. Read More
Leading figures offer ways to assess effectiveness of Trump’s aggressive cyber deterrence strategy [Black Hat USA 2019]
The Trump strategy of “persistent engagement” is “the most significant policy change in 20 years,” said Columbia University’s Jason Healey, a prominent cyber strategist and policy voice. Healey and research partner Neil Jenkins of the Cyber Threat Alliance discussed their work today here at Black Hat. Read More
Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward [Black Hat USA 2019]
The device manufacturer in a Thursday Black Hat USA 2019 session said it will open the historically private program to all researchers in the fall. In addition, it plans to drastically boost some rewards for vulnerabilities found in its devices – including a $1 million payout – and adding a much-wanted program for its Mac devices. Read More
Black Hat keynote: Why security culture needs to change [Black Hat USA 2019]
Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale Read More
Researchers Bypass Apple FaceID Using Biometrics ‘Achilles Heel’ [Black Hat USA 2019]
Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim’s FaceID and log into their phone simply by putting a pair of modified glasses on their face. By merely placing tape carefully over the lenses of a pair glasses and placing them on the victim’s face the researchers demonstrated how they could bypass Apple’s FaceID in a specific scenario. The attack itself is difficult, given the bad actor would need to figure out how to put the glasses on an unconscious victim without waking them up. Read More
Google Researcher: The iPhone Is Not Exactly a Paragon of Security [Black Hat USA 2019]
At Black Hat, a Google security researcher details numerous bugs in iMessage that could be exploited remotely without interaction from the victim. Read More
Researcher uses GDPR data transparency clause to obtain users’ sensitive information [Black Hat USA 2019]
Presenting his research at Black Hat USA in Las Vegas earlier today, Pavur pulled focus on GDPR’s ‘right of access’ clause, which stipulates that individuals have the right to request a copy of all the information a company holds on them. Read More
What Are the Rules of Engagement in a Cyberwar? [Black Hat USA 2019]
When is it appropriate to respond to a cyberattack by launching missiles? At Black Hat, security expert Mikko Hypponen exhaustively explored the topic. Read More
How Often Can One Program Infect Another? Let Us Count the Way [Black Hat USA 2019]
At Black Hat, experts from SafeBreach report on the many different ways a malicious program could infect another process with its own code. Spoiler alert: it's a lot. Read More
Apple Beefs UApple Beefs Up Its Bug Bounty Program With $1M Prizep Its Bug Bounty Program With $1M Prize [Black Hat USA 2019]
Apple's macOS is inherently more secure than Windows or Android, but securing any operating system is a 24/7 operation, and at Black Hat, Ivan Krstic, Apple's Head of Security Engineering and Architecture, detailed three highly technical security accomplishments and added his own One More Thing. Read More
Detecting Deepfakes May Mean Reading Lips [Black Hat USA 2019]
At the Black Hat security conference, researchers evaluated the deepfake detection tools currently available and released their own mouth-centric deepfake detector. Read More
Black Hat 2019: WhatsApp Users Still Open to Message Manipulation [Black Hat USA 2019]
Researchers at Black Hat USA 2019 demoed how known vulnerabilities in WhatsApp could still be exploited in several attacks that manipulate chats. Read More
Apple vastly expands security bounty program: higher payouts, ‘dev’ devices, Mac support [Black Hat USA 2019]
After hearing rumors about Apple expanding its bug bounty program earlier this week along with expectations for the company to start giving out dev devices like iPhones to security researchers, Apple has confirmed at the Black Hat conference today a vast expansion to its bounty program along with opening it up to all. Read More
Apple's expanded bug bounty program covers all operating systems, payouts up to $1M, special iPhones, more [Black Hat USA 2019]
Rumored in a report on Monday and announced during the Black Hat conference by Apple's head of security engineering and architecture Ivan Krstic, the bug bounty system has been expanded to cover Apple's other operating systems. For the first time, Apple is defining levels of payments that will be provided to security researchers who disclose vulnerabilities they find in macOS, with similar schemes also created for other platforms, including watchOS and tvOS. Read More
NSA’s reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy [Black Hat USA 2019]
In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday. Read More
Apple to Give Researchers Special iPhones to Up Its Security [Black Hat USA 2019]
Ivan Krstic made the announcement in Las Vegas at the annual Black Hat security conference at the end of a 50-minute long presentation to discuss Apple’s security efforts for its hardware and software products. Apple has long positioned the security of its systems as a core tenet of its products. Read More
Apple offers record 'bounty' to researchers who find iPhone security flaws [Black Hat USA 2019]
At the annual Black Hat security conference in Las Vegas on Thursday, the company said it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called “bounties,” for the most significant findings. Read More
Apple Confirms $1 Million Reward For Anyone Who Can Hack An iPhone [Black Hat USA 2019]
As Forbes reported on Monday, Apple is also launching a Mac bug bounty, which was confirmed Thursday, but it's also extending it to watchOS and its Apple TV operating system. The announcements came in Las Vegas at the Black Hat conference, where Apple’s head of security engineering Ivan Krstić gave a talk on iOS and macOS security. Read More
Apple extends its bug bounty program to cover macOS with $1 million in rewards [Black Hat USA 2019]
Apple is finally rewarding security researchers for finding security flaws in macOS. At the Black Hat conference today, Apple announced that it is greatly expanding its existing bug bounty program to include macOS, tvOS, watchOS, and iCloud. It will include rewards of up to $1 million for a zero-click, full chain kernel code execution attack. Read More
Apple adds Macs, Watches, and Apple TVs to $1 million bug bounty program [Black Hat USA 2019]
The news went public today at the annual Black Hat security conference in Las Vegas (via TechCrunch), where lead Apple security developer Ivan Krstić disclosed key updates to the bug bounty program. Apple will now pay $1 million for a deadly serious exploit — a zero-click attack that enables complete, persistent control of an iPhone’s kernel with nothing more than knowledge of the device’s phone number — up from a peak of $200,000 before. Less serious exploits will qualify for smaller amounts. Read More
Google researcher details iOS exploit that can take over an iPhone with a text message [Black Hat USA 2019]
That notwithstanding, security researchers from Google’s Project Zero team recently divulged a sophisticated exploit that would allow a malicious actor to take control of a targeted device with no interaction required from the device owner at all. As Google researcher Natalie Silvanovich detailed during a presentation at the Black Hat security conference this week, there are a handful of iOS 12 exploits — which have since been patched by Apple with iOS 12.4 — that can let a third-party gain full control of a device simply by sending over a text message. Read More
Rebels with a cause: Hacking for good [Black Hat USA 2019]
In an invite-only session at the Black Hat USA 2019 conference sponsored by Cisco and Duo Security Joseph Menn, author of the new bestseller "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World, talked to a panel of hackers on how they first got involved and why hacking can be a good thing. Read More
Tel Aviv U and Technion researchers wrest control of one of world's most secure PLCs [Black Hat USA 2019]
The team is slated to present their findings at Black Hat USA week in Las Vegas this month, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7. Read More
BATTERY RIGHTS MANAGEMENT – DTNS 3591 [Black Hat USA 2019]
At Black Hat, Researchers from security firm Checkpoint demonstrated an exploit of WhatsApp that would let an attacker alter text in a quoted message to change what a person appeared to write. Early results from a study by Apple, Eli Lilly and Evidation Health found that data from an iPhone, an Apple Watch, and a Beddit sleep monitor, differentiated patients with mild Alzheimer’s disease dementia from those without symptoms. Read More
Hacking for the Greater Good Has Never Been Easier [Black Hat USA 2019]
Experts on a panel at Black Hat stressed Wednesday that there's never been a greater need for hackers and public interest technologists to foster a safe digital society. Read More
WhatsApp flaws allow the attackers to manipulate conversations [Black Hat USA 2019]
Vanunu explained at the Black Hat conference in Las Vegas, Nevada, that the vulnerabilities were responsibly disclosed in 2018, but remained exploitable for a long time. Read More
Using GDPR Subject Access Requests to Harvest Data [Black Hat USA 2019]
In a talk at this year's Black Hat an Oxford University student explained how he used GDPR Access Requests and a Python script to steal a slew of sensitive information on another person. Read More
What Are the Rules of Engagement in a Cyberwar? [Black Hat USA 2019]
"The lines between real and virtual worlds are blurring fast," Mikko Hypponen, Chief Research Officer for Finnish security company F-Secure, said here at Black Hat. "Several governments have publicly stated that they reserve the right to respond to cyber attacks with kinetic force. Now we are seeing that happening for real." Read More
Apple expands bug bounty to macOS, raises bug rewards [Black Hat USA 2019]
Speaking on stage at Black Hat today, Ivan Krstić, Apple's head of security, also announced a considerable increase in the rewards hackers are eligibe to make. Read More
APPLE GIVES HACKERS A SPECIAL IPHONE—AND A BIGGER BUG BOUNTY [Black Hat USA 2019]
At the Black Hat security conference Thursday, Apple's head of security engineering and architecture Ivan Krstić announced a broad revamping of the company's bug bounty program. It's now open to all researchers, rather than its current invite-only eligibility; includes not just iOS but MacOS and other Apple operating systems; and vastly increases the rewards for certain rare forms of attack, from $100,000 for physical access attacks to bypass an iPhone's lock screen to an unprecedented $1 million for a remote attack that can gain total, persistent control of a user's computer without any interaction on the victim's part. Read More
Security Researcher Says He Cracked 787 Airliner, But Boeing, FAA Disagree [Black Hat USA 2019]
LAS VEGAS—The Black Hat security conference is no stranger to controversy, but it has been a while since a presentation elicited much pushback. That changed when a security researcher from IOActive presented what he says are vulnerabilities in the Boeing 787 Dreamliner that could be used for several different attacks. Boeing disputes the firm's findings and its disclosure process, highlighting the cracks between security researchers and the subjects of their work. Read More
Researchers Demonstrated Method for Bypassing 'Attention Aware' Feature on a Victim's iPhone Using Glasses and Tape [Black Hat USA 2019]
During the Black Hat USA conference in Las Vegas, researchers demonstrated a Face ID bypass method that used glasses and tape to unlock and infiltrate the iPhone of an "unconscious" victim. Read More
Apple announces developer iPhones with root access for security research [Black Hat USA 2019]
The company made the announcement at the Black Hat conference today, an update to the bug bounty program it launched three years ago. The deeper access should make researchers’ lives a lot easier, able to access deeper iOS functions without waiting for a jailbreak to be available for every update. Even though researchers won’t have quite the same level of access as Apple itself, it’s a huge step in the right direction – one that should make it easier to catch an increasing number of attacks on Apple‘s software. Read More
Apple offers record 'bounty' to researchers who find iPhone security flaws [Black Hat USA 2019]
At the annual Black Hat security conference in Las Vegas on Thursday, the company said it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called “bounties,” for the most significant findings. Read More
Black Hat 2019 keynote: Transformative change needed to improve cyber-security [Black Hat USA 2019]
A transformative change in how security ops and devops staffs function is needed in order for organisations to get ahead of the curve combating cyber-security issues, said Square’s head of security Dino Dai Zovi during his Black Hat 2019 keynote address. Read More
#BHUSA: Five Years of Google Project Zero Should Influence Similar Groups [Black Hat USA 2019]
Speaking at Black Hat USA, Google Project Zero manager Ben Hawkes looked back at five years of the vulnerability research team and deemed the future success of the group to be focused on more groups forming. Read More
#BHUSA Empathy is Key to Hiring and Retaining Women in Cybersecurity [Black Hat USA 2019]
At Black Hat Las Vegas on August 08 2019, Rebecca Lynch of Duo Security gave a talk on hiring, and just as importantly retaining, women in the cybersecurity industry. Read More
#BHUSA: How GDPR Can Help Attackers Steal Identities [Black Hat USA 2019]
In a session at the Black Hat USA conference in Las Vegas, titled, "GDPArrrrr: Using Privacy Laws to Steal Identities", James Pavur, DPhil student and Rhodes Scholar at Oxford University, outlined how he was able to abuse a key component of the GDPR to get access to personally identifiable information for his fiance. Read More
Critical RCE Bug Found Lurking in Avaya VoIP Phones [Black Hat USA 2019]
Researchers found the Avaya 9600 series IP Deskphone vulnerability in a piece of open source software that Avaya likely copied and modified 10 years ago. The same bug was reported in 2009, according to the analysis from McAfee shared with Threatpost at Black Hat 2019, “yet its presence in the phone’s firmware remained unnoticed until now.” Read More
Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says [Black Hat USA 2019]
Speaking at Black Hat 2019 on Thursday, Doerr pointed out that supply-chain risk comes from four main areas: Hardware, software, services and people. All are important, but it’s the latter, he maintained, that should be the top focus. Read More
Facebook leaves flaw in WhatsApp unresolved for a year [Black Hat USA 2019]
Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour.
https://www.ft.com/content/3d106036-b981-11e9-8a88-aa6628ac896c
Speaking at the Black Hat cyber security conference, Oded Vanunu, head of product vulnerability research at the security company, said Facebook blamed WhatsApp’s flaws on “limitations that can’t be solved due to their structure and architecture”. Read More
WhatsApp’s chat manipulation exploit remains unresolved even after a year (Updated) [Black Hat USA 2019]
Details of the vulnerabilities were disclosed by Israeli cybersecurity firm Checkpoint Research at Black Hat 2019 security conference in Las Vegas on August 7. Read More
How Often Can One Program Infect Another? Let Us Count the Ways [Black Hat USA 2019]
Fast forward to the modern world, and the possibilities are more complex and numerous. At the Black Hat conference here, a pair of researchers from SafeBreach, which contracts to assess and mitigate security risks, unveiled an exhaustive survey of all the ways one program can inject code into another. Their session isn't until Thursday, but we caught up with them ahead of the briefing. Read More
Wi-Fi-spying gizmos may lurk in future parcels – [Black Hat USA 2019]
Black Hat IBM’s X-Force hacking team have come up with an interesting variation on wardriving – you know, when you cruise a neighborhood scouting for Wi-Fi networks. Well, why not try using the postal service instead, and called it “warshipping,” Big Blue’s eggheads suggested earlier today. Read More
Report Identifies 6 DevSecOps Pillars [Black Hat USA 2019]
At the Black Hat USA conference, the DevSecOps Working Group of the Cloud Security Alliance (CSA) announced it has published a report identifying the six pillars on which any set of best DevSecOps processes should be based. Read More
How Lab Mice Are Helping Detect Deepfakes [Black Hat USA 2019]
Creating a convincing deepfake takes a lot of time and computing power, as does training computers to distinguish humans from deepfakes. At the Black Hat conference here, a cross-discipline team of researchers presented some novel ideas on how to manage the problem, looking specifically at the problem of generating voice audio that sounds human. Read More
HIDDEN ALGORITHM FLAWS EXPOSE WEBSITES TO DOS ATTACKS [Black Hat USA 2019]
Many websites and services rely on algorithms to transform data inputs into actions and results. But new research detailed Thursday at the Black Hat cybersecurity conference in Las Vegas shows how a small, seemingly innocuous input for an algorithm can cause it to do a huge amount of work—slowing a service down or crashing it entirely in the process, all with just a few bytes. Read More
Bogus Satellite Nav Signals Send Autonomous Cars Off the Road [Black Hat USA 2019]
At the Black Hat security conference, a researcher demonstrated how making tweaks to navigation signals could send a self-driving car careening off the road.
Read More
WhatsApp Is Vulnerable To Hack That Could Allow Attackers To Put Words In Your Mouth [Black Hat USA 2019]
Researchers at Checkpoint disclosed the a trio of attack vectors last year, explaining that they could enable a hacker to change a user's messages, change a sender's identity, and make private messages viewable to the public. One of those has been addressed, but two of the attack vectors still remain, as researchers recently demonstrated at the Black Hat USA 2019 conference in Las Vegas. Read More
Equifax's push to regain public trust calls on companies to work together [Black Hat USA 2019]
At Black Hat, Equifax's chief information security officer talks about how companies need to collaborate on cybersecurity to win back public confidence. Read More
The Evolution of Russia's Dark Web [Black Hat USA 2019]
Ahead of releasing a report on the topic, Charity Wright, formerly with the NSA, and Ariel Ainhoren, Research Team Leader at IntSights, graciously summarized this evolution for us here at the Black Hat conference. Read More
Security Researcher Says He Cracked 787 Airliner, But Boeing, FAA Disagree [Black Hat USA 2019]
LAS VEGAS—The Black Hat security conference is no stranger to controversy, but it has been a while since a presentation elicited much pushback. That changed when a security researcher from IOActive presented what he says are vulnerabilities in the Boeing 787 Dreamliner that could be used for several different attacks. Boeing disputes the firm's findings and its disclosure process, highlighting the cracks between security researchers and the subjects of their work. Read More
WhatsApp Hack Attack Can Change Your Messages [Black Hat USA 2019]
During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today. Read More
WhatsApp's New Security Vulnerability Can Allow Hackers To Change Messages In Your Chats [Black Hat USA 2019]
On August 7th, in a briefing at the annual Black Hat security conference in Las Vegas, researchers from Israeli security company 'Check Point' shed light on WhatsApp's security vulnerabilities where one could hack the chat and change the text of a message as well as the identity of the sender. Read More
Why North Korea is a different kind of cyberthreat [Black Hat USA 2019]
LAS VEGAS — Security experts have come to expect certain behaviors from nation-state cyber actors — such as Russia, China and Iran — but North Korea stands apart, according to a speaker at Black Hat USA, a hacking conference held in Las Vegas Aug. 3-8. Read More
WhatsApp hack attack can change your messages, says Israeli security firm [Black Hat USA 2019]
The hacking tool was revealed publicly during a briefing at the annual Black Hat security conference in Las Vegas on August 7, news magazine Forbes reported on Wednesday. However, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today. Read More
Terrifying WhatsApp flaw discovered that could let hackers edit your messages [Black Hat USA 2019]
Cyber security researchers at Check Point Research demonstrated how the flaw could be exploited at the Black Hat cybersecurity conference in Las Vegas this week. Read More
WhatsApp flaw could let hackers alter your quoted messages and change the words you appear to have sent to your friends [Black Hat USA 2019]
Their team detailed the hack at the Black Hat cyber-security conference in Las Vegas, attended by other experts who also uncover vulnerabilities in popular software. Read More
Cyberattackers can change and manipulate your WhatsApp messages [Black Hat USA 2019]
Israeli security firm Check Point revealed in a briefing at the annual Black Hat security conference in Las Vegas, Nevada, that WhatsApp messages can be manipulated to change the content of a message and even the identity of the sender. Read More
Code leak in a Boeing 787 Dreamliner reveals security flaw which could allow hackers to access flight controls, expert claims [Black Hat USA 2019]
Ruben Santamarta, a consultant with cyber security firm IOActive, is scheduled to explain his method at this week's Black Hat hacking conference in Las Vegas. Read More
iMessage bug lets you get hacked with just one message [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas, Google Project Zero researcher Natalie Silvanovich demonstrated interactionless bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device. Read More
Black Hat 2019: Security Culture Is Everyone's Culture [Black Hat USA 2019]
In his Black Hat USA keynote, Square's Dino Dai Zovi discussed lessons learned throughout his cybersecurity career and why culture trumps strategy. Read More
PROJECT ZERO WANTS YOU TO HELP MAKE 0-DAY HARD [Black Hat USA 2019]
“Good defense requires a detailed knowledge of offense. We approach vulnerability research the way that an attacker does,” Hawkes said during a talk at the Black Hat USA conference here Thursday. Read More
Researchers allegedly bypass Apple's Face ID using modified glasses [Black Hat USA 2019]
Researchers presenting at the 2019 Black Hat conference have revealed a possible flaw with facial biometrics, including Apple's Face ID. The exploit, however, isn't especially easy to pull off. Read More
Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find [Black Hat USA 2019]
Security researchers who built a phony engineering workstation that was able to dupe — and alter — operations of the Siemens S7 programmable logic controller (PLC) found that modern S7 PLC families running the same firmware also share the same public cryptographic key, leaving the devices vulnerable to attacks like the ones they simulated. Read More
Communication placed front and center during Black Hat 2019 opening sessions [Black Hat USA 2019]
During his opening remarks at the Mandalay Bay Events Center, Black Hat and DEF CON founder Jeff Moss underlined the importance of communication – not just within the security community, but also in terms of how CISOs, pen testers, and network defenders communicate with those outside of the industry. Read More
“In general, AV evasion works most of the time,” Sauder told The Daily Swig ahead of this year’s Black Hat USA conference, where he demonstrated his multifaceted tool on the Arsenal track. Read More
How Behavioral Data Shaped a Security Training Makeover [Black Hat USA 2019]
"When you think about the ways how you could lower that number, the first thing that comes to mind is training," said Aika Sengirbay, current security awareness program manager at Airbnb and former senior security engagement specialist at Autodesk, in the Black Hat briefing "It's Not What You Know, It's What You Do: How Data Can Shape Security Engagement." Read More
HOW APPLE PAY BUTTONS CAN MAKE WEBSITES LESS SAFE [Black Hat USA 2019]
APPLE PAY HAS a slew of protective features that make it a secure method of online credit card transactions. And since 2016, third-party merchants and services have been able to embed Apple Pay into their websites and offer it as a payment option. But at the Black Hat security conference in Las Vegas on Thursday, one researcher is presenting findings that this integration inadvertently introduces vulnerabilities that could expose the host website to attack. Read More
Black Hat keynote: Why security culture needs to change [Black Hat USA 2019]
Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale Read More
WhatsApp Hack Attack Can Change Your Messages [Black Hat USA 2019]
During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today. Read More
How uncertainty in the cyber domain changes war [Black Hat USA 2019]
“It’s very easy to say these things; it’s much more different to do these things,” Mikko Hypponen, chief research officer of Finnish cybersecurity and privacy company F-Secure, said at Black Hat USA, a hacker conference in Las Vegas running Aug. 3-8. “The reason why it’s so hard is basically one word: attribution.” Read More
Selling zero-days to governments takes some business savvy, says former bug broker [Black Hat USA 2019]
Not all researchers are comfortable with the ethics of selling the zero-day vulnerabilities they’ve discovered to governments and offensive security companies. But those who do seek profit beyond that of a traditional bug bounty reward will require a fair share of business savvy to seal the deal, according to former vulnerability broker Maor Shwartz, in a Black Hat presentation yesterday that offered a unique inside glimpse into the zero-day economy. Read More
Black Hat 2019: Software Businesses Need a Different Security Approach [Black Hat USA 2019]
That was the message coming out of Black Hat 2019 in Las Vegas as security professionals convened for a multi-day event with sessions on fresh research and insights for the community. Organizers predicted the event, in its 23rd year, would exceed 19,000 attendees from around the world this year. Read More
Eyeballer: AI utility scours website screenshots for bug bounty candidates [Black Hat USA 2019]
“Having AI that can identify ‘old-looking’ websites has proven to be very useful,” they concluded. Petro and Stroy unveiled the tool during an Arsenal session of the Black Hat conference in Las Vegas earlier today (August 8). Read More
Pwn an iPhone to bank $1m and Check Point gripes about WhatsApp privacy again [Black Hat USA 2019]
Apple's security engineering boss Ivan Krstić told Black Hat attendees that Cupertino is expanding its bug-bounty program in various ways. For instance, it will now cover macOS, WatchOS, and Apple TV, whereas previously it was only interested in coughing up cash for details of iOS vulnerabilities. Read More
Live From Black Hat USA: The Inevitable Marriage of DevOps & Security [Black Hat USA 2019]
During her briefing with Kelly Shortridge, vice president of product strategy at Capsule8, Dr. Nicole Forsgren, research and strategy at Google, did a beautiful job of adding imagery to the story she told of the attendee reactions during the now-famous talk Paul Hammond and John Allspaw gave at Velocity in 2009. If you’re not familiar, the title of said talk was, “10 Deploys Per Day: Dev & Ops Cooperation at Flickr.” Read More
Black Hat: Lessons Learned from the Equifax Data Breach [Black Hat USA 2019]
That’s according to Jamil Farshchi, Equifax’s chief information security officer, who spoke during this week’s Black Hat USA 2019 conference in Las Vegas. He joined Equifax after it suffered a massive data breach, which resulted in unauthorized access to the personal information of nearly 44% of the U.S. population. Read More
Black Hat: Lessons Learned from the Equifax Data Breach [Black Hat USA 2019]
That’s according to Jamil Farshchi, Equifax’s chief information security officer, who spoke during this week’s Black Hat USA 2019 conference in Las Vegas. He joined Equifax after it suffered a massive data breach, which resulted in unauthorized access to the personal information of nearly 44% of the U.S. population. Read More
Apple opens up hacker-friendly iPhone to researchers at Black Hat [Black Hat USA 2019]
Apple's head of security, Ivan Krstic, unveiled the new program at Black Hat, a cybersecurity conference in Las Vegas. These iPhones aren't the same as the ones you can buy in a store. They're specifically coded for developers who want to poke around iOS and Apple's hardware to find security flaws. Read More
13-Year-Old Encryption Bugs Still Haunt Apps and IoT [Black Hat USA 2019]
Hackers try to find novel ways to circumvent or undermine data encryption schemes all the time. But at the Black Hat security conference in Las Vegas on Wednesday, Purdue University researcher Sze Yiu Chau has a warning for the security community about a different threat to encryption: Vulnerabilities that were discovered more than a decade ago still very much persist today. Read More
The Cybersecurity 202: Hackers are going after medical devices — and manufacturers are helping them [Black Hat USA 2019]
That marks a massive shift since 2011, when cybersecurity researcher Jay Radcliffe first demonstrated how he could hack his own implantable insulin pump at Def Con's sister conference Black Hat. Read More
From Vegas: a scoop, zero-days and cyber weapons [Black Hat USA 2019]
Security researchers who want to sell a zero-day vulnerability to a company should look for one with an in-house security team, because “they will understand the value of it and be willing to pay more,” zero-day broker Maor Shwartz said during a candid presentation Wednesday at Black Hat in Vegas. Read More
Microsoft recognizes top-tier security researchers at Black Hat 2019 [Black Hat USA 2019]
At Black Hat USA this week, Microsoft named Yuki Chen as its Most Valuable Security Researcher for 2018-19. Chen (@guhe120), a researcher at Chinese security firm Qihoo 360, topped a list of 75 hackers, who were ranked by both the frequency and quality of bugs reported through Microsoft’s Coordinated Vulnerability Disclosure program. Read More
12 Most Exciting Cybersecurity Technologies To Watch At Black Hat 2019 [Black Hat USA 2019]
CRN asks 12 executives, sales and technical leaders attending Black Hat 2019 which cybersecurity technologies they're most excited to see come to fruition and how customers and solution providers will benefit. Read More
Black Hat USA 2019: Apple iOS New Flaws Let Hackers Break Into Any iPhones -- Users Must Update Now [Black Hat USA 2019]
The sheer number of critical security vulnerabilities revealed at the Black Hat USA 2019 conference, happening this week in Las Vegas, Nevada, is becoming overwhelming. Read More
WhatsApp Hackers Can Manipulate Your Messages: Here's How [Black Hat USA 2019]
WhatsApp messages can be manipulated to add fake quotations from other WhatsApp users, to alter the quoted text of real replies, and to send secret messages to individuals within group chats, two Israeli researchers revealed Wednesday (Aug. 7) at the Black Hat conference here. Read More
Hackers want you to be happy. People in a good mood are easier to trick, research says [Black Hat USA 2019]
UF Professor Daniela Oliveira, who led the study along with Dr. Natalie Ebner, presented the research at the Black Hat cybersecurity conference in Las Vegas on Wednesday. Oliveira was joined by Elie Burszstein, who leads Google's anti-abuse research team. Read More
WhatsApp Hack Attack Changes Your Messages, And Facebook Doesn't Seem To Care [Black Hat USA 2019]
During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today. Read More
WhatsApp flaw 'puts words in your mouth' [Black Hat USA 2019]
The tool was demonstrated at Black Hat, a cyber-security conference in Las Vegas, as a follow up to a research paper published by Checkpoint last year. Read More
The service worker hiding in your browser [Black Hat USA 2019]
Red teamers looking for creative ways to put ‘pseudo’ backdoors into browsers should turn their attention to service workers, following the release of a new exploitation kit at Black Hat USA. Read More
What’s cybercriminals’ most effective weapon in a ransomware attack? [Black Hat USA 2019]
The 2019 Spotlight Report on Ransomware is based on observations and data from the 2019 Black Hat Edition of the Attacker Behavior Industry Report, which reveals behaviors and trends in networks from a sample of over 350 opt-in Vectra customers. The Attacker Behavior Industry Report provides statistical data on the behaviors motivated attackers use to blend in with existing network traffic behaviors and mask their malicious actions. Read More
ILL COMMUNICATION: IMPROVING SECURITY BY TALKING IT OUT [Black Hat USA 2019]
“Communication is just transmitting information between humans. Risks are shared. If you can reinforce that security is everyone’s job, you can move toward a more generative culture,” Dino Dai Zovi, mobile security lead at Square, sad during his keynote speech at the Black Hat USA conference here Wednesday. Read More
#BHUSA Need For Technologists to Be Recognized and Empowered [Black Hat USA 2019]
In a panel at Black Hat USA, cryptographer Bruce Schneier; Camille Francois, research and analysis director at Graphika and fellow at Harvard Law School Berkman Center; and Eva Galperin, director of cybersecurity at the EFF, talked about the benefits of technologists to society. Read More
Linux security startup Capsule8 raises approximately $6.5 million led by Intel Capital [Black Hat USA 2019]
This week, Capsule8 executives will lead several sessions at the Black Hat USA 2019 security conference in Las Vegas. Capsule8 vice president (and Pwnie Award judge) Kelly Shortridge spoke at the CISO Summit and will team with Nicole Forsgren, research and strategy expert at Google Cloud, to present “Controlled Chaos: The Inevitable Marriage of DevOps and Security” on Wednesday, August 7 at 4 p.m. Pacific time. Additionally, Capsule8 chief scientist Brandon Edwards and research scientist Nick Freeman will explore “A Compendium of Container Escapes” on Thursday, August 8 at 3:50 p.m. Read More
Black Hat 2019: Ethical Hackers Must Protect Digital Human Rights [Black Hat USA 2019]
At a time when technology is being utilized for human-rights abuses, the security space needs to turn its focus to public interest defense technology, security stalwarts urged during Black Hat USA 2019. Read More
SYMANTEC CORPORATION (SYMC) SHARES DROP -1.10% TO -$0.22 IN EARLY TRADING HOURS: IS IT GOOD TIME TO BUY? [Black Hat USA 2019]
The Symantec Corporation (NASDAQ:SYMC) is going down by -1.10% in today’s trading session, a fall equivalent to -0.22% of the stock’s price from yesterday’s market close. A news came out on 08/01/19 stating that Symantec Presents on DEF CON 27 Main Stage and Hosts Live-Hacking Demo at Black Hat USA 2019 by WSJ. The lowest point that the shares touched during the trading session was $20.095, while the peak of the day was recorded at a share price of $20.67. SYMC finished the previous session at $20.46 according to the data provided by Barchart, while the trading volume was observed to be $2,161,832. Read More
IBM's Warshipping Attacks Wi-Fi Networks From Afar [Black Hat USA 2019]
Speaking at Black Hat USA, IBM researchers explained how they used off-the-shelf components costing under $100 to create a single-board computer with Wi-Fi and 3G capability. This enables it to connect to a Wi-Fi network to harvest data locally and then send it to a remote location using its cellular connection. The small device runs on a cell phone battery and easily fits into a small package. Read More
Ann Arbor-Based Censys Unveils Enterprise-Level Attack Surface Management Software Platform [Black Hat USA 2019]
Censys is premiering the upcoming launch of its new enterprise-level attack surface management software platform at the Black Hat USA 2019 conference Read More
#BHUSA Jeff Moss Talks of Need to be Better Communicators [Black Hat USA 2019]
Opening Black Hat USA’s keynote, founder Jeff Moss talked of the need to focus on better communication, and look at “how we communicate and what we talk about.” Read More
Hack-age delivery! Wardialing, wardriving... Now warshipping: Wi-Fi-spying gizmos may lurk in future parcels [Black Hat USA 2019]
"Think of the volume of boxes moving through a corporate mailroom daily," said Charles Henderson of IBM X-Force Red on Wednesday, just in time for this year's Black Hat USA conference in Las Vegas. "Or consider the packages dropped off on the porch of a CEO's home, sitting within range of their home Wi-Fi. Using warshipping, X-Force Red was able to infiltrate corporate networks undetected." Read More
Aug 7, 2019 |
Linux security startup Capsule8 raises approximately $6.5 million led by Intel Capital [Black Hat USA 2019]
This week, Capsule8 executives will lead several sessions at the Black Hat USA 2019 security conference in Las Vegas. Capsule8 vice president (and Pwnie Award judge) Kelly Shortridge spoke at the CISO Summit and will team with Nicole Forsgren, research and strategy expert at Google Cloud, to present “Controlled Chaos: The Inevitable Marriage of DevOps and Security” on Wednesday, August 7 at 4 p.m. Pacific time. Additionally, Capsule8 chief scientist Brandon Edwards and research scientist Nick Freeman will explore “A Compendium of Container Escapes” on Thursday, August 8 at 3:50 p.m. Read More
Fancy Bear hackers used IoT devices to hack corporate networks [Black Hat USA 2019]
Fortunately Microsoft was able to block these attacks in their early stages but this means that it investigators won't be able to determine exactly what Fancy Bear was attempting to steal from the compromised networks. The company will reveal additional details regarding Fancy Bear's activities online at this year's Black Hat USA security conference. Read More
QualPwn is a new exploit for Qualcomm Snapdragon chips, here’s what you need to know [Black Hat USA 2019]
We don’t have all the details about how this would happen or how easy it would be, but those are coming during Tencent Blade’s Black Hat 2019 and DEFCON 27 presentations. Read More
Black Hat: LeapFrog Tablet Flaws Let Attackers Track, Message Kids [Black Hat USA 2019]
The LeapPad Ultimate is a rugged tablet made by LeapFrog that targets children with an array of education, game and eBook apps. Researchers, who disclosed the flaws at Black Hat 2019 on Wednesday, said the tablet has a number of security issues opening the door to a slew of malicious activities by an adversary. Those include allowing bad actors to track the devices, send messages to children or launch man-in-the-middle attacks. Read More
HACKERS CAN BREAK INTO AN IPHONE JUST BY SENDING A TEXT [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas on Wednesday, Google Project Zero researcher Natalie Silvanovich is presenting multiple so-called “interaction-less” bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device. And while Apple has already patched five of them, a few have yet to be patched.
Read More
Black Hat 2019: Security’s Powerful Cultural Transformation [Black Hat USA 2019]
“Start with yes.'” That’s the advice to security teams from Dino Dai Zovi, mobile security lead at Square, giving the keynote on Wednesday at the 23rd annual Black Hat conference in Las Vegas. Read More
#BHUSA Keynote Encourages Positivity and Collaboration [Black Hat USA 2019]
Speaking in the opening keynote at Black Hat USA, Dino Dai Zovi, researcher and head of security for the cash app at Square, talked about security teams acknowledging developers and vice versa. Read More
Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says [Black Hat USA 2019]
Las Vegas – IOActive industrial cybersecurity expert Ruben Santamarta last fall discovered an Internet-exposed Boeing Co. server housing firmware specifications for the aviation manufacturer's 787 and 737 airplane networks. Read More
Black Hat 2019: Microsoft Protocol Flaw Leaves Azure Users Open to Attack [Black Hat USA 2019]
At Black Hat USA 2019, researchers showed how a previously-disclosed flaw on Windows systems that could allow arbitrary code execution could also impact Hyper-V. Read More
Microsoft Ignored RDP Vulnerability Until it Affected Hyper-V [Black Hat USA 2019]
Details about the attack and the underlying flaw that enabled it are presented at the Black Hat USA security conference where Itkin and Dana Baril, security software engineer at Microsoft, talk from the perspective of both an attacker and a defender. Read More
Security Vulnerabilities Are Increasingly Putting Kids at Risk [Black Hat USA 2019]
The latest example of this fear was seen at Black Hat 2019, where serious vulnerabilities were disclosed in LeapFrog’s tablet for kids, the LeapPad Ultimate. Erez Yalon, director of security research at Checkmarx, who disclosed the flaws at Black Hat 2019 on Wednesday, said the tablet has a number of security issues opening the door to a slew of malicious activities by an adversary. Those include allowing bad actors to track the devices, send messages to children or launch man-in-the-middle attacks. Read More
Tenable unveils new product innovations in Tenable.sc and Tenable.io [Black Hat USA 2019]
Tenable, the Cyber Exposure company, announced at Black Hat USA 2019 new product innovations in Tenable.sc (formerly SecurityCenter) and Tenable.io to continuously discover and assess known and unknown assets across on-premises and cloud environments from a single platform at no extra charge. Read More
Researchers Show Vulnerabilities in Facial Recognition [Black Hat USA 2019]
Researchers Yu Chen, Bin Ma, and Zhuo (HC) Ma of Tencent Security's Zuanwu Lab were scheduled to speak here at Black Hat USA, but Visa denials left HC Ma alone on the stage. He said his colleagues had begun the research to find out how biometric authentication was being implemented and, specifically, how the routines designed to separate a living human from a photo or other fake were put into practice. Read More
Black Hat keynoter: If cybersecurity is everyone’s job, what’s the security team’s job? [Black Hat USA 2019]
Black Hat kicked off here with a keynote by Dino Dai Zovi -- the mobile security lead at Square -- and with a record 20,000 participants expected to attend the two-day conference. Read More
Black Hat 2019: Deepfakes Require a Rethink of Incident Response [Black Hat USA 2019]
Two sessions at this year’s Black Hat event here in Las Vegas dive into the issue and offer insights on how deepfakes are created, and also highlight advances in technology that can possibly be used to detect the videos. Titled "Detecting deepfakes with Mice" and "Playing Offense and Defense with deepfakes," the sessions’ place on the agenda solidify that this is an issue for the security department to pay attention to as more criminals use deepfakes in social engineering attacks. Read More
Ancient technique tears a hole through modern web stacks at Black Hat 2019 [Black Hat USA 2019]
Presenting at Black Hat USA today, the PortSwigger Web Security researcher demonstrated how isolated HTTP requests can be exploited to poison web caches and desynchronize entire systems – including those belonging to major companies such as PayPal and Red Hat. Read More
Microsoft and Apple Level up Star Hacker Bug Bounties [Black Hat USA 2019]
The iPhones will be given to the rock star hackers that participate in the Cupertino company's invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference. Read More
Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson [Black Hat USA 2019]
In this week’s episode of the Podcast, # 156: we’re back at “hacker summer camp” in Las Vegas this week – also known as the Black Hat, B-Sides and DEF CON conferences, which bring tens of thousands of the world’s top security experts to the Las Vegas Strip. Read More
Black Hat 2019: 12 Cybersecurity Myths That Could Put You At Risk [Black Hat USA 2019]
CRN asks 12 executives, sales and technical leaders attending Black Hat 2019 what they see as the top oft-repeated beliefs about cybersecurity that are foolishly accepted as fact. Read More
JSShell takes cross-site scripting to new highs [Black Hat USA 2019]
Akamai’s Daniel Abeles today walked Black Hat attendees through version 2.0 of JSShell – a free-to-install web tool that aims to make XSS-to-RCE exploitation easier than ever. Read More
A new speculative execution processor flaw is addressed with software mitigations. LokiBot gets more persistent, and it adopts steganography for better obfuscation. The cyber-spies of APT41 seem to be doing some moonlighting. An accused criminal who bribed telco workers to unlock phones is in custody. Scammers are exploiting the tragedies in El Paso and Dayton. And a call at Black Hat for the security sector to bring in some safety engineers. Ben Yelin from UMD CHHS on Virginia updating legislation to address Deep Fakes. Guest is James Plouffe from MobileIron on the challenges of authentication and the legacy of passwords. Read More
Windows Quietly Patches Bug That Could Reverse Meltdown, Spectre Fixes for Intel CPUs [Black Hat USA 2019]
The issue hit Intel by far the hardest, but also competitors like AMD and ARM to a lesser degree. Patches have since been issued, but at around the same time researchers for security firm Bitdefender discovered a related issue that threatened to make the patches useless for Windows machines, Tom’s Guide wrote. Bitdefender researchers revealed their findings at the Black Hat security conference in Las Vegas on Tuesday, almost exactly a year to the date after finding it. Read More
Black Hat 2019 keynote: Software teams must own security [Black Hat USA 2019]
In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasized security as a collaborative effort by all software teams that relies on communication, automation and feedback. Read More
Sysdig Injects More AI into Container Security [Black Hat USA 2019]
At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments. Read More
A BOEING CODE LEAK EXPOSES SECURITY FLAWS DEEP IN A 787'S GUTS [Black Hat USA 2019]
At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called electronic flight bag, a collection of navigation documents and manuals used by pilots. Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane's network. An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors. Boeing maintains that other security barriers in the 787's network architecture would make that progression impossible. Read More
Cloud security offers significant benefits if you start right [Black Hat USA 2019]
At Black Hat 2019 in Las Vegas, Enterprise Times talked with Sergio Caltagirone, Vice President, Threat Intelligence at Dragos and John Yeoh, Vice President of Research at the Cloud Security Alliance. With the skills shortage hurting many small to medium businesses (SMB), cloud is being seen, by some sectors, as a panacea to the problem. Read More
Microsoft launches Azure Security Lab [Black Hat USA 2019]
At the ongoing Black Hat USA 2019 conference, Microsoft announced the Azure Security Lab ‚ a sandbox-like environment for security researchers to test Azure security without putting the company's customers at risk. Read More
Major flaw affects latest-generation Intel processors [Black Hat USA 2019]
On the occasion of the Black Hat conference, Bitdefender explained that the vulnerability of these processors is at the level of the speculative execution feature. The latter is to guess the instructions that will potentially be used later to make the processors faster. However, this can leave traces exploitable by hackers and allow them to lead an attack “by auxiliary channel” . Read More
Your security team is probably an infuriating obstacle – but it doesn’t have to be this way [Black Hat USA 2019]
Which is why it was such a glorious breath of fresh air to hear Dino Dai Zovi‘s keynote speech at the Black Hat security conference in Las Vegas this morning. Dai Zovi, staff security engineer at Square, argued that the all-too-common model of security as a team which sits and snipes at the people who actually build things, telling them no and pointing fingers, is in fact fantastically counterproductive.
Read More
Cybersecurity experts from around the world descend on Las Vegas for Black Hat 2019 [Black Hat USA 2019]
Voting machines could be very vulnerable during the 2020 election. Black Hat surveyed cyber-security experts from around the world. They said there's a 60% chance the 2020 presidential election will be hacked. Read More
Chinese government hackers suspected of moonlighting for profit [Black Hat USA 2019]
The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world's most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns. Read More
Censys To Unveil Attack Surface Visibility Platform at Black Hat [Black Hat USA 2019]
LAS VEGAS — Censys, Inc., the leading provider of Internet security data trusted by the likes of Google and The US Department of Homeland Security, today from Black Hat USA 2019, announced the upcoming launch of its enterprise-level attack surface management software platform that provides real-time visibility and actionable insights over entire network attack surfaces. Read More
HAPPY WEDNESDAY and welcome to Morning Cybersecurity! It’s a very report-y edition of MC, what with Black Hat and DEF CON kicking off. Please send your thoughts, feedback and especially tips to tstarks@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below. Read More
Microsoft intros security lab to test Azure vulnerabilities [Black Hat USA 2019]
Announced at the Black Hat USA 2019 conference this week, the Azure Security Lab is a set of dedicated cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers. Read More
Live From Black Hat USA: Four Key Takeaways from Dino Dai Zovi’s Keynote [Black Hat USA 2019]
“Did you know that your 20th Black Hat is when you get to give the keynote at Black Hat?” Dino Dai Zovi, head of security for Cash App at Square, joked to the packed ballroom. While it may have been Dai Zovi’s 20th conference, the topic of his keynote has never been more fitting for where we are in security and the ways in which it mirrors what we experience in our day-to-day life. Read More
Live From Black Hat USA: Communication’s Key Role in Security [Black Hat USA 2019]
The kick-off keynote for the 23rd Black Hat USA Conference in Las Vegas set the stage for the conversations that will undoubtedly be discussed in great detail over the next two days – and likely the next two years – if Black Hat founder Jeff Moss’ opening remarks are indicative of a trend. Moss pointed out that security had been asking for the spotlight, both in legislative and more corporate settings, and the industry has had it for the last two years. Read More
Wi-Fi-spying gizmos may lurk in future parcels [Black Hat USA 2019]
"Think of the volume of boxes moving through a corporate mailroom daily," said Charles Henderson of IBM X-Force Red on Wednesday, just in time for this year's Black Hat USA conference in Las Vegas. "Or consider the packages dropped off on the porch of a CEO's home, sitting within range of their home Wi-Fi. Using warshipping, X-Force Red was able to infiltrate corporate networks undetected." Read More
Vectra: Ransomware attacks are spreading to cloud, datacenter, and enterprise infrastructure [Black Hat USA 2019]
The Vectra 2019 Spotlight Report on Ransomware finds that the most significant ransomware threat — in which hackers steal your data and hold it for ransom — is malicious encryption of shared network files in cloud service providers. San Jose, California-based Vectra released the report ahead of the Black Hat 2019 security conference in Las Vegas this week. Read More
APT41 Is Not Your Usual Chinese Hacker Group [Black Hat USA 2019]
A Chinese hacker group known as APT41 appears to have taken up financial crimes in addition to the usual state-sponsored cyber espionage, FireEye researchers revealed here at Black Hat. Read More
The Cybersecurity 202: Here's how the Justice Department wants to befriend ethical hackers [Black Hat USA 2019]
Bailey acknowledged the conflict. He joked in a 2016 address that when he first met with ethical hackers at the Black Hat cybersecurity conference in 2015 “only half [of the meeting] was being yelled at.” In succeeding years, he says, those conversations have become far less hostile and more productive. Now, he says ethical hackers frequently call him to talk over policy disagreements. Read More
Chinese government hackers suspected of moonlighting for profit [Black Hat USA 2019]
The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world’s most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns. Read More
PSA: Latest Spectre and Meltdown scare only affects Macs running Windows [Black Hat USA 2019]
Security company Bitdefender revealed the issue at the Black Hat security conference yesterday, reports Tom’s Guide. Interestingly, they actually discovered it a year ago, but Intel didn’t initially believe it to be a real-life problem. Read More
New Meltdown and Spectre Security Bugs Affects Macs Running Windows [Black Hat USA 2019]
Tom’s Guide reports security company Bitdefender announced the issue at the Black Hat security conference on Tuesday. Although the flaw was discovered a year ago, Intel didn’t initially believe it to be a real-life issue. Read More
New Intel Flaw Exposes Secrets on Windows Machines: What to Do [Black Hat USA 2019]
Bitdefender disclosed the flaw in conjunction with Microsoft today (Aug. 6) here at the Black Hat security conference, almost one year to the day after Bitdefender's researchers told Intel of the flaw. Read More
Sysdig Injects More AI into Container Security [Black Hat USA 2019]
At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments. At the same time, Sysdig unveiled Falco Rule Builder, a more flexible user interface (UI) for creating runtime security policies, which integrates tightly with Sysdig Secure. Knox Anderson, director of product management for Sysdig, says these extensions will make it easier for organizations to embrace best DevSecOps processes by relying on container monitoring and security tools for Kubernetes environments delivered via a software-as-a-service (SaaS) application, dubbed Sysdig Cloud Native Visibility and Security Platform (VSP). Read More
Apple Hands Hackers Secret iPhones In A Bid To Boost Security [Black Hat USA 2019]
Apple will be giving security researchers special iPhones for better testing of potential weaknesses and vulnerabilities. According to Forbes, Apple is expected to announce the program during the Black Hat security conference which will be held in Las Vegas. Read More
Windows 10 gets silent security patch to deal with SWAPGS vulnerability [Black Hat USA 2019]
As such, Microsoft released a silent patch to address the problem. The update to the Linux kernel was part of last month’s Patch Tuesday, but it wasn’t revealed until recently, at the BlackHat security conference.
Read More
Apple reportedly set to announce iOS, macOS bug bounty programs starting later this month [Black Hat USA 2019]
Apple is also expected to announce plans to offer security researchers iPhone handsets at the Black Hat security conference in Las Vegas later this week. This program is expected to make it easier for Apple to find weaknesses in iOS’ security features. Read More
Apple reportedly set to announce iOS, macOS bug bounty programs starting later this month [Black Hat USA 2019]
Apple is also expected to announce plans to offer security researchers iPhone handsets at the Black Hat security conference in Las Vegas later this week. This program is expected to make it easier for Apple to find weaknesses in iOS’ security features. Read More
The Morning After: Instagram's 'huge booty' issue [Black Hat USA 2019]
Apple plans to offer security researchers special iPhones and finally launch a bug bounty program for Mac, according to a Forbes report. Cupertino will reportedly announce those security measures at the Black Hat security conference in Las Vegas later this week in an effort to strengthen its flawed bug bounty program -- and security. Read More
Microsoft quietly patched a Spectre-style vulnerability in Intel chips that could expose user data [Black Hat USA 2019]
Intel dismissed the initial report of the issue, saying it already knew of the vulnerability and had no plans to fix it, but Bitdefender provided a proof-of-concept attack that showed how it could be exploited and the flaw was disclosed at the Black Hat security conference yesterday. It exploits the SWAPGS kernel-level instruction set, which was introduced with Ivy Bridge processors back in 2012. Read More
SWAPGS Attack is the latest Windows exploit to worry about [Black Hat USA 2019]
The security flaw, which was revealed at the annual Black Hat conference 2019 in Las Vegas, affects every single Windows computer running an Intel CPU dating back to 2012, regardless of which version of Windows is installed. Read More
Black Hat and Defcon look to boost diversity through day care [Black Hat USA 2019]
When Jeff Moss started Defcon in 1993, it was unheard of to bring kids to the hacker conference in Las Vegas. Now, as the conference and its attendees grow up, and more security researchers and hackers are becoming parents, services like day cares and childcare rooms at Black Hat and Defcon are in high demand. Read More
SAMSUNG'S NEW PHONES, A BOEING 787 SOFTWARE FLAW, AND MORE NEWS [Black Hat USA 2019]
At the Black Hat conference, security researchers lifted the curtain on "interaction-less bugs" in Apple's iOS, which would give a hacker access to your phone without you doing anything at all. An attacker could send a specially crafted text message, and even if you don't open it, the iMessage server would send back specific user data, like the content of your SMS messages or images. Read More
HACKERS BEWARE: Black Hat 2019 brings advanced cybersecurity [Black Hat USA 2019]
The annual hacking and security conference is here again.Experts and researchers from all over the world are showcasing cybersecurity and privacy risks at Black Hat 2019. Black Hat USA is in its 23rd year. It's the world's leading information security event. Read More
Black Hat: Everyone Has a Part to Play in Cybersecurity [Black Hat USA 2019]
That was the message conveyed Wednesday by keynoter Dino Dai Zovi, Square’s mobile security lead, at this week’s Black Hat USA 2019 conference in Las Vegas. In its 23rd year, the conference has drawn a record 19,000-plus attendees. Read More
Black Hat and Defcon look to boost diversity through day care [Black Hat USA 2019]
When Jeff Moss started Defcon in 1993, it was unheard of to bring kids to the hacker conference in Las Vegas. Now, as the conference and its attendees grow up, and more security researchers and hackers are becoming parents, services like day cares and childcare rooms at Black Hat and Defcon are in high demand. Read More
Kiuwan’s application security testing platform helps teams realize DevSecOps goals [Black Hat USA 2019]
Kiuwan, a provider of application security testing tools, announced the availability of free software vulnerability scan trials for the US market, with live demonstrations at Black Hat USA 2019. Read More
SWAPGS Speculative Execution Vulnerability for Intel CPUs Disclosed, Microsoft Releases Windows 10 Patch [Black Hat USA 2019]
Security vendor Bitdefender has disclosed details of a new speculative execution security vulnerability in Intel CPUs dating back to 2012, which could be used to steal sensitive information including passwords from a computer. The newly discovered issue, named SWAPGS, could also negate all the patches so far released for the infamous Spectre and Meltdown flaws. According to Bitdefender, the issue was first discovered over a year ago, and the company has been working with Intel and other ecosystem stakeholders in order to minimise its impact. Public disclosure was withheld till just now, at the ongoing Black Hat security conference, where Bitdefender has released a detailed whitepaper on its research. Read More
New ‘warshipping’ technique gives hackers access to enterprise offices [Black Hat USA 2019]
At Black Hat USA in Las Vegas, Nevada, IBM researchers said that warshipping is made possible through the proliferation of e-commerce deliveries, now an everyday occurrence which has slowly replaced visits to traditional brick-and-mortar stores. Read More
Microsoft intros security lab to test Azure vulnerabilities [Black Hat USA 2019]
Announced at the Black Hat USA 2019 conference this week, the Azure Security Lab is a set of dedicated cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers. Read More
How Europe's GDPR Privacy Rules Help Identity Thieves [Black Hat USA 2019]
The truth is, though, that "many organizations fail to employ adequate safeguards against Right of Access abuse and thus risk exposing sensitive information to unauthorized third parties," as Knerr and Pavur wrote in a white paper released in conjunction with Pavur's Black Hat presentation. Read More
Android Alert: Users Urged To Patch Critical Flaw In Recent Qualcomm Chips, Millions At Risk [Black Hat USA 2019]
More critical security vulnerabilities are being unveiled at the Black Hat USA 2019 conference which is now in full swing in Las Vegas, Nevada, and this time it’s coming from Tencent’s Blade Team. Read More
New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits [Black Hat USA 2019]
The vulnerability was discovered by researchers at Bitdefender as they researched CPU architectures. They've chosen to reveal what they found in a session at Black Hat USA after working with Intel, Microsoft and others to ensure an update was released to fix the bug as part of Patch Tuesday. Read More
Mimecast introduced community based tailored threat intelligence tool at Black Hat 2019 [Black Hat USA 2019]
Yesterday, at Black Hat 2019, Mimecast Limited, a leading email and data security company, introduced Mimecast Threat Intelligence which offers a deeper understanding of the cyber threats faced by organizations. Read More
QualPwn is a new exploit for Qualcomm Snapdragon chips, here's what you need to know [Black Hat USA 2019]
This makes finding these bugs and vulnerabilities an industry in its own right. At DEFCON 27 and Black Hat 2019, huge venues where exploits are made public and demonstrated (and hopefully, patched), a vulnerability in Qualcomm chips has been announced by the Tencent Blade Team that would allow an attacker to gain access through the kernel and potentially get into your phone and cause harm. The good news is that it was responsibly announced and Qualcomm worked with Google to fix the issue with the August 2019 Android Security Bulletin. Read More
Dell’s Secureworks Releases SaaS-Based Red Cloak TDR with Managed Services Option [Black Hat USA 2019]
BLACK HAT USA — Secureworks is using this week’s Black Hat USA 2019 conference in Las Vegas to release its new Red Cloak Threat Detection and Response (TDR), the company’s first of a planned suite of SaaS-based software offerings announced earlier this year. Read More
Black Hat Briefings: Assessing the impact of last year’s pioneering security research [Black Hat USA 2019]
On the eve of the Black Hat 2019 Briefings sessions, The Daily Swig takes a closer look at the real-world impact of the security research that’s showcased in the desert each year Read More
Microsoft waves $300,000 at hackers, says ‘do your worst’ to Azure Security Lab [Black Hat USA 2019]
The company chose the Black Hat Conference in Las Vegas to announce it was “inviting a select group of talented individuals to come and do their worst to emulate criminal hackers in a customer-safe cloud environment called the Azure Security Lab.” Read More
Microsoft provides tools to find holes in Azure [Black Hat USA 2019]
Addressing the assembed throngs at the Black Hat conference, Kymberlee Price, Microsoft’s security community manager said that Azure Security Lab is a set of dedicated cloud hosts isolated from Azure customers so security researchers can test attacks against cloud scenarios. The isolation means researchers can not only research vulnerabilities in Azure, they can attempt to exploit them. Read More
The Cybersecurity 202: The government's relationship with ethical hackers has improved, security experts say [Black Hat USA 2019]
The relationship between ethical hackers and the federal government is better now than it was in 2013, when then-National Security Agency chief Keith Alexander first spoke at the Black Hat cybersecurity conference — not long after Edward Snowden revealed the government's sweeping surveillance programs. Read More
Apple may soon hand special iPhones to security researchers [Black Hat USA 2019]
Apple will start providing security researchers special iPhones and will finally launch a bug bounty program for Mac, according to Forbes. Cupertino will reportedly announce those security measures at the Black Hat security conference in Las Vegas later this week in an effort to strengthen its flawed bug bounty program. Read More
Apple To Provide "Pre-Jailbroken" iPhones To Researchers As Part Of A Reward Program: Report [Black Hat USA 2019]
According to a report by Forbes, Apple will be announcing the new program at the ongoing Black Hat security conference in Las Vegas which runs in till Thursday, August 8. Read More
Apple might give hackers special iPhones to plug security problems [Black Hat USA 2019]
According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS. Read More
12 Big New Network And Endpoint Security Tools From The Black Hat 2019 Conference [Black Hat USA 2019]
Vendots attending the Black Hat 2019 conference have placed big bets around network and endpoint security, debuting offerings that turn network assets into security devices, redirect attempted endpoint access into deception environments, and use machine-learning algorithms on network flows and packet data. Read More
Microsoft, Apple Level Up Bounties [Black Hat USA 2019]
An announcement at Black Hat 2019 this week would mark the third anniversary of Apple's original bug bounty program, in which it promised to pay up to $200,000 for the best reported security flaws. Read More
GSA Reflects on Years of Lessons Learned for Cloud Security [Black Hat USA 2019]
Senior Security Architect for the General Services Administration’s (GSA’s) Technology Transformation Services (TTS) and Centers of Excellence (CoE) Dan Jacobs wants agencies and industry alike to heed the lessons GSA has learned from experience and the Black Hat conference over the past 16 years when it comes to securely implementing cloud. Read More
Apple will provide jailbroken iPhones to researchers investigating iOS security [Black Hat USA 2019]
Additionally, Apple wants to open a Mac bug bounty program that will also offer financial incentives to researchers who find vulnerabilities and alert Apple. It’s unclear when the Mac bug bounty program will be announced. Apple might reveal more details on Thursday when Apple’s head of security and engineering Ivan Krstić will deliver a Black Hat talk titled Behind the Scenes of iOS and Mac Security Read More
Armis Finds 11 Zero-Day Vulnerabilities, Exposing 200 Million Critical Devices using VxWorks [Black Hat USA 2019]
Ben Seri and Dor Zusman, security researcher at Armis will present the exploration of the URGENT/11 vulnerabilities at Black Hat 2019 in Las Vegas on Thursday, August 8, 2019. The talk will also include a demonstration of real-world end-to-end attacks on VxWorks-based devices including a firewall and printer. Read More
I’m at Black Hat 2019 for the next couple days: Here’s what I hope to learn [Black Hat USA 2019]
I’m off at Black Hat 2019 through Thursday evening. This is the first time BrianMadden.com has attended this conference, so despite being stuck in Las Vegas for more time than I’d ever like, I’m excited! Read More
Microsoft Asks Researchers To “Do Their Worst,” Doubles Azure Bounty To $40,000 [Black Hat USA 2019]
At the ongoing Black Hat USA 2019 conference, Microsoft announced the Azure Security Lab ‚ a sandbox-like environment for security researchers to test Azure security without putting the company’s customers at risk. Read More
‘Rock Star’ Hackers Will Get Special iPhones from Apple to Help Boost Security [Black Hat USA 2019]
A new report in Forbes reveals that Apple is planning to announce a new program at this week’s Black Hat security conference in Las Vegas where it will give select security researchers special “pre-jailbroken” iPhones to make it easier for them to find weaknesses in the iPhone hardware and iOS operating system Read More
Apple might give hackers special iPhones to plug security problems [Black Hat USA 2019]
According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS. Read More
Microsoft launches Azure Security Lab for greater cloud protection [Black Hat USA 2019]
At this year's Black Hat USA security conference, the company unveiled its new Azure Security Lab which is made up of a set of dedicated cloud hosts that security professionals invited by the software giant will be able to use to test for vulnerabilities and exploits in Azure. Read More
Apple Bug Bounty Program Coming This Month [Black Hat USA 2019]
The iPhones will be given to the rock star hackers that participate in the Cupertino company’s invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference. What makes these iPhones special? One source with knowledge of the Apple announcement said they would essentially be “dev devices.” Think of them as iPhones that allow the user to do a lot more than they could on a traditionally locked-down iPhone. For instance, it should be possible to probe pieces of the Apple operating system that aren’t easily accessible on a commercial iPhone. In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities. This would allow them to see what happens at the code level when they attempt an attack on iOS code. Read More
LogicHub SOAR Gains Autonomous Detection and Response [Black Hat USA 2019]
SOAR+ with autonomous detection and response is now available, and LogicHub will showcase the updated platform at the Black Hat USA 2019 conference in Las Vegas, Nevada. Read More
Microsoft dangles USD$300k in updated Azure cloud bug bounty [Black Hat USA 2019]
Microsoft unveiled Azure Security Lab at the Black Hat USA conference in Las Vegas on Monday, where it also told security researchers it was doubling the top bounty for Azure bugs to $40,000. But the program, which is open to eligible applicants only, also offers hackers “scenario-based challenges” that max out at $300,000. Read More
A secure wireless environment for Light Communication [Black Hat USA 2019]
Speaking ahead of DEF CON 27, a hacker convention that takes place immediately after Black Hat USA 2019, Dr Dauphinee highlighted the potential that VLC has for environments where there is sensitive information that could be the target of a cyberattack. These environments include financial institutions, government buildings, critical businesses and military bases. Read More
Stellar Cyber Unveils Starlight™ 3.3; Offers AI-Based Dynamic Phishing Detection and Automated Event Correlation [Black Hat USA 2019]
Black Hat USA 2019 — Security analytics provider Stellar Cyber recently unveiled Starlight™ 3.3, which is the first Unified Security Analytics Platform having two industry-first capabilities: Read More
Microsoft offers $300k bounty for those who can hack Azure Security Lab [Black Hat USA 2019]
In a process to find and locate bugs and vulnerabilities in its Azure cloud platform, Microsoft announced in public at the Black Hat USA 2019 that the tech giant will reward $300,000 to researchers who successfully attack and launch test exploits for the platform. Read More
Russian hackers are targeting corporate VoIP phones and IoT devices [Black Hat USA 2019]
Security research presented at the Black Hat, Microsoft said that in April, Russian hackers compromised VoIP phones, office printers, and video decoders across multiple corporations. “In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords, and in the third instance the latest security update had not been applied to the device,” Microsoft said in a blog post. Read More
Vulnerability in Snapdragon chips, ‘QualPwn,’ fixed with August security patch [Black Hat USA 2019]
If you’re interested in seeing a full demonstration of QualPwn in action, Tencent Blade will be presenting it at Black Hat USA 2019 on Thursday Read More
Sysdig Injects More AI into Container Security [Black Hat USA 2019]
At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments. Read More
Millions of Android Smarphones Vulnerable to Trio of Qualcomm Bugs [Black Hat USA 2019]
The QualPwn vulnerabilities will be discussed by Tencent’s Blade Team researchers at BlackHat USA 2019 and DEFCON 27 later this week, according to researchers. Researchers declined to share vulnerability specifics until, as they put it: “we’re informed that the flaws are fixed and consumers have time to install security updates on their devices.” Read More
Spies piggyback on IoT insecurity to hack into corporate networks [Black Hat USA 2019]
Microsoft has published at outline of the attack and indicators of compromise ahead of a talk on the topic by Microsoft Eric Doerr at Black Hat USA on Thursday (8 August). Read More
Microsoft Confirms It Has Paid $4.4M To Hackers [Black Hat USA 2019]
Microsoft has announced, at the start of the Black Hat 2019 hacking and security event in Las Vegas, that it has paid $4.4 million (£3.6 million) to hackers over the past 12 months. What's more, it has issued a new challenge for confident and aggressive hackers to come and have a go if they think they're hard enough. Read More
Cybereason Raises $200 Million Led By SoftBank Group Ahead Of IPO [Black Hat USA 2019]
Cybereason, a cloud-based cybersecurity company and Forbes 2019 Next Billion-Dollar Startups honoree announced Tuesday $200 million in new funding. Led by SoftBank Group, the Series E round boosts the company’s valuation to $900 million, with $389 million in total equity. The fresh influx provides padding as Cybereason prepares for an initial public offering, the timing of which depends on market conditions., CEO and cofounder Lior Div told Forbes. In the meantime, Cybereason aims to expand its already global reach, the details of which will be announced this week at Black Hat, the annual infosec conference in Las Vegas. Read More
Black Hat conference gets underway / Which? publishes Facebook fake review findings / Disney announces Q3 results with streaming in its sights [Black Hat USA 2019]
Following a weekend of technical sessions, the main Black Hat 2019 conference will get underway today, providing attendees with insight into the latest developments and trends in information security. Read More
It's 2019 – and you can completely pwn a Qualcomm-powered Android over the air [Black Hat USA 2019]
Black Hat It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices. Read More
I’m at Black Hat 2019 for the next couple days: Here’s what I hope to learn [Black Hat USA 2019]
Meanwhile, Black Hat looks to offer slightly more technical sessions that might help grow my knowledge about security and the vulnerabilities in the wild. Read More
How to prepare for the world's largest hacker fest [Black Hat USA 2019]
One of the largest gatherings of hackers is happening in Las Vegas in August, with Black Hat and Defcon are set to start this week. The back-to-back cybersecurity conferences are often referred to as "Hacker Summer Camp," which raises questions about how to keep yourself safe when you're surrounded by hackers. Read More
12 Cool New Threat Detection And Response Products Unveiled At Black Hat 2019 [Black Hat USA 2019]
Here's a look at 12 products released around Black Hat 2019 that make it easier for customers and partners to locate and prioritize advanced threats and respond to security incidents in an automated fashion. Read More
20 Hot New Cybersecurity Products Unleashed At Black Hat Las Vegas 2019 [Black Hat USA 2019]
From inspecting encrypted traffic in real time to using machine learning to build profiles of containers to ranking security gaps by their potential business impact, here's a look at 20 hot cybersecurity products unleashed at Black Hat this year. Read More
Hacker-Friendly iPhones and Mac Bug Bounty Program [Black Hat USA 2019]
Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It’ll also be announcing an Apple Mac bounty, so anyone who can find security issues in macOS will get rewarded, sources claimed. Read More
Microsoft is doubling down on Azure security [Black Hat USA 2019]
At Black Hat conference in Las Vegas, Microsoft today announced that it is doubling down on Azure security. First, Microsoft is encouraging more security researchers to exploit Azure by doubling the top bounty reward for Azure vulnerabilities to $40,000. Second, Microsoft is making it easier for security researchers to aggressively test Azure in a closed environment. Microsoft is inviting a select group of security individuals to emulate criminal hackers in a cloud environment called the Azure Security Lab. Read More
Report: Apple to provide ‘pre-jailbroken’ iPhones to researchers, launch macOS bug bounty program [Black Hat USA 2019]
Apple is reportedly set to provide security researchers with unique iPhone models that would allow them to more easily find weaknesses in iOS. Forbes reports that Apple will make this announcement at the Black Hat security conference later this week. Read More
Black Hat 2019 On Your Mark, Get Set, Go [Black Hat USA 2019]
It’s that time. The Black Hat Conference is taking place in Las Vegas this week and tens of thousands of people will fill the space in and around the Mandalay Bay hotel to gain insight on emerging attack trends and techniques—and how to effectively defend against those exploits. Read More
Devo Technology defines vision for next-gen cloud SIEM [Black Hat USA 2019]
According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS. Read More
Apple Is Giving Out Hacker-Friendly iPhones, Plots Mac Bug Bounty — Sources [Black Hat USA 2019]
From a cybersecurity perspective, it appears so. Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It'll also be announcing an Apple Mac bounty, so anyone who can find security issues in macOS will get rewarded, sources claimed. Apple declined to comment. Read More
Microsoft launches new Azure Security Lab, offering up to $300K to anyone who can hack its public cloud [Black Hat USA 2019]
Microsoft Corp. announced today at the Black Hat USA Conference in Las Vegas the creation of a new Azure Security Lab that it believes will bolster the security of its public cloud service. Read More
QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air [Black Hat USA 2019]
Tencent's Blade researchers are scheduled to present the technical details for the QualPwn bugs and exploiting them on Thursday, at the Black Hat security conference. They have already published a brief advisory about the two vulnerabilities. Read More
Microsoft Warns Russian Hackers Can Breach Secure Networks Through Simple IoT Devices [Black Hat USA 2019]
Just ahead of Black Hat 2019, Microsoft has reported that in April its Threat Intelligence Center discovered a targeted attack against IoT devices—a VOIP phone, a printer and a video decoder. The attack hit multiple locations, using the devices as soft access points into wider corporate networks. Two of the three devices still carried factory security settings, the software on the third hadn't been updated. Read More
HomeGrid Forum Promotes Light Communication for Secure Wireless [Black Hat USA 2019]
The Visible Light Communication (VLC) industry is growing at a rapid rate, and is set to exceed ten billion devices by 2023, according to HomeGrid Forum President Dr. Len Dauphinee. Speaking ahead of DEF CON 27, a hacker convention that takes place immediately after Black Hat USA 2019, Dr Dauphinee highlighted the potential that VLC has for environments where there is sensitive information that could be the target of a cyberattack. Read More
11 Top Cybersecurity Trends To Watch For At Black Hat 2019 [Black Hat USA 2019]
Black Hat has grown over the past 22 years into the premier stage for cybersecurity professionals to share cutting-edge research and insights though demos, technical trainings and hands-on labs. Read More
What to expect at Black Hat USA 2019 [Black Hat USA 2019]
Black Hat USA 2019 kicks off this week! We’re incredibly excited for another week of impactful sessions, to hear from industry thought leaders, and even to unwind with other infosec professionals. On the heels of exciting announcements, including a significant Series B funding round and key additions to the leadership team, Swimlane will once again be your headquarters for security orchestration, automation and response (SOAR). Here’s some of what you can expect from this year’s conference: Read More
LAPD loses job applicant details, Project Zero pokes holes in iOS, AWS S3 whack-a-mole continues, and more [Black Hat USA 2019]
Also, look out this week for our Black Hat, DEF CON, and Bsides Las Vegas coverage: our vultures out in the Nevada desert will produce a string of articles from the hacking conferences. Read More
Data Breach Alert: Over 1 Million Credit Card Data From The U.S., South Korea Have Been Leaked [Black Hat USA 2019]
There’s not a day that goes by anymore without yet another major data leak uncovered and with the Black Hat conference—sort of a boot camp for hackers—kicking off in Las Vegas this week, we might hear more of them in the coming days. Read More
Data Breach Alert: Over 1 Million Credit Card Data From The U.S., South Korea Have Been Leaked [Black Hat USA 2019]
There’s not a day that goes by anymore without yet another major data leak uncovered and with the Black Hat conference—sort of a boot camp for hackers—kicking off in Las Vegas this week, we might hear more of them in the coming days. Read More
MITRE's ATT&CK Prioritizes Cyber Defenses [Black Hat USA 2019]
On Wednesday, August 7, at 2:40pm, Black Hat USA 2019, Nichols and Ryan Kovar, Principal Security Strategist at Splunk, will present MITRE ATT&CK: The Play at Home Edition. Read More
Newsletter: Cal Inc.: It’s not about the Equifax settlement cash. It’s about sending a message [Black Hat USA 2019]
The Black Hat USA conference, now in its 22nd year, brings the world’s top hackers and information security experts to Las Vegas. Be on the lookout for some scary headlines on Wednesday and Thursday as researchers reveal the latest vulnerabilities they’ve uncovered. Read More
Microsoft Lab Offers $300K For Working Azure Exploits [Black Hat USA 2019]
Las Vegas – In an attempt to sniff out bugs in its Azure cloud platform, Microsoft announced at Black Hat USA 2019 on Monday that it will offer rewards of up to $300,000 for researchers who launch successful test exploits for the platform. Read More
Microsoft launches Azure Security Lab, doubles top bug bounty to $40,000 [Black Hat USA 2019]
At Black Hat 2019 today, Microsoft announced the Azure Security Lab, a sandbox-like environment for security researchers to test its cloud security. The company also doubled the top Azure bug bounty to $40,000. Read More
Microsoft launches Azure Security Lab, expands bug bounty rewards [Black Hat USA 2019]
At the Black Hat USA conference in Las Vegas, Nevada on Monday, Microsoft said the new Azure Security Lab, a set of dedicated cloud hosts, will be made available to security professionals invited by the Redmond giant to "confidently and aggressively test Azure." Read More
ELECTION SURVEY: Tracking the move to paper-based voting machines [Black Hat USA 2019]
It’s Black Hat and DEF CON time, and late last week brought some news about the events. At Black Hat, the Pwnie Award nominations are out. Notable nominees for the sometimes-cheeky cyber awards include the NSA for “most innovative research” and “most epic achievement” due to its reverse engineering tool Ghidra, to the consternation of some hacker types who don’t have much admiration for the spy agency. Read More
Looking for answers at Black Hat 2019: 5 important cybersecurity issues [Black Hat USA 2019]
As Black Hat 2019 begins, the cybersecurity topics top of mind include network security platforms, threat detection/response services, new cloud security strategies, and clarification around security analytics. Read More
Week in review: Capital One breach, Visa payment limit bypass flaw, VxWorks RTOS vulnerabilities [Black Hat USA 2019]
Black Hat USA 2019 is just around the corner! Selecting which sessions to attend from among the conference’s jam-packed catalog of training sessions, panels and briefings can be a daunting task without a clear strategy. In the run-up to every conference, we compile a list of the most engaging content and identify the most compelling cybersecurity trends highlighted in the agenda. Read More
5G IS HERE—AND STILL VULNERABLE TO STINGRAY SURVEILLANCE [Black Hat USA 2019]
At the Black Hat security conference in Las Vegas next week, a group of network communication security researchers will present findings on flaws in the 5G protections meant to thwart the surveillance devices known as stingrays. Read More
CloudKnox Security adds privileged access features to platform [Black Hat USA 2019]
The company will demonstrate the new features at Black Hat USA in Las Vegas this year for the first time. CloudKnox's update to its Cloud Security Platform follows competitor CyberArk's recent updates to its own privileged access management offering, including zero-trust access, full visibility and control of privileged activities for customers, biometric authentication and just-in-time provisioning. Read More
Black Hat USA 2019 Cybersecurity Conference: Live Blog [Black Hat USA 2019]
The Black Hat USA 2019 cybersecurity conference will attract thousands of IT professionals, researchers, MSPs and MSSPs. Track this live blog from MSSP Alert for the latest news, analysis and chatter throughout the conference. Read More
How offense and defense came together to plug a hole in a popular Microsoft program [Black Hat USA 2019]
ne RDS discovery in particular prompted close, behind-the-scenes cooperation between Microsoft and an outside researcher. They will share what they learned about detection and remediation next week at the Black Hat conference in Las Vegas. Read More
Black Hat 2019 Braving the Heat and Chaos in Search of Peace of Mind [Black Hat USA 2019]
Black Hat 2019 is taking place next week in Las Vegas. A biblical swarm of grasshoppers large enough to be seen on radar has invaded the city and temperatures outside in the scorching sun will approach 110 degrees, but that won’t stop tens of thousands of IT and cybersecurity professionals from making the trek to learn about emerging attack techniques and trends and find out what vendors have to offer to help guard against a growing and shifting threat landscape. Read More
Black Hat: A Summer Break from the Mundane and Controllable [Black Hat USA 2019]
Next week, security practitioners from across the globe will make their summer pilgrimage to Las Vegas for Black Hat, DEF CON, and other security gatherings. As in years past, there will be no shortage of surprises Read More
7 must-see talks at Black Hat and DEF CON 2019 [Black Hat USA 2019]
Infosec is political. It's about power — who has it, who doesn't, and how it will be used. Some geeks like to pretend otherwise, but that will be harder this year during hacker summer camp in Las Vegas, as politicians and policymakers join hackers to merge tech and policy in some much-anticipated talks. Read More
Chats On The Road To Hacker Summer Camp 2019 | Black Hat — CyberInsurance Micro Summit | A Conversation With Jeffrey Smith [Black Hat USA 2019]
The newly-formed cyber insurance micro summit is being chaired by Jeremiah Grossman and is taking place on Wednesday, August 7th, during Black Hat. So, if you want to learn more about cyber insurance from a group of people that know this space like the back of their hands, you’ll have to join Jeffrey and the rest of the micro summit team for their half-day session. Details for the three talks are below. Read More
Writing the Book on Hacking Web Applications [Black Hat USA 2019]
Even before this week's announcement of the Capital One breach, application security/secure DevOps has been heating up. The topic is important enough to make the keynote at the Black Hat Briefings next week. Respected researcher Dino Dai Zovi, security engineer at Square, titled his keynote "Every Security Team Is a Software Team Now." Read More
Every security team is a software team now: Why you should attend the Black Hat keynote [Black Hat USA 2019]
Building and facilitating a culture with continuous collaboration between engineers and security forces is becoming the new philosophy in security, which is why I am stoked for this year’s Black Hat USA keynote speaker: Dino Dai Zovi, staff security engineer at Square. Read More
Top 5 Black Hat 2019 Sessions Not to Miss. Plus: Bonus Travel Tips to Hacker Cons [Black Hat USA 2019]
The Black Hat USA 2019 conference is about to start. Over 17,000 security professionals will come from all around the world to Las Vegas, USA. They will learn, share, educate and disclose security research on the latest cyber-threats and attacks, vulnerabilities, and techniques used to bypass security used by most governments and organizations globally. Read More
Despite bizarre reports of a grasshopper infestation, Black Hat USA 2019 and DEF CON are set to kick off next week in Las Vegas, bringing on a wave of sessions, keynotes and security-themed villages. Read More
8 Free Tools to Be Showcased at Black Hat and DEF CON [Black Hat USA 2019]
The security research community is getting ready to not only drop a lot of knowledge on their colleagues in the coming weeks, but also a boatload of new and evolving tools. Black Hat and DEF CON presenters always give out the best party favors in the form of hacking frameworks, open source software, hardware design plans, and other free goodies targeted at all different stripes of security practitioners. Read More
DHS ‘blew up’ its hiring system for cybersecurity talent [Black Hat USA 2019]
“We’re going to have the ability to go to Black Hat and some of the different conferences and be able to recruit directly and make job offers directly to those folks out of those different technical conferences and things like that,” she told the Regulatory Affairs and Federal Management Subcommittee. Read More
Black Hat Q&A: Cracking Apple's T2 Security Chip [Black Hat USA 2019]
Duo Labs' Mikhail Davidow and Jeremy Erickson speak about their research on the Apple's T2 security chip, and why they're sharing it at Black Hat USA. Read More
Google reveals fistful of flaws in Apple's iMessage app [Black Hat USA 2019]
One of the two Google researchers involved - Natalie Silvanovich - intends to share more details of her findings at a presentation at the Black Hat conference in Las Vegas next month. Read More
Google researchers discovered serious iOS security flaws [Black Hat USA 2019]
Six critical security vulnerabilities that were patched in the iOS 12.4 update released earlier this month were originally discovered by security researchers at Google. Natalie Silvanovich and Samuel Groß, two members of Google's Project Zero bug-hunting team, alerted Apple to the issues. Silvanovich will be laying out the details on several of the bugs and provide a demonstration of exploits in action at the Black Hat security conference set to be held in Las Vegas next week. Read More
Confluera Secures $9 Million Series A To Map Attacks In Real-Time [Black Hat USA 2019]
Confluera will make its debut at Black Hat, the annual security conference in Las Vegas, in August. Until then, to scale initial outreach, Confluera has been meeting with companies’ IT and cybersecurity teams to solve specific use cases. Read More
Google researchers discover six iPhone vulnerabilities, one unpatched [Black Hat USA 2019]
All of the vulnerabilities are “interaction-less,” meaning they can be run without any interaction from a user and can be exploited via SMS, MMS, Visual Voicemail, iMessage and Mail, according to an abstract of a presentation the researchers will give at Black Hat 2019 that will reveal details of the exploits. Read More
Apple has yet to fix a mysterious iMessage bug spotted by Google researchers [Black Hat USA 2019]
Next week in Las Vegas at the Black Hat security conference, Google Project Zero researcher Natalie Silvanovich is set to give a presentation about interactionless iPhone vulnerabilities that can run without the victim taking any action at all. The talk will come on the heels of Silvanovich and a Google Project Zero colleague, Samuel Groß, discovering half a dozen iOS vulnerabilities that can be exploited via iMessage — although five of those flaws, according to ZDNet, were fixed with last week’s iOS 12.4 update. Read More
Confluera snags $9M Series A to help stop cyberattacks in real time [Black Hat USA 2019]
It’s early days for Confluera, as it has 19 employees and three customers using the platform so far. For starters, it will be officially launching next week at Black Hat. After that, it has to continue building out the product and prove that it can work as described to stop the types of attacks we see on a regular basis. Read More
Managed Security Services Provider (MSSP) News: 30 July 2019 [Black Hat USA 2019]
Spirent Communications during the Black Hat USA 2019 conference will demonstrate several new capabilities in its CyberFlood Data Breach Assessment solution and preview new use cases for security assessment in 5G networks. Read More
Google researchers find six major security vulnerabilities in Apple’s iOS [Black Hat USA 2019]
During her presentation at the Black Hat security conference, Silvanovich will discuss “the remote, interaction-less attack surface of iOS” and the “potential for vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Mail.” She will also play out two examples of vulnerabilities discovered. Read More
Security trends to follow at Black Hat USA 2019 [Black Hat USA 2019]
Black Hat USA 2019 is just around the corner! Selecting which sessions to attend from among the conference’s jam-packed catalog of training sessions, panels and briefings can be a daunting task without a clear strategy. In the run-up to every conference, we compile a list of the most engaging content and identify the most compelling cybersecurity trends highlighted in the agenda. Read More
AN OPERATING SYSTEM BUG EXPOSES 200 MILLION CRITICAL DEVICES [Black Hat USA 2019]
VxWorks developer Wind River is in the process of distributing patches for the bugs. But the Armis researchers, who first disclosed their findings to Wind River in March, say that the patching process will be long and difficult, as is often the case with IoT and critical infrastructure updates. The researchers will present their findings at the Black Hat security conference in Las Vegas next week. Read More
Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices [Black Hat USA 2019]
It's this work that has resulted in the discovery of the Urgent11 vulnerabilities impacting VxWorks, which Armis researchers have made public today, and will detail in greater depth in a presentation at the Black Hat security conference next week, on August 8, in Las Vegas. Read More
Critical VxWorks flaws expose millions of devices to hacking [Black Hat USA 2019]
The researchers plan to demonstrate three real-world attack scenarios against a SonicWall firewall, a Xerox printer and a patient monitor at the upcoming Black Hat USA security conference. Read More
200 million enterprise, industrial, and medical devices affected by RCE flaws in VxWorks RTOS [Black Hat USA 2019]
Ben Seri and Dor Zusman will present the vulnerabilities at Black Hat USA 2019 and will demonstrate real-world end-to-end attacks on three VxWorks-based devices: a SonicWall firewall, a Xerox printer and a patient monitor. Read More
Over 200M devices affected by critical flaws found in real-time operating system [Black Hat USA 2019]
Collectively referred to as URGENT/11, the flaws were originally discovered by researchers at Armis, who publicly detailed their findings today in an online vulnerability summary, as well as a technical paper authored by Armis team members Ben Seri, Gregory Vishnepolsky and Dor Zusman. Seri and Zusman will also present their findings next week at the Black Hat conference in Las Vegas. Read More
Critical 'Update Now' Warning Issued For VxWorks OS Inside 2 Billion IoT Devices [Black Hat USA 2019]
Armis will present its URGENT/11 at Black Hat 2019 in Las Vegas next month. The company's researchers will also demonstrate three end-to-end attacks on a SonicWall firewall, a Xerox printer and a patient monitor. Read More
Critical Industries at Risk from Eleven Zero-day Flaws in Real Time Operating System [Black Hat USA 2019]
Armis researchers will demonstrate exploitation of these vulnerabilities at Black Hat 2019. The demonstrations will involve real-world end-to-end attacks on three VxWorks-based devices: a SonicWall firewall, a Xerox printer and a patient monitor. Armis believes that there are more than 200 million vulnerable mission-critical devices around the world. Read More
Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices [Black Hat USA 2019]
Seri and fellow researcher For Zusman will present their findings in Critical Zero Days Remotely Compromise the Most Popular Real-Time OS, on Thursday, August 8, at Black Hat USA. Read More
US files lawsuit against Bitcoin exchange that helped launder ransomware profits [Black Hat USA 2019]
A day later after the BTC-e shutdown, a team of academics that also included Google staffers presented research at the Black Hat USA 2017 security conference, revealing that 95% of all ransomware ransom payments that had been made up until that point had been cashed out and converted into fiat currency through Vinnik's BTC-e portal. Read More
The World’s First Vulnerable Blockchain Will Debut at Black Hat Conference [Black Hat USA 2019]
Researchers plan to launch the intentionally vulnerable blockchain in hopes of drawing attention to the flaws of the open-sourced public ledgers. The blockchain, designed by Kudelski Security, will debut at the Black Hat conference next month. Read More
Black Hat Q&A: Inside the Black Hat NOC [Black Hat USA 2019]
When you sign up to attend Black Hat USA in Las Vegas next month, make sure to leave time in your busy schedule to check out the Black Hat Network Operations Center (NOC), the heart of the Black Hat network. Read More
How Secure is Your Virtual Private Network? [Black Hat USA 2019]
Orange Tsai and Meh Chang, researchers with Devcore, previewed their findings for Zak Whittaker of Tech Crunch ahead of their presentation at the upcoming Black Hat conference in Las Vegas. According to Tsai and Chang, three enterprise VPN providers (Palo Alto Networks, Pulse Secure, and Fortinet) have flaws in their products that “are ‘easy’ to remotely exploit.” Read More
Black Hat 2019: 2020 Election Fraud Worries Attendees [Black Hat USA 2019]
Security professionals tend to be natural cynics. But as thousands prepare to head to Las Vegas early next month for the annual Black Hat conference, the attitude among them seems downright dark. Data from Black Hat’s fifth attendee survey of more than 300 information security professionals uncovered massive concern over the security of the 2020 U.S. presidential election – and most think the picture is bleak. Read More
Managed security services will take center stage at Black Hat [Black Hat USA 2019]
In my humble opinion, RSA is an industry event, while Black Hat is more of a cybersecurity professional gathering. The focus is on cyber-adversary tactics, techniques, and procedures (TTPs); threat intelligence; and defensive playbooks. Rather than hosting lavish cocktail parties, vendors who participate in Black Hat must roll up their sleeves and demonstrate their technology acumen to gain street cred with this crowd. Read More
VPN providers address vulnerability findings by researchers [Black Hat USA 2019]
Pulse Secure said they released a patch in April, according to Computing. TechRadar said that Fortinet updated its firmware to address the vulnerability. You can expect to hear more from them on August 7, where their work is scheduled as a briefing at Black Hat. Read More
11 top DEF CON and Black Hat talks of all time [Black Hat USA 2019]
Since 1997, the Black Hat and DEF CON events have gained a reputation for presenting some of the most cutting-edge research in information security. Read More
Black Hat 2019: Best sessions for SecOps [Black Hat USA 2019]
Yet again, it’s that time of year when the InfoSec community swarms to Las Vegas. It’s the 22nd annual Black Hat USA Conference. Anyone with a thirs for all things cybersecurity is guaranteed six full days of training courses, demos, breifings, and of course, plenty of opportunities for social networking. Read More
Researchers to launch intentionally ‘vulnerable’ blockchain at Black Hat [Black Hat USA 2019]
Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm Kudelski Security next week plans to launch the industry’s first "purposefully vulnerable" blockchain – and will demo it at next month's Black Hat conference. Read More
VPN flaw enables hackers to easily infiltrate corporate networks [Black Hat USA 2019]
"A few SSL VPN vendors dominate the market. Therefore, if we find any vulnerability on these vendors, the impact is huge," Tsai told TechCrunch, ahead of a presentation at the Black Hat USA event in August. Read More
5 IoT Security Conferences You Don’t Want to Miss [Black Hat USA 2019]
While not a focused IoT conference, Black Hat USA will feature an important industry announcement and session by Armis Security, a pioneer in agentless security for unmanaged and IoT devices. Read More
Researchers Find a Way to Compromise Corporate Networks Through Their VPN [Black Hat USA 2019]
According to a TechCrunch report, DEVCORE researchers Orange Tsai and Meh Chang are about to present security flaws that plague three corporate VPN products on the upcoming Black Hat conference. The flaws allow an attacker to perform remote exploitation to the target systems, and the vendors that are affected by the revelations are Palo Alto Networks, Pulse Secure, and Fortinet. Read More
Flaws in widely used corporate VPNs put company secrets at risk [Black Hat USA 2019]
Devcore researchers Orange Tsai and Meh Chang, who shared their findings with TechCrunch ahead of their upcoming Black Hat talk, said the flaws found in the three corporate VPN providers — Palo Alto Networks, Pulse Secure and Fortinet — are “easy” to remotely exploit. Read More
Equifax to pay at least $575M as part of FTC settlement [Black Hat USA 2019]
The FTC also required Equifax to have a designated employee in charge of its cybersecurity program. At the Black Hat cybersecurity conference in 2018, Equifax's new chief information security officer, Jamil Farschi, told CNET the company was going through a major shift to regain the public's trust, spending $200 million on its cybersecurity program last year. Read More
How Cybercriminals Break into the Microsoft Cloud [Black Hat USA 2019]
At this year's Black Hat USA, Morowczynski and Metcalf will discuss threats specific to Microsoft cloud services in their talk, "Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)." The goal, Metcalf says, is to help people understand how to secure Microsoft cloud environments, common mistakes made, and which configurations could make them vulnerable. Read More
Chances of destructive BlueKeep exploit rise with new explainer posted online [Black Hat USA 2019]
Williams said he previously expected there to be publicly available exploits no later than the middle of next month, when the Black Hat and Defcon security conferences in Las Vegas conclude. The new insights could shorten this predicted timeline. Read More
Black Hat 2019: Cyber Insurance Joins the Security Conversation [Black Hat USA 2019]
Although cyber insurance is still a small market, rising threat scenarios -- and rising damages from data breaches -- are fueling interest in the topic at the upcoming Black Hat 2019. Read More
Crack the defenses of iOS and other platforms at Black Hat USA 2019 [Black Hat USA 2019]
Cybersecurity professionals, take note: There’s an entire track of Platform Security Briefings lined up for Black Hat USA this August that will equip you with the latest knowledge, tools, and tricks to improve or compromise the security of iOS Windows hardware and software. Read More
Crack the defenses of iOS and other platforms at Black Hat USA 2019 [Black Hat USA 2019]
Cybersecurity professionals, take note: There’s an entire track of Platform Security Briefings lined up for Black Hat USA this August that will equip you with the latest knowledge, tools, and tricks to improve or compromise the security of iOS Windows hardware and software. Read More
Artificial Intelligence & Cybersecurity: Attacking & Defending [Black Hat USA 2019]
How do we know for sure? It is true that it is quite hard to attribute a botnet or a phishing campaign to AI rather than a human. Industry practitioners, however, believe that we will see an AI-powered cyber-attack within a year; 62% of surveyed Black Hat conference participants seem to be convinced in such a possibility. Read More
Open Source Hacking Tool Grows Up [Black Hat USA 2019]
"It's much more efficient now. It can be used to compromise entire networks in a matter of minutes," says Dillon, who plans to show off Koadic's new features next month at the Black Hat USA Arsenal in Las Vegas. Read More
RDP Bug Takes New Approach to Host Compromise [Black Hat USA 2019]
Clipboards were designed to be used locally and therefore trusted, Baril adds. This vulnerability exposes machines to a clipboard they can no longer trust. Baril and Itkin will discuss the details of the vulnerability, and approach the attack from both offensive and defensive perspectives, in their upcoming Black Hat USA briefing, "He Said, She Said — Poisoned RDP Offense and Defense." Read More
No, You Don’t Need a Burner Phone at a Hacking Conference [Black Hat USA 2019]
Every year, infosec Twitter debates whether people should bring a burner phone to conferences like Def Con or Black Hat. Here’s why we think you don’t need to worry about that. Read More
The importance of hardening firmware security [Black Hat USA 2019]
To date, firmware attacks have been few and far between. The first known BIOS attack, called the Chernobyl Virus, happened in 1998 and was used to erase flash ROM BIOS contents on chipsets. It wasn’t until Black Hat in 2006 that another BIOS vulnerability was demonstrated by researcher John Heasman (elevating privileges and reading physical memory), and then again in 2009 when Alfredo Ortega demonstrated a persistent BIOS infection (inserting malicious code into the decompression routines). Read More
Report: Literal killer app prompted Medtronic MiniMed recall [Black Hat USA 2019]
Billy Rios and Jonathan Butts discovered the vulnerabilities and raised awareness in August 2018, Wired reports. The two researchers, who work at security firm QED Security Solutions, publicized the issue at the Black Hat security conference in Las Vegas that year. With the presentation, the FDA, the Department of Homeland Security and Medtronic warned customers of the potential risks and vulnerabilities associated with the MiniMed pumps. Read More
Meet the World’s Biggest ‘Bulletproof’ Hoster [Black Hat USA 2019]
In a talk given at the Black Hat security conference in 2017, researchers from cyber intelligence firm Intel 471 labeled Yalishanda as one the “top tier” bulletproof hosting providers worldwide, noting that in just one 90-day period in 2017 his infrastructure was seen hosting sites tied to some of the most advanced malware contagions at the time, including the Dridex and Zeus banking trojans, as well as a slew of ransomware operations. Read More
Hackers Made An App That Kills To Prove A Point [Black Hat USA 2019]
Rios and Butts, who work at the security firm QED Security Solutions, had first raised awareness about the issue in August 2018 with a widely publicized talk at the Black Hat security conference in Las Vegas. Alongside that presentation, the Food and Drug Administration and Department of Homeland Security warned affected customers about the vulnerabilities. Read More
12 Events at Black Hat USA 2019 You Won’t Want to Miss [Black Hat USA 2019]
“We are totally overwhelmed by the amount of [tasks] we should be doing but can’t because of a lack of resources.” That’s how one respondent characterized the state of cybersecurity affairs in the fifth annual survey of attendees conducted by Black Hat. Read More
DevOps' Inevitable Disruption of Security Strategy [Black Hat USA 2019]
With DevOps principles taking root and reaching greater maturity at an increasing number of enterprises today, security strategists are in for some major disruption of the status quo in the coming years. That's the message being brought forward by a number of talks at next month's Black Hat USA, which will feature discussions on the impact that DevOps-driven practices and tools will have on the security world. Read More
7 Hot Cybersecurity Trends to Be Highlighted at Black Hat [Black Hat USA 2019]
Black Hat USA is fast approaching. With the full conference schedule online, now is the time for security pros to dive in and plan out their paths to exploring a wide range of learning opportunities. As with years past, the conference will feature sessions about new zero-day vulnerabilities, research that stretches the bounds of what's breakable in emerging technology, and new methods of defending systems in the ever-evolving tech world. Read More
Researchers Poke Holes in Siemens Simatic S7 PLCs [Black Hat USA 2019]
Eli Biham and Sara Bitan of Technion, and Avishai Wool and Uriel Malin of Tel Aviv University, at Black Hat USA next month in Las Vegas will reveal security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7 Read More
Chats On The Road To Hacker Summer Camp 2019 | Black Hat USA | A Conversation With Steve Wylie [Black Hat USA 2019]
As we are gearing up to cover three more conferences, we are having our pre-event conversations for each one. As we are planning to make all them a recurring series, this particular podcast is already part of a solid ITSPmagazine tradition: the third Chats on the Road conversation with Black Hat General Manager, Steve Wylie. This episode kicks off our coverage for such a pillar event in our industry. Read More
Vulnerabilities in US Defense Could Lead to Major Breach in Two Years, Says Black Hat Survey [Black Hat USA 2019]
Upcoming US elections and critical infrastructure security were among heated discussion topics at Black Hat USA 2019. According to 40 percent of Black Hat USA’s 2019 survey respondents, “large nation-states” are the number one threat that US critical infrastructures will have to fight. When specifically asked about the US election, more than 60 percent expect Kremlin-supported hackers will compromise voting machines to influence the outcome. 77 percent expect a critical attack on US critical infrastructure to succeed in the next two years, up 10 percent since 2018. Read More
Black Hat Q&A: Understanding NSA’s Quest to Open Source Ghidra [Black Hat USA 2019]
The National Security Agency (NSA) made a splash in the cybersecurity industry this year when it released its Ghidra software reverse-engineering framework as open source for the community to use. Now that the tool is in the public’s hands, NSA senior researcher Brian Knighton and his colleague Chris Delikat, will be presenting a talk at Black Hat USA about how Ghidra was designed, and the process of rendering it open source. Read More
'Human Side-Channels': Behavioral Traces We Leave Behind [Black Hat USA 2019]
At Black Hat USA, Wixey will examine multiple human side-channels, how they can be used in attacks and defense, privacy implications, and how they can be countered in his briefing, "I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy." Read More
Black Hat Survey Reveals Cyber Concerns [Black Hat USA 2019]
In advance of the 2019 Black Hat conference in Las Vegas, Black Hat USA has released its latest report on the growing concerns of consumers. Based on survey responses from conference attendees, the report, Consumers in the Crosshairs, looks at consumer concerns about their personal data potentially ending up in the hands of criminals as well as the ways in which security will affect the 2020 US presidential election. Read More
Risky business: Security pros outline key concerns ahead of Black Hat USA [Black Hat USA 2019]
With corporate mega-breaches now an all-too-common occurrence, consumers should work to the assumption that their data has already been compromised and take action to minimize further exposure to cybercriminals. This is one of the key takeaways of the 2019 Black Hat USA Attendee Survey – an annual poll of industry professionals that was released today, ahead of the eponymous security conference next month. Read More
Heading into Black Hat, cyber community in dark mood on data protection [Black Hat USA 2019]
Cybersecurity professionals appear increasingly pessimistic about the likelihood of major breaches, attacks on critical infrastructure including election systems, and the effectiveness of government-industry responses, according to a survey of some of those planning to attend the massive annual Black Hat conference in Las Vegas. Read More
Will hacked voting machines decide the 2020 election? [Black Hat USA 2019]
Cybersecurity professionals are concerned about foreign cyber operations and vulnerabilities in voting machines as the days tick down to the first 2020 primaries in February. According to a new survey of 345 cybersecurity professionals by Black Hat USA, 63 percent of respondents said that the hacking of voting machines in the next election is “very likely” or “somewhat likely” to have a “significant impact” on election results. Read More
Consumer Data, Upcoming Elections Are at Risk, Black Hat Survey Says [Black Hat USA 2019]
Newly published '2019 Black Hat USA Attendee Survey' recommends users stay off social media and remain wary of products that promise to solve security problems. Read More
FDA Warns of Potentially Fatal Flaws in Medtronic Insulin Pumps [Black Hat USA 2018]
Rios and other researchers have previously disclosed several other serious vulnerabilities in Medtronic products (including insulin pumps). A proof-of-concept exploit attack was released by researchers in March 2018 — after which the manufacturer issued advisories for the flaws on August 7. That’s more than 570 days after they were first reported. “It’s disappointing to know these have been out there for a long time,” said Rios at Black Hat 2018. “For the last two years, we’ve been increasingly frustrated with how our research was dealt with.” Read More
Apple Head of Security Engineering to Speak About iOS and Mac Security at 2019 Black Hat Event [Black Hat USA 2019]
Apple's Head of Security Engineering and Architecture Ivan Krstić will be attending the Black Hat 2019 event where he will give a "Behind the Scenes" look at iOS and macOS security. Black Hat is an annual event that's designed for the global InfoSec community, providing security professionals with a place to meet up and gain training on new techniques. Read More
Apple security chief will talk iOS 13, macOS Catalina at Black Hat [Black Hat USA 2019]
Apple security chief Ivan Krstic will be returning to the Black Hat security conference this summer to discuss iOS 13 and macOS Catalina — as well as the security protections in Apple’s new Find My service. Read More
Apple security chief to cover iOS 13, macOS security at Black Hat [Black Hat USA 2019]
Apple's security engineering chief Ivan Krstic will be making a reappearance at the Black Hat security conference in August, discussing the technologies protecting iOS 13 and macOS Catalina as well as how the Find My feature is kept secure. Read More
Inside MLS, the New Protocol for Secure Enterprise Messaging [Black Hat USA 2019]
By next year, he hopes, MLS will be ready to integrate into messaging platforms. Robert, along with INRIA's Benjamin Beurdouche and independent researcher Katriel Cohn Gordon, will discuss the research behind, and details of, MLS this summer at Black Hat USA in a briefing entitled "Messaging Layer Security: Towards a New Layer of Secure Group Messaging." Read More
A Socio-Technical Approach to Cybersecurity's Problems [Black Hat USA 2019]
In their upcoming Black Hat USA briefing, "Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project," Breuer and Perlman will discuss their framework, how security principles apply to STS, how red team and blue team processes could look in the context of STS security, and examples of red team analyses of influence operations. Read More
A tale of two cities: Why ransomware will just get worse [Black Hat USA 2017]
In 2017, the information security conference Black Hat USA surveyed attendees and found that 58% believed their organizations didn't have sufficient budget to recover from a ransomware attack or other breach. Twelve percent said that ransomware response was the biggest demand on their time during an average day. And there's a wealth of data from research (mostly funded by disaster recovery companies) that suggests most organizations are more confident in their data recovery plans than they should be, if they even have one. Read More
With GDPR's 'Right of Access,' Who Really Has Access? [Black Hat USA 2019]
Some businesses improved their verification over time, he adds, but mistakes are still being made: a handful of organizations accidentally deleted his fiancée's account when asked for data. He points to a need for businesses to feel comfortable denying suspicious GDPR requests.
Pavur will be presenting the details of his case study this August at Black Hat USA in a presentation "GDPArrrrr: Using Privacy Laws to Steal Identities." Read More
Black Hat Q&A: Defending Against Cheaper, Accessible ‘Deepfake’ Tech [Black Hat USA 2019]
The tools and techniques to create false videos via AI-driven image synthesis are getting easier to access every year, and few people know that better than ZeroFox’s Matt Price and Mike Price (not related). In an email interview with Black Hat's Alex Wawro, the pair of security experts shared their latest research, which will be presented at Black Hat USA in Las Vegas this summer. Read More
Major HSM vulnerabilities impact banks, cloud providers, governments [Black Hat USA 2019]
The duo's research paper is currently available only in French, but the two are also scheduled to present their findings at the Black Hat security conference that will be held in the US in August. Read More
Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists [Black Hat USA 2019]
Veteran security researcher, cryptographer, and author Bruce Schneier is one of the many cybersecurity experts who will be speaking at Black Hat USA in Las Vegas this August. He’s presenting Information Security in the Public Interest, a 50-minute Briefing about why it’s so important for public policy discussions to include technologists with practical understanding of how today’s tech can be used and abused. Read More
Cisco's 'Thrangrycat' Router Flaw Tough to Neuter [Black Hat USA 2019]
The flaw, designated CVE-2019-164, was discovered by Jatin Kataria, Richard Housley and Ang Cui of Red Balloon Security, which investigates embedded systems. The team is due to present their research into the flaw and techniques for mitigating it in August at the Black Hat security conference in Las Vegas. Read More
Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear [Black Hat USA 2019]
On a website dedicated to the Thrangrycat vulnerability, the Red Balloon Security team said plan to present a tool for detecting Thrangrycat attacks in August this year, at the Black Hat 2019 security conference. Read More
It's 2019 so now security vulnerabilities are branded using emojis: Meet Thrangrycat, a Cisco router secure boot flaw [Black Hat USA 2019]
The full details are not going to be released until this year's Black Hat USA security conference in August. Cisco was privately tipped off by Red Balloon Security in November 2018, and only now is the issue public. The ??? exploits were tested on a Cisco ASR 1001-X, though plenty of devices are at risk because they use the FPGA-based TAm. Read More
Security Firm to Offer Free Hacking Toolkit [Black Hat Asia 2019]
A penetration testing and consulting firm plans to release a free penetration testing toolkit next month at Black Hat Asia; the toolkit includes privilege escalation and network attack functions. Read More
Whose Line Is It? When Voice Phishing Attacks Get Sneaky [Black Hat Asia 2019]
In a presentation at Black Hat Asia, entitled "When Voice Phishing Met Malicious Android App," Jang will disclose and discuss the findings of criminal traces in voice phishing analysis conducted by his research team over the past few months. Read More
These Recently Discovered POODLEs Can Bypass Your TLS [Black Hat Asia 2019]
If Zombie POODLE and GOLDENDOODLE has you biting your nails, Young is ready to present his full findings at Black Hat Asia in Singapore at some point during the March 26th to March 29th event. Read More
Researchers Dig into Microsoft Office Functionality Flaws [Black Hat Asia 2019]
At Black Hat Asia, coming up March 26-29 in Singapore, Hegt and Ceelen will take the stage to present their talk "Office in Wonderland," in which they will disclose details on new Word and Excel vulnerabilities, release attack vectors which Microsoft deemed Office features, and demonstrate the security impact of the architectural design of the full Office suite. Read More
Visual Journal: Black Hat Europe 2018 [Black Hat Europe 2019]
The recent Black Hat Europe conference in London touched on topics ranging from combating "deep fake" videos and information security career challenges to hands-on lock-picking tutorials and the dearth of researchers submitting proposed briefings centered on deception technology. Read More
Neil and Bart tried to find the right malicious traffic on hackers' conference [Black Hat Europe 2018]
This was the situation at the Black Hat IT Security Conference, which took place recently in the European edition in London. Thousands of people from around the world participated. This year's conference had a visit of approx. 3000 participants from 106 countries. And some of the participants fell under the hacker category. Read More
‘Dear Bloomberg, you still owe everyone a retraction, explanation or some proof’ [Black Hat Europe 2018]
“The attack exploits DNS Cache Poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker’s public key to a victim domain,” the researchers explained during this year’s Black Hat Europe. Read More
Innovation backfires: Security feature makes Windows 10 unsafe [Black Hat Europe 2018]
Researchers were quick to prove that integrating security issues produced exactly the wrong result: Instead of generating more security, Windows 10 users are more exposed to malicious hackers than before. Researchers Magal Baz and Tom Sela presented their findings about a week ago at the Black Hat Security Conference in London. Read More
How to Secure Windows 10 by Disabling Its Password Recovery Questions [Black Hat Europe 2018]
This is exactly the scenario a group of security researchers described in a recent presentation at the Black Hat Europe Security Conference, as Ars Technica writes. Read More
Texas Instruments flicks Armis' Bluetooth chip vuln off its shoulder [Black Hat Europe 2018]
At Black Hat London last week, Ben Seri and Dor Zusman from research house Armis went into full detail about their November discovery of how to pwn TI-made Bluetooth Low Energy (BLE) chips. Read More
These hackers are using Android surveillance malware to target opponents of the Syrian government [Black Hat Europe 2018]
Dubbed SilverHawk by researchers at security firm Lookout, they detailed their findings at the Black Hat Europe conference in London. The malware is thought to have been in operation since mid-2016 and is capable of secretly recording audio, taking photos, downloading files, monitoring contacts, tracking location and more. Read More
CAs exposed as a weak point in web crypto [Black Hat Europe 2018]
Presentations at Black Hat Europe last week gave contrasting views the state of cryptography on the web. Hackers are unlikely to find it easy to break elliptic curve crypto, but according to a separate study they might well be able to subvert the trustworthiness of popular commercially-used Certificate Authorities (CAs). Read More
Fake apps are infecting smartphones with the ultimate spyware [Black Hat Europe 2018]
New research from cybersecurity firm Lookout presented during this year's Black Hat Europe conference has revealed that the SEA has expanded its hacking toolset and it now includes the entire SilverHawk "surveillanceware" family. Read More
Face Off: Researchers Battle AI-Generated Deep Fake Videos [Black Hat Europe 2018]
Security researchers are facing off against deep-fake videos over fears that they might be used for nation-state disinformation campaigns or to ruin someone's reputation or social standing.
Read More
The best hacks from Black Hat Europe 2018 [Black Hat Europe 2018]
Thermal imaging might be impressive – but the main prize for sheer mis-appropriation of science during Black Hat Europe has to go to a talk by IBM researchers on attacking hardware systems using resonance. Read More