Black Hat Press
  • Apr 16, 2021 | Dark Reading

    Security Gaps in IoT Access Control Threaten Devices and Users [Black Hat Asia 2021]

    A team of Internet of Things security researchers has discovered vulnerabilities in the way IoT device vendors manage access across multiple clouds and users, putting both individuals and vendors at risk.
    Read More
  • Apr 14, 2021 | Yahoo! Entertainment

    A huge new hacking threat was just discovered [Black Hat Asia 2021]

    “You have the watches,” goes a famous quote with different variations throughout history but most recently attributed to a captured Taliban commander, “but we have the time.”
    Read More
  • Apr 13, 2021 | The Hacker News

    New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices [Black Hat Asia 2021]

    Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system.
    Read More
  • Apr 13, 2021 | iTnews

    NAME:WRECK vulnerabilities could impact 100 million servers, IoT devices [Black Hat Asia 2021]

    Security researchers say they have uncovered nine vulnerabilities in four TCP/IP stacks that could be used to target a range of servers, medical and industrial devices.
    Read More
  • Oct 6, 2020 | The Daily Swig

    Touch and go: Contactless payment security controls defeated by security researchers [Black Hat Asia 2020]

    In follow-up research presented at Black Hat Asia last week, Galloway and Yunusov showed how it was possible to bypass multi-factor authentication controls designed to guard against tap-and-go fraud with contactless credit and debit cards.
    Read More
  • Oct 5, 2020 | Dark Reading

    Android Camera Bug Under the Microscope [Black Hat Asia 2020]

    This vulnerability could be exploited even if the phone was locked, its screen was turned off, or if the person was on a call, explained Erez Yalon, director of security research at Checkmarx, where a team of researchers discovered the flaw last summer. Yalon offered a hacker's perspective of discovering and reporting the flaw in a talk at this year's virtual Black Hat Asia.
    Read More
  • Oct 5, 2020 | Kaldata

    The discoverer of Meltdown and Specter for the growing uncertainty of the systems [Black Hat Asia 2020]

    Іn thіѕ wау, tеnѕ оf thоuѕаndѕ оf ѕуѕtеmѕ hаvе bееn іnfесtеd оvеr thе уеаrѕ thrоugh rерutаblе ѕіtеѕ,Місrоѕоft Nеtwоrk Јараn аnd mаnу оthеrѕ. Вut іt'ѕ nоt јuѕt thе Wеb, іt'ѕ соmрutеr ѕуѕtеmѕ tоdау. Тhіѕ wаѕ ѕhаrеd bу а суbеrѕесurіtу ехреrt оf thе lаѕt еdіtіоn оf Вlасk Наt Аѕіа.
    Read More
  • Oct 5, 2020 | Computer Hoy

    4G and 5G networks are vulnerable due to their mix with old technologies [Black Hat Asia 2020]

    During a Black Hat Asia presentation on Friday, Sergey Puzankov, a security expert at Positive Technologies, highlighted the SS7 protocol as one of the problems still plaguing the telecommunications industry. This protocol was developed in 1975 and has not evolved much since then.
    Read More
  • Oct 5, 2020 | Electropages

    Vulnerability to Old Tech – How 5G May Face Problems [Black Hat Asia 2020]

    Black Hat Asia, a tech security conference held in Singapore, included researchers who demonstrated how modern networks such as 5G could be vulnerable to systems that are decades old and yet are still able to connect to such networks.
    Read More
  • Oct 5, 2020 | The Daily Swig

    Sharkcop: Google Chrome extension uses machine learning to detect phishing URLs [Black Hat Asia 2020]

    A Google Chrome browser extension that identifies suspected phishing URLs with a machine learning algorithm was unveiled at Black Hat Asia last week.
    Read More
  • Oct 5, 2020 | The Daily Swig

    Vulmap: Aiding privilege escalation with CVE-mapping vulnerability scanner [Black Hat Asia 2020]

    A hacking tool designed to aid privilege escalation by leveraging known security vulnerabilities was demonstrated at Black Hat Asia last week.
    Read More
  • Oct 3, 2020 | Avalanche Noticias

    Researching vulnerabilities in computer systems is becoming similar to watching wildlife. [Black Hat Asia 2020]

    Computer security researcher Daniel Gruss, an assistant professor at the Austrian University of Technology in Graz, spoke at the Black Hat Asia conference yesterday in Singapore's time zone. It was Gruess' team that discovered the Meltdown and Specter vulnerabilities in Intel processor architectures and beyond. According to the expert, computer security has been irreparably damaged by the increased complexity of the systems. But there is a cure, although not absolute.
    Read More
  • Oct 3, 2020 | 3DNews

    Searching for vulnerabilities in computer systems is becoming akin to observing life in wildlife [Black Hat Asia 2020]

    Computer security researcher Daniel Gruss, assistant professor at the Austrian University of Technology Graz, spoke at the Black Hat Asia conference yesterday in the Singapore time zone . It was Gruess's team that discovered the Meltdown and Specter vulnerabilities in Intel processor architectures and beyond. According to the expert, computer security has been irreparably disturbed by the increased complexity of systems. But there is a cure, although not absolute.
    Read More
  • Oct 2, 2020 | TechWorld IDG

    Protocols from the 1970s pose a risk to 5g users [Black Hat Asia 2020]

    In connection with this year's edition of the conference Black Hat Asia, security expert Sergey Puzankov from Positive Technologies has described a wide range of potential security problems with the 5g network.
    Read More
  • Oct 2, 2020 | SecNews

    5G networks are vulnerable due to "bad" old technologies [Black Hat Asia 2020]

    During a presentation at Black Hat Asia on Friday entitled "Back to the Future. Cross-Protocol Attacks in the Era of 5G ", positive security expert Sergey Puzankov stressed how pending issues in the SS7 protocol still plague the telecommunications industry.
    Read More
  • Oct 2, 2020 | The Daily Swig

    Grinder Framework helps overcome Shodan false negatives and blind spots [Black Hat Asia 2020]

    “The Grinder Framework is an open source security research toolkit adopted to Internet-wide surveys and allows you to use the full power of tools like Nmap, Shodan, Censys, Vulners, and TLS-attacker, and bringing the light through tailored scanning and threat intelligence approach,” the researchers explain in a preview for a presentation for an Arsenal session held during Black Hat Asia today (October 1).
    Read More
  • Oct 2, 2020 | ZDNet

    4G, 5G networks could be vulnerable to exploit due to ‘mishmash’ of old technologies [Black Hat Asia 2020]

    During a presentation at Black Hat Asia on Friday called "Back to the Future. Cross-Protocol Attacks in the Era of 5G," Positive Technologies security expert Sergey Puzankov highlighted how outstanding issues in the SS7 protocol still plague the telecommunications industry.
    Read More
  • Oct 2, 2020 | The Daily Swig

    Computer scientist behind Meltdown discovery prescribes biological approach to securing complex systems [Black Hat Asia 2020]

    Treat this as the new normal, Daniel Gruss, a member of one of three teams that uncovered the Meltdown vulnerability, said during a keynote presentation on Friday at the Black Hat Asia security conference.
    Read More
  • Oct 2, 2020 | The Daily Swig

    Black Hat Asia 2020: Android vulnerability scanners tackle code obfuscation and false positives [Black Hat Asia 2020]

    Android apps can be probed comprehensively for known security vulnerabilities without being fooled by code obfuscation techniques, attendees at Black Hat Asia heard yesterday.
    Read More
  • Oct 2, 2020 | The Daily Swig

    Vulnerabilities in Kata containers could be chained to achieve RCE on host [Black Hat Asia 2020]

    A talk delivered at the virtual Black Hat Asia conference today by security researcher Yuval Avrahami detailed how the flaws in Kata’s containers could also be exploited to compromise other guest users.
    Read More
  • Oct 2, 2020 | Dark Reading

    Biometric Data Collection Demands Scrutiny of Privacy Law [Black Hat Asia 2020]

    "One of the things that has been so great about technology is not only the convenience, but we've really started to look at privacy, and privacy is coming to the forefront," said Melissa Wingard, special counsel at law firm Phillips Ormonde Fitzpatrick, in a virtual Black Hat Asia talk.
    Read More
  • Oct 2, 2020 | Dark Reading

    Researchers Adapt AI With Aim to Identify Anonymous Authors [Black Hat Asia 2020]

    At Black Hat Asia, artificial intelligence and cybersecurity researchers use neural networks to attempt to identify authors, but accuracy is still wanting.
    Read More
  • Oct 1, 2020 | SecurityLab.ru

    Singapore authorities suggested treating information security as a public good [Black Hat Asia 2020]

    Information security is as much a public good as clean drinking water. This was announced on Thursday, October 1, by Brigadier General Gaurav Keerthi, Assistant Chief of the Cybersecurity Agency of Singapore, at the Black Hat Asia conference.
    Read More
  • Oct 1, 2020 | The Daily Swig

    BitLocker sleep mode vulnerability can bypass Windows’ full disk encryption [Black Hat Asia 2020]

    At the virtual Black Hat Asia security conference today, researcher Seunghun Han introduced a tool that can be used to subvert BitLocker security protections.
    Read More
  • Oct 1, 2020 | The Daily Swig

    Black Hat Asia: Need for global security perspectives underlined at virtual event [Black Hat Asia 2020]

    The Asia edition of the information security and hacking conference has more than justified its place in the infosec calendar, with the spring event becoming a firm fixture in the diary of security professionals, researchers, CISOs, journalists, and other industry-watchers.
    Read More
  • Oct 1, 2020 | Dark Reading

    Singapore Asks Big Cybersecurity Questions to Improve National Defense [Black Hat Asia 2020]

    As Singapore pursues its journey to become a "Smart Nation," it's asking these tough questions and many others as officials wrestle with the role of cybersecurity in a country increasingly dependent on technology, explained Gaurav Keerthi, deputy chief executive of development at Singapore's Cyber Security Agency, in his keynote talk at this week's virtual Black Hat Asia.
    Read More
  • Sep 30, 2020 | ITSP Magazine

    Black Hat Asia 2020 | Balancing User Awareness And Public Trust That Is Riddled With Complexities | With Gaurav Keerthi, Melissa Wingard And Daniel Gruss [Black Hat Asia 2020]

    In this conversation, we bring these three very diverse topics and the Black Hat Asia 2020 speakers that present them together on a conversation that will undoubtedly make you think forward. Each one of them represents very different perspectives and aspects of security and privacy—government, industry, legal, academia, and society—and the complexities they bring with them, coupled with the complexities they also introduce when building trust within and across many stakeholders.
    Read More
  • Sep 25, 2020 | Dark Reading

    Navigating the Asia-Pacific Threat Landscape: Experts Dive In [Black Hat Asia 2020]

    At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
    Read More
  • Sep 2, 2020 | CBS News

    Top U.S. cybersecurity expert on mail-in voting: "If you've got paper, you've got receipts" [Black Hat USA 2020]

    Other high-profile security researchers also affirmed the value of mail-in systems at Black Hat. In his virtual keynote address, Georgetown Law professor Matt Blaze said that while mail-in and absentee voting systems are not foolproof, the systems are reliable, widely available, and lack many of the risks that plague digital voting systems.
    Read More
  • Aug 27, 2020 | Dark Reading

    How CISOs Can Play a New Role in Defining the Future of Work [Black Hat USA 2020]

    The theme of remote security has stayed top of mind since March: Cybersecurity experts correctly predicted that cybercrime in a virtual workforce would be a central topic at the recent Black Hat conference, and CISOs have had to rethink 2020 strategy with remote work leading the way.
    Read More
  • Aug 27, 2020 | Forbes

    Hacking Cyber Space [Black Hat USA 2020]

    At Black Hat, James Pavur, a Rhodes Scholar working on a PhD in cybersecurity at Oxford University's Department of Computer Science, cited examples of communications he'd been able to intercept.
    Read More
  • Aug 27, 2020 | Electronic Design

    Taking a Tour of Black Hat’s Online Conference [Black Hat USA 2020]

    High-level, cloud-based issues aren’t the only topics presented at Black Hat. Some got deep into the code and engineering.
    Read More
  • Aug 26, 2020 | Threatpost

    Disinformation Spurs a Thriving Industry as U.S. Election Looms [Black Hat USA 2020]

    The 2020 Presidential Election is the topic of a recent Threatpost feature Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem and the focus of a Black Hat 2020 keynote address earlier this month by Renée DiResta, research manager at the Stanford Internet Observatory.
    Read More
  • Aug 26, 2020 | CSO

    How to secure vulnerable printers on a Windows network [Black Hat USA 2020]

    At the recent Black Hat conference, Peleg Hadar and Tumar Bar of SafeBreach Labs pointed out that the way to a network’s heart is often through its printers.
    Read More
  • Aug 25, 2020 | Threatpost

    Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem [Black Hat USA 2020]

    Meanwhile, recent stats from the Black Hat USA 2020 Attendee Survey show that 85 percent of respondents believe that cyber-threat actors will have at least some impact on the U.S. elections in 2020. And disturbingly, nearly one third of respondents believe that the impact will be critical, and that the results of the 2020 election will always be in doubt as a result.
    Read More
  • Aug 25, 2020 | Threatpost

    Safari Bug Revealed After Apple Takes Nearly a Year to Patch [Black Hat USA 2020]


    Read More
  • Aug 25, 2020 | TechRepublic

    IoT botnets: Smart homes ripe for a new type of cyberattack [Black Hat USA 2020]

    By powering on a large number of devices an energy supplier or utility company could artificially increase demand to boost profits. This idea is at the core of Black Hat USA 2020 presentation titled led by Georgia Tech researchers Tohid Shekari and Raheem Beyah.
    Read More
  • Aug 23, 2020 | WIRED

    Cash machine hackers are getting better at stealing your money [Black Hat USA 2020]

    During Black Hat, Kevin Perlow, the technical threat intelligence team lead at a large, private financial institution, analysed two cash-out tactics that represent different current approaches to jackpotting.
    Read More
  • Aug 21, 2020 | Dark Reading

    'Next-Gen' Supply Chain Attacks Surge 430% [Black Hat USA 2020]

    Meantime, at Black Hat USA earlier this month, researchers showed how a next-gen approach could be used to attack Node.js applications by manipulating the hidden properties used to track internal program states.
    Read More
  • Aug 20, 2020 | Dark Reading

    Black Hat USA 2020 Recap: Experts Discuss Election Security Questions, but Offer Few Answers [Black Hat USA 2020]


    Read More
  • Aug 20, 2020 | Dark Reading

    Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay [Black Hat USA 2020]

    To its credit, Black Hat USA 2020 turned hard left once it was clear that large live events wouldn’t be happening in the second half of 2020, and what they managed to pull off was nothing short of a miracle. Even if, from an analyst’s perspective, the event was nothing like an in-person event, it was incredibly useful for all involved.
    Read More
  • Aug 20, 2020 | India Today

    Exposed: China's hacking campaign to unsettle Taiwan economy [Black Hat USA 2020]

    At the Black Hat security conference last week, researchers from CyCraft presented details of a hacking campaign that may have compromised internal data of at least seven Taiwanese chip firms over the past two years.
    Read More
  • Aug 19, 2020 | BizTech

    Mail-In Votes Require Special Cybersecurity Attention [Black Hat USA 2020]

    “It’s night and day compared to what existed in 2016,” CISA Director Christopher Krebs said at the Black Hat USA 2020 cybersecurity conference this month. “2020 will be the most protected and most secure election in modern history.”
    Read More
  • Aug 18, 2020 | ITSP Magazine

    Black Hat USA 2020 Recap And What Is Happening Next | With Kymberlee Price And Steve Wylie [Black Hat USA 2020]


    Read More
  • Aug 18, 2020 | The Daily Swig

    AWS launches open source tool to protect against HTTP request smuggling attacks [Black Hat USA 2020]

    At Black Hat USA 2019, PortSwigger Web Security’s director of research James Kettle demonstrated how the somewhat forgotten hacking technique could be leveraged to poison web caches and desynchronize entire systems.
    Read More
  • Aug 18, 2020 | ITSP Magazine

    Black Hat USA 2020 Recap And What Is Happening Next | With Kymberlee Price And Steve Wylie [Black Hat USA 2020]

    Beyond the content itself, there's a lot to be learned for how we will consume content moving forward and how we will likely expect to engage with each other in a world where in-person-only events may be a thing of the past. Steve and Kymberlee provide some interesting insights into the future of Black Hat in this context.
    Read More
  • Aug 17, 2020 | CoinGeek

    Open-source library dependence puts digital currency exchanges at risk: report [Black Hat USA 2020]

    At the recent Black Hat security conference, researchers detailed potential weaknesses in the exchanges secured wallet schemes that have now been patched.
    Read More
  • Aug 17, 2020 | TNW

    Pardon the Intrusion #24: The clock is TikToking [Black Hat USA 2020]

    At the Black Hat conference last week, a security researcher revealed how insecure satellite-based Internet allows attackers to snoop on companies and sometimes tamper with data.
    Read More
  • Aug 17, 2020 | CoinGeek

    Open-source library dependence puts digital currency exchanges at risk: report [Black Hat USA 2020]

    At the recent Black Hat security conference, researchers detailed potential weaknesses in the exchanges secured wallet schemes that have now been patched.
    Read More
  • Aug 17, 2020 | Dice

    Your Work-From-Home Future: Now’s the Time to Think About Security [Black Hat USA 2020]

    In time for the Black Hat 2020 virtual conference earlier this month, AT&T released a study about cybersecurity and working from home that included responses from 800 security professionals working in the U.K., France and Germany. Of those surveyed, 88 percent reported that, while they initially felt well-prepared for the switch to WFH, a majority (55 percent) now feel that ongoing remote working is making their companies more vulnerable to cyber-threats.
    Read More
  • Aug 15, 2020 | WIRED

    ATM Hackers Have Picked Up Some Clever New Tricks [Black Hat USA 2020]

    At last week's Black Hat and Defcon security conferences, researchers dug through recent evolutions in ATM hacking. Criminals have increasingly tuned their malware to manipulate even niche proprietary bank software to cash out ATMs, while still incorporating the best of the classics—including uncovering new remote attacks to target specific ATMs.
    Read More
  • Aug 15, 2020 | TechCrunch

    Decrypted: Hackers Show Off Their Exploits as Black Hat Goes Virtual [Black Hat USA 2020]

    But with less than three months until millions of Americans go to the polls, Black Hat sharpened its focus on election security and integrity more so than any previous year.
    Read More
  • Aug 14, 2020 | TechTarget

    Risk & Repeat: Black Hat 2020 highlights [Black Hat USA 2020]

    This week's Risk & Repeat podcast recaps the highlights and trends of Black Hat USA 2020, which was held as a fully virtual conference for the first time because of the COVID-19 pandemic.
    Read More
  • Aug 14, 2020 | ProPublica

    Electionland 2020: USPS Chaos, Election Cybersecurity, August Voting and More [Black Hat USA 2020]

    At this month’s Black Hat hacker conference, voting tech company Election Systems & Software announced new policies that will allow cybersecurity researchers to test the company’s technology. Also at the conference, the director of CISA touted the government’s progress on cybersecurity since 2016, saying it was “like night and day.”
    Read More
  • Aug 13, 2020 | Daily Star

    Deepfake of Tom Hanks that 'easily passes as real' made for less than $100 [Black Hat USA 2020]

    It read: "There are many photos of Tom Hanks, but none like the images of the leading everyman shown at the Black Hat computer security conference Wednesday: They were made by machine-learning algorithms, not a camera."
    Read More
  • Aug 13, 2020 | PCMag

    These Are the Apps We Miss Right Now [Black Hat USA 2020]

    I watched virtual Black Hat presentations from the comfort of my own home instead of the Mandalay Bay casino in Las Vegas. I don’t really miss the app, truth be told, but I have found myself missing the bustle of conferences.
    Read More
  • Aug 13, 2020 | Washington Post

    The Cybersecurity 202: The TikTok ban is just a proxy battle in the U.S.-China tech war [Black Hat USA 2020]


    Read More
  • Aug 13, 2020 | SDxCentral

    Cyber Threat First Responders Fight COVID-19 Attacks Amid Pandemic [Black Hat USA 2020]

    Okta Executive Director of Cybersecurity Marc Rogers, like many of us, has lost all concept of time during the COVID-19 pandemic. There’s pre-COVID life and work, and then there’s the Groundhog’s Day existence that has become our collective reality. “I measure things in 2020 units now,” he said, during a virtual interview at Black Hat. “Some of it’s turned into a daily grind.”
    Read More
  • Aug 13, 2020 | OODA Loop

    DHS Worried About Ransomware Attacks for 2020 Election [Black Hat USA 2020]

    According to an intelligence report issued by the Department of Homeland Security, one of the top 2020 election security concerns is ransomware. A report entitled “Cybercriminals and Criminal Hackers Capable of Disrupting Election Infrastructure”, echos concerns CISA head Chris Krebs articulate at the Black Hat security conference in early August.
    Read More
  • Aug 13, 2020 | Dark Reading

    Boeing's DEF CON Debut a Sign of the Times [Black Hat USA 2020]

    IOActive's Santamarta — who had presented his research over at Black Hat USA in Las Vegas just a few days before DEF CON kicked off — maintained that an attacker exploiting the flaws could remotely gain access to the aircraft's sensitive avionics network, also known as the crew information systems network.
    Read More
  • Aug 13, 2020 | Dark Reading

    Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity [Black Hat USA 2020]

    Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.
    Read More
  • Aug 12, 2020 | Xakep

    Big hole in BIG-IP. How the new vulnerability in F5 products works [Black Hat USA 2020]

    We need to look at how the URI is passed to Tomcat. It is worth referring here to Orange Tsai 's great study on path normalization in various applications that he presented at Black Hat USA 2018 and DEF CON 26
    Read More
  • Aug 12, 2020 | Education News Network

    BlackBerry releases free reverse engineering tools to help resist cyber security attacks [Black Hat USA 2020]

    Also this week at Black Hat USA 2020, Kevin Livelli, the director of BlackBerry threatening the IntelliSense system, will be presenting the Rat Decade on August 5, 11-11:40 am PT. BlackBerry will also hold a webinar about its cooperation with Intel to stop encryption hijacking malware, and in-depth study of BlackBerry Optics AI-based EDR technology for Linux.
    Read More
  • Aug 12, 2020 | Turbo

    Mercedes-Benz E-Class. 19 safety risks detected, already resolved [Black Hat USA 2020]

    According to TechCrunch , the facts were revealed by Minrui Yan, head of Sky-Go's security research team, during this year's Black Hat security conference.
    Read More
  • Aug 12, 2020 | ARA MOTOR

    Chinese computer scientists uncover the vulnerability of the Mercedes-Benz E-Class [Black Hat USA 2020]

    Through a coordinated attack, Qihoo 360 computer scientists were able to unlock the car doors, lower the windows, control the lighting system and even start the car's engine without the owner's key, as explained in a Black Hat cybersecurity conference, focused on the risks of hacking.
    Read More
  • Aug 12, 2020 | heise online

    Patchday: Microsoft closes actively exploited Windows and browser holes [Black Hat USA 2020]

    As part of a lecture at the Black Hat Conference 2020, a team of researchers warned last week about a new version of a security hole that the Stuxnet computer worm had previously misused to switch from Windows systems to industrial control systems via the printer spooler.
    Read More
  • Aug 12, 2020 | TechTarget

    Microsoft plugs 2 zero-days on August Patch Tuesday [Black Hat USA 2020]

    The patch resolved a lingering printer spooler issue that had been patched multiple times -- most recently in May -- but security researchers found a way to bypass the patch and gave a recent Black Hat USA presentation on the flaw, which has its origins in the Stuxnet worm from 2010. Despite public knowledge of the bug, Microsft's CVE did not report this as publicly disclosed.
    Read More
  • Aug 12, 2020 | KRYPTOMAGAZIN

    Researchers claim that hackers attack cryptoburses in three ways [Black Hat USA 2020]

    Researchers at the Black Hat security conference have revealed that cryptoburses can be vulnerable to hackers . Although cryptocurrencies provide a high level of privacy and security to protect their resources, scientists have found that hackers can attack in three ways.
    Read More
  • Aug 12, 2020 | Wall Street Journal

    Facebook and Other Tech Giants Gird for Chaotic Election [Black Hat USA 2020]


    Read More
  • Aug 12, 2020 | BizTech

    Black Hat 2020: How to Boost Security Problem-Solving [Black Hat USA 2020]

    But problem-solving isn’t necessarily a trait you’re born with. At Black Hat USA 2020, Matt Wixey, research lead at PwC U.K., said that it’s something that can be trained.
    Read More
  • Aug 12, 2020 | Autocasión

    They hack the Mercedes E-Class and even get to start it [Black Hat USA 2020]

    They could even have started the engine without having to enter the cabin . The investigation was started a couple of years ago and the results were sent to Daimler, from where we assume that they remedied the problem. Now they have been unveiled at the Black Hat cybersecurity conference.
    Read More
  • Aug 12, 2020 | BenzInsider

    Sky-Go Discusses How to Hack and Remotely Control the Mercedes-Benz E-Class [Black Hat USA 2020]

    In 2017, a video surfaced showing two thieves in the UK using a relay hacking method to exploit the keyless entry system of a Mercedes car. It only took them less than 30 seconds to drive off with it. This is just one of the examples that Sky-Go demonstrated in its presentation at a recent Black Hat cybersecurity conference.
    Read More
  • Aug 12, 2020 | TechTarget

    Security team analyzes data breach costs for better metrics [Black Hat USA 2020]

    Severski and Baker published their findings on the cost of data breaches in the Cyentia Information Risk Insights Study (IRIS 20/20) and the ripple effects of breaches in Ripples Across the Risk Surface (in collaboration with automated risk assessment firm RiskRecon). They discussed the topic at Black Hat 2020.
    Read More
  • Aug 12, 2020 | TechHQ

    Mercedes-Benz security bug — a sign of connected vehicle security issues? [Black Hat USA 2020]

    A team of security researchers at the Sky-Go Team detailed the way they were able to form an attack chain and remotely take control of the vehicle. The head of Sky-Go’s security research team, Minrui Yan, shared the findings at this year’s Black Hat security conference, as reported in TechCrunch.
    Read More
  • Aug 12, 2020 | Intelligent CIO

    Latest Mimecast research finds threat actors more motivated by money than intelligence or IP [Black Hat USA 2020]

    Mimecast Limited, a leading email security and cyber-resilience company, has launched the Threat Intelligence Report: Black Hat U.S.A. Edition 2020.
    Read More
  • Aug 12, 2020 | Dark Reading

    Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption [Black Hat USA 2020]

    Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
    Read More
  • Aug 12, 2020 | BizTech

    Black Hat 2020: How to Boost Security Problem-Solving [Black Hat USA 2020]

    But problem-solving isn’t necessarily a trait you’re born with. At Black Hat USA 2020, Matt Wixey, research lead at PwC U.K., said that it’s something that can be trained.
    Read More
  • Aug 12, 2020 | Bitcoin Mexico

    Blackhat: Innovation and case studies around cybersecurity [Black Hat USA 2020]

    The Blackchat event is a space that for 20 years has been dedicated to solving the doubts that may arise around cybersecurity and presenting innovations and research on the subject of the event.
    Read More
  • Aug 12, 2020 | Avast Blog

    An elections security progress report: Black Hat edition [Black Hat USA 2020]

    As you might expect, the election was a core topic at the virtual Black Hat and DEFCON voting village conferences held in early August. It has become a core feature of “hacker summer camp” to share the latest in election security from the perspective of the professionals doing the work.
    Read More
  • Aug 11, 2020 | Dark Reading

    Researchers Trick Facial-Recognition Systems [Black Hat USA 2020]

    At the Black Hat USA 2020 virtual event last week, researchers from McAfee showed how they were able to use such technologies to successfully trick a facial-recognition system into misclassifying one individual as an entirely different person.
    Read More
  • Aug 11, 2020 | Latest Hacking News

    Spying On Satellite Internet Now Possible With $300 Setup [Black Hat USA 2020]

    Researchers have devised a new strategy for spying on satellite internet traffic. Sharing the details in the recent Black Hat USA 2020, they revealed that anyone with mere home television equipment could intercept satellite internet traffic to snoop into the data.
    Read More
  • Aug 11, 2020 | Bitcoin Mexico

    Researchers discover a bug in Windows and prevent an attack [Black Hat USA 2020]

    " As a bonus, various Windows services loaded our DLL (wbemcomn.dll) as they did not verify the signature and tried to load the DLL from a non-existent path, which means we also got the code executed ," Hadar and Bar said. , who presented their finding at the Blackhat security conference .
    Read More
  • Aug 11, 2020 | Business Next

    Qualcomm, MediaTek Wi-Fi chip found loopholes, signal transmission, data packets may be intercepted [Black Hat USA 2020]

    At the Black Hat USA 2020 security conference held recently, ESET announced the vulnerability of the "Kr00k" variant, and emphasized that the key will be invalidated by disassociation, so that the original WPA2-type encryption protection will lose its function, and it can be blocked through Wi-Fi. The Fi signal transmits the content of the data packet.
    Read More
  • Aug 11, 2020 | EET

    Suspected mainland hackers stealing Taiwan semiconductor secrets, reason: working hours 996 [Black Hat USA 2020]

    A few days ago, the US technology media "Wired" reported that a cybersecurity company called CyCraft in Taiwan revealed at the "Black Hat USA" Black Hat Conference held last week, since the company released it in April this year. Since the white paper on cyber attacks on the semiconductor industry in Taiwan, many responses have been received, showing that at least 7 semiconductor companies in Taiwan have been locked down by the same mainland Chinese hacker group "Chimera".
    Read More
  • Aug 11, 2020 | CCTV News

    The cost of hacking a satellite is only 350,000 won? [Black Hat USA 2020]

    Research results showing that a satellite can be hacked for about $300 (about 350,000 won) is drawing attention from the industry. At'Black Hat 2020', a global information security conference held online from August 1 to 6, University of Oxford academic researcher James Pavur said that satellite Internet communication (ISP) is vulnerable to eavesdropping and signal blocking.
    Read More
  • Aug 11, 2020 | BizTech

    Black Hat 2020: The Security Implications of Disinformation Campaigns [Black Hat USA 2020]

    While this has been a known threat in the public space, businesses are at risk as well. At Black Hat USA 2020, Stanford Internet Observatory Research Manager Renee DiResta said that the vast opportunities of the internet and social media have left us with an avalanche of material at our fingertips, and some of it is ill-intentioned.
    Read More
  • Aug 11, 2020 | Avalanche Noticias

    Chinese hackers target Taiwan's semiconductor factories and look for technology secrets [Black Hat USA 2020]

    Due to the coronavirus pandemic, this year's Black Hat cybersecurity conference was held as an online event. One of the conference participants was CyCraft, whose experts presented an interesting report on the results of the investigation into a series of incidents related to attacks on Taiwanese companies operating in the semiconductor industry.
    Read More
  • Aug 11, 2020 | C-SPAN

    Communicators with Jeff Moss [Black Hat USA 2020]

    Jeff Moss, creator of the cybersecurity and hacker conferences Black Hat and DEF CON, talked about 2020 election security, the Chinese-owned Tik Tok and We Chat social media platforms, and where the internet is heading. Mr. Moss spoke from Singapore.
    Read More
  • Aug 11, 2020 | BTC-ECHO

    Vulnerabilities in popular Bitcoin exchanges revealed [Black Hat USA 2020]

    The Black Hat IT security conference took place at the beginning of the month. Due to the COVID-19 pandemic, this year's event took place online.
    Read More
  • Aug 11, 2020 | heise online

    Forum software vBulletin: New attack technique leverages old security patch [Black Hat USA 2020]

    The researcher apparently decided not to wait for the vBulletin team to publish a patch. In any case, this should be informed or alarmed: Jeff Moss, founder of the IT security conferences Black Hat and Def Con, announced via Twitter that the Def Con forum was already three hours after the PoC code was published in the researcher's blog entry had been attacked.
    Read More
  • Aug 11, 2020 | Linux

    The deplorable situation with satellite Internet security [Black Hat USA 2020]

    Black Hat presented a report on security problems in satellite Internet access systems . The author of the report demonstrated the ability to intercept Internet traffic transmitted through satellite communication channels using a low-cost DVB receiver.
    Read More
  • Aug 11, 2020 | RedesZone

    How they could easily spy on satellite connections [Black Hat USA 2020]

    At the 2020 Black Hat , a computer security researcher from the University of Oxford has shown how it is possible to access confidential information from corporate networks that use satellites to transmit the signal.
    Read More
  • Aug 11, 2020 | TechTarget

    Healthcare CISO offers alternatives to 'snake oil' companies [Black Hat USA 2020]

    Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his Black Hat USA 2020 talk.
    Read More
  • Aug 11, 2020 | Motor1

    Mercedes E-Class Had 19 Security Risks, Which Were Patched Last Year [Black Hat USA 2020]

    According to TechCrunch, the breakdown came from Minrui Yan, head of Sky-Go’s security research team, during this year’s Black Hat security conference. The team found 19 vulnerabilities in a Mercedes E-Class that gave researchers vast control over the vehicle.
    Read More
  • Aug 11, 2020 | Theatpost

    Researcher Publishes Patch Bypass for vBulletin 0-Day [Black Hat USA 2020]

    Indeed, hackers wasted no time in using Etemadieh’s bypass to try to hack into the forum at the DEF CON security conference, according to a post on Twitter by DEFCON and Black Hat founder Jeff Moss. However, administrators quickly applied Etemadieh’s advice to disable PHP to thwart the attack, he tweeted.
    Read More
  • Aug 11, 2020 | Dark Reading

    Is Edtech the Greatest APT? [Black Hat USA 2020]

    High-value users with no control over their infrastructure or security practices seem like characters in a dystopian novel, but Michelle Wolfe, who works with local governments in the UK, spoke at Black Hat USA about students in classrooms using dystopian terms.
    Read More
  • Aug 11, 2020 | Science Blog

    Baking And Boiling Botnets Could Drive Energy Market Swings And Damage [Black Hat USA 2020]

    Evil armies of internet-connected EV chargers, ovens, hot-water heaters, air-conditioners, and other high-wattage appliances could be hijacked to slightly manipulate energy demand, potentially driving price swings and creating financial damage to deregulated energy markets, warns a new report scheduled to be presented Aug. 5 at the Black Hat USA 2020 conference.
    Read More
  • Aug 11, 2020 | Krebs On Security

    Microsoft Patch Tuesday, August 2020 Edition [Black Hat USA 2020]

    Narang said researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 at the Black Hat security conference earlier this month.
    Read More
  • Aug 10, 2020 | The Daily Swig

    Anatomy of a healthcare data breach dissected at Black Hat 2020 [Black Hat USA 2020]

    Insecure technologies are making healthcare organizations easy prey for cybercriminals, as well as lucrative and egregious targets, attendees at Black Hat USA 2020 heard last week.
    Read More
  • Aug 10, 2020 | Xakep

    Chinese experts remotely hacked Mercedes-Benz E-class [Black Hat USA 2020]

    Now Sky-Go experts have finally made their findings public by presenting a talk at the Black Hat conference (this year's event is being held remotely). At the same time, some details of the bugs were deliberately omitted, both to protect Daimler's intellectual property and to prevent exploitation of vulnerabilities.
    Read More
  • Aug 10, 2020 | Dutch IT-Channel

    Chinese state hackers are targeting Taiwanese chip companies [Black Hat USA 2020]

    This is reported by security company CyCraft at the Black Hat conference, which will be held online this year. Wired writes that the attacks are attributed to Chinese hackers for various reasons.
    Read More
  • Aug 10, 2020 | TechCrunch

    The Station: Uber Eats ride, the next micromobility trend, Levandowski's day in court [Black Hat USA 2020]

    The Black Hat security conference is that annual event that reminds me of how vulnerable connected cars can be. This year, security researchers at the Sky-Go Team, the car hacking unit at Qihoo 360, found more than a dozen vulnerabilities in a Mercedes-Benz E-Class car that allowed them to remotely open its doors and start the engine.
    Read More
  • Aug 10, 2020 | heise online

    Black Hat 2020: From DoS to data theft - attacks via PDF documents [Black Hat USA 2020]

    Anyone who feels safe with PDFs compared to Office documents is wrong. Jens Müller showed several possible attacks at Black Hat 2020.
    Read More
  • Aug 10, 2020 | CarBuzz

    Mercedes-Benz E-Class Is Surprisingly Easy To Hack [Black Hat USA 2020]

    During a recent Black Hat cybersecurity conference, Sky-Go demonstrated how these flaws could have been exploited to remotely access a number of the car's functions and even start the engine without even touching the car.
    Read More
  • Aug 10, 2020 | TechTarget

    Games, not shame: Why security awareness training needs a makeover [Black Hat USA 2020]

    Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior.
    Read More
  • Aug 10, 2020 | SDxCentral

    Election 2020: Will Disinformation Trump Election Security? [Black Hat USA 2020]

    Election security took center stage at Black Hat, but not in the usual, who can hack a voting machine way. Hardware and software vulnerabilities still exist. But the COVID-19 pandemic, rampant disinformation campaigns, disenfranchisement, and impatient voters may pose far greater security risks.
    Read More
  • Aug 10, 2020 | Neowin

    Exploring the (lack of) security in a typical Docker and Kubernets installation [Black Hat USA 2020]

    To get up to speed, I signed up for the Black Hat 2020 session entitled, “From Zero to Hero: Pentesting and Securing Docker Swarm and Kubernetes Environments." The course, taught by Sheila A. Berta and Sol Ozzan, literally started with a description of how Docker containers worked and went all the way through a Kubernetes deployment.
    Read More
  • Aug 10, 2020 | Macworld

    Bugs in Office and macOS gave full control of Mac [Black Hat USA 2020]

    Security researcher Patrick Wardle (former NSA hacker and now head of security at Jamf) has an impressive track record for finding flaws security flaws on the Mac platform. His latest report was shared at this year's Black Hat conference (held virtually). He has also published a blog post where he goes in depth into how the attack works.
    Read More
  • Aug 10, 2020 | TechRepublic

    Black Hat 2020: Cybersecurity trends, tools, and threats [Black Hat USA 2020]

    This year’s Black Hat USA 2020 computer security conference was entirely virtual for the first time and took place from August 1-6. This is the 23rd year for the conference, which traditionally takes a close look at some of the top cybersecurity trends.
    Read More
  • Aug 10, 2020 | TechCentral.ie

    Protocol gateway flaws reveal ICS environment weak points [Black Hat USA 2020]

    Security researchers warn about widespread vulnerabilities in protocol gateways, small devices that connect industrial machinery and sensors to TCP/IP networks that are used to automate and control them. New research published by Trend Micro and presented at the Black Hat USA virtual security conference highlights a new threat via protocol translation attacks and reveals nine flaws found in protocol gateways from different vendors.
    Read More
  • Aug 10, 2020 | CSO

    18 (new) ways attackers can compromise email [Black Hat USA 2020]

    Vern Paxson, Professor of Computer Science at UC Berkeley and Co-Founder and Chief Scientist at Corelight, Jianjun Chen, Post-Doc researcher at the International Computer Science Institute and Jian Jiang, Senior Director of Engineering at F5 (Shape Security), presented the result of their research at Black Hat last week in a talk entitled “You Have No Idea Who Sent That Email: 18 Attacks on Email Sender Authentication.”
    Read More
  • Aug 10, 2020 | cryptonews

    Researchers Find Bugs that Could Expose Crypto Wallets on Exchanges [Black Hat USA 2020]

    At a recent Black Hat cybersecurity conference, experts said that some of the issues that affected exchanges have now been fixed – but claimed that others still pose a threat to their owners.
    Read More
  • Aug 10, 2020 | Android Headlines

    Chinese Hackers Steal From Taiwan's Semiconductor Industry [Black Hat USA 2020]

    At the Black Hat security conference, reports will be presented that detail the damage. The report shows that at least seven Taiwanese chip firms over the past two years were compromised by hackers.
    Read More
  • Aug 10, 2020 | Extreme Tech

    Chinese Hackers Infiltrate Taiwanese Semiconductor Companies [Black Hat USA 2020]


    Read More
  • Aug 10, 2020 | Silicon UK

    Researchers Uncover Stuxnet-Style Flaw In Windows [Black Hat USA 2020]

    At the Black Hat USA 2020 security conference Bar and Hadar said the privilege escalation flaw could be used by an attacker who has physical access to a system to gain escalated privileges.
    Read More
  • Aug 10, 2020 | The Daily Swig

    Top hacks from Black Hat and DEF CON 2020 [Black Hat USA 2020]

    As well as tackling core enterprise and web security threats, presenters at both Black Hat and DEF CON 2020 took hacking to weird and wonderful places. Anything with a computer inside was a target – a definition that these days includes cars, ATMs, medical devices, traffic lights, voting systems and much, much more.
    Read More
  • Aug 10, 2020 | WeLiveSecurity

    Black Hat 2020: Fixing voting – boiling the ocean? [Black Hat USA 2020]

    Following the Black Hat keynote about voting security, we wonder how fixing elections might be possible in the next few months amidst pressure of U.S. elections rapidly approaching, requiring massive, coordinated effort at immense expense. Is that possible? If so, how likely?
    Read More
  • Aug 10, 2020 | BleepingComputer

    vBulletin fixes ridiculously easy to exploit zero-day RCE bug [Black Hat USA 2020]

    According to Jeff Moss, aka The Dark Tangent and the creator of the Black Hat and Defcon security conferences, the defcon.org forum was attacked with this exploit three hours after it was disclosed.
    Read More
  • Aug 10, 2020 | SecurityWeek

    Over 30 Vulnerabilities Discovered Across 20 CMS Products [Black Hat USA 2020]

    Muñoz and Mirosh, who presented their findings last week at the Black Hat cybersecurity conference, focused on .NET and Java-based products, and they showed how an unprivileged attacker can escape template sandboxes and achieve remote code execution.
    Read More
  • Aug 10, 2020 | SecurityWeek

    Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight [Black Hat USA 2020]

    The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year.
    Read More
  • Aug 9, 2020 | Cointelegraph

    Researchers Claim Crypto Exchange Hacks Happen in Three Ways [Black Hat USA 2020]

    Researchers at the Black Hat security conference revealed that crypto exchanges might be vulnerable to hackers. Although crypto exchanges have high privacy and security to protect their funds, researchers still found three ways hackers can attack these crypto exchanges, according to Wired on August 9.
    Read More
  • Aug 9, 2020 | WIRED

    Flaws Could Have Exposed Cryptocurrency Exchanges to Hackers [Black Hat USA 2020]

    At the Black Hat security conference on Thursday, researchers detailed potential weaknesses in these specially secured wallet schemes, including some that affected real exchanges that have now been fixed.
    Read More
  • Aug 8, 2020 | SiliconANGLE

    As the pandemic hastens a cyberpunk future, hackers put democracy at risk [Black Hat USA 2020]

    Reflecting on a dystopian future described in a subgenre of science fiction known as “cyberpunk” in the 1980s, a somber Jeff Moss, Black Hat’s founder, opened this year’s all-digital event by capturing the state of computer security in a newly altered world.
    Read More
  • Aug 8, 2020 | WIRED

    Security News This Week: The NSA's Tips to Keep Your Phone From Tracking You [Black Hat USA 2020]

    This week marked the first-ever online-only Black Hat and Defcon security conferences, both of which still produced impactful work despite going remote. But before you dive into everything that's broken, start off with a tale of perseverance that starts with the private keys needed to recover $300,000 of bitcoin trapped in an old zip file.
    Read More
  • Aug 8, 2020 | Dark Reading

    Digital Clones Could Cause Problems for Identity Systems [Black Hat USA 2020]

    The fundamental technologies for creating digital clones of people — text, audio, and video that sound and look like a specific person — have rapidly advanced and are within striking distance of a future in which digital avatars can sound and act like specific people, Tamaghna Basu, co-founder and chief technology officer of neoEYED, a behavioral analytics firm, told attendees at the virtual Black Hat conference on Aug. 6.
    Read More
  • Aug 7, 2020 | BizTech

    Black Hat 2020: Security Needs Better Data for Better Policies [Black Hat USA 2020]

    But what if the information they’re basing their decisions on is skewed? What if it doesn’t take the right things into consideration? What if the data isn’t accurately represented? That is exactly what is happening when it comes to security, according to research presented this week at Black Hat USA 2020. Virginia Tech University professor and Cyentia Institute co-founder Wade Baker said that some well-known cybersecurity statistics, such as the notion that 60 percent of small businesses close within six months of a data breach, are widely repeated despite the original source of the information being unclear.
    Read More
  • Aug 7, 2020 | SDxCentral

    McAfee Scopes Threat Landscape, Sees Deep Fakes, Zombies [Black Hat USA 2020]

    “I think we’re going to continue to see these more advanced and evolution of [attack] techniques,” Povolny said, during an interview at this week’s virtual Black Hat. “We’re going to see the consistent use of ransomware, we’re going to see the same breaches we’ve been seeing forever. After 20 years, if it’s not changing, it’s not going anywhere for the foreseeable future.”
    Read More
  • Aug 7, 2020 | TechTarget

    Not just politics: Disinformation campaigns hit enterprises, too [Black Hat USA 2020]

    In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises.
    Read More
  • Aug 7, 2020 | PCMag

    Cybersecurity Training? Try the Carrot Instead of the Stick [Black Hat USA 2020]

    Masha Sedova leveraged her experience as a defense analyst for the government and Director of Trust Engagement at Salesforce to co-found Elevate Security, a company dedicated to using behavioral science to change security behaviors in ways that work. Per Sedova’s bio, her company can “transform employees into security super-humans.” In her Black Hat presentation this week, she demonstrated why traditional training doesn
    Read More
  • Aug 7, 2020 | CSO

    Protocol gateway flaws reveal a weak point in ICS environments [Black Hat USA 2020]

    Research presented at this week's Black Hat conference highlights a new threat via protocol translation attacks and reveals 9 flaws found in protocol gateways from different vendors.
    Read More
  • Aug 7, 2020 | PCMag

    Spectra Attack Turns Bluetooth and Wi-Fi Against Each Other [Black Hat USA 2020]

    Our smart devices need to communicate wirelessly and seamlessly with many other devices, in order to be useful. All these devices' radios also need to talk with one another. And that allowed researchers at the Black Hat security conference to show off a new kind of attack they dubbed Spectra.
    Read More
  • Aug 7, 2020 | Cyberscoop

    Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler [Black Hat USA 2020]

    While presenting their findings at the Black Hat hacking conference this week, Hadar and Bar release proof-of-concept code on GitHub designed to help detect attacks on the spooler service.
    Read More
  • Aug 7, 2020 | PCMag

    The Scariest Things We Saw at Black Hat 2020 [Black Hat USA 2020]

    Every year, hackers and researchers flock to Las Vegas for the Black Hat security conference (and some stay on for the free-wheeling DEF CON) to see and share the latest in security research. This year, everyone had to stay at home because of COVID-19, but there was still plenty to be worried about at this year's conference.
    Read More
  • Aug 7, 2020 | TechTarget

    10 years after Stuxnet, new zero-days discovered [Black Hat USA 2020]

    A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020.
    Read More
  • Aug 7, 2020 | Dark Reading

    Researcher Finds New Office Macro Attacks for MacOS [Black Hat USA 2020]

    Microsoft Office is no stranger to vulnerabilities and exploits. Most of those vulnerabilities led from Microsoft Office to Microsoft Windows, but it's possible for an attacker to take an exploit path from Microsoft Office to macOS — a path that Patrick Wardle, principal security researcher at Jamf, discussed in his presentation on Wednesday at Black Hat USA.
    Read More
  • Aug 7, 2020 | Gov InfoSecurity

    Researchers: IoT Botnets Could Influence Energy Prices [Black Hat USA 2020]

    High-wattage IoT devices and appliances, such as connected refrigerators, air conditioners and heaters, could be turned into massive botnets by malicious actors and used to influence energy prices, according to an academic study released at Black Hat 2020.
    Read More
  • Aug 7, 2020 | SecurityWeek

    Chinese Researchers Show How They Remotely Hacked a Mercedes-Benz [Black Hat USA 2020]

    Representatives of Sky-Go and Daimler disclosed the findings this week at the Black Hat cybersecurity conference and published a research paper detailing the findings. However, some information was not made public to protect Daimler’s intellectual property and to prevent malicious exploitation.
    Read More
  • Aug 7, 2020 | SDxCentral

    VMware Reports Destructive Attacks Surge During COVID-19 [Black Hat USA 2020]

    “We noted a dramatic increase in destructive attacks — the use of wipers and ransomware, NotPetya style, within networks,” said Tom Kellermann, head cybersecurity strategist at VMware Carbon Black, during a virtual Black Hat happy hour panel.
    Read More
  • Aug 7, 2020 | Gov InfoSecurity

    Exploring the Forgotten Roots of 'Cyber' [Black Hat USA 2020]

    At the same time, the word cyber arguably points to what is inherently leading-edge and subject to change. Entering the world of cybersecurity today, for example, "you're leaving the reality of what you know, for a fantasy world you know nothing about," Amanda Rousseau, an offensive security engineer at Facebook, said in a keynote speech at last year's Black Hat Europe conference in London.
    Read More
  • Aug 7, 2020 | Washington Post

    The Cybersecurity 202: Trump’s government is working to protect mail voting while Trump attacks it [Black Hat USA 2020]

    About 28 percent of voters cast ballots on such machines in 2016, according to a study by the Pew Research Center. CISA was estimating that figure would drop to about 8 percent in 2020 but it might be even lower because of mail voting, CISA Director Chris Krebs said during an address at the Black Hat cybersecurity conference this week.
    Read More
  • Aug 7, 2020 | PCMag

    Here's a Bright Idea: Use a Lightbulb to Eavesdrop [Black Hat USA 2020]

    The primary question Nassi and his team set out to answer was whether a hanging lightbulb can be used as a microphone—a challenge since "lightbulbs were not exactly designed to be used as microphones," Nassi said at this year's virtual Black Hat conference.
    Read More
  • Aug 7, 2020 | Dark Reading

    Researchers Create New Framework to Evaluate User Security Awareness [Black Hat USA 2020]

    In a presentation at the Black Hat USA event this week, Ron Bitton, principal research manager at BGU's cybersecurity research center, said the framework addresses some of the shortcomings of current approaches to evaluating user security awareness.
    Read More
  • Aug 7, 2020 | The Daily Swig

    Black Hat 2020: xGitGuard uses AI to detect inadvertently exposed data on GitHub [Black Hat USA 2020]

    Security researchers at Comcast have developed a tool that detects organizations’ secrets and user credentials in cases where they inadvertently spill onto GitHub. The tool, called xGitGuard, is designed to be both scalable and rapid. The tool was demonstrated during an Arsenal session at the Black Hat 2020 virtual conference on Thursday (August 7).
    Read More
  • Aug 7, 2020 | Help Net Security

    Researchers flag two zero-days in Windows Print Spooler [Black Hat USA 2020]

    Hadar and Bar shared more information about the two discovered zero-days at Black Hat USA 2020 this week.
    Read More
  • Aug 7, 2020 | The Daily Swig

    When TLS hacks you: Security friend becomes a foe [Black Hat USA 2020]

    During a session entitled ‘When TLS Hacks You’, during the Black Hat virtual conference on Wednesday, Maddux showed how “dangerous properties” of TLS can be abused to target internal services.
    Read More
  • Aug 7, 2020 | OODA Loop

    Satellite Comms Globally Open to $300 Eavesdropping Hack [Black Hat USA 2020]

    At the virtual Black Hat 2020 conference, academic researcher and Oxford University doctoral candidate James Pavur spoke about the risk of satellite hacking. Pavur stated that attackers can use basic home television gear to listen in on internet traffic occurring across the globe, including high-value targets such as shipping fleets and oil installations.
    Read More
  • Aug 7, 2020 | OODA Loop

    Mercedes-Benz E-Series Rife with 19 Bugs [Black Hat USA 2020]

    At Black Hat 2020, a famous cybersecurity conference held virtually this year, researchers explained the process of discovery and disclosure of security flaws found in Mercedes Benz vehicles. Although the flaws have since been fixed, the bugs impacted roughly 2 million Mercedes Benz connected cars before they were patched.
    Read More
  • Aug 7, 2020 | OODA Loop

    Chinese Hackers Have Pillaged Taiwan’s Semiconductor Industry [Black Hat USA 2020]

    Yesterday at the Black Hat security conferences, CyCraft researchers presented details of a previously unknown hacking campaign that compromised Taiwanese chip firms. CyCraft is a Taiwanese cybersecurity firm that has been investigating the campaign, which allegedly compromised at least seven firms over a two year period.
    Read More
  • Aug 7, 2020 | WeLiveSecurity

    Week in security with Tony Anscombe [Black Hat USA 2020]

    This week, the cybersecurity community ‘met up’ at the virtual Black Hat 2020, and ESET researchers elaborated on their discovery of the KrØØk vulnerability, revealing that variants of the same bug also affect Wi-Fi chips produced by other brands.
    Read More
  • Aug 7, 2020 | Channel Futures

    Black Hat: Public Opinion Hacking Hits Fever Pitch [Black Hat USA 2020]

    This week’s virtual Black Hat USA 2020 conference featured a keynote on how information operations are working overtime to manipulate public opinion. Renee DiResta, research manager at Stanford Internet Observatory, heads up research in this area.
    Read More
  • Aug 7, 2020 | The Daily Swig

    Mole in your network: Out-of-band exploitation framework showcased at Black Hat 2020 [Black Hat USA 2020]

    Mole, a new open source framework for identifying and exploiting out-of-band (OOB) application vulnerabilities, was launched at Black Hat 2020 this week.
    Read More
  • Aug 7, 2020 | The Daily Swig

    Mole in your network: Out-of-band exploitation framework showcased at Black Hat 2020 [Black Hat USA 2020]

    Mole, a new open source framework for identifying and exploiting out-of-band (OOB) application vulnerabilities, was launched at Black Hat 2020 this week.
    Read More
  • Aug 7, 2020 | Fast Company

    What becoming a poll worker taught me about securing the 2020 election [Black Hat USA 2020]

    In a keynote that opened the Black Hat conference Wednesday, security researcher and Georgetown Law professor of secure systems and cryptology Matt Blaze offered advice for our current situation. But his solution doesn’t center around software or protocols. Instead, it’s all about people.
    Read More
  • Aug 7, 2020 | Forbes

    From Russia With Lure: Why We’re Still Beset By Bots And Trolls Pushing Disinformation [Black Hat USA 2020]

    In a keynote at the Black Hat security conference Thursday, Renee DiResta, research manager at the Stanford Internet Observatory, offered a disinformation dissection that broke down how those two countries have worked to exploit social media and what to watch for as the election nears.
    Read More
  • Aug 7, 2020 | Infosecurity Magazine

    #BHUSA: Researchers Reveal Attacks Against Email Sender Authentication [Black Hat USA 2020]

    The ‘from’ address field in an email is supposed to identify the person that sent an email, but unfortunately that’s not always the case. In a Black Hat USA 2020 virtual conference session researchers outlined 18 different attacks against email sender authentication systems.
    Read More
  • Aug 7, 2020 | Infosecurity Magazine

    #BHUSA: Lack of Electronic Medical Record Security Amplified Opioid Crisis [Black Hat USA 2020]

    According to Mitchell Parker, CISO at Indiana University Health, a small part of the human suffering could have potentially been alleviated, if there was better control and security for Electronic Medical Record (EMR) systems. Parker presented his views during a session at the Black Hat USA 2020 virtual conference, where he outlined what has gone wrong with EMR systems and what can be done to make them more secure.
    Read More
  • Aug 7, 2020 | Infosecurity Magazine

    #BHUSA: How Nation States Hack Public Opinion [Black Hat USA 2020]

    Nation state threat actors, including Russia and China, are using multiple techniques to effectively ‘hack’ public opinion around the world, according to Renée DiResta. DiResta expressed her views in a keynote session at the Black Hat USA 2020 virtual conference.
    Read More
  • Aug 7, 2020 | Inside Cybersecurity

    Black Hat keynoter DiResta: Disinformation an effective, readily available tool for cyber adversaries [Black Hat USA 2020]

    She spoke Thursday on “Hacking Public Opinion,” on the final day of the all-digital Black Hat USA 2020. Cyber researcher Matt Blaze delivered the keynote on Wednesday, discussing election security challenges including securing software.
    Read More
  • Aug 6, 2020 | SC Magazine

    What security functions should small medical providers outsource? [Black Hat USA 2020]

    Lamenting the recent scourge of ransomware and data breach attacks against health care organizations, along with what he believes is lack of specific cybersecurity guidance and an overabundance of “snake oil” infosec companies that provide expensive risk assessments “while not delivering anything of value,” Parker presented a series of recommendations for smaller medical providers in a presentation at the 2020 virtual Black Hat conference.
    Read More
  • Aug 6, 2020 | The Daily Swig

    Spooler alert: A decade after Stuxnet, Windows printer component still a playground for zero-days [Black Hat USA 2020]

    Revisiting their discovery at the virtual Black Hat USA 2020 today, a pair of security researchers said they were astounded to find that the flaws in the Windows print spooler component were still exploitable, using fresh techniques.
    Read More
  • Aug 6, 2020 | Container Journal

    Palo Alto Networks Discloses Kata Container Flaws [Black Hat USA 2020]

    At the online Black Hat USA 2020 conference today, researchers from the Unit 42 arm of Palo Alto Networks disclosed how they had enabled malicious code to escape from a Kata Container runtime environment that makes use of lightweight virtual machines to isolate workloads.
    Read More
  • Aug 6, 2020 | Threatpost

    Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack [Black Hat USA 2020]

    That’s the word from James Pavur, an academic researcher and doctoral candidate at Oxford University, speaking at Black Hat 2020 on Wednesday.
    Read More
  • Aug 6, 2020 | Dark Reading

    Why Satellite Communication Eavesdropping Will Remain A Problem [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Dark Reading

    Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | GCN

    What will it take for a secure election? [Black Hat USA 2020]

    The virus "added a whole new set of concerns that were always there, but that got brought very sharply into focus" such as how to conduct voting in a state of emergency and what exceptions to make, said computer scientist and election security expert Matt Blaze during a speech at the Black Hat cybersecurity conference this week.
    Read More
  • Aug 6, 2020 | Dark Reading

    Information Operations Spotlighted at Black Hat as Election Worries Rise [Black Hat USA 2020]

    While the Russian government spends a fraction of the People's Republic of China on overt state-sponsored media properties, the covert activities targeting Western democracies and other rivals is "best-in-class," Renée DiResta, a research manager at the Stanford Internet Observatory, told attendees during an Aug. 6 keynote on information operations at virtual Black Hat USA.
    Read More
  • Aug 6, 2020 | WIRED

    Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry [Black Hat USA 2020]

    "This is very much a state-based attack trying to manipulate Taiwan's standing and power," says Chad Duffy, one of the CyCraft researchers who worked on the company's long-running investigation. The sort of wholesale theft of intellectual property CyCraft observed "fundamentally damages a corporation's entire ability to do business," adds Chung-Kuan Chen, another CyCraft researcher who will present the company's research at Black Hat today. "It's a strategic attack on the entire industry."
    Read More
  • Aug 6, 2020 | Theatpost

    Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs [Black Hat USA 2020]

    Researchers say the flaws, detailed at Black Hat USA on Thursday, potentially impacted over 2 million Mercedes-Benz connected cars before they were fixed.
    Read More
  • Aug 6, 2020 | Cyberscoop

    Hacking group has hit Taiwan's prized semiconductor industry, Taiwanese firm says [Black Hat USA 2020]

    “Based on the stolen data, we infer that the actor’s goal was to harvest company trade secrets,” CyCraft wrote in a report they are presenting Thursday at the 2020 Black Hat security conference.
    Read More
  • Aug 6, 2020 | ZDNet

    Black Hat: Hackers are using skeleton keys to target chip vendors [Black Hat USA 2020]

    At Black Hat USA on Thursday, CyCraft Technology researchers Chung-Kuan Chen and Inndy Lin described a set of attacks believed to have been conducted by the same Chinese APT group in the quest for semiconductor designs, source code, software development kits (SDKs), and other proprietary information.
    Read More
  • Aug 6, 2020 | TechCrunch

    Security bugs let these car hackers remotely control a Mercedes-Benz [Black Hat USA 2020]

    Since then, the car hacking world has bustled with security researchers looking to find new bugs — and ways to exploit them — in a new wave of internet-connected cars that have only existed the past decade. This year’s Black Hat security conference — albeit virtual, thanks to the coronavirus pandemic — is no different.
    Read More
  • Aug 6, 2020 | PCMag

    How to Be a Better Security Problem Solver [Black Hat USA 2020]

    His Thursday talk fell in the Black Hat conference’s Human Factors track, which has been growing in popularity the last several years. Most talks in this track involve guiding employees into doing the right thing security-wise, or devising systems that work even when employees do the wrong thing. With this session, Wixey focused on honing the skills of the security elite—a refreshing change.
    Read More
  • Aug 6, 2020 | Security Boulevard

    Live from Black Hat: Healthscare – An Insider’s Biopsy of Healthcare Application Security with Seth Fogie [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Dark Reading

    A Mix of Optimism and Pessimism for Security of the 2020 Election [Black Hat USA 2020]

    DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election.
    Read More
  • Aug 6, 2020 | The Washington Times

    State Dept. offers $10 million reward for info on cyberattackers targeting US elections [Black Hat USA 2020]

    Nearly a third of cybersecurity experts and hackers attending the Black Hat USA 2020 conference think cyberattacks and disinformation will ensure the upcoming election’s results will “always be in doubt,” according to a survey of 273 attendees conducted in advance of the conference.
    Read More
  • Aug 6, 2020 | PCMag

    How Security Research Can Get You Arrested [Black Hat USA 2020]

    Hiring a red team is a common practice among security-conscious companies and government entities. Getting the red team arrested on federal felony charges is not common, but that’s what happened to two security experts from Coalfire Systems. They presented their cautionary tale, along with a call for action, at this week's virtual Black Hat conference.
    Read More
  • Aug 6, 2020 | Dark Reading

    Platform Security: Intel Pushes to Reduce Supply Chain Attacks [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | PCMag

    Are Police Spying on Your Phone? Ask the Crocodile Hunter [Black Hat USA 2020]

    Nefarious devices have long masqueraded as cell towers in a bid to intercept data from mobile devices. But at this week's (virtual) Black Hat, Cooper Quintin, Senior Staff Technologist at the Electronic Frontier Foundation, outlined a way to detect these bogus base stations, and offered suggestions on how to prevent their use altogether.
    Read More
  • Aug 6, 2020 | PCMag

    Election Day 2020: Why security experts predict a chaotic mess [Black Hat USA 2020]

    This fall's U.S. presidential election may end up being a chaotic mess that won't yield a winner on Election Night, three election-security experts told the Black Hat 2020 security conference during its opening day Wednesday (Aug. 5).
    Read More
  • Aug 6, 2020 | PCMag

    Coronavirus Borked the 2020 Election, But We Can Still Save It [Black Hat USA 2020]

    At the Black Hat security conference, security researcher Matt Blaze outlines the difficulty of securing US elections in unprecedented times.
    Read More
  • Aug 6, 2020 | PCMag

    Sensitive Satellite Internet Data Is Easily Accessible, If You Know Where to Look [Black Hat USA 2020]

    At Black Hat, an Oxford University student outlines how his team intercepted unencrypted satellite internet data across a 'massive attack area' from government agencies, major shipping companies, Greek billionaires, and more.
    Read More
  • Aug 6, 2020 | Dark Reading

    New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet [Black Hat USA 2020]

    "We started digging in, looking at the original Stuxnet propagation, and then we found out there were problems. ... We decided to take the Spooler service to the next level, and eventually we found it was not fully patched," explains Tomer Bar, research team leader at Safe Breach, who along with his colleague Peleg Hadar found the flaws that they plan to detail today at Black Hat USA.
    Read More
  • Aug 6, 2020 | TechTarget

    Voting vendor ES&S unveils vulnerability disclosure program [Black Hat USA 2020]

    At Black Hat USA 2020 Wednesday, Chris Wlaschin, vice president of systems security for Election Systems & Software, (ES&S) formally announced the voting-machine manufacturer's vulnerability disclosure program, which aims to strengthen election security by working with independent security researchers.
    Read More
  • Aug 6, 2020 | SecurityWeek

    Researcher Discovers New HTTP Request Smuggling Attack Variants [Black Hat USA 2020]

    Klein told SecurityWeek ahead of his talk on HTTP request smuggling at the Black Hat conference that an attacker needs to find combinations of web servers and proxy servers with “matching” vulnerabilities in order to launch an attack, which makes it difficult to determine exactly how many servers are impacted.
    Read More
  • Aug 6, 2020 | BleepingComputer

    Unpatched bug in Windows print spooler lets malware run as admin [Black Hat USA 2020]

    Hadar and Bar will present their findings on Thursday at the Black Hat USA security conference.
    Read More
  • Aug 6, 2020 | TechXplore

    30-year-old file format behind MacOS hack [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | NHK

    Internet communication via satellite “Danger of leakage” pointed out by a British researcher [Black Hat USA 2020]

    It was held online at the world's largest international cybersecurity conference, "Blackhat," reported by James Pavo of Oxford University on Thursday.
    Read More
  • Aug 6, 2020 | Dark Reading

    A Real-World Tool for Organizing, Integrating Your Other Tools [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | ZDNet

    Black Hat: Entropy - the solution to malvertising and malspam? [Black Hat USA 2020]

    Speaking to attendees of Black Hat USA on Thursday, lead Cisco threat researcher Shyam Sundar Ramaswami revealed recent uses of steganography to hide malicious payloads in connection to the COVID-19 pandemic.
    Read More
  • Aug 6, 2020 | TechTarget

    CISA chief: Ransomware could threaten election security [Black Hat USA 2020]

    During a Black Hat USA 2020 session, CISA Chief Christopher Krebs said ransomware attacks on city, state and local governments are a major concern for election security.
    Read More
  • Aug 6, 2020 | Dark Reading

    Energy Market Manipulation with High-Wattage IoT Botnets [Black Hat USA 2020]

    Attackers that can compromise enough products such as smart ACs and heaters can tweak power demand in subtle ways for financial gain or to hurt market players, researchers at Black Hat say.
    Read More
  • Aug 6, 2020 | Krytech

    HTTP Request Smuggling now has 4 New Variants – Cyber Security Research 2020 [Black Hat USA 2020]

    HTTP Request smuggling attack now has four new variants and this was identified thanks to the new research presented by Amit Klein (VP of Security Research at SafeBreach) thus confirming the findings today at Black Hat Security Conference.
    Read More
  • Aug 6, 2020 | heise online

    Black Hat 2020: Temi assistant robot has serious security gaps [Black Hat USA 2020]

    For the IT security experts, this was reason enough to get one of the robots, test their network capabilities and, for example, also take a close look at the firmware and update procedures. As they explained on Thursday at the Black Hat hacker conference held virtually this year and in a technical report , they quickly came across massive targets.
    Read More
  • Aug 6, 2020 | Theatpost

    Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros [Black Hat USA 2020]

    The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at Black Hat USA 2020, runs macros without an alert or prompt from the Microsoft Office application that prompts explicit user approval – meaning that when a user opens the document, the macro is automatically executed.
    Read More
  • Aug 6, 2020 | ZDNet

    What happened when Black Hat went virtual [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Security Weekly

    How We Can Effectively Solve For Human Risk In Our Organizations - Masha Sedova - BH2020 [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | TechTarget

    Ripple20 vulnerabilities still plaguing IoT devices [Black Hat USA 2020]

    Months after Ripple20 vulnerabilities were reported, things haven't gotten much better, say experts at Black Hat USA 2020. In fact, the world may never be fully rid of the flaws.
    Read More
  • Aug 6, 2020 | The Daily Swig

    Tool that turns Domain Name System into a security layer unveiled at Black Hat 2020 [Black Hat USA 2020]

    Vadim Pavlov, Senior Security Product Manager, at Infoblox, outlined the benefits of ioc2rpz service as a defense against malware the during an Arsenal session of the Black Hat conference yesterday (August 5).
    Read More
  • Aug 6, 2020 | ExecutiveBiz

    Election Systems & Software Unveils Vulnerability Disclosure Policy; Chris Wlaschin Quoted [Black Hat USA 2020]

    The new policy announced at the virtual Black Hat conference will provide ES&S 90 days to address the cyber vulnerabilities before security researchers can publicly report those issues.
    Read More
  • Aug 6, 2020 | Dark Reading

    Ripple20: More Vulnerable Devices Identified [Black Hat USA 2020]

    JSOF researchers shared their findings this week at the virtual Black Hat USA conference, with a technical deep dive into DNS vulnerability CVE-2020-11901. The remote code execution (RCE) flaw has a CVSS score of 9.0 and can be triggered by answering a single DNS request made from the device.
    Read More
  • Aug 6, 2020 | PCMag

    Your Personal Health Data Is Not Safe [Black Hat USA 2020]

    You go to the doctor to get well, or check your health. You don’t expect the doctor’s apps to expose your privacy. But they do, as Penn Medicine's Information Security Director outlined at Black Hat
    Read More
  • Aug 6, 2020 | Security Weekly

    Hiding Process Memory Via Anti-Forensic Techniques - Frank Block - BH20 #4 [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Infosecurity Magazine

    #BHUSA: How Public Standards Help to Enable Financial Fraud [Black Hat USA 2020]

    In a session at the Black Hat USA 2020 virtual conference on August 5, Kevin Perlow, technical intelligence team lead for one of the largest banks in the US, explained how cyber-attackers are using public standards for financial transactions to enable multiple forms of fraud.
    Read More
  • Aug 6, 2020 | Journal of Cyber Policy

    BLACK HAT 2020 KEYNOTE: STRESS-TESTING DEMOCRACY [Black Hat USA 2020]

    Black Hat 2020 is all-virtual, which I rather like. The fog machines and laser shows are good eye candy, but they distract us from what event founder Jeff Moss calls Black Hat’s “community of ideas.” People were watching from 117 countries, ready to dig into dozens of online presentations.
    Read More
  • Aug 6, 2020 | Inside Cybersecurity

    Election security depends on addressing software issues, says Black Hat keynoter Matt Blaze [Black Hat USA 2020]

    Cyber researcher Matt Blaze, in an opening keynote at the all-virtual Black Hat USA 2020, framed election security as largely a software issue and said solutions are available between the extremes of completely eliminating computers from the process or going all-in with a blockchain approach.
    Read More
  • Aug 6, 2020 | International Business Times

    $10 Million Reward For Info Foreign Hackers Trying To Interfere With US Election [Black Hat USA 2020]

    “On the election infrastructure targeting, there is just not near anything of what we were seeing in 2016,” Krebs said during a virtual Black Hat cybersecurity conference. “Shifting over to the disinformation space and the potential for hack and leak, Russia has never taken its foot off the gas, China’s in the game, Iran’s in the game, so I just really encourage everyone to pay attention to your sources of information, think before you click, think before you share.”
    Read More
  • Aug 6, 2020 | Infosecurity Magazine

    #BHUSA: Can the US Election be Held During the Pandemic? [Black Hat USA 2020]

    The Black Hat USA 2020 virtual conference kicked off on August 5 with a keynote session exploring the challenges of modern election security in the US and the impact of the COVID-19 pandemic.
    Read More
  • Aug 6, 2020 | The Daily Swig

    Black Hat 2020: Threagile toolkit enables code-driven threat modeling [Black Hat USA 2020]

    ‘Threat modelling as code’ is poised to supplant whiteboard diagrams as the definitive AppSec risk mapping paradigm, Black Hat USA attendees heard yesterday.
    Read More
  • Aug 6, 2020 | ZDNet

    How hackers could spy on satellite internet traffic with just $300 of home TV equipment [Black Hat USA 2020]

    PhD candidate in the Department of Computer Science James Pavur revealed his research at the Black Hat USA virtual conference after previously disclosing his findings to the affected parties in order to help them improve security.
    Read More
  • Aug 6, 2020 | Theatpost

    U.S. Offers Reward of $10M for Info Leading to Discovery of Election Meddling [Black Hat USA 2020]

    The COVID-19 pandemic has created new concerns in the upcoming election. Election security has been a hot topics at this year’s Black Hat USA 2020, which is being held this week for the first time virtually due to the pandemic.
    Read More
  • Aug 6, 2020 | Dark Reading

    Getting to the Root: How Researchers Identify Zero-Days in the Wild [Black Hat USA 2020]

    "We care a lot about making it harder for people to exploit users using zero-days," said Google Project Zero researcher Maddie Stone in a Black Hat presentation on the topic. "When zero-day exploits are detected in the wild, that's the failure case for these attackers. And so we need to learn as much as possible each time that happens."
    Read More
  • Aug 6, 2020 | Defense One

    Deepfakes Are Getting Better, Easier to Make, and Cheaper [Black Hat USA 2020]

    In the paper published online today and presented (virtually) at the cybersecurity conference Black Hat, researchers Philip Tully and Lee Foster write that it takes thousands of dollars and weeks to produce new software tools for synthetic media generation.
    Read More
  • Aug 6, 2020 | Infosecurity Magazine

    #BHUSA: Android Phones at Risk of BlueRepli Bluetooth Attack [Black Hat USA 2020]

    There has been no shortage of Bluetooth related attacks disclosed in recent years, including BlueBorne and BadBlueTooth among numerous others. At the Black Hat USA 2020 virtual event on August 5, a new attack was added to the list of Bluetooth vulnerabilities, with the public disclosure of BlueRepli.
    Read More
  • Aug 6, 2020 | The Daily Swig

    Black Hat 2020: New HTTP request smuggling variants levied against modern web servers [Black Hat USA 2020]

    Four new variants of HTTP request smuggling attacks were disclosed at Black Hat USA yesterday (August 6).
    Read More
  • Aug 6, 2020 | Threatpost

    Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem [Black Hat USA 2020]

    The use of social media to sway opinion, sow division and hurt reputations is now part of a threat-actor’s playbook, according DiResta. During a keynote address at Black Hat on Thursday entitled “Hacking Public Opinion,” she said threat actors are fine-tuning these attacks.
    Read More
  • Aug 6, 2020 | The Daily Swig

    Black Hat USA: Open source post-exploitation framework automates silent RCE attacks on Windows devices [Black Hat USA 2020]

    A security tool designed to enable the complete remote takeover of a victim’s desktop was presented at Black Hat USA yesterday (August 5).
    Read More
  • Aug 6, 2020 | OODA Loop

    Linux Spyware Stack Ties Together 5 Chinese APTs [Black Hat USA 2020]

    On Wednesday, BlackBerry released an analysis to the Black Hat 2020 conference group in which evidence linking five Chinese APT groups was presented. The five groups are allegedly splinters of the Winnti group, which is a supply-chain specialist threat actor group.
    Read More
  • Aug 6, 2020 | The Daily Swig

    US government offers $10 million reward for information on cyber interference in elections [Black Hat USA 2020]

    Yesterday, attendees at the annual Black Hat USA conference heard cryptographer Matt Blaze discuss the pitfalls of current voting systems.
    Read More
  • Aug 6, 2020 | Xakep

    EtherOops Attack Exploits Ethernet Cabling Issues [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Security Weekly

    JavaScript Security - Taemin Park - BH2020 [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Dark Reading

    The Long Shadow of Stuxnet: New Microsoft Print Spooler Vulns Revealed [Black Hat USA 2020]


    Read More
  • Aug 5, 2020 | The Register

    America was getting on top of its electronic voting machine security – then suddenly... A wild pandemic appears [Black Hat USA 2020]

    Just as America was getting a grip on improving the security of its electronic ballot boxes, the coronavirus pandemic hit, throwing a potential surge in remote voting unexpectedly into the mix, the Black Hat hacking conference was told today.
    Read More
  • Aug 5, 2020 | The Register

    Ever wonder how a pentest turns into felony charges? Coalfire duo explain Iowa courthouse arrest debacle [Black Hat USA 2020]

    Part of the problem, the two professional attackers told the Black Hat online conference today, was the imprecise terms of the penetration tests Coalfire was hired to perform at the request of the US state of Iowa.
    Read More
  • Aug 5, 2020 | Dark Reading

    Tales from the Trenches Show Security Issues Endemic to Healthcare [Black Hat USA 2020]

    As the chief information security officer for Indiana University Health, he has seen a spectrum of issues: information overload from risk assessments, ancient — in Internet years — computers managing physical systems and devices, a chaotic mess of password systems that don't interoperate, and legacy data that cannot be decrypted, he said during a virtual Black Hat USA presentation on Aug. 5.
    Read More
  • Aug 5, 2020 | Channel Futures

    Black Hat: Election Security Issues Aplenty with ‘Interference,’ ‘Lots of Misinformation’ [Black Hat USA 2020]

    This week’s virtual Black Hat USA 2020 conference kicked off with a call to arms for cybersecurity professionals to help with election security issues this November.
    Read More
  • Aug 5, 2020 | Ars Technica

    Insecure satellite Internet is threatening ship and plane safety [Black Hat USA 2020]

    In a briefing delivered on Wednesday at the Black Hat security conference online, researcher and Oxford Ph.D. candidate James Pavur presented findings that show that satellite-based Internet is putting millions of people at risk, despite providers adopting new technologies that are supposed to be more advanced.
    Read More
  • Aug 5, 2020 | Apple Insider

    Now-fixed exploit used Microsoft Office macros to hack macOS [Black Hat USA 2020]

    The exploit was developed by Jamf security engineer and ex-NSA hacker Patrick Wardle, who has long specialized in hacking Macs. Wardle showed off the attack method at the Black Hat 2020 security conference Wednesday.
    Read More
  • Aug 5, 2020 | Cyberscoop

    Researchers found another way to hack Android cellphones via Bluetooth [Black Hat USA 2020]

    Attackers looking to steal sensitive information like contacts, call history, and SMS verification codes from Android devices only need to target Bluetooth protocols, according to new DBAPPSecurity research presented at the 2020 Black Hat conference Wednesday.
    Read More
  • Aug 5, 2020 | The Hill

    Top federal official says 'more details coming' on foreign election interference [Black Hat USA 2020]

    “That was the beginning of a conversation with the American people about these threats, about the risks we face, more is absolutely coming, more details and more granular information,” Krebs said during the virtual Black Hat cybersecurity conference.
    Read More
  • Aug 5, 2020 | FCW

    'Unprecedented' challenges to safe, secure 2020 vote [Black Hat USA 2020]

    The virus "added a whole new set of concerns that were always there, but that got brought very sharply into focus" such as how to conduct voting in a state of emergency and what exceptions to make, said computer scientist and election security expert Matt Blaze during a speech at Black Hat this week.
    Read More
  • Aug 5, 2020 | The Daily Swig

    ATTPwn: Adversary emulation tool allows pen testers to identify security holes before attackers do [Black Hat USA 2020]

    A new security tool designed to emulate adversaries conducting malware campaigns or probing networks for secrets was presented at Black Hat USA today.
    Read More
  • Aug 5, 2020 | TechTarget

    Matt Blaze warns of election security challenges amid COVID-19 [Black Hat USA 2020]

    In his Black Hat USA 2020 keynote, Security researcher Matt Blaze discussed the challenges facing U.S. elections this year and what must be done to solve them.
    Read More
  • Aug 5, 2020 | The Daily Swig

    KubiScan: Open source Kubernetes security tool showcased at Black Hat 2020 [Black Hat USA 2020]

    On the opening morning of Black Hat 2020’s virtual Arsenal program, security researcher Eviatar Gerzi explained how KubiScan trawls Kubernetes environments for risky permissions that attackers could potentially exploit to compromise the clusters.
    Read More
  • Aug 5, 2020 | ZDNet

    New EtherOops attack takes advantage of faulty Ethernet cables [Black Hat USA 2020]

    Tomorrow at the Black Hat USA security conference, security researchers from IoT research outfit Armis are set to present details about a new technique that can be used to attack devices located inside internal corporate networks.
    Read More
  • Aug 5, 2020 | Dark Reading

    Attack of the Clone: Next-Gen Social Engineering [Black Hat USA 2020]

    NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.
    Read More
  • Aug 5, 2020 | Dark Reading

    Tales from the Trenches Show Security Issues Endemic to Healthcare [Black Hat USA 2020]

    As the chief information security officer for Indiana University Health, he has seen a spectrum of issues: information overload from risk assessments, ancient — in Internet years — computers managing physical systems and devices, a chaotic mess of password systems that don't interoperate, and legacy data that cannot be decrypted, he said during a virtual Black Hat USA presentation on Aug. 5.
    Read More
  • Aug 5, 2020 | WIRED

    Cheap, Easy Deepfakes Are Getting Closer to the Real Thing [Black Hat USA 2020]

    THERE ARE MANY photos of Tom Hanks, but none like the images of the leading everyman shown at the Black Hat computer security conference Wednesday: They were made by machine-learning algorithms, not a camera.
    Read More
  • Aug 5, 2020 | Dark Reading

    SynerComm Reboots a Security Staple with 'Continuous' Pen Testing [Black Hat USA 2020]


    Read More
  • Aug 5, 2020 | Dark Reading

    Building Cybersecurity Strategies in Sub-Saharan Africa [Black Hat USA 2020]

    Evelyn Kilel and Laura Tich of Shehacks Ke discuss how they are working to build cybersecurity strategies that suit the needs and capabilities of developing nations.
    Read More
  • Aug 5, 2020 | SC Magazine

    ‘We want to have more protection’: Arrested pen testers push for Good Samaritan law [Black Hat USA 2020]

    Coalfire employees Gary DeMercurio, managing senior, and Justin Wynn, senior security consultant, lobbied Wednesday at the virtual Black Hat conference for a Good Samaritan law that would protect their industry peers from the kind of overzealous prosecution they say they experienced for roughly five months, after a local sheriff had them arrested on Sept. 11, 2019 for alleged third-degree burglary.
    Read More
  • Aug 5, 2020 | Dark Reading

    What a Security Engineer & Software Engineer Learned by Swapping Roles [Black Hat USA 2020]

    As part of the swap, principal security engineer Craig Ingram was dropped into the Salesforce runtime team. Principal infrastructure engineer Camille Mackinnon joined the platform security assessment team. In a Black Hat briefing on Aug. 5, the two shared stories and lessons learned.
    Read More
  • Aug 5, 2020 | WIRED

    Voting Machine Makers Are Finally Playing Nice With Hackers [Black Hat USA 2020]

    At the Black Hat security conference today, Chris Wlaschin, vice president of systems security and chief information security officer of the election technology giant ES&S, and Mark Kuhr, chief technology officer of the security firm Synack, detailed how the two companies would work together to allow for so-caled penetration testing on some ES&S products—and pointed to the larger project of bridging the longstanding gap between their two worlds.
    Read More
  • Aug 5, 2020 | Threatpost

    Black Hat 2020: Scaling Mail-In Voting Spawns Broad Challenges [Black Hat USA 2020]

    Security researcher Matt Blaze opened Black Hat 2020 with a call-to-arms for cybersecurity experts, asking them during his keynote to leverage their passion for election security to help secure the upcoming U.S. presidential elections, which will likely be a mostly vote-by-mail affair.
    Read More
  • Aug 5, 2020 | The Daily Swig

    Black Hat 2020: Web cache poisoning offers fresh ways to smash through the web stack [Black Hat USA 2020]

    The potentially devastating consequences of attacks against contemporary web caches were once again pulled into stark focus at Black Hat USA this week, as security researcher James Kettle documented his ongoing study in the field.
    Read More
  • Aug 5, 2020 | The Daily Swig

    How do you solve a problem like election security? Matt Blaze tackles the age-old question at Black Hat 2020 [Black Hat USA 2020]

    Matt Blaze provided a Black Hat 2020 keynote on election security Confidence in the outcome of an election increasingly depends on the integrity of the voting systems themselves, cryptographer Matt Blaze told Black Hat 2020 attendees today.
    Read More
  • Aug 5, 2020 | SDxCentral

    Why Cisco Duo’s on a Quest to Kill the Password [Black Hat USA 2020]

    However, while it’s highly irrational and unlikely to happen, this innate fear of losing fingers and eyeballs proves Goerlich’s point, which he hopes to hammer home during his Black Hat session about passwordless security. “What can we do from an enterprise security perspective to increase the trust in passwordless authentication? That’s what’s important right now.”
    Read More
  • Aug 5, 2020 | ZDNet

    Black Hat: When penetration testing earns you a felony arrest record [Black Hat USA 2020]

    Speaking at Black Hat USA on Wednesday, Demercurio and Wynn said that after-hours testing, at night, was originally only what the client wanted -- and this was then extended to day and evening testing.
    Read More
  • Aug 5, 2020 | The Washington Times

    Cybersecurity professionals: Upcoming elections vulnerable to hackers [Black Hat USA 2020]

    The organizers of the Black Hat USA 2020 cybersecurity conference found that 31% of those attending think the level of cyberattacks and disinformation will be so great that the election results will “always be in doubt,” according to a survey of 273 attendees conducted in advance of the conference.
    Read More
  • Aug 5, 2020 | Threatpost

    Black Hat 2020: Open-Source AI to Spur Wave of ‘Synthetic Media’ Attacks [Black Hat USA 2020]

    At a Wednesday session at Black Hat USA 2020, researchers with FireEye demonstrated how freely-available, open-source tools – which offer pre-trained natural language processing, computer vision, and speech recognition tools – can be used to create malicious the synthetic media.
    Read More
  • Aug 5, 2020 | Fox News

    Hackers encouraged to breach US voting technology to test security before election day [Black Hat USA 2020]

    Election Systems & Software LLC Chief Information Security Officer Chris Wlaschin on Wednesday is expected to unveil an outreach program to security researchers during the annual Black Hat USA convention for hackers, which will be hosted remotely this year amid the coronavirus pandemic, the Wall Street Journal first reported.
    Read More
  • Aug 5, 2020 | iPhone in Canada

    Former NSA Hacker to Demonstrate How to Hack Mac Users Via Microsoft Office [Black Hat USA 2020]

    During the annual Black Hat security conference, which is being held online this year due to the COVID-19 pandemic, security researcher and former NSA hacker Patrick Wardle will demonstrate how he was able to create a chain of exploits that can take control of a Mac by simply convincing the target to open a Microsoft Office file.
    Read More
  • Aug 5, 2020 | Dark Reading

    How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis [Black Hat USA 2020]

    Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
    Read More
  • Aug 5, 2020 | Nextgov

    CISA Director Identifies Main Targets of Russian Adversaries in Election Security Efforts [Black Hat USA 2020]

    Interagency collaboration has informed a focus on defending election night reporting and voter registration databases from ransomware attacks by Russian adversaries, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs told attendees of the annual Black Hat information security conference Wednesday.
    Read More
  • Aug 5, 2020 | Veracode

    Live From Black Hat: Stress-Testing Democracy - Election Integrity During a Global Pandemic with Matt Blaze [Black Hat USA 2020]

    Matt Blaze, this year’s Black Hat keynote speaker, is a researcher in the areas of secure systems, cryptography, and trust management. He is currently the McDevitt Chair of Computer Science and Law at Georgetown University.
    Read More
  • Aug 5, 2020 | ZDNet

    Black Hat: How your pacemaker could become an insider threat to national security [Black Hat USA 2020]

    At Black Hat USA on Wednesday, Dr. Alan Michaels, Director of the Electronic Systems Lab at the Hume Center for National Security and Technology at the Virginia Polytechnic Institute and State University, echoed the same sentiment.
    Read More
  • Aug 5, 2020 | ZDNet

    Black Hat: How hackers gain root access to SAP enterprise servers through SolMan [Black Hat USA 2020]

    Speaking at Black Hat USA on Wednesday, Onapsis cybersecurity researchers Pablo Artuso and Yvan Genuer explained how the bugs were found in SAP Solution Manager (SolMan), a system comparable to Windows Active Directory.
    Read More
  • Aug 5, 2020 | CNET

    Coronavirus brings election security threats. Experts say tech community must help [Black Hat USA 2020]

    Election security, meet the coronavirus pandemic. That was the theme of the Black Hat security conference Wednesday, a meeting of cybersecurity experts from around the world that is taking place virtually this year to help limit the spread of COVID-19.
    Read More
  • Aug 5, 2020 | MacRumors

    Security Researcher Shows Off Now-Fixed macOS Hack That Used Microsoft Office [Black Hat USA 2020]

    Wardle shared a blog post on the exploit that he found for manipulating Office files to impact Macs, which he's highlighting during today's online Black Hat security conference.
    Read More
  • Aug 5, 2020 | Security Weekly

    A Decade After Stuxnet's Printer Vulnerability - Peleg Hadar, Tomer Bar - BH2020 [Black Hat USA 2020]


    Read More
  • Aug 5, 2020 | Dark Reading

    Pen Testers Who Got Arrested Doing Their Jobs Tell All [Black Hat USA 2020]

    De Mercurio and Wynn, who were fully exonerated in January after all charges against them were dropped, today at Black Hat USA Virtual will publicly share the full story of their harrowing experience and how it's shaped new pen-testing engagement protocols at their company — and their advice and recommendations for fellow physical pen testers so they can avoid a similar backlash to their social engineering and physical pen-test engagements.
    Read More
  • Aug 5, 2020 | Spiegel

    The exception hack [Black Hat USA 2020]

    He has now presented his experiment in the virtual edition of the Black Hat IT security conference, which usually takes place every summer in Las Vegas.
    Read More
  • Aug 5, 2020 | BizTech

    Black Hat 2020: CISO Summit Advisory Board Members Reflect on the State of Security [Black Hat USA 2020]

    As part of Black Hat USA 2020, BizTech spoke with advisory board members of the event’s CISO Summit about the state of the industry. Wendy Nather, head of advisory CISOs at Cisco’s Duo Security; Trey Ford, vice president of trust and strategy at Salesforce; and Justine Bone, CEO of MedSec, discussed current security trends, the evolving role of the CISO and what they believe businesses should be preparing for.
    Read More
  • Aug 5, 2020 | Threatpost

    Black Hat 2020: In a Turnaround, Voting Machine Vendor Embraces Ethical Hackers [Black Hat USA 2020]

    Voting machine technology seller Election Systems & Software (ES&S) offered an olive branch to security researchers with new safe harbor terms and vulnerability disclosure policies at Black Hat USA 2020.
    Read More
  • Aug 5, 2020 | Digit

    Meetup Vulnerabilities Help Hackers to Takeover ‘Groups’ on the Platform [Black Hat USA 2020]

    The vulnerabilities, which have now been patched, were discovered at the Black Hat USA 2020 information security event.
    Read More
  • Aug 5, 2020 | Vice Motherboard

    Ex-NSA Hacker Finds a Way to Hack Mac Users Via Microsoft Office [Black Hat USA 2020]

    As it turns out, they could. Wardle published a blog post on Wednesday morning, and will demonstrate his findings during the Black Hat security conference on Wednesday, which is being held online this year due to the coronavirus pandemic.
    Read More
  • Aug 5, 2020 | Tom's Guide

    Mac malware could take over your laptop with a single Microsoft Office file [Black Hat USA 2020]

    Wardle plans to further demonstrate and detail his attack method in a virtual presentation at the Black Hat security conference on August 5.
    Read More
  • Aug 5, 2020 | Decipher

    THE DOH CONTINUES TO RISE [Black Hat USA 2020]

    “Most endpoints are behind an edge network now, so the IP address and the stuff you can get by watching the network connection doesn’t tell you much anymore. So people are turning to DNS for monitoring or infection,” said Eldridge Alexander, security tools manager at Duo, who is speaking about DoH benefits and concerns during the Black Hat conference Wednesday.
    Read More
  • Aug 5, 2020 | TechXplore

    Baking and boiling botnets could drive energy market swings and damage [Black Hat USA 2020]

    Evil armies of internet-connected EV chargers, ovens, hot-water heaters, air-conditioners, and other high-wattage appliances could be hijacked to slightly manipulate energy demand, potentially driving price swings and creating financial damage to deregulated energy markets, warns a new report scheduled to be presented Aug. 5 at the Black Hat U.S. 2020 conference.
    Read More
  • Aug 5, 2020 | WIRED

    Inside the Courthouse Break-In Spree That Landed Two White-Hat Hackers in Jail [Black Hat USA 2020]

    Wynn and DeMercurio spoke to WIRED ahead of a talk they plan to give about their experience at the Black Hat security conference today.
    Read More
  • Aug 5, 2020 | WIRED

    An '80s File Format Enabled Stealthy Mac Hacking [Black Hat USA 2020]

    At the Black Hat security conference today, former NSA hacker Patrick Wardle plans to detail that technique, which exploits a series of vulnerabilities in both Microsoft Office and macOS to gain full access to the target Mac.
    Read More
  • Aug 5, 2020 | Bank InfoSecurity

    A Flaw Used by Stuxnet Wasn't Fully Fixed [Black Hat USA 2020]

    Hadar and his colleague, Tomer Bar, a research team manager at SafeBreach, will present their research Thursday at the Black Hat security conference, which is a virtual event this year due to the pandemic.
    Read More
  • Aug 5, 2020 | Wall Street Journal

    Hackers Get Green Light to Test Election Voting Systems [Black Hat USA 2020]

    With the U.S. presidential election less than three months away, ES&S Chief Information Security Officer Chris Wlaschin on Wednesday will unveil the company’s outreach effort to security researchers at the annual Black Hat hacker convention that is taking place virtually this year, according to ES&S.
    Read More
  • Aug 5, 2020 | Threatpost

    A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return [Black Hat USA 2020]

    During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet’s recent return -and how a cyber vigilante is attempting to thwart the malware’s comeback.
    Read More
  • Aug 5, 2020 | Cyberscoop

    Researchers uncover vulnerabilities in devices used at industrial facilities [Black Hat USA 2020]

    “These devices tend to be overlooked,” said Trend Micro’s Marco Balduzzi, who will present his findings at the Black Hat virtual hacking conference this week. “There are some vendors that are security-conscious and others that are not.”
    Read More
  • Aug 5, 2020 | Security Boulevard

    5 Tools Out of Black Hat to Gain Better IoT Visibility [Black Hat USA 2020]

    Even in the COVID era, August can’t officially start for the cybersecurity community without Black Hat USA researchers offering up some juicy exploit announcements and dropping useful security tools onto GitHub. This year’s event is fully virtual, which means no rockin’ Vegas parties—but still plenty of interesting research lined up.
    Read More
  • Aug 5, 2020 | Inside Cybersecurity

    CISA’s Krebs cites three big changes in ‘night and day’ comparison of election security in ’16, this year [Black Hat USA 2020]

    Krebs spoke today during the opening of the Black Hat USA 2020 virtual briefings, delivering pre-recorded remarks followed by a live chat.
    Read More
  • Aug 5, 2020 | Cyberscoop

    Top voting vendor ES&S publishes vulnerability disclosure policy [Black Hat USA 2020]

    On Wednesday at the Black Hat virtual conference, CISA Director Chris Krebs urged voters to be vigilant in the face of disinformation campaigns and patient in waiting for votes to be counted. “The last measure of resilience in the 2020 election is going to be an informed, patient voter,” he said.
    Read More
  • Aug 5, 2020 | Decipher

    HACKING MEDICAL DEVICES TO HIJACK SECURE FACILITIES [Black Hat USA 2020]

    Michaels described how implanted medical devices—such as pacemakers and insulin pumps— could be compromised to listen to conversations, access classified information, even expose the location of these secure facilities in his presentation at this year’s Black Hat conference (which was offered virtually).
    Read More
  • Aug 4, 2020 | Forbes

    The Cybersecurity World Strives To Fill The Void Of Large Conferences And Events [Black Hat USA 2020]

    I should be in Las Vegas right now at the Black Hat security conference—known affectionately in cybersecurity circles as “Hacker Summer Camp”. I had it penciled in on my calendar since this time last year, but the COVID-19 pandemic derailed the plan.
    Read More
  • Aug 4, 2020 | PC Magazine

    What to Expect at Black Hat 2020 [Black Hat USA 2020]

    While Black Hat lasts a week, most of that time is devoted to training sessions that help researchers hone their skills. The two days of Black Hat briefings, open to the press and others, are where the latest revelations come to light. Each day has a keynote, and both keynotes relate to election security.
    Read More
  • Aug 4, 2020 | WIRED

    Decades-Old Email Flaws Could Let Attackers Mask Their Identities [Black Hat USA 2020]

    At the Black Hat security conference on Thursday, researchers will present "darn subtle" flaws in industry-wide protections used to ensure that emails come from the address they claim to.
    Read More
  • Aug 4, 2020 | Bloomberg

    Robots Running the Industrial World Are Open to Cyber Attacks [Black Hat USA 2020]

    “Attacks on industrial environments in these sectors could have serious consequences, including operational failure, physical damage, environmental harm and injury or loss of life,” according to Federico Maggi, a researcher at Trend Micro Inc., and Marcello Pogliani, an information security researcher at Politecnico di Milano, in a research report reviewed by Bloomberg News. The report will be presented Wednesday at a virtual forum organized by Black Hat, which hosts cybersecurity events around the world.
    Read More
  • Aug 4, 2020 | WIRED

    Hackers Could Use IoT Botnets to Manipulate Energy Markets [Black Hat USA 2020]

    At the Black Hat security conference on Wednesday, the researchers will present their findings theorizing that high-wattage IoT botnets—those made up of power-guzzling devices like air conditioners, car chargers, and smart thermostats—could be deployed strategically to increase demand at certain times in any of the nine private energy markets around the US.
    Read More
  • Aug 4, 2020 | CBS News

    2020 election could be under threat from "old adversaries" and "domestic disinformation campaigns" [Black Hat USA 2020]

    "The new stuff we're hearing about now, this is really interesting," said Patterson, who is covering the annual Black Hat cybersecurity conference this week.
    Read More
  • Aug 4, 2020 | VentureBeat

    Microsoft has paid security researchers $13.7 million for bug bounties in 12 months [Black Hat USA 2020]

    But the timing is no coincidence: The Black Hat USA 2020 security conference kicks off tomorrow. Microsoft is championing its holistic approach to customer security, which includes the wider security community engaging in its bug bounties.
    Read More
  • Aug 4, 2020 | Security Weekly

    "Demystifying Modern Windows Rootkits" - Bill Demirkapi - BH2020 [Black Hat USA 2020]


    Read More
  • Aug 4, 2020 | SecurityWeek

    High-Wattage IoT Botnets Can Manipulate Energy Market: Researchers [Black Hat USA 2020]

    The notorious IoT botnet Mirai was powered by 600,000 devices, but those were mostly low-wattage devices. However, the researchers told SecurityWeek in an interview ahead of a talk at the Black Hat cybersecurity conference, an attacker with large resources could create a botnet of high-wattage devices from scratch, by searching for vulnerabilities in the targeted IoT devices and then exploiting them in an effort to ensnare them in a botnet.
    Read More
  • Aug 3, 2020 | Dark Reading

    Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020 [Black Hat USA 2020]

    Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees.
    Read More
  • Aug 3, 2020 | Threatpost

    Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes [Black Hat USA 2020]

    Critical flaws in the popular Meetup platform were revealed Monday as part of research unleashed at this week’s Black Hat USA 2020. The flaws, which have been patched, enable the full takeover of Meetup “Groups” by threat actors, who can also redirects payments and carryout other malicious actions.
    Read More
  • Aug 3, 2020 | Dark Reading

    11 Hot Startups to Watch at Black Hat USA [Black Hat USA 2020]

    A sneak peek at the up-and-coming organizations to check out on the Black Hat USA virtual show floor
    Read More
  • Aug 3, 2020 | Security Weekly

    Satellite Broadband Security - James Pavur - BH2020 [Black Hat USA 2020]

    In my upcoming Blackhat and DEFCON briefings, I will be presenting the result of several experiments looking at real-world security and privacy in satellite broadband communications.
    Read More
  • Aug 3, 2020 | Security Weekly

    Protecting Ethical Hackers - Gary De Mercurio, Justin Wynn - BH20 #1 [Black Hat USA 2020]


    Read More
  • Aug 3, 2020 | Security Weekly

    Why Secure Remote Access Is Like The Emperors New Clothes - Charl van der Walt, Wicus Ross - BH20 #1 [Black Hat USA 2020]

    Our research for Black Hat demonstrates that the Secure Remote Access or so-called 'VPN' technologies typically used by enterprises to facilitate access to their networks for remote employees are poorly understood, improperly configured and don't provide the full level of protection typically expected of them.
    Read More
  • Aug 3, 2020 | Inside Cybersecurity

    Black Hat and Def Con 2020 go into ‘safe mode,’ offering a week of virtual trainings, briefings [Black Hat USA 2020]

    The annual Black Hat USA mega-conference has launched as a virtual event with training sessions already underway, and moves into keynotes and briefings Wednesday with an opening speech by researcher Matt Blaze on election security, and on Thursday with a keynote by Renee DiResta of the Stanford Internet Observatory on “Hacking Public Opinion.”
    Read More
  • Aug 3, 2020 | Container Journal

    Common Container and Kubernetes Vulnerabilities [Black Hat USA 2020]

    I recently spoke with Rory McCune, principal security consultant at NCC Group, to discover what common vulnerabilities exist in today’s containers and container orchestration environments. McClune will be leading the Mastering Container Security IV training, a deep two-day dive into mastering container security, during the Black Hat virtual conference Aug. 3–4.
    Read More
  • Aug 3, 2020 | Verdict

    Tech Report Weekly: TikTok braces for US clampdown, Uber posts earnings, Black Hat USA [Black Hat USA 2020]

    Black Hat USA, one of the largest cybersecurity conferences in the world, takes place in a virtual format.
    Read More
  • Aug 3, 2020 | Politico

    Enjoy Black Hat and DEF CON from home [Black Hat USA 2020]

    In normal times, the first week of August sees a huge chunk of the cybersecurity community — researchers, journalists, vendors and policymakers — converge on Las Vegas for talks, demos, announcements and schmoozing at Black Hat and DEF CON, two of the year’s biggest hacker conferences. The coronavirus pandemic has ruled out those giant in-person confabs this year, but both conferences have adapted by implementing virtual formats, and there’s still a smorgasbord of good programming coming our way this week.
    Read More
  • Aug 3, 2020 | The Daily Swig

    Black Hat USA: Your guide to the top web hacking sessions in 2020 [Black Hat USA 2020]

    All eyes are on the upcoming US Presidential Election, so it’s perhaps unsurprising that voter security is top of the agenda for Black Hat USA this year.
    Read More
  • Aug 2, 2020 | KSNV

    Annual Black Hat convention travels from the Las Vegas Strip to the digital world [Black Hat USA 2020]

    “Security researchers spend a lot of time finding bugs and trying to investigate how to make our digital world more secure. So, they come to Black Hat to share the results of that,” said Steve Wylie, Black Hat General Manger.
    Read More
  • Jul 31, 2020 | Dark Reading

    'Hidden Property Abusing' Allows Attacks on Node.js Applications [Black Hat USA 2020]

    A team made up of security researchers from the Georgia Institute of Technology has found a way to exploit Node.js applications by manipulating the hidden properties used to track internal program states, the group plans to announce at the virtual Black Hat USA security conference next week.
    Read More
  • Jul 31, 2020 | heise online

    IT security conference Black Hat USA 2020 starts on Saturday [Black Hat USA 2020]

    Due to the corona virus pandemic, this year's Black Hat Conference, one of the most important annual IT security events, will take place from August 1st through August 6th. The necessity of social distancing gives conference visitors from all over the world the advantage of being able to attend from the comfort of their own home.
    Read More
  • Jul 31, 2020 | Threatpost

    Anti-NATO Disinformation Campaign Leveraged CMS Compromises [Black Hat USA 2020]

    The topic of disinformation and influence campaigns is slated to be a big topic this year at Black Hat USA 2020, with keynotes surrounding election security and COVID-19 disinformation over the past few months.
    Read More
  • Jul 31, 2020 | Dark Reading

    'Hidden Property Abusing' Allows Attacks on Node.js Applications [Black Hat USA 2020]

    A team made up of security researchers from the Georgia Institute of Technology has found a way to exploit Node.js applications by manipulating the hidden properties used to track internal program states, the group plans to announce at the virtual Black Hat USA security conference next week.
    Read More
  • Jul 31, 2020 | TechRepublic

    Top 6 cybersecurity trends to watch for at Black Hat USA 2020 [Black Hat USA 2020]

    At this year's Black Hat USA 2020 computer security conference, some of the top trends expected to surface include ransomware, election security and how to protect a remote workforce.
    Read More
  • Jul 31, 2020 | Threatpost

    Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More [Black Hat USA 2020]

    Despite COVID-19 pushing the Black Hat USA 2020 conference to go virtual for the first time, you can expect a steady stream of new security research, threat intel and an impressive lineup of high-profile speakers.
    Read More
  • Jul 30, 2020 | ITSP Magazine

    Universities Explore A Path For A Safe And Secure Healthcare Ecosystem | Black Hat USA 2020 Coverage [Black Hat USA 2020]

    The healthcare train is barreling down the tracks of society, fueled by new technologies and massive amounts of data. Security companies offer products and services for traditional protection/detection/response but many miss the mark on the interconnected core of the healthcare ecosystem: healthcare apps, devices, data, and 3rd-party vendors. Upon further inspection, the safety train may be running wild in the healthcare space. And that's exactly why we decided to bring these 3 Black Hat presenters together.
    Read More
  • Jul 30, 2020 | Dark Reading

    Black Hat Virtually: An Important Time to Come Together as a Community [Black Hat USA 2020]

    It's an odd dichotomy for cybersecurity leaders and vendors this summer: Many of us are gearing up for Black Hat USA 2020, long one of the most influential conferences in the industry. But none of us are booking plane tickets, setting aside (just a little bit of) cash for the blackjack tables, or booking dinner meetings at whichever steakhouse doesn't require going out into the Las Vegas heat.
    Read More
  • Jul 30, 2020 | ITSP Magazine

    Universities Explore A Path For A Safe And Secure Healthcare Ecosystem | Black Hat USA 2020 Coverage | With Seth Fogie, Alan Michaels, And Mitchell Parker [Black Hat USA 2020]

    The healthcare train is barreling down the tracks of society, fueled by new technologies and massive amounts of data. Security companies offer products and services for traditional protection/detection/response but many miss the mark on the interconnected core of the healthcare ecosystem: healthcare apps, devices, data, and 3rd-party vendors.
    Read More
  • Jul 29, 2020 | ITSP Magazine

    Election Security: Securing America's Future | With Christopher Krebs, CISA | Black Hat USA 2020 [Black Hat USA 2020]

    Listen to this podcast we had with Christopher Krebs, Director at the Cybersecurity and Infrastructure Security Agency (CISA) as he presents his upcoming session at Black Hat 2020 Virtual Edition; and so much more.
    Read More
  • Jul 29, 2020 | Dark Reading

    Dark Reading Video News Desk Returns to Black Hat [Black Hat USA 2020]

    For 2020, Black Hat USA has transformed into Black Hat Virtual, moving out of Vegas and onto the Internet. And when the action kicks off next week, the Dark Reading News Desk team will be there. (The desk won't.)
    Read More
  • Jul 29, 2020 | Dark Reading

    11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event [Black Hat USA 2020]

    lack Hat Arsenal is a venue for developers and researchers to showcase the latest open source tools to members of the cybersecurity community.
    Read More
  • Jul 29, 2020 | TechTarget

    How CISOs can deal with cybersecurity stress and burnout [Black Hat USA 2020]

    Cybersecurity stress and mental health conversations have become more frequent recently, and Mogull said the security industry can learn a lot from EMS. Mogull is presenting on the topic at Black Hat 2020.
    Read More
  • Jul 28, 2020 | ITSP Magazine

    Election Security: Securing America's Future | With Christopher Krebs, CISA | Black Hat USA 2020 [Black Hat USA 2020]

    Seems that now, more than ever, we found ourselves in a situation where the outcome of a Democratic election could be manipulated by external actors — or at least we are very worried that it is a possibility. We know for a fact that various sorts and levels of cultural propaganda have been tried for many decades, but it has never been as powerful as it has been since the advent of the Internet and social media. At this point, we know that not only is it possible; it is also a fact.
    Read More
  • Jul 24, 2020 | Dark Reading

    Email Security Features Fail to Prevent Phishable 'From' Addresses [Black Hat USA 2020]

    Three standards for email security that are supposed to verify the source of a message have critical implementation differences that could allow attackers to send emails from one domain and have them verified as sent from a different — more legitimate-seeming — domain, says a research team who will present their findings at the virtual Black Hat conference next month.
    Read More
  • Jul 24, 2020 | ITSP Magazine

    Black Hat USA 2020 Coverage The Virtual Experience | With BH General Manager Steve Wylie [Black Hat USA 2020]

    Listen to our chat with Steve to find out all that the Black Hat virtual experience has to offer.
    Read More
  • Jul 23, 2020 | Digital Trends

    Google lead says he’s ‘disappointed’ with Apple’s new iPhone security program [Black Hat USA 2020]

    Apple’s Security Research Device program has been long overdue and was first mentioned last year at the Black Hat security conference by the company’s head of security, Ivan Krstic.
    Read More
  • Jul 23, 2020 | Dark Reading

    8 Cybersecurity Themes to Expect at Black Hat USA 2020 [Black Hat USA 2020]

    While many a security professional currently laments the inability to meet up with peers for real-life security summer camp this year, the good news is that Black Hat USA 2020 is a go for virtual attendees. The conference organizers have still managed to capture the zeitgeist of the security industry through Black Hat programming, which will feature the same kinds of vulnerability disclosures, attack research, and exploit tools that regulars have come to expect.
    Read More
  • Jul 23, 2020 | ITSP Magazine

    Black Hat USA 2020 Coverage The Virtual Experience | With BH General Manager Steve Wylie [Black Hat USA 2020]

    While we will miss being there, here is what we won't miss as it's all still happening: training, tracks, an amazing conversation about election security, healthcare, mobile, digital transformation, and obviously, cybersecurity's new world connected to the work-from-home new normal. Listen to our chat with Steve to find out all that the Black Hat virtual experience has to offer.
    Read More
  • Jul 22, 2020 | iMore

    Apple is now supplying bug bounty hunters with special iPhones [Black Hat USA 2020]

    During the Black Hat security conference last year, Apple said that it intended to provide special iPhones to bug hunters. The idea was to help them find bugs so that Apple could squash them and the company is now coming good.
    Read More
  • Jul 22, 2020 | Interesting Engineering

    Apple's New iPhone Rewards Hackers for Bugs [Black Hat USA 2020]

    At last year's Black Hat hacker conference in Las Vegas, Apple announced that it would be releasing hackable iPhones to help security researchers investigate the smartphones for vulnerabilities.
    Read More
  • Jul 22, 2020 | CNET

    Apple's new security program gives special iPhone hardware, with restrictions attached [Black Hat USA 2020]

    At last year's Black Hat cybersecurity conference, Apple first said it would be providing modified iPhones for security researchers. It launched the program Wednesday, saying it would be accepting applications immediately and that researchers who apply should expect to get their devices very soon.
    Read More
  • Jul 22, 2020 | TechCrunch

    Apple Starts Giving 'Hacker Friendly' iPhones to Top Bug Hunters [Black Hat USA 2020]

    Last year at the Black Hat security conference, Apple’s head of security Ivan Krstic told a crowd of security researchers that it would give its most-trusted researchers a “special” iPhone with unprecedented access to the the device’s underbelly, making it easier to find and report security vulnerabilities that Apple can fix in what it called the iOS Security Research Device program.
    Read More
  • Jul 22, 2020 | Security Weekly

    An Overview of Black Hat USA 2020 - Steve Wylie - ESW #191 [Black Hat USA 2020]

    Tune-in to get the inside scoop on Blackhat 2020! Steve Wylie, Black Hat General Manager, joins us to talk about to what attendees can expect from this year's virtual Blackhat event. Steve discusses the highly-anticipated briefings, trainings, new tracks, community programs, and the all new virtual conference platform.
    Read More
  • Jul 22, 2020 | Dark Reading

    Q&A: How Systemic Racism Weakens Cybersecurity [Black Hat USA 2020]

    Stewart will lead a discussion session at Black Hat USA Virtual on "Taking Steps to Break Down Systemic Racism in Cybersecurity," in the event's Community track, on Thursday, Aug. 6, at 10 a.m. PT.
    Read More
  • Jul 20, 2020 | Infosecurity Magazine

    Checkmate: Cybersecurity Strategy on the Modern Battlefield [Black Hat USA 2020]

    The same technique can be applied to security. In fact, according to recent research conducted at Black Hat conference in 2019, over 70% of respondents said their businesses conduct ‘red team’ exercises. Simulated attacks can be employed to actively seek out vulnerabilities in their own security infrastructure – an effective way to proactively prepare for real attacks in the future.
    Read More
  • Jul 16, 2020 | The Daily Swig

    Infosec pro Vandana Verma on improving diversity and helping to grow the Indian security community [Black Hat USA 2020]

    “Keeping pace with the current restrictions due to the spread of Covid-19, OWASP Bangalore Chapter has also gone online and our sessions are published on our YouTube channel.” This is part of a wider move towards online events: Verma was due to speak at Black Hat in August.
    Read More
  • Jul 16, 2020 | Inside Cybersecurity

    Researcher Matt Blaze tapped for Black Hat keynote on election security issues [Black Hat USA 2020]

    Matt Blaze, cyber researcher and professor of computer science and law at Georgetown University, will deliver a keynote on election security to help launch this year’s all-digital Black Hat conference in August.
    Read More
  • Jul 15, 2020 | Dark Reading

    Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems [Black Hat USA 2020]

    Wixey will share more puzzles, riddles, and observations made while creating this initiative in his upcoming Black Hat USA talk, "Breaking Brains, Solving Problems: Lessons Learned from Two Years of Setting Puzzles and Riddles for Infosec Professionals" on Thursday, August 6.
    Read More
  • Jul 13, 2020 | Dark Reading

    Lost in Translation: Serious Flaws Found in ICS Protocol Gateways [Black Hat USA 2020]

    Marco Balduzzi, senior research scientist with Trend Micro, next month at the Black Hat USA virtual event will disclose details of multiple vulnerabilities he and his team discovered in a sampling study of five popular ICS gateway products. Their findings focused not on the gateways' software nor the industrial protocols as in previous research, but rather on a lesser-studied function: the protocol translation process the devices conduct.
    Read More
  • Jul 13, 2020 | Dark Reading

    A Paramedic's Lessons for Cybersecurity Pros [Black Hat USA 2020]

    Mogull will share stories and lessons about his parallel careers in an upcoming Black Hat USA talk, "The Paramedic's Guide to Surviving Cybersecurity," on Thursday, August 6.
    Read More
  • Jul 9, 2020 | Inside Cybersecurity

    Black Hat announces first keynote for August virtual conference, focusing on disinformation [Black Hat USA 2020]

    The first announced keynote speech for Black Hat’s all-digital 2020 conference will focus on disinformation, with a presentation from a leading researcher into one of the hottest and most difficult issues facing policymakers.
    Read More
  • Jul 8, 2020 | Dark Reading

    A Most Personal Threat: Implantable Devices in Secure Spaces [Black Hat USA 2020]

    Michaels will be presenting results of his research at Black Hat, in a session titled "Carrying Our Insecurities with Us: The Risks of Implanted Medical Devices in Secure Spaces" at 10:00 a.m. on Wednesday, August 5.
    Read More
  • Jul 8, 2020 | Dark Reading

    How Advanced Attackers Take Aim at Office 365 [Black Hat USA 2020]

    Madeley and Bienstock will discuss more of these attack methods in their upcoming Black Hat USA talk, "My Cloud is APT's Cloud: Investigating and Defending Office 365," on August 6, 2020.
    Read More
  • Jul 2, 2020 | Dark Reading

    Building Security Strategies in Sub-Saharan Africa: Trends and Concerns [Black Hat USA 2020]

    Tich and Kilel will share insights into the sub-Saharan security landscape, along with proposed policies and solutions, in their upcoming Black Hat USA talk, "Building Cyber Security Strategies for Emerging Industries in Sub-Saharan Africa," to take place on Aug. 6, 2020.
    Read More
  • Jun 29, 2020 | Barracuda

    COVID-19 pandemic has changed cybersecurity utterly [Black Hat USA 2020]

    A survey of more than 270 cybersecurity professionals published this week by the host of the Black Hat Conference finds 80 percent of respondents said they believe the pandemic will lead to significant changes in cybersecurity operations. Only 15 percent said they believe cybersecurity operations and threat flow will return to normal once the COVID-19 pandemic subsides.
    Read More
  • Jun 29, 2020 | GovCon Wire

    Cybersecurity Risks Increase as Nation Adapts to Effects of COVID-19; Bryan Ware Quoted [Black Hat USA 2020]

    COVID-19 has triggered a wave of cybersecurity threats in a variety of industries, and security professionals predict that there will be no return to normality. Black Hat has found that 94 percent of current and former attendees believe that COVID-19 increases the cyber threat to enterprise systems and data.
    Read More
  • Jun 28, 2020 | Government Technology

    Security Predictions: COVID-19 Edition [Black Hat USA 2020]

    Black Hat's survey, Cyber Threats in Turbulent Times, describes how the COVID-19 pandemic will have a huge impact on the information security industry in the second half of 2020.
    Read More
  • Jun 25, 2020 | Healthcare IT News

    COVID-19-triggered threat changes will linger beyond crisis, say most security pros [Black Hat USA 2020]

    A commanding 94% majority of respondents to a new Black Hat survey says the pandemic has increased cybersecurity threats to enterprise systems and data – and many say it will continue to.
    Read More
  • Jun 24, 2020 | Politico

    FBI alerts on ransomware threat to schools [Black Hat USA 2020]

    Past Black Hat attendees said in a survey that they believe the coronavirus will have a long-term effect on cybersecurity
    Read More
  • Jun 24, 2020 | Inside Cybersecurity

    Black Hat survey: Unprecedented stress in cyber ecosystem amid COVID-19 upheaval [Black Hat USA 2020]

    Black Hat USA on Tuesday released the results of its sixth annual survey of attendees at one of the world’s largest conferences for cyber professionals – to be held online this year – finding deep concerns about the lasting impact of the pandemic on cybersecurity.
    Read More
  • Jun 24, 2020 | Politico

    Administration officials under spotlight [Black Hat USA 2020]

    Only 15 percent of experts “believe that cyber operations and threat flow will return to normal” after the pandemic ends, the organizers of the Black Hat security conference said in their annual survey of past attendees. Eighty-four percent of respondents “believe that significant, lasting changes will occur, at least in some industries.”
    Read More
  • Jun 24, 2020 | Dark Reading

    Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19 [Black Hat USA 2020]

    Annual "Black Hat USA Attendee Survey" indicates unprecedented concern over possible compromises of enterprise networks and US critical infrastructure.
    Read More
  • Jun 23, 2020 | Politico

    Coronavirus creating big cyber risks that will persist in long term, experts say [Black Hat USA 2020]

    Only 15 percent of experts “believe that cyber operations and threat flow will return to normal” after the pandemic ends, the organizers of the Black Hat security conference said in their annual survey of past attendees. Eighty-four percent of respondents “believe that significant, lasting changes will occur, at least in some industries.”
    Read More
  • Jun 15, 2020 | CISO Mag

    Threat Actors Can Eavesdrop Using a Light Bulb’s Vibrations: Research [Black Hat USA 2020]

    The researchers are planning to demonstrate this experiment at the Black Hat USA 2020 conference this August.
    Read More
  • Jun 15, 2020 | Threatpost

    ‘Lamphone’ Hack Uses Lightbulb Vibrations to Eavesdrop on Homes [Black Hat USA 2020]

    “Fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time,” said researchers with the Ben-Gurion University of the Negev and Weizmann Institute of Science, in a paper published this week. The research will be further presented at the Black Hat USA 2020 virtual conference in August.
    Read More
  • Jun 13, 2020 | ZDNet

    Lamphone attack lets threat actors recover conversations from your light bulb [Black Hat USA 2020]

    Additional details are available in the research team's academic paper, entitled "Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations". The research team's work will be presented in August at the Black Hat security conference.
    Read More
  • Jun 12, 2020 | Popular Mechanics

    How You Can Use a Light Bulb to Eavesdrop on People's Conversations [Black Hat USA 2020]

    "We show how fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time," the researchers write in their new paper, which they plan to present later this year at the Black Hat USA security conference.
    Read More
  • Jun 12, 2020 | WIRED

    Spies Can Eavesdrop by Watching a Light Bulb's Vibrations [Black Hat USA 2020]

    "Any sound in the room can be recovered from the room with no requirement to hack anything and no device in the room," says Ben Nassi, a security researcher at Ben-Gurion who developed the technique with fellow researchers Yaron Pirutin and Boris Zadov, and who plans to present their findings at the Black Hat security conference in August. "You just need line of sight to a hanging bulb, and this is it."
    Read More
  • May 22, 2020 | Computer Business Review

    Hacker Used £270 of TV Equipment to Eavesdrop on Sensitive Satellite Communications [Black Hat USA 2020]

    James Pavur, a Rhodes Scholar and DPhil student at Oxford, will detail the attack in a session at the Black Hat security conference in early August.
    Read More
  • May 21, 2020 | ZDNet

    New Spectra attack breaks the separation between Wi-Fi and Bluetooth [Black Hat USA 2020]

    "Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum, and wireless chips need to arbitrate the channel access," the research team said today in a short abstract detailing an upcoming Black Hat talk.
    Read More
  • May 20, 2020 | The Register

    Tech's Volkswagen moment? Trend Micro accused of cheating Microsoft driver QA by detecting test suite [Black Hat USA 2020]

    "Most of the security concerns I have with Trend Micro's driver were shocking because most of them were not mistakes," said Demirkapi, who has presented at hacking super-conference DEF CON and is due to discuss Windows rootkits at Black Hat USA 2020.
    Read More
  • May 13, 2020 | ZDNet

    PrintDemon vulnerability impacts all Windows versions [Black Hat USA 2020]

    PrintDemon is tracked under the CVE-2020-1048 identifier. Two security researchers from SafeBreach Labs, Peleg Hadar and Tomer Bar, were the first to discover the issue and report it to Microsoft. The two will be presenting their own report on the issue at the Black Hat security conference in August.
    Read More
  • May 11, 2020 | The Tech Portal

    New flaw in the Intel Thunderbolt port puts millions of laptops in risk of being hacked [Black Hat USA 2020]

    Ruytenberg also said that no software update can patch this issue, and Intel has to get back to the drawing board and make hardware changes to fix this issue. Ruytenberg plans to present his Thunderspy research at the Black Hat security conference this summer.
    Read More
  • May 11, 2020 | New York Post

    Hacking technique makes millions of devices vulnerable, research finds [Black Hat USA 2020]

    The researcher will be detailing his discovery at a Black Hat security conference this summer, and is releasing a tool so that people can see if their computers might be vulnerable to the hack.
    Read More
  • May 11, 2020 | Threatpost

    Millions of Thunderbolt-Equipped Devices Open to ‘ThunderSpy’ Attack [Black Hat USA 2020]

    A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes. Ruytenberg plans to present his research at the Black Hat USA conference this summer.
    Read More
  • May 10, 2020 | WIRED

    Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking [Black Hat USA 2020]

    "All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop," says Ruytenberg, who plans to present his Thunderspy research at the Black Hat security conference this summer—or the virtual conference that may replace it.
    Read More
  • Jan 8, 2020 | TechBeacon

    The best security conferences of 2020 [Black Hat Asia 2020]

    This is the Asian sister of the famous North American conference for hackers held in Las Vegas. It combines hands-on training sessions taught by industry experts with briefings containing cutting-edge research, including the latest zero-day vulnerabilities. There's also a business hall for solutions and service providers, and an "arsenal" feature where the latest open-source security tools are demonstrated.
    Read More
  • Dec 27, 2019 | Bank InfoSecurity

    Ransomware Attackers May Lurk for Months, FBI Warns [Black Hat Europe 2019]

    Or in the case of nation-state hacking operations, attackers may deploy ransomware to make the intrusion look like a criminal undertaking, while helpfully wiping their digital forensic tracks, as Jake Williams, head of cybersecurity consultancy Rendition Infosec, told me at this month's Black Hat Europe conference in London
    Read More
  • Dec 23, 2019 | Bank InfoSecurity

    Ransomware 2.0: Cybercrime Gangs Apply APT-Style Tactics [Black Hat Europe 2019]

    In this interview (see audio link below the image) recorded a the recent Black Hat Europe 2019 conference, Williams also discusses how hackers are "surgically targeting backup solutions" before deploying ransomware
    Read More
  • Dec 17, 2019 | The Daily Swig

    Google charts progress in developing Site Isolation browser technology [Black Hat Europe 2019]

    During a presentation at the Black Hat Europe conference in London earlier this month, Google software engineers Nasko Oskov and Charlie Reis offered an update (PDF) on the development of its Site Isolation technology.
    Read More
  • Dec 13, 2019 | The Daily Swig

    #SocialSec – Hot takes on this week’s biggest cybersecurity news (Dec 13) [Black Hat Europe 2019]

    Google believes the feature will help to combat SMS phishing attacks – a topic covered at Black Hat Europe last week – that seek to deceive users with “things like one-time passwords, account alerts, or appointment confirmations”.
    Read More
  • Dec 13, 2019 | Bank InfoSecurity

    Analysis: A Better Approach to Cyber Defense [Black Hat Europe 2019]

    ISMG's Mathew Schwartz offer takeaways for defense teams from the recent Black Hat Europe conference;
    Read More
  • Dec 12, 2019 | Stock Daily Dish

    YouTube users be aware: Your viewing habits can be tracked [Black Hat Europe 2019]

    Ran Dubin, a doctoral student in the BGU Department of Communication Systems Engineering who is an expert in cyber security, presented this research at the Black Hat Europe meeting in London.
    Read More
  • Dec 12, 2019 | DataBreachToday

    Visual Journal: Black Hat Europe 2019 [Black Hat Europe 2019]

    Black Hat Europe returned to London last week. Once again held at the ExCeL conference center in the city's Docklands quarter, the annual cybersecurity conference featured in-depth training as well as two days of briefings, vendor exhibitions in a packed business hall, sessions run by vendors, in-depth technical demonstrations and more.
    Read More
  • Dec 11, 2019 | ZDNet

    Cybersecurity: How Facebook's red team is pushing boundaries to keep your data safe [Black Hat Europe 2019]

    Amanda Rousseau, offensive research engineer at Facebook, who was formerly a malware researcher and a computer forensic examiner, detailed how the red teaming at Facebook works – and the challenges it involves – at the Black Hat Europe 2019 cybersecurity conference in London.
    Read More
  • Dec 11, 2019 | The Daily Swig

    ‘Alexa, hack my serverless technology’ – attacking web apps with voice commands [Black Hat Europe 2019]

    Speaking at the Black Hat Europe conference in London last week, researcher Tal Melamed took control of vulnerable applications hosted on serverless environments using Alexa-guided SQL injection attacks.
    Read More
  • Dec 11, 2019 | Infosecurity Magazine

    Top Ten: Things We Learned in 2019 [Black Hat USA 2019]

    Deepfakes have been an emerging trend in 2019, with claims that their use could have political impact. At the Black Hat conference in Las Vegas in August, security vendor ZeroFOX disclosed research on deepfakes, and how to improve detection.
    Read More
  • Dec 10, 2019 | Version2

    Security researcher: 'A false flag technique doesn't have to be perfect to be effective' [Black Hat Europe 2019]

    It traces security researcher Jake Williams, who Version2 met at the Black Hat Europe conference, which took place in London last week.
    Read More
  • Dec 10, 2019 | Cyberthreat.id

    Panasonic Use Honeypot for the Safety of its IoT Products [Black Hat Europe 2019]

    Panasonic uses two web sites honeypots that are built specifically and have the effect of exposing the device to the internet. "This is to lure cyber criminals to attack the device," ZDNet wrote , Monday (9 December 2019) which summarizes the presentations of two Panasonic officials at the "Black Hat Europe" event in London.
    Read More
  • Dec 10, 2019 | The Register

    SIEMs like a stretch: Elastic searches for cash from IT pros with security budgets [Black Hat Europe 2019]

    They're a bit coy about it, though. The global biz's James Spiteri told The Register at Black Hat Europe that this was all about offering customers a better choice of integrated tools, with eating a slice of the pies being baked by others on its Elasticsearch tool as a very distant second priority. Of course.
    Read More
  • Dec 9, 2019 | Linux Magazin

    When it rappels in the cloud container [Black Hat Europe 2019]

    Fork Bombs are not new, but they seem to be able to dislodge a Kubernetes. How the bomb can be defused and what other potential problems lurk in build environments was a topic at Black Hat Europe.
    Read More
  • Dec 9, 2019 | Dark Reading

    Maersk CISO Says NotPeyta Devastated Several Unnamed US firms [Black Hat Europe 2019]

    Speaking at Black Hat Europe 2019, A.P. Moller Maersk A/S Chief Information Security Officer Andrew Powell said he believes globally approximately 600 companies were damaged by NotPetya around the time of the Maersk attack.
    Read More
  • Dec 9, 2019 | CISO Mag

    Honeypots: Best Bet for IoT Security? [Black Hat Europe 2019]

    In a recent presentation at Black Hat Europe in London, security researchers from Panasonic, Hikohiro Y Lin and Yuki Osawa, detailed that how they’re executing honeypots.
    Read More
  • Dec 9, 2019 | ZDNet

    How Panasonic is using internet honeypots to improve IoT device security [Black Hat Europe 2019]

    The process was detailed by Hikohiro Y Lin, general manager and head of the product security incident response team, and Yuki Osawa, senior engineer at Panasonic Corporation, presenting a session at Black Hat Europe in London.
    Read More
  • Dec 9, 2019 | The Register

    Metasploit for drones? Best of luck with that, muses veteran tinkerer [Black Hat Europe 2019]

    Alexandre D'Hondt and Yannick Pasquazzo gave a quick talk about Dronesploit during Black Hat Europe, held in London last week.
    Read More
  • Dec 9, 2019 | The Daily Swig

    When the screens went black: How NotPetya taught Maersk to rely on resilience – not luck – to mitigate future cyber-attacks [Black Hat Europe 2019]

    ecounting the remarkable stroke of luck at the Black Hat Europe conference in London last week, Maersk CISO Andy Powell said the malware wiped out almost all online backups of the company’s Active Directory – save, mercifully, for a piece held in its powered-down Lagos office.
    Read More
  • Dec 8, 2019 | Bank InfoSecurity

    8 Takeaways: Black Hat Europe's Closing 'Locknote' Panel [Black Hat Europe 2019]

    On Thursday, the final day of this year's annual cybersecurity conference, Black Hat founder and organizer Jeff Moss (@thedarktangent) took to the stage, joined by several member of the Black Hat review board. The board reviews and selects all of the conference briefings.
    Read More
  • Dec 8, 2019 | Security Affairs

    SEC Xtractor – Experts released an open-source hardware analysis tool [Black Hat Europe 2019]

    An open-source bootloader was used to program the device via USB. No external programmer is needed to reflash the ATXmega microcontroller. The black color for the main PCB and the NAND/NOR adapters were chosen because the launch was made during Black Hat Europe 2019 Arsenal.
    Read More
  • Dec 6, 2019 | Linux Magazin

    Encrypted PDFs can be manipulated [Black Hat Europe 2019]

    Encrypted PDFs are not really well encrypted, but can be easily manipulated, showed Fabian Ising and Jens Müller at Black Hat Europe.
    Read More
  • Dec 6, 2019 | Version2

    Maersk CISO: I don't trust the built-in security of the cloud [Black Hat Europe 2019]

    At Maersk, CISO (Chief Information Security Officer) Andy Powell does not immediately have the big scam of the built-in security on the cloud platforms. He came up with the topic during a presentation at the Black Hat Europe Security Conference taking place in London this week.
    Read More
  • Dec 6, 2019 | Bank InfoSecurity

    How the Adversarial Mindset Is Making Cybersecurity Better [Black Hat Europe 2019]

    In this interview (see audio link below the image) recorded at Black Hat Europe 2019, Moss also discusses the increased use of red teams to help organizations' blue teams and engineers to be more effective
    Read More
  • Dec 6, 2019 | The Daily Swig

    The best hacks from Black Hat Europe 2019 [Black Hat Europe 2019]

    If there was still any semblance of doubt, security researchers proved once again that anything based on a computer can and will be hacked during the Black Hat Europe conference this week.
    Read More
  • Dec 5, 2019 | Linux Magazin

    Search engine detects security holes in security cameras [Black Hat Europe 2019]

    At Black Hat Europe 2019, Japanese security researchers from NTT have launched an online search that will help them discover security holes in no-name security cameras.
    Read More
  • Dec 5, 2019 | Linux Magazin

    Doors of Durin: backdoor in Siemens PLC [Black Hat Europe 2019]

    After a welcome by the Black Hat founder Jeff Moss started yesterday the 19th Black Hat Europe in London. Among other things, security researchers from the University of Bochum showed that there is a backdoor in a Siemens PLC.
    Read More
  • Dec 5, 2019 | The Register

    How to fool infosec wonks into pinning a cyber attack on China, Russia, Iran, whomever [Black Hat Europe 2019]

    Faking digital evidence during a cyber attack – planting a false flag – is simple if you know how, as noted infosec veteran Jake Williams told London's Black Hat Europe conference.
    Read More
  • Dec 5, 2019 | The Daily Swig

    Behind the story: Journalist Geoff White takes a closer look at the fragile ties between security and the media [Black Hat Europe 2019]

    Speaking at the Black Hat Europe conference in London yesterday (December 4), White noted that media outlets published the story on public interest grounds.
    Read More
  • Dec 5, 2019 | The Daily Swig

    Barq: Post-exploitation framework plays havoc with AWS infrastructure [Black Hat Europe 2019]

    Barq, a post-exploitation framework that allows penetration testers and red teamers to easily perform attacks on running AWS infrastructure, was showcased during the Arsenal sessions at Black Hat Europe today (December 5).
    Read More
  • Dec 5, 2019 | ComputerWeekly

    Black Hat Europe: Mental health websites are leaking user data [Black Hat Europe 2019]

    At Black Hat Europe in London, researchers reveal the extent to which confidential data is being leaked to third parties by online mental health websites
    Read More
  • Dec 5, 2019 | The Daily Swig

    Black Hat Europe: New tool offers Metasploit-like framework for hacking into drones [Black Hat Europe 2019]

    Progress in developing the tool, dubbed ‘DroneSploit’, was outlined by its developers, Alexandre D’Hondt and Yannick Pasquazzo, during an Arsenal session at the Black Hat Europe conference in London today (December 5).
    Read More
  • Dec 5, 2019 | SC Magazine

    Black Hat Europe 2019: Did your employee leave with the data? [Black Hat Europe 2019]

    Departing employees account for more than half of all insider threat incidents; Two out of three professionals openly admit to taking data with them when they quit
    Read More
  • Dec 5, 2019 | Tech World IDG

    "Hackers hack - but you should know the tools they use" [Black Hat Europe 2019]

    Lars Dobos attends the Black Hat conference in London and is struck by the fact that the world certainly does not suffer from a lack of hacking tools.
    Read More
  • Dec 5, 2019 | The Daily Swig

    Offensive hacking tool maintains API security [Black Hat Europe 2019]

    Security vendor Imperva has open-sourced an automatic API attack tool in line with this year’s Black Hat Europe security conference.
    Read More
  • Dec 5, 2019 | Infosecurity Magazine

    #BHEU: Mental Health and Depression Websites Share Details in Plain Text [Black Hat Europe 2019]

    Revealing research around web and cookie security at Black Hat Europe in London, Eliot Bendinelli, technologist at Privacy International and Frederike Kaltheuner, formerly of Privacy International and now tech policy fellow at Mozilla, described how a number of websites offering “tests” on mental health and depression shared results with third parties.
    Read More
  • Dec 5, 2019 | The Daily Swig

    False flag cyber operations likely to further muddle the complex attribution puzzle [Black Hat Europe 2019]

    Jake Williams, principal consultant at Rendition Infosec and former US Department of Defense (DoD) cybersecurity expert who has taken part in offensive ops, told delegates at this year’s Black Hat Europe that conducting a false flag cyber operation is a lot easier than people tend to think.
    Read More
  • Dec 4, 2019 | Dark Reading

    Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism [Black Hat Europe 2019]

    Now that major data leaks are a semi-regular occurrence it’s more important than ever for cybersecurity professionals to understand how the media covers them, and there’s no better place to do that than Black Hat Europe in London this week.
    Read More
  • Dec 4, 2019 | The Daily Swig

    Black Hat Europe 2019: Facebook’s Amanda Rousseau on rabbit holes, red team ops, and challenging security assumptions [Black Hat Europe 2019]

    Facebook red teamer Amanda Rousseau lamented an incipient hyper-specialization among infosec professionals during her keynote address at Black Hat Europe 2019 today (December 4).
    Read More
  • Dec 4, 2019 | Infosecurity Magazine

    #BHEU: Consider Adversarial Thinking, Ask If the Tool Works [Black Hat Europe 2019]

    Delivering the opening keynote at Black Hat Europe, offensive security engineer Amanda Rousseau talked about the move from a defensive to offensive role, and how narrow that has made our thinking.
    Read More
  • Dec 4, 2019 | SC Magazine

    Black Hat Europe 2019: Trust your vendors, but verify [Black Hat Europe 2019]

    If partners in your supply chain have access or information on your data or your network, their risk is your risk
    Read More
  • Dec 4, 2019 | New Money Review

    Gates wide open to contactless fraud [Black Hat Europe 2019]

    But two security researchers, speaking at the Black Hat Europe 2019 conference in London on December 4, painted a much darker picture of contactless payment risks.
    Read More
  • Dec 4, 2019 | The Daily Swig

    WHID Elite: Weaponized USB gadgets boast multiple features for the stealthy red teamer [Black Hat Europe 2019]

    Presenting the tool on the Arsenal track at this year’s Black Hat Europe, Bongiorni explained how he wanted to develop the capabilities of a previous iteration, WHID Injector – a USB device that, once plugged into a target’s machine, could allow an attacker to remotely inject keystrokes without the need for physical access.
    Read More
  • Dec 4, 2019 | Infosecurity Magazine

    #BHEU: Foster the Right Skills, Culture and Share Knowledge [Black Hat Europe 2019]

    Opening the 19th Black Hat Europe in London, founder Jeff Moss said that over the years the diversity of the security community has grown as well has the expansion of skills to include both hard and soft skills.
    Read More
  • Dec 4, 2019 | TechWorld IDG

    Unknown error in Windows Hello for Business - fix released today, but not by Microsoft [Black Hat Europe 2019]

    A hitherto unknown error in Windows Hello for Business has been discovered by a Czech security researcher presenting his findings at the Black Hat conference in London. The researcher has developed his own tool, but Microsoft's own patch may be delayed.
    Read More
  • Dec 4, 2019 | ComputerWeekly

    Black Hat Europe: Red teams and blue teams must evolve in the 2020s [Black Hat Europe 2019]

    The concepts of red teams and blue teams in cyber security should be redefined for the 2020s, and both sides need to come together and learn from each other, according to Facebook offensive security engineer Amanda Rousseau, who opened Black Hat Europe 2019 by calling for a new approach to this fundamental aspect of security culture.
    Read More
  • Dec 4, 2019 | The Daily Swig

    Attack detection: Zhouhe uses machine learning to hunt for network traffic threats [Black Hat Europe 2019]

    “Meanwhile, our machine learning algorithms let us know some unknown threats or 0day that cannot be detected by the ruleset, so that we can better write rules.” Rui Xiao and Rui Zhang demonstrated their tool during a Black Hat Europe Arsenal presentation earlier today (December 4).
    Read More
  • Dec 4, 2019 | WIRED

    The Future of Texting Is Far Too Easy to Hack [Black Hat Europe 2019]

    At the Black Hat security conference in London on Tuesday, German security consultancy SRLabs demonstrated a collection of problems in how RCS is implemented by both phone carriers and Google in modern Android phones. Those implementation flaws, the researchers say, could allow texts and calls to be intercepted, spoofed, or altered at will, in some cases by a hacker merely sitting on the same Wi-Fi network and using relatively simple tricks
    Read More
  • Dec 4, 2019 | Dark Reading

    What's in a Botnet? Researchers Spy on Geost Operators [Black Hat Europe 2019]

    García, Shirokova, and their fellow researcher María José Erquiaga, also of the Czech Technical University in Prague, presented their findings today at Black Hat Europe.
    Read More
  • Dec 4, 2019 | Dark Reading

    Password-Cracking Teams Up in CrackQ Release [Black Hat Europe 2019]

    Security services firm Trustwave has released an open source project aimed at companies that want to provide password-cracking as a service to their security teams and red teams, the company announced today at the Black Hat Europe conference.
    Read More
  • Dec 4, 2019 | Bank InfoSecurity

    Cybersecurity Defenders: Channel Your Adversary's Mindset [Black Hat Europe 2019]

    A clear theme Wednesday throughout the first day of the Black Hat Europe conference was the importance of approaching the design and defense of networks and systems by thinking like the enemy.
    Read More
  • Dec 4, 2019 | The Daily Swig

    SMS phishing: TapIt framework enables large-scale social engineering campaigns [Black Hat Europe 2019]

    A framework for automating large-scale SMS phishing campaigns, including SMS tracking, web payloads, and credential harvesting, has been showcased at this year’s Black Hat Europe.
    Read More
  • Dec 4, 2019 | The Daily Swig

    Hack that lifts limits on contactless card payments debuts at Black Hat‪‬‬ Europe‬ 2019 [Black Hat Europe 2019]

    During a presentation at the Black Hat Europe conference in London today (December 4) the researchers demonstrated for the first time how to bypass the UK £30 ($39) limit for contactless payments made using physical cards.‬
    Read More
  • Dec 3, 2019 | Latest Hacking News

    Vulnerabilities In RCS Technology Exposes Android Users To Cyber Attacks Attribution link: https://latesthackingnews.com/2019/12/03/vulnerabilities-in-rcs-technology-exposes-android-users-to-cyber-attacks/ [Black Hat Europe 2019]

    Presently, researchers have briefly hinted towards their findings. Whereas, they plan to reveal more about the RCS vulnerabilities in the upcoming Black Hat Europe 2019.
    Read More
  • Dec 3, 2019 | Bank InfoSecurity

    15 Hot Sessions at Black Hat Europe 2019 [Black Hat Europe 2019]

    Black Hat Europe returns this week to London. Now in its 18th year, the conference features 100 speakers and researchers delivering 15 in-depth technical training sessions and more than 40 briefings.
    Read More
  • Dec 3, 2019 | Dark Reading

    Siemens Offers Workarounds for Newly Found PLC Vulnerability [Black Hat Europe 2019]

    Ali Abbasi, a research scholar at Ruhr-University Bochum, doctoral student Tobias Scharnowski, and professor Thorsten Holz will present their findings this week in London at Black Hat Europe. The researchers alerted Siemen, which says it plans to fix the flaw.
    Read More
  • Dec 3, 2019 | Dark Reading

    When Rogue Insiders Go to the Dark Web [Black Hat Europe 2019]

    "In English-language forums, they tend to be a lot more cautious and suspicious," especially now that they are aware of researchers and law enforcement infiltrating their spaces, she says. And because law enforcement has been shuttering some of these forums over the past couple of years, it's harder to track where the rogue insiders go next, notes Wright, who will present some of IntSights' latest Dark Web findings at Black Hat Europe in London this week.
    Read More
  • Dec 3, 2019 | The Parallax

    RCS delivers new texting features—and old security vulnerabilities [Black Hat Europe 2019]

    Since our original interview in November, Nohl has uncovered another method of intercepting RCS texts and calls that exploits how the messaging app validates the certificate. SR Labs plans to include this discovery in its Black Hat Europe presentation.
    Read More
  • Dec 3, 2019 | Built In

    20 TOP CYBERSECURITY TRAINING PROGRAMS [Black Hat Europe 2019]

    Black Hat hosts multi-day labs in urban centers (like Las Vegas and Singapore) that are focused on topics like penetration testing and web application vulnerabilities. The professional organization for cybersecurity vendors and professionals has hosted those types of educational events for more than two decades.
    Read More
  • Dec 1, 2019 | PiunikaWeb

    RCS messaging features may entice you, but its carrier implementation is reportedly not safe [Black Hat Europe 2019]

    Though it seems to be a major security threat, for now, there is no evidence that hackers have done any such thing. Hopefully, researchers would reveal more information when they talk about the findings at the Black Hat Europe conference in December.
    Read More
  • Dec 1, 2019 | Android Police

    Some carrier RCS implementations have security issues [Black Hat Europe 2019]

    Full details will be revealed at the Black Hat Europe conference later this week, but the short version is that, while nothing is wrong with the base RCS standard, it is partly undefined, leaving certain details up to the carriers. It's those parts that are prone to security issues.
    Read More
  • Nov 30, 2019 | betanews

    RCS is being implemented dangerously, leaving users vulnerable to attack [Black Hat Europe 2019]

    While SRLabs's full research is due to be presented at December's Black Hat Europe conference, the group has given a summary of its findings ahead of this. It found that RCS left users exposed to the risk of message interception, impersonation, tracking, and much more.
    Read More
  • Nov 30, 2019 | Fossbytes

    New SMS Alternative ‘RCS Standard’ Is Exposing Users To Security Threats [Black Hat Europe 2019]

    GSM told Vice that while they appreciate the efforts made by SLabs to the public the security issues; however, the research includes “no new, vulnerabilities” that the body wasn’t aware of. The SLabs researchers will report their findings in the Black Hat December conference in Europe.
    Read More
  • Nov 30, 2019 | Forbes

    New Android Text Messaging Update ‘Exposes Most Users To Hacking’ [Black Hat Europe 2019]

    The issues raised by SRLabs are more straightforward. And with RCS already being deployed in around 70 countries, it needs fixing quickly. The good news is that the major networks seem to be open to reviewing the research and adapting deployments. SRLabs will present more of its findings at Black Hat Europe in December.
    Read More
  • Nov 29, 2019 | Tutto Android

    The new RCS services are not all bed and roses: they hide serious security problems [Black Hat Europe 2019]

    But there is more: according to Nohl it is indeed a scandal that important Telco companies such as Vodafone , AT&T, Verizon, Sprint and many others have embraced the RCS services without the consent of their users, obviously exposing them to such important security problems. Researchers Luca Melette and Sina Yazdanmehr will present all their findings during the Black Hat Europe conference this December, showing all the limitations discovered so far.
    Read More
  • Nov 29, 2019 | The Verge

    Bad RCS implementations are creating big vulnerabilities, security researchers claim [Black Hat Europe 2019]

    SRLabs will be presenting its findings at the Black Hat Europe conference in December, after showing off some of its work at the DeepSec conference today.
    Read More
  • Nov 29, 2019 | BGR

    Google’s RCS messaging could rival iMessage, but for now it’s a security nightmare [Black Hat Europe 2019]

    The good news is that the GSMA and the carriers are aware of these issues, and fixes are probably on the way. The researchers will further explain their RCS findings at the Black Hat Europe conference next December.
    Read More
  • Nov 29, 2019 | VICE Motherboard

    SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos [Black Hat Europe 2019]

    SRLabs researchers Luca Melette and Sina Yazdanmehr will present their RCS findings at the upcoming Black Hat Europe conference in December, and discussed some of their work at security conference DeepSec on Friday
    Read More
  • Nov 28, 2019 | ITProPortal

    The hidden reason why companies are struggling to secure cloud infrastructure [Black Hat Europe 2019]

    In an upcoming talk for Black Hat Europe 2019 ("Inside Out: The Cloud Has Never Been So Close"), XM Cyber senior security researchers will outline a new approach to attacking cloud infrastructure. This technique illustrates the relationships between various identities, resources and policies, in the process identifying vulnerable choke points that require immediate remediation.
    Read More
  • Nov 27, 2019 | Dark Reading

    New Free Emulator Challenges Apple's Control of iOS [Black Hat Europe 2019]

    A security researcher at Black Hat Europe in London next week plans to release an open source low-level emulator that can run a version of Apple's mobile operating system.
    Read More
  • Nov 22, 2019 | Dark Reading

    Researchers Explore How Mental Health Is Tracked Online [Black Hat Europe 2019]

    Bendinelli and Frederike Kaltheuner, tech policy fellow with the Mozilla Foundation, will present more of these research findings at the Black Hat Europe 2019 conference in a briefing entitled "Is Your Mental Health for Sale?"
    Read More
  • Nov 22, 2019 | Dark Reading

    Black Hat Europe Q&A: Unveiling the Underground World of Anti-Cheats [Black Hat Europe 2019]

    Anti-cheat software safeguards countless online game players every year, but it’s not bulletproof. At Black Hat Europe in London next month attendees will learn firsthand where the chinks are in the armor of modern anti-cheat solutions
    Read More
  • Nov 22, 2019 | The Block Daily

    Global Witness urges UK authorities to investigate links between illicit crypto exchanges and Russian security services [Black Hat USA 2019]

    Thus, the FSB-Bilyuchenko case could further highlight the emerging trend os "infighting among Russian security services in the cyber sphere," a theme that headlined a briefing given by Kimberly Zenz, an American cyber-threat intelligence expert who focuses on Russia, at the 2019 Black Hat hacker conference in Las Vegas last August.
    Read More
  • Nov 18, 2019 | Dark Reading

    Windows Hello for Business Opens Door to New Attack Vectors [Black Hat Europe 2019]

    To learn more about how WHfB operates, Grafnetter has spent the past year studying the feature and the past two months doing a deep dive. He will present his findings at the upcoming Black Hat Europe show in a briefing entitled "Exploiting Windows Hello for Business."
    Read More
  • Nov 17, 2019 | Security Affairs

    Experts found undocumented access feature in Siemens SIMATIC PLCs [Black Hat Europe 2019]

    The team of experts will present the results of its research in December at the Black Hat Europe conference in London.
    Read More
  • Nov 15, 2019 | SecurityWeek

    Undocumented Access Feature Exposes Siemens PLCs to Attacks [Black Hat Europe 2019]

    Abbasi says they have reported their findings to Siemens in March and the company released an advisory this week to inform customers that it’s working on a solution. In the meantime, customers have been advised to ensure protection against physical access and apply defense-in-depth recommendations. The industrial giant told the researchers that it would remove the problematic access mode from PLCs. The researchers plan on presenting their findings next month at the Black Hat Europe conference in London.
    Read More
  • Nov 15, 2019 | CNET

    Android users beware: 146 bugs found in preinstalled apps [Black Hat USA 2019]

    In a Black Hat 2019 presentation, Google security researcher Maddie Stone said an Android device often has 100 to 400 preinstalled apps. If you're a malicious actor, Stone said in the presentation, you "only have to convince one company to include your app, rather than thousands of users."
    Read More
  • Nov 14, 2019 | Catalin Cimpanu

    Officials warn about the dangers of using public USB charging stations [Black Hat USA 2019]

    Across the years, several proofs-of-concept were created. The most notorious is Mactans, presented at the Black Hat 2013 security conference, which was a malicious USB wall charger that could deploy malware on iOS devices.
    Read More
  • Nov 12, 2019 | CPO Magazine

    Chinese Hackers Now Stealing Text Messages, Phone Records From Telecom Companies [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas, FireEye detailed how APT41 Chinese hackers broke into the production environment of a video gaming company, so as to manipulate the amount of virtual currency available to them. They are also using ransomware to shake down companies in exchange for cryptocurrency ransom payments.
    Read More
  • Nov 11, 2019 | Dark Reading

    Researchers Find New Approach to Attacking Cloud Infrastructure [Black Hat Europe 2019]

    At this year's Black Hat Europe, Gofman and Shani plan to demonstrate an alternative new approach to attacking cloud infrastructure in a talk titled "Inside Out — The Cloud Has Never Been So Close." Their methodology involves using a graph to show permission relationships between different entities, revealing risky choke points that need to be addressed and eliminated.
    Read More
  • Nov 7, 2019 | SecurityLab

    Hidden access function detected in Siemens PLC [Black Hat Europe 2019]

    Researchers reported the find of Siemens, now the company is working to eliminate the vulnerability. Experts will present detailed results of the study at the Black Hat Europe conference in December 2019.
    Read More
  • Nov 7, 2019 | Dark Reading

    Black Hat Q&A: Hacking a '90s Sports Car [Black Hat Europe 2019]

    Communicating with your car and building your own tools is easier than you think, and well worth the effort, says Stanislas Lejay who will be briefing attendees in London at Black Hat Europe next month on Unleashing the Power of My 20+ Years Old Car. It's a fun and fascinating look at Lejay's efforts to bypass the speed limiter (set at ~180 km/h) and still pass inspection.
    Read More
  • Nov 5, 2019 | Dark Reading

    Siemens PLC Feature Can Be Exploited for Evil - and for Good [Black Hat Europe 2019]

    The researchers built a tool that performs this forensic memory dump, which they will release at Black Hat Europe next month in London when they will present their research findings
    Read More
  • Nov 1, 2019 | The Daily Swig

    #SocialSec – Hot takes on this week’s biggest cybersecurity news (Nov 1) [Black Hat Europe 2019]

    In other security industry news this week, Amanda Rousseau has been named as the keynote speaker at this year’s Black Hat Europe.
    Read More
  • Oct 16, 2019 | The CyberWire

    The CyberWire Daily Podcast, Wednesday, October 16, 2019 [Black Hat Europe 2019]

    It's a great way to demonstrate that either you have the offensive capabilities or that you have the defense capabilities. The capture the flag scenarios and games that are being run at conferences like Black Hat and Defcon are serving several purposes. - See more at: https://thecyberwire.com/podcasts/cw-podcasts-daily-2019-10-16.html#.dpuf
    Read More
  • Oct 8, 2019 | GovInfoSecurity

    Developers' Code Reuse Security Conundrum: Cut, Paste, Fail [Black Hat Europe 2019]

    That question was posed at the December 2018 Black Hat Europe in London. At the ending "locknote" panel discussion, an audience member asked Black Hat founder Jeff Moss if it was time to get tough on vendors that produce poor software, because the basics - including the Open Web Application Security Project's top 10 most critical application security risks - haven't changed fundamentally in years.
    Read More
  • Sep 17, 2019 | Help Net Security

    Targeted threat intelligence and what your organization might be missing [Black Hat USA 2019]

    In this Help Net Security podcast recorded at Black Hat USA 2019, Adam Darrah (Director of Intelligence), Mike Kirschner (Chief Operating Officer) and Christian Lees (Chief Technology Officer) from Vigilante, talk about how their global threat hunting and dark web cyber intelligence research team extends the reach of a company’s security resources, and lives within the underground community to remain ahead of emerging threats.
    Read More
  • Sep 4, 2019 | Help Net Security

    Security pros need more and better visibility into their cloud networks [Black Hat USA 2019]

    In this Help Net Security podcast, Kevin Sheu, VP Product Marketing and Marcus Hartwig, Senior Product Marketing Manager at Vectra AI, discuss the Vectra superhero survey from Black Hat USA 2019, which provides insight into the current cloud adoption and top-of-mind concerns of attendees.
    Read More
  • Sep 3, 2019 | CPO Magazine

    Cyber Insurance: You Get What You Pay For [Black Hat USA 2019]

    These risks were highlighted recently by a study from mutual insurance giant FM Global, and summit helmed by cyber insurance experts at the annual Black Hat USA security conference in Las Vegas.
    Read More
  • Sep 2, 2019 | VICE

    This Has Been the Worst Year for iPhone Security Yet [Black Hat USA 2019]

    Before Solnik’s Black Hat talk, Apple had yet to provide decrypted kernels to the public. Analysing the kernel is a key step to hacking the iPhone and to understanding how iOS really works under the hood. And these dev-fused iPhones, available on the gray market for four or five figures, are the perfect tool to do that.
    Read More
  • Sep 1, 2019 | Help Net Security

    Week in review: Mass iPhone hacking, SSL VPNs under attack, SOC analysts overwhelmed [Black Hat USA 2019]

    According to a survey of 476 IT security professionals at Black Hat USA 2019, nearly one in four (24%) said they would take company information to help apply for a position at a competitor.
    Read More
  • Aug 31, 2019 | Fifth Domain

    What’s changing in the cyber domain? We ask industry experts [Black Hat USA 2019]

    Fifth Domain posed this question to cybersecurity experts at Black Hat, a cybersecurity conference in Las Vegas, Nevada, that ran from Aug. 3-8. With the cyber domain rapidly evolving, we wanted to know how conversations within the cyber community are changing.
    Read More
  • Aug 30, 2019 | The Washington Post

    Google uncovers 2-year iPhone hack that was ‘sustained’ and ‘indiscriminate’ [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas earlier this month, Apple’s head of security engineering said the company will pay as much as $1.5 million for a “bug bounty” to any researcher who discovers iOS attack techniques and discreetly reports them to Apple.
    Read More
  • Aug 30, 2019 | TechRepublic

    How the Cloud Security Alliance helps businesses identify and mitigate cybersecurity risks [Black Hat USA 2019]

    At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with Cloud Security Alliance's John Yeoh about how implementing new technology leads to success. The following transcript has been edited for clarity purposes.
    Read More
  • Aug 29, 2019 | Forbes

    How To Make $1 Million From Hacking: Meet Six Hacker Millionaires [Black Hat USA 2019]

    If you need any more convincing that hacking can be a very profitable career path, then you only have to look at the Hacker Summer Camp this year. This is the name given to the week in August that sees both Black Hat USA and DEF CON hacker conferences happening in Las Vegas.
    Read More
  • Aug 27, 2019 | TechRadar.pro

    Business VPN flaws exploited by hackers [Black Hat USA 2019]

    Pulse Secure VPN and Fortinet's FortiGate VPN were targeted after flaws in both products were made public during a talk at this month's Black Hat security conference.
    Read More
  • Aug 26, 2019 | Help Net Security

    Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs [Black Hat USA 2019]

    Fixes exist for both: Pulse Secure released them in April and Fortinet in May, months before Devcore researchers Meh Chang and Orange Tsai shared their discovery with the audience at Black Hat USA 2019.
    Read More
  • Aug 26, 2019 | Ars Technica

    Hackers are actively trying to steal passwords from two widely used VPNs [Black Hat USA 2019]

    The vulnerabilities can be exploited by sending unpatched servers Web requests that contain a special sequence of characters, researchers at the Black Hat security conference in Las Vegas said earlier this month.
    Read More
  • Aug 26, 2019 | Help Net Security

    Using deep learning and natural language understanding to protect enterprise communication [Black Hat USA 2019]

    In this Help Net Security podcast recorded at Black Hat USA 2019, Dhananjay Sampath, CEO at Armorblox, talks about how they use natural language understanding and deep learning to automatically create and adapt policies, continuously measure risk exposure, and prevent attacks and data loss.
    Read More
  • Aug 25, 2019 | ZDNet

    Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs [Black Hat USA 2019]

    But if this week started bad, it ended even worse. By Friday, attackers also started exploiting another set of vulnerabilities, also disclosed at a security conference -- but this time at Black Hat.
    Read More
  • Aug 24, 2019 | WIRED

    SECURITY NEWS THIS WEEK: CRYPTOCURRENCY MINERS EXPOSE NUCLEAR PLANT TO INTERNET [Black Hat USA 2019]

    While the cybersecurity world took a collective deep breath after the Black Hat and Defcon hacker conferences, there was still plenty of news to be had this week.
    Read More
  • Aug 24, 2019 | Fifth Domain

    How can the government improve its cyber posture? [Black Hat USA 2019]

    Several industry experts interviewed by Fifth Domain at Black Hat USA, a cybersecurity conference held in Las Vegas, Nevada, from Aug. 3-8, expressed concern that government agencies don’t know what’s on their networks.
    Read More
  • Aug 23, 2019 | CSO

    4 takeaways from Black Hat 2019 [Black Hat USA 2019]

    The Black Hat conference not only sheds light on the IT security issues currently plaguing organizations, but the emerging issues that will soon affect people and companies. At the latest Black Hat, held in the Mandalay Bay in Las Vegas in August, industry experts offered their insights on how cybercriminals are upping the ante and what IT security professionals can do to combat the constant and unyielding tide of attacks.
    Read More
  • Aug 22, 2019 | Enterprise Times

    The challenge of creating a 2,500 person security team [Black Hat USA 2019]

    One of the major challenges is how to align, integrate and organise complimentary business units into single functions that operate across the new business. Matthew Gyde is the new CEO of NTT Security. At Black Hat 2019, in a very hot Las Vegas, he sat with Enterprise Times to talk through some of the challenges he and the new company face.
    Read More
  • Aug 22, 2019 | The Daily Swig

    HTTPS everywhere? Cloudflare planning improvements to middleware detection utility [Black Hat USA 2019]

    At Black Hat USA earlier this month, Cloudflare’s Gabriele Fisher and Luke Valenta offered a deep dive into HTTPS interception practices, in which TLS-terminating middleboxes or middleware can be used to potentially snoop on internet users, or even steal private data.
    Read More
  • Aug 22, 2019 | Dark Reading

    Aviation Faces Increasing Cybersecurity Scrutiny [Black Hat USA 2019]

    Boeing pushed back hard on the research just prior to the presentation at Black Hat, saying its existing network defenses would thwart the attack cases Santamarta posed, and that an attacker could not reach its avionics systems via those attack methods. IOActive had been in contact with Boeing for months after the initial findings, holding weekly teleconferences.
    Read More
  • Aug 22, 2019 | TechTarget

    Yubikey 5Ci for iPhone, biometric attacks, and other odds and ends from Black Hat [Black Hat USA 2019]

    I laid out my initial thoughts from Black Hat 2019 last week and also took a deeper look at Apple’s session around their new bug bounty program and research devices.
    Read More
  • Aug 22, 2019 | Security Ledger

    Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson [Black Hat USA 2019]

    In this week’s episode of the Podcast, # 156: we’re back at “hacker summer camp” in Las Vegas this week – also known as the Black Hat, B-Sides and DEF CON conferences, which bring tens of thousands of the world’s top security experts to the Las Vegas Strip.
    Read More
  • Aug 22, 2019 | ZDNet

    What is Black Hat and why is it so important? [Black Hat USA 2019]


    Read More
  • Aug 21, 2019 | Cyber Defense Magazine

    The Future of Cyber security: Putting the capital “C” in Community! [Black Hat USA 2019]

    As you know, Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a variety of people interested in information security ranging from non-technical individuals, executives, hackers, and industry-leading security professionals.
    Read More
  • Aug 21, 2019 | TechTarget

    Black Hat 2019 brings out new security, protection offerings [Black Hat USA 2019]

    The 22nd Black Hat conference in Las Vegas brought together a slew of vendors in network and data security with a variety of security offerings to pitch.
    Read More
  • Aug 19, 2019 | The Register

    KNOB turns up the heat on Bluetooth encryption, hotels leak guest info, city hands $1m to crook, and much, much more [Black Hat USA 2019]

    Let's run through all the bits and bytes of security news beyond what we've already covered. Also, don't forget our articles from this year's Black Hat, DEF CON, and BSides Las Vegas conferences in the American desert.
    Read More
  • Aug 19, 2019 | Threatpost

    Post GandCrab, Cybercriminals Scouring the Dark Web for the Next Top Ransomware [Black Hat USA 2019]

    Hi, everyone. I’m Lindsey O’Donnell with Threatpost and I’m here today at Black Hat USA 2019, here with Winnona DeSombre with Recorded Future. Winnona, how are you doing?
    Read More
  • Aug 19, 2019 | ITPro Today

    Black Hat 2019: Building Communities of Women in Security [Black Hat USA 2019]

    But also at Black Hat, I noted many initiatives and sessions to foster diversity in information security. One thing that surprised me was an on-site daycare offered this year where attendees could drop kids to attend sessions. Several other booths and groups along the floor were promoting women in infosec. As much as women are still few in number, there is movement and gains to increase their ranks in security.
    Read More
  • Aug 19, 2019 | ITSPmagazine

    Black Hat USA 2019 Event Coverage | A Conversation With Kymberlee Price [Black Hat USA 2019]

    Fortunately, both of these activities came together in a single setting during Black Hat, as Marco and I got to meet Kymberlee not only to discuss the micro summit, but to also hear about her journey in InfoSec and her role in establishing some of the best practices being leveraged by the industry for some time now—specifically via her work at Microsoft, at Bugcrowd, and Microsoft (again).
    Read More
  • Aug 19, 2019 | Active Cyber

    Diverse Set of Security Innovators Converge at Black Hat 2019 [Black Hat USA 2019]

    Black Hat 2019 has come and gone and I am still recovering from the sensory overload caused by the 19K+ attendees of this big conference amidst the backdrop of Las Vegas. My focus going into the conference was mainly on meeting startups… I was looking for something new – a solution that attacks the cyber problem from a new angle.
    Read More
  • Aug 17, 2019 | TechCrunch

    Voyage’s driverless future, ghost work, B2B growth strategies, and Black Hat takeaways [Black Hat USA 2019]

    In the autonomous vehicle space, startups have taken radically different strategies to building our AV future. Some companies like Waymo have driven all across different types of environments in order to rack up the datasets that they believe will be needed to effectively maneuver without a human driver.
    Read More
  • Aug 17, 2019 | VentureBeat

    The fight against deepfakes [Black Hat USA 2019]

    Last week at the Black Hat cybersecurity conference in Las Vegas, the Democratic National Committee tried to raise awareness of the dangers of AI-doctored videos by displaying a deepfaked video of DNC Chair Tom Perez. Deepfakes are videos that have been manipulated, using deep learning tools, to superimpose a person’s face onto a video of someone else.
    Read More
  • Aug 17, 2019 | Tech Zim

    Apple’s Face ID Can Be Bypassed By Using A Pair Of Glasses &Tape [Black Hat USA 2019]

    The details of the attack were explained on Black Hat USA 2019 which is an annual security conference. Researchers were able to get into the victim’s iPhone by using a modified pair of glasses. The glasses have a combination of white and black tape pasted on them and they call it the “X-glasses”- which you can see below
    Read More
  • Aug 16, 2019 | Security Boulevard

    Key Themes from Black Hat Conference 2019 [Black Hat USA 2019]

    It hasn’t even been a week since Black Hat Conference 2019. Somehow, it seems like it’s been longer than that. Speaking from both the vendor and attendee perspective, it was a fantastic event overall. I managed to squeeze in a couple sessions, and I had the opportunity to speak to a variety of attendees and visit vendor booths on the show floor. After 4 days and nearly 50,000 steps—some of it in 100-plus degree heat outdoors—I’m back in Houston and back to the daily grind and I’ve had some time to reflect on the time in Las Vegas.
    Read More
  • Aug 16, 2019 | Colorado Springs Business Journal

    Cause for alarm: Advice from a cyber summit [Black Hat USA 2019]

    From phony iPhones preloaded with malware to election meddling and the rules of cyberwar, Black Hat USA 2019 wrapped up in Nevada last week with something for everyone to lie awake worrying about. Unlike most of us, Shawn Murray was there, with about 17,000 other infosec professionals. He’s a cybersecurity consultant with the Pikes Pea
    Read More
  • Aug 16, 2019 | BGR

    Apple sues Corellium for creating virtual copies of iOS [Black Hat USA 2019]

    Apple also makes a point of highlighting its recent decision to give security researchers customized iPhones with fewer security barriers as to make it easier for serious exploits and bugs to be discovered. Ivan Krstic, Apple’s head of security and engineering, announced the new program at the Black Hat security conference earlier this month.
    Read More
  • Aug 16, 2019 | Grand Canyon University News

    GCU students log in to ‘hacker summer camp’ [Black Hat USA 2019]

    The GCU student, whose IT emphasis is in cybersecurity, was just one of 52 Lopes who made their way to Vegas for, not just Defcon, but for Black Hat, the world’s largest IT event. The back-to-back IT security and hacker gatherings — together they’re dubbed “hacker summer camp” — attracted tens of thousands of cyber professionals and enthusiasts.
    Read More
  • Aug 16, 2019 | Threatpost

    News Wrap: DejaBlue Bugs and Biometrics Data Breaches [Black Hat USA 2019]

    On the heels of Black Hat USA 2019 and DEF CON, Threatpost editors break down the biggest news of this past week ended Aug. 16, from Patch Tuesday craziness to publicly-exposed databases.
    Read More
  • Aug 16, 2019 | Dark Reading

    NSA Researchers Talk Development, Release of Ghidra SRE Tool [Black Hat USA 2019]

    NSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework
    Read More
  • Aug 16, 2019 | SC Magazine

    Red/Blue team exercises show defensive shortfalls: Survey [Black Hat USA 2019]

    The survey was conducted by Exabeam during Black Hat earlier this month.
    Read More
  • Aug 16, 2019 | IT Web

    Trend Micro fixes DLL hijacking vulnerability [Black Hat USA 2019]

    Hot on the heels of Black Hat where security vendors spoke to audiences about their ability to protect against breaches, SafeBreach discovered a new vulnerability in Trend Micro Password Manager software that could have led to DLL hijacking, privilege escalation, and code execution attacks.
    Read More
  • Aug 16, 2019 | Security Intelligence

    7 Can’t-Miss Cybersecurity Lessons From Black Hat USA and Vegas Security Week [Black Hat USA 2019]

    As Black Hat USA and DEF CON 2019 draw to a close, the security industry continues to buzz over events from the annual Las Vegas security week. Each year, nearly 20,000 security professionals, researchers and hackers convene on the Las Vegas strip for a week of cutting-edge security trainings, sessions and research. Black Hat and DEF CON sessions served up a shocking amount of internet of things (IoT) vulnerabilities and research on security best practices.
    Read More
  • Aug 16, 2019 | Digit India

    APPLE SUES MOBILE DEVICE VIRTUALISATION FIRM CORELLIUM ALLEGING IT ‘ILLEGALLY REPLICATED’ IOS, APPS [Black Hat USA 2019]

    Apple argues that Corellium’s iOS virtualisation product infringes on Apple's copyrights. The iPhone-maker says that Corellium has simply copied everything: the code, the graphical user interface, the icons -- all of it, in exacting detail. In fact, at the two-day Black Hat USA conference that concluded on August 8, Corellium emphasised that its “Apple product” is an exact copy of iOS, macrumours reported.
    Read More
  • Aug 16, 2019 | The New York Times

    The Week in Tech: Are Lawmakers Too Eager to Weaken Big Tech’s Legal Shield? [Black Hat USA 2019]


    Read More
  • Aug 16, 2019 | In Homeland Security

    Hackers Stole Over $4 Billion From Crypto Crimes In 2019 So Far, Up From $1.7 Billion In All Of 2018 [Black Hat USA 2019]

    As we’ve seen so many times again—most recently with the latest massive data breaches (Equifax, Capital One…), and the new exploits revealed at the Black Hat and DefCon hacking conferences — the Cloud is far from being the most secure place to store your data, even less your hard-earned money, especially in digital form.
    Read More
  • Aug 16, 2019 | Security Boulevard

    Software Vulnerabilities in the Boeing 787 [Black Hat USA 2019]

    At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called electronic flight bag, a collection of navigation documents and manuals used by pilots. Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane’s network. An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane’s safety-critical systems, including its engine, brakes, and sensors. Boeing maintains that other security barriers in the 787’s network architecture would make that progression impossible.
    Read More
  • Aug 16, 2019 | Security Boulevard

    The Business Challenges and Opportunities in Cybersecurity Black Hat USA 2019: Key Takeaways by Michael Vaillancourt [Black Hat USA 2019]


    Read More
  • Aug 16, 2019 | TechSpot

    Apple sues mobile device virtualization company Corellium for selling iOS clones [Black Hat USA 2019]

    What just happened? At the Black Hat Conference earlier this month, a small startup called Corellium showcased a tool that is claimed to provide customers access to virtual iOS devices inside a web browser. Apple has sued for damages and asked for an immediate ban on the sale of Corellium's product. The iPhone maker argues the tool is an "unlawful commercialization of Apple's valuable copyrighted works," or in other words an exact replica of iOS down to the underlying code.
    Read More
  • Aug 16, 2019 | Dark Reading

    Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown [Black Hat USA 2019]

    At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
    Read More
  • Aug 16, 2019 | VICE

    Apple’s Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market [Black Hat USA 2019]

    These announcements, made to much fanfare at the Black Hat security conference in Las Vegas, were met with delight and enthusiasm by the jailbreaking and iOS hacking community, who saw this as a “historic moment” for the security of iPhones all over the world.
    Read More
  • Aug 16, 2019 | Hackaday

    THIS WEEK IN SECURITY: BLACK HAT, DEF CON, AND PATCH TUESDAY [Black Hat USA 2019]

    Blackhat and DEF CON both just wrapped, and Patch Tuesday was this week. We have a bunch of stories to cover today.
    Read More
  • Aug 16, 2019 | CSO Online

    The best and worst of Black Hat 2019 [Black Hat USA 2019]

    Black Hat hit high notes and low last week in Vegas. Here's our roundup of what you missed.
    Read More
  • Aug 16, 2019 | ITSPmagazine

    Black Hat USA 2019 Event Coverage | A Conversation With Stephanie “Snow” Carruthers [Black Hat USA 2019]

    Next time you think that a social engineer is a social media expert or a criminal of some sort, do me a favor and look at yourself in the mirror — chances are you won't see either. One thing that you will see is a social engineer; all humans are social engineers—it is in our nature, and we are damn good at it.
    Read More
  • Aug 16, 2019 | Mashable

    Cybersecurity conference attendees possibly exposed to IRL virus [Black Hat USA 2019]

    Hackers and cybersecurity researchers who attended this year's annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in Vegas over the course of the conference may have been exposed to measles.
    Read More
  • Aug 16, 2019 |

    [Black Hat USA 2019]

    Hackers and cybersecurity researchers who attended this year's annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in Vegas over the course of the conference may have been exposed to measles.
    Read More
  • Aug 15, 2019 | TechCrunch

    But also at Black Hat, I noted many initiatives and sessions to foster diversity in information security. One thing that surprised me was an on-site daycare offered this year where attendees could drop kids to attend sessions. Several other booths and groups along the floor were promoting women in infosec. As much as women are still few in number, [Black Hat USA 2019]

    Black Hat and Def Con came and went as quickly as it ever does. The week-long pair of back-to-back conferences, referred to as “hacker summer camp,” draws in the security crowd from across the world onto Las Vegas, where startups tout their technologies as hackers and researchers reveal their findings.
    Read More
  • Aug 15, 2019 | MIMECAST BLOG

    MASS MARKET VS. TARGETED MARKETING: TECHNIQUES AND TECHNOLOGY BEHIND THESE TWO STRATEGIE [Black Hat USA 2019]

    One of the takeaways from the recently released report, Mimecast Threat Intelligence Report: Black Hat Edition 2019, is that some attackers use more simplistic attack strategies that are broadly deployed, whereas other attackers use more complex and sophisticated strategies that are deployed much more narrowly. The data for this report came from three months of analysis from Mimecast’s processing of nearly 160 billion emails on behalf of our customers. Not a small sample!
    Read More
  • Aug 15, 2019 | MacRumors

    Apple Files Lawsuit Against Virtualization Company Corellium for Illegally Replicating iOS and Apple Apps [Black Hat USA 2019]

    Corellium's product creates digital replicas of iOS, iTunes, and user interface elements available on a web-based platform or a custom platform built by Corellium. It is designed to create virtual iOS devices for the purpose of running iOS, and at the recent Black Hat USA conference, Corellium emphasized that its "Apple product" is an exact copy of iOS, able to allow researchers and hackers to find and test vulnerabilities.
    Read More
  • Aug 15, 2019 | TechRepublic

    How to limit the impact of data breaches [Black Hat USA 2019]

    At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Wendi Whitmore about how to defend against and respond to data breaches.The following is an edited transcript of the interview.
    Read More
  • Aug 15, 2019 | i-programmer

    Apple Opens IPhone To Security Researchers [Black Hat USA 2019]

    The announcements were made at this year's Black Hat cybersecurity conference in Las Vegas by Ivan Krstic, Apple's head of security.
    Read More
  • Aug 15, 2019 | Dark Reading

    5 Things to Know About Cyber Insurance [Black Hat USA 2019]

    After years of trying, Risk Based Security CISO Jake Kouns finally managed to get cyber insurance the attention he thinks it deserves. He had been submitting ideas for insurance-related talks for the annual Black Hat USA event since 2012 - and had been rejected four times. But at last week's Black Hat in Las Vegas, he led one of the sessions during a dedicated micro summit about cyber insurance.
    Read More
  • Aug 15, 2019 | TechCrunch

    What security pros need to know from Black Hat & Def Con 2019 [Black Hat USA 2019]

    Black Hat and Def Con came and went as quickly as it ever does. The week-long pair of back-to-back conferences, referred to as “hacker summer camp,” draws in the security crowd from across the world onto Las Vegas, where startups tout their technologies as hackers and researchers reveal their findings.
    Read More
  • Aug 15, 2019 | TechRepublic

    How to prevent data destruction from cybersecurity attacks [Black Hat USA 2019]

    At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Global Remediation Lead Christopher Scott about how cyberattackers get into environments, and why using multifactor authentication is crucial if you use an online service. The following is an edited transcript of the interview.
    Read More
  • Aug 15, 2019 | ZDNet

    Def Con and Black Hat 2019: Enterprise security is stronger than ever [Black Hat USA 2019]


    Read More
  • Aug 15, 2019 | Security Boulevard

    The Best Of Black Hat And DEF CON 2019 | Avast [Black Hat USA 2019]

    If you didn’t go to the Black Hat or DEF CON cybersecurity conferences last week in Las Vegas, we’ve got a quick summary of some of the best stories, presentations, social media, and just plain weirdness.
    Read More
  • Aug 15, 2019 | Metro Jornal

    Falha no WhatsApp permite alterar a resposta de mensagens citadas [Black Hat USA 2019]

    Durante uma apresentação realizada na conferência Black Hat, na semana passada, em Las Vegas (EUA), os pesquisadores, Dikla Barda, Roman Zaikin e Oded Vanunu, apresentaram uma ferramenta usada como prova de conceito.
    Read More
  • Aug 15, 2019 | CSO Online

    Black Hat 2019: 3 cybersecurity concerns and 3 things that give hope [Black Hat USA 2019]


    Read More
  • Aug 15, 2019 | Forbes

    Bug Bounties Go Big [Black Hat USA 2019]

    Not anymore. At the recent Black Hat security conference in Las Vegas, Ivan Krstić, Apple's head of security engineering and architecture, announced an overhaul of Apple’s bug bounty program that massively sweetens the payouts—the top award will jump from $200,000 to $1 million—and also opens it up to all researchers.
    Read More
  • Aug 15, 2019 | i-programmer

    Apple Opens IPhone To Security Researchers [Black Hat USA 2019]

    The announcements were made at this year's Black Hat cybersecurity conference in Las Vegas by Ivan Krstic, Apple's head of security.
    Read More
  • Aug 15, 2019 | Politico

    The cost of replacing paperless voting machines [Black Hat USA 2019]

    RED TEAM > BLUE TEAM — Nearly 70 percent of IT pros consider red team hackers more effective than the blue teams trying to stop them, Exabeam reported in a survey out today. More than one-third of those defensive teams fail to halt the red teams, the pros said in a survey conducted at Black Hat. Overall, 72 percent said their organizations perform red team tests, while 60 percent practice blue team.
    Read More
  • Aug 15, 2019 | BoingBoing

    Defeating Apple's Faceid's proof-of-life by putting tape over glasses' lenses [Black Hat USA 2019]

    Researchers from Tencent demo'ed the attack at Black Hat last week and used it to unlock a phone and approve a cash transfer from the owner's Apple Pay account to their own.
    Read More
  • Aug 15, 2019 | TechRepublic

    IBM's Wendi Whitmore explains why a data breach isn't a one-time cost and recommends cost-saving tips, which include having access to an incident response team. [Black Hat USA 2019]

    At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Wendi Whitmore about why a data breach isn't a one-time cost and recommends cost-saving tips, The following is an edited transcript of the interview.
    Read More
  • Aug 15, 2019 | Forbes

    Hackers Stole Over $4 Billion From Crypto Crimes In 2019 So Far, Up From $1.7 Billion In All Of 2018 [Black Hat USA 2019]

    As we've seen so many times again—most recently with the latest massive data breaches (Equifax, Capital One...), and the new exploits revealed at the Black Hat and DefCon hacking conferences— the Cloud is far from being the most secure place to store your data, even less your hard-earned money, especially in digital form.
    Read More
  • Aug 15, 2019 | Dark Reading

    68% of Companies Say Red Teaming Beats Blue Teaming [Black Hat USA 2019]

    A survey conducted by Exabeam at Black Hat USA 2019 found red teams, which are made up of internal or hired security experts who imitate cybercriminals' behavior to test a business' security defenses, are also more popular. Seventy-two percent of respondents conduct red team exercises, with 23% performing them monthly, 17% quarterly, 17% annually, and 15% biannually.
    Read More
  • Aug 15, 2019 | Channel Futures

    Cybersecurity Roundup: Black Hat USA 2019 Edition [Black Hat USA 2019]

    Last week’s Black Hat USA 2019 conference in Las Vegas drew record attendance and highlighted the latest hot topics in the fight against cybercriminals.
    Read More
  • Aug 15, 2019 | ZDNet

    Def Con and Black Hat 2019: Enterprise security is stronger than ever [Black Hat USA 2019]


    Read More
  • Aug 14, 2019 | Digital Munition

    Apple to offer up to $1.5 million to hackers who find flaws and report them to the company [Black Hat USA 2019]

    At a recent Black Hat security conference in Las Vegas, the tech giant took the opportunity to announce that it’s raising its reward to ethical hackers who uncover and disclose problematic susceptibilities directly to the company.
    Read More
  • Aug 14, 2019 | TechTarget

    Microsoft discovers BlueKeep-like flaws in Remote Desktop Services [Black Hat USA 2019]


    Read More
  • Aug 14, 2019 | Voice of America

    Apple Offers $1 Million to Anyone Who Can Break into iPhone [Black Hat USA 2019]

    The Black Hat conference is attended by many security researchers who attempt to hack the computer systems of companies and governments. The researchers seek security weaknesses that need to be fixed to prevent outside attackers from breaking into systems and devices.
    Read More
  • Aug 14, 2019 | Security Ledger

    Huge Survey of Firmware Finds No Security Gains in 15 Years [Black Hat USA 2019]

    Zatko presented the findings of CITL’s extensive study in Las Vegas on Friday on the sidelines of the Black Hat and DEF CON conferences at an event hosted by The Hewlett Foundation. CITL was started by Sarah and her husband Peiter (aka “Mudge”) Zatko. It bills itself as a kind of “Consumer Reports” for cyber security, partnering with that organization as well as The Ford Foundation, The Digital Standard and online payments firm Stripe.
    Read More
  • Aug 14, 2019 | Digital Munition

    Apple reveals special new iPhones for security researchers [Black Hat USA 2019]

    Apple is planning to supply special iPhones to security researchers next year to help them find security flaws in iOS. The devices will be made available to researchers that report bugs through the company’s invitation-only bug bounty program for iOS. Apple first launched this bug bounty program three years ago at the Black Hat conference, and it’s now extending its use at the same conference today to cover macOS, Apple Watch, Apple TV, and more.
    Read More
  • Aug 14, 2019 | Beebom

    New Vulnerabilities Can Alter Your WhatsApp Messages [Black Hat USA 2019]

    WhatsApp, a popular instant messaging platform now owned by Facebook with over 1.5 billion users across the globe has a major vulnerability that has not been fixed completely so far. The vulnerability was discovered by researchers at Check Point and was made public in Black Hat 2019, an annual Black Hat security conference.
    Read More
  • Aug 14, 2019 | Public Now

    Black Hat, DEF CON, And BSides 2019: Highlights And Emerging Industry Trends [Black Hat USA 2019]

    As Hacker Summer Camp comes to a close, we sat down with a few friends in the security space to discuss the major highlights from Black Hat, DEF CON, and BSides and what have emerged as the latest industry trends over the past week.
    Read More
  • Aug 14, 2019 | Data Center Knowledge

    Black Hat 2019: Investment, Interest in AI for Security Ramps Up [Black Hat USA 2019]

    An emphasis on AI was clear at this year’s Black Hat event in Las Vegas, where several vendors were promoting platforms that leverage AI and machine learning capabilities to address threat detection.
    Read More
  • Aug 14, 2019 | Threatpost

    TikTok Scammers Cash In On Adult Dating, Impersonation Tricks [Black Hat USA 2019]

    LO: I’m good just coming off of Black Hat craziness, so a little tired. So Tenable on the kind of outskirts of Black Hat has come out with some new research today about several popular scams that are taking a hold of the popular video platform TikTok, which is very prevalent. I mean, it’s the number one app for App Store downloads and the number three download overall in terms of apps. So with that kind of success, obviously comes security issues, as we’ve seen in the past with other apps and social media platforms. So Satnam, can you give us some context about TikTok, what do we need to know about the social platform as it relates to the attacks that you’ve outlined in your research?
    Read More
  • Aug 14, 2019 | Security Boulevard

    NEW TECH: Trend Micro inserts ‘X’ factor into ‘EDR’ – endpoint detection and response [Black Hat USA 2019]

    With all the talk of escalating cyber warfare, the spread of counterfeit smartphones and new forms of self-replicating malware, I came away from Black Hat USA 2019 (my 15th) marveling, once more, at the panache of modern cyber criminals.
    Read More
  • Aug 14, 2019 | Security Boulevard

    Black Hat Recap: Automation is Key to Managing Threats and Scaling the Future of Security (Video) [Black Hat USA 2019]

    Another Black Hat USA is in the books, and anyone leaving the festivities feeling apprehensive about the state of security seems well justified.
    Read More
  • Aug 14, 2019 | Coindesk

    Meet FumbleChain, the Deliberately Flawed Blockchain [Black Hat USA 2019]

    Demonstrated for the first time last Thursday at the Black Hat infosec event, the deliberately flawed technology is meant to act as an educational tool for crypto developers.
    Read More
  • Aug 14, 2019 | CSO Online

    Thoughts from Defcon 27 – This is why I do what I do [Black Hat USA 2019]

    Every year, thousands of security professionals descend upon Las Vegas to take part in a series of conferences known as Hacker Summer Camp. This year, Black Hat, BSides Las Vegas, Defcon 27 and the Diana Initiative took up the majority of the conference space. So, what makes this one of the most relevant and successful security conferences?
    Read More
  • Aug 14, 2019 | VICE

    Apple’s New Bug Bounty Is a ‘Historical Moment’ For the iPhone’s Security [Black Hat USA 2019]

    The company’s head of security engineering Ivan Krstic made these announcements at the Black Hat security conference on Thursday of last week. What he didn’t say is that this is a major win not only for iOS hackers and jailbreakers, but also for users—and ultimately even for Apple.
    Read More
  • Aug 14, 2019 | Techspective

    Qualys Has a Prescription for Better Cybersecurity [Black Hat USA 2019]

    One of the first things I saw when I arrived in Las Vegas for Black Hat—aside from the flashing lights of the banks of slot machines and the large neon “Welcome to Las Vegas” sign in the airport terminal—was an ad on the wall for Qualys. The ad shows a red and white pill with the Qualys logo, accompanied by the tagline “A New Prescription for Security and It’s Free.”
    Read More
  • Aug 14, 2019 | Brian Madden Blog

    Apple finally expands bug bounty program, talks about research devices at Black Hat [Black Hat USA 2019]

    On the last day of Black Hat 2019, I attended an interesting session where Apple provided a peek behind the curtain on macOS and iOS security, as well as finally announced an expansion to Apple’s bug bounty program and its new iOS Security Research Devices.
    Read More
  • Aug 14, 2019 | Enterprise Times UK

    Threat hunting, attribution and identifying what motives threat actors [Black Hat USA 2019]

    Jaime Blasco is the AVP Product Development at Alien Labs, part of AT&T Cybersecurity. At Black Hat 2019, Jaime sat down with Enterprise Times to talk about threat intelligence. It’s a subject that is high on a lot of organisations agenda. The problem, is that many organisations don’t know what to do with it. They are overwhelmed by the intelligence they gather and when they try and DIY, they lack the tools. But when they go to many vendors, what they get are a series of alerts which often lack an actionable element.
    Read More
  • Aug 14, 2019 | Expert Reviews UK

    Millions of Android phones at risk of shipping with malware pre-installed [Black Hat USA 2019]

    Millions of Android phones are at risk of shipping with malicious pre-installed apps, a recent report from Black Hat has uncovered. The findings were presented by Maddie Stone, a former employee of Android Security and current member of the Project Zero team, who revealed that it’s near-impossible to protect your device against the flaw.
    Read More
  • Aug 14, 2019 | Security Boulevard

    Black Hat 2019 Highlights [Black Hat USA 2019]

    Last week, a number of nCipher employees attended the 2019 Black Hat USA conference. The booth, which saw around 1,000 visitors, was home to a mix of activity.
    Read More
  • Aug 14, 2019 | Security Boulevard

    New Switch Vulnerability Discovered by Nozomi Networks Labs [Black Hat USA 2019]

    Nozomi Networks Labs responsibly disclosed the security issue to Siemens CERT and CISA. This effort is part of ongoing research conducted by Nozomi Networks Labs to test common devices for vulnerabilities. For example, the Labs team recently presented its research on securing intelligent electronic devices (IEDs) using the IEC 62351-7 Standard for Monitoring at BlackHat 2019. While doing this analysis, we discovered a previously unknown device vulnerability.
    Read More
  • Aug 14, 2019 | Help Net Security

    Optimizing the patch management process [Black Hat USA 2019]

    In this podcast recorded at Black Hat USA 2019, Jimmy Graham, Senior Director of Product Management at Qualys, discusses the importance of a tailored patch management process.
    Read More
  • Aug 13, 2019 | Heise Online

    Forscher manipulieren Inhalt und Absender von WhatsApp-Nachrichten [Black Hat USA 2019]

    Auf der diesjährigen Black-Hat-Konferenz demonstrierte ein Forscherteam live, dass Angreifer unter bestimmten Voraussetzungen Inhalt und Absender per WhatsApp verschickter Kurznachrichten auf verschiedene Arten verändern könnten.
    Read More
  • Aug 13, 2019 | Digital Munition

    ‘Bug bounty’: Apple to pay hackers more than $1m to find security flaws | Technology [Black Hat USA 2019]

    Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 13, 2019 | Lifeboat

    Pre-installed apps in 7 million Android devices found containing malware [Black Hat USA 2019]

    At the Black Hat cybersecurity conference in Las Vegas, Maddie Stone, a security researcher on Project Zero and who previously served as Senior Reverse Engineer & Tech Lead on Android Security team, revealed that her team discovered three instances of Android malware being pre-installed in budget Android phones in the recent past.
    Read More
  • Aug 13, 2019 | Digital Munition

    Black Hat 2019 brings out new security, protection offerings [Black Hat USA 2019]

    At the 22nd annual Black Hat conference in Las Vegas for computer security consulting, training and briefing, industry experts came together from Aug. 3 to 8 to discuss emerging threats in cybersecurity, such as new attack methods and critical vulnerabilities across various industries. The conference also served as the birthplace for many potential answers to the security issues highlighted. Vendors in security and networking used Black Hat as an opportunity to unveil their newest products and services to the tens of thousands of attendees that ranged from executives and security professionals to small-business owners to individuals with an interest in the cybersecurity world.
    Read More
  • Aug 13, 2019 | Insurance Journal

    Car Makers Befriend Hackers to Learn About Cyber Vulnerabilities [Black Hat USA 2019]

    Known for its sprawling resorts and casinos, Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference.
    Read More
  • Aug 13, 2019 | Semiconductor Engineering

    System Bits: Aug. 13 [Black Hat USA 2019]

    The team presented their findings at the recent Black Hat USA conference in Las Vegas, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7.
    Read More
  • Aug 13, 2019 | Within Nigeria

    Apple Offers $1m Reward To Anyone Who Can Hack An IPhone [Black Hat USA 2019]

    The bounty, which was announced by the iPhone-maker at the annual Black Hat hacker convention in Las Vegas, is the company’s biggest ever.
    Read More
  • Aug 13, 2019 | Teach Beacon

    Zero-trust in a cloud-native world: Best practices emerge [Black Hat USA 2019]

    How the industry should update zero-trust in today’s cloud-native computing world is the question I hoped to answer at this year’s Black Hat USA conference in Las Vegas. To this end, I whittled the list of vendor PR pitches down to four from companies that were breaking the zero-trust mold.
    Read More
  • Aug 13, 2019 | Digital Munition

    Millions of New Android Phones Sold With Preinstalled Malware [Black Hat USA 2019]

    Stone shared her team’s findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file.
    Read More
  • Aug 13, 2019 | Digital Munition

    Black Hat USA 2019 Featuring Cisco, Webroot, Microsoft [Black Hat USA 2019]

    A record 19,000-plus cybersecurity professionals descended on Las Vegas last week for the massive Black Hat USA 2019 conference.
    Read More
  • Aug 13, 2019 | Pulse2

    "Apple Is Offering A $1 Million Reward For Anyone Who Can Hack An iPhone " [Black Hat USA 2019]

    Ivan Krstić — the Head of Security Engineering and Architecture at Apple — announced the bug bounty at Black Hat. And Apple is also launching a bug bounty program for Macs, watchOS, and Apple TV. Apple will also give developer devices to bug bounty participants.
    Read More
  • Aug 13, 2019 | Fifth Domain

    What government can do to keep its cyber workforce [Black Hat USA 2019]

    “They have to value these people, and I don’t know that they’re fully valued,” said Greg Conti, current senior security strategist at IronNet, former director of the Army Cyber Institute and a senior cyber warfare adviser to U.S. Cyber Command, in an Aug. 8 interview at Black Hat 2019, held in the Mandalay Bay Resort & Casino.
    Read More
  • Aug 13, 2019 | Olajide TV

    Apple Offers $1m To Anyone Who Can Hack An iPhone [Black Hat USA 2019]

    The bounty, which was announced by the iPhone-maker at the annual Black Hat hacker convention in Las Vegas, is the company’s biggest ever.
    Read More
  • Aug 13, 2019 | Insinuator

    Black Hat US 2019 / Some Talks [Black Hat USA 2019]

    I’ve been at Black Hat Vegas last week and in the following I’ll shortly discuss some talks I’ve attended and which I found interesting.
    Read More
  • Aug 13, 2019 | FlyerTalk

    Leaked Dreamliner Code Reveals “Startling” Vulnerabilities [Black Hat USA 2019]

    A cybersecurity researcher has offered a presentation on exploitable bugs he discovered in the code used in Boeing Dreamliner aircraft this week at the Black Hat cybersecurity conference in Las Vegas. Ruben Santamarta says he was surprised to find the code used in Boeing’s 737 and 787 aircraft readily available online, but he was even more shocked to find flaws in the software which could allow hackers to take control of some of the Dreamliner’s systems.
    Read More
  • Aug 13, 2019 | Paste Magazine

    Google Researchers Say Android Malware Could Come Pre-Installed on Devices [Black Hat USA 2019]

    "In a talk called “Securing The System” at last week’s Black Hat cybersecurity conference, Google researcher Maddie Stone outlined how pre-installed applications are exploited to run malware without the user’s knowledge. This security vulnerability is especially acute for Android’s open-source operating system, which is a favorite for low-budget Android device-makers. Typically, an Android device has about 100-400 pre-installed applications (don’t confuse them with the other sense of the word apps—not all of them have icons on your home screen). Since these apps are pre-installed, anti-virus software does not detect them if they behave maliciously, and they can never be entirely deleted from the device, only deactivated.
    Read More
  • Aug 13, 2019 | Digital Information World

    "Hackers can Change the Messages received on WhatsApp" [Black Hat USA 2019]

    "An annual Black Hat security conference was held on 7th August in Las Vegas. At conference Israeli Security Company, Check Point disclosed the WhatsApp's vulnerability that let hackers change the message and also modify the sender’s identity.
    Read More
  • Aug 13, 2019 | IT Pro Today

    BGP Hijackings Take on New Meaning in Cybersecurity Climate [Black Hat USA 2019]

    The Border Gateway Protocol is vulnerable to malicious actors -- and as of right now, little can be done about it from a security perspective, although there have been attempts to make it more reliable. Despite the apparent risk, last week's Black Hat and Def Con events didn't have one session that mentioned BGP hijackings.
    Read More
  • Aug 13, 2019 | IT Pro Today

    Black Hat 2019: The Promise of 5G Also Brings Security Concerns [Black Hat USA 2019]

    While several large cities in the US are rolling out 5G networks, before we get to a world with the widespread use of 5G, a lot obviously needs to be worked out with the security around it too. Hailed initially as an ultra-secure protocol, one session at Black Hat proved that to be far from true.
    Read More
  • Aug 13, 2019 | CRN

    Microsoft opens security lab to test vulnerabilities [Black Hat USA 2019]

    Microsoft has introduced the Azure Security Lab — a dedicated customer-safe Cloud environment, at the Black Hat USA 2019 conference. The Azure Security Lab is a set of dedicated Cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios.
    Read More
  • Aug 13, 2019 | We Live Security

    Hacking my airplane – BlackHat edition [Black Hat USA 2019]

    Until it did. Here at BlackHat a while back we got to see videos of vehicles swerving out of control following a hack. Thankfully, the automotive industry came to terms with the hacking reality, and (some) even sponsored hacking opportunities like the automotive hacking village here at DefCon later in the week. It was a very positive turn of events. By engaging the hacker culture in a more open way, automobile technology started to get better at defending against hacks, which helps to keep us all safe.
    Read More
  • Aug 13, 2019 | Cisco Magazine

    What I learned at the Black Hat USA 2019 Conference [Black Hat USA 2019]

    The phrase ‘black hat’ refers to a hacker with criminal intentions, so I expected my first trip to the Black Hat USA conference held in Las Vegas this year to give me exposure to the shady underbelly of the cybersecurity world.
    Read More
  • Aug 13, 2019 | Cisco Magazine

    Apple offers $1 million Bug Bounty to hack its iPhone [Black Hat USA 2019]

    Speaking at the Black Hat technology security conference in Las Vegas, Krstic stated that the company is also going to reward another $500,000 (£415,500) to those who can find a Network Attack or any other technical flaws in its devices, making it more lucrative to security researchers.
    Read More
  • Aug 13, 2019 | Inc.

    Apple Will Give You $1 Million if You Can Do This 1 Thing (and Why It's Happy to Do So) [Black Hat USA 2019]

    "Apple's bug-bounty program has been around since 2016, but the company just upped the ante last week during the Black Hat cybersecurity conference in Las Vegas. Of course, in order to get paid, you have to show that you're able to gain remote access to the core functionality of iOS without the device's owner doing anything at all.
    Read More
  • Aug 13, 2019 | Dark Reading

    2019 Pwnie Award Winners (And Those Who Wish They Weren't) [Black Hat USA 2019]

    The awards ceremony, held at the Black Hat USA security conference, bears little resemblance to the Oscars, Grammys, Emmys, or pretty much any other awards show. There's no glitz or glamour. The dress code is strictly informal; shorts and T-shirt are perfectly acceptable sartorial choices. Judges lightheartedly B-box and/or thigh-slap the drumrolls, and the awards themselves recognize not just excellence in the field of information security, but also the more dubious distinctions and epic fails.
    Read More
  • Aug 13, 2019 | Security Boulevard

    Building a Culture of Security: 73 articles Summarizing Black Hat USA 2019 [Black Hat USA 2019]

    If there was a common theme at the 2019 Black Hat USA conference in Las Vegas, it may well have been security culture. Culture emerged in some of the most prominent sessions and talks, including, notably, a keynote address by Dai Zovi and a session presented by Equifax CISO Jamil Farshchi.
    Read More
  • Aug 13, 2019 | Naked Security

    Fake news doesn’t (always) fool mice [Black Hat USA 2019]

    Still, the ability of mice to recognize real vs. fake phonetic construction can come in handy for sniffing out deep fakes. According to researchers at the University of Oregon’s Institute of Neuroscience, who presented their findings during a presentation at the Black Hat security conference last Wednesday (7 August), recent work has shown that “the auditory system of mice resembles closely that of humans in the ability to recognize many complex sound groups.”
    Read More
  • Aug 13, 2019 | Health IT Security

    Google Finds Phishing Success Based on Targeted Nature, Evolving Variants [Black Hat USA 2019]

    Presented at Black Hat last week, the report showed that Google blocks more than 100 million phishing emails every day. Google Safe Browsing protects about 4 billion devices from phishing and other malicious sites.
    Read More
  • Aug 13, 2019 | Pulse2

    Apple Is Offering A $1 Million Reward For Anyone Who Can Hack An iPhone [Black Hat USA 2019]

    Apple is providing a reward of up to $1 million for hackers who can break into an iPhone and inform the company about how it was done. Apple announced the massive bug bounty at the annual Black Hat hacker convention in Las Vegas last week. This is Apple’s largest-ever bug bounty and it is five times bigger than its previous largest payout.
    Read More
  • Aug 13, 2019 | The Cyberwire

    Black Hat and Def Con [Black Hat USA 2019]

    Cyber insurance policies currently fetch a surprisingly low premium, as TechTarget notes from discussions it heard at Black Hat. The low cost is a supply-side phenomenon: a lot of insurers are working to get into the market, and they're competing on price. But the low premiums being charged probably mean that the underwriters are still working without the actuarial data and models they need to be fully comfortable with the risk they're accepting in transfer from their customers. Expect prices to change as the actuaries catch up with the consequences of cyber incidents.
    Read More
  • Aug 13, 2019 | The Cyberwire Podcast

    Episode 913 [Black Hat USA 2019]

    "More on the UN Security Council’s report on North Korean state-sponsored cyber crime. PsiXBot evolves. BITTER APT probes Chinese government networks in an apparent espionage campaign. A study looks at the state of spearphishing. It’s not just the three-letter agencies out securing US voting systems; it’s the four-letter agencies who are taking point. And a last look back at Black Hat and Def Con. Jonathan Katz from UMD on Apple’s clever new cryptographic protocol. Guest is Mike Overly from Foley and Lardner LLP on the House’s hold on the State Department’s proposal for a Bureau of Cyberspace Securities and Emerging Technologies.
    Read More
  • Aug 13, 2019 | Ars Technica

    Hack in the box: Hacking into companies with “warshipping” [Black Hat USA 2019]

    Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque. At the Black Hat security conference here last week, Ars got a close look at the hardware that has weaponized cardboard.
    Read More
  • Aug 13, 2019 | Wall Street Journal

    Researchers Hack Into Industrial Equipment Thought to Be Secure [Black Hat USA 2019]


    Read More
  • Aug 13, 2019 | SANS Security Insights

    Don't Fear DevOps: Black Hat 2019 [Black Hat USA 2019]

    BLACK HAT 23, LAS VEGAS — During his keynote at the Black Hat security conference last Wednesday, Dino Dai Zovi, Staff Security Engineer at Square, challenged the audience to fully immerse themselves in DevOps in order to support today's pace of web- and cloud-based business.
    Read More
  • Aug 13, 2019 | Bitcoin.com.mx

    Una blockchain vulnerable para aprender sobre las trampas de seguridad [Black Hat USA 2019]

    Un ejemplo de ello es el proyecto, Hack the Block! FumbleChain, desarrollado por la compañía Kudelski, el cual fue lanzado durante la conferencia de Black Hat, evento realizado en Las Vegas, Estados Unidos del 3 al 8 de agosto.
    Read More
  • Aug 12, 2019 | Ubergizmo

    WhatsApp Flaw Lets Hackers Alter Your Chats [Black Hat USA 2019]

    During a recent Black Hat security conference held in Las Vegas, it has been revealed by the researchers that there are several WhatsApp flaws in which it would allow chat messages to be altered. This means that in theory, a hacker could take a message and change its contents to make it seem like a completely different message.
    Read More
  • Aug 12, 2019 | Dice

    Apple Offering Insane Payday for This Type of Bug [Black Hat USA 2019]

    At this year’s edition of the Black Hat security conference in Las Vegas, Ivan Krstic, Apple’s head of security engineering and architecture, told the audience (and the world at large) that Apple would give that million-dollar payday to anyone who discovered a remote attack that allowed an attacker to gain total control of a user’s iPhone without that user doing anything to help.
    Read More
  • Aug 12, 2019 | Find Biometrics

    Researchers Use Tape and Glasses to Spoof Face ID Liveness Detection [Black Hat USA 2019]

    The technique is effective because the Face ID algorithm does not make a complete scan when the user is wearing glasses. Tencent’s researchers were able to use the “X-Glasses” to unlock someone’s phone and authorize a financial transaction, and presented their findings at the recent Black Hat conference in Las Vegas.
    Read More
  • Aug 12, 2019 | Xinhua Net

    国际顶尖黑客如何一决高下 [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | Reuters TV

    Black Hat Def Con Pose Challenge to Las Vegas [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | Wall Street Journal

    Hackers Go Pro, Seeking Bounties for Bugs [Black Hat USA 2019]

    LAS VEGAS—Finding fundamental flaws in software used to be a shady business. Companies often mistrusted the researchers who brought bugs to their attention, dealing with them at arm’s length, if at all.
    Read More
  • Aug 12, 2019 | USA Today

    WiFi can be a free-for-all for hackers. Heres how to stop them from taking your data [Black Hat USA 2019]

    LAS VEGAS — The connectivity at Black Hat and DEF CON is not where you want to gamble. Both conferences attract thousands of information-security professionals, some of whom will snoop around networks here.
    Read More
  • Aug 12, 2019 | Futurism

    HACKERS ARE ROASTING A TERRIBLE SPONSORED TALK AT BLACK HAT [Black Hat USA 2019]

    Cybersecurity experts at the Black Hat security conference in Las Vegas last week ridiculed a bizarre, sponsored presentation by a company called Crown Sterling to the point that its materials got taken off of the conference website.
    Read More
  • Aug 12, 2019 | VICE

    Google Hackers Found 10 Ways to Hack an iPhone Without Touching It [Black Hat USA 2019]

    Project Zero has returned with a new report by researcher Natalie Silvanovich highlighting 10 new ways that the iPhone can be covertly compromised by hackers. Silvanovich and fellow Project Zero researcher Samuel Groß revealed the flaws last week at the Black Hat hacking and security conference in Las Vegas.
    Read More
  • Aug 12, 2019 | TechTarget

    Black Hat 2019 brings out ne security, protection offerings [Black Hat USA 2019]

    At the 22nd annual Black Hat conference in Las Vegas for computer security consulting, training and briefing, industry...
    Read More
  • Aug 12, 2019 | Mobile ID World

    Tencent Researchers Beat Face ID Liveness Detection with Glasses and Tape [Black Hat USA 2019]

    The technique is effective because the Face ID algorithm does not make a complete scan when the user is wearing glasses. Tencent’s researchers were able to use the “X-Glasses” to unlock someone’s phone and authorize a financial transaction, and presented their findings at the recent Black Hat conference in Las Vegas.
    Read More
  • Aug 12, 2019 | Security Boulevard

    Black Hat 2019 Recap: Transformation & the New Cybersecurity Culture [Black Hat USA 2019]

    As the security industry finally leaves Las Vegas after a full week of Black Hat, Defcon, and Bsides, we wanted to set aside some time to take stock and think about all the trainings, presentations, research, and conversations during our week in the desert. One of the overarching takeaways that was cemented by Dino Dai Zovi’s keynote is the critical need for security to become embedded in our culture.
    Read More
  • Aug 12, 2019 | iConnect 007

    TAU and TechnionResearchers Hack One of World's Most Secure PLCs [Black Hat USA 2019]

    The team is slated to present their findings at Black Hat USA week in Las Vegas this month, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7.
    Read More
  • Aug 12, 2019 | Haber7

    Apple, bunu yapabilene 1 milyon dolar ödül verecek [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | IT Pro Today

    Black Hat 2019: Can Products Make Up Security Talent Shortfall? [Black Hat USA 2019]

    At this year’s Black Hat event in Las Vegas, several vendors in the talent and training space introduced new concepts and ideas for addressing the so-called skills gap that's leaving roles in security departments empty.
    Read More
  • Aug 12, 2019 | IT Pro Today

    Black Hat 2019: Investment, Interest in AI for Security Ramps Up [Black Hat USA 2019]

    An emphasis on AI was clear at this year’s Black Hat event in Las Vegas, where several vendors were promoting platforms that leverage AI and machine learning capabilities to address threat detection.
    Read More
  • Aug 12, 2019 | Naked Security

    GDPR privacy can be defeated using right of access requests [Black Hat USA 2019]

    In his session entitled GDPArrrrr: Using Privacy Laws to Steal Identities at this week’s Black Hat show, Pavur documents how he decided to see how easy it would be to use right of access requests to ‘steal’ the personal data of his fiancée (with her permission).
    Read More
  • Aug 12, 2019 | Naked Security

    Apple will hand out unlocked iPhones to vetted researchers [Black Hat USA 2019]

    Well, here’s some good news for a select group of researchers: at the Black Hat 2019 security conference on Thursday, Apple’s head of security, Ivan Krstic, unveiled a new program through which the company is offering some form of pre-dev iPhones, specifically for security researchers.
    Read More
  • Aug 12, 2019 | News Guardian

    Apple is offering £830,000 to anyone who can hack an iPhone [Black Hat USA 2019]

    Apple’s head of security, Ivan Krstić, recently announced the news at the Black Hat technology security conference in Las Vegas.
    Read More
  • Aug 12, 2019 | Decipher

    PHISHERS PLAY ON EMOTIONS TO FOOL VICTIMS [Black Hat USA 2019]

    The researchers presented their results at the Black Hat USA conference here, and in addition to the findings on emotional responses, they found that targeted phishing is more common and effective than bulk campaigns. The massive phishing spam runs pushing pharmaceuticals, lottery scams, and gift cards are still out there, but those emails rarely make it into users’ inboxes these days, thanks to better detection methods. The ones that present the clear and present danger to most people are the spear phishing or boutique phishing campaigns. Spear phishing targets a handful of individual people or organizations and boutique campaigns go after a few dozen companies or people. Google’s numbers show that enterprises are 4.8 times more likely to be targeted by phishing campaigns than any other group.
    Read More
  • Aug 12, 2019 | Analytics India Magazine

    5 Biggest Cybersecurity Updates From Black Hat 2019 You Should Know [Black Hat USA 2019]

    The biggest event for hackers concluded in Las Vegas last week. During the conference, there were many revelations that threw light on the cybersecurity space and some of them were shocking enough to get all the eyes. Here are the top updates that came out of Black Hat conference that you need to know about:
    Read More
  • Aug 12, 2019 | The Cyberwire Podcast

    Black Hat and Def Con [Black Hat USA 2019]

    Black Hat and Def Con have concluded. Here are few observations about the discussion of technology and policy that took place at the events.
    Read More
  • Aug 12, 2019 | MSSPalert

    A. Today’s MSSP Alerts [Black Hat USA 2019]

    1. Black Hat 2019 and 2020: The Black Hat 2020 cybersecurity conference dates and location are now confirmed. Track all of our Black Hat conference news and analysis here. Special thanks to the more than 30 executives and companies with whom we met at last week’s event. We’ll be sharing more event thoughts soon.
    Read More
  • Aug 12, 2019 | Brian Madden Blog

    Black Hat 2019: Learning about the latest in authentication, workspaces, and security [Black Hat USA 2019]

    Black Hat 2019 felt like a blur to me as I ran from meeting to session to meeting (while still finding time for the business hall). I sat down with over a half dozen vendors, some old and new to me, and attended several interesting sessions.
    Read More
  • Aug 12, 2019 | Wellington Research

    Black Hat Notes: A Cyber Industry In Transition [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | Wellington Research

    Black Hat Notes: Dirt NOT Dished Here [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | Channel Partners Online

    Image Gallery: Black Hat USA 2019 Featuring Cisco, Webroot, Microsoft [Black Hat USA 2019]

    A record 19,000-plus cybersecurity professionals descended on Las Vegas last week for the massive Black Hat USA 2019 conference.
    Read More
  • Aug 12, 2019 | Tech Target

    Why cyber insurance policies are so 'ridiculously cheap' [Black Hat USA 2019]

    The cyber insurance market is growing rapidly and policies are incredibly inexpensive -- but experts at Black Hat 2019 had concerns about those low prices.
    Read More
  • Aug 12, 2019 | Digital Trends

    Google flags preinstalled malware as hidden threat on millions of Android phones [Black Hat USA 2019]

    Stone shared her team’s findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file.
    Read More
  • Aug 12, 2019 | IT Pro Today

    Black Hat 2019: Election security gets top billing at Black Hat, Def Con [Black Hat USA 2019]

    LAS VEGAS — With the U.S. still dealing with the fallout of the 2016 presidential election, and with the 2020 vote just 15 months away, the state of election security was top of mind at the Black Hat and Def Con security conferences last week.
    Read More
  • Aug 12, 2019 | News18

    Microsoft Azure Security Lab will Offer Cybersecurity Researchers a New Guinea Pig [Black Hat USA 2019]

    Microsoft has introduced the Azure Security Lab -- a dedicated customer-safe Cloud environment, at the Black Hat USA 2019 conference which convened here this week. The Azure Security Lab is a set of dedicated Cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers, according to Microsoft, Xinhua news agency reported.
    Read More
  • Aug 12, 2019 | Autoblog

    Automakers' vulnerabilities on display at hackers convention in Vegas [Black Hat USA 2019]

    Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference.
    Read More
  • Aug 12, 2019 | Threatpost

    Black Hat 2019 News Wrap: The Best and Worst of the Show [Black Hat USA 2019]

    Threatpost breaks down the highs and lows from Black Hat 2019, from new vulnerabilities and industry collaboration to a scandal around a sponsored session.
    Read More
  • Aug 12, 2019 | The Guardian

    Bug bounty': Apple to pay hackers more than $1m to find security flaws [Black Hat USA 2019]

    Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 12, 2019 | Online PC.ch

    WhatsApp bestreitet Expertenbericht über Schwachstellen [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | SMB Nation

    http://www.smbnation.com/big-data-analytics/2938-black-hat-the-cyber-shell-game-war-information-warfare-and-the-darkening-web [Black Hat USA 2019]

    Alexander Klimburg’s speech at Black Hat was well received and combined hacking, security and geopolitical topics. In this 1:1 interview after his presentation, Klimburg shares the six stages of cyber warfare and much more.
    Read More
  • Aug 12, 2019 | The Gaurdian

    'Bug bounty': Apple to pay hackers more than $1m to find security flaws [Black Hat USA 2019]

    Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 12, 2019 | PCMag

    Researcher Breaches iPhone by Sending an iMessage [Black Hat USA 2019]

    At Black Hat, a Google security researcher details numerous bugs in iMessage that could be exploited remotely without interaction from the victim.
    Read More
  • Aug 11, 2019 | z6Mag

    All you need is some sunglasses and some tape to bypass the iPhone’s FaceID [Black Hat USA 2019]

    There was a flaw in the liveness detection function of the biometric authentication system that is used by Apple for unlocking an iPhone using face recognition and that dangerous discovery has shocked attendees of the Black Hat hacker convention held in Las Vegas when cybersecurity researchers have managed to bypass the iPhone’s face recognition feature in just a mere 120 seconds and some things you can find in your desk.
    Read More
  • Aug 11, 2019 | VICE

    Apple Will Give You $1 Million to Hack an iPhone [Black Hat USA 2019]

    The bounty, which was announced by the iPhone-maker at the annual Black Hat hacker convention in Las Vegas on Thursday, is the company’s biggest ever -- in fact, it’s five times bigger than its previous largest payout.
    Read More
  • Aug 11, 2019 | CBS 8 News Now

    Black Hat Convention highlights the importance of cybersecurity [Black Hat USA 2019]

    The issue is one being talked about at the annual Black Hat Convention here in town.
    Read More
  • Aug 11, 2019 | iLounge

    Black Hat researchers demonstrate unlocking Face ID using ‘X-Glasses’ [Black Hat USA 2019]

    Tencent researchers have found a way to unlock another person’s iPhone by using tape, glasses and the unconscious person’s facial features. At the Las Vegas Black Hat conference, the group from Tencent demonstrated how they could fool the iPhone’s liveness detection feature, which was advertised to distinguish between real and fake facial features.
    Read More
  • Aug 11, 2019 | VICE

    Black Hat Talk About ‘Time AI’ Causes Uproar, Is Deleted By Conference [Black Hat USA 2019]

    A controversial sponsored talk at the Black Hat security conference caused an uproar among security professionals and prompted the conference to delete the talk from the internet.
    Read More
  • Aug 11, 2019 | HelpNet Security

    Week in review: SWAPGS attack, DNS security, vulnerable Siemens PLCs, Black Hat USA 2019 [Black Hat USA 2019]


    Read More
  • Aug 11, 2019 | ZDNet

    Two weird ways your iPhone or Mac can be hacked [Black Hat USA 2019]

    As for hacking into an iPhone, security researchers at the Black Hat hacker convention in Las Vegas managed to bypass the iPhone's Face ID authentication system in 120 seconds.
    Read More
  • Aug 11, 2019 | Latest Hacking News

    Apple Bug Bounty Program Expands To Include MacOS and Other Products [Black Hat USA 2019]

    Here comes good news for all researchers who demanded bug bounties for MacOS. Three years back, at Black Hat USA.
    Read More
  • Aug 11, 2019 | BeeBom

    You Can Unlock an iPhone Protected with Face ID Using Glasses and Tape [Black Hat USA 2019]

    The details of the attack were explained on Black Hat USA 2019 which is an annual security conference. Researchers were able to get into the victim’s iPhone by using a modified pair of glasses. The glasses have a combination of white and black tape pasted on them and they call it the “X-glasses“.
    Read More
  • Aug 11, 2019 | Shine.cn

    Microsoft introduces security lab to test vulnerabilities, attacks [Black Hat USA 2019]

    Microsoft has introduced the Azure Security Lab, a dedicated customer-safe cloud environment, at the Black Hat USA 2019 conference which convened here this week.
    Read More
  • Aug 11, 2019 | Reuters

    Automakers warm up to friendly hackers at cybersecurity conference [Black Hat USA 2019]

    Known for its sprawling resorts and casinos, Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference.
    Read More
  • Aug 10, 2019 | Spiegel

    "It's not about exposing other manufacturers" [Black Hat USA 2019]

    Black Hat in Las Vegas
    Read More
  • Aug 10, 2019 | Xinhua Net

    黑帽黑客大会聚焦网络安全新趋势 [Black Hat USA 2019]


    Read More
  • Aug 10, 2019 | Xinhua Net

    Black Hat USA 2019 conference explores new trends in cybersecurity [Black Hat USA 2019]

    LAS VEGAS, Aug. 8 (Xinhua) -- Tens of thousands of the world's best cybersecurity professionals gathered in Las Vegas this week for the Black Hat USA 2019 cybersecurity conference, which focuses on latest development and new trend in cybersecurity.
    Read More
  • Aug 10, 2019 | Financial Express

    Apple offers $1 million if you can hack an iPhone [Black Hat USA 2019]

    The bounty was announced by the company at the annual Black Hat hacker convention in Las Vegas last week. It is said to be the biggest ever payout by the iPhone-maker.
    Read More
  • Aug 10, 2019 | The Telegraph UK

    Inside Black Hat, the world’s biggest ethical hacker conference in Las Vegas [Black Hat USA 2019]

    Black Hat, the world’s biggest annual cyber security conference, opened its doors in 1997 and has since grown from an obscure “hacker summer camp” for geeks into a vast and increasingly mainstream event sponsored by blue chip companies such as Cisco and Accenture. Attendees pay $3,000 a ticket to join hacking lessons, to network and relax in casinos.
    Read More
  • Aug 10, 2019 | WIRED

    SECURITY NEWS THIS WEEK: ELECTION SYSTEMS ARE WAY MORE VULNERABLE THAN WE THOUGHT [Black Hat USA 2019]

    HACKER SUMMER CAMP is here again! You know what that means: WIRED is back in Las Vegas for the annual Black Hat and Defcon security conferences, where we’re digging into the latest and greatest hacks on display. First, let’s talk about iPhones. A researcher found it’s possible to break into one just by sending a text message. To help uncover similar vulnerabilities in the future, Apple is handing out new, hacker-friendly iPhones to its favorite security researchers, and paying up to $1.5 million in bug bounties.
    Read More
  • Aug 10, 2019 | PCMag

    Black Hat Attendees: Sponsored Session Was 'Snake Oil Crypto' [Black Hat USA 2019]

    LAS VEGAS—The Black Hat security conference is no stranger to controversy, but that's usually limited to daring hacks or heated debates about privacy. This year, a sponsored session drew ridicule from attendees who claim it was little more than pseudoscience, and the uproar prompted Black Hat organizers to remove the content from the website.
    Read More
  • Aug 9, 2019 | Heise Online

    Soziale Netzwerke: Zweifelhafte Phishing-Tests mit Mitarbeitern [Black Hat USA 2019]

    Das erste Tool, das Jacob Wilkin im Rahmen einer Präsentation auf der Black-Hat-Konferenz vorstellte, nennt sich "Social Attacker". Die in Python geschriebene Software dient der weitgehenden Automatisierung von Phishing-Angriffen innerhalb von Facebook, LinkedIn, Twitter und VKontakte.
    Read More
  • Aug 9, 2019 | Heise Online

    Biometrics: Life detection in biometric authentication on the iPhone undone [Black Hat USA 2019]

    HC Ma of Tencent Security demonstrated during the Black Hat 2019 the research results of his colleagues who could not present themselves due to lack of visa. The hackers studied the ways in which face, voice, fingerprint, iris, or palm detection sensors determine whether a living human is interacting with them - or just a photo or voice record. This sets them apart from the researchers, who focused exclusively on kicking off the sensors themselves, while leaving aside features such as Apple's "attention checking for face ID".
    Read More
  • Aug 9, 2019 | Inside Cybersecurity

    New report describes acute threat from criminal cyber actors in Russia [Black Hat USA 2019]

    “The first rule of Russian dark web communities is to never target victims in CIS countries, especially Russia,” according to “The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime,” released Thursday at the Black Hat USA 2019 conference here.
    Read More
  • Aug 9, 2019 | Researcher details how GDPR, privacy laws can be manipulated for identity theft

    Researcher details how GDPR, privacy laws can be manipulated for identity theft [Black Hat USA 2019]

    James Pavur used the GDPR’s “right of access” provision, requiring companies to reveal information they hold on citizens upon their request, to collect data including his girlfriend’s social security number, date of birth, credit card activity and even account passwords. Pavur detailed the experience in a white paper released here at Black Hat.
    Read More
  • Aug 9, 2019 | Security Boulevard

    Live From Black Hat USA: Making Big Things Better the Dead Cow Way [Black Hat USA 2019]

    In InfoSec, we know and understand that hackers are not inherently bad. Many of them are hactivists looking to make positive change in the world. During the Black Hat panel discussion, “Making Big Things Better the Dead Cow Way,” Menn talked about how O’Rourke was 14 or 15 years old when he joined the cDc and left before the organization grew in notoriety, and that he interviewed a neo-Nazi in Texas and proceeded to let him hang himself with his own words. Even at that young age, he was all about diversity and engagement, especially within the cDc.
    Read More
  • Aug 9, 2019 | LiveMint

    Black Hat 2019 smokes out vulnerabilities in WhatsApp, iOS, Azure [Black Hat USA 2019]

    Your favourite messenger's end-to-end encryption may not be as secure as you think. At the Black Hat cybersecurity conference 2019 (August 7-8) in Las Vegas, security researchers from CheckPoint reverse-engineered WhatsApp's web source code to successfully intercept and manipulate private messages. WhatsApp isn't the only major platform that is under scrutiny at the conference.
    Read More
  • Aug 9, 2019 | Patently Apple

    While Face ID was hacked at the Black Hat Conference, the Plausibility of it occurring could only be found in a bad B-Movie [Black Hat USA 2019]

    The Black Hat 2019 Conference ran from August 3-8 and we reported earlier this week that Microsoft and Apple Leveled up their Hacker Bug Bounties. Yesterday Forbes posted a report titled "Black Hat USA 2019: Apple iOS New Flaws Let Hackers Break Into All iPhones." The report pointed out that "the Google team exploited the iOS vulnerabilities to hack and take control of an iPhone by just sending text messages."
    Read More
  • Aug 9, 2019 | SiliconANGLE

    Report from Black Hat: Escalating cyberthreats swirl around Apple, IoT and 5G [Black Hat USA 2019]

    “The thing that has really stood out to us is more IoT-based attacks,” Andrew Tsonchev, director of technology at Darktrace, said in an exclusive interview with SiliconANGLE at the Black Hat USA 2019 cybersecurity conference this past week in Las Vegas. “They slip under the radar and the impact is huge. IoT puts this in the firing line and so does 5G,” the next generation of wireless carrier networks.
    Read More
  • Aug 9, 2019 | CNET

    What a security researcher learned from monitoring traffic at Defcon [Black Hat USA 2019]

    The first time I saw Mike Spicer, I spotted him from a mile away. He was hard to miss as he threaded his way through the crowd at the 2017 Black Hat hacking conference in Las Vegas with 35 pounds of gear on his back.
    Read More
  • Aug 9, 2019 | ComputerWorld

    Apple announces a new iPhone (and you can’t have it) [Black Hat USA 2019]

    Ivan Krstić, Apple’s head of security engineering, provided big insights into Apple’s platform security during his presentation at Black Hat U.S. 2019.
    Read More
  • Aug 9, 2019 | ZDNet

    Black Hat 2019 trends: Social media influence campaigns, big business, ATM hacking [Black Hat USA 2019]

    CNET and CBS News Senior Producer Dan Patterson is reporting on the Black Hat USA 2019 cybersecurity conference in Las Vegas. He spoke with TechRepublic's Karen Roby about the main topics at Black Hat 2019.
    Read More
  • Aug 9, 2019 | IT Pro Today

    Black Hat: Using Tech to Offset User Behavior Risks [Black Hat USA 2019]

    At Black Hat 2019, several sessions looked at the human factors in security, and offered suggestions on preventing people from making costly errors.
    Read More
  • Aug 9, 2019 | IT Pro Today

    Black Hat 2019: Security Pros Must Start Informing Govt. Policies [Black Hat USA 2019]

    In two sessions at Black Hat 2019, security luminary Bruce Schneier, currently a fellow at the Harvard Kennedy School, made the argument for the need for the role public interest technologist and offered suggestions to address ways to get more individuals prepared for it, and to create more roles that demand the background.
    Read More
  • Aug 9, 2019 | Xinhua Net

    Spotlight: Black Hat USA 2019 conference focuses on new trend in cybersecurity [Black Hat USA 2019]

    Tens of thousands of the world's best cybersecurity professionals gathered in Las Vegas this week for the Black Hat USA 2019 cybersecurity conference, which focuses on latest development and new trend in cybersecurity.
    Read More
  • Aug 9, 2019 | PCMag

    Researcher Exploits GDPR Fears to Obtain Private Data [Black Hat USA 2019]

    GDPR grants you the right to access any personal data a company or other entity holds about you. But how are companies verifying that those data requests are legitimate? Some are not, one researcher revealed at Black Hat.
    Read More
  • Aug 9, 2019 | PCMag

    Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage [Black Hat USA 2019]

    Western audiences might view the disarray in Russian's intelligence agencies as a good thing, but security expert Kimberly Zenz argues at Black Hat that it just encourages risky behavior.
    Read More
  • Aug 9, 2019 | PCMag

    Black Hat 2019: The Craziest, Most Terrifying Things We Saw [Black Hat USA 2019]

    Black Hat is over for another year, but we'll be thinking of the fascinating and terrifying things we heard and saw for years to come.
    Read More
  • Aug 9, 2019 | Security Report

    Black Hat USA: perímetro controlado e além [Black Hat USA 2019]

    De volta a Las Vegas, a Black Hat USA encerrou nesta quinta-feira (08/08) a sua jornada, iniciada no dia 03 de agosto, apresentando as principais tendências e novidades em segurança da informação, cobrindo desde vulnerabilidades críticas encontradas em máquinas de votação, aeronaves, carros, dispositivos móveis, plataformas de mídia social e muito mais.
    Read More
  • Aug 9, 2019 | Business Insider

    Apple is offering a $1 million reward to anyone who can pull off this specific iPhone hack (AAPL) [Black Hat USA 2019]

    Apple announced the changes to its bug bounty program during the Black Hat cybersecurity conference in Las Vegas alongside other critical updates. In addition to the new $1 million reward, Apple also revealed that it's expanding the program to its other platforms such as macOS, tvOS, and watchOS, the software that powers its Mac, Apple TV, and Apple Watch products.
    Read More
  • Aug 9, 2019 | Channel E2E

    Hackers Disable MSP Backups, Launch Ransomeware Attacks [Black Hat USA 2019]

    Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce.
    Read More
  • Aug 9, 2019 | Politico

    Out in Vegas: DOJ, BlueKeep, VoIP phones [Black Hat USA 2019]

    The financial services industry has proven best at patching BlueKeep, the vulnerability that sparked worries about a massive attack on the scale of WannaCry or NotPetya, according to a SecurityScorecard analysis that coincides with a Black Hat presentation today. Across the industry, systems vulnerable to BlueKeep that were patched were typically patched within 13 days. Overall, the response to the vulnerability has been very slow, SecurityScorecard assessed.
    Read More
  • Aug 9, 2019 | Infosecurity Magazine

    #BHUSA: DevSecOps, Looking Beyond the Buzzword [Black Hat USA 2019]

    DevSecOps isn't just yet another meaningless buzzword, it's an approach that has a number of steps and real technologies that can be used to help effectively reduce risk. That's the message coming out of a session at the Black Hat USA conference in Las Vegas titled, "DevSecOps: What, Why and How."
    Read More
  • Aug 9, 2019 | SC Magazine

    Consumers feel privacy is no safer under GDPR [Black Hat USA 2019]

    Dave Meltzer, CTO at Tripwire, chatted with SC Media at Black Hat on the survey and sais that while some of the perceptions uncovered in the survey do reflect people’s gut reaction to the situation there is some evidence to prove that corporations are behaving differently under GDPR. He noted significant investment being made by companies in people, technology and processes by companies in order to comply with GDPR.
    Read More
  • Aug 9, 2019 | Computing

    NSA to build new features into its open-source malware analysis tool Ghidra [Black Hat USA 2019]

    Knighton and Delikat discussed their plans with specialist website Cyber Scoop before a session of the Black Hat security conference held in Las Vegas, California this week.
    Read More
  • Aug 9, 2019 | SC Magazine

    #BHUSA: Cult of the Dead Cow Members Discuss Hacktivism, Influence & Politicians [Black Hat USA 2019]

    In a panel at Black Hat USA, former members of the hacking collective Cult of the Dead Cow were joined by author Joseph Menn, who wrote the recent memoir Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World.
    Read More
  • Aug 9, 2019 | SC Magazine

    Destructive malware attacks double as attackers pair ransomware with disk wipers [Black Hat USA 2019]

    “Now you have to not only recover the data that you lost, but you have to recover the entire operating system along with that and that’s a larger effort for a company to work with,” said Christopher Scott, global remediation lead at X-Force IRIS, in a video interview with SC Media at Black Hat in Las Vegas. And that places more pressure on impacted organizations to acquiesce to the attackers’ demands.
    Read More
  • Aug 9, 2019 | Metro

    Apple to release super-exclusive new iPhone you’ll probably never get to try out [Black Hat USA 2019]

    Ivan Krstić told a group of tech security experts at the Black Hat conference that Apple would soon begin to hand out new iPhones to a chosen group of researchers.
    Read More
  • Aug 9, 2019 | Naked Security

    Parents, it’s time to delete Pet Chat from your child’s LeapPad [Black Hat USA 2019]

    The news about LeapFrog was released at Black Hat 2019 on Wednesday by the application security testing company Checkmarx.
    Read More
  • Aug 9, 2019 | Dark Reading

    Significant Vulnerabilities Found in 6 Common Printer Brands [Black Hat USA 2019]

    Printers have long been a target of vulnerability researchers and hackers. At the Black Hat Security Briefings in 2002, two security researchers demonstrated that HP printers could be remotely exploited using security weaknesses in a variety of access methods. In 2017, a graduate thesis presented a survey of the security flaws in printers and multifunction devices, identifying more than 125 printer vulnerabilities in the National Vulnerability Database dating back nearly 20 years.
    Read More
  • Aug 9, 2019 | Threatpost

    Misinformation to Voting Machine Flaws [Black Hat USA 2019]

    At Black Hat USA 2019, Threatpost caught up with Matt Olney, director of threat intelligence at Cisco Talos, to discuss the challenges that elections are facing. On one hand, election security is now top of mind for the information operations space in Facebook, Twitter and other social media companies looking to battle misinformation campaigns, cyber-influence operations and other, newer threats like deep fakes
    Read More
  • Aug 9, 2019 | The Daily Swig

    ‘This happens a lot more than many customers realize, it's often just brushed under the carpet’ [Black Hat USA 2019]

    What’s a show without an award? In the case of Black Hat, it’s the Pwnie Awards, where Bloomberg’s controversial story about Super Micro won in the “most overhyped bug” category.
    Read More
  • Aug 9, 2019 | Engadget

    New DoS attack exploits algorithms to knock sites offline [Black Hat USA 2019]

    The exploit was detailed at the Black Hat cybersecurity conference in Las Vegas by Nathan Hauke and David Renardy security company Two Six Labs, as reported by Wired.
    Read More
  • Aug 9, 2019 | International Business Times

    A Simple Text Message Can Put iPhone Users At Risk, Project Zero Reports [Black Hat USA 2019]

    Natalie Silvanovich, a Google Project Zero researcher, unveiled a presentation Wednesday on how hackers will be able to break into iPhone users’ data through a simple text message. The presentation was done in a Black Hat security conference held in Las Vegas.
    Read More
  • Aug 9, 2019 | TechCentral.ie

    Why security culture needs to change [Black Hat USA 2019]

    In a Black Hat conference keynote heralded by rock concert lighting and sound effects, a security engineer from Square told a packed arena in Las Vegas that culture is a key lever to automate security in an organisation.
    Read More
  • Aug 9, 2019 | PCMag

    Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage [Black Hat USA 2019]

    Instead of thinking of Russia and its myriad intelligence agencies as a single, monolithic entity, we need to view it as a collection of individual groups that are often at odds with each other, Zenz explained here at Black Hat. Unfortunately, that chaos is bad for US, too.
    Read More
  • Aug 9, 2019 | ZDNet

    Phishing emails: Here's why we are still getting caught out after all these years [Black Hat USA 2019]

    In a talk at the Black Hat 2019 security conference Google security researcher Elie Bursztein and University of Florida professor Daniela Oliveira detailed why these social engineering attacks remain effective, even though they have been around for decades
    Read More
  • Aug 9, 2019 | Fast Company

    We keep falling for phishing emails, and Google just revealed why [Black Hat USA 2019]

    At a briefing Wednesday evening at the Black Hat security conference in Las Vegas, Google security researcher Elie Bursztein and University of Florida security professor Daniela Oliveira shared that and other insights about the business of coaxing people into giving up their usernames and passwords.
    Read More
  • Aug 9, 2019 | Federal Times

    How technologists in government could shape better tech policy [Black Hat USA 2019]

    The resounding message out of BSides Las Vegas and Black Hat — two information security conferences that took place the week of Aug. 5 — is that government is falling far short in the technology space.
    Read More
  • Aug 9, 2019 | The Daily Swig

    Early warning: Website defacement alert utility debuts in the desert [Black Hat USA 2019]

    A tool that provides an automatic warning about web site defacements was among the range of utilities released during the Black Hat Arsenal sessions this week.
    Read More
  • Aug 9, 2019 | PCMag

    Detecting Deepfakes May Mean Reading Lips [Black Hat USA 2019]

    At Black Hat here, ZeroFox researchers presented their techniques for identifying deepfake videos. CTO Mike Price ran through the history of deepfakes and outliend the process used to create them. ZeroFox Principal Research Engineer Matt Price (no relation) then ran through the available detection tools, and their respective drawbacks, before introducing his own.
    Read More
  • Aug 9, 2019 | The Mac Observer

    Apple Offers New Bug Bounty of up to $1.5 Million [Black Hat USA 2019]

    Apple will now offer bug bounty payouts for vulnerabilities found in macOS, watchOS, tvOS, iPadOS, and iCloud. Its head of security engineering and architecture, Ivan Krstic, laid out the plans at the Black Hat conference.
    Read More
  • Aug 9, 2019 | Mashable India

    WhatsApp Security Flaw Could Let Hackers Manipulate Messages [Black Hat USA 2019]

    The flaw was revealed at the Black Hat conference, and to make matters worse it seems that Facebook was informed about the vulnerability over a year ago but has failed to patch it.
    Read More
  • Aug 9, 2019 | TechRadar

    Hackers can alter WhatsApp chats to show fake information [Black Hat USA 2019]

    The flaw, published at the Black Hat security conference in Las Vegas, could affect both private and public chats, potentially leading to the spread of false information or "fake news" by what were thought to be trusted sources.
    Read More
  • Aug 9, 2019 | ZDNet

    Microsoft names top security researchers, zero-day contributors [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas, Microsoft announced the top security researchers and enterprise partners who contributed the most vulnerability and zero-day reports affecting the company's products.
    Read More
  • Aug 9, 2019 | Cyberscoop

    NSA's reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy [Black Hat USA 2019]

    In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday.
    Read More
  • Aug 9, 2019 | TechCrunch

    The Russians are coming! The Russians are … complicated! [Black Hat USA 2019]

    Of course it’s nothing of the sort. Instead it is a complex, seething, tiered morass of many figures and institutions, often incentivized against one another, in a time of profound and rapid change. Today I attended a Black Hat talk by Kimberley Zenz, who opened with a plea for nuanced consideration of Russia and Russian activities. She’s right, of course, but sadly the internet tends to be where nuance goes to die.
    Read More
  • Aug 9, 2019 | The Register

    Talk about unintended consequences: GDPR is an identity thief's dream ticket to Europeans' data [Black Hat USA 2019]

    In a presentation at the Black Hat security conference in Las Vegas James Pavur, a PhD student at Oxford University who usually specialises in satellite hacking, explained how he was able to game the GDPR system to get all kinds of useful information on his fiancée, including credit card and social security numbers, passwords, and even her mother's maiden name.
    Read More
  • Aug 9, 2019 | The Register

    Who will save us from deepfakes? Other AIs? Humans? What about vastly hyperintelligent pandimensional beings? [Black Hat USA 2019]

    In a presentation at the Black Hat security conference in Las Vegas, data scientists examined various ways to identify deepfake videos – something that is going to become increasingly important as US elections approach in 2020.
    Read More
  • Aug 9, 2019 | The Register

    You can easily secure America's e-voting systems tomorrow. Use paper – Bruce Schneier [Black Hat USA 2019]

    “Paper ballots are almost 100 per cent reliable and provide a voter-verifiable paper trail,” he told your humble Reg vulture and other hacks at Black Hat in Las Vegas on Thursday. “This isn’t hard or controversial. We use then all the time in Minnesota, and you make your vote and it’s easily tabulated.”
    Read More
  • Aug 9, 2019 | ITPro Today

    Black Hat: Using Tech to Offset User Behavior Risks [Black Hat USA 2019]

    At Black Hat 2019, several sessions looked at the human factors in security, and offered suggestions on preventing people from making costly errors.
    Read More
  • Aug 9, 2019 | Forbes

    Black Hat USA 2019: IBM X-Force Red Reveals New 'Warshipping' Hack To Infiltrate Corporate Networks [Black Hat USA 2019]

    At the annual Black Hat cybersecurity conference happening this week in Las Vegas, Nevada, IBM’s X-Force Red presented in front of more than 19,000 security professionals from roughly 90 countries a new attack technique they’ve nicknamed "warshipping".
    Read More
  • Aug 9, 2019 | Help Net Security

    Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc [Black Hat USA 2019]

    Following the best practices of responsible disclosure, the research findings were shared with Siemens well in advance of the scheduled Black Hat USA 2019 presentation, allowing the manufacturer to prepare.
    Read More
  • Aug 9, 2019 | CBS News

    Apple offers $1 million reward to anyone who can hack an iPhone [Black Hat USA 2019]

    The bug bounty program, which previously offered rewards of up to $200,000 for finding problems in iOS devices, first launched in 2016. Apple head of security Ivan Krstić announced major changes to the program on stage at the Black Hat conference in Las Vegas Thursday, CNET reports.
    Read More
  • Aug 8, 2019 | Heise Online

    Pwnie Awards 2019: Even the press gets her fat away [Black Hat USA 2019]

    Like every year, the Pwnie Awards were held at the Black Hat conference in Las Vegas. They are almost the Oscars of the security scene and award spectacular failure as well as outstanding achievements around IT security.
    Read More
  • Aug 8, 2019 | Heise Online

    Boeing 787: Forscher dokumentiert Schwachstellen in Netzwerkkomponenten-Firmware [Black Hat USA 2019]

    Da der Sicherheitsexperte Rubens Santamarta nach eigener Auskunft unter Flugangst leidet, setzt er sich besonders gründlich mit der Sicherheit in der Luftfahrt auseinander. Wie der in den Diensten von IOActive stehende Forscher in einem Vortrag während der Black Hat 2019 in Las Vegas ausführte, brachte ihn eine Google-Suche im Herbst 2018 zu einem öffentlich zugänglichen Server von Boeing, auf dem sich diverse Firmware-Files fanden.
    Read More
  • Aug 8, 2019 | Heise Online

    Double threat: Chinese APT group spies on state and enriches itself [Black Hat USA 2019]

    At Black Hat, security company FireEye presented information on the spying and other activities of a newly identified APT group.
    Read More
  • Aug 8, 2019 | Inside Cybersecurity

    New NSS Labs analysis shows ‘technology suites’ can meet claims of enhanced protection [Black Hat USA 2019]

    Brvenik and Peter Armstrong of Munich Re Group are on a panel today here at Black Hat to discuss “Trendspotting through Cybersecurity Testing.
    Read More
  • Aug 8, 2019 | Inside Cybersecurity

    Commerce’s Friedman says ‘champions’ can promote software bill of materials, avoiding regulation [Black Hat USA 2019]

    The public-private initiative’s four working groups will discuss “baseline” SBOM drafts at a Sept. 5 meeting in Washington, DC, an important milestone, Friedman noted in a presentation Wednesday at the Black Hat conference here.
    Read More
  • Aug 8, 2019 | Inside Cybersecurity

    Leading figures offer ways to assess effectiveness of Trump’s aggressive cyber deterrence strategy [Black Hat USA 2019]

    The Trump strategy of “persistent engagement” is “the most significant policy change in 20 years,” said Columbia University’s Jason Healey, a prominent cyber strategist and policy voice. Healey and research partner Neil Jenkins of the Cyber Threat Alliance discussed their work today here at Black Hat.
    Read More
  • Aug 8, 2019 | Threatpost

    Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward [Black Hat USA 2019]

    The device manufacturer in a Thursday Black Hat USA 2019 session said it will open the historically private program to all researchers in the fall. In addition, it plans to drastically boost some rewards for vulnerabilities found in its devices – including a $1 million payout – and adding a much-wanted program for its Mac devices.
    Read More
  • Aug 8, 2019 | ComputerWorld.co.nz

    Black Hat keynote: Why security culture needs to change [Black Hat USA 2019]

    Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale
    Read More
  • Aug 8, 2019 | Threatpost

    Researchers Bypass Apple FaceID Using Biometrics ‘Achilles Heel’ [Black Hat USA 2019]

    Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim’s FaceID and log into their phone simply by putting a pair of modified glasses on their face. By merely placing tape carefully over the lenses of a pair glasses and placing them on the victim’s face the researchers demonstrated how they could bypass Apple’s FaceID in a specific scenario. The attack itself is difficult, given the bad actor would need to figure out how to put the glasses on an unconscious victim without waking them up.
    Read More
  • Aug 8, 2019 | PC Mag UK

    Google Researcher: The iPhone Is Not Exactly a Paragon of Security [Black Hat USA 2019]

    At Black Hat, a Google security researcher details numerous bugs in iMessage that could be exploited remotely without interaction from the victim.
    Read More
  • Aug 8, 2019 | Portswigger

    Researcher uses GDPR data transparency clause to obtain users’ sensitive information [Black Hat USA 2019]

    Presenting his research at Black Hat USA in Las Vegas earlier today, Pavur pulled focus on GDPR’s ‘right of access’ clause, which stipulates that individuals have the right to request a copy of all the information a company holds on them.
    Read More
  • Aug 8, 2019 | PCMag

    What Are the Rules of Engagement in a Cyberwar? [Black Hat USA 2019]

    When is it appropriate to respond to a cyberattack by launching missiles? At Black Hat, security expert Mikko Hypponen exhaustively explored the topic.
    Read More
  • Aug 8, 2019 | PCMag

    How Often Can One Program Infect Another? Let Us Count the Way [Black Hat USA 2019]

    At Black Hat, experts from SafeBreach report on the many different ways a malicious program could infect another process with its own code. Spoiler alert: it's a lot.
    Read More
  • Aug 8, 2019 | PCMag

    Apple Beefs UApple Beefs Up Its Bug Bounty Program With $1M Prizep Its Bug Bounty Program With $1M Prize [Black Hat USA 2019]

    Apple's macOS is inherently more secure than Windows or Android, but securing any operating system is a 24/7 operation, and at Black Hat, Ivan Krstic, Apple's Head of Security Engineering and Architecture, detailed three highly technical security accomplishments and added his own One More Thing.
    Read More
  • Aug 8, 2019 | PCMag

    Detecting Deepfakes May Mean Reading Lips [Black Hat USA 2019]

    At the Black Hat security conference, researchers evaluated the deepfake detection tools currently available and released their own mouth-centric deepfake detector.
    Read More
  • Aug 8, 2019 | PCMag

    5G Is the Future of Wireless, But It Has Weaknesses [Black Hat USA 2019]

    At Black Hat, a researcher shows how to identify devices connected to 5G base stations and modify what those devices can do on the network.
    Read More
  • Aug 8, 2019 | Threatpost

    Black Hat 2019: WhatsApp Users Still Open to Message Manipulation [Black Hat USA 2019]

    Researchers at Black Hat USA 2019 demoed how known vulnerabilities in WhatsApp could still be exploited in several attacks that manipulate chats.
    Read More
  • Aug 8, 2019 | 9to5 Mac

    Apple vastly expands security bounty program: higher payouts, ‘dev’ devices, Mac support [Black Hat USA 2019]

    After hearing rumors about Apple expanding its bug bounty program earlier this week along with expectations for the company to start giving out dev devices like iPhones to security researchers, Apple has confirmed at the Black Hat conference today a vast expansion to its bounty program along with opening it up to all.
    Read More
  • Aug 8, 2019 | Apple Insider

    Apple's expanded bug bounty program covers all operating systems, payouts up to $1M, special iPhones, more [Black Hat USA 2019]

    Rumored in a report on Monday and announced during the Black Hat conference by Apple's head of security engineering and architecture Ivan Krstic, the bug bounty system has been expanded to cover Apple's other operating systems. For the first time, Apple is defining levels of payments that will be provided to security researchers who disclose vulnerabilities they find in macOS, with similar schemes also created for other platforms, including watchOS and tvOS.
    Read More
  • Aug 8, 2019 | Digital Munition

    NSA’s reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy [Black Hat USA 2019]

    In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday.
    Read More
  • Aug 8, 2019 | Bloomberg

    Apple to Give Researchers Special iPhones to Up Its Security [Black Hat USA 2019]

    Ivan Krstic made the announcement in Las Vegas at the annual Black Hat security conference at the end of a 50-minute long presentation to discuss Apple’s security efforts for its hardware and software products. Apple has long positioned the security of its systems as a core tenet of its products.
    Read More
  • Aug 8, 2019 | Reuters

    Apple offers record 'bounty' to researchers who find iPhone security flaws [Black Hat USA 2019]

    At the annual Black Hat security conference in Las Vegas on Thursday, the company said it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called “bounties,” for the most significant findings.
    Read More
  • Aug 8, 2019 | Forbes

    Apple Confirms $1 Million Reward For Anyone Who Can Hack An iPhone [Black Hat USA 2019]

    As Forbes reported on Monday, Apple is also launching a Mac bug bounty, which was confirmed Thursday, but it's also extending it to watchOS and its Apple TV operating system. The announcements came in Las Vegas at the Black Hat conference, where Apple’s head of security engineering Ivan Krstić gave a talk on iOS and macOS security.
    Read More
  • Aug 8, 2019 | The Verge

    Apple extends its bug bounty program to cover macOS with $1 million in rewards [Black Hat USA 2019]

    Apple is finally rewarding security researchers for finding security flaws in macOS. At the Black Hat conference today, Apple announced that it is greatly expanding its existing bug bounty program to include macOS, tvOS, watchOS, and iCloud. It will include rewards of up to $1 million for a zero-click, full chain kernel code execution attack.
    Read More
  • Aug 8, 2019 | VentureBeat

    Apple adds Macs, Watches, and Apple TVs to $1 million bug bounty program [Black Hat USA 2019]

    The news went public today at the annual Black Hat security conference in Las Vegas (via TechCrunch), where lead Apple security developer Ivan Krstić disclosed key updates to the bug bounty program. Apple will now pay $1 million for a deadly serious exploit — a zero-click attack that enables complete, persistent control of an iPhone’s kernel with nothing more than knowledge of the device’s phone number — up from a peak of $200,000 before. Less serious exploits will qualify for smaller amounts.
    Read More
  • Aug 8, 2019 | MSPower User

    Azure to improve security with enhanced access control experience [Black Hat USA 2019]

    Microsoft announced that they are doubling down on Azure security at their recent Black Hat conference in Las Vegas.
    Read More
  • Aug 8, 2019 | BGR

    Google researcher details iOS exploit that can take over an iPhone with a text message [Black Hat USA 2019]

    That notwithstanding, security researchers from Google’s Project Zero team recently divulged a sophisticated exploit that would allow a malicious actor to take control of a targeted device with no interaction required from the device owner at all. As Google researcher Natalie Silvanovich detailed during a presentation at the Black Hat security conference this week, there are a handful of iOS 12 exploits — which have since been patched by Apple with iOS 12.4 — that can let a third-party gain full control of a device simply by sending over a text message.
    Read More
  • Aug 8, 2019 | Cisco Newsroom

    Rebels with a cause: Hacking for good [Black Hat USA 2019]

    In an invite-only session at the Black Hat USA 2019 conference sponsored by Cisco and Duo Security Joseph Menn, author of the new bestseller "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World, talked to a panel of hackers on how they first got involved and why hacking can be a good thing.
    Read More
  • Aug 8, 2019 | 7th Space

    Tel Aviv U and Technion researchers wrest control of one of world's most secure PLCs [Black Hat USA 2019]

    The team is slated to present their findings at Black Hat USA week in Las Vegas this month, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7.
    Read More
  • Aug 8, 2019 | Daily Tech News Show

    BATTERY RIGHTS MANAGEMENT – DTNS 3591 [Black Hat USA 2019]

    At Black Hat, Researchers from security firm Checkpoint demonstrated an exploit of WhatsApp that would let an attacker alter text in a quoted message to change what a person appeared to write. Early results from a study by Apple, Eli Lilly and Evidation Health found that data from an iPhone, an Apple Watch, and a Beddit sleep monitor, differentiated patients with mild Alzheimer’s disease dementia from those without symptoms.
    Read More
  • Aug 8, 2019 | Data Insider

    Hacking for the Greater Good Has Never Been Easier [Black Hat USA 2019]

    Experts on a panel at Black Hat stressed Wednesday that there's never been a greater need for hackers and public interest technologists to foster a safe digital society.
    Read More
  • Aug 8, 2019 | Security Affairs

    WhatsApp flaws allow the attackers to manipulate conversations [Black Hat USA 2019]

    Vanunu explained at the Black Hat conference in Las Vegas, Nevada, that the vulnerabilities were responsibly disclosed in 2018, but remained exploitable for a long time.
    Read More
  • Aug 8, 2019 | Data Insider

    Using GDPR Subject Access Requests to Harvest Data [Black Hat USA 2019]

    In a talk at this year's Black Hat an Oxford University student explained how he used GDPR Access Requests and a Python script to steal a slew of sensitive information on another person.
    Read More
  • Aug 8, 2019 | PC Magazine

    What Are the Rules of Engagement in a Cyberwar? [Black Hat USA 2019]

    "The lines between real and virtual worlds are blurring fast," Mikko Hypponen, Chief Research Officer for Finnish security company F-Secure, said here at Black Hat. "Several governments have publicly stated that they reserve the right to respond to cyber attacks with kinetic force. Now we are seeing that happening for real."
    Read More
  • Aug 8, 2019 | ZDNet

    Apple expands bug bounty to macOS, raises bug rewards [Black Hat USA 2019]

    Speaking on stage at Black Hat today, Ivan Krstić, Apple's head of security, also announced a considerable increase in the rewards hackers are eligibe to make.
    Read More
  • Aug 8, 2019 | WIRED

    APPLE GIVES HACKERS A SPECIAL IPHONE—AND A BIGGER BUG BOUNTY [Black Hat USA 2019]

    At the Black Hat security conference Thursday, Apple's head of security engineering and architecture Ivan Krstić announced a broad revamping of the company's bug bounty program. It's now open to all researchers, rather than its current invite-only eligibility; includes not just iOS but MacOS and other Apple operating systems; and vastly increases the rewards for certain rare forms of attack, from $100,000 for physical access attacks to bypass an iPhone's lock screen to an unprecedented $1 million for a remote attack that can gain total, persistent control of a user's computer without any interaction on the victim's part.
    Read More
  • Aug 8, 2019 | PC Mag UK

    Security Researcher Says He Cracked 787 Airliner, But Boeing, FAA Disagree [Black Hat USA 2019]

    LAS VEGAS—The Black Hat security conference is no stranger to controversy, but it has been a while since a presentation elicited much pushback. That changed when a security researcher from IOActive presented what he says are vulnerabilities in the Boeing 787 Dreamliner that could be used for several different attacks. Boeing disputes the firm's findings and its disclosure process, highlighting the cracks between security researchers and the subjects of their work.
    Read More
  • Aug 8, 2019 | MacRumors

    Researchers Demonstrated Method for Bypassing 'Attention Aware' Feature on a Victim's iPhone Using Glasses and Tape [Black Hat USA 2019]

    During the Black Hat USA conference in Las Vegas, researchers demonstrated a Face ID bypass method that used glasses and tape to unlock and infiltrate the iPhone of an "unconscious" victim.
    Read More
  • Aug 8, 2019 | The Next Web

    Apple announces developer iPhones with root access for security research [Black Hat USA 2019]

    The company made the announcement at the Black Hat conference today, an update to the bug bounty program it launched three years ago. The deeper access should make researchers’ lives a lot easier, able to access deeper iOS functions without waiting for a jailbreak to be available for every update. Even though researchers won’t have quite the same level of access as Apple itself, it’s a huge step in the right direction – one that should make it easier to catch an increasing number of attacks on Apple‘s software.
    Read More
  • Aug 8, 2019 | Reuters

    Apple offers record 'bounty' to researchers who find iPhone security flaws [Black Hat USA 2019]

    At the annual Black Hat security conference in Las Vegas on Thursday, the company said it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called “bounties,” for the most significant findings.
    Read More
  • Aug 8, 2019 | The Cyber-Security source

    Black Hat 2019 keynote: Transformative change needed to improve cyber-security [Black Hat USA 2019]

    A transformative change in how security ops and devops staffs function is needed in order for organisations to get ahead of the curve combating cyber-security issues, said Square’s head of security Dino Dai Zovi during his Black Hat 2019 keynote address.
    Read More
  • Aug 8, 2019 | Infosecurity Magazine

    #BHUSA: Five Years of Google Project Zero Should Influence Similar Groups [Black Hat USA 2019]

    Speaking at Black Hat USA, Google Project Zero manager Ben Hawkes looked back at five years of the vulnerability research team and deemed the future success of the group to be focused on more groups forming.
    Read More
  • Aug 8, 2019 | Infosecurity Magazine

    #BHUSA Empathy is Key to Hiring and Retaining Women in Cybersecurity [Black Hat USA 2019]

    At Black Hat Las Vegas on August 08 2019, Rebecca Lynch of Duo Security gave a talk on hiring, and just as importantly retaining, women in the cybersecurity industry.
    Read More
  • Aug 8, 2019 | Infosecurity Magazine

    #BHUSA: How GDPR Can Help Attackers Steal Identities [Black Hat USA 2019]

    In a session at the Black Hat USA conference in Las Vegas, titled, "GDPArrrrr: Using Privacy Laws to Steal Identities", James Pavur, DPhil student and Rhodes Scholar at Oxford University, outlined how he was able to abuse a key component of the GDPR to get access to personally identifiable information for his fiance.
    Read More
  • Aug 8, 2019 | Threatpost

    Critical RCE Bug Found Lurking in Avaya VoIP Phones [Black Hat USA 2019]

    Researchers found the Avaya 9600 series IP Deskphone vulnerability in a piece of open source software that Avaya likely copied and modified 10 years ago. The same bug was reported in 2009, according to the analysis from McAfee shared with Threatpost at Black Hat 2019, “yet its presence in the phone’s firmware remained unnoticed until now.”
    Read More
  • Aug 8, 2019 | Threatpost

    Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says [Black Hat USA 2019]

    Speaking at Black Hat 2019 on Thursday, Doerr pointed out that supply-chain risk comes from four main areas: Hardware, software, services and people. All are important, but it’s the latter, he maintained, that should be the top focus.
    Read More
  • Aug 8, 2019 | Financial Times

    Facebook leaves flaw in WhatsApp unresolved for a year [Black Hat USA 2019]

    Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour. https://www.ft.com/content/3d106036-b981-11e9-8a88-aa6628ac896c Speaking at the Black Hat cyber security conference, Oded Vanunu, head of product vulnerability research at the security company, said Facebook blamed WhatsApp’s flaws on “limitations that can’t be solved due to their structure and architecture”.
    Read More
  • Aug 8, 2019 | The Next Web

    WhatsApp’s chat manipulation exploit remains unresolved even after a year (Updated) [Black Hat USA 2019]

    Details of the vulnerabilities were disclosed by Israeli cybersecurity firm Checkpoint Research at Black Hat 2019 security conference in Las Vegas on August 7.
    Read More
  • Aug 8, 2019 | PC Magazine

    How Often Can One Program Infect Another? Let Us Count the Ways [Black Hat USA 2019]

    Fast forward to the modern world, and the possibilities are more complex and numerous. At the Black Hat conference here, a pair of researchers from SafeBreach, which contracts to assess and mitigate security risks, unveiled an exhaustive survey of all the ways one program can inject code into another. Their session isn't until Thursday, but we caught up with them ahead of the briefing.
    Read More
  • Aug 8, 2019 | Digital Munition

    Wi-Fi-spying gizmos may lurk in future parcels – [Black Hat USA 2019]

    Black Hat IBM’s X-Force hacking team have come up with an interesting variation on wardriving – you know, when you cruise a neighborhood scouting for Wi-Fi networks. Well, why not try using the postal service instead, and called it “warshipping,” Big Blue’s eggheads suggested earlier today.
    Read More
  • Aug 8, 2019 | Security Boulevard

    Report Identifies 6 DevSecOps Pillars [Black Hat USA 2019]

    At the Black Hat USA conference, the DevSecOps Working Group of the Cloud Security Alliance (CSA) announced it has published a report identifying the six pillars on which any set of best DevSecOps processes should be based.
    Read More
  • Aug 8, 2019 | PC Mag India

    How Lab Mice Are Helping Detect Deepfakes [Black Hat USA 2019]

    Creating a convincing deepfake takes a lot of time and computing power, as does training computers to distinguish humans from deepfakes. At the Black Hat conference here, a cross-discipline team of researchers presented some novel ideas on how to manage the problem, looking specifically at the problem of generating voice audio that sounds human.
    Read More
  • Aug 8, 2019 | WIRED

    HIDDEN ALGORITHM FLAWS EXPOSE WEBSITES TO DOS ATTACKS [Black Hat USA 2019]

    Many websites and services rely on algorithms to transform data inputs into actions and results. But new research detailed Thursday at the Black Hat cybersecurity conference in Las Vegas shows how a small, seemingly innocuous input for an algorithm can cause it to do a huge amount of work—slowing a service down or crashing it entirely in the process, all with just a few bytes.
    Read More
  • Aug 8, 2019 | PC Magazine

    Bogus Satellite Nav Signals Send Autonomous Cars Off the Road [Black Hat USA 2019]

    At the Black Hat security conference, a researcher demonstrated how making tweaks to navigation signals could send a self-driving car careening off the road.
    Read More
  • Aug 8, 2019 | Hot Hardware

    WhatsApp Is Vulnerable To Hack That Could Allow Attackers To Put Words In Your Mouth [Black Hat USA 2019]

    Researchers at Checkpoint disclosed the a trio of attack vectors last year, explaining that they could enable a hacker to change a user's messages, change a sender's identity, and make private messages viewable to the public. One of those has been addressed, but two of the attack vectors still remain, as researchers recently demonstrated at the Black Hat USA 2019 conference in Las Vegas.
    Read More
  • Aug 8, 2019 | CNET

    Equifax's push to regain public trust calls on companies to work together [Black Hat USA 2019]

    At Black Hat, Equifax's chief information security officer talks about how companies need to collaborate on cybersecurity to win back public confidence.
    Read More
  • Aug 8, 2019 | PC Mag Australia

    The Evolution of Russia's Dark Web [Black Hat USA 2019]

    Ahead of releasing a report on the topic, Charity Wright, formerly with the NSA, and Ariel Ainhoren, Research Team Leader at IntSights, graciously summarized this evolution for us here at the Black Hat conference.
    Read More
  • Aug 8, 2019 | PC Mag Australia

    Security Researcher Says He Cracked 787 Airliner, But Boeing, FAA Disagree [Black Hat USA 2019]

    LAS VEGAS—The Black Hat security conference is no stranger to controversy, but it has been a while since a presentation elicited much pushback. That changed when a security researcher from IOActive presented what he says are vulnerabilities in the Boeing 787 Dreamliner that could be used for several different attacks. Boeing disputes the firm's findings and its disclosure process, highlighting the cracks between security researchers and the subjects of their work.
    Read More
  • Aug 8, 2019 | BBC

    Black Hat: GDPR privacy law exploited to reveal personal data [Black Hat USA 2019]

    University of Oxford-based researcher James Pavur has presented his findings at the Black Hat conference in Las Vegas.
    Read More
  • Aug 8, 2019 | Forbes

    WhatsApp Hack Attack Can Change Your Messages [Black Hat USA 2019]

    During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today.
    Read More
  • Aug 8, 2019 | The Register UK

    Ransomware attackers have gone from 'spray and pray' to 'slayin' prey' [Black Hat USA 2019]

    Black Hat Ransomware infections may be down, but only because attackers are getting better at targeting them.
    Read More
  • Aug 8, 2019 | India Times

    WhatsApp's New Security Vulnerability Can Allow Hackers To Change Messages In Your Chats [Black Hat USA 2019]

    On August 7th, in a briefing at the annual Black Hat security conference in Las Vegas, researchers from Israeli security company 'Check Point' shed light on WhatsApp's security vulnerabilities where one could hack the chat and change the text of a message as well as the identity of the sender.
    Read More
  • Aug 8, 2019 | Digital Munition

    Hack computers to steal someone’s identity in China? Why? You can just buy one from a bumpkin for, like, $3k [Black Hat USA 2019]

    Black Hat Black Hat founder Jeff Moss opened this year’s shindig in Las Vegas with tales of quite how odd the hacking culture in China is.
    Read More
  • Aug 8, 2019 | Fifth Domain

    Why North Korea is a different kind of cyberthreat [Black Hat USA 2019]

    LAS VEGAS — Security experts have come to expect certain behaviors from nation-state cyber actors — such as Russia, China and Iran — but North Korea stands apart, according to a speaker at Black Hat USA, a hacking conference held in Las Vegas Aug. 3-8.
    Read More
  • Aug 8, 2019 | India Times

    WhatsApp hack attack can change your messages, says Israeli security firm [Black Hat USA 2019]

    The hacking tool was revealed publicly during a briefing at the annual Black Hat security conference in Las Vegas on August 7, news magazine Forbes reported on Wednesday. However, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today.
    Read More
  • Aug 8, 2019 | The Mirror UK

    Terrifying WhatsApp flaw discovered that could let hackers edit your messages [Black Hat USA 2019]

    Cyber security researchers at Check Point Research demonstrated how the flaw could be exploited at the Black Hat cybersecurity conference in Las Vegas this week.
    Read More
  • Aug 8, 2019 | Daily Mail UK

    WhatsApp flaw could let hackers alter your quoted messages and change the words you appear to have sent to your friends [Black Hat USA 2019]

    Their team detailed the hack at the Black Hat cyber-security conference in Las Vegas, attended by other experts who also uncover vulnerabilities in popular software.
    Read More
  • Aug 8, 2019 | Times of Israel

    Researchers wrest control of one of world’s most secure industrial controllers [Black Hat USA 2019]

    Details of the attack will be presented on Thursday at the Black Hat Conference in Las Vegas.
    Read More
  • Aug 8, 2019 | The Mac Observer

    Researchers Spoof Face ID Using Tape and Glasses [Black Hat USA 2019]

    During the Black Hat 2019 conference, researchers demonstrated a way to spoof Face ID using nothing more than glasses and tape.
    Read More
  • Aug 8, 2019 | Silicon Republic

    Cyberattackers can change and manipulate your WhatsApp messages [Black Hat USA 2019]

    Israeli security firm Check Point revealed in a briefing at the annual Black Hat security conference in Las Vegas, Nevada, that WhatsApp messages can be manipulated to change the content of a message and even the identity of the sender.
    Read More
  • Aug 8, 2019 | Daily Mail UK

    Code leak in a Boeing 787 Dreamliner reveals security flaw which could allow hackers to access flight controls, expert claims [Black Hat USA 2019]

    Ruben Santamarta, a consultant with cyber security firm IOActive, is scheduled to explain his method at this week's Black Hat hacking conference in Las Vegas.
    Read More
  • Aug 8, 2019 | MSPower User

    iMessage bug lets you get hacked with just one message [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas, Google Project Zero researcher Natalie Silvanovich demonstrated interactionless bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device.
    Read More
  • Aug 8, 2019 | Dark Reading

    Black Hat 2019: Security Culture Is Everyone's Culture [Black Hat USA 2019]

    In his Black Hat USA keynote, Square's Dino Dai Zovi discussed lessons learned throughout his cybersecurity career and why culture trumps strategy.
    Read More
  • Aug 8, 2019 | Decipher

    PROJECT ZERO WANTS YOU TO HELP MAKE 0-DAY HARD [Black Hat USA 2019]

    “Good defense requires a detailed knowledge of offense. We approach vulnerability research the way that an attacker does,” Hawkes said during a talk at the Black Hat USA conference here Thursday.
    Read More
  • Aug 8, 2019 | iMore

    Researchers allegedly bypass Apple's Face ID using modified glasses [Black Hat USA 2019]

    Researchers presenting at the 2019 Black Hat conference have revealed a possible flaw with facial biometrics, including Apple's Face ID. The exploit, however, isn't especially easy to pull off.
    Read More
  • Aug 8, 2019 | Dark Reading

    Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find [Black Hat USA 2019]

    Security researchers who built a phony engineering workstation that was able to dupe — and alter — operations of the Siemens S7 programmable logic controller (PLC) found that modern S7 PLC families running the same firmware also share the same public cryptographic key, leaving the devices vulnerable to attacks like the ones they simulated.
    Read More
  • Aug 8, 2019 | The Daily Swig

    Communication placed front and center during Black Hat 2019 opening sessions [Black Hat USA 2019]

    During his opening remarks at the Mandalay Bay Events Center, Black Hat and DEF CON founder Jeff Moss underlined the importance of communication – not just within the security community, but also in terms of how CISOs, pen testers, and network defenders communicate with those outside of the industry.
    Read More
  • Aug 8, 2019 | The Daily Swig

    Evading antivirus with AVET [Black Hat USA 2019]

    “In general, AV evasion works most of the time,” Sauder told The Daily Swig ahead of this year’s Black Hat USA conference, where he demonstrated his multifaceted tool on the Arsenal track.
    Read More
  • Aug 8, 2019 | Help Net Security

    AttackSurfaceMapper automates the reconnaissance process [Black Hat USA 2019]

    Georgiou and Wilkin are demonstrating the tool at the Black Hat USA 2019 Arsenal and at DEFCON (the Recon Village).
    Read More
  • Aug 8, 2019 | Dark Reading

    How Behavioral Data Shaped a Security Training Makeover [Black Hat USA 2019]

    "When you think about the ways how you could lower that number, the first thing that comes to mind is training," said Aika Sengirbay, current security awareness program manager at Airbnb and former senior security engagement specialist at Autodesk, in the Black Hat briefing "It's Not What You Know, It's What You Do: How Data Can Shape Security Engagement."
    Read More
  • Aug 8, 2019 | WIRED

    HOW APPLE PAY BUTTONS CAN MAKE WEBSITES LESS SAFE [Black Hat USA 2019]

    APPLE PAY HAS a slew of protective features that make it a secure method of online credit card transactions. And since 2016, third-party merchants and services have been able to embed Apple Pay into their websites and offer it as a payment option. But at the Black Hat security conference in Las Vegas on Thursday, one researcher is presenting findings that this integration inadvertently introduces vulnerabilities that could expose the host website to attack.
    Read More
  • Aug 8, 2019 | CSO

    Black Hat keynote: Why security culture needs to change [Black Hat USA 2019]

    Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale
    Read More
  • Aug 8, 2019 | InCyberDefense

    WhatsApp Hack Attack Can Change Your Messages [Black Hat USA 2019]

    During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today.
    Read More
  • Aug 8, 2019 | Axios

    Codebook, Thursday, August 8 [Black Hat USA 2019]

    Ghidra also netted the NSA two nominations for "Pwnie" awards at the typically NSA-adverse Black Hat cybersecurity conference this week.
    Read More
  • Aug 8, 2019 | Fifth Domain

    How uncertainty in the cyber domain changes war [Black Hat USA 2019]

    “It’s very easy to say these things; it’s much more different to do these things,” Mikko Hypponen, chief research officer of Finnish cybersecurity and privacy company F-Secure, said at Black Hat USA, a hacker conference in Las Vegas running Aug. 3-8. “The reason why it’s so hard is basically one word: attribution.”
    Read More
  • Aug 8, 2019 | Bradley Barth

    Selling zero-days to governments takes some business savvy, says former bug broker [Black Hat USA 2019]

    Not all researchers are comfortable with the ethics of selling the zero-day vulnerabilities they’ve discovered to governments and offensive security companies. But those who do seek profit beyond that of a traditional bug bounty reward will require a fair share of business savvy to seal the deal, according to former vulnerability broker Maor Shwartz, in a Black Hat presentation yesterday that offered a unique inside glimpse into the zero-day economy.
    Read More
  • Aug 8, 2019 | Joan Goodchild

    Black Hat 2019: Software Businesses Need a Different Security Approach [Black Hat USA 2019]

    That was the message coming out of Black Hat 2019 in Las Vegas as security professionals convened for a multi-day event with sessions on fresh research and insights for the community. Organizers predicted the event, in its 23rd year, would exceed 19,000 attendees from around the world this year.
    Read More
  • Aug 8, 2019 | The Daily Swig

    Eyeballer: AI utility scours website screenshots for bug bounty candidates [Black Hat USA 2019]

    “Having AI that can identify ‘old-looking’ websites has proven to be very useful,” they concluded. Petro and Stroy unveiled the tool during an Arsenal session of the Black Hat conference in Las Vegas earlier today (August 8).
    Read More
  • Aug 8, 2019 | The Register

    Pwn an iPhone to bank $1m and Check Point gripes about WhatsApp privacy again [Black Hat USA 2019]

    Apple's security engineering boss Ivan Krstić told Black Hat attendees that Cupertino is expanding its bug-bounty program in various ways. For instance, it will now cover macOS, WatchOS, and Apple TV, whereas previously it was only interested in coughing up cash for details of iOS vulnerabilities.
    Read More
  • Aug 8, 2019 | Security Boulevard

    Live From Black Hat USA: The Inevitable Marriage of DevOps & Security [Black Hat USA 2019]

    During her briefing with Kelly Shortridge, vice president of product strategy at Capsule8, Dr. Nicole Forsgren, research and strategy at Google, did a beautiful job of adding imagery to the story she told of the attendee reactions during the now-famous talk Paul Hammond and John Allspaw gave at Velocity in 2009. If you’re not familiar, the title of said talk was, “10 Deploys Per Day: Dev & Ops Cooperation at Flickr.”
    Read More
  • Aug 8, 2019 | Channel Futures

    Black Hat: Lessons Learned from the Equifax Data Breach [Black Hat USA 2019]

    That’s according to Jamil Farshchi, Equifax’s chief information security officer, who spoke during this week’s Black Hat USA 2019 conference in Las Vegas. He joined Equifax after it suffered a massive data breach, which resulted in unauthorized access to the personal information of nearly 44% of the U.S. population.
    Read More
  • Aug 8, 2019 | Channel Futures

    Black Hat: Lessons Learned from the Equifax Data Breach [Black Hat USA 2019]

    That’s according to Jamil Farshchi, Equifax’s chief information security officer, who spoke during this week’s Black Hat USA 2019 conference in Las Vegas. He joined Equifax after it suffered a massive data breach, which resulted in unauthorized access to the personal information of nearly 44% of the U.S. population.
    Read More
  • Aug 8, 2019 | CNET

    Apple opens up hacker-friendly iPhone to researchers at Black Hat [Black Hat USA 2019]

    Apple's head of security, Ivan Krstic, unveiled the new program at Black Hat, a cybersecurity conference in Las Vegas. These iPhones aren't the same as the ones you can buy in a store. They're specifically coded for developers who want to poke around iOS and Apple's hardware to find security flaws.
    Read More
  • Aug 8, 2019 | WIRED

    13-Year-Old Encryption Bugs Still Haunt Apps and IoT [Black Hat USA 2019]

    Hackers try to find novel ways to circumvent or under­mine data encryption schemes all the time. But at the Black Hat security conference in Las Vegas on Wednesday, Purdue University researcher Sze Yiu Chau has a warning for the security community about a different threat to encryption: Vulnerabilities that were discovered more than a decade ago still very much persist today.
    Read More
  • Aug 8, 2019 | Washington Post

    The Cybersecurity 202: Hackers are going after medical devices — and manufacturers are helping them [Black Hat USA 2019]

    That marks a massive shift since 2011, when cybersecurity researcher Jay Radcliffe first demonstrated how he could hack his own implantable insulin pump at Def Con's sister conference Black Hat.
    Read More
  • Aug 8, 2019 | Politico

    From Vegas: a scoop, zero-days and cyber weapons [Black Hat USA 2019]

    Security researchers who want to sell a zero-day vulnerability to a company should look for one with an in-house security team, because “they will understand the value of it and be willing to pay more,” zero-day broker Maor Shwartz said during a candid presentation Wednesday at Black Hat in Vegas.
    Read More
  • Aug 8, 2019 | The Daily Swig

    Microsoft recognizes top-tier security researchers at Black Hat 2019 [Black Hat USA 2019]

    At Black Hat USA this week, Microsoft named Yuki Chen as its Most Valuable Security Researcher for 2018-19. Chen (@guhe120), a researcher at Chinese security firm Qihoo 360, topped a list of 75 hackers, who were ranked by both the frequency and quality of bugs reported through Microsoft’s Coordinated Vulnerability Disclosure program.
    Read More
  • Aug 8, 2019 | CRN

    12 Most Exciting Cybersecurity Technologies To Watch At Black Hat 2019 [Black Hat USA 2019]

    CRN asks 12 executives, sales and technical leaders attending Black Hat 2019 which cybersecurity technologies they're most excited to see come to fruition and how customers and solution providers will benefit.
    Read More
  • Aug 8, 2019 | Forbes

    Black Hat USA 2019: Apple iOS New Flaws Let Hackers Break Into Any iPhones -- Users Must Update Now [Black Hat USA 2019]

    The sheer number of critical security vulnerabilities revealed at the Black Hat USA 2019 conference, happening this week in Las Vegas, Nevada, is becoming overwhelming.
    Read More
  • Aug 7, 2019 | Tom's Guide

    WhatsApp Hackers Can Manipulate Your Messages: Here's How [Black Hat USA 2019]

    WhatsApp messages can be manipulated to add fake quotations from other WhatsApp users, to alter the quoted text of real replies, and to send secret messages to individuals within group chats, two Israeli researchers revealed Wednesday (Aug. 7) at the Black Hat conference here.
    Read More
  • Aug 7, 2019 | HelpNet Security

    SWAPGS Attack: A new Spectre haunts machines with Intel CPUs [Black Hat USA 2019]

    Bitdefender is scheduled to present their findings at Black Hat USA 2019.
    Read More
  • Aug 7, 2019 | CNET

    Hackers want you to be happy. People in a good mood are easier to trick, research says [Black Hat USA 2019]

    UF Professor Daniela Oliveira, who led the study along with Dr. Natalie Ebner, presented the research at the Black Hat cybersecurity conference in Las Vegas on Wednesday. Oliveira was joined by Elie Burszstein, who leads Google's anti-abuse research team.
    Read More
  • Aug 7, 2019 | Forbes

    WhatsApp Hack Attack Changes Your Messages, And Facebook Doesn't Seem To Care [Black Hat USA 2019]

    During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today.
    Read More
  • Aug 7, 2019 | BBC News

    WhatsApp flaw 'puts words in your mouth' [Black Hat USA 2019]

    The tool was demonstrated at Black Hat, a cyber-security conference in Las Vegas, as a follow up to a research paper published by Checkpoint last year.
    Read More
  • Aug 7, 2019 | Portswigger

    The service worker hiding in your browser [Black Hat USA 2019]

    Red teamers looking for creative ways to put ‘pseudo’ backdoors into browsers should turn their attention to service workers, following the release of a new exploitation kit at Black Hat USA.
    Read More
  • Aug 7, 2019 | Help Net Security

    What’s cybercriminals’ most effective weapon in a ransomware attack? [Black Hat USA 2019]

    The 2019 Spotlight Report on Ransomware is based on observations and data from the 2019 Black Hat Edition of the Attacker Behavior Industry Report, which reveals behaviors and trends in networks from a sample of over 350 opt-in Vectra customers. The Attacker Behavior Industry Report provides statistical data on the behaviors motivated attackers use to blend in with existing network traffic behaviors and mask their malicious actions.
    Read More
  • Aug 7, 2019 | Decipher

    ILL COMMUNICATION: IMPROVING SECURITY BY TALKING IT OUT [Black Hat USA 2019]

    “Communication is just transmitting information between humans. Risks are shared. If you can reinforce that security is everyone’s job, you can move toward a more generative culture,” Dino Dai Zovi, mobile security lead at Square, sad during his keynote speech at the Black Hat USA conference here Wednesday.
    Read More
  • Aug 7, 2019 | Infosecurity Magazine

    #BHUSA Need For Technologists to Be Recognized and Empowered [Black Hat USA 2019]

    In a panel at Black Hat USA, cryptographer Bruce Schneier; Camille Francois, research and analysis director at Graphika and fellow at Harvard Law School Berkman Center; and Eva Galperin, director of cybersecurity at the EFF, talked about the benefits of technologists to society.
    Read More
  • Aug 7, 2019 | VentureBeat

    Linux security startup Capsule8 raises approximately $6.5 million led by Intel Capital [Black Hat USA 2019]

    This week, Capsule8 executives will lead several sessions at the Black Hat USA 2019 security conference in Las Vegas. Capsule8 vice president (and Pwnie Award judge) Kelly Shortridge spoke at the CISO Summit and will team with Nicole Forsgren, research and strategy expert at Google Cloud, to present “Controlled Chaos: The Inevitable Marriage of DevOps and Security” on Wednesday, August 7 at 4 p.m. Pacific time. Additionally, Capsule8 chief scientist Brandon Edwards and research scientist Nick Freeman will explore “A Compendium of Container Escapes” on Thursday, August 8 at 3:50 p.m.
    Read More
  • Aug 7, 2019 | Threatpost

    Black Hat 2019: Ethical Hackers Must Protect Digital Human Rights [Black Hat USA 2019]

    At a time when technology is being utilized for human-rights abuses, the security space needs to turn its focus to public interest defense technology, security stalwarts urged during Black Hat USA 2019.
    Read More
  • Aug 7, 2019 | NEWSHEATER

    SYMANTEC CORPORATION (SYMC) SHARES DROP -1.10% TO -$0.22 IN EARLY TRADING HOURS: IS IT GOOD TIME TO BUY? [Black Hat USA 2019]

    The Symantec Corporation (NASDAQ:SYMC) is going down by -1.10% in today’s trading session, a fall equivalent to -0.22% of the stock’s price from yesterday’s market close. A news came out on 08/01/19 stating that Symantec Presents on DEF CON 27 Main Stage and Hosts Live-Hacking Demo at Black Hat USA 2019 by WSJ. The lowest point that the shares touched during the trading session was $20.095, while the peak of the day was recorded at a share price of $20.67. SYMC finished the previous session at $20.46 according to the data provided by Barchart, while the trading volume was observed to be $2,161,832.
    Read More
  • Aug 7, 2019 | Infosecurity Magazine

    IBM's Warshipping Attacks Wi-Fi Networks From Afar [Black Hat USA 2019]

    Speaking at Black Hat USA, IBM researchers explained how they used off-the-shelf components costing under $100 to create a single-board computer with Wi-Fi and 3G capability. This enables it to connect to a Wi-Fi network to harvest data locally and then send it to a remote location using its cellular connection. The small device runs on a cell phone battery and easily fits into a small package.
    Read More
  • Aug 7, 2019 | Pulse2

    Ann Arbor-Based Censys Unveils Enterprise-Level Attack Surface Management Software Platform [Black Hat USA 2019]

    Censys is premiering the upcoming launch of its new enterprise-level attack surface management software platform at the Black Hat USA 2019 conference
    Read More
  • Aug 7, 2019 | Infosecurity Magazine

    #BHUSA Jeff Moss Talks of Need to be Better Communicators [Black Hat USA 2019]

    Opening Black Hat USA’s keynote, founder Jeff Moss talked of the need to focus on better communication, and look at “how we communicate and what we talk about.”
    Read More
  • Aug 7, 2019 | The Register UK

    Hack-age delivery! Wardialing, wardriving... Now warshipping: Wi-Fi-spying gizmos may lurk in future parcels [Black Hat USA 2019]

    "Think of the volume of boxes moving through a corporate mailroom daily," said Charles Henderson of IBM X-Force Red on Wednesday, just in time for this year's Black Hat USA conference in Las Vegas. "Or consider the packages dropped off on the porch of a CEO's home, sitting within range of their home Wi-Fi. Using warshipping, X-Force Red was able to infiltrate corporate networks undetected."
    Read More
  • Aug 7, 2019 |

    Linux security startup Capsule8 raises approximately $6.5 million led by Intel Capital [Black Hat USA 2019]

    This week, Capsule8 executives will lead several sessions at the Black Hat USA 2019 security conference in Las Vegas. Capsule8 vice president (and Pwnie Award judge) Kelly Shortridge spoke at the CISO Summit and will team with Nicole Forsgren, research and strategy expert at Google Cloud, to present “Controlled Chaos: The Inevitable Marriage of DevOps and Security” on Wednesday, August 7 at 4 p.m. Pacific time. Additionally, Capsule8 chief scientist Brandon Edwards and research scientist Nick Freeman will explore “A Compendium of Container Escapes” on Thursday, August 8 at 3:50 p.m.
    Read More
  • Aug 7, 2019 | TechRadar.pro

    Fancy Bear hackers used IoT devices to hack corporate networks [Black Hat USA 2019]

    Fortunately Microsoft was able to block these attacks in their early stages but this means that it investigators won't be able to determine exactly what Fancy Bear was attempting to steal from the compromised networks. The company will reveal additional details regarding Fancy Bear's activities online at this year's Black Hat USA security conference.
    Read More
  • Aug 7, 2019 | ITZA Goal 365

    QualPwn is a new exploit for Qualcomm Snapdragon chips, here’s what you need to know [Black Hat USA 2019]

    We don’t have all the details about how this would happen or how easy it would be, but those are coming during Tencent Blade’s Black Hat 2019 and DEFCON 27 presentations.
    Read More
  • Aug 7, 2019 | Threatpost

    Black Hat: LeapFrog Tablet Flaws Let Attackers Track, Message Kids [Black Hat USA 2019]

    The LeapPad Ultimate is a rugged tablet made by LeapFrog that targets children with an array of education, game and eBook apps. Researchers, who disclosed the flaws at Black Hat 2019 on Wednesday, said the tablet has a number of security issues opening the door to a slew of malicious activities by an adversary. Those include allowing bad actors to track the devices, send messages to children or launch man-in-the-middle attacks.
    Read More
  • Aug 7, 2019 | The Cyberwire

    Daily briefing. [Black Hat USA 2019]

    We're in Las Vegas at Black Hat this week. Here are some of the stories that have caught our eye.
    Read More
  • Aug 7, 2019 | WIRED

    HACKERS CAN BREAK INTO AN IPHONE JUST BY SENDING A TEXT [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas on Wednesday, Google Project Zero researcher Natalie Silvanovich is presenting multiple so-called “interaction-less” bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device. And while Apple has already patched five of them, a few have yet to be patched.
    Read More
  • Aug 7, 2019 | Threatpost

    Black Hat 2019: Security’s Powerful Cultural Transformation [Black Hat USA 2019]

    “Start with yes.'” That’s the advice to security teams from Dino Dai Zovi, mobile security lead at Square, giving the keynote on Wednesday at the 23rd annual Black Hat conference in Las Vegas.
    Read More
  • Aug 7, 2019 | Infosecurity Magazine

    #BHUSA Keynote Encourages Positivity and Collaboration [Black Hat USA 2019]

    Speaking in the opening keynote at Black Hat USA, Dino Dai Zovi, researcher and head of security for the cash app at Square, talked about security teams acknowledging developers and vice versa.
    Read More
  • Aug 7, 2019 | Dark Reading

    Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says [Black Hat USA 2019]

    Las Vegas – IOActive industrial cybersecurity expert Ruben Santamarta last fall discovered an Internet-exposed Boeing Co. server housing firmware specifications for the aviation manufacturer's 787 and 737 airplane networks.
    Read More
  • Aug 7, 2019 | Threatpost

    Black Hat 2019: Microsoft Protocol Flaw Leaves Azure Users Open to Attack [Black Hat USA 2019]

    At Black Hat USA 2019, researchers showed how a previously-disclosed flaw on Windows systems that could allow arbitrary code execution could also impact Hyper-V.
    Read More
  • Aug 7, 2019 | BleepingComputer

    Microsoft Ignored RDP Vulnerability Until it Affected Hyper-V [Black Hat USA 2019]

    Details about the attack and the underlying flaw that enabled it are presented at the Black Hat USA security conference where Itkin and Dana Baril, security software engineer at Microsoft, talk from the perspective of both an attacker and a defender.
    Read More
  • Aug 7, 2019 | Threatpost

    Security Vulnerabilities Are Increasingly Putting Kids at Risk [Black Hat USA 2019]

    The latest example of this fear was seen at Black Hat 2019, where serious vulnerabilities were disclosed in LeapFrog’s tablet for kids, the LeapPad Ultimate. Erez Yalon, director of security research at Checkmarx, who disclosed the flaws at Black Hat 2019 on Wednesday, said the tablet has a number of security issues opening the door to a slew of malicious activities by an adversary. Those include allowing bad actors to track the devices, send messages to children or launch man-in-the-middle attacks.
    Read More
  • Aug 7, 2019 | HelpNet Security

    Tenable unveils new product innovations in Tenable.sc and Tenable.io [Black Hat USA 2019]

    Tenable, the Cyber Exposure company, announced at Black Hat USA 2019 new product innovations in Tenable.sc (formerly SecurityCenter) and Tenable.io to continuously discover and assess known and unknown assets across on-premises and cloud environments from a single platform at no extra charge.
    Read More
  • Aug 7, 2019 | Dark Reading

    Researchers Show Vulnerabilities in Facial Recognition [Black Hat USA 2019]

    Researchers Yu Chen, Bin Ma, and Zhuo (HC) Ma of Tencent Security's Zuanwu Lab were scheduled to speak here at Black Hat USA, but Visa denials left HC Ma alone on the stage. He said his colleagues had begun the research to find out how biometric authentication was being implemented and, specifically, how the routines designed to separate a living human from a photo or other fake were put into practice.
    Read More
  • Aug 7, 2019 | Inside Cybersecurity

    Black Hat keynoter: If cybersecurity is everyone’s job, what’s the security team’s job? [Black Hat USA 2019]

    Black Hat kicked off here with a keynote by Dino Dai Zovi -- the mobile security lead at Square -- and with a record 20,000 participants expected to attend the two-day conference.
    Read More
  • Aug 7, 2019 | ITPro Today

    Black Hat 2019: Deepfakes Require a Rethink of Incident Response [Black Hat USA 2019]

    Two sessions at this year’s Black Hat event here in Las Vegas dive into the issue and offer insights on how deepfakes are created, and also highlight advances in technology that can possibly be used to detect the videos. Titled "Detecting deepfakes with Mice" and "Playing Offense and Defense with deepfakes," the sessions’ place on the agenda solidify that this is an issue for the security department to pay attention to as more criminals use deepfakes in social engineering attacks.
    Read More
  • Aug 7, 2019 | Portswigger

    Ancient technique tears a hole through modern web stacks at Black Hat 2019 [Black Hat USA 2019]

    Presenting at Black Hat USA today, the PortSwigger Web Security researcher demonstrated how isolated HTTP requests can be exploited to poison web caches and desynchronize entire systems – including those belonging to major companies such as PayPal and Red Hat.
    Read More
  • Aug 7, 2019 | Patently Apple

    Microsoft and Apple Level up Star Hacker Bug Bounties [Black Hat USA 2019]

    The iPhones will be given to the rock star hackers that participate in the Cupertino company's invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference.
    Read More
  • Aug 7, 2019 | Security Ledger

    Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson [Black Hat USA 2019]

    In this week’s episode of the Podcast, # 156: we’re back at “hacker summer camp” in Las Vegas this week – also known as the Black Hat, B-Sides and DEF CON conferences, which bring tens of thousands of the world’s top security experts to the Las Vegas Strip.
    Read More
  • Aug 7, 2019 | CRN

    Black Hat 2019: 12 Cybersecurity Myths That Could Put You At Risk [Black Hat USA 2019]

    CRN asks 12 executives, sales and technical leaders attending Black Hat 2019 what they see as the top oft-repeated beliefs about cybersecurity that are foolishly accepted as fact.
    Read More
  • Aug 7, 2019 | Portswigger

    JSShell takes cross-site scripting to new highs [Black Hat USA 2019]

    Akamai’s Daniel Abeles today walked Black Hat attendees through version 2.0 of JSShell – a free-to-install web tool that aims to make XSS-to-RCE exploitation easier than ever.
    Read More
  • Aug 7, 2019 | The CyberWire Daily Podcast

    Episode 909 [Black Hat USA 2019]

    A new speculative execution processor flaw is addressed with software mitigations. LokiBot gets more persistent, and it adopts steganography for better obfuscation. The cyber-spies of APT41 seem to be doing some moonlighting. An accused criminal who bribed telco workers to unlock phones is in custody. Scammers are exploiting the tragedies in El Paso and Dayton. And a call at Black Hat for the security sector to bring in some safety engineers. Ben Yelin from UMD CHHS on Virginia updating legislation to address Deep Fakes. Guest is James Plouffe from MobileIron on the challenges of authentication and the legacy of passwords.
    Read More
  • Aug 7, 2019 | Gizmodo

    Windows Quietly Patches Bug That Could Reverse Meltdown, Spectre Fixes for Intel CPUs [Black Hat USA 2019]

    The issue hit Intel by far the hardest, but also competitors like AMD and ARM to a lesser degree. Patches have since been issued, but at around the same time researchers for security firm Bitdefender discovered a related issue that threatened to make the patches useless for Windows machines, Tom’s Guide wrote. Bitdefender researchers revealed their findings at the Black Hat security conference in Las Vegas on Tuesday, almost exactly a year to the date after finding it.
    Read More
  • Aug 7, 2019 | The Register UK

    Hack computers to steal someone's identity in China? Why? You can just buy one from a bumpkin for, like, $3k [Black Hat USA 2019]

    Black Hat Black Hat founder Jeff Moss opened this year's shindig in Las Vegas with tales of quite how odd the hacking culture in China is.
    Read More
  • Aug 7, 2019 | TechTarget

    Black Hat 2019 keynote: Software teams must own security [Black Hat USA 2019]

    In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasized security as a collaborative effort by all software teams that relies on communication, automation and feedback.
    Read More
  • Aug 7, 2019 | Container Journal

    Sysdig Injects More AI into Container Security [Black Hat USA 2019]

    At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments.
    Read More
  • Aug 7, 2019 | WIRED

    A BOEING CODE LEAK EXPOSES SECURITY FLAWS DEEP IN A 787'S GUTS [Black Hat USA 2019]

    At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called electronic flight bag, a collection of navigation documents and manuals used by pilots. Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane's network. An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors. Boeing maintains that other security barriers in the 787's network architecture would make that progression impossible.
    Read More
  • Aug 7, 2019 | Enterprise Times

    Cloud security offers significant benefits if you start right [Black Hat USA 2019]

    At Black Hat 2019 in Las Vegas, Enterprise Times talked with Sergio Caltagirone, Vice President, Threat Intelligence at Dragos and John Yeoh, Vice President of Research at the Cloud Security Alliance. With the skills shortage hurting many small to medium businesses (SMB), cloud is being seen, by some sectors, as a panacea to the problem.
    Read More
  • Aug 7, 2019 | WIRED

    [Black Hat USA 2019]


    Read More
  • Aug 7, 2019 | Hilltop Monitor

    Microsoft launches Azure Security Lab [Black Hat USA 2019]

    At the ongoing Black Hat USA 2019 conference, Microsoft announced the Azure Security Lab ‚ a sandbox-like environment for security researchers to test Azure security without putting the company's customers at risk.
    Read More
  • Aug 7, 2019 | Tech Lapse

    Major flaw affects latest-generation Intel processors [Black Hat USA 2019]

    On the occasion of the Black Hat conference, Bitdefender explained that the vulnerability of these processors is at the level of the speculative execution feature. The latter is to guess the instructions that will potentially be used later to make the processors faster. However, this can leave traces exploitable by hackers and allow them to lead an attack “by auxiliary channel” .
    Read More
  • Aug 7, 2019 | Infosecurity Magazine

    Children's Tablet Revealed Location, Researchers Found [Black Hat USA 2019]

    Researchers at the Black Hat security conference this week have revealed vulnerabilities in a leading child's tablet product.
    Read More
  • Aug 7, 2019 | Forecast Wire

    Your security team is probably an infuriating obstacle – but it doesn’t have to be this way [Black Hat USA 2019]

    Which is why it was such a glorious breath of fresh air to hear Dino Dai Zovi‘s keynote speech at the Black Hat security conference in Las Vegas this morning. Dai Zovi, staff security engineer at Square, argued that the all-too-common model of security as a team which sits and snipes at the people who actually build things, telling them no and pointing fingers, is in fact fantastically counterproductive.
    Read More
  • Aug 7, 2019 | Fox 5 Las Vegas

    Cybersecurity experts from around the world descend on Las Vegas for Black Hat 2019 [Black Hat USA 2019]

    Voting machines could be very vulnerable during the 2020 election. Black Hat surveyed cyber-security experts from around the world. They said there's a 60% chance the 2020 presidential election will be hacked.
    Read More
  • Aug 7, 2019 | IT News Australia

    Chinese government hackers suspected of moonlighting for profit [Black Hat USA 2019]

    The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world's most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns.
    Read More
  • Aug 7, 2019 | Dark Reading

    Censys To Unveil Attack Surface Visibility Platform at Black Hat [Black Hat USA 2019]

    LAS VEGAS — Censys, Inc., the leading provider of Internet security data trusted by the likes of Google and The US Department of Homeland Security, today from Black Hat USA 2019, announced the upcoming launch of its enterprise-level attack surface management software platform that provides real-time visibility and actionable insights over entire network attack surfaces.
    Read More
  • Aug 7, 2019 | Politico

    Scoop: Buttigieg gets a CISO [Black Hat USA 2019]

    HAPPY WEDNESDAY and welcome to Morning Cybersecurity! It’s a very report-y edition of MC, what with Black Hat and DEF CON kicking off. Please send your thoughts, feedback and especially tips to tstarks@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
    Read More
  • Aug 7, 2019 | Digital Munition

    Microsoft intros security lab to test Azure vulnerabilities [Black Hat USA 2019]

    Announced at the Black Hat USA 2019 conference this week, the Azure Security Lab is a set of dedicated cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers.
    Read More
  • Aug 7, 2019 | Security Boulevard

    Live From Black Hat USA: Four Key Takeaways from Dino Dai Zovi’s Keynote [Black Hat USA 2019]

    “Did you know that your 20th Black Hat is when you get to give the keynote at Black Hat?” Dino Dai Zovi, head of security for Cash App at Square, joked to the packed ballroom. While it may have been Dai Zovi’s 20th conference, the topic of his keynote has never been more fitting for where we are in security and the ways in which it mirrors what we experience in our day-to-day life.
    Read More
  • Aug 7, 2019 | Security Boulevard

    Live From Black Hat USA: Communication’s Key Role in Security [Black Hat USA 2019]

    The kick-off keynote for the 23rd Black Hat USA Conference in Las Vegas set the stage for the conversations that will undoubtedly be discussed in great detail over the next two days – and likely the next two years – if Black Hat founder Jeff Moss’ opening remarks are indicative of a trend. Moss pointed out that security had been asking for the spotlight, both in legislative and more corporate settings, and the industry has had it for the last two years.
    Read More
  • Aug 7, 2019 | Digital Mutation

    Wi-Fi-spying gizmos may lurk in future parcels [Black Hat USA 2019]

    "Think of the volume of boxes moving through a corporate mailroom daily," said Charles Henderson of IBM X-Force Red on Wednesday, just in time for this year's Black Hat USA conference in Las Vegas. "Or consider the packages dropped off on the porch of a CEO's home, sitting within range of their home Wi-Fi. Using warshipping, X-Force Red was able to infiltrate corporate networks undetected."
    Read More
  • Aug 7, 2019 | VentureBeat

    Vectra: Ransomware attacks are spreading to cloud, datacenter, and enterprise infrastructure [Black Hat USA 2019]

    The Vectra 2019 Spotlight Report on Ransomware finds that the most significant ransomware threat — in which hackers steal your data and hold it for ransom — is malicious encryption of shared network files in cloud service providers. San Jose, California-based Vectra released the report ahead of the Black Hat 2019 security conference in Las Vegas this week.
    Read More
  • Aug 7, 2019 | PC Magazine

    APT41 Is Not Your Usual Chinese Hacker Group [Black Hat USA 2019]

    A Chinese hacker group known as APT41 appears to have taken up financial crimes in addition to the usual state-sponsored cyber espionage, FireEye researchers revealed here at Black Hat.
    Read More
  • Aug 7, 2019 | The Washington Post

    The Cybersecurity 202: Here's how the Justice Department wants to befriend ethical hackers [Black Hat USA 2019]

    Bailey acknowledged the conflict. He joked in a 2016 address that when he first met with ethical hackers at the Black Hat cybersecurity conference in 2015 “only half [of the meeting] was being yelled at.” In succeeding years, he says, those conversations have become far less hostile and more productive. Now, he says ethical hackers frequently call him to talk over policy disagreements.
    Read More
  • Aug 7, 2019 | Reuters

    Chinese government hackers suspected of moonlighting for profit [Black Hat USA 2019]

    The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world’s most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns.
    Read More
  • Aug 7, 2019 | 9to5 Mac

    PSA: Latest Spectre and Meltdown scare only affects Macs running Windows [Black Hat USA 2019]

    Security company Bitdefender revealed the issue at the Black Hat security conference yesterday, reports Tom’s Guide. Interestingly, they actually discovered it a year ago, but Intel didn’t initially believe it to be a real-life problem.
    Read More
  • Aug 7, 2019 | MacTrast

    New Meltdown and Spectre Security Bugs Affects Macs Running Windows [Black Hat USA 2019]

    Tom’s Guide reports security company Bitdefender announced the issue at the Black Hat security conference on Tuesday. Although the flaw was discovered a year ago, Intel didn’t initially believe it to be a real-life issue.
    Read More
  • Aug 7, 2019 | Tom's Guide

    New Intel Flaw Exposes Secrets on Windows Machines: What to Do [Black Hat USA 2019]

    Bitdefender disclosed the flaw in conjunction with Microsoft today (Aug. 6) here at the Black Hat security conference, almost one year to the day after Bitdefender's researchers told Intel of the flaw.
    Read More
  • Aug 7, 2019 | Linux

    Sysdig Injects More AI into Container Security [Black Hat USA 2019]

    At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments. At the same time, Sysdig unveiled Falco Rule Builder, a more flexible user interface (UI) for creating runtime security policies, which integrates tightly with Sysdig Secure. Knox Anderson, director of product management for Sysdig, says these extensions will make it easier for organizations to embrace best DevSecOps processes by relying on container monitoring and security tools for Kubernetes environments delivered via a software-as-a-service (SaaS) application, dubbed Sysdig Cloud Native Visibility and Security Platform (VSP).
    Read More
  • Aug 7, 2019 | iLounge

    Apple Hands Hackers Secret iPhones In A Bid To Boost Security [Black Hat USA 2019]

    Apple will be giving security researchers special iPhones for better testing of potential weaknesses and vulnerabilities. According to Forbes, Apple is expected to announce the program during the Black Hat security conference which will be held in Las Vegas.
    Read More
  • Aug 7, 2019 | ABC 13 Las Vegas KTNV

    DEF CON, Black Hat in Las Vegas unite cybersecurity pros and show possible security dangers [Black Hat USA 2019]

    Tens of thousands of the world’s best cybersecurity professionals are in Las Vegas this week for two events, DEF CON and Black Hat .
    Read More
  • Aug 7, 2019 | Windows Report

    Windows 10 gets silent security patch to deal with SWAPGS vulnerability [Black Hat USA 2019]

    As such, Microsoft released a silent patch to address the problem. The update to the Linux kernel was part of last month’s Patch Tuesday, but it wasn’t revealed until recently, at the BlackHat security conference.
    Read More
  • Aug 7, 2019 | PowerPage

    Apple reportedly set to announce iOS, macOS bug bounty programs starting later this month [Black Hat USA 2019]

    Apple is also expected to announce plans to offer security researchers iPhone handsets at the Black Hat security conference in Las Vegas later this week. This program is expected to make it easier for Apple to find weaknesses in iOS’ security features.
    Read More
  • Aug 7, 2019 | PowerPage

    Apple reportedly set to announce iOS, macOS bug bounty programs starting later this month [Black Hat USA 2019]

    Apple is also expected to announce plans to offer security researchers iPhone handsets at the Black Hat security conference in Las Vegas later this week. This program is expected to make it easier for Apple to find weaknesses in iOS’ security features.
    Read More
  • Aug 7, 2019 | Engadget

    The Morning After: Instagram's 'huge booty' issue [Black Hat USA 2019]

    Apple plans to offer security researchers special iPhones and finally launch a bug bounty program for Mac, according to a Forbes report. Cupertino will reportedly announce those security measures at the Black Hat security conference in Las Vegas later this week in an effort to strengthen its flawed bug bounty program -- and security.
    Read More
  • Aug 7, 2019 | TechSpot

    Microsoft quietly patched a Spectre-style vulnerability in Intel chips that could expose user data [Black Hat USA 2019]

    Intel dismissed the initial report of the issue, saying it already knew of the vulnerability and had no plans to fix it, but Bitdefender provided a proof-of-concept attack that showed how it could be exploited and the flaw was disclosed at the Black Hat security conference yesterday. It exploits the SWAPGS kernel-level instruction set, which was introduced with Ivy Bridge processors back in 2012.
    Read More
  • Aug 7, 2019 | IT Pro UK

    SWAPGS Attack is the latest Windows exploit to worry about [Black Hat USA 2019]

    The security flaw, which was revealed at the annual Black Hat conference 2019 in Las Vegas, affects every single Windows computer running an Intel CPU dating back to 2012, regardless of which version of Windows is installed.
    Read More
  • Aug 7, 2019 | CNET

    Black Hat and Defcon look to boost diversity through day care [Black Hat USA 2019]

    When Jeff Moss started Defcon in 1993, it was unheard of to bring kids to the hacker conference in Las Vegas. Now, as the conference and its attendees grow up, and more security researchers and hackers are becoming parents, services like day cares and childcare rooms at Black Hat and Defcon are in high demand.
    Read More
  • Aug 7, 2019 | WIRED

    SAMSUNG'S NEW PHONES, A BOEING 787 SOFTWARE FLAW, AND MORE NEWS [Black Hat USA 2019]

    At the Black Hat conference, security researchers lifted the curtain on "interaction-less bugs" in Apple's iOS, which would give a hacker access to your phone without you doing anything at all. An attacker could send a specially crafted text message, and even if you don't open it, the iMessage server would send back specific user data, like the content of your SMS messages or images.
    Read More
  • Aug 7, 2019 | News 3 Las Vegas

    HACKERS BEWARE: Black Hat 2019 brings advanced cybersecurity [Black Hat USA 2019]

    The annual hacking and security conference is here again.Experts and researchers from all over the world are showcasing cybersecurity and privacy risks at Black Hat 2019. Black Hat USA is in its 23rd year. It's the world's leading information security event.
    Read More
  • Aug 7, 2019 | Channel Futures

    Black Hat: Everyone Has a Part to Play in Cybersecurity [Black Hat USA 2019]

    That was the message conveyed Wednesday by keynoter Dino Dai Zovi, Square’s mobile security lead, at this week’s Black Hat USA 2019 conference in Las Vegas. In its 23rd year, the conference has drawn a record 19,000-plus attendees.
    Read More
  • Aug 7, 2019 | CNET

    Black Hat and Defcon look to boost diversity through day care [Black Hat USA 2019]

    When Jeff Moss started Defcon in 1993, it was unheard of to bring kids to the hacker conference in Las Vegas. Now, as the conference and its attendees grow up, and more security researchers and hackers are becoming parents, services like day cares and childcare rooms at Black Hat and Defcon are in high demand.
    Read More
  • Aug 7, 2019 | HelpNet Security

    Kiuwan’s application security testing platform helps teams realize DevSecOps goals [Black Hat USA 2019]

    Kiuwan, a provider of application security testing tools, announced the availability of free software vulnerability scan trials for the US market, with live demonstrations at Black Hat USA 2019.
    Read More
  • Aug 7, 2019 | Gadgets 360

    SWAPGS Speculative Execution Vulnerability for Intel CPUs Disclosed, Microsoft Releases Windows 10 Patch [Black Hat USA 2019]

    Security vendor Bitdefender has disclosed details of a new speculative execution security vulnerability in Intel CPUs dating back to 2012, which could be used to steal sensitive information including passwords from a computer. The newly discovered issue, named SWAPGS, could also negate all the patches so far released for the infamous Spectre and Meltdown flaws. According to Bitdefender, the issue was first discovered over a year ago, and the company has been working with Intel and other ecosystem stakeholders in order to minimise its impact. Public disclosure was withheld till just now, at the ongoing Black Hat security conference, where Bitdefender has released a detailed whitepaper on its research.
    Read More
  • Aug 7, 2019 | ZDNet

    New ‘warshipping’ technique gives hackers access to enterprise offices [Black Hat USA 2019]

    At Black Hat USA in Las Vegas, Nevada, IBM researchers said that warshipping is made possible through the proliferation of e-commerce deliveries, now an everyday occurrence which has slowly replaced visits to traditional brick-and-mortar stores.
    Read More
  • Aug 7, 2019 | IT Web

    Microsoft intros security lab to test Azure vulnerabilities [Black Hat USA 2019]

    Announced at the Black Hat USA 2019 conference this week, the Azure Security Lab is a set of dedicated cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers.
    Read More
  • Aug 6, 2019 | Tom's Guide

    How Europe's GDPR Privacy Rules Help Identity Thieves [Black Hat USA 2019]

    The truth is, though, that "many organizations fail to employ adequate safeguards against Right of Access abuse and thus risk exposing sensitive information to unauthorized third parties," as Knerr and Pavur wrote in a white paper released in conjunction with Pavur's Black Hat presentation.
    Read More
  • Aug 6, 2019 | Forbes

    Android Alert: Users Urged To Patch Critical Flaw In Recent Qualcomm Chips, Millions At Risk [Black Hat USA 2019]

    More critical security vulnerabilities are being unveiled at the Black Hat USA 2019 conference which is now in full swing in Las Vegas, Nevada, and this time it’s coming from Tencent’s Blade Team.
    Read More
  • Aug 6, 2019 | ZDNet

    New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits [Black Hat USA 2019]

    The vulnerability was discovered by researchers at Bitdefender as they researched CPU architectures. They've chosen to reveal what they found in a session at Black Hat USA after working with Intel, Microsoft and others to ensure an update was released to fix the bug as part of Patch Tuesday.
    Read More
  • Aug 6, 2019 | Security Boulevard

    Mimecast introduced community based tailored threat intelligence tool at Black Hat 2019 [Black Hat USA 2019]

    Yesterday, at Black Hat 2019, Mimecast Limited, a leading email and data security company, introduced Mimecast Threat Intelligence which offers a deeper understanding of the cyber threats faced by organizations.
    Read More
  • Aug 6, 2019 | Android Central

    QualPwn is a new exploit for Qualcomm Snapdragon chips, here's what you need to know [Black Hat USA 2019]

    This makes finding these bugs and vulnerabilities an industry in its own right. At DEFCON 27 and Black Hat 2019, huge venues where exploits are made public and demonstrated (and hopefully, patched), a vulnerability in Qualcomm chips has been announced by the Tencent Blade Team that would allow an attacker to gain access through the kernel and potentially get into your phone and cause harm. The good news is that it was responsibly announced and Qualcomm worked with Google to fix the issue with the August 2019 Android Security Bulletin.
    Read More
  • Aug 6, 2019 | Channel Futures

    Dell’s Secureworks Releases SaaS-Based Red Cloak TDR with Managed Services Option [Black Hat USA 2019]

    BLACK HAT USA — Secureworks is using this week’s Black Hat USA 2019 conference in Las Vegas to release its new Red Cloak Threat Detection and Response (TDR), the company’s first of a planned suite of SaaS-based software offerings announced earlier this year.
    Read More
  • Aug 6, 2019 | Solutions Review

    Exploring Bug Bounties With Microsoft’s Bug Bounty Challenge [Black Hat USA 2019]

    Recently, at the Black Hat 2019 conference, technology giant and cybersecurity provider Microsoft made two startling announcements:
    Read More
  • Aug 6, 2019 | Portswigger

    Black Hat Briefings: Assessing the impact of last year’s pioneering security research [Black Hat USA 2019]

    On the eve of the Black Hat 2019 Briefings sessions, The Daily Swig takes a closer look at the real-world impact of the security research that’s showcased in the desert each year
    Read More
  • Aug 6, 2019 | DevClass

    Microsoft waves $300,000 at hackers, says ‘do your worst’ to Azure Security Lab [Black Hat USA 2019]

    The company chose the Black Hat Conference in Las Vegas to announce it was “inviting a select group of talented individuals to come and do their worst to emulate criminal hackers in a customer-safe cloud environment called the Azure Security Lab.”
    Read More
  • Aug 6, 2019 | Fudzilla

    Microsoft provides tools to find holes in Azure [Black Hat USA 2019]

    Addressing the assembed throngs at the Black Hat conference, Kymberlee Price, Microsoft’s security community manager said that Azure Security Lab is a set of dedicated cloud hosts isolated from Azure customers so security researchers can test attacks against cloud scenarios. The isolation means researchers can not only research vulnerabilities in Azure, they can attempt to exploit them.
    Read More
  • Aug 6, 2019 | The Washington Post

    The Cybersecurity 202: The government's relationship with ethical hackers has improved, security experts say [Black Hat USA 2019]

    The relationship between ethical hackers and the federal government is better now than it was in 2013, when then-National Security Agency chief Keith Alexander first spoke at the Black Hat cybersecurity conference — not long after Edward Snowden revealed the government's sweeping surveillance programs.
    Read More
  • Aug 6, 2019 | Engadget

    Apple may soon hand special iPhones to security researchers [Black Hat USA 2019]

    Apple will start providing security researchers special iPhones and will finally launch a bug bounty program for Mac, according to Forbes. Cupertino will reportedly announce those security measures at the Black Hat security conference in Las Vegas later this week in an effort to strengthen its flawed bug bounty program.
    Read More
  • Aug 6, 2019 | Mashable India

    Apple To Provide "Pre-Jailbroken" iPhones To Researchers As Part Of A Reward Program: Report [Black Hat USA 2019]

    According to a report by Forbes, Apple will be announcing the new program at the ongoing Black Hat security conference in Las Vegas which runs in till Thursday, August 8.
    Read More
  • Aug 6, 2019 | Cult of Mac

    Apple might give hackers special iPhones to plug security problems [Black Hat USA 2019]

    According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS.
    Read More
  • Aug 6, 2019 | TechTarget

    LogicHub introduces automation updates to its SOAR platform [Black Hat USA 2019]

    LogicHub is demonstrating its newest intelligent automation features at the Black Hat conference in Las Vegas until Aug. 9, 2019.
    Read More
  • Aug 6, 2019 | Times of India

    Here's why Microsoft paid Rs 31.2 crores to 'hackers' last year [Black Hat USA 2019]


    Read More
  • Aug 6, 2019 | CRN

    12 Big New Network And Endpoint Security Tools From The Black Hat 2019 Conference [Black Hat USA 2019]

    Vendots attending the Black Hat 2019 conference have placed big bets around network and endpoint security, debuting offerings that turn network assets into security devices, redirect attempted endpoint access into deception environments, and use machine-learning algorithms on network flows and packet data.
    Read More
  • Aug 6, 2019 | InfoSecurity Magazine

    Microsoft, Apple Level Up Bounties [Black Hat USA 2019]

    An announcement at Black Hat 2019 this week would mark the third anniversary of Apple's original bug bounty program, in which it promised to pay up to $200,000 for the best reported security flaws.
    Read More
  • Aug 6, 2019 | Meritalk

    GSA Reflects on Years of Lessons Learned for Cloud Security [Black Hat USA 2019]

    Senior Security Architect for the General Services Administration’s (GSA’s) Technology Transformation Services (TTS) and Centers of Excellence (CoE) Dan Jacobs wants agencies and industry alike to heed the lessons GSA has learned from experience and the Black Hat conference over the past 16 years when it comes to securely implementing cloud.
    Read More
  • Aug 6, 2019 | BGR

    Apple will provide jailbroken iPhones to researchers investigating iOS security [Black Hat USA 2019]

    Additionally, Apple wants to open a Mac bug bounty program that will also offer financial incentives to researchers who find vulnerabilities and alert Apple. It’s unclear when the Mac bug bounty program will be announced. Apple might reveal more details on Thursday when Apple’s head of security and engineering Ivan Krstić will deliver a Black Hat talk titled Behind the Scenes of iOS and Mac Security
    Read More
  • Aug 6, 2019 | IoT Evolution World

    Armis Finds 11 Zero-Day Vulnerabilities, Exposing 200 Million Critical Devices using VxWorks [Black Hat USA 2019]

    Ben Seri and Dor Zusman, security researcher at Armis will present the exploration of the URGENT/11 vulnerabilities at Black Hat 2019 in Las Vegas on Thursday, August 8, 2019. The talk will also include a demonstration of real-world end-to-end attacks on VxWorks-based devices including a firewall and printer.
    Read More
  • Aug 6, 2019 | TechTarget

    I’m at Black Hat 2019 for the next couple days: Here’s what I hope to learn [Black Hat USA 2019]

    I’m off at Black Hat 2019 through Thursday evening. This is the first time BrianMadden.com has attended this conference, so despite being stuck in Las Vegas for more time than I’d ever like, I’m excited!
    Read More
  • Aug 6, 2019 | FossBytes

    Microsoft Asks Researchers To “Do Their Worst,” Doubles Azure Bounty To $40,000 [Black Hat USA 2019]

    At the ongoing Black Hat USA 2019 conference, Microsoft announced the Azure Security Lab ‚ a sandbox-like environment for security researchers to test Azure security without putting the company’s customers at risk.
    Read More
  • Aug 6, 2019 | iDropNews

    ‘Rock Star’ Hackers Will Get Special iPhones from Apple to Help Boost Security [Black Hat USA 2019]

    A new report in Forbes reveals that Apple is planning to announce a new program at this week’s Black Hat security conference in Las Vegas where it will give select security researchers special “pre-jailbroken” iPhones to make it easier for them to find weaknesses in the iPhone hardware and iOS operating system
    Read More
  • Aug 6, 2019 | Digital Munition

    Apple might give hackers special iPhones to plug security problems [Black Hat USA 2019]

    According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS.
    Read More
  • Aug 6, 2019 | TechRadar

    Microsoft launches Azure Security Lab for greater cloud protection [Black Hat USA 2019]

    At this year's Black Hat USA security conference, the company unveiled its new Azure Security Lab which is made up of a set of dedicated cloud hosts that security professionals invited by the software giant will be able to use to test for vulnerabilities and exploits in Azure.
    Read More
  • Aug 6, 2019 | The Mac Observer

    Apple Bug Bounty Program Coming This Month [Black Hat USA 2019]

    The iPhones will be given to the rock star hackers that participate in the Cupertino company’s invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference. What makes these iPhones special? One source with knowledge of the Apple announcement said they would essentially be “dev devices.” Think of them as iPhones that allow the user to do a lot more than they could on a traditionally locked-down iPhone. For instance, it should be possible to probe pieces of the Apple operating system that aren’t easily accessible on a commercial iPhone. In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities. This would allow them to see what happens at the code level when they attempt an attack on iOS code.
    Read More
  • Aug 6, 2019 | MSSP Alert

    LogicHub SOAR Gains Autonomous Detection and Response [Black Hat USA 2019]

    SOAR+ with autonomous detection and response is now available, and LogicHub will showcase the updated platform at the Black Hat USA 2019 conference in Las Vegas, Nevada.
    Read More
  • Aug 6, 2019 | CSO Australia

    Microsoft dangles USD$300k in updated Azure cloud bug bounty [Black Hat USA 2019]

    Microsoft unveiled Azure Security Lab at the Black Hat USA conference in Las Vegas on Monday, where it also told security researchers it was doubling the top bounty for Azure bugs to $40,000. But the program, which is open to eligible applicants only, also offers hackers “scenario-based challenges” that max out at $300,000.
    Read More
  • Aug 6, 2019 | EE News Europe

    A secure wireless environment for Light Communication [Black Hat USA 2019]

    Speaking ahead of DEF CON 27, a hacker convention that takes place immediately after Black Hat USA 2019, Dr Dauphinee highlighted the potential that VLC has for environments where there is sensitive information that could be the target of a cyberattack. These environments include financial institutions, government buildings, critical businesses and military bases.
    Read More
  • Aug 6, 2019 | Toolbox

    Stellar Cyber Unveils Starlight™ 3.3; Offers AI-Based Dynamic Phishing Detection and Automated Event Correlation [Black Hat USA 2019]

    Black Hat USA 2019 — Security analytics provider Stellar Cyber recently unveiled Starlight™ 3.3, which is the first Unified Security Analytics Platform having two industry-first capabilities:
    Read More
  • Aug 6, 2019 | z6mag

    Microsoft offers $300k bounty for those who can hack Azure Security Lab [Black Hat USA 2019]

    In a process to find and locate bugs and vulnerabilities in its Azure cloud platform, Microsoft announced in public at the Black Hat USA 2019 that the tech giant will reward $300,000 to researchers who successfully attack and launch test exploits for the platform.
    Read More
  • Aug 6, 2019 | z6mag

    Russian hackers are targeting corporate VoIP phones and IoT devices [Black Hat USA 2019]

    Security research presented at the Black Hat, Microsoft said that in April, Russian hackers compromised VoIP phones, office printers, and video decoders across multiple corporations. “In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords, and in the third instance the latest security update had not been applied to the device,” Microsoft said in a blog post.
    Read More
  • Aug 6, 2019 | 9to5 Google

    Vulnerability in Snapdragon chips, ‘QualPwn,’ fixed with August security patch [Black Hat USA 2019]

    If you’re interested in seeing a full demonstration of QualPwn in action, Tencent Blade will be presenting it at Black Hat USA 2019 on Thursday
    Read More
  • Aug 6, 2019 | Container Journal

    Sysdig Injects More AI into Container Security [Black Hat USA 2019]

    At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments.
    Read More
  • Aug 6, 2019 | Threatpost

    Millions of Android Smarphones Vulnerable to Trio of Qualcomm Bugs [Black Hat USA 2019]

    The QualPwn vulnerabilities will be discussed by Tencent’s Blade Team researchers at BlackHat USA 2019 and DEFCON 27 later this week, according to researchers. Researchers declined to share vulnerability specifics until, as they put it: “we’re informed that the flaws are fixed and consumers have time to install security updates on their devices.”
    Read More
  • Aug 6, 2019 | Portswigger

    Spies piggyback on IoT insecurity to hack into corporate networks [Black Hat USA 2019]

    Microsoft has published at outline of the attack and indicators of compromise ahead of a talk on the topic by Microsoft Eric Doerr at Black Hat USA on Thursday (8 August).
    Read More
  • Aug 6, 2019 | Forbes

    Microsoft Confirms It Has Paid $4.4M To Hackers [Black Hat USA 2019]

    Microsoft has announced, at the start of the Black Hat 2019 hacking and security event in Las Vegas, that it has paid $4.4 million (£3.6 million) to hackers over the past 12 months. What's more, it has issued a new challenge for confident and aggressive hackers to come and have a go if they think they're hard enough.
    Read More
  • Aug 6, 2019 | Forbes

    Cybereason Raises $200 Million Led By SoftBank Group Ahead Of IPO [Black Hat USA 2019]

    Cybereason, a cloud-based cybersecurity company and Forbes 2019 Next Billion-Dollar Startups honoree announced Tuesday $200 million in new funding. Led by SoftBank Group, the Series E round boosts the company’s valuation to $900 million, with $389 million in total equity. The fresh influx provides padding as Cybereason prepares for an initial public offering, the timing of which depends on market conditions., CEO and cofounder Lior Div told Forbes. In the meantime, Cybereason aims to expand its already global reach, the details of which will be announced this week at Black Hat, the annual infosec conference in Las Vegas.
    Read More
  • Aug 6, 2019 | Verdict

    Black Hat conference gets underway / Which? publishes Facebook fake review findings / Disney announces Q3 results with streaming in its sights [Black Hat USA 2019]

    Following a weekend of technical sessions, the main Black Hat 2019 conference will get underway today, providing attendees with insight into the latest developments and trends in information security.
    Read More
  • Aug 6, 2019 | The Register

    It's 2019 – and you can completely pwn a Qualcomm-powered Android over the air [Black Hat USA 2019]

    Black Hat It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices.
    Read More
  • Aug 6, 2019 | TechTarget

    I’m at Black Hat 2019 for the next couple days: Here’s what I hope to learn [Black Hat USA 2019]

    Meanwhile, Black Hat looks to offer slightly more technical sessions that might help grow my knowledge about security and the vulnerabilities in the wild.
    Read More
  • Aug 6, 2019 | CNET

    How to prepare for the world's largest hacker fest [Black Hat USA 2019]

    One of the largest gatherings of hackers is happening in Las Vegas in August, with Black Hat and Defcon are set to start this week. The back-to-back cybersecurity conferences are often referred to as "Hacker Summer Camp," which raises questions about how to keep yourself safe when you're surrounded by hackers.
    Read More
  • Aug 6, 2019 | CRN

    12 Cool New Threat Detection And Response Products Unveiled At Black Hat 2019 [Black Hat USA 2019]

    Here's a look at 12 products released around Black Hat 2019 that make it easier for customers and partners to locate and prioritize advanced threats and respond to security incidents in an automated fashion.
    Read More
  • Aug 6, 2019 | CRN

    20 Hot New Cybersecurity Products Unleashed At Black Hat Las Vegas 2019 [Black Hat USA 2019]

    From inspecting encrypted traffic in real time to using machine learning to build profiles of containers to ranking security gaps by their potential business impact, here's a look at 20 hot cybersecurity products unleashed at Black Hat this year.
    Read More
  • Aug 6, 2019 | MJ Tsai Blog

    Hacker-Friendly iPhones and Mac Bug Bounty Program [Black Hat USA 2019]

    Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It’ll also be announcing an Apple Mac bounty, so anyone who can find security issues in macOS will get rewarded, sources claimed.
    Read More
  • Aug 5, 2019 | CRN

    Black Hat 2019 News and Analysis [Black Hat USA 2019]

    CRN is live in Las Vegas for Black Hat 2019 Bookmork this page for the latest news and announcements from the show floor
    Read More
  • Aug 5, 2019 | MS Power User

    Microsoft is doubling down on Azure security [Black Hat USA 2019]

    At Black Hat conference in Las Vegas, Microsoft today announced that it is doubling down on Azure security. First, Microsoft is encouraging more security researchers to exploit Azure by doubling the top bounty reward for Azure vulnerabilities to $40,000. Second, Microsoft is making it easier for security researchers to aggressively test Azure in a closed environment. Microsoft is inviting a select group of security individuals to emulate criminal hackers in a cloud environment called the Azure Security Lab.
    Read More
  • Aug 5, 2019 | 9to5 Mac

    Report: Apple to provide ‘pre-jailbroken’ iPhones to researchers, launch macOS bug bounty program [Black Hat USA 2019]

    Apple is reportedly set to provide security researchers with unique iPhone models that would allow them to more easily find weaknesses in iOS. Forbes reports that Apple will make this announcement at the Black Hat security conference later this week.
    Read More
  • Aug 5, 2019 | Security Boulevard

    Black Hat 2019 On Your Mark, Get Set, Go [Black Hat USA 2019]

    It’s that time. The Black Hat Conference is taking place in Las Vegas this week and tens of thousands of people will fill the space in and around the Mandalay Bay hotel to gain insight on emerging attack trends and techniques—and how to effectively defend against those exploits.
    Read More
  • Aug 5, 2019 | HelpNet Security

    Devo Technology defines vision for next-gen cloud SIEM [Black Hat USA 2019]

    According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS.
    Read More
  • Aug 5, 2019 | Forbes

    Apple Is Giving Out Hacker-Friendly iPhones, Plots Mac Bug Bounty — Sources [Black Hat USA 2019]

    From a cybersecurity perspective, it appears so. Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It'll also be announcing an Apple Mac bounty, so anyone who can find security issues in macOS will get rewarded, sources claimed. Apple declined to comment.
    Read More
  • Aug 5, 2019 | SiliconAngle

    Microsoft launches new Azure Security Lab, offering up to $300K to anyone who can hack its public cloud [Black Hat USA 2019]

    Microsoft Corp. announced today at the Black Hat USA Conference in Las Vegas the creation of a new Azure Security Lab that it believes will bolster the security of its public cloud service.
    Read More
  • Aug 5, 2019 | BleepingComputer

    QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air [Black Hat USA 2019]

    Tencent's Blade researchers are scheduled to present the technical details for the QualPwn bugs and exploiting them on Thursday, at the Black Hat security conference. They have already published a brief advisory about the two vulnerabilities.
    Read More
  • Aug 5, 2019 | Forbes

    Microsoft Warns Russian Hackers Can Breach Secure Networks Through Simple IoT Devices [Black Hat USA 2019]

    Just ahead of Black Hat 2019, Microsoft has reported that in April its Threat Intelligence Center discovered a targeted attack against IoT devices—a VOIP phone, a printer and a video decoder. The attack hit multiple locations, using the devices as soft access points into wider corporate networks. Two of the three devices still carried factory security settings, the software on the third hadn't been updated.
    Read More
  • Aug 5, 2019 | Embedded Computing

    HomeGrid Forum Promotes Light Communication for Secure Wireless [Black Hat USA 2019]

    The Visible Light Communication (VLC) industry is growing at a rapid rate, and is set to exceed ten billion devices by 2023, according to HomeGrid Forum President Dr. Len Dauphinee. Speaking ahead of DEF CON 27, a hacker convention that takes place immediately after Black Hat USA 2019, Dr Dauphinee highlighted the potential that VLC has for environments where there is sensitive information that could be the target of a cyberattack.
    Read More
  • Aug 5, 2019 | CRN

    11 Top Cybersecurity Trends To Watch For At Black Hat 2019 [Black Hat USA 2019]

    Black Hat has grown over the past 22 years into the premier stage for cybersecurity professionals to share cutting-edge research and insights though demos, technical trainings and hands-on labs.
    Read More
  • Aug 5, 2019 | Security Boulevard

    What to expect at Black Hat USA 2019 [Black Hat USA 2019]

    Black Hat USA 2019 kicks off this week! We’re incredibly excited for another week of impactful sessions, to hear from industry thought leaders, and even to unwind with other infosec professionals. On the heels of exciting announcements, including a significant Series B funding round and key additions to the leadership team, Swimlane will once again be your headquarters for security orchestration, automation and response (SOAR). Here’s some of what you can expect from this year’s conference:
    Read More
  • Aug 5, 2019 | The Register

    LAPD loses job applicant details, Project Zero pokes holes in iOS, AWS S3 whack-a-mole continues, and more [Black Hat USA 2019]

    Also, look out this week for our Black Hat, DEF CON, and Bsides Las Vegas coverage: our vultures out in the Nevada desert will produce a string of articles from the hacking conferences.
    Read More
  • Aug 5, 2019 | Forbes

    Data Breach Alert: Over 1 Million Credit Card Data From The U.S., South Korea Have Been Leaked [Black Hat USA 2019]

    There’s not a day that goes by anymore without yet another major data leak uncovered and with the Black Hat conference—sort of a boot camp for hackers—kicking off in Las Vegas this week, we might hear more of them in the coming days.
    Read More
  • Aug 5, 2019 | Forbes

    Data Breach Alert: Over 1 Million Credit Card Data From The U.S., South Korea Have Been Leaked [Black Hat USA 2019]

    There’s not a day that goes by anymore without yet another major data leak uncovered and with the Black Hat conference—sort of a boot camp for hackers—kicking off in Las Vegas this week, we might hear more of them in the coming days.
    Read More
  • Aug 5, 2019 | Forbes

    MITRE's ATT&CK Prioritizes Cyber Defenses [Black Hat USA 2019]

    On Wednesday, August 7, at 2:40pm, Black Hat USA 2019, Nichols and Ryan Kovar, Principal Security Strategist at Splunk, will present MITRE ATT&CK: The Play at Home Edition.
    Read More
  • Aug 5, 2019 | Los Angeles Times

    Newsletter: Cal Inc.: It’s not about the Equifax settlement cash. It’s about sending a message [Black Hat USA 2019]

    The Black Hat USA conference, now in its 22nd year, brings the world’s top hackers and information security experts to Las Vegas. Be on the lookout for some scary headlines on Wednesday and Thursday as researchers reveal the latest vulnerabilities they’ve uncovered.
    Read More
  • Aug 5, 2019 | Threatpost

    Microsoft Lab Offers $300K For Working Azure Exploits [Black Hat USA 2019]

    Las Vegas – In an attempt to sniff out bugs in its Azure cloud platform, Microsoft announced at Black Hat USA 2019 on Monday that it will offer rewards of up to $300,000 for researchers who launch successful test exploits for the platform.
    Read More
  • Aug 5, 2019 | VentureBeat

    Microsoft launches Azure Security Lab, doubles top bug bounty to $40,000 [Black Hat USA 2019]

    At Black Hat 2019 today, Microsoft announced the Azure Security Lab, a sandbox-like environment for security researchers to test its cloud security. The company also doubled the top Azure bug bounty to $40,000.
    Read More
  • Aug 5, 2019 | ZDNet

    Microsoft launches Azure Security Lab, expands bug bounty rewards [Black Hat USA 2019]

    At the Black Hat USA conference in Las Vegas, Nevada on Monday, Microsoft said the new Azure Security Lab, a set of dedicated cloud hosts, will be made available to security professionals invited by the Redmond giant to "confidently and aggressively test Azure."
    Read More
  • Aug 5, 2019 | Politico

    ELECTION SURVEY: Tracking the move to paper-based voting machines [Black Hat USA 2019]

    It’s Black Hat and DEF CON time, and late last week brought some news about the events. At Black Hat, the Pwnie Award nominations are out. Notable nominees for the sometimes-cheeky cyber awards include the NSA for “most innovative research” and “most epic achievement” due to its reverse engineering tool Ghidra, to the consternation of some hacker types who don’t have much admiration for the spy agency.
    Read More
  • Aug 5, 2019 | CSO

    Looking for answers at Black Hat 2019: 5 important cybersecurity issues [Black Hat USA 2019]

    As Black Hat 2019 begins, the cybersecurity topics top of mind include network security platforms, threat detection/response services, new cloud security strategies, and clarification around security analytics.
    Read More
  • Aug 4, 2019 | Help Net Security

    Week in review: Capital One breach, Visa payment limit bypass flaw, VxWorks RTOS vulnerabilities [Black Hat USA 2019]

    Black Hat USA 2019 is just around the corner! Selecting which sessions to attend from among the conference’s jam-packed catalog of training sessions, panels and briefings can be a daunting task without a clear strategy. In the run-up to every conference, we compile a list of the most engaging content and identify the most compelling cybersecurity trends highlighted in the agenda.
    Read More
  • Aug 3, 2019 | WIRED

    5G IS HERE—AND STILL VULNERABLE TO STINGRAY SURVEILLANCE [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas next week, a group of network communication security researchers will present findings on flaws in the 5G protections meant to thwart the surveillance devices known as stingrays.
    Read More
  • Aug 2, 2019 | TechTarget

    CloudKnox Security adds privileged access features to platform [Black Hat USA 2019]

    The company will demonstrate the new features at Black Hat USA in Las Vegas this year for the first time. CloudKnox's update to its Cloud Security Platform follows competitor CyberArk's recent updates to its own privileged access management offering, including zero-trust access, full visibility and control of privileged activities for customers, biometric authentication and just-in-time provisioning.
    Read More
  • Aug 2, 2019 | MSSP Alert

    Black Hat USA 2019 Cybersecurity Conference: Live Blog [Black Hat USA 2019]

    The Black Hat USA 2019 cybersecurity conference will attract thousands of IT professionals, researchers, MSPs and MSSPs. Track this live blog from MSSP Alert for the latest news, analysis and chatter throughout the conference.
    Read More
  • Aug 2, 2019 | Cyberscoop

    How offense and defense came together to plug a hole in a popular Microsoft program [Black Hat USA 2019]

    ne RDS discovery in particular prompted close, behind-the-scenes cooperation between Microsoft and an outside researcher. They will share what they learned about detection and remediation next week at the Black Hat conference in Las Vegas.
    Read More
  • Aug 2, 2019 | Security Boulevard

    Black Hat 2019 Braving the Heat and Chaos in Search of Peace of Mind [Black Hat USA 2019]

    Black Hat 2019 is taking place next week in Las Vegas. A biblical swarm of grasshoppers large enough to be seen on radar has invaded the city and temperatures outside in the scorching sun will approach 110 degrees, but that won’t stop tens of thousands of IT and cybersecurity professionals from making the trek to learn about emerging attack techniques and trends and find out what vendors have to offer to help guard against a growing and shifting threat landscape.
    Read More
  • Aug 2, 2019 | Dark Reading

    Black Hat: A Summer Break from the Mundane and Controllable [Black Hat USA 2019]

    Next week, security practitioners from across the globe will make their summer pilgrimage to Las Vegas for Black Hat, DEF CON, and other security gatherings. As in years past, there will be no shortage of surprises
    Read More
  • Aug 2, 2019 | CSO

    7 must-see talks at Black Hat and DEF CON 2019 [Black Hat USA 2019]

    Infosec is political. It's about power — who has it, who doesn't, and how it will be used. Some geeks like to pretend otherwise, but that will be harder this year during hacker summer camp in Las Vegas, as politicians and policymakers join hackers to merge tech and policy in some much-anticipated talks.
    Read More
  • Aug 1, 2019 | ITSPmagazine

    Chats On The Road To Hacker Summer Camp 2019 | Black Hat — CyberInsurance Micro Summit | A Conversation With Jeffrey Smith [Black Hat USA 2019]

    The newly-formed cyber insurance micro summit is being chaired by Jeremiah Grossman and is taking place on Wednesday, August 7th, during Black Hat. So, if you want to learn more about cyber insurance from a group of people that know this space like the back of their hands, you’ll have to join Jeffrey and the rest of the micro summit team for their half-day session. Details for the three talks are below.
    Read More
  • Aug 1, 2019 | SANS Security Insights

    Writing the Book on Hacking Web Applications [Black Hat USA 2019]

    Even before this week's announcement of the Capital One breach, application security/secure DevOps has been heating up. The topic is important enough to make the keynote at the Black Hat Briefings next week. Respected researcher Dino Dai Zovi, security engineer at Square, titled his keynote "Every Security Team Is a Software Team Now."
    Read More
  • Aug 1, 2019 | Security Boulevard

    Every security team is a software team now: Why you should attend the Black Hat keynote [Black Hat USA 2019]

    Building and facilitating a culture with continuous collaboration between engineers and security forces is becoming the new philosophy in security, which is why I am stoked for this year’s Black Hat USA keynote speaker: Dino Dai Zovi, staff security engineer at Square.
    Read More
  • Aug 1, 2019 | Security Boulevard

    Top 5 Black Hat 2019 Sessions Not to Miss. Plus: Bonus Travel Tips to Hacker Cons [Black Hat USA 2019]

    The Black Hat USA 2019 conference is about to start. Over 17,000 security professionals will come from all around the world to Las Vegas, USA. They will learn, share, educate and disclose security research on the latest cyber-threats and attacks, vulnerabilities, and techniques used to bypass security used by most governments and organizations globally.
    Read More
  • Jul 31, 2019 | Threatpost

    Black Hat USA 2019 Preview [Black Hat USA 2019]

    Despite bizarre reports of a grasshopper infestation, Black Hat USA 2019 and DEF CON are set to kick off next week in Las Vegas, bringing on a wave of sessions, keynotes and security-themed villages.
    Read More
  • Jul 31, 2019 | Dark Reading

    8 Free Tools to Be Showcased at Black Hat and DEF CON [Black Hat USA 2019]

    The security research community is getting ready to not only drop a lot of knowledge on their colleagues in the coming weeks, but also a boatload of new and evolving tools. Black Hat and DEF CON presenters always give out the best party favors in the form of hacking frameworks, open source software, hardware design plans, and other free goodies targeted at all different stripes of security practitioners.
    Read More
  • Jul 31, 2019 | TechTarget

    Project Zero drops six iOS vulnerabilities ahead of Black Hat [Black Hat USA 2019]

    Silvanovich will present her findings in these "interaction-less" iOS attacks at the Black Hat 2019 conference in Las Vegas next week.
    Read More
  • Jul 31, 2019 | Fedscoop

    DHS ‘blew up’ its hiring system for cybersecurity talent [Black Hat USA 2019]

    “We’re going to have the ability to go to Black Hat and some of the different conferences and be able to recruit directly and make job offers directly to those folks out of those different technical conferences and things like that,” she told the Regulatory Affairs and Federal Management Subcommittee.
    Read More
  • Jul 30, 2019 | Dark Reading

    Black Hat Q&A: Cracking Apple's T2 Security Chip [Black Hat USA 2019]

    Duo Labs' Mikhail Davidow and Jeremy Erickson speak about their research on the Apple's T2 security chip, and why they're sharing it at Black Hat USA.
    Read More
  • Jul 30, 2019 | BBC

    Google reveals fistful of flaws in Apple's iMessage app [Black Hat USA 2019]

    One of the two Google researchers involved - Natalie Silvanovich - intends to share more details of her findings at a presentation at the Black Hat conference in Las Vegas next month.
    Read More
  • Jul 30, 2019 | Engadget

    Google researchers discovered serious iOS security flaws [Black Hat USA 2019]

    Six critical security vulnerabilities that were patched in the iOS 12.4 update released earlier this month were originally discovered by security researchers at Google. Natalie Silvanovich and Samuel Groß, two members of Google's Project Zero bug-hunting team, alerted Apple to the issues. Silvanovich will be laying out the details on several of the bugs and provide a demonstration of exploits in action at the Black Hat security conference set to be held in Las Vegas next week.
    Read More
  • Jul 30, 2019 | Forbes

    Confluera Secures $9 Million Series A To Map Attacks In Real-Time [Black Hat USA 2019]

    Confluera will make its debut at Black Hat, the annual security conference in Las Vegas, in August. Until then, to scale initial outreach, Confluera has been meeting with companies’ IT and cybersecurity teams to solve specific use cases.
    Read More
  • Jul 30, 2019 | SC Magazine

    Google researchers discover six iPhone vulnerabilities, one unpatched [Black Hat USA 2019]

    All of the vulnerabilities are “interaction-less,” meaning they can be run without any interaction from a user and can be exploited via SMS, MMS, Visual Voicemail, iMessage and Mail, according to an abstract of a presentation the researchers will give at Black Hat 2019 that will reveal details of the exploits.
    Read More
  • Jul 30, 2019 | BGR

    Apple has yet to fix a mysterious iMessage bug spotted by Google researchers [Black Hat USA 2019]

    Next week in Las Vegas at the Black Hat security conference, Google Project Zero researcher Natalie Silvanovich is set to give a presentation about interactionless iPhone vulnerabilities that can run without the victim taking any action at all. The talk will come on the heels of Silvanovich and a Google Project Zero colleague, Samuel Groß, discovering half a dozen iOS vulnerabilities that can be exploited via iMessage — although five of those flaws, according to ZDNet, were fixed with last week’s iOS 12.4 update.
    Read More
  • Jul 30, 2019 | TechCrunch

    Confluera snags $9M Series A to help stop cyberattacks in real time [Black Hat USA 2019]

    It’s early days for Confluera, as it has 19 employees and three customers using the platform so far. For starters, it will be officially launching next week at Black Hat. After that, it has to continue building out the product and prove that it can work as described to stop the types of attacks we see on a regular basis.
    Read More
  • Jul 30, 2019 | MSSP Alert

    Managed Security Services Provider (MSSP) News: 30 July 2019 [Black Hat USA 2019]

    Spirent Communications during the Black Hat USA 2019 conference will demonstrate several new capabilities in its CyberFlood Data Breach Assessment solution and preview new use cases for security assessment in 5G networks.
    Read More
  • Jul 30, 2019 | ConsumerAffairs

    Google researchers find six major security vulnerabilities in Apple’s iOS [Black Hat USA 2019]

    During her presentation at the Black Hat security conference, Silvanovich will discuss “the remote, interaction-less attack surface of iOS” and the “potential for vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Mail.” She will also play out two examples of vulnerabilities discovered.
    Read More
  • Jul 30, 2019 | Help Net Security

    Security trends to follow at Black Hat USA 2019 [Black Hat USA 2019]

    Black Hat USA 2019 is just around the corner! Selecting which sessions to attend from among the conference’s jam-packed catalog of training sessions, panels and briefings can be a daunting task without a clear strategy. In the run-up to every conference, we compile a list of the most engaging content and identify the most compelling cybersecurity trends highlighted in the agenda.
    Read More
  • Jul 29, 2019 | Lily Hay Newman

    AN OPERATING SYSTEM BUG EXPOSES 200 MILLION CRITICAL DEVICES [Black Hat USA 2019]

    VxWorks developer Wind River is in the process of distributing patches for the bugs. But the Armis researchers, who first disclosed their findings to Wind River in March, say that the patching process will be long and difficult, as is often the case with IoT and critical infrastructure updates. The researchers will present their findings at the Black Hat security conference in Las Vegas next week.
    Read More
  • Jul 29, 2019 | ZDNet

    Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices [Black Hat USA 2019]

    It's this work that has resulted in the discovery of the Urgent11 vulnerabilities impacting VxWorks, which Armis researchers have made public today, and will detail in greater depth in a presentation at the Black Hat security conference next week, on August 8, in Las Vegas.
    Read More
  • Jul 29, 2019 | CSO

    Critical VxWorks flaws expose millions of devices to hacking [Black Hat USA 2019]

    The researchers plan to demonstrate three real-world attack scenarios against a SonicWall firewall, a Xerox printer and a patient monitor at the upcoming Black Hat USA security conference.
    Read More
  • Jul 29, 2019 | Help Net Security

    200 million enterprise, industrial, and medical devices affected by RCE flaws in VxWorks RTOS [Black Hat USA 2019]

    Ben Seri and Dor Zusman will ​present the vulnerabilities at Black Hat USA 2019 and will demonstrate real-world end-to-end attacks on three VxWorks-based devices: a SonicWall firewall, a Xerox printer and a patient monitor.
    Read More
  • Jul 29, 2019 | SC Magazine

    Over 200M devices affected by critical flaws found in real-time operating system [Black Hat USA 2019]

    Collectively referred to as URGENT/11, the flaws were originally discovered by researchers at Armis, who publicly detailed their findings today in an online vulnerability summary, as well as a technical paper authored by Armis team members Ben Seri, Gregory Vishnepolsky and Dor Zusman. Seri and Zusman will also present their findings next week at the Black Hat conference in Las Vegas.
    Read More
  • Jul 29, 2019 | Forbes

    Critical 'Update Now' Warning Issued For VxWorks OS Inside 2 Billion IoT Devices [Black Hat USA 2019]

    Armis will present its URGENT/11 at Black Hat 2019 in Las Vegas next month. The company's researchers will also demonstrate three end-to-end attacks on a SonicWall firewall, a Xerox printer and a patient monitor.
    Read More
  • Jul 29, 2019 | SecurityWeek

    Critical Industries at Risk from Eleven Zero-day Flaws in Real Time Operating System [Black Hat USA 2019]

    Armis researchers will demonstrate exploitation of these vulnerabilities at Black Hat 2019. The demonstrations will involve real-world end-to-end attacks on three VxWorks-based devices: a SonicWall firewall, a Xerox printer and a patient monitor. Armis believes that there are more than 200 million vulnerable mission-critical devices around the world.
    Read More
  • Jul 29, 2019 | Dark Reading

    Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices [Black Hat USA 2019]

    Seri and fellow researcher For Zusman will present their findings in Critical Zero Days Remotely Compromise the Most Popular Real-Time OS, on Thursday, August 8, at Black Hat USA.
    Read More
  • Jul 29, 2019 | ZDNet

    US files lawsuit against Bitcoin exchange that helped launder ransomware profits [Black Hat USA 2019]

    A day later after the BTC-e shutdown, a team of academics that also included Google staffers presented research at the Black Hat USA 2017 security conference, revealing that 95% of all ransomware ransom payments that had been made up until that point had been cashed out and converted into fiat currency through Vinnik's BTC-e portal.
    Read More
  • Jul 26, 2019 | Inside Bitcoins

    The World’s First Vulnerable Blockchain Will Debut at Black Hat Conference [Black Hat USA 2019]

    Researchers plan to launch the intentionally vulnerable blockchain in hopes of drawing attention to the flaws of the open-sourced public ledgers. The blockchain, designed by Kudelski Security, will debut at the Black Hat conference next month.
    Read More
  • Jul 26, 2019 | Dark Reading

    Black Hat Q&A: Inside the Black Hat NOC [Black Hat USA 2019]

    When you sign up to attend Black Hat USA in Las Vegas next month, make sure to leave time in your busy schedule to check out the Black Hat Network Operations Center (NOC), the heart of the Black Hat network.
    Read More
  • Jul 26, 2019 | Total Security Daily Advisor

    How Secure is Your Virtual Private Network? [Black Hat USA 2019]

    Orange Tsai and Meh Chang, researchers with Devcore, previewed their findings for Zak Whittaker of Tech Crunch ahead of their presentation at the upcoming Black Hat conference in Las Vegas. According to Tsai and Chang, three enterprise VPN providers (Palo Alto Networks, Pulse Secure, and Fortinet) have flaws in their products that “are ‘easy’ to remotely exploit.”
    Read More
  • Jul 26, 2019 | ITPro Today

    Black Hat 2019: 2020 Election Fraud Worries Attendees [Black Hat USA 2019]

    Security professionals tend to be natural cynics. But as thousands prepare to head to Las Vegas early next month for the annual Black Hat conference, the attitude among them seems downright dark. Data from Black Hat’s fifth attendee survey of more than 300 information security professionals uncovered massive concern over the security of the 2020 U.S. presidential election – and most think the picture is bleak.
    Read More
  • Jul 26, 2019 | CSO

    Managed security services will take center stage at Black Hat [Black Hat USA 2019]

    In my humble opinion, RSA is an industry event, while Black Hat is more of a cybersecurity professional gathering. The focus is on cyber-adversary tactics, techniques, and procedures (TTPs); threat intelligence; and defensive playbooks. Rather than hosting lavish cocktail parties, vendors who participate in Black Hat must roll up their sleeves and demonstrate their technology acumen to gain street cred with this crowd.
    Read More
  • Jul 25, 2019 | Tech Xplore

    VPN providers address vulnerability findings by researchers [Black Hat USA 2019]

    Pulse Secure said they released a patch in April, according to Computing. TechRadar said that Fortinet updated its firmware to address the vulnerability. You can expect to hear more from them on August 7, where their work is scheduled as a briefing at Black Hat.
    Read More
  • Jul 25, 2019 | CSO

    11 top DEF CON and Black Hat talks of all time [Black Hat USA 2019]

    Since 1997, the Black Hat and DEF CON events have gained a reputation for presenting some of the most cutting-edge research in information security.
    Read More
  • Jul 25, 2019 | Dark Reading

    Security Training That Keeps Up with Modern Development [Black Hat USA 2019]

    Black Hat USA speakers to discuss what it will take to 'shift knowledge left' to build up a corps of security-savvy software engineers.
    Read More
  • Jul 25, 2019 | Security Boulevard

    Black Hat 2019: Best sessions for SecOps [Black Hat USA 2019]

    Yet again, it’s that time of year when the InfoSec community swarms to Las Vegas. It’s the 22nd annual Black Hat USA Conference. Anyone with a thirs for all things cybersecurity is guaranteed six full days of training courses, demos, breifings, and of course, plenty of opportunities for social networking.
    Read More
  • Jul 25, 2019 | Computerworld

    Researchers to launch intentionally ‘vulnerable’ blockchain at Black Hat [Black Hat USA 2019]

    Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm Kudelski Security next week plans to launch the industry’s first "purposefully vulnerable" blockchain – and will demo it at next month's Black Hat conference.
    Read More
  • Jul 24, 2019 | The Inquierer

    VPN flaw enables hackers to easily infiltrate corporate networks [Black Hat USA 2019]

    "A few SSL VPN vendors dominate the market. Therefore, if we find any vulnerability on these vendors, the impact is huge," Tsai told TechCrunch, ahead of a presentation at the Black Hat USA event in August.
    Read More
  • Jul 24, 2019 | SecurityIntelligence

    5 IoT Security Conferences You Don’t Want to Miss [Black Hat USA 2019]

    While not a focused IoT conference, Black Hat USA will feature an important industry announcement and session by Armis Security, a pioneer in agentless security for unmanaged and IoT devices.
    Read More
  • Jul 24, 2019 | TechNadu

    Researchers Find a Way to Compromise Corporate Networks Through Their VPN [Black Hat USA 2019]

    According to a TechCrunch report, DEVCORE researchers Orange Tsai and Meh Chang are about to present security flaws that plague three corporate VPN products on the upcoming Black Hat conference. The flaws allow an attacker to perform remote exploitation to the target systems, and the vendors that are affected by the revelations are Palo Alto Networks, Pulse Secure, and Fortinet.
    Read More
  • Jul 23, 2019 | TechCrunch

    Flaws in widely used corporate VPNs put company secrets at risk [Black Hat USA 2019]

    Devcore researchers Orange Tsai and Meh Chang, who shared their findings with TechCrunch ahead of their upcoming Black Hat talk, said the flaws found in the three corporate VPN providers — Palo Alto Networks, Pulse Secure and Fortinet — are “easy” to remotely exploit.
    Read More
  • Jul 22, 2019 | CNET

    Equifax to pay at least $575M as part of FTC settlement [Black Hat USA 2019]

    The FTC also required Equifax to have a designated employee in charge of its cybersecurity program. At the Black Hat cybersecurity conference in 2018, Equifax's new chief information security officer, Jamil Farschi, told CNET the company was going through a major shift to regain the public's trust, spending $200 million on its cybersecurity program last year.
    Read More
  • Jul 22, 2019 | Dark Reading

    How Cybercriminals Break into the Microsoft Cloud [Black Hat USA 2019]

    At this year's Black Hat USA, Morowczynski and Metcalf will discuss threats specific to Microsoft cloud services in their talk, "Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)." The goal, Metcalf says, is to help people understand how to secure Microsoft cloud environments, common mistakes made, and which configurations could make them vulnerable.
    Read More
  • Jul 22, 2019 | Ars Technica

    Chances of destructive BlueKeep exploit rise with new explainer posted online [Black Hat USA 2019]

    Williams said he previously expected there to be publicly available exploits no later than the middle of next month, when the Black Hat and Defcon security conferences in Las Vegas conclude. The new insights could shorten this predicted timeline.
    Read More
  • Jul 22, 2019 | ITPro Today

    Black Hat 2019: Cyber Insurance Joins the Security Conversation [Black Hat USA 2019]

    Although cyber insurance is still a small market, rising threat scenarios -- and rising damages from data breaches -- are fueling interest in the topic at the upcoming Black Hat 2019.
    Read More
  • Jul 19, 2019 | Help Net Security

    Crack the defenses of iOS and other platforms at Black Hat USA 2019 [Black Hat USA 2019]

    Cybersecurity professionals, take note: There’s an entire track of Platform Security Briefings lined up for Black Hat USA this August that will equip you with the latest knowledge, tools, and tricks to improve or compromise the security of iOS Windows hardware and software.
    Read More
  • Jul 19, 2019 | Help Net Security

    Crack the defenses of iOS and other platforms at Black Hat USA 2019 [Black Hat USA 2019]

    Cybersecurity professionals, take note: There’s an entire track of Platform Security Briefings lined up for Black Hat USA this August that will equip you with the latest knowledge, tools, and tricks to improve or compromise the security of iOS Windows hardware and software.
    Read More
  • Jul 19, 2019 | Infosecurity Magazine

    Artificial Intelligence & Cybersecurity: Attacking & Defending [Black Hat USA 2019]

    How do we know for sure? It is true that it is quite hard to attribute a botnet or a phishing campaign to AI rather than a human. Industry practitioners, however, believe that we will see an AI-powered cyber-attack within a year; 62% of surveyed Black Hat conference participants seem to be convinced in such a possibility.
    Read More
  • Jul 18, 2019 | Dark Reading

    Open Source Hacking Tool Grows Up [Black Hat USA 2019]

    "It's much more efficient now. It can be used to compromise entire networks in a matter of minutes," says Dillon, who plans to show off Koadic's new features next month at the Black Hat USA Arsenal in Las Vegas.
    Read More
  • Jul 18, 2019 | Dark Reading

    RDP Bug Takes New Approach to Host Compromise [Black Hat USA 2019]

    Clipboards were designed to be used locally and therefore trusted, Baril adds. This vulnerability exposes machines to a clipboard they can no longer trust. Baril and Itkin will discuss the details of the vulnerability, and approach the attack from both offensive and defensive perspectives, in their upcoming Black Hat USA briefing, "He Said, She Said — Poisoned RDP Offense and Defense."
    Read More
  • Jul 18, 2019 | Vice Motherboard

    No, You Don’t Need a Burner Phone at a Hacking Conference [Black Hat USA 2019]

    Every year, infosec Twitter debates whether people should bring a burner phone to conferences like Def Con or Black Hat. Here’s why we think you don’t need to worry about that.
    Read More
  • Jul 17, 2019 | Dark Reading

    MITRE ATT&CK Framework Not Just for the Big Guys [Black Hat USA 2019]

    At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.
    Read More
  • Jul 17, 2019 | Help Net Security

    The importance of hardening firmware security [Black Hat USA 2019]

    To date, firmware attacks have been few and far between. The first known BIOS attack, called the Chernobyl Virus, happened in 1998 and was used to erase flash ROM BIOS contents on chipsets. It wasn’t until Black Hat in 2006 that another BIOS vulnerability was demonstrated by researcher John Heasman (elevating privileges and reading physical memory), and then again in 2009 when Alfredo Ortega demonstrated a persistent BIOS infection (inserting malicious code into the decompression routines).
    Read More
  • Jul 17, 2019 | Medical Design and Outsourcing

    Report: Literal killer app prompted Medtronic MiniMed recall [Black Hat USA 2019]

    Billy Rios and Jonathan Butts discovered the vulnerabilities and raised awareness in August 2018, Wired reports. The two researchers, who work at security firm QED Security Solutions, publicized the issue at the Black Hat security conference in Las Vegas that year. With the presentation, the FDA, the Department of Homeland Security and Medtronic warned customers of the potential risks and vulnerabilities associated with the MiniMed pumps.
    Read More
  • Jul 16, 2019 | KrebsOnSecurity

    Meet the World’s Biggest ‘Bulletproof’ Hoster [Black Hat USA 2019]

    In a talk given at the Black Hat security conference in 2017, researchers from cyber intelligence firm Intel 471 labeled Yalishanda as one the “top tier” bulletproof hosting providers worldwide, noting that in just one 90-day period in 2017 his infrastructure was seen hosting sites tied to some of the most advanced malware contagions at the time, including the Dridex and Zeus banking trojans, as well as a slew of ransomware operations.
    Read More
  • Jul 16, 2019 | WIRED

    Hackers Made An App That Kills To Prove A Point [Black Hat USA 2019]

    Rios and Butts, who work at the security firm QED Security Solutions, had first raised awareness about the issue in August 2018 with a widely publicized talk at the Black Hat security conference in Las Vegas. Alongside that presentation, the Food and Drug Administration and Department of Homeland Security warned affected customers about the vulnerabilities.
    Read More
  • Jul 12, 2019 | Security Boulevard

    12 Events at Black Hat USA 2019 You Won’t Want to Miss [Black Hat USA 2019]

    “We are totally overwhelmed by the amount of [tasks] we should be doing but can’t because of a lack of resources.” That’s how one respondent characterized the state of cybersecurity affairs in the fifth annual survey of attendees conducted by Black Hat.
    Read More
  • Jul 9, 2019 | Dark Reading

    DevOps' Inevitable Disruption of Security Strategy [Black Hat USA 2019]

    With DevOps principles taking root and reaching greater maturity at an increasing number of enterprises today, security strategists are in for some major disruption of the status quo in the coming years. That's the message being brought forward by a number of talks at next month's Black Hat USA, which will feature discussions on the impact that DevOps-driven practices and tools will have on the security world.
    Read More
  • Jul 8, 2019 | Dark Reading

    7 Hot Cybersecurity Trends to Be Highlighted at Black Hat [Black Hat USA 2019]

    Black Hat USA is fast approaching. With the full conference schedule online, now is the time for security pros to dive in and plan out their paths to exploring a wide range of learning opportunities. As with years past, the conference will feature sessions about new zero-day vulnerabilities, research that stretches the bounds of what's breakable in emerging technology, and new methods of defending systems in the ever-evolving tech world.
    Read More
  • Jul 8, 2019 | Dark Reading

    Researchers Poke Holes in Siemens Simatic S7 PLCs [Black Hat USA 2019]

    Eli Biham and Sara Bitan of Technion, and Avishai Wool and Uriel Malin of Tel Aviv University, at Black Hat USA next month in Las Vegas will reveal security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7
    Read More
  • Jul 6, 2019 | ITSPmagazine

    Chats On The Road To Hacker Summer Camp 2019 | Black Hat USA | A Conversation With Steve Wylie [Black Hat USA 2019]

    As we are gearing up to cover three more conferences, we are having our pre-event conversations for each one. As we are planning to make all them a recurring series, this particular podcast is already part of a solid ITSPmagazine tradition: the third Chats on the Road conversation with Black Hat General Manager, Steve Wylie. This episode kicks off our coverage for such a pillar event in our industry.
    Read More
  • Jul 5, 2019 | Bitdefender

    Vulnerabilities in US Defense Could Lead to Major Breach in Two Years, Says Black Hat Survey [Black Hat USA 2019]

    Upcoming US elections and critical infrastructure security were among heated discussion topics at Black Hat USA 2019. According to 40 percent of Black Hat USA’s 2019 survey respondents, “large nation-states” are the number one threat that US critical infrastructures will have to fight. When specifically asked about the US election, more than 60 percent expect Kremlin-supported hackers will compromise voting machines to influence the outcome. 77 percent expect a critical attack on US critical infrastructure to succeed in the next two years, up 10 percent since 2018.
    Read More
  • Jul 3, 2019 | Dark Reading

    Black Hat Q&A: Understanding NSA’s Quest to Open Source Ghidra [Black Hat USA 2019]

    The National Security Agency (NSA) made a splash in the cybersecurity industry this year when it released its Ghidra software reverse-engineering framework as open source for the community to use. Now that the tool is in the public’s hands, NSA senior researcher Brian Knighton and his colleague Chris Delikat, will be presenting a talk at Black Hat USA about how Ghidra was designed, and the process of rendering it open source.
    Read More
  • Jul 2, 2019 | Dark Reading

    'Human Side-Channels': Behavioral Traces We Leave Behind [Black Hat USA 2019]

    At Black Hat USA, Wixey will examine multiple human side-channels, how they can be used in attacks and defense, privacy implications, and how they can be countered in his briefing, "I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy."
    Read More
  • Jul 2, 2019 | InfoSecurity Magazine

    Black Hat Survey Reveals Cyber Concerns [Black Hat USA 2019]

    In advance of the 2019 Black Hat conference in Las Vegas, Black Hat USA has released its latest report on the growing concerns of consumers. Based on survey responses from conference attendees, the report, Consumers in the Crosshairs, looks at consumer concerns about their personal data potentially ending up in the hands of criminals as well as the ways in which security will affect the 2020 US presidential election.
    Read More
  • Jul 1, 2019 | The Daily Swig

    Risky business: Security pros outline key concerns ahead of Black Hat USA [Black Hat USA 2019]

    With corporate mega-breaches now an all-too-common occurrence, consumers should work to the assumption that their data has already been compromised and take action to minimize further exposure to cybercriminals. This is one of the key takeaways of the 2019 Black Hat USA Attendee Survey – an annual poll of industry professionals that was released today, ahead of the eponymous security conference next month.
    Read More
  • Jul 1, 2019 | Inside Cybersecurity

    Heading into Black Hat, cyber community in dark mood on data protection [Black Hat USA 2019]

    Cybersecurity professionals appear increasingly pessimistic about the likelihood of major breaches, attacks on critical infrastructure including election systems, and the effectiveness of government-industry responses, according to a survey of some of those planning to attend the massive annual Black Hat conference in Las Vegas.
    Read More
  • Jul 1, 2019 | Fifth Domain

    Will hacked voting machines decide the 2020 election? [Black Hat USA 2019]

    Cybersecurity professionals are concerned about foreign cyber operations and vulnerabilities in voting machines as the days tick down to the first 2020 primaries in February. According to a new survey of 345 cybersecurity professionals by Black Hat USA, 63 percent of respondents said that the hacking of voting machines in the next election is “very likely” or “somewhat likely” to have a “significant impact” on election results.
    Read More
  • Jul 1, 2019 | Dark Reading

    Consumer Data, Upcoming Elections Are at Risk, Black Hat Survey Says [Black Hat USA 2019]

    Newly published '2019 Black Hat USA Attendee Survey' recommends users stay off social media and remain wary of products that promise to solve security problems.
    Read More
  • Jun 28, 2019 | Threatpost

    FDA Warns of Potentially Fatal Flaws in Medtronic Insulin Pumps [Black Hat USA 2018]

    Rios and other researchers have previously disclosed several other serious vulnerabilities in Medtronic products (including insulin pumps). A proof-of-concept exploit attack was released by researchers in March 2018 — after which the manufacturer issued advisories for the flaws on August 7. That’s more than 570 days after they were first reported. “It’s disappointing to know these have been out there for a long time,” said Rios at Black Hat 2018. “For the last two years, we’ve been increasingly frustrated with how our research was dealt with.”
    Read More
  • Jun 27, 2019 | Mac Rumors

    Apple Head of Security Engineering to Speak About iOS and Mac Security at 2019 Black Hat Event [Black Hat USA 2019]

    Apple's Head of Security Engineering and Architecture Ivan Krstić will be attending the Black Hat 2019 event where he will give a "Behind the Scenes" look at iOS and macOS security. Black Hat is an annual event that's designed for the global InfoSec community, providing security professionals with a place to meet up and gain training on new techniques.
    Read More
  • Jun 27, 2019 | Cult of Mac

    Apple security chief will talk iOS 13, macOS Catalina at Black Hat [Black Hat USA 2019]

    Apple security chief Ivan Krstic will be returning to the Black Hat security conference this summer to discuss iOS 13 and macOS Catalina — as well as the security protections in Apple’s new Find My service.
    Read More
  • Jun 27, 2019 | Apple Insider

    Apple security chief to cover iOS 13, macOS security at Black Hat [Black Hat USA 2019]

    Apple's security engineering chief Ivan Krstic will be making a reappearance at the Black Hat security conference in August, discussing the technologies protecting iOS 13 and macOS Catalina as well as how the Find My feature is kept secure.
    Read More
  • Jun 27, 2019 | Dark Reading

    Inside MLS, the New Protocol for Secure Enterprise Messaging [Black Hat USA 2019]

    By next year, he hopes, MLS will be ready to integrate into messaging platforms. Robert, along with INRIA's Benjamin Beurdouche and independent researcher Katriel Cohn Gordon, will discuss the research behind, and details of, MLS this summer at Black Hat USA in a briefing entitled "Messaging Layer Security: Towards a New Layer of Secure Group Messaging."
    Read More
  • Jun 24, 2019 | Dark Reading

    A Socio-Technical Approach to Cybersecurity's Problems [Black Hat USA 2019]

    In their upcoming Black Hat USA briefing, "Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project," Breuer and Perlman will discuss their framework, how security principles apply to STS, how red team and blue team processes could look in the context of STS security, and examples of red team analyses of influence operations.
    Read More
  • Jun 21, 2019 | Ars Technica

    A tale of two cities: Why ransomware will just get worse [Black Hat USA 2017]

    In 2017, the information security conference Black Hat USA surveyed attendees and found that 58% believed their organizations didn't have sufficient budget to recover from a ransomware attack or other breach. Twelve percent said that ransomware response was the biggest demand on their time during an average day. And there's a wealth of data from research (mostly funded by disaster recovery companies) that suggests most organizations are more confident in their data recovery plans than they should be, if they even have one.
    Read More
  • Jun 19, 2019 | Dark Reading

    With GDPR's 'Right of Access,' Who Really Has Access? [Black Hat USA 2019]

    Some businesses improved their verification over time, he adds, but mistakes are still being made: a handful of organizations accidentally deleted his fiancée's account when asked for data. He points to a need for businesses to feel comfortable denying suspicious GDPR requests. Pavur will be presenting the details of his case study this August at Black Hat USA in a presentation "GDPArrrrr: Using Privacy Laws to Steal Identities."
    Read More
  • Jun 16, 2019 | Dark Reading

    Black Hat Q&A: Defending Against Cheaper, Accessible ‘Deepfake’ Tech [Black Hat USA 2019]

    The tools and techniques to create false videos via AI-driven image synthesis are getting easier to access every year, and few people know that better than ZeroFox’s Matt Price and Mike Price (not related). In an email interview with Black Hat's Alex Wawro, the pair of security experts shared their latest research, which will be presented at Black Hat USA in Las Vegas this summer.
    Read More
  • Jun 10, 2019 | ZDNet

    Major HSM vulnerabilities impact banks, cloud providers, governments [Black Hat USA 2019]

    The duo's research paper is currently available only in French, but the two are also scheduled to present their findings at the Black Hat security conference that will be held in the US in August.
    Read More
  • May 20, 2019 | Dark Reading

    Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists [Black Hat USA 2019]

    Veteran security researcher, cryptographer, and author Bruce Schneier is one of the many cybersecurity experts who will be speaking at Black Hat USA in Las Vegas this August. He’s presenting Information Security in the Public Interest, a 50-minute Briefing about why it’s so important for public policy discussions to include technologists with practical understanding of how today’s tech can be used and abused.
    Read More
  • May 14, 2019 | Bank InfoSecurity

    Cisco's 'Thrangrycat' Router Flaw Tough to Neuter [Black Hat USA 2019]

    The flaw, designated CVE-2019-164, was discovered by Jatin Kataria, Richard Housley and Ang Cui of Red Balloon Security, which investigates embedded systems. The team is due to present their research into the flaw and techniques for mitigating it in August at the Black Hat security conference in Las Vegas.
    Read More
  • May 13, 2019 | ZDNet

    Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear [Black Hat USA 2019]

    On a website dedicated to the Thrangrycat vulnerability, the Red Balloon Security team said plan to present a tool for detecting Thrangrycat attacks in August this year, at the Black Hat 2019 security conference.
    Read More
  • May 13, 2019 | The Register

    It's 2019 so now security vulnerabilities are branded using emojis: Meet Thrangrycat, a Cisco router secure boot flaw [Black Hat USA 2019]

    The full details are not going to be released until this year's Black Hat USA security conference in August. Cisco was privately tipped off by Red Balloon Security in November 2018, and only now is the issue public. The 😾😾😾 exploits were tested on a Cisco ASR 1001-X, though plenty of devices are at risk because they use the FPGA-based TAm.
    Read More
  • Feb 27, 2019 | Dark Reading

    Security Firm to Offer Free Hacking Toolkit [Black Hat Asia 2019]

    A penetration testing and consulting firm plans to release a free penetration testing toolkit next month at Black Hat Asia; the toolkit includes privilege escalation and network attack functions.
    Read More
  • Feb 27, 2019 | Dark Reading

    Whose Line Is It? When Voice Phishing Attacks Get Sneaky [Black Hat Asia 2019]

    In a presentation at Black Hat Asia, entitled "When Voice Phishing Met Malicious Android App," Jang will disclose and discuss the findings of criminal traces in voice phishing analysis conducted by his research team over the past few months.
    Read More
  • Feb 21, 2019 | Security Boulevard

    These Recently Discovered POODLEs Can Bypass Your TLS [Black Hat Asia 2019]

    If Zombie POODLE and GOLDENDOODLE has you biting your nails, Young is ready to present his full findings at Black Hat Asia in Singapore at some point during the March 26th to March 29th event.
    Read More
  • Feb 14, 2019 | Dark Reading

    Toyota Prepping 'PASTA' for its GitHub Debut [Black Hat Asia 2019]

    Toyama will demonstrate PASTA next month at Black Hat Asia in Singapore.
    Read More
  • Feb 13, 2019 | Dark Reading

    Researchers Dig into Microsoft Office Functionality Flaws [Black Hat Asia 2019]

    At Black Hat Asia, coming up March 26-29 in Singapore, Hegt and Ceelen will take the stage to present their talk "Office in Wonderland," in which they will disclose details on new Word and Excel vulnerabilities, release attack vectors which Microsoft deemed Office features, and demonstrate the security impact of the architectural design of the full Office suite.
    Read More
  • Feb 8, 2019 | Dark Reading

    New Zombie 'POODLE' Attack Bred from TLS Flaw [Black Hat Asia 2019]

    Citrix issues update for encryption weakness dogging the popular security protocol.
    Read More
  • Jan 9, 2019 | Data Breach Today

    Visual Journal: Black Hat Europe 2018 [Black Hat Europe 2019]

    The recent Black Hat Europe conference in London touched on topics ranging from combating "deep fake" videos and information security career challenges to hands-on lock-picking tutorials and the dearth of researchers submitting proposed briefings centered on deception technology.
    Read More
  • Dec 17, 2018 | Version2

    Neil and Bart tried to find the right malicious traffic on hackers' conference [Black Hat Europe 2018]

    This was the situation at the Black Hat IT Security Conference, which took place recently in the European edition in London. Thousands of people from around the world participated. This year's conference had a visit of approx. 3000 participants from 106 countries. And some of the participants fell under the hacker category.
    Read More
  • Dec 16, 2018 | TU

    Researchers warn against AI-based videos: May be misused for political impact [Black Hat Europe 2018]

    They told about their job in a post at the IT Security Conference Black Hat Europe, which was hosted in London last week.
    Read More
  • Dec 14, 2018 | The Daily Swig

    ‘Dear Bloomberg, you still owe everyone a retraction, explanation or some proof’ [Black Hat Europe 2018]

    “The attack exploits DNS Cache Poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker’s public key to a victim domain,” the researchers explained during this year’s Black Hat Europe.
    Read More
  • Dec 11, 2018 | CSO

    Researchers find over 40,000 stolen logins for government portals [Black Hat Europe 2018]

    Researchers find Certificate Authorities to be weak point in web crypto.
    Read More
  • Dec 11, 2018 | Version2

    Researchers warn against AI-based videos: May be misused to influence choices [Black Hat Europe 2018]

    They told about their work a speech at the Black Hat Europe IT Security Conference, which took place in London last week.
    Read More
  • Dec 11, 2018 | CHIP

    Innovation backfires: Security feature makes Windows 10 unsafe [Black Hat Europe 2018]

    Researchers were quick to prove that integrating security issues produced exactly the wrong result: Instead of generating more security, Windows 10 users are more exposed to malicious hackers than before. Researchers Magal Baz and Tom Sela presented their findings about a week ago at the Black Hat Security Conference in London.
    Read More
  • Dec 11, 2018 | Lifehacker

    How to Secure Windows 10 by Disabling Its Password Recovery Questions [Black Hat Europe 2018]

    This is exactly the scenario a group of security researchers described in a recent presentation at the Black Hat Europe Security Conference, as Ars Technica writes.
    Read More
  • Dec 11, 2018 | The Register

    Texas Instruments flicks Armis' Bluetooth chip vuln off its shoulder [Black Hat Europe 2018]

    At Black Hat London last week, Ben Seri and Dor Zusman from research house Armis went into full detail about their November discovery of how to pwn TI-made Bluetooth Low Energy (BLE) chips.
    Read More
  • Dec 10, 2018 | ZDNet

    These hackers are using Android surveillance malware to target opponents of the Syrian government [Black Hat Europe 2018]

    Dubbed SilverHawk by researchers at security firm Lookout, they detailed their findings at the Black Hat Europe conference in London. The malware is thought to have been in operation since mid-2016 and is capable of secretly recording audio, taking photos, downloading files, monitoring contacts, tracking location and more.
    Read More
  • Dec 10, 2018 | The Daily Swig

    Russian doll steganography allows users to mask covert drives [Black Hat Europe 2018]

    During a presentation at Black Hat Europe last week, Schaub demonstrated a self-concealing encryption/steganography suite.
    Read More
  • Dec 10, 2018 | The Daily Swig

    CAs exposed as a weak point in web crypto [Black Hat Europe 2018]

    Presentations at Black Hat Europe last week gave contrasting views the state of cryptography on the web. Hackers are unlikely to find it easy to break elliptic curve crypto, but according to a separate study they might well be able to subvert the trustworthiness of popular commercially-used Certificate Authorities (CAs).
    Read More
  • Dec 8, 2018 | Komando

    Fake apps are infecting smartphones with the ultimate spyware [Black Hat Europe 2018]

    New research from cybersecurity firm Lookout presented during this year's Black Hat Europe conference has revealed that the SEA has expanded its hacking toolset and it now includes the entire SilverHawk "surveillanceware" family.
    Read More
  • Dec 7, 2018 | BankInfoSecurity

    Face Off: Researchers Battle AI-Generated Deep Fake Videos [Black Hat Europe 2018]

    Security researchers are facing off against deep-fake videos over fears that they might be used for nation-state disinformation campaigns or to ruin someone's reputation or social standing.
    Read More
  • Dec 7, 2018 | The Daily Swig

    The best hacks from Black Hat Europe 2018 [Black Hat Europe 2018]

    Thermal imaging might be impressive – but the main prize for sheer mis-appropriation of science during Black Hat Europe has to go to a talk by IBM researchers on attacking hardware systems using resonance.
    Read More
  • Dec 7, 2018 | SC Magazine

    Researchers: Syrian Electronic Army targeting secure messaging app users with spyware [Black Hat Europe 2018]

    Known for its ardent support of Syrian President Bashar al-Assad, the threat group is targeting in particular users of secure messaging apps such as WhatsApp and Telegram. The SEA is spreading malicious updates for these apps through a combination of watering hole websites and phishing emails, according to a report from Forbes, citing researchers at Lookout who presented their findings at the Black Hat conference in London this week.
    Read More
  • Dec 7, 2018 | The Daily Swig

    Threat intelligence marketplace aims to ease skills shortage [Black Hat Europe 2018]

    That’s according to Ben Schmidt, one of the founders of new decentralized platform PolySwarm, which is hoping to change the industry by linking the work of individual security researchers to the companies that may need their specialized expertise. “The idea really came about because we were frustrated,” Schmidt told The Daily Swig at this year’s Black Hat Europe conference.
    Read More
  • Dec 7, 2018 | Version2

    Researchers sneak Android data out during charging in an inventive way [Black Hat Europe 2018]

    It told one of the researchers, Riccardo Spolaor, the details of the IT Security Conference Black Hat Europe, which will take place in London this week.
    Read More
  • Dec 6, 2018 | Linux Magazin

    Black Hat Europe 2018 attracts more visitors [Black Hat Europe 2018]

    The hacker conference Black Hat Europe 2018 ended today in London. Topics included container safety and machine and deep learning.
    Read More
  • Dec 6, 2018 | ZDNet

    oo little, too late? Should we be faster to point the finger of blame at cyber attackers? [Black Hat Europe 2018]

    "Our then defence minister answered the question and his logic was if somebody looks like a dog, talks like a dog, eats like a dog, then most probably it's a dog -- in our case it was a bear," Kaljurand said during her keynote address at Black Hat Europe in London.
    Read More
  • Dec 6, 2018 | The Daily Swig

    Biggest casualty of a breach is security jobs, not share price [Black Hat Europe 2018]

    The Daily Swig spoke to Hypponen on the fringes of the Black Hat Europe conference in London this week. Business leaders should realise their responsibility, he claimed, while adding that – according to research by Hypponen himself – very few companies have failed or gone bust as the result of a breach.
    Read More
  • Dec 6, 2018 | Infosecurity Magazine

    #BHEU: We Must Update Cybersec Education to Develop More Security Experts [Black Hat Europe 2018]

    Speaking at Black Hat Europe in London, Nahman Khayet, security researcher and Shlomi Boutnaru, CTO at Rezilion, explored the current cybersecurity skills shortage and its link to the education system.
    Read More
  • Dec 6, 2018 | Infosecurity Magazine

    #BHEU: AI is Going Rogue with ‘Deep Fake’ Videos [Black Hat Europe 2018]

    Speaking at Black Hat Europe 2018 in London Vijay Thaware, security response lead at Symantec and Niranjan Agnihotri, associate threat analysis engineer at Symantec, explored the rise of a threat called ‘Deep Fakes.’
    Read More
  • Dec 5, 2018 | Bleeping Computer

    SNDBOX - an AI Powered Malware Analysis Site is Launched [Black Hat Europe 2018]

    Today at Blackhat Europe, a new malware analysis service was unveiled called SNDBOX that utilizes artificial intelligence and a hardened virtual environment to perform static and dynamic analysis of malware samples.
    Read More
  • Dec 5, 2018 | Bank Info Security

    Black Hat Europe: The Power of Attribution [Black Hat Europe 2018]

    "But where was Germany, where was France, where was Italy, where were others?" asked Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, in her opening keynote speech at Black Hat Europe conference in London on Wednesday (see: 14 Hot Sessions at Black Hat Europe 2018).
    Read More
  • Dec 5, 2018 | Dark Reading

    Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy [Black Hat Europe 2018]

    As nation-state cyberattacks continue to evolve into more complex and disruptive campaigns, the pressure is on for countries to set specific cybernorms and support one another in the attribution of nation-state hacks, according to Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace (GCSC) and Member of the UN Secretary General's High Level Panel on Digital Cooperation.
    Read More
  • Dec 5, 2018 | Dark Reading

    Windows 10 Security Questions Prove Easy for Attackers to Exploit [Black Hat Europe 2018]

    In a presentation at this week's Black Hat Europe, security researchers from Illusive Networks demonstrated a new method for maintaining domain persistence by exploiting Windows 10 security questions.
    Read More
  • Dec 5, 2018 | Infosecurity Magazine

    #BHEU: Attribution & Offensive Capabilities Changed Cybersecurity in 2018 [Black Hat Europe 2018]

    Delivering the opening keynote at the Black Hat Europe conference in London, Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, spoke of the 2007 attacks by Russia on her home nation of Estonia, and how it was “primitive by today’s standards” but enabled the country to build better defenses and its e-government services.
    Read More
  • Dec 5, 2018 | The Daily Swig

    ‘Cyber-attacks have become the new normality’ [Black Hat Europe 2018]

    Marina Kaljurana, current chair of the Global Commission of the Stability of Cyberspace, was the Estonian ambassador to Russia at the time her country’s critical infrastructure was hit by the politically motivated offensive. “I had two tasks,” Kaljurana said, in her keynote address to attendees at this year’s Black Hat Europe conference in London.
    Read More
  • Dec 5, 2018 | Ars Technica

    Why, in 2018, is Microsoft adding security questions to Windows 10? [Black Hat Europe 2018]

    By answering questions such as “What was your first car?” the users can reset the forgotten password and regain control of the account. It didn’t take long for researchers to identify weaknesses in the newly introduced feature. They presented their findings today at the Black Hat Europe Security Conference in London.
    Read More
  • Dec 5, 2018 | Forbes

    Syrian Electronic Army Hackers Are Targeting Android Phones With Fake WhatsApp Attacks [Black Hat Europe 2018]

    But the SEA hasn't made headlines in some time, largely because it's turned its focus away from Western targets and gone after people closer to home as it continues to support the Bashar Al-Assad regime. And, as research released at the Black Hat conference in London this week shows, the group is putting significant resources into an Android spyware tool that can keep constant tabs on a target's mobile life.
    Read More
  • Dec 5, 2018 | Infosecurity Magazine

    #BHEU: How Google Aurora Attacks Changed the Consciousness of Cybersecurity [Black Hat Europe 2018]

    Opening the Black Hat Europe conference, founder Jeff Moss cited the 2010 attacks on Google as a point where attacks became more serious, as this enabled people in cybersecurity to “speak to a new audience.”
    Read More
  • Dec 5, 2018 | Infosecurity Magazine

    #BHEU: Did the 'Grain of Rice Chip' Drive New Risk Assessments? [Black Hat Europe 2018]

    Speaking at the Black Hat Europe conference in London, trainer and researcher Joe FitzPatrick from SecuringHardware.com asked delegates if their risk assessment considers $5 hardware attacks and if not, “why worry about $1m [hardware attacks], as what is more likely?”
    Read More
  • Dec 5, 2018 | The Daily Swig

    Battery charger hack offers covert way to spy on mobile devices [Black Hat Europe 2018]

    A novel side-channel attack was demoed during a presentation at Black Hat Europe today (December 5) by Dr Riccardo Spolaor of the University of Oxford – one of a team of four European computer scientists that have developed a means of exfiltrating data from a compromised device based on power consumption fluctuations alone.
    Read More
  • Dec 5, 2018 | Silicon UK

    ‘London Blue’ Fraud Group Targets Financial Services Industry [Black Hat Europe 2018]

    The group has taken the basic techniques of targeted scams, known as spear phishing attacks, relying on detailed knowledge about a target’s relationships to send a fraudulent email, and “turned it into massive BEC campaigns”, Agari said in a report. The study was launched to coincide with Black Hat Europe, taking place in London this week.
    Read More
  • Dec 5, 2018 | Dark Reading

    Toyota Builds Open-Source Car-Hacking Tool [Black Hat Europe 2018]

    A Toyota security researcher on his flight from Japan here to London carried on-board a portable steel attaché case that houses the carmaker's new vehicle cybersecurity testing tool.
    Read More
  • Dec 5, 2018 | The Register

    Estonian ex-foreign sec urges governments: Get cosy with the private sector on cybersecurity [Black Hat Europe 2018]

    Black Hat Governments need to "turn from public private partnership slogans to real partnerships" on cybersecurity, former Estonian foreign minister Marina Kaljurand told the Black Hat infosec conference in London this morning.
    Read More
  • Dec 5, 2018 | Ars Technica

    Why, in 2018, is Microsoft adding security questions to Windows 10? [Black Hat Europe 2018]

    Enter Microsoft, which earlier this year added a security questions feature to Windows 10. It allows users to set up a list of security questions that can be asked in the event they later forget a password to one of their administrative accounts. By answering questions such as “What was your first car?” the users can reset the forgotten password and regain control of the account. It didn’t take long for researchers to identify weaknesses in the newly introduced feature. They presented their findings today at the Black Hat Europe Security Conference in London.
    Read More
  • Dec 5, 2018 | Computer Business Review

    Black Hat Europe: You Can be Lucky if You’re the First to Be Attacked [Black Hat Europe 2018]

    Speaking at Black Hat Europe, a cyber and information security event in London, Kaljurand discussed the cyberattack on her country that forced the government to change how it thought about cybersecurity.
    Read More
  • Dec 5, 2018 | Dark Reading

    Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy [Black Hat Europe 2018]

    The former Estonian Foreign Minister, who was serving as the ambassador to Russia in 2007 when her country was hit with historic distributed denial-of-service (DDoS) attacks by Russia, said in an interview with Dark Reading that without "a clear understanding" of attack attribution, bad actors continue to operate in the "gray zone."
    Read More
  • Dec 5, 2018 | Infosecurity Magazine

    #BHEU: Attribution & Offensive Capabilities Changed Cybersecurity in 2018 [Black Hat Europe 2018]

    Delivering the opening keynote at the Black Hat Europe conference in London, Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, spoke of the 2007 attacks by Russia on her home nation of Estonia, and how it was “primitive by today’s standards” but enabled the country to build better defenses and its e-government services.
    Read More
  • Dec 5, 2018 | The Daily Swig

    ‘Cyber-attacks have become the new normality’ [Black Hat Europe 2018]

    Estonia’s former Foreign Minister Marina Kaljurand delivers Black Hat keynote on lessons learned from 2007 offensive.
    Read More
  • Dec 5, 2018 | Bank Info Security

    Black Hat Europe: The Power of Attribution [Black Hat Europe 2018]

    Kaljurand, who previously served as the foreign minister of Estonia and an ambassador to six countries, including the U.S., told the audience at the annual information security conference that the NotPetya attribution by the seven nations represented a breakthrough in countries' ability to hold others to account.
    Read More
  • Dec 4, 2018 | Dark Reading

    ‘London Blue’ BEC Cybercrime Gang Unmasked [Black Hat Europe 2018]

    Agari today disclosed details of both its unmasking of the group – which it has dubbed "London Blue" – as well as its inner workings. Security researchers at Agari flipped the equation on the attackers in an email exchange by posing as Lim's assistant and drawing out enough details to drill down into the particulars of the group as well as the physical location of its operators in London.
    Read More
  • Dec 4, 2018 | Bank Info Security

    14 Hot Sessions at Black Hat Europe 2018 [Black Hat Europe 2018]

    London is calling all information security professionals, as the Black Hat Europe conference returns to the U.K. capital for the third year in a row.
    Read More
  • Dec 3, 2018 | Latest Hacking News

    Latest Hacking News Podcast #175 [Black Hat Europe 2018]

    Black Hat Europe 2018 kicks off today in London so on episode 175 of our daily podcast we highlight just a few of the cybersecurity talks scheduled to take place.
    Read More
  • Nov 20, 2018 | Security Boulevard

    Lax Employee Cybersecurity Habits Pose Growing Danger to Businesses [Black Hat Europe 2018]

    Research by Black Hat Europe indicates that the biggest danger to personal data is the collection and sale of personal information by enterprises and social media organizations that don’t properly protect privacy.
    Read More
  • Nov 15, 2018 | The Daily Swig

    Black Hat survey: User privacy doubts highlight cyber skills shortage [Black Hat Europe 2018]

    The growing skepticism toward the legislation, enacted in May of this year, was cast in new research published by the organizers of Black Hat Europe ahead of its annual meeting of infosec pros in December.
    Read More
  • Nov 15, 2018 | Help Net Security

    What’s keeping Europe’s top infosec pros awake at night? [Black Hat Europe 2018]

    Black Hat Europe’s new research report entitled, Europe’s Cybersecurity Challenges, details the thoughts that are keeping Europe’s top information security professionals awake at night.
    Read More
  • Nov 14, 2018 | The Register

    Just because you're paranoid doesn't mean hackers won't nuke your employer into the ground tomorrow [Black Hat Europe 2018]

    So reckon the people behind the Black Hat cybersecurity knees-up, who polled 130 European infosec folk to find out what keeps them awake at night.
    Read More
  • Nov 14, 2018 | Dark Reading

    Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues [Black Hat Europe 2018]

    The 2018 Black Hat Europe Attendee Survey, published Wednesday, offers a sobering look at the state of cybersecurity defenses in Europe, bolstering the Paris meeting's conclusion that greater efforts are needed to protect data and infrastructure across national boundaries.
    Read More
  • Nov 12, 2018 | Dark Reading

    7 Cool New Security Tools to be Revealed at Black Hat Europe [Black Hat Europe 2018]

    Security researchers will convene in London next month to share findings at Black Hat Europe and unveil new tools at the conference's "Arsenal" event. At Arsenal reseachers will pass around dozens of new tools to advance vulnerability discovery, auditing, and other security practices. Here are a few highlights of what's to come.
    Read More
  • Nov 7, 2018 | Dark Reading

    Finding Gold in the Threat Intelligence Rush [Black Hat Europe 2018]

    At Black Hat Europe, in London this December, van der Walt and Pillarisetty will take the stage to share their findings in "Don't Eat Spaghetti with a Spoon: An Analysis of the Practical Value of Threat Intelligence." They hope to "move the needle along" in terms of understanding threat intelligence and equip other researchers with the data structures, tooling, methodology, and language to enable future research in the space, van der Walt says.
    Read More
  • Nov 1, 2018 | TechCrunch

    A pair of new Bluetooth security flaws expose wireless access points to attack [Black Hat Europe 2018]

    Security company Armis calls the vulnerabilities “Bleeding Bit,” because the first bug involves flipping the highest bit in a Bluetooth packet that will cause its memory to overflow — or bleed — which an attacker can then use to run malicious code on an affected Cisco or Meraki hardware.
    Read More
  • Nov 1, 2018 | ZDNet

    Bleedingbit zero-day chip flaws may expose majority of enterprises to remote code execution attacks [Black Hat Europe 2018]

    Armis plans to release a full technical white paper describing the vulnerabilities at the Black Hat Europe conference, which is due to take place in the first week of December.
    Read More
  • Nov 1, 2018 | Dark Reading

    New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points [Black Hat Europe 2018]

    Seri and Armis security researcher Dor Zusman will discuss their chip findings on in detail in the session "BLEEDINGBIT: Your APs Belong to Us" at Black Hat Europe, December 3 - 6.
    Read More
  • Oct 31, 2018 | Dark Reading

    Hardware Cyberattacks: How Worried Should You Be? [Black Hat Europe 2018]

    "Reactions are not rational or appropriate to what should be done," says Joe Fitzpatrick, trainer and researcher at SecuringHardware.com. He'll be putting hardware threats into context and explaining how they fit into enterprise threat models during a briefing, titled "A Measured Response to a Grain of Rice," at Black Hat Europe in London this December.
    Read More
  • Oct 26, 2018 | Dark Reading

    DeepPhish: Simulating Malicious AI to Act Like an Adversary [Black Hat Europe 2018]

    At this year's Black Hat Europe event, taking place in London in December, Correa will present the team's findings in a session entitled "DeepPhish: Simulating Malicious AI."
    Read More
  • Oct 25, 2018 | Dark Reading

    Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites [Black Hat Europe 2018]

    So far, Twitter and eBay have updated their platforms to prevent the attack, and some browsers, including Microsoft Edge, Microsoft Internet Explorer, and Mozilla Firefox, have added a feature to thwart the attack, according to Takuya Watanabe, who will present his team's findings in December at Black Hat Europe in London
    Read More
  • Oct 18, 2018 | Dark Reading

    New Security Woes for Popular IoT Protocols [Black Hat Europe 2018]

    Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
    Read More
  • Oct 17, 2018 | Threatpost

    Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers [Black Hat USA 2018]

    At Black Hat 2018, researchers stressed that the healthcare device landscape remains insecure and in need of addressing.
    Read More
  • Oct 16, 2018 | TechCrunch

    Medical Device Maker Medtronic Finally Fixes its Hackable Pacemaker [Black Hat USA 2018]

    The company said in a notice this week that it’s switching off the software distribution network after researchers found that a hacker could update the pacemaker’s software with malicious software that could manipulate the impulses that regulate a patient’s heartbeat. The researchers, Jonathan Butts and Billy Rios, revealed the vulnerability at the Black Hat conference in August, more than a year after first reporting the vulnerability to Medtronic.
    Read More
  • Oct 15, 2018 | HealthITSecurity

    FDA Warns of Cybersecurity Vulnerabilities in CareLink Programmers [Black Hat USA 2018]

    In a presentation at the BlackHat security conference held in August, security researchers Bill Rios and Jonathan Butts criticized Medtronic for dragging its feet regarding the vulnerabilities in the CareLink programmers.
    Read More
  • Oct 15, 2018 | Minneapolis Star Tribune

    Medtronic cuts cyber access to vulnerable devices [Black Hat USA 2018]

    The Irish medical device company, operated from offices in Fridley, announced that it was shutting down the ability of its CareLink 2090 and CareLink Encore 29901 device programmers to download new software updates remotely. The news follows a demonstration at the Black Hat USA cybersecurity conference in Las Vegas in August by independent researchers who showed that the vulnerabilities in Medtronic device programmers could negatively impact patient care.
    Read More
  • Oct 12, 2018 | NBC News

    Medtronic disables pacemaker programmer updates over hack concern [Black Hat USA 2018]

    Medtronic in August issued an alert on the issue with its CareLink programmers after researchers discussed the vulnerability at the Black Hat hacking conference. Medical device security experts said they had uncovered a bug that could enable hackers to update malicious software onto the programmers, then attack implanted pacemakers.
    Read More
  • Oct 12, 2018 | The Washington Post

    The Cybersecurity 202: Kanye West is going to make password security great again [Black Hat USA 2018]

    Security researchers at the Black Hat hacker conference in Las Vegas in August demonstrated how a bug in the devices “could enable hackers to update malicious software onto the programmers, then attack implanted pacemakers.” Medtronic said in its letter that it is working on security updates to “further address these vulnerabilities and will be implemented pending regulatory agency approvals.”
    Read More
  • Oct 12, 2018 | GovInfoSecurity

    Medtronic Cardiac Devices Recalled Due to Cyber Concerns [Black Hat USA 2018]

    https://www.govinfosecurity.com/medtronic-cardiac-devices-recalled-due-to-cyber-concerns-a-11597
    Read More
  • Oct 12, 2018 | Cyberscoop

    FDA warns users of cyber vulnerability in pacemaker programmers [Black Hat USA 2018]

    In August at the Black Hat conference, security researchers demonstrated how a hacker could run malicious firmware on one of the programmers, the CareLink 2090, to make life-threatening changes in care. The security researchers, Billy Rios and Jonathan Butts, said they disclosed the vulnerabilities to Medtronic in January 2017 and criticized the vendor for taking months to address the issue.
    Read More
  • Oct 11, 2018 | Reuters

    Medtronic disables pacemaker programmer updates over hack concern [Black Hat USA 2018]

    Medtronic in August issued a security bulletin on the issue with its CareLink programmers after researchers discussed the vulnerability at the Black Hat hacking conference in Las Vegas. Medical device security experts said they had uncovered a bug that could enable hackers to update malicious software onto the programmers, then attack implanted pacemakers.
    Read More
  • Oct 11, 2018 | FierceBiotech

    Medtronic disables updates for pacemaker programmers over cybersecurity concerns [Black Hat USA 2018]

    n a presentation at the annual Black Hat cybersecurity conference in Las Vegas, two researchers demonstrated the security weaknesses in the pacemaker's control unit, saying the vulnerabilities allowed for “the disruption of therapy as well as the ability to execute shocks to a patient.”
    Read More
  • Oct 9, 2018 | Medial Plastics News

    Why the hacking of medical devices is still big news [Black Hat USA 2018]

    The vulnerability of medical devices to be hacked is nothing new. But picking up on news reports from the Black Hat security event that took place in Las Vegas at the beginning of August, it seems that these concerns continue to be top of the agenda where products such as pacemakers and implantable devices, are concerned.
    Read More
  • Oct 2, 2018 | Enterprise Mobility Exchange

    Medical Device Flaws Shine Light On Security And IoT Issues [Black Hat USA 2018]

    This technology helps medical professionals make more accurate and safer health decisions for patients. Just like computer systems, medical devices are vulnerable to security breaches. In August at the Black Hat security conference in Las Vegas, researchers uncovered vulnerabilities in heart monitoring devices by Medtronic, and insisted that hackers could remotely install malware.
    Read More
  • Sep 6, 2018 | Politico

    House panels consider airline cyber threats [Black Hat USA 2018]

    early 85 percent of security pros in a poll out today said they believed there would be hacking during the 2018 midterms. The poll, conducted by cybersecurity company Lastline of Black Hat conference attendees, found a variety of opinions about how it might happen.
    Read More
  • Sep 6, 2018 | CSO

    Why data loss prevention is a throwback technology [Black Hat USA 2018]

    Black Hat is one of the top conferences for security professionals to learn about the latest technologies and vulnerabilities to be aware of in the coming year. From the surprising safety of self-driving cars, to new ways to hack into what many thought were secure systems, Black Hat is the spot for the latest innovations, hacking methods and more.
    Read More
  • Sep 5, 2018 | CBS News

    Phishing for political secrets: Hackers take aim at midterm campaigns [Black Hat USA 2018]

    "[Phishing is] one of the biggest threats … and it's still a continuous attack factor," said Microsoft's Diana Kelley in an interview at the 2018 Black Hat cybersecurity conference. "I don't even call [targeted email attacks] spearphishing, I think of them as laser fishing now because they're so well-crafted."
    Read More
  • Sep 5, 2018 | Forbes

    Medical Device Security Improvements Coming - But Not Anytime Soon [Black Hat USA 2018]

    At Black Hat in Las Vegas last month, researchers Billy Rios and Jonathan Butts brought a similar message, with a session titled, “Exploiting Implanted Medical Devices.”
    Read More
  • Sep 3, 2018 | Information Age

    How is Facebook battling cyber crime? [Black Hat USA 2018]

    High-performing students may be eligible for internships with the social media platform after graduating from the scheme, and be able to attend cyber security conferences, such as the Black Hat Briefings.
    Read More
  • Aug 31, 2018 | Vice Motherboard

    Experts Call for Transparency Around Google’s Chinese-Made Security Keys [Black Hat USA 2018]

    “I should not have to wait until Black Hat next year to find answers to these questions from an unaffiliated third-party,” he added.
    Read More
  • Aug 30, 2018 | BBC

    How Do You Run A Hacking Operation? [Black Hat USA 2018]

    Thousands of cyberattacks occur every single day. Some hackers steal credit card details or pilfer money from online bank accounts. Others cripple businesses, or even governments. As tensions mount in cyberspace, what are countries doing to strengthen their cyber power and build a hacking army? In this Inquiry, we delve into some of the world’s most intriguing cyber operations – including Iran, Russia and North Korea.
    Read More
  • Aug 30, 2018 | TechRepublic

    Risk & Repeat: Are the Meltdown and Spectre flaws overhyped? [Black Hat USA 2018]

    Were the Meltdown and Spectre flaws as bad as some claimed? That question was raised by the Pwnie Awards at Black Hat 2018 earlier this month.
    Read More
  • Aug 30, 2018 | Dark Reading

    Lessons From the Black Hat USA NOC [Black Hat USA 2018]

    At Black Hat USA, the network operations center (NOC) and security operations center (SOC) are one in the same — reasonable for a network that exists to serve a huge gathering of security professionals. While the network that exists for a high-intensity week is unique in many ways, in others it is a concentrated example of what is possible when professionals with different areas of expertise — and different vendors — work together.
    Read More
  • Aug 29, 2018 | San Antonio Business Journal

    Texas A&M-San Antonio partners with Facebook for cybersecurity education [Black Hat USA 2018]

    This fall, the university is slated to offer a hybrid cybersecurity course to students underwritten by Facebook. It includes curriculum, mentorship, project development and training during a simulated cybersecurity attack side by side with Facebook employees in San Antonio. It also includes potential internships with Facebook for its students and scholarships to attend competitions like cybersecurity events Black Hat Conference and DEF CON in Las Vegas.
    Read More
  • Aug 29, 2018 | ScienceDaily

    How unsecured medical record systems and medical devices put patient lives at risk [Black Hat USA 2018]

    The researchers from UC San Diego and UC Davis detailed their findings Aug. 9 at the Black Hat 2018 conference in Las Vegas, where they staged a demonstration of the attack. Dubbed Pestilence, the attack is solely proof-of-concept and will not be released to the general public. While the vulnerabilities the researchers exploited are not new, this is the first time that a research team has shown how they could be exploited to compromise patient health.
    Read More
  • Aug 29, 2018 | PYMNTS

    Why Security Techniques Need To Evolve As Fast As Hackers [Black Hat USA 2018]

    And the bad news of impressive feats in hacking have been pouring out of various hacking professional conferences all summer long. A research team at the Black Hat conference managed to trick voice recognition software from Microsoft by convincing it a machine voice was human.
    Read More
  • Aug 28, 2018 | The Last Watchdog

    MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police? [Black Hat USA 2018]

    Phishing is the number one way organizations are breached, Aaron Higbee, CTO and co-founder of Cofense, told me at Black Hat USA 2018 in Las Vegas. Even though phishing has been a problem for years and most people are aware of what a phishing email looks like, we still fall for them.
    Read More
  • Aug 28, 2018 | CSO

    Why Security and DevOps Desperately Need Couples Counseling [Black Hat USA 2018]

    “Nobody thinks security is their friend,” laughed Brad Senetza, security assurance architect, Oracle in an on-camera interview at the 2018 Black Hat Conference in Las Vegas.
    Read More
  • Aug 28, 2018 | Journal of Cyber Policy

    BLACK HAT 2018: ATTACK SIMULATION [Black Hat USA 2018]

    Inspector Clouseau, of Pink Panther fame, had Cato Fong, his manservant, attack him by surprise to keep his self-defense reflexes strong. (And funny) Businesses and government agencies today should have their own version of Cato in the form of attack simulation software. Black Hat 2018 had several vendors offering this kind of solution, sometimes called Breach and Attack Simulation (BAS). These included AttackIQ, XM Cyber, Cymulate and others.
    Read More
  • Aug 28, 2018 | Bloomberg Law

    https://biglawbusiness.com/device-makers-combating-cyber-risks-to-patient-health/ [Black Hat USA 2018]

    The Black Hat and DefCon conferences in Las Vegas where McAfee presented its research showed how vulnerable some of these medical devices are, but there’s a real lack of awareness of the risks that exist in deployed devices in most hospitals, McMillan said.
    Read More
  • Aug 28, 2018 | CSO

    Stop playing “whack-a-mole” with your security [Black Hat USA 2018]

    Those were the key takeaways in a presentation by Parisa Tabriz, a director of engineering from Google. Tabriz spoke at the August Black Hat US 2018 conference in Las Vegas. In the session, the underlying theme was that security professionals must do whatever they can to incentivize firms to make better and more secure products.
    Read More
  • Aug 28, 2018 | Forbes

    iCloud Compromise With A Twist [Black Hat USA 2018]

    When I first wrote about iCloud compromises there was a far more salacious bent to the story line. Now with BSidesLV, Blackhat and DEF CON only recently passed by it only seemed appropriate that a clever iCloud related hack story would fall into my lap.
    Read More
  • Aug 27, 2018 | Fifth Domain

    Will more sanctions drive Iran to a cyberattack? [Black Hat USA 2018]

    Iranian hackers usually take three to four months to carry out an attack, Levi Gundert, vice president of intelligence at Recorded Future, told Fifth Domain during the Black Hat conference in Las Vegas. That means the Nov. 4 date for potentially another round of U.S. sanctions coincides with the timeline for an expected retaliation.
    Read More
  • Aug 27, 2018 | CyberScoop

    Cisco Talos' Craig Williams on the hunt for bugs and abnormal behavior [Black Hat USA 2018]

    On the sidelines of the Black Hat and DEF CON conference in Las Vegas this month, CyberScoop sat down with Craig Williams, Talos’ director of outreach, to get his take on some of these high-profile threats and how he approaches the craft of investigating malware campaigns.
    Read More
  • Aug 27, 2018 | Networks Asia

    Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says [Black Hat USA 2018]

    The emergence of Petya/NotPetya and other virulent forms of malware have showcased how the best and most successful black-hat hacks are not entirely new—bad actors simply take older, more established approaches or attack vectors and add a new twist. And so it is with PHP unserialization attacks, as showcased at the Black Hat conference earlier this month by Sam Thomas, director of research for Secarma Ltd, an information security consultancy.
    Read More
  • Aug 26, 2018 | Journal of Cyber Policy

    BLACK HAT 2018: REDUCING ATTACK SURFACES [Black Hat USA 2018]

    The theme of reducing attack surfaces emerged repeatedly at Black Hat 2018. While many cyber security professionals acknowledge the risk exposure hidden in today’s proliferating collection of attack surfaces, not everyone is taking action.
    Read More
  • Aug 26, 2018 | The Daily Dot

    How hackers can use AI to hide their malware and target you [Black Hat USA 2018]

    Thanks to advances in artificial intelligence, such fine-grained targeted cyberattacks are no longer the stuff of dark hacker movies, as security researchers at IBM demonstrated at the recent Black Hat USA security conference in Las Vegas.
    Read More
  • Aug 24, 2018 | Journal of Cyber Policy

    BLACK HAT 2018: THE ICS CONVERSATION [Black Hat USA 2018]

    The subject of Industrial Control Systems (ISCs) came up frequently at Black Hat 2018. The threats are very real, with serious potential consequences in the event of a successful attack. Talking to various experts at the conference, the state of industrial cyber security seems to be on a trajectory of improvement, but with much work to be done in many “spheres of activity.
    Read More
  • Aug 24, 2018 | Security Boulevard

    Looking Back on Black Hat 2018: Four Key Learnings from This Year’s Event [Black Hat USA 2018]

    Two weeks ago I attended the Black Hat USA 2018 conference: As one of the largest cybersecurity events in the world, it’s always interesting to hear the key themes and trends the industry is buzzing about. Here are my observations on four actionable takeaways from the 2018 conference.
    Read More
  • Aug 23, 2018 | TechTarget

    AI bias and data stewardship are the next ethical concerns for infosec [Black Hat USA 2018]

    Laura Norén, director of research at Obsidian Security, spoke about data science ethics at Black Hat USA 2018, and discussed the potential pitfalls of not having quality data, including AI bias learned from the people training the model.
    Read More
  • Aug 23, 2018 | TechTarget

    Risk & Repeat: Meltdown and Spectre disclosure in review [Black Hat USA 2018]

    A Black Hat panel discussion provided a behind-the-scenes look at the process from the perspective of Microsoft, Google and Red Hat representatives.
    Read More
  • Aug 23, 2018 | GCN

    Assembling an ingredients list for software [Black Hat USA 2018]

    Speaking at the Black Hat conference earlier this month, Allan Friedman, director of cybersecurity for the National Telecommunications and Information Administration, discussed how his unit is working to develop a “software bill of materials,” a list of ingredients for business software products.
    Read More
  • Aug 23, 2018 | CSO

    Detecting bot attacks | Salted Hash Ep 44 [Black Hat USA 2018]

    In this episode, host Steve Ragan talks with Engin Akyol, CTO at Distil Networks at the Black Hat 2018 conference, about bot account takeovers and how they can be detected.
    Read More
  • Aug 22, 2018 | Network World

    IoT vendors talk open buildings, black hats and a jam conspiracy [Black Hat USA 2018]

    In what may be one of the most predictable headlines readers of this piece will see, some of the world’s leading information security professionals attending the Black Hat security conference told the media that unsecured IoT devices still pose a large-scale threat to networks around the globe.
    Read More
  • Aug 22, 2018 | CSO

    Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says [Black Hat USA 2018]

    Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research, introduced at Black Hat this month, shows that malevolent hackers can introduce this vulnerability, even in environments that were previously considered low-risk for this attack.
    Read More
  • Aug 21, 2018 | USA Today

    Here comes Russia, back at it again with the hacking in time for midterms: Today's talker [Black Hat USA 2018]

    Recent security conferences (Black Hat and DEF CON) discussed research on the latest threats, vulnerabilities and techniques of the cyberworld. And this time around, the voting systems for the U.S. midterms drew paramount focus from security researchers, learning that several states that use electronic voting systems had been purchasing parts off eBay after some of their systems became faulty.
    Read More
  • Aug 21, 2018 | Threatpost

    Video: Bishop Fox on Device Threats and Layered Security [Black Hat USA 2018]

    Threatpost talked to Christie Terrill, partner at Bishop Fox, about the top trends and security issues that were discussed at Black Hat USA in Las Vegas this month.
    Read More
  • Aug 21, 2018 | Inside Cybersecurity

    Former DHS attorney: Info-sharing system needs incentives, smoother process [Black Hat USA 2018]

    Allison Bender, interviewed on the sidelines of the recent Black Hat conference in Las Vegas, said “very few organizations are sharing into” DHS' Automated Indicator Sharing program even as sharing expands among private entities.
    Read More
  • Aug 21, 2018 | Vice Motherboard

    Meet 'Intrusion Truth,' the Mysterious Group Doxing Chinese Intel Hackers [Black Hat USA 2018]

    “We won’t achieve anything by publicly naming,” Andrei Barysevich, director of advanced collection at threat intelligence firm RecordedFuture, told Motherboard at the annual Black Hat cybersecurity conference earlier this month. Likely the only time the company may publish names is in a direct collaboration with law enforcement, a RecordedFuture spokesperson added.
    Read More
  • Aug 20, 2018 | Security Intelligence

    Stories From the Edge of IoT Security: Threat Demos From Black Hat and DEF CON [Black Hat USA 2018]

    As the annual security week in Las Vegas drew to a close, cybersecurity professionals left Black Hat 2018 and DEF CON 26 armed with knowledge, renewed energy and no shortage of exposure to emerging Internet of Things (IoT) security flaws. Perhaps fittingly, Black Hat event founder Jeff Moss helped kick off the conference by acknowledging threats faced by the security industry and citing a sense that they were in the “final exams stage.”
    Read More
  • Aug 20, 2018 | Risky Business

    Risky Business feature: Adam Boileau recaps Black Hat and DEF CON [Black Hat USA 2018]

    But that’s ok, because Adam went to both Black Hat and DEF CON and he joined me to talk about the highlights from his point of view. This was his first trip to the Vegas cons since 2005, and agreed with me that the content this year was actually pretty bloody good.
    Read More
  • Aug 20, 2018 | TechHQ

    AI for cybersecurity: Friend or foe? [Black Hat USA 2018]

    “What’s happening is a little concerning, and in some cases even dangerous,” warned Raffael Marty, vice president of corporate strategy at security firm Forcepoint, at the Black Hat cybersecurity conference in Las Vegas.
    Read More
  • Aug 20, 2018 | The Star

    These Android phones have security defects out of the box, researchers say [Black Hat USA 2018]

    Ryan Johnson, Kryptowire's director of research, and Angelos Stavrou, the company's CEO, disclosed their findings recently at the Black Hat security conference in Las Vegas, according to Wired. Kryptowire's research was partially funded by the Department of Homeland Security.
    Read More
  • Aug 20, 2018 | The Register

    So phar, so FUD: PHP flaw puts WordPress sites at risk of hacks [Black Hat USA 2018]

    Research into the vulnerability was presented by Secarma's Sam Thomas at Thursday's BSides cybersecurity conference in Manchester, UK – days after it was first unveiled at Black Hat in Las Vegas last week. His presentation (video below) was entitled It's A PHP Unserialization Vulnerability Jim, But Not As We Know It.
    Read More
  • Aug 20, 2018 | Help Net Security

    Making informed decisions: The importance of data driven security [Black Hat USA 2018]

    In this podcast recorded at Black Hat USA 2018, Vikram Phatak, CEO of NSS Labs, talks about data driven security.
    Read More
  • Aug 20, 2018 | Security Intelligence

    X-Force Red in Action: Spotlight on ATM Testing With David ‘VideoMan’ Bryan [Black Hat USA 2018]

    The good news: The X-Force Red team survived Black Hat and DEF CON and is back with a new edition of the X-Force Red in Action podcast.
    Read More
  • Aug 20, 2018 | Dark Reading

    How Better Intel Can Reduce, Prevent Payment Card Fraud [Black Hat USA 2018]

    Royal Bank of Canada machine learning researcher Cathal Smyth and Terbium Labs chief scientist Clare Gollnick discuss how they use intelligence about the carding market to predict the next payment card fraud victims. Filmed at the Dark Reading News Desk at Black Hat USA 2018.
    Read More
  • Aug 18, 2018 | The Register

    'Oh sh..' – the moment an infosec bod realized he was tracking a cop car's movements by its leaky cellular gateway [Black Hat USA 2018]

    “What happens when people go after police officers because they know where they live,” Justin Shattuck, principal threat researcher at F5 Networks, who gave a Black Hat USA talk this week about the findings, told The Register. “Using GPS we know where they buy their donuts, how long to get their orders – we know where they are down to the metre.”
    Read More
  • Aug 17, 2018 | Fast Company

    Heart-stopping security news: Hackers can now get into pacemakers [Black Hat USA 2018]

    At the recent Black Hat information security conference, researchers demonstrated how the Carelink 2090 pacemaker, along with the company’s insulin pump, could be hacked.
    Read More
  • Aug 17, 2018 | IT News Africa

    Black Hat: Protecting Industrial Control System [Black Hat USA 2018]

    Industrial Control System (ICS) security was ramped up at Black Hat USA – with packed sessions ranging from specific attacks to vulnerable hardware – all with the aim of protecting critical infrastructure, whose security shortcomings so frequently hit the headlines these days.
    Read More
  • Aug 17, 2018 | BleepingComputer

    Combating Social Engineering: Tips From Black Hat 2018 [Black Hat USA 2018]

    Matt Wixey, one of the presenters this year at Black Hat USA, leads technical research for the PwC Cyber Security practice in the UK. He works closely with the Ethical Hacking team and is a PhD candidate at University College London. Prior to joining PwC, Wixey led a technical R&D team for a law enforcement agency in the UK.
    Read More
  • Aug 17, 2018 | TechRepublic

    Black Hat 2018: Sneaker bots and their challenges [Black Hat USA 2018]

    Josh Shaul, vice president of web security at Akamai, sat down with TechRepublic's Dan Patterson at Black Hat 2018 to speak about sneaker sales' market and after-market.
    Read More
  • Aug 17, 2018 | TechTarget

    ICS security fails the Black Hat tes [Black Hat USA 2018]

    Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren't really trying.
    Read More
  • Aug 17, 2018 | TechRepublic

    Black Hat 2018: Connecting cars to enhance the way we drive [Black Hat USA 2018]

    Thomas Mackenzie, associate partner at X-Force Red at IBM, talks to TechRepublic's Dan Patterson about the importance of connecting communication technologies between vehicles at Black Hat 2018.
    Read More
  • Aug 17, 2018 | TechRepublic

    Demo at Black Hat 2018 of what corrupt data does to a Libelium Meshlium [Black Hat USA 2018]

    Daniel Crowley, research baron for X-Force Red at IBM, and Jennifer Savage, security researcher at Threatcare, show TechRepublic's Dan Patterson an exploited demo based on vulnerabilities that were found in the Libelium Meshlium at Black Hat.
    Read More
  • Aug 17, 2018 | CNBC

    Security researchers say they can hack Medtronic pacemakers [Black Hat USA 2018]

    Rios and Butts demonstrated the security weaknesses earlier this month at the annual Black Hat cyber security conference in Las Vegas, one of the industry's most prestigious annual meetings.
    Read More
  • Aug 17, 2018 | Medium

    Black Hat Conference Vendors Use Cybersecurity Marketing Theme to Gain Attendees’ Attention [Black Hat USA 2018]

    Many vendors and cybersecurity companies attend the Black Hat USA 2018 conference. The world’s leading annual information security event took place in Las Vegas August 5–9.
    Read More
  • Aug 17, 2018 | CNET

    Black Hat and Defcon cybersecurity experts share tips on how to protect yourself [Black Hat USA 2018]

    During the week of Black Hat and Defcon, tens of thousands of security experts and hackers flock to Las Vegas for the back-to-back conferences. They hold discussions on issues like smart cities getting hacked, two-factor authentication, and security issues with voice assistants
    Read More
  • Aug 17, 2018 | Defense One

    Ep. 16: Hypersonic missiles; Black Hat/Defcon 2018; Q&A w/ Chris Lynch of Defense Digital Services. [Black Hat USA 2018]

    Then (13:25) we’ll get into what’s new from the world of hackers at this year’s Black Hat / DefCon. Our own Patrick Tucker has returned from Sin City to tell us all about what happened in Vegas.
    Read More
  • Aug 17, 2018 | WeLiveSecurity

    Week in security with Tony Anscombe [Black Hat USA 2018]

    In this week’s cybersecurity news, Tony Anscombe covers the Instagram hack that left some users locked out of their accounts. There is a report from Black Hat from our Security Researcher Cameron Camp and a look at why New York University researchers have come up with a novel idea to make software more secure.
    Read More
  • Aug 16, 2018 | Journal of Cyber Policy

    SECURE SYSTEM ENGINEERING AND THE TORAH [Black Hat USA 2018]

    I attended the session, “Open Sesame: Picking Locks with Cortana” at Black Hat 2018, in which presenters Tal Be’ery, Amichai Shulman, Ron Marcovich and Yuval Ron revealed several different ways to access private information on a locked PC using the Cortana voice assistant.
    Read More
  • Aug 16, 2018 | Security Boulevard

    New Foreshadow Vulnerabilities Defeat Memory Defenses on Intel CPUs [Black Hat USA 2018]

    These are the latest in a long string of architectural vulnerabilities in CPUs that have been found and disclosed since Spectre and Meltdown. Last week at the Black Hat USA security conference, researcher Ben Gras from VU Amsterdam presented the details of another CPU vulnerability called TLBleed that abuses hyper-threading and the translation lookaside buffer (TLB) to leak secrets such as encryption keys.
    Read More
  • Aug 16, 2018 | Entrepreneur

    The Latest Thing You Need to Worry About Cybercriminals Hacking? Your Voice.] [Black Hat USA 2018]

    We've already seen cybersecurity researchers demonstrate some of these methods in proof-of-concept attacks, and the risk gained further priority this August at the Black Hat conference, where ethical hackers demonstrated new methods of voice "spoofing" and attacking a widely used personal digital assistant through voice commands.
    Read More
  • Aug 16, 2018 | CBS News

    Obama campaign used security keys during both elections to defend against hackers [Black Hat USA 2018]

    As political campaigns in the 2018 midterm elections fight off hackers, the Obama campaign might have figured out the key solution a decade ago. President Obama's campaign used Yubikeys, which are security keys for protecting logins, in both the 2008 and 2012 elections to defend itself from hackers, according to Yubico CEO Stina Ehrensvard. "The woman who tried after him did not, and you can see the results," Stina Ehrensvard, the CEO and founder of Yubico, said in an interview at Black Hat.
    Read More
  • Aug 16, 2018 | PaymentsSource

    How mobile POS devices succumb to hackers [Black Hat USA 2018]

    With payments increasingly shifting to mobile, the ability to exploit mobile point-of-sale systems that make it possible for merchants to accept card and even cryptocurrency payments on the go is also shifting. Presenting at the Black Hat USA cybersecurity conference last week in Las Vegas, prominent security researchers from U.K.-based Positive Technologies showcased research detailing the inherent vulnerabilities they discovered among four of the most popular mPOS systems operating in both the United States and Europe.
    Read More
  • Aug 16, 2018 | CRN

    WATCH: XM Cyber Fights Hackers With An Automated Red Team [Black Hat USA 2018]

    As seen at Black Hat USA 2018, automation has become a valued technology for security companies, which are challenged by a talent shortage and a constantly evolving threat landscape. The Global Information Security Workforce Study from the Center for Cyber Safety and Education, predicts a shortfall of 1.8 million cybersecurity workers by 2022.
    Read More
  • Aug 16, 2018 | TechRepublic

    Black Hat 2018: Xerox CISO on why the tech industry needs to simplify [Black Hat USA 2018]

    TechRepublic's Dan Patterson interviewed Alissa Johnson, Xerox Chief Information Security Officer, at Black Hat. She discussed defining IT processes, simplifying the tech industry, and more. The following is an edited transcript of the interview.
    Read More
  • Aug 16, 2018 | SDxCentral

    Classic Rock and Cloud-Native Attacks Collide at Black Hat [Black Hat USA 2018]

    Serpa said that compared to past security conferences, many more people approached the Bitglass booth at last week’s Black Hat conference knowing what CASB is. Now the burning question is what is different about Bitglass CASB compared to others?
    Read More
  • Aug 16, 2018 | Channel Partners

    Security Roundup: Black Hat Edition [Black Hat USA 2018]

    Last week’s Black Hat USA 2018 conference in Las Vegas was the place to be for all things cybersecurity. Among the topics explored were the need for more collaboration among cybersecurity providers and more information sharing in the industry to battle the ever-increasing volume of cyberthreats. Other individual topics included securing IoT and stopping election hacking.
    Read More
  • Aug 16, 2018 | CSO

    Hack mobile point-of-sale systems? Researchers count the ways [Black Hat USA 2018]

    Presenting at the Black Hat USA information security conference last week in Las Vegas, prominent U.K. security researchers showcased recent research detailing the inherent vulnerabilities they discovered among four of the most popular mPOS systems operating in both the United States and Europe.
    Read More
  • Aug 16, 2018 | The Intercept

    BLACK HAT HACKER CONFERENCE BEGINS TO GRAPPLE WITH GENDER DISCRIMINATION AND SEXUAL ASSAULT IN CYBERSECURITY [Black Hat USA 2018]

    But last week, for the first time in Black Hat’s history, the conference invited speakers to address gender discrimination, sexual assault, mental health, and substance abuse. The conference’s inaugural Community Track briefings provided a window into problems in the cybersecurity world that have long been hidden in plain sight.
    Read More
  • Aug 16, 2018 | The Daily Swig

    Until next year: A look back at hacker summer camp [Black Hat USA 2018]

    Dave Lewis reflects on his time in Las Vegas attending BSides, Black Hat, and Def Con.
    Read More
  • Aug 15, 2018 | Inside Cybersecurity

    Messages from Black Hat: Cybersecurity tools are better, and the risk is worse [Black Hat USA 2018]

    A duality of messages permeated last week's Black Hat and Def Con conferences: Cybersecurity tools are improving, business and government entities alike are better organizing themselves, and yet, the cyber threat environment continues to darken and grow more dangerous.
    Read More
  • Aug 15, 2018 | Threatpost

    Microsoft Cortana Flaw Allows Web Browsing on Locked PCs [Black Hat USA 2018]

    Last week at Black Hat USA, researchers discussed another flaw (patched in June by Microsoft) dubbed “Open Sesame,” which also allowed an adversary to bypass a Windows 10 lock screen using the voice assistant aspect of Cortana; from there, they were able to unleash a number of “dangerous” functions.
    Read More
  • Aug 15, 2018 | Journal of Cyber Policy

    SOPHOS RELEASE IN-DEPTH REPORT ON ATYPICAL SAMSAM RANSOMWARE [Black Hat USA 2018]

    Sophos announced the publication of a detailed report on the notorious SamSam ransomware threat at Black Hat 2018. The 47-page report covers how the attacks began in 2016. It explores how SamSam targets victims in ways unlike any previous ransomware attack had before.
    Read More
  • Aug 15, 2018 | TechTarget

    Infosec mental health support and awareness hits Black Hat 2018 [Black Hat USA 2018]

    Rather than continue being reactive to social issues, Black Hat 2018 took steps to be more proactive in addressing and bringing awareness to the topic of infosec mental health.
    Read More
  • Aug 15, 2018 | Dark Reading

    Miller & Valasek: Security Stakes Higher for Autonomous Vehicles [Black Hat USA 2018]

    Valasek and Miller, now both principal security architects for autonomous-vehicle manufacturer Cruise Automation, at Black Hat USA last week mapped out the key issues surrounding securing this new generation of driverless cars, based on their past three years working in the self-driving vehicle industry collectively for Uber, Didi Chuxing, and now Cruise, of which General Motors is a majority owner.
    Read More
  • Aug 15, 2018 | Dark Reading

    2018 Pwnie Awards: Who Pwned, Who Got Pwned [Black Hat USA 2018]

    A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
    Read More
  • Aug 14, 2018 | Fedscoop

    Marines launch bug bounty at Las Vegas event [Black Hat USA 2018]

    he Hack the Marine Corps program, jointly created by the Department of Defense and vulnerability disclosure platform company HackerOne, launched Aug. 12 with a live hacking event in Las Vegas on the heels of the annual Black Hat and DEF CON hacker conventions. Hackers discovered 75 unique vulnerabilities during the event worth more than $80,000 in prizes.
    Read More
  • Aug 14, 2018 | Dark Reading

    Flaws in Mobile Point of Sale Readers Displayed at Black Hat [Black Hat USA 2018]

    Leigh-Anne Galloway and Tim Yunusov - Positive Technologies' security researcher and senior banking security expert, respectively - sought to answer that question in research presented at Black Hat USA and DEF CON.
    Read More
  • Aug 14, 2018 | WeLiveSecurity

    Black Hat 2018: AI was supposed to fix security – what happened? [Black Hat USA 2018]

    At Black Hat 2018 the aisles were bustling and activity kept ramping up, not subsiding. Last year there were no shortage of security breaches and they seem to be continuing unabated, so what happened with the promise of AI?
    Read More
  • Aug 14, 2018 | SecurityIntelligence

    A Black Hat Veteran Reflects on the Hot Topics at This Year’s Conference [Black Hat USA 2018]

    A somewhat less sexy topic that also got a lot of play at this year’s Black Hat is the evolving nature of vulnerability and threat management. Vulnerability management has been around for a while to help security teams scan their networks, rank vulnerabilities and remediate them with the resources they have.
    Read More
  • Aug 14, 2018 | Security Boulevard

    Industrial Control Gateways: It’s Like Exploiting in the 1990s [Black Hat USA 2018]

    “It’s like exploiting in the 1990s,” said Thomas Roth, a German security researcher and consultant who analyzed the firmware of industrial control gateways from several vendors over the past year. Roth presented his findings at the Black Hat USA security conference last week.
    Read More
  • Aug 14, 2018 | Mobile App Daily

    Blackberry's Latest Feature Makes Ransomware Recovery Quick And Easy [Black Hat USA 2018]

    The announcement was made on Monday at the Black Hat conference in Las Vegas. In a press release, BlackBerry called the feature a precise recovery tool with the ability to protect businesses against ransomware attack.
    Read More
  • Aug 14, 2018 | BleepingComputer

    VORACLE Attack Can Recover HTTP Data From VPN Connections [Black Hat USA 2018]

    A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions. The attack was discovered by security researcher Ahamed Nafeez, who presented his findings at the Black Hat and DEF CON security conferences held last week in Las Vegas.
    Read More
  • Aug 14, 2018 | GreekMoney.gr

    DIGITAL MONEYBlack Hat cyber security conference in Las Vegas: "Hackers can turn satellite into weapon" [Black Hat USA 2018]

    From the announcements at the Black Hat security conference in Las Vegas last week, the international community learned that malicious hackers could kill someone by remotely violating an implanted medical device such as a pacemaker or insulin pump.
    Read More
  • Aug 14, 2018 | The Parallax

    There’s more to election integrity than secure voting machines [Black Hat USA 2018]

    Researcher Carsten Schürmann revealed inconclusive results of a forensic examination of the solid-state drives of eight WinVote machines in a Thursday morning talk at the Black Hat USA security conference here. During his presentation, Schürmann, a professor at the IT University of Copenhagen and founder of the research project DemTech, emphasized two things: how little a WinVote autopsy reveals, and the importance of securing voting with paper trails and risk-limiting audits.
    Read More
  • Aug 14, 2018 | PC Magazine

    What We Saw at Black Hat 2018 [Black Hat USA 2018]

    From breaking voice authentication and remote-controlling airplanes to hijacking emergency sirens and protecting self-driving cars, this year's Black Hat conference was a wild ride.
    Read More
  • Aug 14, 2018 | eWeek

    NSA Research Looks at How Stress Impacts Cyber-Security Operations [Black Hat USA 2018]

    Celeste Lyn Paul, senior researcher, and Josiah Dykstra, deputy technical director of NSA Cyber-Security Operations, gave a presentation at Black Hat USA in Las Vegas on Aug. 8 titled "Stress and Hacking," which included details on research about the impact of stress on cyber-operations.
    Read More
  • Aug 14, 2018 | PC & Tech Authority

    Black Hat USA 2018: Car hackers Miller and Valasek now using their skills for good [Black Hat USA 2018]

    The duo last appeared at Black Hat two years ago when they revealed their hack of a Jeep Cherokee and announced their retirement from car hacking. But this latest appearance featured the two guys, who now work for Cruise - a GM division developing self-driving vehicles for ride-share businesses - discussing how they have used their hacking skills to help make the upcoming generation of autonomous vehicles as safe as possible from a cyber-attack.
    Read More
  • Aug 14, 2018 | SDxCentral

    IBM Hackers, Cloud Security Alliance Take On IoT at Black Hat [Black Hat USA 2018]

    The week before Black Hat, the FBI warned of cybercriminals hacking IoT devices and using those devices to attack other devices on the network. And at the annual security conference in Las Vegas, startup Armis surveyed 130 security professionals and found 93 percent of them expect nation-states will target or exploit connected devices in the next year.
    Read More
  • Aug 14, 2018 | TWiT

    HACKING THE MAC AT BLACK HAT AND DEF CON [Black Hat USA 2018]

    Security demonstrations at Black Hat and DEF CON 2018 include a remote macOS hack and invisible mouse clicks.
    Read More
  • Aug 14, 2018 | PC Magazine

    17 Remarkable (and Scary) Things We Saw at Black Hat 2018 [Black Hat USA 2018]

    The 2018 Black Hat conference—summer's week-long celebration of all things infosec—kicked off with an inspiring exhortation by Parisa Tabriz, Director of Engineering at Google. She urged attendees to forget the status quo and stop playing security Whack-A-Mole.
    Read More
  • Aug 13, 2018 | Decipher

    TRAILBLAZER HUNTS CREDENTIAL ABUSE IN AWS [Black Hat USA 2018]

    Netflix relies on Amazon Web Services for its infrastructure and computing needs, and needs to know when a credential is potentially compromised, Will Bengtson, a senior software security engineer at Netflix, said at Black Hat USA. Netflix has hundreds of thousands of virtual server instances on AWS and utilizes AWS Security Token Service to generate credentials for AWS Identity and Access Management.
    Read More
  • Aug 13, 2018 | SDxCentral

    Cisco Execs: Cryptomining, Election Security Threats Loom Large [Black Hat USA 2018]

    Talos is Cisco’s threat research team made up of about 300 researchers globally. Williams is the group’s director of outreach. He and other Talos members set up shop at a room with a fireplace inside the Irish Pub at Mandalay Bay during last week’s Black Hat security conference.
    Read More
  • Aug 13, 2018 | TechTarget

    Lessons learned from Meltdown and Spectre disclosure process [Black Hat USA 2018]

    During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre.
    Read More
  • Aug 13, 2018 | SecurityWeek

    IBM Describes AI-powered Malware That Can Hide Inside Benign Applications [Black Hat USA 2018]

    At the Black Hat conference on Thursday, IBM presented just one way that black hats could do just that: a new class of AI-enhanced malware attack it calls DeepLocker.
    Read More
  • Aug 13, 2018 | Security Now

    Microsoft Cortana Vulnerability Can Unlock a Locked Windows PC [Black Hat USA 2018]

    During last week's Black Hat conference in Las Vegas, researchers showed how Microsoft's Cortana virtual assistant could be used to bypass the Windows lock screen. The vulnerability affects Windows 10 machines and Windows 10 Servers.
    Read More
  • Aug 13, 2018 | Nextgov

    Hackers Target Marines for Pentagon's Latest Bug Bounty [Black Hat USA 2018]

    The challenge, dubbed “Hack the Marine Corps,” began with a live-hacking event in Las Vegas, where hackers from around the world gathered last week for the Black Hat USA, DefCon and BSides Las Vegas cybersecurity conferences.
    Read More
  • Aug 13, 2018 | Business Insider

    Hackers just spent the week in Las Vegas breaking into planes, politicians' websites, printers, heart monitors and slot machines [Black Hat USA 2018]

    Perhaps the most alarming Black Hat presentation for many this week came from Ruben Santamara of IOActive. He showed how by accessing a satellite communications network, he could access phones, tablets and laptops on planes as they flew overhead.
    Read More
  • Aug 13, 2018 | ZDNet

    The future of IoT? State-sponsored attacks, say security professionals [Black Hat USA 2018]

    During Black Hat, IoT security firm Armis surveyed over 130 IT and security professionals attending the conference in Las Vegas last week.
    Read More
  • Aug 13, 2018 | Dark Reading

    Social Engineers Show Off Their Tricks [Black Hat USA 2018]

    It's not every day you hear or see social engineers in action – well, knowingly, anyway – but that's exactly what the crowd did at Black Hat and DEF CON 2018 held last week in Las Vegas.
    Read More
  • Aug 13, 2018 | TechRepublic

    How unsecured gateways put emergency first responders in real, physical danger [Black Hat USA 2018]

    Organizations must stay vigilant in keeping their wireless networks safe and secure, which is something Shattuck hopes to bring to the forefront of conversation. He spoke about his findings at the 2018 Black Hat event in Las Vegas last week.
    Read More
  • Aug 13, 2018 | Dark Reading

    Hacker Unlocks 'God Mode' and Shares the 'Key' [Black Hat USA 2018]

    When a room filled with hundreds of security professionals erupts into applause, it's notable. When that happens less than five minutes into a presentation, it's remarkable. But that's what transpired when security researcher Christopher Domas last week showed a room at Black Hat USA how to break the so-called ring-privilege model of modern CPU security.
    Read More
  • Aug 13, 2018 | Silicon Republic

    Why Fortnite’s absence from the Google Play Store is a big security headache [Black Hat USA 2018]

    Last week, security researchers presenting at Black Hat revealed a compromise that could make Macs used for enterprises vulnerable the first time they connect to Wi-Fi.
    Read More
  • Aug 13, 2018 | BleepingComputer

    Backdoor Mechanism Discovered in VIA C3 x86 Processors [Black Hat USA 2018]

    At the Black Hat 2018 and DEF CON 26 security conferences held in Las Vegas last week, a security researcher detailed a backdoor mechanism in x86-based VIA C3 processors, a CPU family produced and sold between 2001 and 2003 by Taiwan-based VIA Technologies Inc.
    Read More
  • Aug 13, 2018 | Threatpost

    Black Hat 2018: Mobile APTs Redefining Phishing Attacks [Black Hat USA 2018]

    Mike Murray, vice president of security intelligence at Lookout, talks with Threatpost’s Tom Spring to discuss the latest trends in mobile advanced persistence threats (APTs).
    Read More
  • Aug 13, 2018 | Fox News

    Black Hat hacker says he accessed 'hundreds' of aircraft already in the sky [Black Hat USA 2018]

    The Black Hat cybersecurity conference currently being held in Las Vegas brings together a variety of experts to discuss the risks, pitfalls — and locations — of flaws in computer networks.
    Read More
  • Aug 13, 2018 | Security Boulevard

    Black Hat USA 2018: A SecOps Recap [Black Hat USA 2018]

    Last week, I had the pleasure of joining thousands of security researchers, vendors, marketers, press, and bloggers converging on the desert and Mandalay Bay for my first-ever Black Hat USA conference. Attendees discussed the newest research, latest technologies, scariest threats, and biggest trends in this crazy world of cybersecurity. If you weren’t lucky enough to be part of the fun, here’s a quick recap of Black Hat USA 2018 (aka Security Summer Camp).
    Read More
  • Aug 13, 2018 | GovernmentCIO Media

    Cellphone Privacy and Remote Hacking Policies Remain Blurry Areas [Black Hat USA 2018]

    “Almost everything we do today is stored in the cloud," she said in an Aug. 8 panel at Black Hat. "And the government’s argument for years has been . . . if you have information that is in the hands of third parties, it’s not private, not protected by the Fourth Amendment."
    Read More
  • Aug 13, 2018 | ESG Blogs

    Takeaways from Black Hat USA 2018 [Black Hat USA 2018]

    There was a lot to see and discuss at Black Hat – too much to elaborate on in a short blog. Nevertheless, here are a few things that stood out to me:
    Read More
  • Aug 13, 2018 | PC Magazine

    Hackers Can Exploit Fax Machines to Compromise Entire Networks [Black Hat USA 2018]

    At Black Hat 2018, for example, a researcher revealed that he was able to connect to the satellite communications systems of ships and aircraft inflight because the device's modems were accessible over the internet.
    Read More
  • Aug 13, 2018 | eWeek

    Cyber-Security Failure Brings Societal Risks: Black Hat Researchers [Black Hat USA 2018]

    The message was clear at this year's Black Hat conference: The "culture," for lack of a better term, of security must change, or society faces living in a world of perpetual cyber-risk.
    Read More
  • Aug 13, 2018 | CSO

    Take-aways from Black Hat USA 2018 [Black Hat USA 2018]

    Black Hat USA 2018 had record crowds, revealed a growing attack surface, and proved we have lots of work ahead.
    Read More
  • Aug 13, 2018 | Yahoo Finance

    How two car hackers plan to keep GM's self-driving cars safe [Black Hat USA 2018]

    Two famed car hackers have a plan to stop people like them from compromising the vehicles of their new employer — and, as outlined in a presentation Thursday afternoon at the Black Hat USA security conference here, it involves security addition through subtraction.
    Read More
  • Aug 13, 2018 | USA Today

    Hacks of Macs, Microsoft Cortana are two more reasons why you should install updates [Black Hat USA 2018]

    Security professionals have made those points for years, but two presentations at the Black Hat USA conference here provided fresh arguments for them – and signs companies are getting snappier at fixing vulnerabilities.
    Read More
  • Aug 12, 2018 | TechCrunch

    Nobody minding the store: Security in the age of the lowest bidder [Black Hat USA 2018]

    At last week’s Black Hat conference, its creator Jeff Moss mused: “attackers have strategies, but defenders only seem to have tactics.”
    Read More
  • Aug 12, 2018 | SiliconANGLE

    While the US hangs back, China and Europe seize control of internet policy [Black Hat USA 2018]

    Several of the commissioners, appearing in a panel discussion at Black Hat USA conference in Las Vegas on Thursday, sounded realistic about the current direction to create a set of common norms in concert with major nations of the world.
    Read More
  • Aug 12, 2018 | CSO

    Hacking pacemakers, insulin pumps and patients' vital signs in real time [Black Hat USA 2018]

    Medical device insecurity was covered at the recent Black Hat and Def Con security conferences in Las Vegas. One set of researchers showed off hacks to pacemakers and insulin pumps that could potentially prove lethal, while another researcher explained how hospital patients’ vital signs could be falsified in real time.
    Read More
  • Aug 11, 2018 | The Register

    Snap code snatched, Pentagon bans bands, pacemakers cracked, etc [Black Hat USA 2018]

    Infosec bods Billy Rios and Jonathan Butts reported the flaws over a year ago to the manufacturer, and this week spoke about their experiences in dealing with the biz, and the slow rate of progress in getting things fixed, at Black Hat USA 2018
    Read More
  • Aug 11, 2018 | MIT Technology Review

    AI for cybersecurity is a hot new thing—and a dangerous gamble [Black Hat USA 2018]

    Black Hat cybersecurity conference in Las Vegas, I was struck by the number of companies boasting about how they are using machine learning and artificial intelligence to help make the world a safer place.
    Read More
  • Aug 10, 2018 | The Telegraph

    Security flaws in ZTE phones mean they can be hacked to spy on users [Black Hat USA 2018]

    It’s not yet clear if the flaws in ZTE phones have been used by hackers to steal any data. The full research into the flaws is expected to be announced at the Black Hat cybersecurity conference in Las Vegas on Friday.
    Read More
  • Aug 10, 2018 | Threatpost

    Black Hat 2018: With Healthcare Security Flaws, Safety’s Increasingly at Stake [Black Hat USA 2018]

    At Black Hat today, a group of experts specializing in both healthcare and security from UC-San Diego and UC-Davis outlined how to exploit vulnerabilities in the Health Level 7 (HL7) standard – the protocol which acts as a common language in hospitals to transmits order or lab results – to change lab results coming from blood gas machines and urinalysis machines.
    Read More
  • Aug 10, 2018 | WIRED

    Millions of Android Devices Are Vulnerable Right Out of the Box [Black Hat USA 2018]

    That’s the key finding of new analysis from mobile security firm Kryptowire, which details troubling bugs preloaded into 10 devices sold across the major US carriers. Kryptowire CEO Angelos Stavrou and director of research Ryan Johnson will present their research, funded by the Department of Homeland Security, at the Black Hat security conference Friday.
    Read More
  • Aug 10, 2018 | Threatpost

    Black Hat 2018: Voice Authentication is Broken, Researchers Say [Black Hat USA 2018]

    However, according to two researchers John Seymour and Azeem Aqil, both with Salesforce’s research team, voice authentication for account access is extremely insecure. At a Black Hat session Thursday, the two showed how easy it is to spoof someone’s voice well enough to access protected accounts
    Read More
  • Aug 10, 2018 | The Verge

    Many Android devices ship with firmware vulnerabilities, researchers find [Black Hat USA 2018]

    The security lapses could lead to everything from letting an attacker lock someone out of their device, to getting control over their microphone and more — though most of the attacks that the researchers detailed required users to download some sort of malicious app before they could take advantage of the holes present in the firmware. Their research, funded by the Department of Homeland Security, is being presented today at the Black Hat USA security conference.
    Read More
  • Aug 10, 2018 | Threatpost

    Chris Valasek and Charlie Miller: How to Secure Autonomous Vehicles [Black Hat USA 2018]

    “We know [autonomous car security] is not perfect, but for the time being, it’s something,” said Miller, speaking at Black Hat 2018. Miller and Valasek, who last year joined GM’s self-driving car unit Cruise, also released a new report on the challenges and opportunities behind autonomous driving at the conference.
    Read More
  • Aug 10, 2018 | The Register

    The off-brand 'military-grade' x86 processors, in the library, with the root-granting 'backdoor' [Black Hat USA 2018]

    This weird and wonderful piece of semiconductor history was uncovered by Christopher Domas, an adjunct instructor at Ohio State University in the US, who presented his findings on Thursday at the 2018 Black Hat USA security conference in Las Vegas.
    Read More
  • Aug 10, 2018 | NBC

    Smartphones or pen and paper? Cybersecurity experts split on tech in voting [Black Hat USA 2018]

    Election hacking was one of the main themes at Black Hat, a conference in Las Vegas this week that brought together thousands of ethical hackers to discuss cybersecurity threats and solutions.
    Read More
  • Aug 10, 2018 | TechTarget

    2018 Pwnie Awards cast light and shade on infosec winners [Black Hat USA 2018]

    The Meltdown and Spectre research teams won big at the Pwnie Awards this year at Black Hat, while the late-entry Bitfi Wallet team overwhelmingly won for Lamest Vendor Response.
    Read More
  • Aug 10, 2018 | The Register

    Spec-exec CPU bugs sweep hacking Oscars – and John McAfee’s in there like a bullet [Black Hat USA 2018]

    This week, amid Black Hat USA 2018, they won a gong for the best privilege escalation bug, and also the award for the most innovative research, although when popping up to the stage to pick up their glammed up My Little Pony-style trophies, they said they honestly didn’t think that they had done the best research of the year.
    Read More
  • Aug 10, 2018 | Computer Business Review

    Kernel Attack Fully Compromises Windows Machines [Black Hat USA 2018]

    On Thursday at the Black Hat conference in Las Vegas, researchers from cybersecurity firm Endgame demonstrated how kernel attacks can go beyond standard malware and exploits to fully compromise a Windows machine with a fileless technique.
    Read More
  • Aug 10, 2018 | ZDNet

    PayPal, Square vulnerabilities impact mobile point-of-sale machines [Black Hat USA 2018]

    On Thursday at the Black Hat conference in Las Vegas, security experts from Positive Technologies said that vulnerabilities present in mPOS machines could allow unscrupulous merchants to raid the accounts of customers or attackers to steal credit card data.
    Read More
  • Aug 10, 2018 | ComputerWeekly

    NCR patches ATM vulnerabilities [Black Hat USA 2018]

    Criminals could steal cash in this way by taking advantage of poor physical security to connect a computer to the dispenser, Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov told attendees of the Black Hat USA security conference in Las Vegas.
    Read More
  • Aug 10, 2018 | SC Magazine

    Black Hat USA 2018: SamSam has yielded $6M for creators [Black Hat USA 2018]

    Peter MacKenzie, global malware escalations manager working in Sophos Technical Support, told SC Media during the Black Hat 2018 show in Las Vegas that 74 percent of known victims are located in the U.S., with the largest random payout topping $64,000.
    Read More
  • Aug 10, 2018 | Computer Business Review

    Research Revealed at Black Hat shows Airplane’s SATCOM’s are Hackable [Black Hat USA 2018]

    New research presented at Black Hat in Las Vegas has identified serious vulnerabilities within the satellite communication systems that connect Ships and Airplanes to the internet.
    Read More
  • Aug 10, 2018 | Help Net Security

    IoT malware found hitting airplanes’ SATCOM systems [Black Hat USA 2018]

    Ruben Santamarta, principal security consultant with IOActive, presented this latest research at this year’s Black Hat conference in Las Vegas, and showed that it’s possible for remote attackers to take control of airborne SATCOM equipment on in-flight commercial aircrafts, earth stations on vessels and those used by the US military in conflict zones.
    Read More
  • Aug 10, 2018 | SiliconANGLE

    At Black Hat, hacks of voting machines, satellites, pacemakers – and more to come [Black Hat USA 2018]

    n the heat of the desert summer, when the annual cybersecurity circus known as Black Hat comes to Las Vegas, no industry or technology is safe. Flaws are found, vulnerabilities are identified, fixes are issued (or not) and life in the digital world goes perilously onward.
    Read More
  • Aug 10, 2018 | The Daily Swig

    ‘Stay humble, keep learning, and have fun’ [Black Hat USA 2018]

    This year’s awards, part of the Black Hat conference, saw some big-name vulnerabilities scoop prizes, such as Meltdown/Spectre, which was named best privilege escalation bug.
    Read More
  • Aug 10, 2018 | CNET

    Equifax has a plan to win your trust back. It’ll take three years. [Black Hat USA 2018]

    CNET sat down with Farshchi at the Black Hat cybersecurity conference in Las Vegas on Thursday to discuss his plans, and the hardest part about trying to fix Equifax.
    Read More
  • Aug 10, 2018 | SDxCentral

    Alphabet’s Chronicle Exec Talks IoT Security [Black Hat USA 2018]

    Chronicle is a security company that spun out of Alphabet’s secretive X research lab. In an interview with SDxCentral at Black Hat, Caccia said IoT amplifies many of the challenges that companies still struggle with.
    Read More
  • Aug 10, 2018 | SecurityWeek

    Researcher Finds Hundreds of Planes Exposed to Remote Attacks [Black Hat USA 2018]

    Further research into satcom systems revealed the existence of various types of vulnerabilities, including insecure protocols, backdoors, and improper configuration that could allow attackers to take control of affected devices. The expert disclosed his findings this week at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 10, 2018 | heise

    Bug Bounty: Google hacker demands millions of Apple [Black Hat USA 2018]

    Since the introduction of Apple's bug-bounty program, he has had 30 bugs that can wipe out crucial parts of the iOS security model in more detail reported the iPhone maker, as Beer explained at the hacker conference Black Hat in Las Vegas.
    Read More
  • Aug 10, 2018 | heise

    MDM gap enabled complete Mac takeover on initial installation [Black Hat USA 2018]

    Brand new Apple computers were completely hijacked at the first network contact. Security researchers at the Black Hat conference in Las Vegas showed how a vulnerability in macOS High Sierra can be abused accordingly. Apple has closed the gap meanwhile.
    Read More
  • Aug 10, 2018 | The Register

    Can we talk about the little backdoors in data center servers, please? [Black Hat USA 2018]

    "They are basically a machine inside a machine – even if the server is down, as long as it has power, the BMCs will work,” said Nico Waisman, VP of security shop Immunity, in a talk at this year's Black Hat USA hacking conference on Thursday.
    Read More
  • Aug 10, 2018 | PC Magazine

    Self-Driving Cars Are Surprisingly Secure [Black Hat USA 2018]

    At the Black Hat 2018 conference, they revealed a surprising fact: self-driving cars are tougher to hack than their less-smart counterparts, and they're getting tougher.
    Read More
  • Aug 10, 2018 | PC Magazine

    Beware of Short-Distance Crypto Data Leaks [Black Hat USA 2018]

    The device doesn't store or send ones and zeroes; it sends wavelengths modulated to represent ones and zeroes. That's not a problem normally, and our devices act exactly as if they were pristinely digital. But, as a group of students and researchers demonstrated at Black Hat, bad things can happen when these digital signals interact with other components on popular chips.
    Read More
  • Aug 10, 2018 | TechRepublic

    Despite patches, Samsung Galaxy S7 open to Meltdown exploit and millions are affected [Black Hat USA 2018]

    Samsung Galaxy S7 smartphones are left open to hacking with microchip security flaw, according to research at the Black Hat conference.
    Read More
  • Aug 10, 2018 | Infosecurity Magazine

    Risk of Fraud in Mobile Point-of-Sale Device Flaw [Black Hat USA 2018]

    At yesterday’s final day of Black Hat USA 2018, researchers from Positive Technologies demonstrated how attackers could exploit a flaw in mobile point-of-sale (mPOS) devices to charge fraudulent transactions and alter the amount charged during a transaction.
    Read More
  • Aug 10, 2018 | eSecurity Planet

    How Netflix Secures AWS Cloud Credentials [Black Hat USA 2018]

    In a session at Black Hat USA, Will Bengtson, senior software security engineer on Netflix's security tools and operations team, explained some of the steps the streaming media giant takes to identify potentially compromised or unauthorized credentials.
    Read More
  • Aug 10, 2018 | eWeek

    Positive Technologies Reveals Mobile Point of Sale Device Flaws [Black Hat USA 2018]

    Leigh-Anne Galloway, cyber-security resilience lead, and Tim Yunusov, senior banking security expert at Positive Technologies, detailed their findings on mobile POS risks in a session at Black Hat USA here on Aug. 9.
    Read More
  • Aug 10, 2018 | Infosecurity Magazine

    Satellite Flaws Raise Aviation Fears [Black Hat USA 2018]

    IOActive’s Ruben Santamarta authored the first paper, launched at Black Hat yesterday, which is a follow-up to his 2014 research on satcom vulnerabilities.
    Read More
  • Aug 10, 2018 | ITProPortal

    Macs can be hacked by new security flaw [Black Hat USA 2018]

    Researchers have discovered an exploit that allowed them to remotely hack Apple's Mac computers right out of the box which they will demonstrate during this year's Black Hat security conference in Las Vegas.
    Read More
  • Aug 10, 2018 | TechRepublic

    How some business Macs could get hacked right out of the box [Black Hat USA 2018]

    Such attacks were demonstrated Thursday during the Black Hat security conference, according to the report. The attacks target enterprise devices that use Apple's device enrollment program (DEP) and its Mobile Device Management (MDM) platform.
    Read More
  • Aug 10, 2018 | The Register

    Say what you will about self-driving cars – the security is looking 'OK' [Black Hat USA 2018]

    The duo, who work for General Motors’ robo-automaker offshoot Cruise, told this year's Black Hat USA conference on Thursday while self-driving vehicles are much less hackable than you may think, there are still serious issues that need to be shored up. Given this is an emerging and fledgling market, it's in every manufacturer's interest to get security right, to avoid one PR nightmare crashing them all.
    Read More
  • Aug 10, 2018 | PC Magazine

    Black Hat: Google Chief Says Stop Playing Security Whack-A-Mole [Black Hat USA 2018]

    The 2018 Black Hat keynote kicked off with a celebration of noise, smoke, and lasers worthy of any Hollywood production. Last year's conference drew more than 17,000 attendees. Black Hat doesn't release totals until the event is complete, but this year may be even bigger. In keeping with the size of the crowd, the keynote took place in the sports arena of the Mandalay Bay Resort.
    Read More
  • Aug 10, 2018 | Channel Futures

    Black Hat: Sharing Information, Hiring and Retaining Women Cybersecurity Engineers [Black Hat USA 2018]

    And that's a wrap for this week's massive Black Hat USA 2018 conference in Las Vegas, which focused on latest opportunities to stop cybercriminals.
    Read More
  • Aug 9, 2018 | Business Insider

    An elite Google hacker is directly challenging Apple CEO Tim Cook to donate over $2 million to charity [Black Hat USA 2018]

    Ian Beer, a Google employee, tweeted during a talk at Black Hat, a high-profile security conference in Las Vegas
    Read More
  • Aug 9, 2018 | PC Magazine

    Satellite Communications Hacks Are Real, And They're Terrifying [Black Hat USA 2018]

    Where fiber and cell phones can't reach, satellite communications (SATCOM) systems pick up the slack. At the Black Hat security conference in Las Vegas, a security researcher demonstrated that not only are SATCOM systems vulnerable to attack, the consequences could be dire.
    Read More
  • Aug 9, 2018 | Fossbytes

    Black Hat 2018: Satellite Communication Systems Hackable; Threat For Aviation Industry [Black Hat USA 2018]

    Black Hat USA 2018 which commenced on August 4 has seen some of the famous researchers putting out their research works. While all the demos were impressive, one that stood out from the rest was a research activity from Ruben Santamarta of IOActive team.
    Read More
  • Aug 9, 2018 | TechTarget

    Irregularities discovered in WinVote voting machines [Black Hat USA 2018]

    At Black Hat 2018, security researcher Carsten Schuermann unveiled the results of a forensic analysis of eight WinVote voting machines that had been used in Virginia elections.
    Read More
  • Aug 9, 2018 | TechTarget

    Netflix launches tool for monitoring AWS credentials [Black Hat USA 2018]

    At Black Hat 2018, a Netflix security engineer introduced a new open source tool designed to more effectively monitor AWS credentials in large cloud environments, like Netflix's.
    Read More
  • Aug 9, 2018 | TechTarget

    Meltdown and Spectre disclosure suffered "extraordinary miscommunication" [Black Hat USA 2018]

    Speaking at a panel on Meltdown and Spectre disclosure at Black Hat 2018 Wednesday, Matt Linton, senior security engineer and self-described "chaos specialist" at Google's incident response team, explained how his company surprisingly fell through the cracks when it came time for the chip makers to notify OS vendors about the vulnerabilities.
    Read More
  • Aug 9, 2018 | SC Magazine

    Black Hat 2018: Retaining and promoting women cybersecurity staffers [Black Hat USA 2018]

    In her session "The Science of Hiring and Retaining Female Cybersecurity Engineers" at Black Hat 2018, Holtz boiled down the results of more than 100 reports conducted worldwide on the topic of women working in engineering and cybersecurity. She found, for the most part, that women want the same thing as men: job security, a chance to be promoted and fair pay.
    Read More
  • Aug 9, 2018 | Threatpost

    Black Hat 2018: Widespread Critical Flaws Found in Smart-City Gear [Black Hat USA 2018]

    Researchers from Threatcare and IBM X-Force Red joined forces to test several smart-city devices that are widely deployed, with the specific goal of investigating “supervillain-level” attacks from afar. The research, presented at Black Hat and DEF CON 2018, delved into three categories of devices: Intelligent transportation systems, disaster management and industrial IoT.
    Read More
  • Aug 9, 2018 | PC Magazine

    Black Hat Researcher Shows Why Air Gaps Won't Protect Your Data [Black Hat USA 2018]

    For your most important secrets, it isn't enough to simply have layers of security. The better option is to simply shun the internet and keep your computer safely offline behind what's called an air gap. But even without a connection to the internet, your secrets aren't necessarily safe, as security researcher Mordechai Guri demonstrated at the Black Hat conference.
    Read More
  • Aug 9, 2018 | CNET

    Why more people don't use simple two-factor authentication [Black Hat USA 2018]

    Yet, it's still a long way from widespread adoption, researchers from Indiana University said at the Black Hat security conference on Thursday. Indiana University Professor L. Jean Camp and Sanchari Das, a doctoral student at Indiana University Bloomington, conducted a study of 500 people to find out why the simple security measure isn't popular, despite its benefits and ease.
    Read More
  • Aug 9, 2018 | BBC News

    Warning over 'panic' hacks on cities [Black Hat USA 2018]

    "While no evidence exists that such attacks have taken place, we have found vulnerable systems in major cities in the US, Europe and elsewhere.” The team plans to explain the vulnerabilities at Black Hat - a cyber-security conference - on Thursday.
    Read More
  • Aug 9, 2018 | Threatpost

    Hacking For Sport: A Journey in Reverse Engineering a Toshiba Wireless SD Card [Black Hat USA 2018]

    At a Black Hat session here on Wednesday, Valadon demonstrated how he hacked the Toshiba FlashAir SD storage card and was able to execute code on the card. The challenge, he pointed out, was that the card was a virtual black box. He had nothing to go by – from the unidentified OS running on the card, the mystery firmware and a custom unidentified Toshiba chipset.
    Read More
  • Aug 9, 2018 | Fifth Domain

    New research says ZTE phones could be hacked [Black Hat USA 2018]

    Fifth Domain reported earlier this week that research funded by the Department of Homeland Security’s Science and Technology Directorate has found a “slew” of vulnerabilities in millions of mobile devices offered by U.S. cell phone carriers. The research is expected to be formally announced during the Black Hat conference in Las Vegas Aug. 10
    Read More
  • Aug 9, 2018 | Vice Motherboard

    Google Hacker Asks Tim Cook to Donate $2.45 Million In Unpaid iPhone Bug Bounties [Black Hat USA 2018]

    On Wednesday, after a talk at the Black Hat security conference in Las Vegas, Beer tweeted a message to Apple’s CEO Tim Cook, challenging him to pay for each bug he has reported since 2016, and asking him to donate $2.45 million to to human rights group Amnesty International.
    Read More
  • Aug 9, 2018 | Fast Company

    Researchers find security flaws in “smart city” technology [Black Hat USA 2018]

    The researchers say they found a total of 17 vulnerabilities across systems used in smart-city technology from Libelium, Echelon and Battelle. Each of the vendors has released patches to fix the bugs, which the researchers are announcing at the Black Hat security conference, in Las Vegas.
    Read More
  • Aug 9, 2018 | WIRED

    A NEW PACEMAKER HACK PUTS MALWARE DIRECTLY ON THE DEVICE [Black Hat USA 2018]

    At Black Hat, Rios and Butts will demonstrate a series of vulnerabilities in how pacemaker programmers connect to Medtronic's software delivery network. The attack also capitalizes on a lack of "digital code signing"—a way of cryptographically validating the legitimacy and integrity of software—to install tainted updates that let an attacker control the programmers, and then spread to implanted pacemakers.
    Read More
  • Aug 9, 2018 | Threatpost

    Google Bug Hunter Urges Apple to Change its iOS Security Culture [Black Hat USA 2018]

    Since 2016, the Project Zero team member said he has found over 30 iOS bugs. In his Black Hat session “A Brief History of Mitigation: The Path to EL1 in iOS 11” he reviewed the “async_wake” exploit for iOS 11.1.2 he released in December along with reviewing nearly a half dozen additional bugs he suggested Apple dragged its feet to fix.
    Read More
  • Aug 9, 2018 | Politico

    Research: Smart cities are dumb on defense [Black Hat USA 2018]

    Your MC host is navigating the overflowing toilets, cooked crytopjacking router eggs and APT DARKPIGEONs of Mandalay Bay in Las Vegas, but mostly spent time Wednesday getting lost at the Black Hat conference. Here are some highlights of various chats, speakers and other news from Black Hat and the forthcoming DEF CON.
    Read More
  • Aug 9, 2018 | Fifth Domain

    New research says ZTE phones could be hacked [Black Hat USA 2018]

    Fifth Domain reported earlier this week that research funded by the Department of Homeland Security’s Science and Technology Directorate has found a “slew” of vulnerabilities in millions of mobile devices offered by U.S. cell phone carriers. The research is expected to be formally announced during the Black Hat conference in Las Vegas Aug. 10
    Read More
  • Aug 9, 2018 | Forbes

    This Guy Hacked Hundreds Of Planes From The Ground [Black Hat USA 2018]

    Throughout November and December last year, Ruben Santamarta was sat in front of his computer peeking inside the technical bowels of hundreds of aircraft flying thousands of meters above him. That included commercial aircraft operated by some of the biggest airlines in the world.
    Read More
  • Aug 9, 2018 | Cyber Security Hub

    Black Hat Day 2 Coverage Centers Around Mobile Sec, AI & ML [Black Hat USA 2018]

    Black Hat Day 2 was loaded with pertinent content, interactive sessions, outreach creativity, booth demos and more cyber excitement.
    Read More
  • Aug 9, 2018 | SC Magazine

    Black Hat USA 2018: Analysis of email address in Mueller indictments exposes 9M weaponized email accounts [Black Hat USA 2018]

    Researchers ran the 4.7 milllion-strong batch against the FCC's efforts to accept public comments regarding its net neutrality repeal effort and found more than 30,000 accounts generating comments -- many of them the exact same message, which were posted “all in one second,” indicating an enormous botnet intended to “influence policy discourse,” Minder said.
    Read More
  • Aug 9, 2018 | Las Vegas Sun

    Black Hat: Voting Machine Hack [Black Hat USA 2018]

    Carsten Schuermann, associate professor at IT University of Copenhagen, presents a session called “Lessons from Virginia - A Comparative Forensic Analysis of WINVote Voting Machines” at the Black Hat USA cyber security convention in Mandalay Bay Thursday, Aug. 9, 2018.
    Read More
  • Aug 9, 2018 | The Register

    Should I infect this PC, wonders malware. Let me ask my neural net... [Black Hat USA 2018]

    DeepLocker was developed by IBM eggheads, and is due to be presented at the Black Hat USA hacking conference in Las Vegas on Thursday. It uses a convolutional neural network to stay inert until the conditions are right to pounce.
    Read More
  • Aug 9, 2018 | The Guardian

    Hacked satellite systems could launch microwave-like attacks, expert warns [Black Hat USA 2018]

    According to research presented at the Black Hat information security conference in Las Vegas, a number of popular satellite communication systems are vulnerable to the attacks, which could also leak information and hack connected devices. The attacks, which are merely a nuisance for the aviation sector, could pose a safety risk for military and maritime users, the research claims.
    Read More
  • Aug 9, 2018 | The Guardian

    Hackable implanted medical devices could cause deaths, researchers say [Black Hat USA 2018]

    In new research presented at the Black Hat information security conference, a pair of security researchers remotely disabled an implantable insulin pump, preventing it from delivering the lifesaving medication, and then took total control of a pacemaker system, allowing them to deliver malware directly to the computers implanted in a patient’s body.
    Read More
  • Aug 9, 2018 | SDxCentral

    Microsoft- and Facebook-Led Cybersecurity Tech Accord Tackles Router Security [Black Hat USA 2018]

    In an interview at Black Hat with SDxCentral, Johnnie Konstantas, senior director of Microsoft’s Enterprise Cybersecurity group, said the Cybersecurity Tech Accord and other collaborative efforts show that Microsoft is committed to working with tech companies — as well as public-sector groups and law enforcement — to advance security for customers and the general public.
    Read More
  • Aug 9, 2018 | Fortune

    Are Trading Apps Safe? Not All of Them, Report Finds [Black Hat USA 2018]

    Ten of the 80 applications tested over a one-year period store passwords of subscribers without encryption, a flaw that could lead to funds being stolen, IOActive reported at the Black Hat cybersecurity conference Thursday in Las Vegas.
    Read More
  • Aug 9, 2018 | WIRED

    HACKING A BRAND NEW MAC REMOTELY, RIGHT OUT OF THE BOX [Black Hat USA 2018]

    That attack, which researchers will demonstrate Thursday at the Black Hat security conference in Las Vegas, targets enterprise Macs that use Apple's Device Enrollment Program and its Mobile Device Management platform.
    Read More
  • Aug 9, 2018 | The Daily Swig

    Under the hood: New tool simplifies the vulnerability replication process [Black Hat USA 2018]

    Developers seeking to reproduce issues discovered by pen testers were given a deep dive into PortSwigger's Replicator BApp yesterday at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 9, 2018 | WIRED

    BUGS IN MOBILE CREDIT CARD READERS COULD EXPOSE BUYERS [Black Hat USA 2018]

    All four manufacturers are addressing the issue, and not all models were vulnerable to all of the bugs. In the case of Square and PayPal, the vulnerabilities were found in third-party hardware made by a company called Miura. The researchers are presenting their findings Thursday at the Black Hat security conference.
    Read More
  • Aug 9, 2018 | Bloomberg

    Trading Apps Expose Investors to Cyber Criminals, Report Finds [Black Hat USA 2018]

    Ten of the 80 applications tested over a one-year period store passwords of subscribers without encryption, a flaw that could lead to funds being stolen, IOActive reported at the Black Hat cybersecurity conference Thursday in Las Vegas.
    Read More
  • Aug 9, 2018 | Ars Technica

    In-vehicle wireless devices are endangering emergency first responders [Black Hat USA 2018]

    Shattuck said he has spent the past 22 months investigating the problem and helping wireless gateway providers—which, besides Sierra Wireless, also includes Moxa and Digi—to begin fixing it. Despite the efforts, he said scans regularly show large numbers of unsecured devices continue to expose not only emergency first responders but also remote pipelines, hydrogen refueling stations, traffic monitoring systems, tolls, bridges, and airports. Now, after almost two years of keeping the problem a carefully guarded secret, he plans to discuss it in detail Thursday at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 9, 2018 | Vice Motherboard

    Zero-Day Shop Opens the Floodgates for People to Sell Exploits to Governments [Black Hat USA 2018]

    “We are now dealing with researchers who are not on the market,” Andrea Zapparoli Manzoni, the director of Crowdfense, told Motherboard in an interview at the annual Black Hat hacking conference on Thursday.
    Read More
  • Aug 9, 2018 | CNET

    Smart cities around the world were exposed to simple hacks [Black Hat USA 2018]

    Jennifer Savage, a security researcher from Threatcare, and Daniel Crowley, a research director with IBM's X-Force Red, disclosed their findings at the Black Hat cybersecurity conference in Las Vegas on Thursday.
    Read More
  • Aug 9, 2018 | eWeek

    Researchers Reveal Smart City System Flaws at Black Hat [Black Hat USA 2018]

    A pair of researchers from IBM and Threatcare have discovered 17 vulnerabilities across three different manufacturers and four different smart city products and will detail their findings at Black Hat USA here on Aug. 9.
    Read More
  • Aug 9, 2018 | ITProPortal

    Blockchain may not be the answer to security worries, Google chief says [Black Hat USA 2018]

    During the start of this year's Black Hat USA conference in Las Vegas, Director of Engineering and head of Project Zero at Google, Parisa Tabriz shared her insights from working on the search giant's bug-hunting team and the push to label non-HTTPS websites as insecure.
    Read More
  • Aug 9, 2018 | Ars Technica

    Hack causes pacemakers to deliver life-threatening shocks [Black Hat USA 2018]

    At the Black Hat security conference in Las Vegas, researchers Billy Rios and Jonathan Butts said they first alerted medical device maker Medtronic to the hacking vulnerabilities in January 2017. So far, they said, the proof-of-concept attacks they developed still work. The duo on Thursday demonstrated one hack that compromised a CareLink 2090 programmer, a device doctors use to control pacemakers after they’re implanted in patients.
    Read More
  • Aug 9, 2018 | eWeek

    Car Hackers Discuss What It Takes to Secure Autonomous Vehicles [Black Hat USA 2018]

    Three years ago at the Black Hat conference, Charlie Miller and Chris Valasek (pictured) detailed flaws in Chrysler cars that led to the recall of millions of vehicles. The pair have now changed their focus from offense to defense, detailing ways to help secure autonomous vehicles at the Black Hat USA 2018 event on Aug. 9.
    Read More
  • Aug 9, 2018 | SC Media

    Black Hat USA 2018: IBM X-Force finds 17 zero-day vulnerabilities in four smart city systems [Black Hat USA 2018]

    The study, released by IBM's X-Force Red Team today at Black Hat 2018, looked at four common devices and found 17 vulnerabilities, nine of which were considered critical in nature, said Daniel Crowley, research baron at IBM X-Force Red. These included ICS components, devices used in conjunction with connected cars, and other products that control various types of sensors.
    Read More
  • Aug 9, 2018 | ZDNet

    Smart city systems are riddled with critical security vulnerabilities [Black Hat USA 2018]

    At the Black Hat conference in Las Vegas on Monday, the cybersecurity firm's X-Force Red team of penetration testers and hackers demonstrated how old-school threats are placing the cities of the future at risk in the present day.
    Read More
  • Aug 9, 2018 | The Daily Swig

    Black Hat 2018: ‘We are now being tested. Are we as good as we say we are?’ [Black Hat USA 2018]

    And with global spending on cybersecurity products and services expected to exceed $1 trillion cumulatively between 2017 and 2021, the growth of information security as an industry is no more evident than at Black Hat, taking place this week in Las Vegas.
    Read More
  • Aug 9, 2018 | golem.de

    Long breath for IT security [Black Hat USA 2018]

    Google security expert Parisa Tabriz opens Las Vegas Black Hat conference. She wants more transparency and collaboration, and uses site isolation in Chrome to explain the challenges that sometimes need to be overcome in the event of major security enhancements.
    Read More
  • Aug 9, 2018 | Journal of Cyber Policy

    BLACK HAT 2018 KEYNOTE: COMING TOGETHER TO TACKLE ROOT CAUSES OF CYBER VULNERABILITY [Black Hat USA 2018]

    Parisa Fabriz, Director of Engineer at Google, ascended a round stage at Black Hat 2018 that had been covered until moments earlier with a projection of the moon’s surface. The whole celestially themed warm up to the speech, with copious smoke effects and spinning spotlights, seemed a tad overproduced. The moon like stage sat against a backdrop of shooting stars and floating galaxies.
    Read More
  • Aug 9, 2018 | MSSP Alert

    10 Managed Security Developments at Black Hat USA 2018 - Day 3 [Black Hat USA 2018]

    This week’s Black Hat USA 2018 conference in Las Vegas continues to generate new products and services designed for MSSPs and channel partners that are pushing deeper into managed security, managed detection and response (MDR), and more.
    Read More
  • Aug 9, 2018 | PC Magazine

    Are Hackers Happy? No, They're Probably Stressed Out [Black Hat USA 2018]

    During a panel here at Black Hat, Dr. Celeste Lyn Paul, a senior researcher with the NSA, pointed out that it was one of four conference tracks focusing on mental health; others cover addiction, PTSD, and avoiding burnout and depression.
    Read More
  • Aug 9, 2018 | PC Magazine

    Compression and VPNs Make for Leaked Secrets [Black Hat USA 2018]

    Nafeez noticed that OpenVPN, a popular VPN protocol, has compression enabled by default. This is used by several VPN companies, many of which, Nafeez said, leave compression on by default. In the research he presented at Black Hat, Nafeez didn't use a VPN provided by VPN company like TunnelBear or NordVPN$2.75 at NordVPN - Limited Deal. Instead, he used the OpenVPN code and rolled his own.
    Read More
  • Aug 9, 2018 | PC Magazine

    It Takes Just $200 to Tie Cell Networks in Knots [Black Hat USA 2018]

    Most of the attacks featured at the Black Hat conference in Las Vegas hinge on stealing money, exfiltrating data, or, in extreme cases, blowing up factories with bubbles.
    Read More
  • Aug 9, 2018 | eSecurity Planet

    How Blackberry Does Secure Release Management [Black Hat USA 2018]

    Gadsby shared her experience and some templates during a session at the Black Hat USA 2018 conference titled, "Stop that Release, There's a Vulnerability!" The session was one of ten must-see sessions we noted earlier this week.
    Read More
  • Aug 9, 2018 | eWeek

    F5 Details Cellular Gateway IoT Flaws at Black Hat [Black Hat USA 2018]

    Cellular gateways are leaking information that could be exposing critical infrastructure to risk. That's the conclusion of Justin Shattuck, principal threat researcher for F5 Labs, who talked about the issue of cellular gateway flaws for internet of things (IoT) in a session at Black Hat USA here on Aug .9.
    Read More
  • Aug 9, 2018 | Dark Reading

    Dark Reading News Desk Live at Black Hat USA 2018 [Black Hat USA 2018]

    Whether you are hitting the Mandalay Bay for the Black Hat USA 2018 conference this week or peeking at the news feeds from afar, keep your browser open here from 2 pm to 6 pm Eastern (11 - 3 Pacific) on Wednesday, Aug. 8 and Thursday Aug. 9. The Dark Reading News Desk will once again be streaming live.
    Read More
  • Aug 9, 2018 | ZDNet

    Open, Cortana: Voice assistant used to bypass locked Windows 10 machine security [Black Hat USA 2018]

    Researchers have revealed how Microsoft's Cortana could be used to bypass the security protection of Windows 10.
    Read More
  • Aug 9, 2018 | Fox 5 Las Vegas

    Tips to protect your data and privacy from hackers at Black Hat [Black Hat USA 2018]

    The annual Black Hat conference brings together some of the most tech-savvy minds from across the world.
    Read More
  • Aug 9, 2018 | eSecurity Planet

    10 Vendors Making News at Black Hat USA 2018 [Black Hat USA 2018]

    The core of the Black Hat USA conference is security research, but in recent years it has also become a chance for cybersecurity vendors to unveil new products.
    Read More
  • Aug 9, 2018 | Las Vegas Review Journal

    Black Hat experts in Las Vegas address hacking cars, medical devices [Black Hat USA 2018]

    Security experts at the Black Hat conference Thursday in Las Vegas sought to alleviate fears about the ease of hacking autonomous cars.
    Read More
  • Aug 8, 2018 | Las Vegas Review Journal

    Black Hat conference in Las Vegas addresses cryptocurreny theft [Black Hat USA 2018]

    The rise of cryptocurrencies is creating more opportunities for cyber criminals to steal, according to Cisco Systems. Crypto phishing — sending emails or creating websites that resemble a trusted crypto company — and cryptojacking — using another person’s computer to mine currencies — are two new methods that are increasingly used, Cisco representatives told a attendees Wednesday at the Black Hat conference in Las Vegas.
    Read More
  • Aug 8, 2018 | Politico

    Staying off DEF CON’s ‘Wall of Sheep’ [Black Hat USA 2018]

    AVOIDING THE WALL OF SHEEP — The meat of the Black Hat and DEF CON hacker conferences kick off today in Las Vegas, where your MC host stepped off his plane into the 106-degree heat, and we imagine some people at Mandalay Bay and Caesar’s Palace — home to the respective events — might be reading this newsletter. Nobody in the business, whether journalists, hackers or whoever, wants to end up on the dreaded DEF CON “Wall of Sheep” that memorializes insecure visitors by the hundreds or even thousands annually. Conference officials with both events have some tips.
    Read More
  • Aug 8, 2018 | Wired

    Online Stock Trading Has Serious Security Holes [Black Hat USA 2018]

    IT’S NEVER BEEN easier to trade stocks; just a few taps or clicks will do the trick. But most of the platforms that millions of market participants rely on to move their money suffer from cybersecurity shortcomings, new research warns. As if stocks weren’t risky enough already.
    Read More
  • Aug 8, 2018 | TechCrunch

    Hack the planet: vulnerabilities unearthed in satellite systems used around the globe [Black Hat USA 2018]

    So this is bad. Black Hat, the king of enterprise security conventions, kicked off today, and most noticeable amid the fusillade of security research was some impressive work from Ruben Santamarta of IOActive, whose team has unearthed worrying vulnerabilities in satellite communication systems, aka SATCOM, used by airplanes, ships and military units worldwide.
    Read More
  • Aug 8, 2018 | CNET

    This cryptocurrency-mining router got hot enough to fry an egg, so we did [Black Hat USA 2018]

    This egg is being cooked on top of a router that's overheated thanks to malware that mines for cryptocurrency. It tasted awful.
    Read More
  • Aug 8, 2018 | PC Magazine

    Can Security Software Compromise Your Privacy? [Black Hat USA 2018]

    Security tools should eliminate bad files and leave good ones alone. But some handle unknowns by sending them to the cloud for analysis, and that analysis can compromise your privacy, according to a talk at Black Hat.
    Read More
  • Aug 8, 2018 | CNBC

    Cybersecurity expert found people could hack computers using Microsoft's Cortana [Black Hat USA 2018]

    Tal Be’ery, Kzen Networks co-founder, sits down with CNBC's Josh Lipton at the Black Hat Conference in Las Vegas to discuss how he uncovered a security flaw that allows hackers to access computers by targeting Microsoft’s Cortana.
    Read More
  • Aug 8, 2018 | CNBC

    Samsung Galaxy S7 smartphones are vulnerable to hacking: Researchers [Black Hat USA 2018]

    Samsung's Galaxy S7 smartphones contain a microchip security flaw, uncovered earlier this year, that put tens of millions of devices at risk to hackers looking to spy on their users, researchers told Reuters.
    Read More
  • Aug 8, 2018 | Dark Reading

    Understanding Firewalls: Build Them Up, Tear Them Down [Black Hat USA 2018]

    A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
    Read More
  • Aug 8, 2018 | Channel Partners Online

    Black Hat: Collaboration Needed to Fight Cybercriminals [Black Hat USA 2018]

    BLACK HAT USA — More collaboration among cybersecurity providers is needed to continue making progress against ever-increasing cyber threats.
    Read More
  • Aug 8, 2018 | SecurityIntelligence

    DeepLocker: How AI Can Power a Stealthy New Breed of Malware [Black Hat USA 2018]

    Cybersecurity is an arms race, where attackers and defenders play a constantly evolving cat-and-mouse game. Every new era of computing has served attackers with new capabilities and vulnerabilities to execute their nefarious actions.
    Read More
  • Aug 8, 2018 | eWeek

    IBM Demonstrates DeepLocker AI Malware at Black Hat [Black Hat USA 2018]

    IBM researchers have developed a new proof of concept malware that can be highly targeted and very difficult to detect.
    Read More
  • Aug 8, 2018 | Reuters

    New genre of artificial intelligence programs take computer hacking to another level [Black Hat USA 2018]

    SAN FRANCISCO (Reuters) - The nightmare scenario for computer security - artificial intelligence programs that can learn how to evade even the best defenses - may already have arrived.
    Read More
  • Aug 8, 2018 | The Register

    Google Project Zero boss: Blockchain won’t solve your security woes – but partying just might [Black Hat USA 2018]

    Black Hat Parisa Tabriz, a director of engineering at Google and head of the web giant's Project Zero bug-hunting squad, today opened this year's Black Hat USA conference with a reminder that partying is key to securing software.
    Read More
  • Aug 8, 2018 | CNET

    Google doesn't want you to have to think about cybersecurity [Black Hat USA 2018]

    Your safety online shouldn't be your problem -- it should be the tech giants'.
    Read More
  • Aug 8, 2018 | eWeek

    Google Exec Says It's Time to Stop Playing Whack-a-Mole with Security [Black Hat USA 2018]

    BLACK HAT USA: Parisa Tabriz, director of engineering at Google doesn't want organizations to just focus on fixing bugs, she says they should look at root causes.
    Read More
  • Aug 8, 2018 | SC Magazine

    Google's Tabriz calls for more collaboration in Black Hat keynote [Black Hat USA 2018]

    Google's Director of Engineering Parisa Tabriz kicked off Black Hat 2018 with a wide-ranging keynote address this morning at the Mandalay Bay Events Center calling the industry's current approach to cybersecurity insufficient.
    Read More
  • Aug 8, 2018 | TechTarget

    Parisa Tabriz's Black Hat 2018 keynote challenges infosec's status quo [Black Hat USA 2018]

    In her Black Hat 2018 keynote, Google's Parisa Tabriz celebrated the unrecognized, long-term work that can cause real change in security and challenge the status quo.
    Read More
  • Aug 8, 2018 | CNET

    Voice of concern: Smart assistants are creating new openings for hackers [Black Hat USA 2018]

    Let's talk about the security of smart speakers.
    Read More
  • Aug 8, 2018 | CNET

    Samsung Galaxy 7 vulnerable to hacking due to flaw, researchers say [Black Hat USA 2018]

    Samsung phones were previously thought to be immune to Meltdown, which is said to endanger most computing devices. The team will release its findings at the Black Hat security conference in Las Vegas on Thursday.
    Read More
  • Aug 8, 2018 | 3 News Las Vegas

    Annual Black Hat Convention in Las Vegas expected to draw the largest crowd ever this year [Black Hat USA 2018]

    It's the largest conference of its kind in the United States, bringing together like-minded computer types with a singular purpose: Hackers!
    Read More
  • Aug 8, 2018 | Threatpost

    Black Hat 2018: Bridging the Gap Between Complex Security Landscapes [Black Hat USA 2018]

    At Black Hat, Google’s Parisa Tabriz discussed how to navigate the complex security environment with long-term thinking and a policy of open collaboration.
    Read More
  • Aug 8, 2018 | eWeek

    Black Hat Talk Reveals How Embedded Systems Expose Airlines to Risk [Black Hat USA 2018]

    Security firm IOActive is set to disclose multiple vulnerabilities in the embedded systems used for satellite communications and in-flight WiFi, revealing the larger challenge of supply chain risk.
    Read More
  • Aug 8, 2018 | CRN

    20 Hot Cybersecurity Products Announced At Black Hat 2018 [Black Hat USA 2018]

    Vendors are taking advantage of Black Hat 2018's bright spotlight to launch new cybersecurity products, features and platforms that will set the stage for the year to come. For the more than 300 exhibitors expected at Black Hat, the massive gathering provides a chance to explore new strategic directions and evangelize new products to an audience of more than 17,000.
    Read More
  • Aug 8, 2018 | Silicon

    IBM DeepLocker Turns AI Into Hacking Weapon [Black Hat USA 2018]

    The IBM presentation of DeepLocker at the Black Hat USA 2018 conference on Wednesday comes amid concern that cybercriminals will turn to AI to help them bypass the very best cyber defences.
    Read More
  • Aug 8, 2018 | Las Vegas Review Journal

    Cybersecurity professionals flock to Las Vegas for Black Hat [Black Hat USA 2018]

    Black Hat USA, the largest annual cybersecurity conference, is expecting a record 17,000 attendees during its six-day run at the Mandalay Bay Convention Center this week.
    Read More
  • Aug 8, 2018 | PC Magazine

    Black Hat 2018: What to Expect [Black Hat USA 2018]

    Black Hat is known for its showmanship as much as its research. Previous years have seen hacked Linux rifles, ATMs spewing $100 bills, insecure satellite phones, and high-tech "smart" cars driven off the road by researchers.
    Read More
  • Aug 8, 2018 | eSecurity Planet

    Demisto Demonstrates Tool to Validate IOC Detection at Black Hat [Black Hat USA 2018]

    Organizations typically get all manner of threat reports providing Indicators of Compromise (IOCs) warning them know they might be under cyber attack. But how can an organization know if their systems are properly identifying the IOCs? That's a question that Lior Kolnik, head of security research at security firm Demisto, wants to help organizations answer. Kolnik is set to detail his research alongside a new tool at the Black Hat USA 2018 conference on Aug. 8
    Read More
  • Aug 8, 2018 | Threatpost

    Podcast: enSilo CEO on Black Hat USA 2018 Top Trends [Black Hat USA 2018]

    As Black Hat’s keynote kicks off today, Threatpost pinpoints the most popular trends of the conference with enSilo’s CEO.
    Read More
  • Aug 8, 2018 | Infosecurity Magazine

    #BHUSA: Better Collaboration and Recognition Can Make a Safer Internet [Black Hat USA 2018]

    Delivering the keynote address at Black Hat USA in Las Vegas, Google’s director of engineering Parisa Tabriz talked about the need to collaborate, celebrate progress and recognize those doing the defensive work.
    Read More
  • Aug 8, 2018 | SDxCentral

    Google’s Project Zero Chief: Stop Playing Security Whack-A-Mole [Black Hat USA 2018]

    It’s time to stop treating security problems like a game of Whack-A-Mole, Google’s Parisa Tabriz said during the keynote today at Black Hat 2018. Oh, and blockchain isn’t the magic bullet. “Blockchain is not going to solve all our security problems,” she quipped.
    Read More
  • Aug 8, 2018 | Threatpost

    Black Hat 2018: Google’s Tabriz Talks Complex Security Landscapes [Black Hat USA 2018]

    At Black Hat, Google’s Parisa Tabriz discussed how to navigate the complex security environment with long-term thinking and a policy of open collaboration.
    Read More
  • Aug 8, 2018 | The Parallax

    Google’s ‘Security Princess’ calls for stronger collaboration [Black Hat USA 2018]

    ”The blockchain is not going to solve all our problems,” Parisa Tabriz, Google’s head of security for the Chrome browser and leader of the Project Zero security vulnerability-hunting team, told an audience of more than 6,000 to kick off the Black Hat conference here.
    Read More
  • Aug 8, 2018 | Dark Reading

    Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push [Black Hat USA 2018]

    As Black Hat founder Jeff Moss put it in his introduction, there are "maybe 20 companies in the world who are in a position to actually do something about raising the level of security and resiliency for all of us."
    Read More
  • Aug 8, 2018 | Fox 5 Las Vegas

    Airplane hacking explained at Black Hat 2018 [Black Hat USA 2018]

    lack Hat 2018 is in full swing at Mandalay Bay. The annual event began in 1997 and brings in more than 17,000 hackers and cyber security experts. Every year, the event focuses on security concerns, and this year, there's a big one, shared by Ruben Santamarta.
    Read More
  • Aug 8, 2018 | MSSP Alert

    10 Managed Security Developments at Black Hat USA 2018 - Day 2 [Black Hat USA 2018]

    New products, services and partnerships designed for MSSPs and channel partners are surfacing at this week’s Black Hat USA 2018 conference in Las Vegas. Here are Day Two conference highlights involving cloud, artificial intelligence, endpoint security, vulnerability management and more.
    Read More
  • Aug 8, 2018 | Dark Reading

    No, The Mafia Doesn't Own Cybercrime: Study [Black Hat USA 2018]

    Lusthaus found an interesting paradox: While many of the people he interviewed believed organized crime plays a major role in cybercrime, few were able to provide examples. "Many participants in this study believed that organized crime involvement in cybercrime was substantial. But when pressed, this appeared to be a theoretical rather than an empirical view," he wrote in a white paper he released in conjunction with his Black Hat presentation.
    Read More
  • Aug 8, 2018 | The Wall Street Journal

    Cybersecurity Burnout Can Trigger Frustration, Stress and Depression [Black Hat USA 2018]

    Mental health is in the spotlight at Black Hat this year, with several panels advising organizations on ways to combat depression, burnout, suicide and post-traumatic stress in the cybersecurity community.
    Read More
  • Aug 8, 2018 | The Wall Street Journal

    Reporter’s Notebook: Black Hat Summer Camp for Hackers [Black Hat USA 2018]

    About 17,000 researchers, academics and cybersecurity professionals from the public and private sectors have descended on Las Vegas this week for what some refer to as summer camp for hackers.
    Read More
  • Aug 8, 2018 | The Wall Street Journal

    Google’s Director of Engineering on How to Build a Cyber Defense Strategy [Black Hat USA 2018]

    In cybersecurity, the bad guys have the upper hand, according to Parisa Tabriz, director of engineering at Alphabet Inc.’s Google.
    Read More
  • Aug 7, 2018 | The Parallax

    App nutrition labels? Hackers disagree on software bill of materials [Black Hat USA 2018]

    LAS VEGAS—Imagine if software came with a complete list of ingredients. And instead of revealing whether an app contains a digital equivalent of gluten or peanuts, this list would indicate whether it’s vulnerable to hackers. Call it a software bill of materials.
    Read More
  • Aug 7, 2018 | CNET

    Phones at all major US carriers filled with vulnerabilities, say researchers [Black Hat USA 2018]

    Researchers funded by the Department of Homeland Security discovered security vulnerabilities in mobile devices used by Verizon, AT&T, T-Mobile, Sprint and more, DHS program manager Vincent Sritapan told Fifth Domain at the Black Hat security conference in Las Vegas on Tuesday.
    Read More
  • Aug 7, 2018 | VentureBeat

    RiskSense raises $12 million to prioritize security risks — like safeguarding midterm elections [Black Hat USA 2018]

    RiskSense will use the money to accelerate growth through sales, marketing, and research and development investments. It is also one of many security companies exhibiting at the Black Hat corporate security conference in Las Vegas this week.
    Read More
  • Aug 7, 2018 | Fifth Domain

    Hackers targeted a fake power grid. Is the real one next? [Black Hat USA 2018]

    The experiment “showed a whole new tier of threat actor that operates against these highly sensitive systems,” Ross Rustici, Cybereason’s senior director of intelligence, told Fifth Domain during the Black Hat conference in Las Vegas. “When you talk about the industrial control system, you don’t think of the criminal network. It’s almost always the nation-state actors.”
    Read More
  • Aug 7, 2018 | KSNV

    Annual Black Hat Convention in Las Vegas expected to draw the largest crowd ever this year [Black Hat USA 2018]

    It's the largest conference of its kind in the United States, bringing together like-minded computer types with a singular purpose: Hackers! The Black Hat Convention in Las Vegas aims to teach people how to stop them.
    Read More
  • Aug 7, 2018 | eWeek

    IOActive to Detail Stock Trading App Vulnerabilities at Black Hat [Black Hat USA 2018]

    Alejandro Hernandez, senior consultant at IOActive, will detail multiple vulnerabilities found in the desktop and mobile stock trading applications of major financial institutions at Black Hat USA in Las Vegas on Aug. 8.
    Read More
  • Aug 7, 2018 | CRN

    Black Hat USA 2018: Mimecast Describes New Channel Ecosystem [Black Hat USA 2018]

    The initiative will be on display at the Black Hat USA 2018 conference this week, where the vendor will be highlighting several recent announcements, like the recent acquisition of Ataata.
    Read More
  • Aug 7, 2018 | CRN

    10 Cool Network And Endpoint Security Products Unveiled At Black Hat USA 2018 [Black Hat USA 2018]

    Vendors attending Black Hat USA 2018 have continued to keep network and endpoint security front and center, debuting offerings that protect against signatureless malware while infusing stronger threat intelligence and vulnerability assessments into the ecosystem.
    Read More
  • Aug 7, 2018 | CoinDesk

    Researchers Discover Huge Crypto Scam Botnet on Twitter [Black Hat USA 2018]

    The Duo team described how the botnet works in a paper to be presented at the 2018 Black Hat cybersecurity event on Wednesday.
    Read More
  • Aug 7, 2018 | ZDNet

    IBM, Fortinet team on cyber threat data sharing [Black Hat USA 2018]

    IBM and Fortinet have expanded their strategic relationship by agreeing to share threat information in an effort to help customers respond to emerging threats more quickly. The agreement, detailed during the Black Hat cybersecurity conference taking place in Las Vegas, runs primarily through IBM's X-Force research team and Fortinet's FortiGuard Labs.
    Read More
  • Aug 7, 2018 | ITPro

    Duo unravels massive three-tiered ‘crypto-giveaway’ botnet [Black Hat USA 2018]

    Duo's principal R&D engineer Jordan Wright and data scientist Olabode Anise published their findings in a report titled 'Dont @ Me: Hunting Twitter Bots at Scale', ahead of a presentation at the 2018 Black Hat cybersecurity conference in Las Vegas tomorrow.
    Read More
  • Aug 7, 2018 | Futurism

    Researchers Inadvertently Discover Crypto Scam Involving 15,000 Twitter Bots [Black Hat USA 2018]

    While conducting a study to figure out the best way to identify Twitter bots — accounts controlled by software, not humans — researchers from security software companyDuo Security came across a network of at least 15,000 bots working together to perpetuate a cryptocurrency scam. The researchers plan to present their study on Wednesday at Black Hat, an information security conference in Las Vegas, NV.
    Read More
  • Aug 7, 2018 | Threatpost

    Podcast: Black Hat USA 2018 Preview [Black Hat USA 2018]

    Threatpost editors Tom Spring, Lindsey O’Donnell and Tara Seals break down the biggest trends to watch out for at Black Hat USA and DEF CON 2018, which both kick off this week in Las Vegas. There is much to watch out for, including a keynote from Google’s Director of Engineering Parisa Tabriz, as well as announcements about new vulnerabilities and interesting sessions.
    Read More
  • Aug 7, 2018 | InCyberDefense

    Black Hat USA 2018 Conference Focuses on Cyber Threats and Unique Solutions [Black Hat USA 2018]

    The Black Hat USA 2018 Conference is the world’s leading information security event, now taking place through August 9 in Las Vegas. Attendees are learning about the latest in cyber research, development and trends.
    Read More
  • Aug 7, 2018 | Politico

    Mental health, overhyped bugs on Black Hat and DEF CON agendas [Black Hat USA 2018]

    Black Hat and DEF CON are making the mental health of cybersecurity pros a priority this week at their conferences. Black Hat has a whole speaker track devoted to the topic, including one that addresses a subject that stirred controversy this year — post-traumatic stress disorder within the cybersecurity community.
    Read More
  • Aug 7, 2018 | Fifth Domain

    Don’t get pwned at Black Hat [Black Hat USA 2018]

    Every August, the hacker community gathers in Las Vegas for one of the industry’s most well-known conferences, Black Hat. Black Hat has become something of a spectacle both inside and outside of the talks, with dramatic presentations and vendor marketing teams all vying for the flashiest parties, promotions, and giveaways. It’s fitting that it takes place in Vegas.
    Read More
  • Aug 7, 2018 | Fifth Domain

    Twitter botnets are becoming more sophisticated [Black Hat USA 2018]

    A wave of Twitter accounts are spoofing celebrity profiles, engaging in fraud and using verified profiles that have been hacked, according to new research from Duo Security, a protection company based out of Michigan. Researchers from there will present their research at the Black Hat conference this week in Las Vegas.
    Read More
  • Aug 7, 2018 | Inside Cybersecurity

    Security firm: Possible regulatory impact of GDPR is front-of-mind concern for cyber clients [Black Hat USA 2018]

    Black Hat 2018 opened Saturday with training sessions, and features a closed-press “CISO Summit” today before moving into a full schedule of briefings on Wednesday and Thursday, beginning with a keynote from Google director of engineering Parisa Tabriz, who will discuss vulnerability disclosure and other issues. Inside Cybersecurity will provide full coverage of the Black Hat conference in addition to exclusive interviews with representatives from a variety of cybersecurity firms.
    Read More
  • Aug 6, 2018 | eWeek

    DFLabs to Release Free Live Forensics Tool at Black Hat [Black Hat USA 2018]

    To solve this challenge, Moran, who now works as a senior product manager at DFLabs, wrote his own tool called No-Script Automation Tool (NAT), which he will demonstrate on Aug. 8 at the Black Hat USA conference in Las Vegas.
    Read More
  • Aug 6, 2018 | eSecurity Planet

    Top 10 Talks to See at Black Hat USA 2018 [Black Hat USA 2018]

    The Black Hat USA security conference has an allure unlike no other cybersecurity event. Over the years, some of the most infamous and audacious security attacks and research have been announced at Black Hat, and the 2018 event looks like it will once again live up to the hype.
    Read More
  • Aug 6, 2018 | MSSP Alert

    Live Blog: Black Hat USA 2018 Day 1 [Black Hat USA 2018]

    Thousands of cybersecurity professionals, vendors and partners are attending this week’s Black Hat USA 2018 conference in Las Vegas. MSSP Alert is blogging live — each day — from the conference. Here’s our update for Monday, August 6, 2018.
    Read More
  • Aug 6, 2018 | CRN

    10 Top Cybersecurity Trends To Watch For At Black Hat 2018 [Black Hat USA 2018]

    The annual Black Hat conference has grown over the past two-plus decades into a premier stage for security researchers to demonstrate the latest hacks on devices, systems and critical infrastructure.
    Read More
  • Aug 6, 2018 | Politico

    Bracing for Black Hat, DEF CON [Black Hat USA 2018]

    It’s that special time of year when tens of thousands of hackers of all shades descend on Las Vegas for some dry heat and security talks at the back-to-back Black Hat and DEF CON conferences. While the more pro-oriented Black Hat officially kicked off this weekend, the meat of its briefings begin midweek, after which the more loose DEF CON takes over going into next weekend.
    Read More
  • Aug 6, 2018 | The Register

    IBM, ATMs – WTF? Big Blue to probe cash machines, IoT, vehicles, etc in new security labs [Black Hat USA 2018]

    t has been eight years since the late, great hacker Barnaby Jack took to the stage at the Black Hat USA conference in Las Vegas, and showed attendees how in just a few steps an ATM can be tricked into spewing dollar bills onto the floor for free...
    Read More
  • Aug 6, 2018 | ZDNet

    ATM hacking becomes a priority in IBM cybersecurity facilities [Black Hat USA 2018]

    At the Black Hat conference in Las Vegas on Monday, IBM said the facilities will be based in Austin, TX; Hursley, England; Melbourne, Australia; and Atlanta, GA, and include a dedicated ATM testing practice "in response to increased demand for securing financial transaction systems."
    Read More
  • Aug 6, 2018 | The Register

    BlackBerry claims it can do to ransomware what Apple did to its phones [Black Hat USA 2018]

    The Canadian biz's days as the smartphone king long gone, with Apple making quick work of its hardware. And although it still licenses its name to a few handsets, BlackBerry now focuses on software. It is using this year's Black Hat USA security show, held this week in Las Vegas, to unveil what it claims is a fast response to ransomware infections.
    Read More
  • Aug 6, 2018 | PC Magazine

    Blackberry Can Now Reverse Ransomware Attacks [Black Hat USA 2018]

    At Black Hat USA 2018 being held in Las Vegas this week, Blackberry unveiled a new ransomware recovery capability for Blackberry Workspaces Collaborate and Secure Plus editions at no extra cost. Once enabled, it allows an administrator to freeze accounts once a ransomware infection is detected.
    Read More
  • Aug 6, 2018 | Help Net Security

    Researchers open source tools to identify Twitter bots at scale [Black Hat USA 2018]

    Wright and Anise will present their research on Wednesday at the 2018 Black Hat USA security conference in Las Vegas. Following the presentation, they will make their research tools available on Github to enable other researchers to identify automated Twitter accounts at scale.
    Read More
  • Aug 6, 2018 | TechRepublic

    New BlackBerry Workspaces platform could help businesses quickly recover from ransomware [Black Hat USA 2018]

    BlackBerry Limited announced its updated BlackBerry Workspaces content collaboration platform on Monday at the annual Black Hat USA security conference in Las Vegas.
    Read More
  • Aug 5, 2018 | Fifth Domain

    How to not get hacked at Black Hat [Black Hat USA 2018]

    Few environments provide a more target-rich environment for cyber criminals than the estimated 17,000 information security experts gathered in Las Vegas this week for the annual Black Hat security conference.
    Read More
  • Aug 5, 2018 | Fifth Domain

    3 storylines to watch during Black Hat 2018 [Black Hat USA 2018]

    More than 17,000 security experts, hackers and analysts are expected to attend Black Hat USA for a combination of trainings and briefings by experts. Now in its 21st year, the conference is one of the largest information security events in the world and includes more than 300 speakers or trainers, 120 briefings and more than 80 trainings.
    Read More
  • Aug 5, 2018 | Fifth Domain

    3 storylines to watch during Black Hat 2018 [Black Hat USA 2018]

    The cybersecurity community is descending on Las Vegas this week for a series of conferences just as digital warfare has been thrust into the national spotlight. More than 17,000 security experts, hackers and analysts are expected to attend Black Hat USA for a combination of trainings and briefings by experts. Now in its 21st year, the conference is one of the largest information security events in the world and includes more than 300 speakers or trainers, 120 briefings and more than 80 trainings.
    Read More
  • Aug 5, 2018 | Fifth Domain

    How to not get hacked at Black Hat [Black Hat USA 2018]

    Few environments provide a more target-rich environment for cyber criminals than the estimated 17,000 information security experts gathered in Las Vegas this week for the annual Black Hat security conference.
    Read More
  • Aug 4, 2018 | Las Vegas Review Journal

    Black Hat, with big names and crowds, infiltrates Las Vegas [Black Hat USA 2018]

    More than 17,000 cybersecurity professionals from government, academia and the private sector are expected to turn out for the six-day show to attend some of the 80 training sessions and 120 briefings on offer. The show has nearly doubled in size since 2014.
    Read More
  • Aug 4, 2018 | Yahoo Finance

    3 trends hackers at Black Hat and DEFCON are watching [Black Hat USA 2018]

    One of the best ways to gain insights into these evolving tactics is to follow the hacking announcements that come out each year at the Black Hat and DEF CON security conferences. These twin hacker cons, which take place in August this year, are a bellwether of sorts for the information security field. They cover a vast range of new hacking research and tend to be a good predictor of the new trends emerging in the hacker and cybercrime communities.
    Read More
  • Aug 4, 2018 | The Register

    Security world to hit Las Vegas for a week of hacking, cracking, fun [Black Hat USA 2018]

    Fast forward to 2018, and that get-together has grown into events that will see an estimated 30,000 people converge on Las Vegas for the biggest security shindig in the world – the combination of Black Hat USA, DEF CON and BSidesLV.
    Read More
  • Aug 4, 2018 | The Register

    Security world to hit Las Vegas for a week of hacking, cracking, fun [Black Hat USA 2018]

    While that first gathering morphed into the DEF CON hacking conference, the biggest event is Black Hat USA, which begins on Saturday, and runs through until Thursday, August 9. This is the flashy corporate brother of DEF CON, and features four days of security training, a one-day invite-only CISO summit day (from which press are strictly barred) and two days of briefings featuring everything from government agents to hardcore hackers talking about the tricks of the trade.
    Read More
  • Aug 4, 2018 | Las Vegas Review Journal

    Black Hat, with big names and crowds, infiltrates Las Vegas [Black Hat USA 2018]

    Black Hat USA, the largest annual cybersecurity conference, is expecting record attendance in Las Vegas this week as high-profile breaches and election meddling fears dominate headlines.
    Read More
  • Aug 3, 2018 | Information Age

    Cyber security vulnerabilities: What's causing them and what can be done? [Black Hat USA 2018]

    According to a recent study, based on the results of attendees at Black Hat USA 2018, infosec professionals cited cyber security staff shortages as a prominent challenge that occurs when dealing with potential cyber threats.
    Read More
  • Aug 3, 2018 | Security Boulevard

    Four Cool Tools Expected Out of Black Hat [Black Hat USA 2018]

    In just about a week the hacking community will converge on Las Vegas to drop their biggest discoveries of the year at the podiums of Black Hat USA. This annual confab always offers up a range of great new ideas for defenders, red teamers and security researchers—as well as a boatload of new tools. This year’s show should be no different.
    Read More
  • Aug 2, 2018 | The Daily Swig

    Black Hat 2018: A survival guide [Black Hat USA 2018]

    The next year I returned to attend the Black Hat conference. I had been indoctrinated in the chaos of the Alexis Park Hotel and I decided to try my hand at this more stoic iteration of a security conference. Now, decades later I can share some of the key lessons I’ve learned from regularly attending Def Con, Black Hat, and BSides Las Vegas.
    Read More
  • Aug 2, 2018 | TechTarget

    Black Hat 2018 survey: Cybersecurity staffing, budgets still lacking [Black Hat USA 2018]

    Attendees for next week's 2018 Black Hat USA conference said they are still facing significant challenges when it comes to cybersecurity staffing and budgets. According to the 2018 Black Hat USA Attendee Survey, which was conducted in May with 315 infosec professionals, a majority of respondents said they don't have "the staffing or budget to defend adequately against current and emerging threats."
    Read More
  • Aug 2, 2018 | CSO

    Anticipating Black Hat USA 2018 [Black Hat USA 2018]

    Looking forward to learning more about new developments in artificial intelligence, cloud security, enterprise risk management, and lots of other topics
    Read More
  • Aug 1, 2018 | Dark Reading

    Google Researcher Unpacks Rare Android Malware Obfuscation Library [Black Hat USA 2018]

    Stone, who will present her findings next week at Black Hat USA in Las Vegas, describes the defense architecture as a "wedding cake" because there are many layers to the defense. The first is aimed at thwarting human analysts, the second at humans using automated systems, and the third autonomous systems running alone.
    Read More
  • Aug 1, 2018 | Help Net Security

    Three security trends to watch for at Black Hat USA 2018 [Black Hat USA 2018]

    Black Hat USA, an annual cybersecurity conference taking place in August, is a great opportunity for practitioners to get a glimpse into both emerging attack vectors and the latest technologies designed to protect against these attacks.
    Read More
  • Jul 31, 2018 | ITProPortal

    Cofense looks to wipe out phishing attacks with new SOAR platform [Black Hat USA 2018]

    Cofense will be demonstrating its new Phishing SOAR platform during the Black Hat 2018 conference in Las Vegas.
    Read More
  • Jul 31, 2018 | Dark Reading

    10 More Women in Security You May Not Know But Should [Black Hat USA 2018]

    Tomasello is an advocate of employee wellness and inclusion, and will be presenting a session at this year's Black Hat USA, entitled "Holding on for Tonight: Addiction in Infosec."
    Read More
  • Jul 31, 2018 | BetaNews

    Managed detection and response supports internal security teams [Black Hat USA 2018]

    These data-driven insights, combined with machine learning and automation help provide a seamless incident response workflow, ensuring quick and accurate detection and response that removes false positives and produces only actionable intelligence. You can find out more on the Fidelis website or on the company's stand at next week's Black Hat USA conference.
    Read More
  • Jul 31, 2018 | CRN

    HP Announces First-Ever Bug Bounty Program For Printer Security [Black Hat USA 2018]

    HP's print bug bounty program has been running since May, and researchers have uncovered several bugs since it began, Albright said. The program is being disclosed now just ahead of the Black Hat USA 2018 conference, which takes place Aug. 4-9 in Las Vegas.
    Read More
  • Jul 31, 2018 | CSO

    $10,000 for hacking HP printers: First bug bounty program for printer security [Black Hat USA 2018]

    Announcing the first-ever printer bug bounty program is not quite the same thing as launching it; according to CNet, HP quietly launched the bug bounty program in May. The program is being disclosed before the upcoming Black Hat USA 2018 conference which takes place August 4 - 9 in Las Vegas.
    Read More
  • Jul 31, 2018 | Naked Security

    Leaky radio devices broadcast chipset data, discover researchers [Black Hat USA 2018]

    The researchers will also be sharing their findings at the Black Hat conference in Las Vegas next week. In the meantime, they have called upon microelectronics manufacturers to implement better protections against this kind of attack
    Read More
  • Jul 30, 2018 | Hackaday

    SIDE CHANNEL ATTACKS AGAINST MIXED SIGNAL MICROCONTROLLERS [Black Hat USA 2018]

    You shouldn’t transmit encryption keys over Bluetooth, but that’s exactly what some popular wireless-enabled microcontrollers are already doing. This is the idea behind Screaming Channels, an exploit published by researchers at EUERCOM, and will be a talk at Black Hat next week.
    Read More
  • Jul 30, 2018 | Straight Talk

    The Black Hat Barometer [Black Hat USA 2018]

    Discover everything about the origin, the quintessential parameters of growth, and the changes brought about by the Black Hat in the arena of cybersecurity, exclusively on Straight Talk.
    Read More
  • Jul 27, 2018 | The Register

    Boffins: Mixed-signal silicon can SCREAM your secrets to all [Black Hat USA 2018]

    The paper will be presented at BlackHat in August, and at the ACM's Conference on Computer and Communications Security in October.
    Read More
  • Jul 27, 2018 | Dark Reading

    Automating Kernel Exploitation for Better Flaw Remediation [Black Hat USA 2018]

    Black Hat researchers plan on open sourcing a new framework they say can help organizations get a better rein on vulnerability fixes for kernel bugs.
    Read More
  • Jul 25, 2018 | Dark Reading

    The ABCs of Hacking a Voting Machine [Black Hat USA 2018]

    A hacker who successfully infiltrated a voting machine at last year's DEF CON will demonstrate at Black Hat USA how he did it, as well as what he later found stored on other decommissioned WinVote machines.
    Read More
  • Jul 24, 2018 | PC Magazine

    How to Get Infected With Malware [Black Hat USA 2018]

    Originally demonstrated at Black Hat, now marketed as a tool for testing, the USB Killer uses your computer's own USB power to charge up its capacitors, then zap the PC with 200 volts.
    Read More
  • Jul 23, 2018 | Security Boulevard

    Virtualization Flaw Uptick: It’s ‘Just Getting Underway’ [Black Hat USA 2018]

    And the increased interest among security researchers in virtualization flaws is reflected in programming expected to be highlighted at Black Hat USA next week. For example, one pair of researchers at the show is planning on disclosing a vulnerability on the kernel virtual machine (KVM) on ARM systems that can be exploited to install a hypervisor rootkit affected systems.
    Read More
  • Jul 23, 2018 | Dark Reading

    Software is Achilles Heel of Hardware Cryptocurrency Wallets [Black Hat USA 2018]

    Upcoming Black Hat talk will detail software vulnerabilities that can put private cryptocurrency wallets and currency exchange services at risk.
    Read More
  • Jul 19, 2018 | TechTarget

    Risk & Repeat: Closing the gender gap at cybersecurity conferences [Black Hat USA 2018]

    And while cybersecurity conferences such as Black Hat 2018 will prominently feature women infosec professionals as keynote speakers, there is still a significant gender gap at cybersecurity conferences.
    Read More
  • Jul 16, 2018 | Inquirer.net

    White hat hacker’ aims to protect world, encourage women [Black Hat Asia 2018]

    Nakajima also serves as a peer reviewer of reports for Black Hat, a series of international conferences that hackers from all over the world participate in.
    Read More
  • Jul 15, 2018 | CSO

    Concerned about smart TVs invading privacy, lawmakers ask FTC to investigate [Black Hat USA 2018]

    Smart TVs were called the perfect target for spying on users back in 2013 – the same year as a Black Hat presentation about hacking Samsung Smart TVs. It was not just exploits that allowed for spying as a scandal erupted about LG Smart TV spying in 2013.
    Read More
  • Jul 13, 2018 | BleepingComputer

    The Types of Hackers & Why They Hack [Black Hat USA 2018]

    A black hat may engage in illegal activities for a living, while also being involved in hacktivism, essentially as a hobby. And, some black hat hackers move on to the ethical hacking arena as can be seen at computer security conventions such as Black Hat and DEF CON.
    Read More
  • Jul 13, 2018 | Dark Reading

    8 Big Processor Vulnerabilities in 2018 [Black Hat USA 2018]

    Here's what we've had to contend with this year on the CPU vulnerability front — and what we can expect in a couple of weeks when new research hits the stage at Black Hat.
    Read More
  • Jul 12, 2018 | Politico

    Voting machine vendors under pressure [Black Hat USA 2018]

    he Black Hat conference has finalized its agenda for the 2018 event running Aug. 4 through 10, organizers announced Wednesday. One of the highlights: a presentation on how researchers hacked an airplane, in-flight, from the ground.
    Read More
  • Jul 11, 2018 | ITSP Magazine

    Are Security Researchers Worried About Privacy? This And More With Black Hat Events GM, Steve Wylie [Black Hat USA 2018]

    This podcast episode is part of our Las Vegas cybersecurity event coverage called “Chats on the Road to Las Vegas”, which, of course, is centered around the extremely popular cybersecurity research and training event, Black Hat.
    Read More
  • Jul 10, 2018 | Politico

    DEF CON Voting Village grows this year [Black Hat USA 2018]

    Black Hat and DEF CON are just around the corner, and one of the biggest headlines from last year’s conferences was the Voting Village where hackers broke into voting machines en masse.
    Read More
  • Jul 6, 2018 | Dark Reading

    Trading Platforms Riddled With Severe Flaws [Black Hat USA 2018]

    Next month at Black Hat USA, a researcher from IOActive will detail some stark examples of this during a presentation that will show the depths of flaws found present in stock-trading platforms used by millions of traders around the globe.
    Read More
  • Jul 3, 2018 | eWeek

    Five Ways Digital Assistants Pose Security Threats in Home, Office [Black Hat USA 2018]

    At the Black Hat conference later this month, for example, four researchers will show how Cortana can be used to bypass the security on locked Windows PCs and other devices.
    Read More
  • Jul 2, 2018 | Dark Reading

    6 Drivers of Mental and Emotional Stress in Infosec [Black Hat USA 2018]

    Every year, thousands of cybersecurity pros descend on Las Vegas for Black Hat USA, where they learn the latest in security research, hone new skills, and connect with the infosec industry
    Read More
  • Jul 2, 2018 | Help Net Security

    Are privacy and personal identity impossible to protect? [Black Hat USA 2018]

    These findings are outlined in Black Hat USA’s new research report entitled, Where Cybersecurity Stands. The report, compiled from the fourth installment of Black Hat’s Attendee Survey, includes critical industry intel directly from more than 300 top information security professionals.
    Read More
  • Jun 29, 2018 | Dark Reading

    Natural Language Processing Fights Social Engineers [Black Hat USA 2018]

    The duo will present their approach to detecting social engineering attacks, and release the tool so attendees can test it, at Black Hat 2018 in a panel entitled "Catch me, Yes we can! Pwning Social Engineers Using Natural Language Processing Techniques in Real-Time."
    Read More
  • Jun 29, 2018 | Fifth Domain

    Experts agree that a critical infrastructure attack is imminent [Black Hat USA 2018]

    A report from Black Hat released June 26 said that 69 percent of respondents believe that an attack on American critical infrastructure is coming in the next two years. Only 15 percent of respondents said they believe that the county will be able to respond. The suspected culprits of such an attack were hardly surprising: China and Russia.
    Read More
  • Jun 28, 2018 | SDxCentral

    Jask Raises $25M Series B Funding for Autonomous Security Platform [Black Hat USA 2017]

    Jask, which debuted its autonomous security platform at last year’s Black Hat USA conference, today said it raised $25 million in Series B funding. This brings its total to $39 million.
    Read More
  • Jun 27, 2018 | TechTarget

    TLBleed attack can extract signing keys, but exploit is difficult [Black Hat USA 2018]

    The researchers plan to release the full paper this week. And, in August, Gras will present on the topic at Black Hat 2018 in Las Vegas.
    Read More
  • Jun 27, 2018 | ExtremeTech

    New Details Leak on Security Flaw That Led OpenBSD to Disable Hyper-Threading [Black Hat USA 2018]

    Last week, the head of OpenBSD development, Theo de Raadt, told the press that the OS project he leads would no longer enable Hyper-Threading on Intel processors because of security issues. A full paper is due to be released in August at the Black Hat security conference.
    Read More
  • Jun 27, 2018 | Credit Union Times

    Are Black Hat Professionals Raising White Flag on Privacy Protection? [Black Hat USA 2018]

    These findings outlined in San Francisco-based Black Hat USA’s new research report, Where Cybersecurity Stands, compiled from Black Hat’s Attendee Survey in May 2018, from more than 300 information security professionals.
    Read More
  • Jun 26, 2018 | ZDNet

    TLBleed is latest Intel CPU flaw to surface: But don't expect it to be fixed [Black Hat USA 2018]

    The flaw, which will be presented at the Black Hat USA 2018 conference, is why OpenBSD recently decided to disable hyperthreading on Intel CPUs.
    Read More
  • Jun 26, 2018 | Infosecurity Magazine

    Survey Finds Privacy Protection a Lost Cause [Black Hat USA 2018]

    Black Hat today released a new report, Where Cybersecurity Stands, based on a survey of Black Hat USA attendees. The survey looked, in part, at whether privacy protection is a lost cause and posed questions to more than 300 top information security professionals about privacy, election hacking, the US federal government’s ability to handle cyber-threats, nation-state attacks, the cryptocurrency hype and the perceived risks to the nation’s critical infrastructure.
    Read More
  • Jun 26, 2018 | Nextgov

    Cyber Researchers Don’t Think Feds or Congress Can Protect Against Cyberattacks [Black Hat USA 2018]

    Only 13 percent of researchers “believe that Congress and the White House understand cyber t