News & Commentary

Latest Content tagged with Black Hat
Page 1 / 2   >   >>
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues
News  |  11/14/2018  | 
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data and are fearful of a near-term breach of critical infrastructure.
7 Cool New Security Tools to be Revealed at Black Hat Europe
Slideshows  |  11/12/2018  | 
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
Finding Gold in the Threat Intelligence Rush
News  |  11/7/2018  | 
Researchers sift through millions of threat intel observations to determine where to best find valuable threat data.
New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points
News  |  11/1/2018  | 
'BleedingBit' could give attackers control of the wireless network from a remote vantage point.
Hardware Cyberattacks: How Worried Should You Be?
News  |  10/31/2018  | 
How to fit hardware threats into your security model as hardware becomes smaller, faster, cheaper, and more complex.
DeepPhish: Simulating Malicious AI to Act Like an Adversary
News  |  10/26/2018  | 
How researchers developed an algorithm to simulate cybercriminals' use of artificial intelligence and explore the future of phishing.
Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites
News  |  10/25/2018  | 
Researcher will demonstrate at Black Hat Europe his team's recent discovery: a way to exploit popular user-blocking feature on social media and other sites.
New Security Woes for Popular IoT Protocols
News  |  10/18/2018  | 
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training
News  |  10/15/2018  | 
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
How Secure are our Voting Systems for November 2018?
How Secure are our Voting Systems for November 2018?
Dark Reading Videos  |  9/14/2018  | 
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.
4 Practical Measures to Improve Election Security Now
Commentary  |  9/11/2018  | 
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
Lessons From the Black Hat USA NOC
Commentary  |  8/30/2018  | 
The conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Dark Reading Videos  |  8/29/2018  | 
Although WebAssembly technology promises both better performance and better security to developers, it also creates a new risk for native exploits in the browser.
Researcher Cracks San Francisco's Emergency Siren System
Researcher Cracks San Francisco's Emergency Siren System
Dark Reading Videos  |  8/24/2018  | 
Bastille researcher Balint Seeber discusses the process of creating SirenJack and cracking one of a city's critical safety systems.
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
Dark Reading Videos  |  8/22/2018  | 
University of Copenhagen associate professor discusses what he found when he dug into some decommissioned WinVote voting machines.
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Videos  |  8/20/2018  | 
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
How Better Intel Can Reduce, Prevent Payment Card Fraud
How Better Intel Can Reduce, Prevent Payment Card Fraud
Dark Reading Videos  |  8/20/2018  | 
Royal Bank of Canada machine learning researcher and Terbium Labs chief scientist discuss how they use intelligence about the carding market to predict the next payment card fraud victims.
Malicious Cryptomining & Other Shifting Threats
Malicious Cryptomining & Other Shifting Threats
Dark Reading Videos  |  8/17/2018  | 
Skybox Security CMO Michelle Johnson Cobb discloses research results that include a spike in malicious cryptomining during Bitcoins peak, a shift to outside-the-perimeter mobile threats, and more.
The Economics of AI-Enabled Security
The Economics of AI-Enabled Security
Dark Reading Videos  |  8/17/2018  | 
While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.
Using Threat Deception on Malicious Insiders
Using Threat Deception on Malicious Insiders
Dark Reading Videos  |  8/17/2018  | 
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
Filtering the Threat Intelligence Tsunami
Filtering the Threat Intelligence Tsunami
Dark Reading Videos  |  8/17/2018  | 
Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.
Ensuring Web Applications Are Hardened, Secure
Ensuring Web Applications Are Hardened, Secure
Dark Reading Videos  |  8/17/2018  | 
Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.
Supplementing the SOC with Cyber-as-a-Service
Supplementing the SOC with Cyber-as-a-Service
Dark Reading Videos  |  8/17/2018  | 
Raytheon Cyber Protection Solutions CTO Mark Orlando suggests under-resourced SOCs enhance their effectiveness at-scale by tapping the advanced cyber defense automation his company has developed.
Assessing & Mitigating Increased Exposure to Third-Party Risk
Assessing & Mitigating Increased Exposure to Third-Party Risk
Dark Reading Videos  |  8/17/2018  | 
As we increasingly connect with each other digitally, CyberGRX CRO Scott Schneider believes we need to be much more diligent about sharing validated insight into the infosec maturity of our organizations.
Leveraging the Power of your End-Users Human Cognition
Leveraging the Power of your End-Users Human Cognition
Dark Reading Videos  |  8/17/2018  | 
Cofense CEO Rohyt Belani makes a case for more aggressively leveraging the unique ability of your most perceptive and well-trained end-users to help you more quickly spot and stop email threats.
How Orchestration, Automation Help SOCs Do More With Less
How Orchestration, Automation Help SOCs Do More With Less
Dark Reading Videos  |  8/17/2018  | 
Splunks Haiyan Song and Oliver Friedrichs - co-founder of recently acquired Phantom - explain how security orchestration, automation, and response (SOAR) can empower SOCs to do more with less.
Simplifying Defense Across the MITRE ATT&CK Matrix
Simplifying Defense Across the MITRE ATT&CK Matrix
Dark Reading Videos  |  8/17/2018  | 
Endgames Mark Dufresne says SOCs can achieve better results within their existing staff and budget constraints with AI- and visualization-empowered, unified defense across the MITRE ATT&CK matrix.
The Rise of Bespoke Ransomware
The Rise of Bespoke Ransomware
Dark Reading Videos  |  8/17/2018  | 
Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.
Miller & Valasek: Security Stakes Higher for Autonomous Vehicles
News  |  8/15/2018  | 
Car hacking specialists shift gears and work on car defense in their latest gigs - at GM subsidiary Cruise Automation.
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Slideshows  |  8/15/2018  | 
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
New PHP Exploit Chain Highlights Dangers of Deserialization
News  |  8/15/2018  | 
PHP unserialization can be triggered by other vulnerabilities previously considered low-risk.
Hacker Unlocks 'God Mode' and Shares the 'Key'
News  |  8/13/2018  | 
At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.
NSA Brings Nation-State Details to DEF CON
News  |  8/10/2018  | 
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships
News  |  8/9/2018  | 
Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network and other findings at Black Hat USA today.
Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft
News  |  8/9/2018  | 
A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.
Dark Reading News Desk Live at Black Hat USA 2018
News  |  8/9/2018  | 
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
No, The Mafia Doesn't Own Cybercrime: Study
News  |  8/8/2018  | 
Organized crime does, however, sometimes provide money-laundering and other expertise to cybercriminals.
Researchers Release Free TRITON/TRISIS Malware Detection Tools
News  |  8/8/2018  | 
Team of experts re-creates the TRITON/TRISIS attack to better understand the epic hack of an energy plant that ultimately failed.
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
News  |  8/8/2018  | 
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
Understanding Firewalls: Build Them Up, Tear Them Down
News  |  8/8/2018  | 
A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
Spot the Bot: Researchers Open-Source Tools to Hunt Twitter Bots
News  |  8/6/2018  | 
Their goal? To create a means of differentiating legitimate from automated accounts and detail the process so other researchers can replicate it.
Google Researcher Unpacks Rare Android Malware Obfuscation Library
News  |  8/1/2018  | 
Analysis exposes the lengths malware authors will go to in order to protect their code from disassembly and reverse engineering.
10 More Women in Security You May Not Know But Should
Slideshows  |  7/31/2018  | 
The second installment in a series highlighting women who are driving change in cybersecurity but may not be on your radar yet.
Automating Kernel Exploitation for Better Flaw Remediation
News  |  7/27/2018  | 
Black Hat researchers plan on open sourcing a new framework they say can help organizations get a better rein on vulnerability fixes for kernel bugs.
Stealth Mango Proves Malware Success Doesn't Require Advanced Tech
News  |  7/26/2018  | 
At Black Hat USA, a pair of researchers will show how unsophisticated software can still be part of a successful surveillance campaign.
The ABCs of Hacking a Voting Machine
News  |  7/25/2018  | 
A hacker who successfully infiltrated a voting machine at last year's DEF CON will demonstrate at Black Hat USA how he did it, as well as what he later found stored on other decommissioned WinVote machines.
Iranian Hacker Group Waging Widespread Espionage Campaign in Middle East
News  |  7/25/2018  | 
Unlike other threat actors that have a narrow set of targets, Leafminer has over 800 organizations in its sights, Symantec says.
Software is Achilles Heel of Hardware Cryptocurrency Wallets
News  |  7/23/2018  | 
Upcoming Black Hat talk will detail software vulnerabilities that can put private cryptocurrency wallets and currency exchange services at risk.
8 Big Processor Vulnerabilities in 2018
Slideshows  |  7/13/2018  | 
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
Microsoft July Security Updates Mostly Browser-Related
News  |  7/10/2018  | 
Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
Page 1 / 2   >   >>


New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff 11/16/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19406
PUBLISHED: 2018-11-21
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.
CVE-2018-19407
PUBLISHED: 2018-11-21
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
CVE-2018-19404
PUBLISHED: 2018-11-21
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= ...
CVE-2018-19387
PUBLISHED: 2018-11-20
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.
CVE-2018-19388
PUBLISHED: 2018-11-20
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.