Black Hat USA
August 4-9, 2018
Las Vegas, NV, USA
Black Hat Trainings
October 22-23, 2018
Chicago, IL USA
Black Hat Europe
December 3-6, 2018
London UK
6/18/2018
11:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
0%
100%

Black Hat USA 2018:
Comandeering Voice Enabled Devices

Researchers Amichai Shulman, Ron Marcovich, Tal Be'ery and Yuval Ron will detail a vulnerability of Microsoft's Cortana in their Black Hat USA Briefing "Open Sesame: Picking Locks with Cortana."

From Apple’s Siri to Amazon’s Alexa, Google’s Assistant and Microsoft’s Cortana, voice enabled activated devices have grown substantially. Researchers Amichai Shulman, Ron Marcovich, Tal Be'ery and Yuval Ron will detail a vulnerability of Microsoft’s Cortana in their Black Hat USA Briefing “Open Sesame: Picking Locks with Cortana.”

 

Cortana vulnerability (cve-2018-8140) enables attackers to compromise locked machines and escalate privileges to access private information without detection. This attack can be conducted without deploying external code, mitigating the usefulness of anti-virus and anti-malware softwares. Hear the findings, learn defense mechanisms, detection tools and more at Black Hat USA 2018. This year’s Briefings span 18 Tracks including malware, network defense, and exploit development. Check out the Briefings Lineup and register by July 13 to save on your pass.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8584
PUBLISHED: 2018-11-14
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
CVE-2018-8588
PUBLISHED: 2018-11-14
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8...
CVE-2018-8589
PUBLISHED: 2018-11-14
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
CVE-2018-8592
PUBLISHED: 2018-11-14
An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows Server 2019.
CVE-2018-8600
PUBLISHED: 2018-11-14
A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability." This affects Azure App.