Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Black Hat
Page 1 / 2   >   >>
Digital Clones Could Cause Problems for Identity Systems
News  |  8/8/2020  | 
Three fundamental technologies -- chatbots, audio fakes, and deepfake videos -- have improved to the point that creating digital, real-time clones of people is merely a matter of integrating the systems.
Researcher Finds New Office Macro Attacks for MacOS
News  |  8/7/2020  | 
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
Getting to the Root: How Researchers Identify Zero-Days in the Wild
News  |  8/6/2020  | 
Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it.
Researchers Create New Framework to Evaluate User Security Awareness
News  |  8/6/2020  | 
Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats.
A Mix of Optimism and Pessimism for Security of the 2020 Election
News  |  8/6/2020  | 
DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election.
Dark Reading Video News Desk Returns to Black Hat
News  |  8/6/2020  | 
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
Where Dark Reading Goes Next
News  |  8/6/2020  | 
Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.
On 'Invisible Salamanders' and Insecure Messages
News  |  8/6/2020  | 
Cornell researcher Paul Grubbsdiscusses how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.
Exploiting Google Cloud Platform With Ease
News  |  8/6/2020  | 
Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
News  |  8/6/2020  | 
Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks theyve detected, and suggest mitigations as businesses rely more heavily on the cloud.
Information Operations Spotlighted at Black Hat as Election Worries Rise
News  |  8/6/2020  | 
From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.
OpenText Blends Security, Data Protection for Greater Cyber Resilience
News  |  8/6/2020  | 
SPONSORED CONTENT: Infosec professionals are taking advantage of technology hybrids to keep users, data, and their networks more safe, according to Hal Lonas of OpenText's Webroot division. And they're also finding new ways to use artificial intelligence and machine learning to improve security management and reduce risk.
Why Satellite Communication Eavesdropping Will Remain A Problem
News  |  8/6/2020  | 
Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.
Using IoT Botnets to Manipulate the Energy Market
News  |  8/6/2020  | 
Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.
Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl
News  |  8/6/2020  | 
SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets.
The Long Shadow of Stuxnet: New Microsoft Print Spooler Vulns Revealed
News  |  8/6/2020  | 
Researchers Peleg Hader and Tomer Bar ofSafeBreachshare details of the three vulnerabilities they found in Windows Print Spoolerthat could allow an attacker to sneak into the network throughan old printer service mechanism.
Remotely Hacking Operations Technology Systems
News  |  8/6/2020  | 
Marco Balduzzi senior research scientist with Trend Micro, tells us how the often-overlooked ICS protocol gateways contain serious vulnerabilities that allow attackers to hack OT systems remotely.
New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet
News  |  8/6/2020  | 
Researchers find new flaws in the ubiquitous decades-old printer software in Windows, including one that bypasses a recent Microsoft patch.
Platform Security: Intel Pushes to Reduce Supply Chain Attacks
News  |  8/6/2020  | 
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.
Counting for Good: Hardware Counters Un-mask Malware
News  |  8/6/2020  | 
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic.
A Real-World Tool for Organizing, Integrating Your Other Tools
News  |  8/6/2020  | 
Omdia Cybersecurity Accelerator analyst Eric Parizo describes the value overwhelmed security managers may find in a SPIF.
Energy Market Manipulation with High-Wattage IoT Botnets
News  |  8/6/2020  | 
Attackers that can compromise enough products such as smart ACs and heaters can tweak power demand in subtle ways for financial gain or to hurt market players, researchers at Black Hat say.
Ripple20: More Vulnerable Devices Identified
Quick Hits  |  8/6/2020  | 
Security researchers find 34 additional vendors, and 47 devices, affected by the widespread Ripple20 vulnerabilities.
What a Security Engineer & Software Engineer Learned by Swapping Roles
News  |  8/5/2020  | 
A security engineer and infrastructure engineer with Salesforce share lessons learned from their professional role reversal, and advice for people on both teams.
Tales from the Trenches Show Security Issues Endemic to Healthcare
News  |  8/5/2020  | 
The CISO for Indiana University Health says simple policies, good communication, and strong authentication go much further than vendor tools in solving security problems.
Supporting Women in InfoSec
News  |  8/5/2020  | 
Maxine Holt, research director from Omdia, explains why the time is right for women to step into more cybersecurity jobs now.
Developing Community for Woman Infosec Pros in India
News  |  8/5/2020  | 
Vandana Verma tells us how women in India are finding support, education and love of cybersecurity through the growing InfosecGirls community.
What to Tell Young People of Color About InfoSec Careers
News  |  8/5/2020  | 
CEO and founder of Revolution Cyber Juliet Okafor and Baker Hughes Director of Global OT Security Programs Paul Brager talk about the unique lessons and hard truths they provide when mentoring young black cybersecurity professionals.
SynerComm Reboots a Security Staple with 'Continuous' Pen Testing
News  |  8/5/2020  | 
SPONSORED CONTENT: Penetration testing has evolved well beyond a couple guys you hire to try and break into your network, according to SynerComm's Brian Judd. In addition to a service that offers round-the-clock pen testing, SynerComm also provides purple team testing, effectively splitting the difference with red- and blue-team exercises.
Pen Testers Share the Inside Story of Their Arrest and Exoneration
News  |  8/5/2020  | 
Coalfire'sGary De Mercurio and Justin Wynnshare the inside story of their infamous arrest last year while conducting a contractedred-team engagement in an Iowa courthouse -- and what it took to clear their names.
Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
News  |  8/5/2020  | 
SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software development needn't be a drag on productivity, says Tim Mackey from the Synopsys Cybersecurity Research Center.
HealthScare: Prioritizing Medical AppSec Research
News  |  8/5/2020  | 
Seth Fogie, information security director at Penn Medicine, explains which healthcare app vulnerabilities really matter in the day-to-day business of providing patient care.
A Most Personal Threat: Implantable Medical Devices
News  |  8/5/2020  | 
Alan Michaels,director of the Electronic Systems Lab at the Virginia Tech Hume Center, explains why implanted medical devices could pose a threat to secure communication facilities.
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
News  |  8/5/2020  | 
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
A Paramedic's Guide to Cybersecurity: Video
News  |  8/5/2020  | 
In this video segment, the Dark Reading News Desk speaks to several guests about healthcare cybersecurity. We begin with Rich Mogull, infosec pro and paramedic, for a discussion about what lessons cybersecurity can learn from emergency medical services and the parallels that already exist.
Voatz Delivers Multilayered Security to Protect Electronic Voting
News  |  8/5/2020  | 
SPONSORED CONTENT: While electronic voting has been plagued by fears of tampering or fraud, Voatz is looking to make the process more transparent and auditable, according to company founder Nimit Sawhney. He offers learning points from three recent pilots that highlight how governments can improve the integrity and better protect the voting process and its data.
Russian Election Interference: Whats Next?
News  |  8/5/2020  | 
Nate Beach-Westmoreland gives a look back at the past 10 years of Russian election interference and disinformation campaigns. What can we learn from the past and what should we expect as the 2020 US presidential election approaches?
Attack of the Clone: Next-Gen Social Engineering
News  |  8/5/2020  | 
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.
Pen Testers Who Got Arrested Doing Their Jobs Tell All
News  |  8/5/2020  | 
Coalfire's Gary De Mercurio and Justin Wynn share the details of their physical penetration-testing engagement gone wrong, as well as recommendations for protecting all red teamers.
11 Hot Startups to Watch at Black Hat USA
Slideshows  |  8/3/2020  | 
A sneak peek at the up-and-coming organizations to check out on the Black Hat USA virtual show floor.
Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020
Commentary  |  8/3/2020  | 
Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees.
'Hidden Property Abusing' Allows Attacks on Node.js Applications
News  |  7/31/2020  | 
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
Black Hat Virtually: An Important Time to Come Together as a Community
Commentary  |  7/30/2020  | 
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Slideshows  |  7/29/2020  | 
More than 130 security researchers and developers are ready to showcase their work.
Email Security Features Fail to Prevent Phishable 'From' Addresses
News  |  7/24/2020  | 
The security features for verifying the source of an email header fail to work together properly in many implementations, according to a team of researchers.
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Slideshows  |  7/23/2020  | 
Here are the trends and topics that'll capture the limelight at this year's virtual event.
Q&A: How Systemic Racism Weakens Cybersecurity
News  |  7/22/2020  | 
Cybersecurity policy expert and attorney Camille Stewart explains how to dismantle systemic racism in the industry and build a more diverse and representative workforce.
Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems
News  |  7/15/2020  | 
A researcher shares the unexpected lessons learned in years of creating puzzles and riddles for his cybersecurity colleagues.
A Paramedic's Lessons for Cybersecurity Pros
News  |  7/13/2020  | 
A paramedic turned cybersecurity expert shares his experiences in both fields, highlights their similarities, and explains how they can learn from each other.
Lost in Translation: Serious Flaws Found in ICS Protocol Gateways
News  |  7/13/2020  | 
These oft-forgotten devices contain serious vulnerabilities that allow attackers to hack OT systems remotely, researchers will reveal at Black Hat USA next month.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9079
PUBLISHED: 2020-08-11
FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product.
CVE-2020-16275
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-16276
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16277
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16278
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.