Black Hat In the News
  • Oct 30, 2024 | Associated Press

    SecTor 2024 Announces Record-Breaking Attendance Following Successful Close of Toronto Event [SecTor 2024]

    SecTor, Canada’s largest cybersecurity conference, today announced the successful completion of the in-person component of SecTor 2024. The event welcomed 5,000 unique attendees joining in-person from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto.
    Read More
  • Oct 25, 2024 | Solomon on Cybersecurity

    Takeaways from the SecTor 2024 conference [SecTor 2024]

    I couldn’t get to all of the sessions, but here’s a few things I came away with on Wednesday: Keynote speaker Leigh Honeywell of Tall Poppy, which advises firms on dealing with online harassment of employees, said infosec pros have a role in helping protect democracy and elections. They can do it by warning friends and relatives about not trusting everything online.
    Read More
  • Oct 10, 2024 | Yahoo Finance

    SecTor Announces Leigh Honeywell and Omkhar Arasaratnam as Keynote Speakers for SecTor 2024 [SecTor 2024]

    SecTor, Canada’s largest cybersecurity conference, today announced Leigh Honeywell, founder and CEO of Tall Poppy; and Omkhar Arasaratnam, Guest Lecturer, New York University (NYU) Tandon School of Engineering: Graduate School, as Keynote speakers for SecTor 2024. The live, in-person event will take place at the Metro Toronto Convention Centre in downtown Toronto from October 22 to October 24. Keynote speakers will present on Wednesday, October 23 and Thursday, October 24.
    Read More
  • Oct 9, 2024 | Redefining CyberSecurity Podcast

    A Sneak Peek into SecTor 2024: AI, Open-Source, and Cybersecurity Trends with Steve Wylie [SecTor 2024]

    Discover the highlights of the upcoming Black Hat SecTor Conference in Toronto, featuring insightful discussions on AI, open-source security, and more. Join Steve Wylie, Sean Martin, and Marco Ciappelli as they preview keynotes, summits, and unique aspects of this premier cybersecurity event.
    Read More
  • Sep 30, 2024 | ITSPmagazine Podcast Network

    Hacking Deepfake Image Detection System with White and Black Box Attacks | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Sagar Bhure | On Location Coverage with Sean Martin and Marco Ciappelli [SecTor 2024]

    In this episode of SecTor 2024, Sean Martin, Marco Ciappelli, and security researcher Sagar Bhure discuss the escalating threat of deepfake technology and its implications for misinformation, financial fraud, and cybersecurity. Tune in to explore real-world examples and learn about innovative detection methods that aim to stay ahead of this complex challenge.
    Read More
  • Aug 27, 2024 | Channel News Asia

    Election security faces threat from cyberattacks and disinformation [Black Hat USA 2024]

    It is estimated that more than half of the world’s population will cast ballots by the end of this year, with elections held across a number of countries including the United States. Election security has been a major concern, with threats looming from cyberattacks and disinformation. CNA's Ira Spitzer attended the recent Black Hat cybersecurity conference in Las Vegas and filed this report.
    Read More
  • Aug 26, 2024 | AARP

    3 Lessons From a Hacker Conference That Can Keep You Safe Online [Black Hat USA 2024]

    If you go to Las Vegas for the Black Hat cybersecurity conference, don't bet on spotting people there using burner phones in place of their usual smartphones. Nor should you plan on seeing attendees anxiously using a burner laptop, stripped of most of its usual apps and data.
    Read More
  • Aug 15, 2024 | Forbes

    Black Hat USA 2024 Showcases New Defenses For Cybersecurity Pros [Black Hat USA 2024]

    Black Hat has always been an intriguing event to me. It takes its name from the malicious hackers who take on ethical “white hat” defenders, yet the audience is full of (figurative) white hats from the corporate IT world.
    Read More
  • Aug 14, 2024 | Forrester

    The Shakedown From Black Hat USA, 2024 [Black Hat USA 2024]

    My colleagues Allie Mellen, Paddy Harrington, Erik Nost, Cody Scott, and I assembled in Las Vegas last week for the Black Hat USA 2024 event. We spent the week attending sessions; meeting with clients; looking for trends, highlights, and lowlights in the festival of vendor marketing (on the show floor and in the convention center hallways); and making sure to drink a lot of water to survive the stifling 110-degree heat.
    Read More
  • Aug 13, 2024 | SiliconANGLE

    Three insights you might have missed from Black Hat USA [Black Hat USA 2024]

    The growing threat of cybersecurity attacks along the increasingly complex AI landscape reflects one reason Black Hat USA 2024 is one of the biggest cybersecurity conferences of the year.
    Read More
  • Aug 12, 2024 | The Register

    What a glimpse inside the Black Hat NOC reveals about infosec pros' security habits [Black Hat USA 2024]

    The large network that materializes along with legions of infosec professionals at Black Hat every year presents the perfect opportunity to see how well the security community practices what it preaches.
    Read More
  • Aug 12, 2024 | POLITICO

    Presidential campaigns in the cyber spotlight [Black Hat USA 2024]

    HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! Seeing everyone at Black Hat and DEF CON was great, now excuse me while I recharge my social battery by staring at the wall for the next three days. If you need me (no you don’t), John’s inbox can’t wait to hear all the details.
    Read More
  • Aug 12, 2024 | SC Magazine

    Windows Downdate attack totally undermines Windows security; fix not yet ready [Black Hat USA 2024]

    The security of Windows 11 can be completely undermined by corrupting the Windows Update process with a simple edit to the Windows Registry, forcing a downgrade to vulnerable older versions of Windows and other system processes. As of this writing, there is no patch preventing this attack, although Microsoft has offered steps that reduce the risk.
    Read More
  • Aug 9, 2024 | PCMag

    Just the Hacks: How Journalists Work With Hackers to Break News [Black Hat USA 2024]

    Hackers are known for using any available resource to get the money or data they want. Many times, that involves using media contacts to apply public pressure to the companies they are seeking to extort.
    Read More
  • Aug 9, 2024 | SecurityWeek

    Vulnerability Allowed Eavesdropping via Sonos Smart Speakers [Black Hat USA 2024]

    NCC Group researchers have disclosed vulnerabilities found in Sonos smart speakers, including a flaw that could have been exploited to eavesdrop on users. One of the vulnerabilities, tracked as CVE-2023-50809, can be exploited by an attacker who is in Wi-Fi range of the targeted Sonos smart speaker for remote code execution.
    Read More
  • Aug 9, 2024 | Axios

    Election security takes center stage at Black Hat [Black Hat USA 2024]

    The security of the 2024 U.S. elections is one of the hottest topics on the floors of Black Hat and DEF CON this week.
    Read More
  • Aug 7, 2024 | The Washington Post

    Design flaw could allow hackers to roll back Microsoft Windows updates [Black Hat USA 2024]

    Some of Microsoft’s most important tools for protecting Windows users from malicious hackers can be twisted into being used in attacks, according to research presented here Wednesday at the annual Black Hat security conference.
    Read More
  • Aug 7, 2024 | Bleeping Computer

    Windows Update downgrade attack "unpatches" fully-updated systems [Black Hat USA 2024]

    SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to "unpatch" fully updated Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities.
    Read More
  • Aug 7, 2024 | CyberNews

    Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal [Black Hat USA 2024]

    Android-based infotainment systems used in Ford, GM, Honda, and other major vehicle brands can be turned into data-stealing devices, Cisco Talos researchers have uncovered. As with virtually any electronic device, vehicle infotainment systems, colloquially known as head units, can be engineered to steal user data.
    Read More
  • Aug 7, 2024 | TechTarget

    CISA: Election infrastructure has never been more secure [Black Hat USA 2024]

    CISA Director Jen Easterly said U.S. election infrastructure "has never been more secure" during a Wednesday keynote panel at Black Hat USA 2024.
    Read More
  • Aug 7, 2024 | Security Boulevard

    Democracy’s Challenge: Secure Elections Worldwide [Black Hat USA 2024]

    The U.S. presidential election is less than three months away, and many cybersecurity experts are bracing for a deluge of deceit.
    Read More
  • Aug 7, 2024 | Infosecurity Magazine

    #BHUSA: New Ransomware Groups Emerge Despite Crackdowns [Black Hat USA 2024]

    New ransomware groups are emerging as financial gain continues to outweigh the risks for cybercriminals, a new report by Rapid7 has found.
    Read More
  • Aug 6, 2024 | CRN

    10 Hot Security Tools Unveiled At Black Hat 2024 [Black Hat USA 2024]

    This week in Las Vegas, hundreds of cybersecurity vendors are on hand for the Black Hat USA 2024 conference—many of them with new tools or product capabilities ready to unveil.
    Read More
  • Aug 5, 2024 | New York Stock Exchange

    Taking Stock with Trinity Chavez: The Cyber Series - Black Hat [Black Hat USA 2024]

    Step into the realm of cutting-edge cybersecurity insights at Black Hat in Las Vegas, the second largest cyber security conference in the world! Join NYSE TV’s Lead Anchor, Trinity Chavez, as she gets exclusive access and has riveting conversations with CEOs and other leading cybersecurity experts to explore their strategies, innovations, and groundbreaking perspectives that mold the digital defense landscape.
    Read More
  • Jul 26, 2024 | Dark Reading

    Could Intel Have Fixed Spectre & Meltdown Bugs Earlier? [Black Hat USA 2024]

    The Spectre and Meltdown chip vulnerabilities could have been resolved much earlier had chip makers taken reports from academic researchers more seriously, says one researcher who helped unveiled the hardware bug.
    Read More
  • Jul 23, 2024 | ITSPmagazine Podcast Network

    Behind the Scenes at Black Hat USA 2024: An Exclusive Pre-Event Conversation | A Black Hat USA 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli [Black Hat USA 2024]

    Black Hat USA 2024 promises to be an exciting and groundbreaking conference, and we caught up with Steve Wylie, the General Manager of Black Hat, to get an inside look at this year's event.
    Read More
  • May 6, 2024 | Omdia

    Black Hat Asia 2024: A focus on regulation and reducing complexity in the security stack [Black Hat Asia 2024]

    At 2024's Black Hat Asia event, we heard about increasing regulation and fines, ransomware attacks, securing devices in critical infrastructure, MDR's growth in APAC, and the need to reduce complexity in the security stack.
    Read More
  • Apr 26, 2024 | Dark Reading

    Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities [Black Hat Asia 2024]

    Ever since the first Hack@DAC hacking competition in 2017, thousands of security engineers have helped discover hardware-based vulnerabilities, develop mitigation methods, and perform root cause analysis of issues found.
    Read More
  • Apr 22, 2024 | The Register

    Researchers claim Windows Defender can be fooled into deleting databases [Black Hat Asia 2024]

    Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem.
    Read More
  • Apr 22, 2024 | The Hacker News

    Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers [Black Hat Asia 2024]

    New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.
    Read More
  • Apr 18, 2024 | Computer Weekly

    CSA warns of emerging security risks with cloud and AI [Black Hat Asia 2024]

    The rapid adoption of emerging technologies such as cloud computing and artificial intelligence (AI) is posing new cyber security risks, adding to the increasingly complex cyber threat landscape.
    Read More
  • Mar 12, 2024 | Error Code Podcast

    EP 32: Using ChatGPT To Perform Side Channel Attacks On Real Hardware [Black Hat Europe 2023]

    There’s a lot of talk about using AI and LLM in security. For example, could ChatGPT detect the vulnerable spots for power for analysis in particular pieces of code using Advanced Encryption Standard? Witold Waligora, CEO of CloudVA, talks about his Black Hat Europe presentation, How We Taught ChatGPT-4 to Break mbedTLS AES With Side-Channel Attacks.
    Read More
  • Dec 8, 2023 | Dark Reading

    Increased Cyber Regulation in the Offing as Attacks Mount [Black Hat Europe 2023]

    Expect governments to impose greater levels of cybersecurity regulation if businesses cannot defend against major attacks and stop breaches from happening.
    Read More
  • Dec 7, 2023 | CyberScoop

    LogoFAIL vulnerabilities impact vast majority of devices [Black Hat Europe 2023]

    A set of major vulnerabilities that impact nearly all devices allows hackers to bypass most modern security checks through the logo that shows up when the computer starts. Discovered by the cybersecurity firm Binarly and presented at Black Hat Europe on Wednesday, LogoFAIL is a set of vulnerabilities that impact all x86 and ARM-based devices, like Windows and Linux, through the software that shows the manufacturer logo at the start of a bootup process.
    Read More
  • Dec 7, 2023 | Infosecurity Magazine

    Liability Fears Damaging CISO Role, Says Former Uber CISO [Black Hat Europe 2023]

    The growing trend of finding CISOs personally liable for security failings is making security professionals more reluctant to take up these positions. This according to former Uber CISO Joe Sullivan, speaking during Black Hat Europe 2023.
    Read More
  • Dec 6, 2023 | SecurityWeek

    Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images [Black Hat Europe 2023]

    Firmware security company Binarly on Wednesday disclosed the details of an attack method that can be used to compromise many consumer and enterprise devices by leveraging malicious UEFI logo images.
    Read More
  • Dec 6, 2023 | Infosecurity Magazine

    NCSC's Ollie Whitehouse on Why Cybersecurity is Essential, Not Optional [Black Hat Europe 2023]

    Ollie Whitehouse is the first-ever chief technical officer (CTO) the UK’s National Cyber Security Centre (NCSC) has appointed. Whitehouse formally began his role in October 2023 following the initial appointment in September.
    Read More
  • Nov 22, 2023 | ITSPmagazine

    How I Learned to Stop Worrying and Build a Modern Detection & Response Program | A Black Hat Europe 2023 Event Coverage Conversation with Allyn Stott [Black Hat Europe 2023]

    In this episode of the ITSPmagazine On Location Event Coverage series, host Sean Martin and guest Allyn Stott discuss the intricacies of building a modern detection response program, the role of threat intelligence, and the importance of aligning with business risk.
    Read More
  • Nov 22, 2023 | ITSPmagazine

    We Need to Stop the Temperature From Rising If We Don't Want to Ice the CISO Role | A Black Hat Europe 2023 Event Coverage Conversation with Joe Sullivan [Black Hat Europe 2023]

    Most of the time, for these event coverage conversations, we get to connect with keynote speakers to learn more about the topic they plan to share at the event. During our conversation with Joe Sullivan, we did that ... and so, so much more. Tune in to this (dare we say, approaching emotional) conversation to hear about Joe's journey and all the things he is doing to help keep the CISO role safe and successful.
    Read More
  • Nov 14, 2023 | The Hacker Mind Podcast

    EP 84: When Old Medical Devices Keep Pre-shared Keys [SecTor 2023]

    You would think there is a procedure to End-of-Life a medical device, right? Erase personal health info. Erase network configuration info. Speaking at SecTor 2023, Deral Heiland from Rapid 7 said he found that he was able to buy infusion pumps on the secondary market with the network credentials for the original Health Care Delivery Organization in tact.
    Read More
  • Oct 31, 2023 | Christine Wong Productions

    SecTor: Top cybersecurity predictions for 2024 [SecTor 2023]

    It’s Halloween, and what could possibly be scarier than a look at cybersecurity threats for the year ahead? Canadian infosec veteran Laura Payne served up her list of 10 cybersecurity predictions for 2024 during a keynote at the 17th annual SecTor conference in Toronto last week.
    Read More
  • Oct 27, 2023 | IT World Canada

    Cyber Security Today, Week in Review for the week ending Friday, Oct. 27, 2023 [SecTor 2023]

    Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, October 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
    Read More
  • Oct 26, 2023 | IT World Canada

    SecTor 2023: A call to Canadian IT pros for political action [SecTor 2023]

    IT pros should become more involved in technology policy issues to prevent the Trudeau government from making bad choices, attendees at the annual SecTor cybersecurity conference have been told.
    Read More
  • Oct 20, 2023 | ITSPmagazine

    Keynote: 2024 Predictions in Future-Hindsight View - Get Ready! | A SecTor Event Coverage Conversation with Laura Payne [SecTor 2023]

    In this episode, hosts Marco and Sean embark on a road trip to SecTor cybersecurity conference in Toronto, Canada, and sit down with cybersecurity expert Laura Payne to discuss cybersecurity's future and artificial intelligence's impact on technology and society.
    Read More
  • Oct 18, 2023 | ITSPmagazine

    Do We Really Need to Worry about Critical Infrastructure? | A Discussion about Cyber Operations in the Context of the Leaked Vulkan Files | A SecTor Event Coverage Conversation with Marina Krotofil [SecTor 2023]

    In this episode of Chats on the Road to the SecTor Security conference in Toronto, hosts Marco and Sean are joined by Marina Krotofil to explore the complexities of cyber warfare, the leaked Vulkan files, and the need for independent thinking in the face of evolving cyber threats.
    Read More
  • Oct 13, 2023 | Redefining CyberSecurity Podcast

    The Future of Secure Business Browsing: Isolation and Protection | Browser Security: Isolation-101 | A SecTor Event Coverage Conversation with Evgeniy Kharam [SecTor 2023]

    In this episode of the Redefining CyberSecurity Podcast, Sean Martin and guest Evgeniy Kharam discuss browser security, remote browser isolation, enterprise browsers, and the impact on security programs.
    Read More
  • Oct 6, 2023 | Dark Reading

    SecTor 2023: Full Schedule Programming for Toronto Event [SecTor 2023]

    SecTor, Canada’s largest cybersecurity conference, today announced its full schedule programming for SecTor 2023. Taking place in Toronto at the Metro Toronto Convention Centre, this year’s event will feature 42 Briefings, two days of Trainings, 45 Sponsored Sessions, and for the first time at SecTor, Black Hat Arsenal will debut with 36 tool demos.
    Read More
  • Sep 26, 2023 | AccessWire

    White Tuque CNO, Laura Payne, to Give Keynote Address at SecTor 2023 [SecTor 2023]

    SecTor, Canada's largest cybersecurity conference, will be taking place this October 23rd through 26th at the Metro Toronto Convention Centre. Now in its 17th year, SecTor annually connects IT and security experts from around the world. Thought leaders share the very latest in information security research, development, and trends, providing relevant, engaging, and reputable content for the benefit of the Canadian cybersecurity community.
    Read More
  • Sep 25, 2023 | BizTech Magazine

    Black Hat USA 2023: AI's Impact On the Future of Cybersecurity [Black Hat USA 2023]

    Artificial intelligence is having a massive impact on our society. “It’s forcing us, for economic reasons, to take all of our problems and turn them into prediction problems,” said Jeff Moss, founder of Black Hat. In an opening keynote for Black Hat USA 2023 in Las Vegas, experts shared just how dramatically generative AI is changing the game.
    Read More
  • Sep 7, 2023 | S&P Global

    AI for security, security for AI: 2 aspects of the intersection of 2 hot topics [Black Hat USA 2023]

    AI has been a trending topic in technology for many years, but nothing has fueled interest like the explosive emergence of generative AI over the past year. As with many nascent trends, security often rises to the top of opportunities as well as concerns, and this is no less true with AI — it was a central focus of this year's RSA Conference. It was also the theme of the opening keynote at Black Hat, where the AI Cyber Challenge, a Defense Advanced Research Projects Agency (DARPA) initiative launched by the Biden-Harris administration, was announced. That same week, DEF CON hosted the largest public "red teaming" (penetration testing) exercise against AI models to date.
    Read More
  • Aug 28, 2023 | Security Magazine

    Key takeaways from Black Hat 2023 [Black Hat USA 2023]

    At Black Hat USA 2023, Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Victor Zhora, Deputy Chairman and Chief Digital Transformation Officer of the State Service of Special Communication and Information Protection of Ukraine, gave a joint presentation on the need for resilience.
    Read More
  • Aug 28, 2023 | Financial Times

    Cyber security experts lament west’s failure to learn lessons from Ukraine [Black Hat USA 2023]

    Viktor Zhora, the public face of Ukraine’s success against Russian cyber attacks, received a hero’s welcome earlier this month on stage at Black Hat, the world’s biggest cyber security gathering, in Las Vegas.
    Read More
  • Aug 25, 2023 | The Readable

    Black Hat 2023 Recap Report by The Readable [Black Hat USA 2023]

    The Black Hat USA 2023 Recap Report by The Readable was just published. The Readable covered the Black Hat USA 2023 in person, along with the annual DEF CON and USENIX events that took place during the same week.
    Read More
  • Aug 24, 2023 | CyberNews

    When it comes to data protection, Black Hat puts its money where its mouth is [Black Hat USA 2023]

    From embarrassing dating profiles to unprotected corporate earning reports, Cybernews discovers what really happens to all that sensitive information flowing through the Black Hat Network Operations Center (NOC) once summer camp for hackers finally ends.
    Read More
  • Aug 22, 2023 | TechRepublic

    Generative AI: Cybersecurity Weapon, But Not Without Adaptable, Creative (Human) Thinkers [Black Hat USA 2023]

    Generative AI was — not surprisingly — the conversational coin of the realm at Black Hat 2023, with various panels and keynotes mulling the extent to which AI can replace or bolster humans in security operations.
    Read More
  • Aug 22, 2023 | Cyber Defense Magazine

    Publisher’s Spotlight: Black Hat USA 2023 Closes on Record-Breaking Event in Las Vegas [Black Hat USA 2023]

    Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, today announced the successful completion of the in-person component of Black Hat USA 2023. The event welcomed more than 22,750 unique attendees, with 19,750 joining in-person at the Mandalay Bay Convention Center in Las Vegas, while more than 3,000 registered for On-Demand Access to the event.
    Read More
  • Aug 21, 2023 | Forrester

    Black Hat USA 2023: Insights From Our Short Vegas Residency [Black Hat USA 2023]

    Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors.
    Read More
  • Aug 18, 2023 | Enterprise Management Associates (EMA)

    Playing to Win: Generative AI, Cloud Security, and More at Black Hat 2023 [Black Hat USA 2023]

    The stage was set, the players were ready, and Black Hat USA 2023 delivered a cybersecurity spectacle that left no doubt—this was a game-changing event. As we unpack the highlights, one overarching theme emerges: a united front against ever-evolving threats. From generative AI to cloud security and a glimpse into the future of defense, this year's conference illuminated the power of collaboration and innovation. Amidst these pivotal discussions, one revelation—the TETRA:BURST vulnerabilities—took center stage, leaving an indelible mark on the field.
    Read More
  • Aug 18, 2023 | MeriTalk

    CISA Officials Share Plans for Secure-by-Design Ecosystem [Black Hat USA 2023]

    The Cybersecurity and Infrastructure Security Agency (CISA) is looking to change the technology ecosystem through its secure-by-design and -default guidelines, and CISA officials explained the agency’s plan to foster this ecosystem at the Black Hat USA Conference in Las Vegas last week.
    Read More
  • Aug 18, 2023 | The New Stack

    Artificial Intelligence: Stopping the Big Unknown in Application, Data Security [Black Hat USA 2023]

    Artificial intelligence, particularly large language models of the GPT type, were the talk of the town during last week’s Black Hat and Def Con in Las Vegas. But even the experts disagreed to what extent AI changes the security posture companies should take, from protecting internal data to developing applications.
    Read More
  • Aug 17, 2023 | MSSP Alert

    Password Security is Still Top-of-Mind but Evolving Away, Study Finds [Black Hat USA 2023]

    Password security remains relevant but cybersecurity is trending toward a password-less strategy, according to a new survey conducted by Delinea at the recent Black Hat USA conference.
    Read More
  • Aug 17, 2023 | TechTarget

    Risk & Repeat: Highlights from Black Hat USA 2023 [Black Hat USA 2023]

    Black Hat USA 2023 tackled a variety of cybersecurity topics, from large language models to new vulnerabilities.
    Read More
  • Aug 16, 2023 | TechRadar

    Looks like people are ready to move away from passwords [Black Hat USA 2023]

    It appears that many people are ready to embrace the brave new world of passwordless security, as they voice their support for the idea. The Privileged access management (PAM) firm Delinea conducted a survey at this year's Black Hat USA security conference and found that over half (54%) of respondents believe that passwordless solutions are a viable concept. A fifth were also already using passkeys instead of or in addition to passwords.
    Read More
  • Aug 15, 2023 | BetaNews

    Security professionals see a passwordless future drawing closer [Black Hat USA 2023]

    We are moving nearer to a passwordless future according to a survey from Delinea carried out at at the 2023 Black Hat USA Conference.
    Read More
  • Aug 15, 2023 | Security Boulevard

    Passwords are Evolving as a Passwordless Future Draws Nearer [Black Hat USA 2023]

    Enterprises are developing strategies now to protect identities from being stolen and abused even as a true passwordless future is slowly coming into view, according to Joseph Carson, chief security scientist and advisory CISO at privileged access manager (PAM) vendor Delinea.
    Read More
  • Aug 15, 2023 | SC Magazine

    ‘Defender Pretender’ turns Windows’ malware protections against itself [Black Hat USA 2023]

    Windows Defender can be hijacked to ignore malware, falsely recognize benign files as malicious and even delete critical system files to render a machine inoperable, two Israeli researchers demonstrated at the Black Hat security conference here on Aug. 9.
    Read More
  • Aug 14, 2023 | IT World Canada

    Cyber Security Today, August 14, 2023 — A huge insurance company hack, presentations at the Black Hat conference, and more [Black Hat USA 2023]

    One of the presentations at last week’s Black Hat USA security conference showed the advantages of setting up a honeypot to lure and then record the activities of hackers. Two researchers from GoSecure said they captured 100 hours of videos over three years showing the techniques threat actors use to access and exfiltrate data.
    Read More
  • Aug 12, 2023 | The Register

    Inside the Black Hat network operations center, volunteers work in geek heaven [Black Hat USA 2023]

    Every summer, pandemics permitting, a group of volunteers gather in a Las Vegas hotel to run one of the more unusual examples of IT infrastructure on the planet: the Black Hat network operations center.
    Read More
  • Aug 11, 2023 | Politico

    For the first time, U.S. government lets hackers break into satellite in space [Black Hat USA 2023]

    Hackers in a desert in the Southwest are lobbing a barrage of cyberattacks at a U.S. government satellite on Friday — and it’s exactly what the Pentagon wanted to happen.
    Read More
  • Aug 11, 2023 | SecurityWeek

    Black Hat USA 2023 – Announcements Summary [Black Hat USA 2023]

    Hundreds of companies and organizations showcased their cybersecurity products and services this week at the 2023 edition of the Black Hat conference in Las Vegas.
    Read More
  • Aug 11, 2023 | WIRED

    GitHub’s Hardcore Plan to Roll Out Mandatory Two-Factor [Black Hat USA 2023]

    You've heard the advice for years: Turn on two-factor authentication everywhere it’s offered. It’s long been clear that using only a username and password to secure digital accounts isn’t enough. But layering on an additional authentication “factor”—like a randomly generated code or a physical token—makes the keys to your kingdom much tougher to guess or steal.
    Read More
  • Aug 11, 2023 | Infosecurity Magazine

    Black Hat USA Unwrapped: Top 5 Cybersecurity Insights You Can't Afford to Miss [Black Hat USA 2023]

    There is an enduring nature to many cybersecurity challenges while at the same time cyber practitioners must be aware of the evolving scale of threats, including the rapid global impact of AI-related issues.
    Read More
  • Aug 10, 2023 | Cybersecurity Dive

    4 ways organizations can take back the advantage from attackers [Black Hat USA 2023]

    Kelly Shortridge is on a mission — a “resilience revolution” as she describes it — to help defenders outmaneuver threat actors by using the same tactics they employ against other organizations.
    Read More
  • Aug 10, 2023 | Dark Reading

    Dark Reading News Desk at Black Hat USA 2023 [Black Hat USA 2023]

    Dark Reading News Desk was live for two days during Black Hat USA, at Mandalay Bay in Las Vegas. Dark Reading editor Becky Bracken hosted a bevy of Black Hat newsmakers including cybersecurity journalists, experts, and researchers for on-the-scene interviews.
    Read More
  • Aug 10, 2023 | CRN

    20 Hottest New Cybersecurity Tools At Black Hat 2023 [Black Hat USA 2023]

    At Black Hat 2023 this week, vendors are showcasing new products in segments including XDR, application security, vulnerability management and cloud security.
    Read More
  • Aug 10, 2023 | The Record

    CISA Director: US has lessons to learn about anticipating threats, disruption [Black Hat USA 2023]

    U.S. residents and businesses need to be better prepared for inevitable disruptions caused by cyberattacks, according to the head of the country’s cybersecurity agency. Speaking alongside Ukrainian cybersecurity chief Viktor Zhora at the Black Hat cybersecurity conference, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said Americans need to mirror Ukraine’s resilience in the face of an onslaught of damaging cyberattacks.
    Read More
  • Aug 9, 2023 | CSO Online

    The top new cybersecurity products at Black Hat USA 2023 [Black Hat USA 2023]

    Black Hat USA 2023 served as launchpad for a host of cybersecurity products and services, with many notable vendors as well as up-and-coming startups showcasing their innovations at the annual conference, held this week in Las Vegas.
    Read More
  • Aug 9, 2023 | The Messenger

    The US Wants Americans To Learn From Its Cyber Partnership With Ukraine [Black Hat USA 2023]

    The United States’ partnership with Ukraine to fend off Russian hackers during the ongoing war has proven to be an excellent model for helping other countries deal with similar digital assaults, a top U.S. cyber official said Wednesday.
    Read More
  • Aug 9, 2023 | CNBC

    Hackers to compete for nearly $20 million in prizes by using A.I. for cybersecurity, Biden administration announces [Black Hat USA 2023]

    Hackers will have the chance to compete for millions of dollars in prizes by using artificial intelligence to protect critical U.S. infrastructure from cybersecurity risks, the Biden administration announced Wednesday.
    Read More
  • Aug 9, 2023 | SiliconANGLE

    White House launches contest to improve critical infrastructure cybersecurity with AI [Black Hat USA 2023]

    The White House today announced the AI Cyber Challenge, a contest designed to improve the cybersecurity of the United States’ critical infrastructure. The contest was detailed during Black Hat USA 2023, a major cybersecurity event taking place this week in Las Vegas.
    Read More
  • Aug 9, 2023 | VentureBeat

    White House launches AI Cyber Challenge to test how top AI models protect software [Black Hat USA 2023]

    At the Black Hat USA conference in Las Vegas today — the nation’s largest hacking conference — the Biden-Harris administration announced the launch of a two-year open competition to explore how AI can be used to protect and defend the U.S.’s most vital software, including computer code that keeps the internet and critical infrastructure running.
    Read More
  • Aug 8, 2023 | Channel Futures

    Black Hat USA: Cybersecurity Experts Optimistic About Generative AI [Black Hat USA 2023]

    Cybersecurity as an industry is likely going to be the biggest benefactor of AI. A panel of cybersecurity experts from Amazon Web Services (AWS), Barracuda, Splunk and more agreed they are optimistic about the future of generative AI in spite of increasing threats. The panel took place Tuesday at this week’s Black Hat USA.
    Read More
  • Aug 8, 2023 | CyberScoop

    ‘Downfall’ vulnerability leaves billions of Intel CPUs at risk [Black Hat USA 2023]

    Computer security operates on a few basic principles, and one of them is that data in use by one application should not be available to another without permission. This basic architecture should in theory keep one application from snooping on another and stealing, for example, a bank key from a password manager. When that principle breaks down, it can be devastating.
    Read More
  • Aug 8, 2023 | Bleeping Computer

    New Downfall attacks on Intel CPUs steal encryption keys, data [Black Hat USA 2023]

    A senior research scientist at Google has devised new CPU attacks to exploit a vulnerability dubbed Downfall that affects multiple Intel microprocessor families and allows stealing passwords, encryption keys, and private data like emails, messages, or banking info from users that share the same computer.
    Read More
  • Aug 7, 2023 | Omdia

    Cybersecurity is everyone’s responsibility [Black Hat USA 2023]

    Ahead of Black Hat 2023, Omdia Senior Director of Research Maxine Holt discusses the state of the cybersecurity landscape and what lies ahead for businesses not adequately prepared for the threat of cybercrime.
    Read More
  • Aug 4, 2023 | PCMag

    What to Expect at Black Hat 2023 [Black Hat USA 2023]

    Every summer, hackers and researchers from around the world brave the broiling Las Vegas heat, coming together for the hacking extravaganza known as Black Hat. This is the opportunity for academics and professional testers to wow their colleagues by showcasing the vulnerabilities they’ve discovered or new protection techniques they’ve invented.
    Read More
  • Aug 2, 2023 | Dark Reading

    Tesla Jailbreak Unlocks Theft of In-Car Paid Features [Black Hat USA 2023]

    Tesla cars are susceptible to a nearly irreversible jailbreak of their onboard infotainment systems that would allow owners to unlock a bevy of paid in-car features for free. The stolen perks can run the gamut from better bandwidth to faster acceleration and heated seats, according to a team of academic researchers.
    Read More
  • Jul 31, 2023 | Dark Reading

    Summer Documentary Watch Party: 8 Sizzling Cybersecurity Tales [Black Hat USA 2023]

    It's almost August, which means Hacker Summer Camp — the confluence of BSides Las Vegas, Black Hat USA, and DEF CON — is nearly upon us. If you're going to Las Vegas to take part in the annual celebration of probing every system for any possible weakness, we've got a wide selection of documentaries to get you in the investigative mood.
    Read More
  • Jul 21, 2023 | Dark Reading

    Meet the Finalists for the 2023 Pwnie Awards [Black Hat USA 2023]

    With Black Hat USA 2023 looming, it's time to start thinking about the Oscars of cybersecurity, the Pwnie Awards. The statuettes will be handed out live in Las Vegas on Wednesday, Aug. 9, at 6:30 p.m. – with the exception of this year's Lifetime Achievement Pwnie, which was awarded at the Summercon hackers' meetup in Brooklyn, New York, on July 14, when the other nominees were announced.
    Read More
  • Jul 20, 2023 | WIRED

    Satellites Are Rife With Basic Security Flaws [Black Hat USA 2023]

    Hundreds of miles above Earth, thousands of satellites are orbiting the planet to keep the world running smoothly. Timing systems, GPS, and communications technologies are all powered by satellites. But for years, security researchers have warned that more needs to be done to secure the satellites against cyberattacks.
    Read More
  • Jul 12, 2023 | Computer Weekly

    Microsoft users on high alert over dangerous RCE zero-day [Black Hat USA 2023]

    Microsoft has disclosed a potentially serious remote code execution (RCE) zero-day under active exploitation – by a group with alleged links to the Russian intelligence services – among more than 100 other vulnerabilities in its July Patch Tuesday update, but the company has not yet issued an actual patch for it.
    Read More
  • Jun 7, 2023 | Business Wire

    Black Hat USA Announces Over 90 Briefings for its 26th Anniversary Event in Las Vegas [Black Hat USA 2023]

    Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, returns to Las Vegas celebrating Black Hat USA’s 26th anniversary with a live, in-person 6-day program from August 5 – August 10. The event will take place at the Mandalay Bay Convention Center, featuring over 90 Briefings hand selected by the Black Hat Review Board.
    Read More
  • May 29, 2023 | Omdia

    Black Hat Asia 2023: Data exposure, privacy, and minimization [Black Hat Asia 2023]

    Black Hat Asia 2023 in Singapore and its flurry of activities make for an exciting time of the year. Cybersecurity is nascent among organizations in Asia, with plenty of opportunities to rise above in the race to build digital resilience.
    Read More
  • May 19, 2023 | DecryptedTech

    Millions of Android Devices Loaded with Malware Infected OEM Images [Black Hat Asia 2023]

    TrendMicro made a shocking revelation at Black Hat Asia 2023 where they disclosed an operation that has been running since 2018 targeting Android devices. The scheme was uncovered in 2021 while researchers at TrendMicro were looking into SMS PVA (Phone Verified Accounts) mobile bot net. They identified that the botnet had been helped along by a supply chain attack targeting the image used by OEM to rapidly deploy the OS onto the devices.
    Read More
  • May 18, 2023 | The Hacker News

    This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide [Black Hat Asia 2023]

    A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks.
    Read More
  • May 18, 2023 | SC Magazine

    Vulnerabilities in router vendors’ cloud management platforms detailed [Black Hat Asia 2023]

    Hundreds of thousands of operational technology networks and devices are at risk of hijacking attacks stemming from the exploitation of several security vulnerabilities impacting the cloud management platforms of industrial cellular router vendors Sierra Wireless, InHand Networks, and Teltonika Wireless, The Hacker News reports.
    Read More
  • May 17, 2023 | Business Wire

    Black Hat Asia 2023 Closes on Record-Breaking, In-Person Event in Singapore [Black Hat Asia 2023]

    Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, today announced the successful completion of the in-person component of Black Hat Asia 2023. The event welcomed a record number of attendees from May 9 through May 12, with more than 3,000 attendees joining at the Marina Bay Sands Expo & Convention Centre in Singapore.
    Read More
  • May 17, 2023 | Dark Reading

    Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cybercrime Enterprise [Black Hat Asia 2023]

    Millions of Android phone users around the world are contributing daily to the financial wellbeing of an outfit called the Lemon Group, merely by virtue of owning the devices. Unbeknownst to those users, the operators of the Lemon Group have pre-infected their devices before they even bought them. Now, they're quietly using their phones as tools for stealing and selling SMS messages and one-time passwords (OTPs), serving up unwanted ads, setting up online messaging and social media accounts, and other purposes.
    Read More
  • May 15, 2023 | The Register

    Arm acknowledges side-channel attack but denies Cortex-M is crocked [Black Hat Asia 2023]

    Arm issued a statement last Friday declaring that a successful side attack on its TrustZone-enabled Cortex-M based systems was "not a failure of the protection offered by the architecture.”
    Read More
  • May 11, 2023 | The Register

    Millions of mobile phones come pre-infected with malware, say researchers [Black Hat Asia 2023]

    Miscreants have infected millions of Androids worldwide with malicious firmware before the devices even shipped from their factories, according to Trend Micro researchers at Black Hat Asia.
    Read More
  • Apr 28, 2023 | Dark Reading

    Firmware Looms as the Next Frontier for Cybersecurity [Black Hat Asia 2023]

    Last December, researchers discovered a series of five vulnerabilities affecting servers run by more than a dozen major vendors — brand names like Huawei, Qualcomm, Nvidia, AMD, Dell, and HP. The vulnerabilities were nothing to scoff at, either, with CVSS scores ranging from 5.3 (Medium severity) to 9.8 (Critical).
    Read More
  • Aug 25, 2022 | The Register

    Shout-out to whoever went to Black Hat and had North Korean malware on their PC [Black Hat USA 2022]

    The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents.
    Read More
  • Aug 25, 2022 | Forbes

    The Black Hat Conference At 25: Still Fighting The Good Fight [Black Hat USA 2022]

    Out on the Nevada desert sand, a phenomenon 25 years running has again grabbed the attention of the not only the tech industry, but also IT professionals from every industry. The annual Black Hat security convention proves there is no respite in a world of never-ending security threats – from the known, to the unknown, likely and unlikely sources. The conference attracts participants of all stripes, with its insights, breakthroughs, and aspirations. Founded in 1997, the Black Hat event is a yearly cybersecurity community geek-fest with the latest cutting-edge research, developments, and trends.
    Read More
  • Aug 24, 2022 | CSO Online

    Why patching quality, vendor info on vulnerabilities are declining [Black Hat USA 2022]

    Those who apply security patches are finding that it’s becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren’t fixed right or variant bugs that could have been patched the first time.
    Read More
  • Aug 22, 2022 | VentureBeat

    How cybersecurity vendors are misrepresenting zero trust [Black Hat USA 2022]

    The zero-trust vision that cybersecurity vendors are selling isn’t the reality enterprises are experiencing. The disconnect begins during initial sales cycles, where the promises of ease of use, streamlined API integration and responsive service lead to enterprises buying solutions that don’t work. Unfortunately, enterprises are getting more challenges than the vision vendors sold.
    Read More
  • Aug 20, 2022 | SiliconANGLE

    What Black Hat 2022 reveals about securing the supercloud [Black Hat USA 2022]

    Black Hat 2022 was held in Las Vegas last week, at the same time as theCUBE’s supercloud event. Unlike AWS re:Inforce, where words are carefully chosen to put a positive spin on security, Black Hat exposes all the warts of cybersecurity and openly discusses its hard truths. It’s a conference attended by technical experts who proudly share some of the vulnerabilities they’ve discovered and of course by numerous vendors marketing their products and services.
    Read More
  • Aug 19, 2022 | Business Wire

    Black Hat USA 2022 Closes on a Record Breaking Event in Las Vegas & Online [Black Hat USA 2022]

    Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, closes a successful hybrid event for Black Hat USA 2022. The event welcomed more than 21,000 unique attendees, with over 17,400 joining in person at the Mandalay Bay Convention Center in Las Vegas, while over 15,488 actively logged into the virtual platform. Security professionals from 111 countries joined the hybrid event, to experience the robust lineup of groundbreaking content led by security experts who showcased the latest and greatest research currently impacting the industry including more than 90 deeply technical Briefings.
    Read More
  • Aug 19, 2022 | Dark Reading

    State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims [Black Hat USA 2022]

    Fake job offers have become a top phishing tactic for state-sponsored threat actors to lure in unsuspecting targets in the wake of the COVID-19 pandemic, as many reconsider their careers amid growing demand for skilled workers and managers.
    Read More
  • Aug 16, 2022 | USA Today

    As Black Hat security conference turns 25, a lesson: security doesn’t have an end point [Black Hat USA 2022]

    At the start of the Black Hat information-security conference here, founder Jeff Moss took a moment to reflect on the state of cybersecurity today compared to the hopes of industry professionals at the first such gathering 25 years earlier.
    Read More
  • Aug 15, 2022 | Fortune

    ‘Bring on the bugs’: SpaceX will pay you up to $25,000 to hack Starlink [Black Hat USA 2022]

    Someone hacked Elon Musk’s Starlink internet satellite network using a $25 homemade device, but don’t worry, they’re cool with it.
    Read More
  • Aug 15, 2022 | Network Computing

    Black Hat Postmortem: Geopolitical Risks and Complexity on the Rise [Black Hat USA 2022]

    Last week’s Black Hat USA 2022 conference solidly framed the cybersecurity issues IT and network managers are facing. From the keynotes throughout the conference sessions, the message was clear. Security challenges are increasing, and the complexity of modern applications and infrastructures makes it all the more harder to secure networks and defend against attacks.
    Read More
  • Aug 15, 2022 | VICE

    Head of Ukraine’s Cybersecurity Says Russia Has Committed ‘Cyber War Crimes’ [Black Hat USA 2022]

    The head of Ukraine’s cybersecurity agency was in Las Vegas this week, at Black Hat, one of the largest hacking conferences in the world. He said he was there to promote the idea that "we should be united to create some kind of cyber coalition to counter the threats."
    Read More
  • Aug 15, 2022 | FederalSoup.com

    Former CISA chief wants new, cross-cutting agency to lead fed cyber [Black Hat USA 2022]

    The federal government should establish a new "U.S. Digital Agency" to counter risks associated with emerging digital threats and to further bolster national security around privacy and data management, according to the first-ever director of the Cybersecurity and Infrastructure Security Agency.
    Read More
  • Aug 15, 2022 | POLITICO

    Election disinformation fears loom over hacker confab [Black Hat USA 2022]

    HAPPY MONDAY, and welcome to Morning Cybersecurity! I’m your host, Eric Geller, and I’m marveling at these gorgeous supermoon photos from around the world.
    Read More
  • Aug 15, 2022 | VentureBeat

    Black Hat 2022: Why machine identities are the most vulnerable [Black Hat USA 2022]

    Enterprises are struggling to secure machine identities because hybrid cloud configurations are too complex to manage, leading to security gaps cyberattackers exploit. Adding to the confusion are differences between public cloud providers’ approaches to defining machine-based identities using their native identity access management (IAM) applications. Additionally, due to differences in how IAM and machine identity management are handled across cloud platforms, it can be challenging to enforce zero-trust principles, enabling least-privileged access in a hybrid cloud environment.
    Read More
  • Aug 15, 2022 | VentureBeat

    Black Hat 2022 reveals enterprise security trends [Black Hat USA 2022]

    The blast radius of cyberattacks on an enterprise is projected to keep growing, extending several layers deep into software supply chains, devops and tech stacks. Black Hat 2022’s presentations and announcements for enterprise security provide a sobering look at how enterprises’ tech stacks are at risk of more complex, devastating cyberattacks. Held last week in Las Vegas and in its 25th consecutive year, Black Hat‘s reputation for investigative analysis and reporting large-scale security flaws, gaps and breaches are unparalleled in cybersecurity.
    Read More
  • Aug 15, 2022 | Fortune

    ‘Bring on the bugs’: SpaceX will pay you up to $25,000 to hack Starlink [Black Hat USA 2022]

    Someone hacked Elon Musk’s Starlink internet satellite network using a $25 homemade device, but don’t worry, they’re cool with it.
    Read More
  • Aug 13, 2022 | Mashable

    Man vs. Dish: How one researcher used a $25 homemade device to hack into Elon Musk's Starlink system [Black Hat USA 2022]

    With over 3,000 small satellites in orbit, Elon Musk's Starlink has created an excellent fleet orbiting Earth at the moment providing satellite internet access coverage in 36 countries. However, all it took was one Belgian cyber security researcher, a $25 homemade device, and a dream to reveal the first major security flaw in Starlink's user terminals.
    Read More
  • Aug 11, 2022 | TechTarget

    How CI/CD pipelines are putting enterprise networks at risk [Black Hat USA 2022]

    When it comes to the software supply chain, organizations should be concerned about more than just...
    Read More
  • Aug 11, 2022 | VICE

    Researchers Find Vulnerability in Software Underlying Discord, Microsoft Teams, and Other Apps [Black Hat USA 2022]

    A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others, which are used by tens of millions of people all over the world.
    Read More
  • Aug 11, 2022 | VICE

    Vulnerabilities Allowed Researchers to Remotely Lock and Unlock Doors [Black Hat USA 2022]

    If you have worked or still work in an office, you have probably swiped an access card in front of one of those black devices with a light that toggles from red to green, which lets you get into the building. Thanks to a series of vulnerabilities into one of the most popular access control panels in the world, hackers could get into the building too.
    Read More
  • Aug 11, 2022 | Decipher

    KREBS: ‘WE’VE OVER-FETISHIZED THE APT THREAT’ [Black Hat USA 2022]

    The government and industry focus in recent years on the operations and tactics of highline threat actors such as Russian and Chinese APT teams has allowed cybercrime and ransomware groups to have a field day and grow stronger and more technologically advanced in the interim, the former director of the Cybersecurity and Infrastructure Security Agency said.
    Read More
  • Aug 11, 2022 | Dark Reading

    New Cross-Industry Group Launches Open Cybersecurity Framework [Black Hat USA 2022]

    Amazon Web Services (AWS) and Splunk are leading an industry effort of 18 systems and security vendors to standardize how different monitoring systems share security alerts. The goal is to deliver a simplified and vendor-agnostic taxonomy to help security teams ingest and analyze security data faster.
    Read More
  • Aug 11, 2022 | Dark Reading

    4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls [Black Hat USA 2022]

    Cisco's enterprise-class firewalls have at least a dozen vulnerabilities — four of which have been assigned CVE identifiers — that could allow attackers to infiltrate networks protected by the devices, a security researcher from vulnerability management firm Rapid7 plans to say in a presentation at the Black Hat USA conference on Aug. 11.
    Read More
  • Aug 11, 2022 | WIRED

    Sloppy Software Patches Are a 'Disturbing Trend' [Black Hat USA 2022]

    THE WHOLE PURPOSE of vulnerability disclosure is to notify software developers about flaws in their code so they can create fixes, or patches, and improve the security of their products. But after 17 years and more than 10,000 vulnerability disclosures, the Zero Day Initiative is calling out a “disturbing trend” at the Black Hat security conference in Las Vegas today and announcing a plan to apply some counterpressure.
    Read More
  • Aug 11, 2022 | Cybersecurity Dive

    Log4j was the right incident for inaugural review, safety board says [Black Hat USA 2022]

    Two leading members of the Cyber Safety Review Board, speaking at the Black Hat USA conference in Las Vegas Wednesday, praised the inaugural investigation of the Log4j vulnerability
    Read More
  • Aug 11, 2022 | TechTarget

    How CI/CD pipelines are putting enterprise networks at risk [Black Hat USA 2022]

    When it comes to the software supply chain, organizations should be concerned about more than just...
    Read More
  • Aug 11, 2022 | PCMag

    SpaceX Invites Security Researchers to Hack Starlink [Black Hat USA 2022]

    To secure Starlink, SpaceX is inviting security researchers to try and hack the satellite internet system and then report any vulnerabilities to the company.
    Read More
  • Aug 11, 2022 | ITPro

    Three ransomware attacks hit single company over two weeks [Black Hat USA 2022]

    Three of the most prolific ransomware gangs currently in operation targeted the same company over a period of two weeks, according to cyber security researchers.
    Read More
  • Aug 11, 2022 | PCMag

    WTF Just Happened? Why Your Org Needs a Cybersecurity Incident Review Board [Black Hat USA 2022]

    "People don't do shit about cybersecurity until they have to," Tarah Wheeler, a Fulbright scholar and CEO at Red Queen Dynamics, Inc., remarked during her panel at Black Hat.
    Read More
  • Aug 11, 2022 | InformationWeek

    Black Hat at 25: Why Cybersecurity Is Going to Get Worse Before It Gets Better [Black Hat USA 2022]

    Chris Krebs, the first director of the Cybersecurity and Infrastructure Security Agency (CISA), a part of the US Department of Homeland Security, believes that information security will get worse before it gets better. Krebs, now a founding partner of consulting firm Krebs Stamos Group, opened information security conference Black Hat USA 2022 with a keynote speech on August 10.
    Read More
  • Aug 11, 2022 | TechTarget

    Google researchers dissect Android spyware, zero days [Black Hat USA 2022]

    Google's Threat Analysis Group provided new insight into the various tricks used by surveillance vendors to spread..
    Read More
  • Aug 11, 2022 | Channel Futures

    Black Hat USA: Former CISA Director Says Cybercrime to Get a Lot Worse Before Better [Black Hat USA 2022]

    Former Cybersecurity and Infrastructure Agency (CISA) director Chris Krebs says when it comes to cybercrime, things are going to get a lot worse before they get better.
    Read More
  • Aug 11, 2022 | The Daily Swig

    Browser-powered desync: New class of HTTP request smuggling attacks showcased at Black Hat USA [Black Hat USA 2022]

    A new class of HTTP request smuggling attack allowed a security researcher to compromise multiple popular websites including Amazon and Akamai, break TLS, and exploit Apache servers.
    Read More
  • Aug 11, 2022 | The Daily Swig

    Black Hat USA: Deliberately vulnerable AWS, Azure cloud infrastructure is a pen tester’s playground [Black Hat USA 2022]

    Security pros from INE enjoyed a double billing at Black Hat USA yesterday (August 10) as they showcased penetration testing tools AWSGoat and AzureGoat.
    Read More
  • Aug 11, 2022 | The Daily Swig

    ReNgine upgrade: New subscan feature, PDF reports, expanded toolbox showcased at Black Hat USA [Black Hat USA 2022]

    Black Hat USA attendees were given a firsthand look at the new and improved ReNgine, which includes several new features for penetration testers and red teamers.
    Read More
  • Aug 11, 2022 | The Daily Swig

    Black Hat USA: Log4j de-obfuscator Ox4Shell ‘dramatically’ reduces analysis time [Black Hat USA 2022]

    A Log4Shell de-obfuscation tool that promises simple, rapid payload analysis without the risk of “critical side effects” has been showcased at Black Hat USA.
    Read More
  • Aug 11, 2022 | Wired

    This Anti-Tracking Tool Checks If You're Being Followed [Black Hat USA 2022]

    MATT EDMONDSON, A federal agent with the Department of Homeland Security for the last 21 years, got a call for help last year. A friend working in another part of government—he won’t say which one—was worried that someone might have been tailing them when they were meeting a confidential informant who had links to a terrorist organization. If they were being followed, their source’s cover may have been blown. “It was literally a matter of life and death,” Edmondson says.
    Read More
  • Aug 11, 2022 | InfoSecurity US

    #BHUSA: Chris Krebs Explains How Cybersecurity Can Improve [Black Hat USA 2022]

    Why is cybersecurity so bad right now? That is the question with which the Black Hat USA 2022 security conference got underway on August 10 in an opening keynote address from former CISA director Chris Krebs.
    Read More
  • Aug 10, 2022 | The Wall Street Journal Online

    Tech, Cyber Companies Launch Security Standard to Monitor Hacking Attempts [Black Hat USA 2022]

    A group of 18 tech and cyber companies said Wednesday they are building a common data standard for sharing cybersecurity information. They aim to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to fully assess hacking threats.
    Read More
  • Aug 10, 2022 | CRN

    MAJOR CYBERSECURITY COMPANIES CREATE NEW OPEN-SOURCE CONSORTIUM TO SHARE KEY DATA [Black Hat USA 2022]

    Black Hat USA 2022 started off with a bang Wednesday with a group of major cybersecurity companies unveiling the formation of a new open-source consortium to share key data and with DNSFilter separately saying it’s acquiring Guardian, a firewall and VPN platform.
    Read More
  • Aug 10, 2022 | Gizmodo

    Researcher Hacks Starlink Terminal to Warn SpaceX of Dangerous Flaws [Black Hat USA 2022]

    A researcher from Belgium created a $25 hacking tool that could glitch Starlink’s internet terminals, and he is reportedly going to make this tool available for others to copy. Lennert Wouters, a security researcher at KU Leuven, demonstrated how he was able to hack into Elon Musk’s satellite dishes at the Black Hat Security Conference being held this week in Las Vegas, Wired reported.
    Read More
  • Aug 10, 2022 | CNN

    More than a dozen companies developing single standard to detect cyberattacks faster [Black Hat USA 2022]

    More than a dozen companies in the cybersecurity space are developing a single, open standard for sharing data about hacking threats, a project the companies say could help organizations detect cyberattacks more quickly.
    Read More
  • Aug 10, 2022 | Cybersecurity Dive

    AWS, Splunk lead open source effort to spot and curb cyberattacks [Black Hat USA 2022]

    A coalition of 18 companies on Wednesday introduced a project aimed at creating a universal model for sharing data deemed essential to spot and curb cyberattacks.
    Read More
  • Aug 10, 2022 | TechCrunch

    Group of security companies launches open source project to ease data sharing [Black Hat USA 2022]

    It’s long been known that security is not a problem that companies, even large corporations, can solve on their own. It takes a community working together to battle the kinds of problems that companies are facing today when it comes to cybersecurity.
    Read More
  • Aug 10, 2022 | Channel Futures

    Black Hat USA 2022: DNSFilter, NetWitness, BlackBerry, CrowdStrike, More [Black Hat USA 2022]

    Black Hat USA 2022 kicked off Wednesday in Las Vegas with a flurry of news and research from DNSFilter, NetWitness, BlackBerry, CrowdStrike and more.
    Read More
  • Aug 10, 2022 | Dark Reading

    Looking Back at 25 Years of Black Hat [Black Hat USA 2022]

    Back in 1997, when tech companies didn't understand hackers very well and didn't take them seriously, the founder of DEF CON, Jeff Moss, decided to create an event that would give everyone the chance to peek inside the minds of these creative geniuses. Black Hat was born.
    Read More
  • Aug 10, 2022 | WIRED

    The Hacking of Starlink Terminals Has Begun [Black Hat USA 2022]

    Since 2018, Elon Musk’s Starlink has launched more than 3,000 small satellites into orbit. This satellite network beams internet connections to hard-to-reach locations on Earth and has been a vital source of connectivity during Russia’s war in Ukraine. Thousands more satellites are planned for launch as the industry booms. Now, like any emerging technology, those satellite components are being hacked.
    Read More
  • Aug 10, 2022 | Computer

    Microsoft fixes two-year-old MSDT vulnerability in August update [Black Hat USA 2022]

    Two-and-a-half years after a security researcher publicly disclosed the existence of a remote code execution (RCE).
    Read More
  • Aug 10, 2022 | WIRED

    One of 5G's Biggest Features Is a Security Minefield [Black Hat USA 2022]

    TRUE 5G WIRELESS data, with its ultrafast speeds and enhanced security protections, has been slow to roll out around the world. As the mobile technology proliferates—combining expanded speed and bandwidth with low-latency connections—one of its most touted features is starting to come in to focus. But the upgrade comes with its own raft of potential security exposures.
    Read More
  • Aug 9, 2022 | CyberScoop

    What to watch for as 'Hacker Summer Camp' gets underway in Las Vegas [Black Hat USA 2022]

    A trio of cybersecurity conferences — BSidesLV, Black Hat USA and DEF CON — kicks off this week in Las Vegas in what’s collectively known as Hacker Summer Camp, bringing together policymakers, executives, experts, hackers and enthusiasts against a backdrop of some of the most unsettled international events of recent years.
    Read More
  • Aug 9, 2022 | ChannelPro Networks

    Sophos Says Attackers are Ganging Up on Victims [Black Hat USA 2022]

    Ransomware victims are being targeted by multiple attackers within weeks, days, and even hours, according to a new whitepaper from security vendor Sophos.
    Read More
  • Aug 9, 2022 | Dark Reading

    Russia-Ukraine Conflict Holds Cyberwar Lessons [Black Hat USA 2022]

    The online attacks against infrastructure and information operations used by both sides in the conflict between Russia and Ukraine fulfill the definition of cyberwar and hold lessons for governments and companies, two researchers plan to say this week at the Black Hat USA conference in Las Vegas.
    Read More
  • Aug 9, 2022 | Dark Reading

    Abusing Kerberos for Local Privilege Escalation [Black Hat USA 2022]

    As the main authentication protocol for Windows enterprise networks, Kerberos has long been a favored hacking playground for security researchers and cybercriminals alike. While the focus has been on attacking Kerberos authentication to carry out remote exploits and aid in lateral movement across the network, new research explores how Kerberos can also be abused to great effect in carrying out a variety of local privilege escalation (LPE) attacks.
    Read More
  • Aug 9, 2022 | SC Media Online

    Early Log4j mitigation, asset inventory led to a better security position [Black Hat USA 2022]

    Third-party scans suggest that a significant number of large businesses that spent the first months in the wake of the Log4j discovery conducting rigorous asset inventory and rooting out instances in their software or hardware were able to reduce their risk from the vulnerability to near zero in the following months. Meanwhile, those that were sluggish to initially address the flaw early often saw their risk increase or compound as new, vulnerable assets were brought online over the year.
    Read More
  • Aug 9, 2022 | The Daily Swig

    Simple IDOR vulnerability in Reddit allowed mischief-makers to perform mod actions [Black Hat USA 2022]

    A vulnerability in Reddit allowed attackers to perform moderator actions or elevate regular users to mod status without the appropriate permissions.
    Read More
  • Aug 9, 2022 | VentureBeat

    NetSPI rolls out 2 new open-source pen-testing tools at Black Hat [Black Hat USA 2022]

    Preventing and mitigating cyberattacks is a day-to-day — sometimes hour-to-hour — is a massive endeavor for enterprises. New, more advanced techniques are revealed constantly, especially with the rise in ransomware-as-a-service, crime syndicates and cybercrime commoditization. Likewise, statistics are seemingly endless, with a regular churn of new, updated reports and research studies revealing worsening conditions.
    Read More
  • Aug 9, 2022 | The Washington Post

    Treasury cracks down on a tool that helped launder billions [Black Hat USA 2022]

    Welcome to The Cybersecurity 202! Go watch “Sandman” now, if you haven't. Those comics were a formative part of my youth, but I never thought a TV adaptation could work. Thankfully, I was wrong.
    Read More
  • Aug 9, 2022 | SC Media Online

    IBM reveals ways to use native source-code management functionality in attacks [Black Hat USA 2022]

    IBM’s pen testing group X-Force Red released a new source-code management (SCM) attack simulation toolkit Tuesday, with new research revealing ways to use native SCM functionality in attacks.
    Read More
  • Aug 9, 2022 | PCMag UK

    What to Expect at Black Hat 2022 [Black Hat USA 2022]

    Almost every August, Las Vegas fills to the brim with a curious cross-section of visitors: hackers, researchers, hobbyists, and everyone else who has an interest in making computers do things they shouldn't. They're in town for Black Hat (and its less formal sibling event, DEF CON), and PCMag will be there, too. Here's what we're looking forward to this year.
    Read More
  • Aug 8, 2022 | POLITICO

    A marquee week for cybersecurity in Vegas [Black Hat USA 2022]

    HAPPY MONDAY, and welcome back to Morning Cybersecurity! I’m your host, Maggie Miller, and we’re officially into the part of summer where Washington, D.C., is filled exclusively with tourists while Capitol Hill clears out for the month. The “stand on the right, walk on the left” thoughts are about to go into overdrive.
    Read More
  • Aug 8, 2022 | Security Boulevard

    Phone Numbers Used for Identification, Hacker Summer Camp Advice, Samsung Repair Mode [Black Hat USA 2022]

    Why your phone number is becoming a popular way to identify you, our advise on how to best protect your privacy at hacker summer camp in Las Vegas (BSides, BlackHat, DEF CON), and details on Samsung’s new repair mode which will protect your private data on your smartphone when you take it in for repairs.
    Read More
  • Aug 8, 2022 | TechTarget

    VMware: The threat of lateral movement is growing [Black Hat USA 2022]

    Lateral movement was observed in 25% of all attacks that VMware tracked for its annual "Global Incident Response Threat Report," released Monday.
    Read More
  • Aug 8, 2022 | CNET

    Cybercriminals Are Using Bots to Steal Online Pharmacy Accounts [Black Hat USA 2022]

    Cybercriminals are increasingly deploying software Bots to commandeer the online pharmacy accounts of everyday people, according to new research, allowing hackers to illegally buy prescription drugs and depriving patients of needed medications.
    Read More
  • Aug 5, 2022 | Associated Press

    DARKTRACE TO PRESENT KEY SESSIONS AT BLACK HAT USA 2022 [Black Hat USA 2022]

    BLACK HAT USA 2022 – Darktrace, a global leader in cyber security artificial intelligence, today announced it will present two sessions at Black Hat USA 2022. Listed below, Darktrace speakers will explore preventative approaches to cyber security that are redefining how organizations and smart cities mitigate cyber risk.
    Read More
  • Aug 4, 2022 | Security Boulevard

    BlackCloak Brings Digital Executive Protection to Black Hat 2022 [Black Hat USA 2022]

    Next week, members of both BlackCloak’s executive and revenue teams will descend on Las Vegas for the annual Black Hat Conference. This year will be the first for us as an exhibitor. You can find us setup in Innovation City Booth #52.
    Read More
  • Aug 4, 2022 | The CyberWire

    Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Report: Emergency Alert System vulnerable to hijacking. [Black Hat USA 2022]

    The Security Service of Ukraine (SSU) says it dismantled a large Russian botnet operation that was being used to spread Russian propaganda and disinformation. The bots, about a million strong, were herded from locations within Ukraine itself, in the cities of Kyiv, Kharkiv, and Vinnytsia, BleepingComputer reports. Their output took the form of social media posts from inauthentic accounts associated with fictitious personae. The SSU describes the operation as follows: "Their latest ‘activities’ include the distribution of content on the alleged conflict between the leadership of the President’s Office and the Commander-in-Chief of the Armed Forces of Ukraine as well as a campaign to discredit the first lady. To spin destabilizing content, perpetrators administered over 1 million of their own bots and numerous groups in social networks with an audience of almost 400,000 users. In the course of a multi-stage special operation, the SSU exposed the leader of this criminal group. He is a russian citizen who has lived in Kyiv and positioned himself as a ‘political expert.’"
    Read More
  • Aug 4, 2022 | Word Fence

    Wordfence Intelligence Launching at Black Hat 2022 in Las Vegas Next Week [Black Hat USA 2022]

    Wordfence protects over 4 million websites around the world on 12,000 unique networks, and we block over 1.8 billion attacks targeting those websites every month. For years we have had a relationship with our customers that is a virtuous cycle: We receive attack reports from our customers at a rate of over 700 reports per second, and we distill those attacks into malware signatures, firewall rules, and an IP blocklist, and we give that data back to our customers in the form of a threat intelligence feed.
    Read More
  • Aug 4, 2022 | Business Wire

    Expel Heads to Las Vegas and Makes its Black Hat Debut [Black Hat USA 2022]

    Fresh off its successful RSA Conference debut, Expel is again making its first-time appearance at a landmark industry event—Black Hat USA 2022. Expel, the managed security provider that aims to make security easy to understand, use and improve, is exhibiting in the Black Hat business hall, and will be located in booth #2861, August 10-11.
    Read More
  • Aug 4, 2022 | Business Wire

    IronNet to Help Secure Black Hat USA 2022 through Network Operations Center [Black Hat USA 2022]

    IronNet, Inc. (NYSE: IRNT), an innovative leader Transforming Cybersecurity Through Collective DefenseSM, today announced it will participate in the Black Hat Network Operations Center (NOC) to provide a highly secure, high-availability network in one of the most demanding environments in the world–the Black Hat USA 2022 event.
    Read More
  • Aug 3, 2022 | Dark Reading

    How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes [Black Hat USA 2022]

    It's a well-known fact that humans are — and will remain — one of the weakest links in any company's cyber defenses. Security admins have tried to help the situation through random phishing tests and training, ultimatums, eliminating local control over a given device, and even naming and shaming those unlucky souls who clicked on the wrong link in an email.
    Read More
  • Aug 3, 2022 | Business Wire

    Black Hat USA Research: Supply Chain and Cloud Security Risks Are Top of Mind [Black Hat USA 2022]

    Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, releases its eighth annual community survey Supply Chain and Cloud Security Risks Are Top of Mind. The report highlights important findings from more than 180 of the industry’s most experienced cybersecurity professionals who reported concerns over attacks against cloud services, ransomware and the growing risks to the global supply chain.
    Read More
  • Jul 24, 2022 | The State of Security

    Black Hat USA 2022: What you need to know [Black Hat USA 2022]

    Following a successful hybrid event in 2021 that saw more than 6,000 in-person, and more than 14,500 virtual attendees, Black Hat USA returns in 2022 to the Mandalay Bay Convention Centre in Las Vegas, Nevada. Now in its 25th year, this year’s event has three key components, each equally unmissable, namely these are Trainings, Briefings, and The Business Hall.
    Read More
  • Jul 15, 2022 | Dark Reading

    Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine [Black Hat USA 2022]

    The infamous Sandworm threat group operating out of Russia's military GRU unit has no qualms about taunting researchers when it finds it is being watched. Just ask Robert Lipovsky and his fellow researchers at ESET, who got the message loud and clear when they dissected one of Sandworm's newer malware variants earlier this year: The Sandworm attackers disguised the loader for one of its data-wiping variants as the IDAPro reverse-engineering tool — the very same tool the researchers had used to analyze the attackers' malware.
    Read More
  • Jul 15, 2022 | Security Boulevard

    Why Should you Visit Black Hat this Year? [Black Hat USA 2022]

    Ever since it was introduced in 1997 by Jeff Moss, Black Hat has emerged to become one of the most promising information security events across the world. Apart from informative discussions and briefings, the Black Hat event also comes up as a promising opportunity for the networking and security vendors to unveil their ground-breaking products and services in front of an audience, which consists of thousands of security professionals, C-Suite executives, and small-business owners.
    Read More
  • Jul 12, 2022 | Dark Reading

    Rezilion Unveils Broad Lineup Platform Enhancements, Providing Organizations with Holistic and Automated Toolset to Accelerate Software Security [Black Hat USA 2022]

    Rezilion announced today the full availability of its new, automated vulnerability management solution to identify, prioritize, and remediate vulnerable software.
    Read More
  • Jul 12, 2022 | Dark Reading

    Don't Have a COW: Containers on Windows and Other Container-Escape Research [Black Hat USA 2022]

    In what's shaping up to be a summer of container escapes, a pair of talks slated for Black Hat USA next month will explore the kinds of architectural weaknesses in operating systems and in container platforms that can make it easy for attackers break down the barriers of container isolation and run roughshod over cloud infrastructure.
    Read More
  • Jul 4, 2022 | digit

    Hackers lifting fingerprints from your Android phone? [Black Hat USA 2022]

    Researcher duo reveals that fingerprint sensors on your Android device can be hacked to reveal all you fingerprint dataBy Digit NewsDesk | Published 04 Jul 2022 14:04 IST HIGHLIGHTS Research duo reveals that fingerprint sensors on your Android device can be hacked to reveal your fingerprint data Hackers lifting fingerprints from your Android phone?Hackers lifting fingerprints from your Android phone?GOBASS 400 Headphones Operate calls and music on the go with multi function control Make crystal clear calls with a high def mic Click here to know moreAdvertisementsYour fingerprints on your Android phone might not be as safe as you think. Recently, two security researchers at the annual Black Hat conference revealed that the fingerprint scanner on your Android devices is quite vulnerable. Researchers Tao Wei and Yulong Zhong of FireEye Inc., showed that Hackers can remotely lift fingerprints from Android devices. The duo talked about how design flaws in TrustZone, the ARM technology that comes embedded in modern day smartphones, will simply let a 'sensor spying attack' harvest a user fingerprints.
    Read More
  • Jun 25, 2022 | Synack

    Kim Crawley [Black Hat USA 2022]

    The Artemis Red Team, a new subgroup within the Synack Red Team, was formed to encourage women, trans and nonbinary people to excel in their pentesting careers. There are vast numbers of untapped and underrepresented hacking talent in the world, and the Artemis Red Team is actively seeking these individuals out, giving them a home for mentorship and helping them develop their professional skills.
    Read More
  • Jun 16, 2022 | WIRED

    Police Linked to Hacking Campaign to Frame Indian Activists [Black Hat USA 2022]

    Now the researchers have gone further in nailing down the group’s affiliations. Working with a security analyst at a certain email provider—who also spoke to WIRED but asked that neither they nor their employer be named—SentinelOne learned that three of the victim email accounts compromised by the hackers in 2018 and 2019 had a recovery email address and phone number added as a backup mechanism.
    Read More
  • Jun 14, 2022 | Security Boulevard

    Introducing Ghostwriter v3.0 [Black Hat USA 2022]

    The Ghostwriter team recently released v3.0.0. This release represents a significant milestone for the project, and there has never been a better time to try out Ghostwriter. Our goal was to make it much simpler to install and manage the application and make it possible to add external functionality via an API. This release accomplishes all of this and more, and we’re excited for you to see it. DevOps Connect:DevSecOps @ RSAC 2022 Introducing Ghostwriter CLI For this release, we created an all-new tool to help you manage Ghostwriter’s services, Ghostwriter CLI! GitHub – GhostManager/Ghostwriter_CLI: Golang CLI binary used for installing and managing Ghostwriter Written entirely in Go, this command-line tool can be cross-compiled to support Windows, macOS, and Linux, so you can use whichever operating system you like as your host system for Ghostwriter. You only need to have Docker installed. Ghostwriter CLI greatly simplifies server management. Current Ghostwriter users will notice we have removed the need for the old environment files. We even removed the requirement for you to generate the TLS/SSL certificates for production environments (unless you want to use your own signed certificates). $ ./ghostwriter-cli help Ghostwriter-CLI
    Read More
  • Jun 1, 2022 | Business Wire

    [Black Hat USA 2022]

    Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, returns to Las Vegas celebrating Black Hat USA’s 25th anniversary with a hybrid event on August 6 – August 11. The event will take place at Mandalay Bay Convention Center with both a virtual experience and an in-person event, offering a robust lineup of over 80 Briefings hand selected by the Black Hat Review Board, comprised of some of the industry’s most respected experts.
    Read More
  • May 16, 2022 | Dark Reading

    US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional [Black Hat Asia 2022]

    The future of cybersecurity public-private partnerships (PPP) will be about sharing efforts and pooling resources to provide a common defense, explained US national cyber director Chris Inglis during a fireside chat at Black Hat Asia
    Read More
  • May 14, 2022 | Dark Reading

    How to Turn a Coke Can Into an Eavesdropping Device [Black Hat Asia 2022]

    A soda can, a smartphone stand, or any shiny, lightweight desk decoration could pose a threat of eavesdropping, even in a soundproof room, if an attacker can see the object, according to a team of researchers from Ben-Gurion University of the Negev.
    Read More
  • May 13, 2022 | Dark Reading

    Black Hat Asia: Democracy's Survival Depends on Taming Technology [Black Hat Asia 2022]

    Technology is an existential threat to global democracy — requiring a shift to a transnationally regulated, culturally sensitive tech ecosystem that provides space for democracies to flourish.
    Read More
  • May 13, 2022 | Dark Reading

    CISO Shares Top Strategies to Communicate Security's Value to the Biz [Black Hat Asia 2022]

    When it comes to demonstrating the value of cybersecurity to a business, one of the biggest challenges is communicating ROI to the C-suite. The entrenched perception of security as an obstacle to productivity and other areas makes it very difficult for security engineers and nontechnical management to be on the same page.
    Read More
  • May 13, 2022 | The Daily Swig

    Black Hat Asia: ‘If democracy is to survive, technology will have to be tamed’ [Black Hat Asia 2022]

    The internet is not currently, as its earliest advocates foresaw, “a great liberator of human expression and catalyst for pluralism and democratic thought”, reflects tech and geopolitics expert Samir Saran.
    Read More
  • May 13, 2022 | The Register

    'Peacetime in cyberspace is a chaotic environment' says senior US advisor [Black Hat Asia 2022]

    Cyber war has become an emerged aspect of broader armed conflicts, commencing before the first shot is fired, cybersecurity expert Kenneth Geers told the audience at the Black Hat Asia conference on Friday.
    Read More
  • May 13, 2022 | The Register

    Software patching must work like car safety recalls, says US cyber boss [Black Hat Asia 2022]

    Software made unsafe by dependencies should be fixed without users needing to interact with the source of the problem, according to US National Cyber Director Chris Inglis, who serves in the Executive Office of the President.
    Read More
  • May 13, 2022 | The Register

    Researchers find 134 flaws in the way Word, PDFs, handle scripts [Black Hat Asia 2022]

    Security researchers have devised a tool that detects flaws in the way apps like Microsoft Word and Adobe Acrobat process JavaScript, and it's proven so effective they've found 134 bugs – 59 of them considered worthy of a fix by vendors, 33 assigned a CVE number, and 17 producing bug bounty payments totaling $22,000.
    Read More
  • May 13, 2022 | The Register

    To predict the targets of Chinese malware, look at the target of Chinese laws [Black Hat Asia 2022]

    BLACK HAT ASIA Keep an eye on new Chinese government policies, if you want to anticipate malware attacks, a threat intelligence analyst suggested at the Black Hat Asia conference on Thursday.
    Read More
  • May 12, 2022 | The Register

    Black Hat founder on cyber-governance and Ukraine war [Black Hat Asia 2022]

    BLACK HAT ASIA The war in Ukraine, and the Declaration for the Future of the Internet signed by 60 nations in late April, should be understood in the context of a global effort to recruit the nations of the world into blocs with different attitudes to internet governance.
    Read More
  • May 12, 2022 | The Register

    APT gang 'Sidewinder' goes on two-year attack spree across Asia [Black Hat Asia 2022]

    BLACK HAT ASIA The advanced persistent threat gang known as SideWinder has gone on an attack spree in the last two years, conducting almost 1,000 raids and deploying increasingly sophisticated attack methods.
    Read More
  • May 12, 2022 | Dark Reading

    Transforming SQL Queries Bypasses WAF Security [Black Hat Asia 2022]

    A team of university researchers used basic machine learning to identify patterns that common Web application firewalls (WAFs) fail to detect as malicious, but which can still deliver an attacker's payload, one of the researchers said in a presentation at the Black Hat Asia security conference in Singapore on Thursday.
    Read More
  • May 12, 2022 | Dark Reading

    Black Hat Asia: Firmware Supply Chain Woes Plague Device Security [Black Hat Asia 2022]

    When it comes to developing the firmware that powers computing devices, the ecosystem consists of complex supply chains that have multiple contributors. For any given device, firmware could be made up of a hodgepodge of components from different sources. And that means that when it's time to address security vulnerabilities, it's far from a straightforward process to get a patch out to the public.
    Read More
  • May 12, 2022 | Dark Reading

    On the Air With Dark Reading News Desk at Black Hat Asia 2022 [Black Hat Asia 2022]

    Like many things since 2020, Dark Reading News Desk has had to adapt. Instead of broadcasting live interviews with security researchers presenting at Black Hat, News Desk shifted to prerecorded interviews with the speakers.
    Read More
  • May 12, 2022 | The Register

    It's time to kick China off social media, says tech governance expert [Black Hat Asia 2022]

    BLACK HAT ASIA The time has come to remove Chinese voices from global social media, according to Samir Saran, president of Delhi-based think tank Observer Research Foundation (ORF), a commissioner of The Global Commission on the Stability of Cyberspace, and a member of Microsoft's Digital Peace Now Initiative.
    Read More
  • May 12, 2022 | Dark Reading

    Known macOS Vulnerabilities Led Researcher to Root Out New Flaws [Black Hat Asia 2022]

    Sometimes all it takes to root out a new software vulnerability is to study and analyze previous bug reports. That's how researcher Csaba Fitzl says he sniffed out some new Apple macOS vulnerabilities, one of which was a mirror image of a logic flaw that a group of researchers competing in the 2020 Pwn2Own contest found and executed there.
    Read More
  • May 5, 2022 | Dark Reading

    1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin [Black Hat Asia 2022]

    It's one of the more prolific yet lesser-known nation-state hacking groups in the world, and it's not out of China or Russia. The so-called SideWinder (aka Rattlesnake or T-APT4) group has been on a tear over the past two years, launching more than 1,000 targeted attacks.
    Read More
  • Apr 11, 2022 | Yahoo! Singapore

    Black Hat Announces Keynote Speakers for Black Hat Asia 2022 Hybrid Event [Black Hat Asia 2022]

    Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces Samir Saran, President of the Observer Research Foundation, and George Do, Chief Information Security Officer at Gojek and GoTo Financial, as Keynote speakers for Black Hat Asia 2022 hybrid event. Registration is open for the hybrid event offering a virtual only pass and an in-person pass, taking place at Marina Bay Sands in Singapore on May 10 – 13 (GMT +8h).
    Read More
  • Mar 7, 2022 | Business Wire

    Black Hat Announces Content Lineup for Black Hat Asia 2022 Hybrid Event [Black Hat Asia 2022]

    SAN FRANCISCO--(BUSINESS WIRE)--Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces the release of its Briefings and content lineup for Black Hat Asia 2022. Registration is open for the hybrid event offering a virtual only pass and an in-person pass, taking place at Marina Bay Sands in Singapore on May 10 – 13 (GMT +8h). This year’s Briefings lineup will include over 30 talks spanning many topics on information security such as malware, reverse engineering, applied security, exploit development, cloud and platform security and more.
    Read More
  • Feb 2, 2022 | WIRED

    An Optical Spy Trick Can Turn Any Shiny Object Into a Bug [Black Hat Asia 2022]

    THE MOST PARANOID among us already know the checklist to avoid modern audio eavesdropping: Sweep your home or office for bugs. Put your phone in a Faraday bag—or a fridge. Consider even stripping internal microphones from your devices. Now one group of researchers offers a surprising addition to that list: Remove every lightweight, metallic object from the room that's visible from a window.
    Read More
  • Nov 20, 2021 | Forbes

    Can Time Be Hacked? Here’s How One Hacker Demonstrated It Can [Black Hat Europe 2021]

    Cher sang about manipulating it while Doctor Who dramatized it. This hacker went one better and did it. Here's how time got hacked.
    Read More
  • Nov 15, 2021 | The Daily Swig

    Removing need to unlock mobile wallets for contactless payments has eroded security protections, researchers warn [Black Hat Europe 2021]

    Moves to make it easier to use contactless payments on public transport systems have eroded the security of mobile wallets, security researchers have discovered.
    Read More
  • Nov 15, 2021 | SecurityWeek

    IoT Protocol Used by NASA, Siemens and Volkswagen Can Be Exploited by Hackers [Black Hat Europe 2021]

    Maintained by the standards development organization Object Management Group (OMG), DDS is a middleware protocol and API standard for data connectivity that is advertised as ideal for business-critical IoT systems. DDS has been used in sectors such as public transportation, air traffic management, aerospace, autonomous driving, industrial robotics, medical devices, and missile and other military systems.
    Read More
  • Nov 15, 2021 | Dark Reading

    How to Negotiate With Ransomware Attackers [Black Hat Europe 2021]

    Organizations hit with ransomware often find themselves in a crisis: To pay or not to pay? Most security experts agree payment is not the ideal response to a ransomware attack. But the truth is, some organizations don't have a choice — and in these cases, they need to have a strategy.
    Read More
  • Nov 12, 2021 | IT Pro

    Black Hat Europe: Strong security relies on a 'culture of openness' [Black Hat Europe 2021]

    Executives and managers need to do a better job of creating a safe space for knowledge-sharing if they hope to make their organisations more secure.
    Read More
  • Nov 11, 2021 | Professional Security

    Black Hat Europe on SOC psychology [Black Hat Europe 2021]

    So much of cyber security is about technicalities, and seldom about workplace psychology. That’s as true of this week’s annual Black Hat Europe conference, online and in London; where titles of talks have included the intriguing ‘how your e-book might be reading you’; VPN exploits, ransomware, cloud account hacking, hacked databases of Azure customers, and so on.
    Read More
  • Nov 11, 2021 | InfoSecurity US

    #BHEU: Zero Trust Protects Against Ransomware, Claims Engineer [Black Hat Europe 2021]

    “A zero trust architecture can protect against ransomware” was the resounding claim made by Ben Jenkins, senior solutions engineer at ThreatLocker, during a session at Black Hat Europe 2021.
    Read More
  • Nov 11, 2021 | InfoSecurity US

    #BHEU: Can Time Be Hacked? [Black Hat Europe 2021]

    Time synchronization is a fragile ecosystem that is vulnerable to being hacked, with the potential for enormous damage to be caused. This was the message of Adam Laurie, global associate partner and lead hardware hacker, IBM X-Force Red, during the keynote address on day two of Black Hat Europe 2021.
    Read More
  • Nov 11, 2021 | The Daily Swig

    Dependency Combobulator offers defense against namespace confusion attacks [Black Hat Europe 2021]

    An open source toolkit designed to detect and thwart dependency confusion attacks was unveiled at Black Hat Europe 2021 yesterday.
    Read More
  • Nov 11, 2021 | The Daily Swig

    Zero tolerance: How infosec’s online ‘cancel culture’ is stunting industry growth [Black Hat Europe 2021]

    Social media backlash and online squabbling is stopping the information security industry from learning from its mistakes, Black Hat Europe attendees heard today.
    Read More
  • Nov 11, 2021 | Dark Reading

    What Happens If Time Gets Hacked [Black Hat Europe 2021]

    Most people take time synchronization for granted, but it operates on what hardware security expert Adam Laurie calls a "fragile ecosystem." Laurie, a renowned hardware hacker, here today demonstrated an unnervingly simple way to alter time on a clock.
    Read More
  • Nov 11, 2021 | InfoSecurity US

    #BHEU: 5 Ways to Approach Ransomware Negotiations [Black Hat Europe 2021]

    Five key approaches organizations should take during ransomware negotiations with extorters to improve the outcome were outlined by Pepijn Hack, cybersecurity analyst of Fox-TT, part of NCC Group, in a session at Black Hat Europe 2021.
    Read More
  • Nov 11, 2021 | Dark Reading

    Cloud Attack Analysis Unearths Lessons for Security Pros [Black Hat Europe 2021]

    An attack group known for cloud-specific campaigns targeting Amazon Web Services (AWS) credentials has recently expanded its toolkit to steal more credentials from targeted cloud systems and deploy new tactics to exploit containerized Kubernetes systems.
    Read More
  • Nov 10, 2021 | IT Pro

    Black Hat Europe: ‘Failures in tech governance are eroding democracy’ [Black Hat Europe 2021]

    Public and private sector bodies in charge of governing the use of technology in society are “effectively condoning” attacks on democracy, a leading expert on cyber security has said.
    Read More
  • Nov 10, 2021 | InfoSecurity US

    #BHEU: Ransomware is The New Terrorism, Contends Cyber Expert [Black Hat Europe 2021]

    “The continued survival and future of your organization cannot be based upon negotiations with criminals,” was the stark message given by Tanner Johnson, principal analyst of OMDIA, during his session at Black Hat Europe 2021.
    Read More
  • Nov 10, 2021 | AIThority

    Apiiro Unveils Open Source Software Toolkit to Combat Dependency Confusion Attacks [Black Hat Europe 2021]

    Apiiro, the leader in Application Risk Management, announced the release of the Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. The Dependency Combobulator allows organizations to safeguard against this newly uncovered type of risk, which has been on the rise this year as a key vector in supply chain attacks targeting dependencies within software packages. This new solution is a critical element in Apiiro’s multidimensional approach to securing the Software Development Lifecycle to prevent both direct and supply chain attacks.
    Read More
  • Nov 10, 2021 | ZDNet

    Businesses don't know how to manage VPN security properly - and cyber criminals are taking advantage [Black Hat Europe 2021]

    Cyber attacks targeting vulnerabilities in virtual private networks (VPN) are on the rise, and many organisations are struggling to protect their networks.
    Read More
  • Nov 10, 2021 | Dark Reading

    Researcher Details Vulnerabilities Found in AWS API Gateway [Black Hat Europe 2021]

    All it took was a space between characters and a few random letters, and Web researcher Daniel Thatcher was able to modify the HTTP header sent to Amazon API Gateway.
    Read More
  • Nov 10, 2021 | ZDNet

    Cybersecurity: This prolific hacker-for-hire operation has targeted thousands of victims around the world [Black Hat Europe 2021]

    A hacker-for-hire operation offered by cyber mercenaries has targeted thousands of individuals and organisations around the world, in a prolific campaign of financially driven attacks that have been ongoing since 2015.
    Read More
  • Nov 10, 2021 | InfoSecurity US

    #BHEU: Zero Trust Protects Against Ransomware, Claims Engineer [Black Hat Europe 2021]

    “A zero trust architecture can protect against ransomware” was the resounding claim made by Ben Jenkins, senior solutions engineer at ThreatLocker, during a session at Black Hat Europe 2021.
    Read More
  • Nov 10, 2021 | Dark Reading

    Dark Reading Video News Desk Comes to Black Hat Europe [Black Hat Europe 2021]

    The Dark Reading News Desk has, in past years, come to you live from Black Hat with live video interviews featuring top security researchers who discuss the details of their presentations at the show. But as the world has changed, so too has our News Desk.
    Read More
  • Nov 10, 2021 | InfoSecurity US

    #BHEU: How to Create a Safe and Democratic Digital Infrastructure [Black Hat Europe 2021]

    Liberal nations must act now to ensure the digital ecosystem operates in a way that is conducive to democratic values. This was the message of Marrietje Schaake, international policy director at Stanford University’s Cyber Policy Center, speaking during the opening keynote session on day three of Black Hat Europe 2021.
    Read More
  • Nov 10, 2021 | The Daily Swig

    Black Hat Europe: Laws and regulations need to change to secure world’s digital infrastructure [Black Hat Europe 2021]

    Tighter restrictions against digital weapons and a reframing of the economics of cybersecurity are needed to stop the erosion of democratic institutions and values, delegates at Black Hat Europe heard today (November 10). Marietje Schaake, international policy director at Stanford University’s Cyber Policy Center, warned that the way the digital infrastructure currently operates is eroding democratic principles in ways that and leave us vulnerable to cyber-attacks.
    Read More
  • Nov 10, 2021 | Forbes

    Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors [Black Hat Europe 2021]

    A stakeout in digital investigations looks very different to the traditional images of sleuths camped out in blacked-out vans. Just ask Netherlands-based cybersecurity researcher Feike Hacquebord, who’d spent some months behind his computer screen tracking the activities of a hacker-for-hire crew called RocketHack when, in October 2020, he had a slice of luck. Data collected by his employer, Trend Micro, pointed to a web page used by RocketHack to monitor its victims. Requiring no password to enter, it effectively gave him a shop floor view of a bustling hacker-for-hire operation.
    Read More
  • Nov 10, 2021 | Dark Reading

    Securing the Public: Who Should Take Charge? [Black Hat Europe 2021]

    When governments rely on private organizations to build and protect their digital infrastructure, who is charged with protecting the public? How can troves of information stay secure at a time when the attack surface is rapidly expanding?
    Read More
  • Nov 10, 2021 | Dark Reading

    Hacker-for-Hire Group Spied on More Than 3,500 Targets in 18 Months [Black Hat Europe 2021]

    A Russian-speaking hacker-for-hire group has been quietly spying on thousands of individuals and organizations worldwide and selling highly private information about them to various customers, motivated by financial gain and by politically driven agendas.
    Read More
  • Nov 3, 2021 | Security Intelligence

    An Attack Against Time [Black Hat Europe 2021]

    When Liza Minnelli sang that famous tune, “Money makes the world go around,” she should have added one more word: time. Time makes the world go around. It’s that one agreed-upon part of life that the world shares. From laptops to phones to wall clocks to just about every other technology, time is everywhere, controlling our important life responsibilities. In cybersecurity, time is also critical. Event log files rely on time. Forensic investigations rely on time. Networks rely on time. In fact, Network Time Protocol (NTP) is one of the oldest internet protocols still in use.
    Read More
  • Nov 1, 2021 | Dark Reading

    Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks [Black Hat Europe 2021]

    A researcher has created a method for testing and identifying how HTTP/HTTPS headers can be abused to sneak malicious code into back-end servers.
    Read More
  • Oct 29, 2021 | Dark Reading

    APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm [Black Hat Europe 2021]

    Virtual private networks (VPNs), which have become essential for many organizations that provide remote employees with access to private networks since the pandemic's onset, are a popular target for cyberattacks. Incident response teams say these attacks on VPNs aren't new, but attackers are finding new and sophisticated ways to compromise enterprise VPNs.
    Read More
  • Oct 27, 2021 | Dark Reading

    Read Between the Lines: Finding Flaws in EPUB Reading Systems [Black Hat Europe 2021]

    How secure is your e-reader? A team of security researchers curious to explore e-book security analyzed free EPUB reading applications and physical e-readers and found that many apps don't comply with security recommendations, and some popular applications are vulnerable to exploitation.
    Read More
  • Oct 25, 2021 | Dark Reading

    Who's In Your Wallet? Exploring Mobile Wallet Security [Black Hat Europe 2021]

    The rise of mobile wallet apps like Apple Pay, Google Pay, and Samsung Pay has made it easier for smartphone owners to pay for goods and services without touching a payment terminal. But as researchers found, some inconsistencies could make it easier for cybercriminals to commit fraud on stolen devices.
    Read More
  • Oct 25, 2021 | Dark Reading

    Who's In Your Wallet? Exploring Mobile Wallet Security [Black Hat Europe 2021]

    The rise of mobile wallet apps like Apple Pay, Google Pay, and Samsung Pay has made it easier for smartphone owners to pay for goods and services without touching a payment terminal. But as researchers found, some inconsistencies could make it easier for cybercriminals to commit fraud on stolen devices.
    Read More
  • Oct 16, 2021 | Dark Reading

    10 Hot Red Team Tools Set to Hit Black Hat Europe [Black Hat Europe 2021]

    The latest round of Black Hat Arsenal, next month at Black Hat Europe, is set to put the spotlight on a range of new and evolving tools tailor-made for penetration testers, red teamers, and other offensive security professionals. Some tools are brand new, while others are evolving and unveiling new features at the show. Either way, Arsenal will offer up plenty of tools for discovering misconfigurations, building out exploits, delivering payloads, tracking penetration testing campaigns, and more.
    Read More
  • Oct 11, 2021 | Dark Reading

    Applying Behavioral Psychology to Strengthen Your Incident Response Team [Black Hat Europe 2021]

    Cybersecurity incident response teams (CSIRTs) rely on technical and social skills. But focusing mostly on technical knowledge can come at the expense of communication and teamwork, according to a new study.
    Read More
  • Oct 1, 2021 | Tom's Guide

    Your Apple Pay payments can be stolen over the air — here's what to do [Black Hat Europe 2021]

    Apple Pay payments can be stolen from your iPhone over the air, and the problem still exists because neither Apple nor Visa wants to be the one to fix it, UK-based researchers say.
    Read More
  • Aug 27, 2021 | Dark Reading

    Microsoft Azure Cloud Vulnerability Exposed Thousands of Databases [Black Hat USA 2021]

    Microsoft's Azure cloud platform exposed the database keys of 3,300 customers, including Fortune 500 enterprises, that had used a data-science feature available on the platform since 2019, cloud security firm Wiz said this week.
    Read More
  • Aug 23, 2021 | SearchSecurity

    CISA: ProxyShell flaws being actively exploited, patch now [Black Hat USA 2021]

    Nearly three weeks after the vulnerability set gained greater prominence at the Black Hat 2021 conference, the ProxyShell flaws are now being actively exploited by threat actors, according to an urgent CISA advisory published Saturday.
    Read More
  • Aug 23, 2021 | TechRadar

    Nasty new malware targets Microsoft Exchange servers [Black Hat USA 2021]

    A new ransomware operator known as LockFile encrypts Windows domains after breaking into vulnerable Microsoft Exchange servers using the recently disclosed ProxyShell exploit.
    Read More
  • Aug 22, 2021 | PCMag

    LockFile Ransomware Targets Microsoft Exchange Servers [Black Hat USA 2021]

    Security researchers have discovered a new ransomware family called LockFile that appears to have been used to attack Microsoft Exchange servers in the US and Asia since at least July 20.
    Read More
  • Aug 10, 2021 | SiliconANGLE

    Scaring up enterprise cybersecurity innovation at a pandemic-constrained Black Hat [Black Hat USA 2021]

    The cybersecurity conference Black Hat roared back to Las Vegas last week in spite of a renewed mask mandate and a virtual event alternative. My mission: Uncover what’s next in the world of enterprise cybersecurity.
    Read More
  • Aug 10, 2021 | Security Boulevard

    Black Hat 2021: What we don’t know may be the greatest cybersecurity threat [Black Hat USA 2021]

    I always come away from the Black Hat USA cybersecurity conference having learned something new, feeling inspired, and imbued with just the right amount of angsty determination to do my part to help improve what is, in my opinion, one of the most pressing collective problems of our time.
    Read More
  • Aug 10, 2021 | Fast Company Online

    More SolarWinds-style attacks are coming. Here's how to stop them [Black Hat USA 2021]

    Supply-chain hacks are an information-security problem we probably had coming. In retrospect, these hacks—which target the mechanisms companies employ to manage and update their software and systems—seem as inevitable as a virus evolving to infect more people.
    Read More
  • Aug 9, 2021 | The Daily Swig

    The Ripple Effect: How increasing the number of women in the infosec can result in a happier workplace [Black Hat USA 2021]

    The issue of diversity in the information security industry was a hot topic at Black Hat USA last week, as more companies look to create a more inclusive workplace.
    Read More
  • Aug 9, 2021 | The Daily Swig

    Top Hacks from Black Hat and DEF CON 2021 [Black Hat USA 2021]

    Security researchers made up for the lack of audience interaction by showing that – like the athletes competing at this month’s Olympics and Paralympics – they could go faster, higher, and stronger together. Still catching up on the proceedings? Look no further:
    Read More
  • Aug 9, 2021 | Dark Reading

    Security of Open Source Components Requires More Collaborative Efforts [Black Hat USA 2021]

    When security researchers and the open source community disclosed the Heartbleed vulnerability in OpenSSL in April 2014, the project — which underpins much of the secure communications for the Web — only had two full-time developers. The lack of resources for such a critical open source project highlights the issues open source projects and components continue to have: a lack of funding, slow patching, and — increasingly — a great deal of interest from attackers.
    Read More
  • Aug 9, 2021 | CRN Online

    The 20 Hottest Cybersecurity Products At Black Hat 2021 [Black Hat USA 2021]

    Vendors are taking advantage of Black Hat 2021’s bright spotlight to launch new cybersecurity products, features, platforms and tools that will set the stage for the months and years to come. For the hundreds of exhibitors found at Black Hat, the Business Hall provides a chance to promote new products and highlight strategic shifts to an in-person audience of approximately 5,000.
    Read More
  • Aug 9, 2021 | Data Center Knowledge

    Black Hat Conference Yields New Cybersecurity Products [Black Hat USA 2021]

    Black Hat USA, one of the premier cybersecurity conferences held yearly, is prime time for vendors to announce new cybersecurity products, and this year was no exception.
    Read More
  • Aug 9, 2021 | The Register

    Black Hat security conference returns to Las Vegas – complete with hacks to quiet the hotel guest from hell [Black Hat USA 2021]

    After a year off due to a certain virus, the Black Hat and DEF CON security conferences returned to Las Vegas last week, just in time for the US government's attempts to foster more collaboration across the infosec industry.
    Read More
  • Aug 9, 2021 | TechRadar

    Microsoft Exchange servers are once again under attack [Black Hat USA 2021]

    Threat actors have once again started scanning for the now-patched vulnerabilities in Microsoft Exchange, cybersecurity experts shared at the recent Black Hat 2021 conference.
    Read More
  • Aug 9, 2021 | CSO Online

    Apple plan to scan users’ iCloud photos raises new fears of government-mandated data access [Black Hat USA 2021]

    A firestorm emerged on Friday and raged during the weekend over Apple's new "Expanded Protections for Children," a series of measures across Apple's platforms aimed at cracking down on child sexual abuse material (CSAM). The new protections address three areas, including communications tools for parents and updates to Siri and search to help children and parents deal with unsafe situations.
    Read More
  • Aug 8, 2021 | SiliconANGLE

    At Black Hat, mobile and open-source software emerge as key cybersecurity dangers [Black Hat USA 2021]

    Mobile platforms and open-source software emerged as key cybersecurity issues at the annual Black Hat USA cybersecurity conference this week, judging from presentations by a mix of onsite attendees and virtual streaming of briefings from security researchers around the globe.
    Read More
  • Aug 7, 2021 | Dark Reading

    FragAttacks Foil 2 Decades of Wireless Security [Black Hat USA 2021]

    The evolution of wireless security could at best be described as trial and error. The initial standard that debuted in the late 1990s — Wired Equivalent Privacy (WEP) — had significant security problems, and the first two version of Wireless Protected Access, WPA and WPA2, both have been found to be vulnerable to a variety of other security issues.
    Read More
  • Aug 7, 2021 | CBS News

    White House officials share cybercrime strategy at conference [Black Hat USA 2021]

    Department of Homeland Security Secretary Alejandro Mayorkas and CISA director Jen Easterly laid out the federal government's plan to tackle the recent uptick in ransomware attacks earlier this week. The two were keynote speakers at the annual Black Hat USA cybersecurity conference in Las Vegas. CBS News technology reporter Dan Patterson joined CBSN to discuss.
    Read More
  • Aug 7, 2021 | InfoSecurity US

    #BHUSA: CISA Director Advocates for New Partnership to Improve Cybersecurity [Black Hat USA 2021]

    Jen Easterly has only been on the job as the director of the United States’ Cybersecurity and Infrastructure Agency (CISA) for a few weeks, but she's looking to make a quick impact. In a keynote at the Black Hat US 2021 hybrid event on August 5, Easterly outlined the goals of CISA and announced a series of new initiatives designed to help enable closer coordination and partnership between the US government and the private sector. The big news was the announcement of the Joint Cyber Defense Collaborative (JCDC) with an initial group of partners that includes CrowdStrike, Palo Alto Networks, FireEye, Microsoft, Google, Amazon Web Services, AT&T, Verizon, and Lumen.
    Read More
  • Aug 7, 2021 | InfoSecurity US

    #BHUSA: DHS Chief: ‘We are Competing for the Future of Cyberspace’ [Black Hat USA 2021]

    Alejandro Mayorkas, Secretary of the U.S. Department of Homeland Security (DHS), sees the future of cyberspace as being a contest of ideals, between openness and authoritarianism. Mayorkas delivered his remarks in a keynote at the Black Hat US 2021 hybrid event on August 5. He noted that in recent years the cybersecurity landscape has shifted, with news headlines about data breaches; ransomware attacks disrupting hospitals, schools, food suppliers and pipelines; as well as interference in elections. The events of the last few years, according to Mayorkas, have served to reinforce the importance of cybersecurity, how it is governed and why there is a need for a free and secure cyberspace.
    Read More
  • Aug 7, 2021 | WIRED

    AI Wrote Better Phishing Emails Than Humans in a Recent Test [Black Hat USA 2021]

    NATURAL LANGUAGE PROCESSING continues to find its way into unexpected corners. This time, it's phishing emails. In a small study, researchers found that they could use the deep learning language model GPT-3, along with other AI-as-a-service platforms, to significantly lower the barrier to entry for crafting spearphishing campaigns at a massive scale.
    Read More
  • Aug 7, 2021 | WIRED

    Security News This Week: Microsoft Edge’s ‘Super Duper Secure Mode’ Does What It Says [Black Hat USA 2021]

    THIS WEEK, APPLE made an announcement as surprising as it was controversial. The company will begin scanning both iCloud and user devices for child sex abuse materials. It's using clever cryptography to do so, and it won't actually be able to view the images on a user's iPhone, iPad, or Mac unless it detects multiple instances of CSAM. But some cryptographers sounded the alarm over how the technology could be used in the future, especially by authoritarian governments.
    Read More
  • Aug 7, 2021 | Security Boulevard

    Security News in Review: Zero Trust, The Government, and You [Black Hat USA 2021]

    This week in security has seen some new moves from the federal government on zero trust, tighter collaboration with the private tech sector, and more than a few new attacks from groups operating in China and Iran. With that said, here’s the security news in review.
    Read More
  • Aug 7, 2021 | Bleeping Computer

    Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now [Black Hat USA 2021]

    Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. Before we get to the active scanning of these vulnerabilities, it is important to understand how they have been disclosed.
    Read More
  • Aug 6, 2021 | MSN Online

    CISA to partner with Amazon, Google, Microsoft, Verizon, AT&T and more for cyberdefense initiative [Black Hat USA 2021]

    CISA director Jen Easterly announced a new cyberdefense collaborative that will see government bodies partner with Google, Microsoft, Verizon and more on protective cybersecurity measures.
    Read More
  • Aug 6, 2021 | CNN Online

    Jen Easterly at Black Hat: Top cyber official calls for more 'ambitious' defenses while encouraging people to join CISA [Black Hat USA 2021]

    In her first major speech since taking office, Cybersecurity and Infrastructure Security Agency Director Jen Easterly sought to elevate the young agency, pushing for more cybersecurity talent across the US and announcing a new initiative collaborating with the private sector on ransomware and other issues.
    Read More
  • Aug 6, 2021 | TechSpot

    The U.S. wants Amazon, Google, Microsoft, and others to join them in the fight against cybercrime [Black Hat USA 2021]

    The US government wants Big Tech to support its efforts to improve the security of the country's critical infrastructure against cyber threats. According to a report from the Wall Street Journal, the initiative is led by the Department of Homeland Security and is meant to bring the government and the private sector together in defending the country against cyberattacks.
    Read More
  • Aug 6, 2021 | The Daily Swig

    Black Hat USA: HTTP/2 flaws expose organizations to fresh wave of request smuggling attacks [Black Hat USA 2021]

    HTTP/2 specification pitfalls and implementation errors have resulted in some of the world’s biggest tech companies exposing themselves to high-impact web attacks, new research shows.
    Read More
  • Aug 6, 2021 | Dark Reading

    CISA Launches JCDC, the Joint Cyber Defense Collaborative [Black Hat USA 2021]

    Jen Easterly, the newly appointed director of the Cybersecurity and Infrastructure Security Agency (CISA), officially invited the security industry to team up with the federal government to proactively address and defend against the growing wave of cyberattacks on US organizations and government agencies that have intensified over the past year.
    Read More
  • Aug 6, 2021 | The Daily Swig

    Bow to the USBsamurai: Malicious USB cable leaves air-gapped networks open to attack [Black Hat USA 2021]

    Penetration testers tasked with auditing industrial environments for susceptibility to USB implants have been offered a new utility for their hacking toolbox.
    Read More
  • Aug 6, 2021 | Medium

    I Watched a Training Video for Iranian Hackers [Black Hat USA 2021]

    Security researchers generally don’t discuss the little mistakes hackers make, and they never show hacking group training videos. But that’s exactly what happened at this year’s Black Hat, where a pair of researchers examined the eccentricities of an Iranian hacking group.
    Read More
  • Aug 6, 2021 | PCMag.com

    The Scariest Things We Saw at Black Hat 2021 [Black Hat USA 2021]

    Every year, the Black Hat security conference gathers the best and most frightening security research in one (sometimes digital) place. Here's what impressed and worried us in 2021.
    Read More
  • Aug 6, 2021 | The Daily Swig

    Black Hat USA: Downgrade attack against Let’s Encrypt lowers the bar for printing fraudulent SSL certificates [Black Hat USA 2021]

    Security shortcomings in the mechanism used by Let’s Encrypt to validate web domain ownership create a loophole that allow cybercriminals to get digital certificates for domains more easily.
    Read More
  • Aug 6, 2021 | IT Pro

    DNS loophole could allow hackers to carry out “nation-state level spying” [Black Hat USA 2021]

    Security researchers have discovered a flaw within major DNS-as-a-Service (DNSaaS) providers that could allow hackers to access confidential data within corporate networks.
    Read More
  • Aug 6, 2021 | SC Media Online

    DHS secretary asks for more participation and cooperation with cybersecurity pros [Black Hat USA 2021]

    Secretary of Homeland Security Alejandro Mayorkas closed Black Hat Thursday evening with a keynote address asking cybersecurity professionals to consider working for the Department of Homeland Security and, if that is not for them, help in other ways, including helping foster a diverse next generation of cyber talent.
    Read More
  • Aug 6, 2021 | CRN Online

    Black Hat Is Back: Scenes From The Show [Black Hat USA 2021]

    Black Hat 2021 was one of the first large-scale technology conferences to take place in person since the arrival of COVID-19 last spring, with 5,000 cybersecurity enthusiasts convening in Las Vegas’ Mandalay Bay Convention Center to hear about ransomware, supply chain and critical infrastructure attacks from leaders including Homeland Security (DHS) Secretary Alejandro Mayorkas and CISA Director Jen Easterly.
    Read More
  • Aug 6, 2021 | The Register

    All your DNS were belong to us: AWS and Google Cloud shut down spying vulnerability [Black Hat USA 2021]

    Until February this year, Amazon Route53's DNS service offered largely unappreciated network eavesdropping capabilities. And this undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider.
    Read More
  • Aug 6, 2021 | Channel Partners Online

    Hybrid Black Hat Conference Features ‘Intimate’ Setting, Meaningful Conversations [Black Hat USA 2021]

    The ongoing COVID-19 pandemic didn’t stop this year’s Black Hat conference from going live again in Las Vegas. This time, the Black Hat conference was a virtual event, with most participants opting for virtual, while around 5,000 chose to attend in person. In addition, the business hall was noticeably smaller, lacking the presence of cybersecurity giants such as Mircrosoft, IBM, FireEye, Palo Alto Networks and more. That gave the startups and smaller providers a chance to stand out during this Black Hat conference.
    Read More
  • Aug 6, 2021 | CGTN America Online

    Cybersecurity conference goes ahead in Las Vegas [Black Hat USA 2021]

    Despite the coronavirus pandemic, one of the world’s largest cyber security conferences – Black Hat is taking place in Las Vegas. This year it’s part in-person and part virtual.
    Read More
  • Aug 6, 2021 | CNN Online

    Top cyber official calls for more 'ambitious' defenses while encouraging people to join CISA [Black Hat USA 2021]

    In her first major speech since taking office, Cybersecurity and Infrastructure Security Agency Director Jen Easterly sought to elevate the young agency, pushing for more cybersecurity talent across the US and announcing a new initiative collaborating with the private sector on ransomware and other issues.
    Read More
  • Aug 6, 2021 | The Washington Post

    The Cybersecurity 202: CISA’s new director brought a unique style to Black Hat [Black Hat USA 2021]

    The government’s new cybersecurity quarterback made a strong appeal at the Black Hat conference for industry cyber pros to partner with government to counter hacking threats. The entreaty from Cybersecurity and Infrastructure Security Agency Director Jen Easterly comes amid an unprecedented wave of cyberattacks against critical industry sectors that are threatening to disrupt the flow of electricity, water and gas and dramatically affect national and economic security.
    Read More
  • Aug 5, 2021 | ThreatPost

    Black Hat: Charming Kitten Leaves More Paw Prints [Black Hat USA 2021]

    The suspected Iranian threat group that IBM Security X-Force calls ITG18 and which overlaps with the group known as Charming Kitten keeps leaving a trail of paw prints.
    Read More
  • Aug 5, 2021 | MSN Online

    Hillicon Valley: Senators highlight security threats from China during rare public hearing | Facebook suspends accounts of NYU researchers who've criticized platform [Black Hat USA 2021]

    The leaders of the Senate Intelligence Committee and other officials warned Wednesday of increasing threats from China on a number of fronts, including the stealing of intellectual property, malign influence and cyberattacks.
    Read More
  • Aug 5, 2021 | Channel Partners Online

    Shutterstock START SLIDESHOW Black Hat USA: Worst Supply Chain Attacks Are Yet to Come [Black Hat USA 2021]

    It’s early days in terms of supply chain cyberattacks, according to the opening keynote speaker at Black Hat USA 2021. Furthermore, the size and scope of what’s to come will make what’s happened so far look like “peanuts.”
    Read More
  • Aug 5, 2021 | Dark Reading

    Why Supply Chain Attacks Are Destined to Escalate [Black Hat USA 2021]

    The epic software supply chain attacks over the past year, including the high-profile breaches of SolarWinds, Microsoft Exchange Server, Kaseya, and Codecov, were only the beginning.
    Read More
  • Aug 5, 2021 | ZDNet

    There's been a rise in stalkerware. And the tech abuse problem goes beyond smartphones [Black Hat USA 2021]

    We need to be wary of mobile devices and IoT products, now widely abused to facilitate partner coercion, researchers have warned.
    Read More
  • Aug 5, 2021 | TechRadar

    Google, Amazon forced to patch DNS platforms after serious bug discovered [Black Hat USA 2021]

    Cybersecurity researchers have disclosed a security issue that affected hosted DNS service providers and can be exploited to monitor incoming traffic and map the victim’s internal networks.
    Read More
  • Aug 5, 2021 | PCMag.com

    Pew! Pew! Researcher Uses Laser to Steal Data From a Tiny Chip [Black Hat USA 2021]

    The Black Hat conference is often about spectacle, and few things are more attention-grabbing than lasers. In his virtual presentation, Ledger's Hardware Security Expert Olivier Heriveaux used precisely timed laser blasts to trick a chip into giving up its secrets.
    Read More
  • Aug 5, 2021 | PCMag.com

    I Watched a Training Video for Iranian Hackers [Black Hat USA 2021]

    Security researchers generally don't discuss the little mistakes hackers make, and they never show hacking group training videos. But that's exactly what happened at this year's Black Hat, where a pair of researchers examined the eccentricities of an Iranian hacking group.
    Read More
  • Aug 5, 2021 | CNBC Online

    Amazon, Google and other tech companies join government effort to fight ransomware [Black Hat USA 2021]

    Amazon, Google and Microsoft are among several tech companies that have agreed to join a government effort to fight ransomware as cyber attacks have become regular threats to U.S. organizations.
    Read More
  • Aug 5, 2021 | PCMag.com

    Beware Your Browser Messing With Your Files [Black Hat USA 2021]

    Using just a browser and some clever tricks, a researcher presenting at the Black Hat security conference demonstrated how to weaponize a tool intended to make websites more like apps.
    Read More
  • Aug 5, 2021 | Dark Reading

    Researchers Find Significant Vulnerabilities in macOS Privacy Protections [Black Hat USA 2021]

    Applications that are allowed to run on Apple's operating system, macOS, can exceed the permissions granted to them by the user and the operation system, allowing a variety of privacy attacks, such as grabbing address book information, taking screenshots, and gaining access to system files, two researchers stated at a Black Hat USA briefing on Aug. 4.
    Read More
  • Aug 5, 2021 | Dark Reading

    Organizations Still Struggle to Hire & Retain Infosec Employees: Report [Black Hat USA 2021]

    Is the cybersecurity skills shortage overstated? No, according to a recent survey of Information Systems Security Association (ISSA) members. The majority of respondents report the skills shortage is a significant problem that is hurting organizations.
    Read More
  • Aug 5, 2021 | PCMag.com

    Strong Encryption Is 'Absolutely Fundamental,' US Cybersecurity Chief Says [Black Hat USA 2021]

    Encryption technology sometimes seems at odds with the goals of government and law enforcement, but Jen Easterly, the recently confirmed director of the Cybersecurity and Infrastructure Security Agency (CISA), gave it her stamp of approval during today's Black Hat security conference.
    Read More
  • Aug 5, 2021 | WIRED

    Messaging Apps Have an Eavesdropping Problem [Black Hat USA 2021]


    Read More
  • Aug 5, 2021 | ZDNet

    Black Hat: How cybersecurity incidents can become legal minefields [Black Hat USA 2021]

    When a company becomes the victim of a cyberattack, executives are faced with a tsunami of challenges: containing a breach, remediation, informing customers and stakeholders, identifying those responsible, and conducting a forensic analysis of the incident -- to name but a few.
    Read More
  • Aug 5, 2021 | Bleeping Computer

    New DNS vulnerability allows 'nation-state level spying' on companies [Black Hat USA 2021]

    Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.
    Read More
  • Aug 5, 2021 | VentureBeat

    4 things I learned at Black Hat 2021 [Black Hat USA 2021]

    The Black Hat 2021 cybersecurity conference took place in Las Vegas this week, and it’s been a whirlwind few days. The awkwardness of returning to face-to-face events and the sensory overload of walking through the Mandalay Bay casino gave way to some fantastic content from the sessions and engaging discussions on the show floor. It was great to get back together with the security community and really reconnect after a truly extraordinary year in security — and in society. As I head home, a few themes that seemed to underpin so much of the show are now coalescing in my mind.
    Read More
  • Aug 5, 2021 | The Hill Online

    Federal cyber agency kicks off collaborative to defend the U.S. against cyberattacks [Black Hat USA 2021]

    The Cybersecurity and Infrastructure Security Agency (CISA) on Thursday kicked off a new effort to help defend the U.S. against cyberattacks, which have multiplied in recent months.
    Read More
  • Aug 5, 2021 | ThreatPost

    Black Hat: New CISA Head Woos Crowd With Public-Private Task Force [Black Hat USA 2021]

    Just weeks after the U.S. Senate confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency (CISA), the new director spoke at Black Hat USA 2021 on Thursday, albeit virtually, announcing a major public-private partnership to fight cybercrime.
    Read More
  • Aug 4, 2021 | The Wall Street Journal Online

    Some Cyber Experts Want to Investigate Hacks Like Plane Crashes [Black Hat USA 2021]

    President Biden in May ordered the Department of Homeland Security to create a public-private board to investigate major hacks but offered few details on how the initiative would work. Some security wonks say the administration should look to transportation disasters for clues.
    Read More
  • Aug 4, 2021 | CRN Online

    The 20 Hottest Cybersecurity Products At Black Hat 2021 [Black Hat USA 2021]

    Vendors are taking advantage of Black Hat 2021’s bright spotlight to launch new cybersecurity products, features, platforms and tools that will set the stage for the months and years to come. For the hundreds of exhibitors found at Black Hat, the Business Hall provides a chance to promote new products and highlight strategic shifts to an in-person audience of approximately 5,000.
    Read More
  • Aug 4, 2021 | Medium

    What to Expect at Black Hat 2021 [Black Hat USA 2021]

    The COVID-19 outbreak forced many large conferences to either move online or cancel altogether. In 2020, the Black Hat hacker convention chose to go online-only for the first time in its decades-long history. This year, Black Hat is back in its natural habitat (the Mandalay Bay Convention Center in Las Vegas), but some of us will still be attending from home.
    Read More
  • Aug 4, 2021 | WIRED

    Watch a Hacker Hijack a Capsule Hotel's Lights, Fans, and Beds [Black Hat USA 2021]

    When staying in a “capsule hotel,” the Japanese style of budget accommodation that packs guests into tiny, adjoining rooms not much bigger than their bodies, be considerate of your neighbors. Especially if the capsule hotel you're staying in offers digital automation features—and a hacker is staying in the next room over.
    Read More
  • Aug 4, 2021 | CRN Online

    Kaseya Ransomware Attack: 10 Things MSPs Must Do To Protect Themselves [Black Hat USA 2021]

    The REvil gang pulled off one of the biggest ransomware heists in years, exploiting a vulnerability in Kaseya’s on-premise VSA remote monitoring and management (RMM) tool to compromise nearly 60 MSPs and encrypt the data and demand ransom payments from up to 1,500 of their end user customers.
    Read More
  • Aug 4, 2021 | ThreatPost

    Black Hat: Let’s All Help Cyber-Immunize Each Other [Black Hat USA 2021]

    The in-person Black Hat USA 2021 cybersecurity conference is back, after a pandemic-forced, year-long hiatus, with attendance notably down but spirts up among attendees eager to get back to networking, learning and returning to some normalcy.
    Read More
  • Aug 4, 2021 | PCMag.com

    You Are Not Alone: Hacking a Capsule Hotel [Black Hat USA 2021]

    Capsule hotels aren’t common in the US, but those who’ve traveled in Asia, especially Japan, may have encountered them. Instead of a room, you get a tiny capsule, barely bigger than the one-person bed. On checking in to such a hotel, Kya Supa, security consultant for LEXFO did what any security researcher would do—he hacked the system.
    Read More
  • Aug 4, 2021 | The Hacker News

    Several Malware Families Targeting IIS Web Servers With Malicious Modules [Black Hat USA 2021]

    A systematic analysis of attacks against Microsoft's Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years.
    Read More
  • Aug 4, 2021 | PCMag.com

    What App Stores Get Right (and Very Wrong) About Security [Black Hat USA 2021]

    The Black Hat security conference's keynote was a sobering evaluation of how supply chain attacks have changed the entire economics of hacking, and served as a pointed call for mobile app stores to provide greater transparency to third-party security companies.
    Read More
  • Aug 4, 2021 | The Daily Swig

    Black Hat 2021: WARCannon simplifies web-wide vulnerability research [Black Hat USA 2021]

    An open source tool that makes grepping the internet for web vulnerabilities simpler, faster, and cheaper was unveiled at Black Hat USA today.
    Read More
  • Aug 4, 2021 | The Daily Swig

    Black Hat 2021: Zero-days, ransoms, supply chains, oh my! [Black Hat USA 2021]

    Software supply chain attacks are growing at an alarming pace, in a stark development that upends the delicate balance cybersecurity relies on, infosec luminary Matt Tait told delegates at the Black Hat USA conference today (August 4).
    Read More
  • Aug 4, 2021 | PCMag.com

    Excel 4 Is Alive and Well, and Ready to Attack [Black Hat USA 2021]

    You've got to be a real cybergeezer to remember using Excel 4, given that it was replaced by Excel 5 in 1993. After almost 30 years, surely everyone is running a more up-to-date version of Microsoft's popular spreadsheet software. So why do we care about Excel 4? It turns out that Excel 4's macro system is alive, armed, and dangerous.
    Read More
  • Aug 4, 2021 | SearchSecurity

    Researchers crack new Let's Encrypt validation feature [Black Hat USA 2021]


    Read More
  • Aug 4, 2021 | SearchSecurity

    https://searchsecurity.techtarget.com/news/252504895/Matt-Tait-warns-of-stolen-zero-day-vulnerabilities [Black Hat USA 2021]

    The number of zero days being exploited in the wild is "off the charts," Corellium COO Matt Tait warned during Black Hat 2021.
    Read More
  • Aug 4, 2021 | Dark Reading

    A New Approach to Securing Authentication Systems' Core Secrets [Black Hat USA 2021]

    dvanced persistent threat (APT) groups have long sought credentials to access, move laterally throughout, and persist in target networks. Defenders have attempted to mitigate the risk with multifactor authentication (MFA), which, while effective in most cases, can fall short of protecting the most lucrative data.
    Read More
  • Aug 3, 2021 | TechRadar

    This dangerous security bug affects nearly all hospitals in North America [Black Hat USA 2021]

    Researchers from the IoT security firm Armis have discovered nine critical vulnerabilities in the Nexus Control Panel which is used to power all current models of Translogic's pneumatic tube system (PTS) stations by Swisslog Healthcare.
    Read More
  • Aug 3, 2021 | SC Media Online

    Black Hat: The NOC’s eye view [Black Hat USA 2021]

    Around infosec campfires, spooky tales are told about the horrors of logging on to the public networks at Black Hat and DEF CON, culminating in the legendarily adversarial network of the latter. But Bill Swearingen, strategist with Black Hat network operations center vendor IronNet, says that if his firm does its job well, Black Hat will not be such a scary place to be.
    Read More
  • Aug 2, 2021 | WIRED

    Hospitals Still Use Pneumatic Tubes-and They Can Be Hacked [Black Hat USA 2021]

    IT'S ALL TOO common to find hackable flaws in medical devices, from mammography machines and CT scanners to pacemakers and insulin pumps. But it turns out that the potential exposure extends into the walls: Researchers have found almost a dozen vulnerabilities in a popular brand of pneumatic tube delivery system that many hospitals use to to carry and distribute vital cargo like lab samples and medicine.
    Read More
  • Aug 2, 2021 | TechRadar

    There's yet another new PrintNightmare hack [Black Hat USA 2021]

    The PrintNightmare vulnerability is living up to its name with another cybersecurity researcher exploiting the bug in a privilege escalation attack
    Read More
  • Aug 2, 2021 | TechRepublic

    Black Hat USA 2021 and DEF CON 29: What to expect from the security events [Black Hat USA 2021]

    Following a string of major cyberattacks and proposed initiatives by the U.S. government to better thwart them, cybersecurity has never been so uppermost on the minds of organizations and individuals around the world. That's why this week's Black Hat and DEF CON conferences promise to run hot and heavy with a host of topics in the world of security. But what discussions should we expect at this year's events? Here are some thoughts from a variety of analysts.
    Read More
  • Jul 30, 2021 | Dark Reading

    Inside the Famed Black Hat NOC [Black Hat USA 2021]

    It's been called one of the most "hostile" networks in the world, but the managers of the Black Hat network operations center (NOC) contend that it's merely the most unique. After all, they can't just block all malicious-looking network traffic because they could inadvertently disrupt legitimate Black Hat activities, such as on-stage hacking tool demo or Trainings course exercise.
    Read More
  • Jul 16, 2021 | WIRED

    Hackers Got Past Windows Hello by Tricking a Webcam [Black Hat USA 2021]

    BIOMETRIC AUTHENTICATION IS a key piece of the tech industry's plans to make the world password-less. But a new method for duping Microsoft's Windows Hello facial-recognition system shows that a little hardware fiddling can trick the system into unlocking when it shouldn't.
    Read More
  • Jul 16, 2021 | Dark Reading

    Researchers Create New Approach to Detect Brand Impersonation [Black Hat USA 2021]

    Security researchers have designed a new way to detect brand impersonation using Siamese Neural Networks, which can learn and make predictions based on smaller amounts of data.
    Read More
  • Jul 12, 2021 | WIRED

    Beyond Kaseya: Everyday IT tools can offer ‘God Mode’ for hackers [Black Hat USA 2021]

    ACROSS THE INTERNET, more than a thousand companies spent the past week digging out from a mass ransomware incident. In the wake of the devastating compromise of Kaseya's popular IT management tool, researchers and security professionals are warning that the debacle isn't a one-off event, but part of a troubling trend. Hackers are increasingly scrutinizing the entire class of tools that administrators use to remotely manage IT systems, seeing in them potential skeleton keys that can give them the run of a victim's network.
    Read More
  • Jul 9, 2021 | Dark Reading

    New Framework Aims to Describe & Address Complex Social Engineering Attacks [Black Hat USA 2021]

    Deepfake and related synthetic media technologies have helped attackers develop ever-more-realistic social engineering attacks in recent years, putting pressure on defenders to change the strategies they use to detect and address them.
    Read More
  • Jul 7, 2021 | Dark Reading

    Microsoft Releases Emergency Patch for 'PrintNightmare' Vuln [Black Hat USA 2021]

    Microsoft has rushed out an emergency security update for "PrintNightmare," a critical remote code execution vulnerability present in all versions of its Windows operating system.
    Read More
  • Jul 6, 2021 | Yahoo Finance UK

    Black Hat Announces Matt Tait as One of Its Keynote Speakers for Black Hat USA 2021 Hybrid Event [Black Hat USA 2021]

    Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces Matt Tait, Chief Operating Officer at Corellium, as a Keynote speaker for the Black Hat USA 2021 hybrid event. Tait will present his Keynote talk "Supply Chain Infections and the Future of Contactless Deliveries" taking place in Las Vegas at Mandalay Bay Events Center on Wednesday, Aug. 4 at 9 a.m. PT.
    Read More
  • Jul 6, 2021 | Morningstar

    Black Hat Announces Matt Tait as One of Its Keynote Speakers for Black Hat USA 2021 Hybrid Event [Black Hat USA 2021]

    Black Hat, the producer of the cybersecurity industry’s most established and in-depth security events, announces Matt Tait, Chief Operating Officer at Corellium, as a Keynote speaker for the Black Hat USA 2021 hybrid event. Tait will present his Keynote talk “Supply Chain Infections and the Future of Contactless Deliveries” taking place in Las Vegas at Mandalay Bay Events Center on Wednesday, Aug. 4 at 9 a.m. PT.
    Read More
  • Jul 6, 2021 | Dark Reading

    Researchers Learn From Nation-State Attackers' OpSec Mistakes [Black Hat USA 2021]

    When security intelligence teams talk about human error, the conversation typically focuses on the victim of a cyberattack. What might they learn if they analyzed attackers' mistakes instead?
    Read More
  • Jul 6, 2021 | The Daily Swig

    Black Hat USA 2021: PortSwigger's latest research to be unveiled [Black Hat USA 2021]

    Two years ago, PortSwigger's director of research James Kettle presented "HTTP Desync Attacks" on-stage at BlackHat USA and kicked off a wave of request smuggling, but at that time HTTP/2 escaped serious analysis. At this year's BlackHat USA event, James will be unveiling his latest research, "HTTP/2: The Sequel is Always Worse".
    Read More
  • Jun 30, 2021 | Yahoo! Finance

    Black Hat USA 2021: Full Schedule & Hybrid Event Programming [Black Hat USA 2021]

    Black Hat, the world’s leading producer of information security events, announces its full schedule including in-person and virtual programs for Black Hat USA 2021. Taking place in Las Vegas at the Mandalay Bay Convention Center and virtually, this year’s event will feature over 90 Briefings, four days of virtual Trainings and new virtual programs.
    Read More
  • Jun 30, 2021 | Dark Reading

    Attackers Already Unleashing Malware for Apple macOS M1 Chip [Black Hat USA 2021]

    It was only a matter of time. Apple Macs are growing in popularity in the enterprise - as is the number of malware variants targeting macOS. But the much-anticipated arrival of Apple's new system-on-a-chip, the M1, has spawned a new generation of macOS-specific malware that anti-malware tools, threat hunters, and researchers must quickly learn to spot and, ultimately, thwart.
    Read More
  • Jun 28, 2021 | Dark Reading

    The Danger of Action Bias: Is It Always Better to Act Quickly? [Black Hat USA 2021]

    When a data breach hits, the best response is to act quickly and forcefully … right? Not necessarily, experts say. The impulse for cybersecurity pros to have control over a situation is common — after all, you don't want to be the CISO who didn't act after learning about an attack — but hastily made decisions may do more harm than good or create a problem where one didn't exist.
    Read More
  • Jun 23, 2021 | Dark Reading

    New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies [Black Hat USA 2021]

    Cloud security researchers from Wiz.io were poking around at Amazon Web Services' Route53 Domain Name Service (DNS) earlier this year when they suddenly realized that its self-service domain registration system let them set up a new hosted zone with the same name as the real AWS name server it was using. Within seconds, they watched in shock as their phony name server got flooded with DNS queries from other AWS customers' networks: external and internal IP addresses, computer names for finance, human resources, production servers, and organization names.
    Read More
  • Jun 23, 2021 | The Daily Swig

    Misconfigurations in most Active Directory environments create serious security holes, researchers find [Black Hat USA 2021]

    Common misconfigurations in Active Directory Certificate Services can allow attackers to steal credentials, escalate privileges, and achieve domain persistence, security researchers have found. “In our experience, almost every Active Directory installation we’ve looked at over the last decade has had some kind of misconfiguration issue,” said Lee Christensen and Will Schroeder, Technical Architects at SpecterOps. The researchers have detailed their findings in a comprehensive white paper (PDF) and a blog post, and will present them at this year’s Black Hat USA security conference.
    Read More
  • Jun 17, 2021 | CSO Online

    Report: Active Directory Certificate Services a big security blindspot on enterprise networks [Black Hat USA 2021]

    As the core of Windows enterprise networks, Active Directory, the service that handles user and computer authentication and authorization, has been well studied and probed by security researchers for decades. Its public key infrastructure (PKI) component, however, has not received the same level of scrutiny and, according to a team of researchers, deployments are rife with serious configuration mistakes that can lead to account and domain-level privilege escalation and compromise.
    Read More
  • May 25, 2021 | Security Boulevard

    Your Guide to Hacker Summer Camp 2021 [Black Hat USA 2021]

    This will be my 21st year attending Hacker Summer Camp. Back in 2000, it was just Black Hat USA followed by DEF CON, and only a handful of people knew about it. Now it’s a full nine days of technical conferences starting with Black Hat training sessions on early Saturday, followed by BSidesLV, then the Black Hat briefings themselves, followed by DEF CON ending the following Sunday. And several thousand of my closest friends all in one place. It’s draining to stay for the whole thing; and it’s even draining if you attend just a small part. So pace yourself.
    Read More
  • May 25, 2021 | Yahoo! Finance

    Black Hat Announces Briefings Lineup for Black Hat USA 2021 Hybrid Event [Black Hat USA 2021]

    Black Hat, the world’s leading producer of information security events, will return to Las Vegas with its hybrid event Black Hat USA on July 31 – August 5. The event will take place at the Mandalay Bay Convention Center with both a virtual experience and an in-person event, offering a robust lineup of over 90 Briefings hand selected by the Black Hat Review Board, comprised of some of the industry’s most respected experts.
    Read More
  • May 12, 2021 | Threatpost

    ‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices [Black Hat USA 2021]

    A Belgian security researcher specializing in Wi-Fi bugs has unearthed a clutch of new ones, which he called FragAttacks, that affect the Wi-Fi standard itself. The name is short for “fragmentation and aggregation attacks.” Some bugs date back to 1997, meaning that computers, smartphones or other smart devices as old as 24 years may be vulnerable to attackers in Wi-Fi range. If attackers are near enough, they could intercept the owner’s information, trigger malicious code, and/or take over the device.
    Read More
  • May 11, 2021 | Gizmodo

    This Guy Designed an Android App That Deletes All Your Phone's Data When Police Try to Crack It [Black Hat Asia 2021]

    These days, if you’re arrested and charged with a crime, the first thing cops will probably try to do is look at the contents of your phone. Digital forensics is increasingly a favorite way to secure a conviction, or at least gain a broader understanding of a crime.
    Read More
  • May 11, 2021 | The Register

    Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack [Black Hat Asia 2021]

    Researchers have used the Black Hat Asia conference to demonstrate the awesome power of the Raspberry Pi as a car-p0wning platform.
    Read More
  • May 10, 2021 | TechTalk Thai

    [BHAsia 2021] แอปพลิเคชันมือถือไม่ละเมิดข้อมูลผู้ใช้ ตามคำประกาศจริงหรือไม่ [Black Hat Asia 2021]

    เมื่อเราติดตั้งแอปพลิเคชันมือถือเรามักจะได้รับข้อความที่แสดงเจตนาการขอเข้าใช้งานข้อมูลบางอย่าง เพื่อนำไปใช้ในการให้บริการ เคยสงสัยไหมว่าจริงหรือไม่ที่แอปพลิเคชันเหล่านั้นจะรักษาข้อตกลงว่าจะไม่ละเมิดสิทธิในข้อมูลอันแสนเปราะบางเหล่านั้น ที่งาน Black Hat Asia 2021 มีงานศึกษาหนึ่งที่ได้เข้าไปทดสอบแอปพลิเคชันกว่า 1,400 ตัว
    Read More
  • May 10, 2021 | Cyber Security Asean

    Surveillance Is Affecting the Interests of Potential Security Experts – Black Hat Asia 2021 [Black Hat Asia 2021]

    The demand for cybersecurity experts is thriving, especially in today’s digital landscape where threats actors are utilising more and more advanced threats for their nefarious acts. Such a profession needs a conducive environment, however, allowing them to perform in cyberspace with little to no restrictions from authorities.
    Read More
  • May 7, 2021 | Techzine

    Onderzoekers foppen computer vision met onverwacht naastliggend object [Black Hat Asia 2021]

    Computer vision-algoritmen blijken op een opvallende manier in de war te brengen te zijn. Wanneer er een volledig ongerelateerd object naast het bedoelde object staat, blijken computers niet meer te snappen wat ze zien. Door deze kennis toe te passen, kunnen bijvoorbeeld zelfrijdende auto’s gefopt worden.
    Read More
  • May 7, 2021 | Forbes

    This Android App Promises To Wipe Your Phone If Cops Try To Hack It [Black Hat Asia 2021]

    If the police get hold of a smartphone and they have a warrant to search it, they’ll often turn to a tool from Israeli company Cellebrite that can hack into it and download the data within. But on Friday a security researcher is releasing an app that he says can detect when a Cellebrite is about to raid the device, turn the phone off and wipe it.
    Read More
  • May 7, 2021 | Dark Reading

    How North Korean APT Kimsuky Is Evolving Its Tactics [Black Hat Asia 2021]

    North Korean APT group Kimsuky is adopting new tactics, techniques, and procedures in global attacks, report researchers whose findings indicate the group's operations have sufficient differences to warrant splitting it into two smaller subgroups: CloudDragon and KimDragon.
    Read More
  • May 7, 2021 | Cyber Security Asean

    Black Hat Asia 2021: Are We Leaking Data Without Knowing it? [Black Hat Asia 2021]

    Black Hat Asia 2021 kicked off with an interesting opening keynote presentation by Troy Hunt, a security researcher and founder of “Have I Been Pwned”, a website that helps people check and see if their emails have been compromised.
    Read More
  • May 7, 2021 | The Register

    Researchers say objects can hide from computer vision by seeking out unusual company that trips correlation bias [Black Hat Asia 2021]

    Computer vision systems display “correlation bias” that makes it possible to create adversarial images, that could have real-world consequences such as messing with self-driving cars’ ability to accurately interpret road signs.
    Read More
  • May 7, 2021 | ComputerWeekly

    Ransomware, supply chain attacks show no sign of abating [Black Hat Asia 2021]

    Ransomware and supply chain attacks will continue to rear their ugly head in a world where cyber attacks are increasingly being politicised.
    Read More
  • May 7, 2021 | The Register

    Kids in Hong Kong and other highly surveilled states worry infosec careers are just asking for trouble [Black Hat Asia 2021]

    Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire.
    Read More
  • May 7, 2021 | TechTalk Thai

    [BHAsia 2021] 6 บทเรียนจากข้อมูลที่รั่วกว่า 11,000 ล้านรายการบน Have I Been Pwned [Black Hat Asia 2021]

    ภายในงานสัมมนา Black Hat Asia 2021 ที่กำลังจัดอยู่ในขณะนี้ Troy Hunt ผู้ก่อตั้งเว็บ Have I Been Pwned ได้มาบรรยายในเซสชัน Keynote และแชร์สิ่งที่เขาได้เรียนรู้หลังจากเก็บรวบรวมข้อมูลที่รั่วไหลมากกว่า 11,000 ล้านรายการตลอด 8 ปีที่ผ่านมา ซึ่งสามารถสรุปได้ 6 บทเรียน ดังนี้
    Read More
  • May 6, 2021 | Dark Reading

    New Techniques Emerge for Abusing Windows Services to Gain System Control [Black Hat Asia 2021]

    Several new techniques have become available recently that give attackers a way to abuse legitimate Windows services and relatively easily escalate low-level privileges on a system to gain full control of it.
    Read More
  • May 6, 2021 | The Daily Swig

    Troy Hunt at Black Hat Asia: ‘We’re making it very difficult for people to make good security decisions’ [Black Hat Asia 2021]

    Imagine a parent’s terror when the geolocation of their child’s smart watch suddenly switches from tennis practice to the middle of the ocean.
    Read More
  • May 6, 2021 | Dark Reading

    Troy Hunt: Organizations Make Security Choices Tough for Users [Black Hat Asia 2021]

    Data breach notification website Have I Been Pwned (HIBP) has processed more than 11 billion compromised records from breached websites and publicly accessible databases since it was launched in 2013, offering a window into attacks and security issues that put users' data at risk.
    Read More
  • May 6, 2021 | Dark Reading

    Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security [Black Hat Asia 2021]

    'Enter Sandbox': Automating Linux Seccomp for Better AppSec: Linux seccomp is a powerful way to build secure applications, but it’s a grueling manual process. At Black Hat Asia, security researchers (slash Metallica fans) show how they’ve now automated the process to expand its use. Claudio Canella, phD candidate at Graz University of Technology tells Dark Reading about the session "Enter Sandbox," co-presented by Graz University of Technology postdoctoral researcher Mario Werner and Hemoltz Center for Information Security faculty Michael Schwarz.
    Read More
  • May 4, 2021 | Help Net Security

    Kubestriker: A security auditing tool for Kubernetes clusters [Black Hat Asia 2021]

    Kubestriker is an open-source, platform-agnostic tool for identifying security misconfigurations in Kubernetes clusters.
    Read More
  • May 3, 2021 | CareersInfoSecurity

    Researcher Finds New Vulnerabilities in Cellebrite's Tools [Black Hat Asia 2021]

    The question was posed late last month by Signal, the messaging app that is a recent new target for Cellebrite's data-collecting tools for law enforcement. Signal's founder, Moxie Marlinspike, contended that software vulnerabilities found in Cellebrite's tools could be used to tamper with evidence. As a result, one lawyer has already filed a motion for a new trial. (see: Signal Founder Says Cellebrite's Forensics Tools Flawed).
    Read More
  • May 3, 2021 | Dark Reading

    Researchers Explore Active Directory Attack Vectors [Black Hat Asia 2021]

    Active Directory is a massive and complex attack surface that has long been a prime target for criminals seeking valuable privileges and data. Incident responders find the service is involved in the bulk of attacks they investigate, underscoring major security challenges for defenders.
    Read More
  • Apr 29, 2021 | Dark Reading

    Researchers Connect Complex Specs to Software Vulnerabilities [Black Hat Asia 2021]

    Six common mistakes in implementing network software led to scores of vulnerabilities, highlighting the impact that complex design requirements and ambiguous specifications can have on software security, according to two security researchers who plan to talk about at next week's Black Hat Asia conference.
    Read More
  • Apr 27, 2021 | Dark Reading

    Do Cyberattacks Affect Stock Prices? It Depends on the Breach [Black Hat Asia 2021]

    In the aftermath of a data breach, ransomware attack, or vulnerability disclosure, organizations may think about how the news will cause their stock price to dip. New research indicates that although security incidents do affect stock price, the size of this impact largely depends on the circumstances — and rarely lasts.
    Read More
  • Apr 26, 2021 | Help Net Security

    SniperPhish: An all-in-one open-source phishing toolkit [Black Hat Asia 2021]

    SniperPhish is an all-in-one open-source phishing toolkit that pentesters and other security professionals can use for setting up and executing email and web-based spear phishing campaigns.
    Read More
  • Apr 22, 2021 | Help Net Security

    Cloud Sniper: Manage and automate cloud security operations [Black Hat Asia 2021]

    Cloud Sniper is an open-source platform for managing cloud security operations that aims to make it easy for cloud teams to deal with security incidents.
    Read More
  • Apr 22, 2021 | Dark Reading

    10 Free Security Tools at Black Hat Asia 2021 [Black Hat Asia 2021]

    As in previous years, next month's Black Hat Asia 2021 virtual event will feature a full lineup of free security tools -- some new and some updated versions of existing tools.
    Read More
  • Apr 16, 2021 | VICE

    The World’s Largest Hacking Conferences Are Back IRL This Summer [Black Hat USA 2021]

    For thousands of people in the hacking and cybersecurity world, the back-to-back Def Con and Black Hat conferences in Las Vegas are marked in red on their calendars. With its legendary badges, extravagant parties, and diverse set of activities—talks, movie viewings, and the massive capture the flag event—Def Con is widely considered the hacking conference.
    Read More
  • Apr 16, 2021 | Dark Reading

    Security Gaps in IoT Access Control Threaten Devices and Users [Black Hat Asia 2021]

    A team of Internet of Things security researchers has discovered vulnerabilities in the way IoT device vendors manage access across multiple clouds and users, putting both individuals and vendors at risk.
    Read More
  • Apr 14, 2021 | Yahoo! Entertainment

    A huge new hacking threat was just discovered [Black Hat Asia 2021]

    “You have the watches,” goes a famous quote with different variations throughout history but most recently attributed to a captured Taliban commander, “but we have the time.”
    Read More
  • Apr 13, 2021 | The Hacker News

    New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices [Black Hat Asia 2021]

    Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system.
    Read More
  • Apr 13, 2021 | iTnews

    NAME:WRECK vulnerabilities could impact 100 million servers, IoT devices [Black Hat Asia 2021]

    Security researchers say they have uncovered nine vulnerabilities in four TCP/IP stacks that could be used to target a range of servers, medical and industrial devices.
    Read More
  • Oct 6, 2020 | The Daily Swig

    Touch and go: Contactless payment security controls defeated by security researchers [Black Hat Asia 2020]

    In follow-up research presented at Black Hat Asia last week, Galloway and Yunusov showed how it was possible to bypass multi-factor authentication controls designed to guard against tap-and-go fraud with contactless credit and debit cards.
    Read More
  • Oct 5, 2020 | Dark Reading

    Android Camera Bug Under the Microscope [Black Hat Asia 2020]

    This vulnerability could be exploited even if the phone was locked, its screen was turned off, or if the person was on a call, explained Erez Yalon, director of security research at Checkmarx, where a team of researchers discovered the flaw last summer. Yalon offered a hacker's perspective of discovering and reporting the flaw in a talk at this year's virtual Black Hat Asia.
    Read More
  • Oct 5, 2020 | Kaldata

    The discoverer of Meltdown and Specter for the growing uncertainty of the systems [Black Hat Asia 2020]

    Іn thіѕ wау, tеnѕ оf thоuѕаndѕ оf ѕуѕtеmѕ hаvе bееn іnfесtеd оvеr thе уеаrѕ thrоugh rерutаblе ѕіtеѕ,Місrоѕоft Nеtwоrk Јараn аnd mаnу оthеrѕ. Вut іt'ѕ nоt јuѕt thе Wеb, іt'ѕ соmрutеr ѕуѕtеmѕ tоdау. Тhіѕ wаѕ ѕhаrеd bу а суbеrѕесurіtу ехреrt оf thе lаѕt еdіtіоn оf Вlасk Наt Аѕіа.
    Read More
  • Oct 5, 2020 | Computer Hoy

    4G and 5G networks are vulnerable due to their mix with old technologies [Black Hat Asia 2020]

    During a Black Hat Asia presentation on Friday, Sergey Puzankov, a security expert at Positive Technologies, highlighted the SS7 protocol as one of the problems still plaguing the telecommunications industry. This protocol was developed in 1975 and has not evolved much since then.
    Read More
  • Oct 5, 2020 | Electropages

    Vulnerability to Old Tech – How 5G May Face Problems [Black Hat Asia 2020]

    Black Hat Asia, a tech security conference held in Singapore, included researchers who demonstrated how modern networks such as 5G could be vulnerable to systems that are decades old and yet are still able to connect to such networks.
    Read More
  • Oct 5, 2020 | The Daily Swig

    Sharkcop: Google Chrome extension uses machine learning to detect phishing URLs [Black Hat Asia 2020]

    A Google Chrome browser extension that identifies suspected phishing URLs with a machine learning algorithm was unveiled at Black Hat Asia last week.
    Read More
  • Oct 5, 2020 | The Daily Swig

    Vulmap: Aiding privilege escalation with CVE-mapping vulnerability scanner [Black Hat Asia 2020]

    A hacking tool designed to aid privilege escalation by leveraging known security vulnerabilities was demonstrated at Black Hat Asia last week.
    Read More
  • Oct 3, 2020 | Avalanche Noticias

    Researching vulnerabilities in computer systems is becoming similar to watching wildlife. [Black Hat Asia 2020]

    Computer security researcher Daniel Gruss, an assistant professor at the Austrian University of Technology in Graz, spoke at the Black Hat Asia conference yesterday in Singapore's time zone. It was Gruess' team that discovered the Meltdown and Specter vulnerabilities in Intel processor architectures and beyond. According to the expert, computer security has been irreparably damaged by the increased complexity of the systems. But there is a cure, although not absolute.
    Read More
  • Oct 3, 2020 | 3DNews

    Searching for vulnerabilities in computer systems is becoming akin to observing life in wildlife [Black Hat Asia 2020]

    Computer security researcher Daniel Gruss, assistant professor at the Austrian University of Technology Graz, spoke at the Black Hat Asia conference yesterday in the Singapore time zone . It was Gruess's team that discovered the Meltdown and Specter vulnerabilities in Intel processor architectures and beyond. According to the expert, computer security has been irreparably disturbed by the increased complexity of systems. But there is a cure, although not absolute.
    Read More
  • Oct 2, 2020 | TechWorld IDG

    Protocols from the 1970s pose a risk to 5g users [Black Hat Asia 2020]

    In connection with this year's edition of the conference Black Hat Asia, security expert Sergey Puzankov from Positive Technologies has described a wide range of potential security problems with the 5g network.
    Read More
  • Oct 2, 2020 | SecNews

    5G networks are vulnerable due to "bad" old technologies [Black Hat Asia 2020]

    During a presentation at Black Hat Asia on Friday entitled "Back to the Future. Cross-Protocol Attacks in the Era of 5G ", positive security expert Sergey Puzankov stressed how pending issues in the SS7 protocol still plague the telecommunications industry.
    Read More
  • Oct 2, 2020 | The Daily Swig

    Grinder Framework helps overcome Shodan false negatives and blind spots [Black Hat Asia 2020]

    “The Grinder Framework is an open source security research toolkit adopted to Internet-wide surveys and allows you to use the full power of tools like Nmap, Shodan, Censys, Vulners, and TLS-attacker, and bringing the light through tailored scanning and threat intelligence approach,” the researchers explain in a preview for a presentation for an Arsenal session held during Black Hat Asia today (October 1).
    Read More
  • Oct 2, 2020 | ZDNet

    4G, 5G networks could be vulnerable to exploit due to ‘mishmash’ of old technologies [Black Hat Asia 2020]

    During a presentation at Black Hat Asia on Friday called "Back to the Future. Cross-Protocol Attacks in the Era of 5G," Positive Technologies security expert Sergey Puzankov highlighted how outstanding issues in the SS7 protocol still plague the telecommunications industry.
    Read More
  • Oct 2, 2020 | The Daily Swig

    Computer scientist behind Meltdown discovery prescribes biological approach to securing complex systems [Black Hat Asia 2020]

    Treat this as the new normal, Daniel Gruss, a member of one of three teams that uncovered the Meltdown vulnerability, said during a keynote presentation on Friday at the Black Hat Asia security conference.
    Read More
  • Oct 2, 2020 | The Daily Swig

    Black Hat Asia 2020: Android vulnerability scanners tackle code obfuscation and false positives [Black Hat Asia 2020]

    Android apps can be probed comprehensively for known security vulnerabilities without being fooled by code obfuscation techniques, attendees at Black Hat Asia heard yesterday.
    Read More
  • Oct 2, 2020 | The Daily Swig

    Vulnerabilities in Kata containers could be chained to achieve RCE on host [Black Hat Asia 2020]

    A talk delivered at the virtual Black Hat Asia conference today by security researcher Yuval Avrahami detailed how the flaws in Kata’s containers could also be exploited to compromise other guest users.
    Read More
  • Oct 2, 2020 | Dark Reading

    Biometric Data Collection Demands Scrutiny of Privacy Law [Black Hat Asia 2020]

    "One of the things that has been so great about technology is not only the convenience, but we've really started to look at privacy, and privacy is coming to the forefront," said Melissa Wingard, special counsel at law firm Phillips Ormonde Fitzpatrick, in a virtual Black Hat Asia talk.
    Read More
  • Oct 2, 2020 | Dark Reading

    Researchers Adapt AI With Aim to Identify Anonymous Authors [Black Hat Asia 2020]

    At Black Hat Asia, artificial intelligence and cybersecurity researchers use neural networks to attempt to identify authors, but accuracy is still wanting.
    Read More
  • Oct 1, 2020 | SecurityLab.ru

    Singapore authorities suggested treating information security as a public good [Black Hat Asia 2020]

    Information security is as much a public good as clean drinking water. This was announced on Thursday, October 1, by Brigadier General Gaurav Keerthi, Assistant Chief of the Cybersecurity Agency of Singapore, at the Black Hat Asia conference.
    Read More
  • Oct 1, 2020 | The Daily Swig

    BitLocker sleep mode vulnerability can bypass Windows’ full disk encryption [Black Hat Asia 2020]

    At the virtual Black Hat Asia security conference today, researcher Seunghun Han introduced a tool that can be used to subvert BitLocker security protections.
    Read More
  • Oct 1, 2020 | The Daily Swig

    Black Hat Asia: Need for global security perspectives underlined at virtual event [Black Hat Asia 2020]

    The Asia edition of the information security and hacking conference has more than justified its place in the infosec calendar, with the spring event becoming a firm fixture in the diary of security professionals, researchers, CISOs, journalists, and other industry-watchers.
    Read More
  • Oct 1, 2020 | Dark Reading

    Singapore Asks Big Cybersecurity Questions to Improve National Defense [Black Hat Asia 2020]

    As Singapore pursues its journey to become a "Smart Nation," it's asking these tough questions and many others as officials wrestle with the role of cybersecurity in a country increasingly dependent on technology, explained Gaurav Keerthi, deputy chief executive of development at Singapore's Cyber Security Agency, in his keynote talk at this week's virtual Black Hat Asia.
    Read More
  • Sep 30, 2020 | ITSP Magazine

    Black Hat Asia 2020 | Balancing User Awareness And Public Trust That Is Riddled With Complexities | With Gaurav Keerthi, Melissa Wingard And Daniel Gruss [Black Hat Asia 2020]

    In this conversation, we bring these three very diverse topics and the Black Hat Asia 2020 speakers that present them together on a conversation that will undoubtedly make you think forward. Each one of them represents very different perspectives and aspects of security and privacy—government, industry, legal, academia, and society—and the complexities they bring with them, coupled with the complexities they also introduce when building trust within and across many stakeholders.
    Read More
  • Sep 25, 2020 | Dark Reading

    Navigating the Asia-Pacific Threat Landscape: Experts Dive In [Black Hat Asia 2020]

    At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
    Read More
  • Sep 2, 2020 | CBS News

    Top U.S. cybersecurity expert on mail-in voting: "If you've got paper, you've got receipts" [Black Hat USA 2020]

    Other high-profile security researchers also affirmed the value of mail-in systems at Black Hat. In his virtual keynote address, Georgetown Law professor Matt Blaze said that while mail-in and absentee voting systems are not foolproof, the systems are reliable, widely available, and lack many of the risks that plague digital voting systems.
    Read More
  • Aug 27, 2020 | Dark Reading

    How CISOs Can Play a New Role in Defining the Future of Work [Black Hat USA 2020]

    The theme of remote security has stayed top of mind since March: Cybersecurity experts correctly predicted that cybercrime in a virtual workforce would be a central topic at the recent Black Hat conference, and CISOs have had to rethink 2020 strategy with remote work leading the way.
    Read More
  • Aug 27, 2020 | Forbes

    Hacking Cyber Space [Black Hat USA 2020]

    At Black Hat, James Pavur, a Rhodes Scholar working on a PhD in cybersecurity at Oxford University's Department of Computer Science, cited examples of communications he'd been able to intercept.
    Read More
  • Aug 27, 2020 | Electronic Design

    Taking a Tour of Black Hat’s Online Conference [Black Hat USA 2020]

    High-level, cloud-based issues aren’t the only topics presented at Black Hat. Some got deep into the code and engineering.
    Read More
  • Aug 26, 2020 | Threatpost

    Disinformation Spurs a Thriving Industry as U.S. Election Looms [Black Hat USA 2020]

    The 2020 Presidential Election is the topic of a recent Threatpost feature Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem and the focus of a Black Hat 2020 keynote address earlier this month by Renée DiResta, research manager at the Stanford Internet Observatory.
    Read More
  • Aug 26, 2020 | CSO

    How to secure vulnerable printers on a Windows network [Black Hat USA 2020]

    At the recent Black Hat conference, Peleg Hadar and Tumar Bar of SafeBreach Labs pointed out that the way to a network’s heart is often through its printers.
    Read More
  • Aug 25, 2020 | Threatpost

    Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem [Black Hat USA 2020]

    Meanwhile, recent stats from the Black Hat USA 2020 Attendee Survey show that 85 percent of respondents believe that cyber-threat actors will have at least some impact on the U.S. elections in 2020. And disturbingly, nearly one third of respondents believe that the impact will be critical, and that the results of the 2020 election will always be in doubt as a result.
    Read More
  • Aug 25, 2020 | Threatpost

    Safari Bug Revealed After Apple Takes Nearly a Year to Patch [Black Hat USA 2020]


    Read More
  • Aug 25, 2020 | TechRepublic

    IoT botnets: Smart homes ripe for a new type of cyberattack [Black Hat USA 2020]

    By powering on a large number of devices an energy supplier or utility company could artificially increase demand to boost profits. This idea is at the core of Black Hat USA 2020 presentation titled led by Georgia Tech researchers Tohid Shekari and Raheem Beyah.
    Read More
  • Aug 23, 2020 | WIRED

    Cash machine hackers are getting better at stealing your money [Black Hat USA 2020]

    During Black Hat, Kevin Perlow, the technical threat intelligence team lead at a large, private financial institution, analysed two cash-out tactics that represent different current approaches to jackpotting.
    Read More
  • Aug 21, 2020 | Dark Reading

    'Next-Gen' Supply Chain Attacks Surge 430% [Black Hat USA 2020]

    Meantime, at Black Hat USA earlier this month, researchers showed how a next-gen approach could be used to attack Node.js applications by manipulating the hidden properties used to track internal program states.
    Read More
  • Aug 20, 2020 | Dark Reading

    Black Hat USA 2020 Recap: Experts Discuss Election Security Questions, but Offer Few Answers [Black Hat USA 2020]


    Read More
  • Aug 20, 2020 | Dark Reading

    Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay [Black Hat USA 2020]

    To its credit, Black Hat USA 2020 turned hard left once it was clear that large live events wouldn’t be happening in the second half of 2020, and what they managed to pull off was nothing short of a miracle. Even if, from an analyst’s perspective, the event was nothing like an in-person event, it was incredibly useful for all involved.
    Read More
  • Aug 20, 2020 | India Today

    Exposed: China's hacking campaign to unsettle Taiwan economy [Black Hat USA 2020]

    At the Black Hat security conference last week, researchers from CyCraft presented details of a hacking campaign that may have compromised internal data of at least seven Taiwanese chip firms over the past two years.
    Read More
  • Aug 19, 2020 | BizTech

    Mail-In Votes Require Special Cybersecurity Attention [Black Hat USA 2020]

    “It’s night and day compared to what existed in 2016,” CISA Director Christopher Krebs said at the Black Hat USA 2020 cybersecurity conference this month. “2020 will be the most protected and most secure election in modern history.”
    Read More
  • Aug 18, 2020 | ITSP Magazine

    Black Hat USA 2020 Recap And What Is Happening Next | With Kymberlee Price And Steve Wylie [Black Hat USA 2020]


    Read More
  • Aug 18, 2020 | The Daily Swig

    AWS launches open source tool to protect against HTTP request smuggling attacks [Black Hat USA 2020]

    At Black Hat USA 2019, PortSwigger Web Security’s director of research James Kettle demonstrated how the somewhat forgotten hacking technique could be leveraged to poison web caches and desynchronize entire systems.
    Read More
  • Aug 18, 2020 | ITSP Magazine

    Black Hat USA 2020 Recap And What Is Happening Next | With Kymberlee Price And Steve Wylie [Black Hat USA 2020]

    Beyond the content itself, there's a lot to be learned for how we will consume content moving forward and how we will likely expect to engage with each other in a world where in-person-only events may be a thing of the past. Steve and Kymberlee provide some interesting insights into the future of Black Hat in this context.
    Read More
  • Aug 17, 2020 | CoinGeek

    Open-source library dependence puts digital currency exchanges at risk: report [Black Hat USA 2020]

    At the recent Black Hat security conference, researchers detailed potential weaknesses in the exchanges secured wallet schemes that have now been patched.
    Read More
  • Aug 17, 2020 | TNW

    Pardon the Intrusion #24: The clock is TikToking [Black Hat USA 2020]

    At the Black Hat conference last week, a security researcher revealed how insecure satellite-based Internet allows attackers to snoop on companies and sometimes tamper with data.
    Read More
  • Aug 17, 2020 | CoinGeek

    Open-source library dependence puts digital currency exchanges at risk: report [Black Hat USA 2020]

    At the recent Black Hat security conference, researchers detailed potential weaknesses in the exchanges secured wallet schemes that have now been patched.
    Read More
  • Aug 17, 2020 | Dice

    Your Work-From-Home Future: Now’s the Time to Think About Security [Black Hat USA 2020]

    In time for the Black Hat 2020 virtual conference earlier this month, AT&T released a study about cybersecurity and working from home that included responses from 800 security professionals working in the U.K., France and Germany. Of those surveyed, 88 percent reported that, while they initially felt well-prepared for the switch to WFH, a majority (55 percent) now feel that ongoing remote working is making their companies more vulnerable to cyber-threats.
    Read More
  • Aug 15, 2020 | WIRED

    ATM Hackers Have Picked Up Some Clever New Tricks [Black Hat USA 2020]

    At last week's Black Hat and Defcon security conferences, researchers dug through recent evolutions in ATM hacking. Criminals have increasingly tuned their malware to manipulate even niche proprietary bank software to cash out ATMs, while still incorporating the best of the classics—including uncovering new remote attacks to target specific ATMs.
    Read More
  • Aug 15, 2020 | TechCrunch

    Decrypted: Hackers Show Off Their Exploits as Black Hat Goes Virtual [Black Hat USA 2020]

    But with less than three months until millions of Americans go to the polls, Black Hat sharpened its focus on election security and integrity more so than any previous year.
    Read More
  • Aug 14, 2020 | TechTarget

    Risk & Repeat: Black Hat 2020 highlights [Black Hat USA 2020]

    This week's Risk & Repeat podcast recaps the highlights and trends of Black Hat USA 2020, which was held as a fully virtual conference for the first time because of the COVID-19 pandemic.
    Read More
  • Aug 14, 2020 | ProPublica

    Electionland 2020: USPS Chaos, Election Cybersecurity, August Voting and More [Black Hat USA 2020]

    At this month’s Black Hat hacker conference, voting tech company Election Systems & Software announced new policies that will allow cybersecurity researchers to test the company’s technology. Also at the conference, the director of CISA touted the government’s progress on cybersecurity since 2016, saying it was “like night and day.”
    Read More
  • Aug 13, 2020 | Daily Star

    Deepfake of Tom Hanks that 'easily passes as real' made for less than $100 [Black Hat USA 2020]

    It read: "There are many photos of Tom Hanks, but none like the images of the leading everyman shown at the Black Hat computer security conference Wednesday: They were made by machine-learning algorithms, not a camera."
    Read More
  • Aug 13, 2020 | PCMag

    These Are the Apps We Miss Right Now [Black Hat USA 2020]

    I watched virtual Black Hat presentations from the comfort of my own home instead of the Mandalay Bay casino in Las Vegas. I don’t really miss the app, truth be told, but I have found myself missing the bustle of conferences.
    Read More
  • Aug 13, 2020 | Washington Post

    The Cybersecurity 202: The TikTok ban is just a proxy battle in the U.S.-China tech war [Black Hat USA 2020]


    Read More
  • Aug 13, 2020 | SDxCentral

    Cyber Threat First Responders Fight COVID-19 Attacks Amid Pandemic [Black Hat USA 2020]

    Okta Executive Director of Cybersecurity Marc Rogers, like many of us, has lost all concept of time during the COVID-19 pandemic. There’s pre-COVID life and work, and then there’s the Groundhog’s Day existence that has become our collective reality. “I measure things in 2020 units now,” he said, during a virtual interview at Black Hat. “Some of it’s turned into a daily grind.”
    Read More
  • Aug 13, 2020 | OODA Loop

    DHS Worried About Ransomware Attacks for 2020 Election [Black Hat USA 2020]

    According to an intelligence report issued by the Department of Homeland Security, one of the top 2020 election security concerns is ransomware. A report entitled “Cybercriminals and Criminal Hackers Capable of Disrupting Election Infrastructure”, echos concerns CISA head Chris Krebs articulate at the Black Hat security conference in early August.
    Read More
  • Aug 13, 2020 | Dark Reading

    Boeing's DEF CON Debut a Sign of the Times [Black Hat USA 2020]

    IOActive's Santamarta — who had presented his research over at Black Hat USA in Las Vegas just a few days before DEF CON kicked off — maintained that an attacker exploiting the flaws could remotely gain access to the aircraft's sensitive avionics network, also known as the crew information systems network.
    Read More
  • Aug 13, 2020 | Dark Reading

    Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity [Black Hat USA 2020]

    Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.
    Read More
  • Aug 12, 2020 | Xakep

    Big hole in BIG-IP. How the new vulnerability in F5 products works [Black Hat USA 2020]

    We need to look at how the URI is passed to Tomcat. It is worth referring here to Orange Tsai 's great study on path normalization in various applications that he presented at Black Hat USA 2018 and DEF CON 26
    Read More
  • Aug 12, 2020 | Education News Network

    BlackBerry releases free reverse engineering tools to help resist cyber security attacks [Black Hat USA 2020]

    Also this week at Black Hat USA 2020, Kevin Livelli, the director of BlackBerry threatening the IntelliSense system, will be presenting the Rat Decade on August 5, 11-11:40 am PT. BlackBerry will also hold a webinar about its cooperation with Intel to stop encryption hijacking malware, and in-depth study of BlackBerry Optics AI-based EDR technology for Linux.
    Read More
  • Aug 12, 2020 | Turbo

    Mercedes-Benz E-Class. 19 safety risks detected, already resolved [Black Hat USA 2020]

    According to TechCrunch , the facts were revealed by Minrui Yan, head of Sky-Go's security research team, during this year's Black Hat security conference.
    Read More
  • Aug 12, 2020 | ARA MOTOR

    Chinese computer scientists uncover the vulnerability of the Mercedes-Benz E-Class [Black Hat USA 2020]

    Through a coordinated attack, Qihoo 360 computer scientists were able to unlock the car doors, lower the windows, control the lighting system and even start the car's engine without the owner's key, as explained in a Black Hat cybersecurity conference, focused on the risks of hacking.
    Read More
  • Aug 12, 2020 | heise online

    Patchday: Microsoft closes actively exploited Windows and browser holes [Black Hat USA 2020]

    As part of a lecture at the Black Hat Conference 2020, a team of researchers warned last week about a new version of a security hole that the Stuxnet computer worm had previously misused to switch from Windows systems to industrial control systems via the printer spooler.
    Read More
  • Aug 12, 2020 | TechTarget

    Microsoft plugs 2 zero-days on August Patch Tuesday [Black Hat USA 2020]

    The patch resolved a lingering printer spooler issue that had been patched multiple times -- most recently in May -- but security researchers found a way to bypass the patch and gave a recent Black Hat USA presentation on the flaw, which has its origins in the Stuxnet worm from 2010. Despite public knowledge of the bug, Microsft's CVE did not report this as publicly disclosed.
    Read More
  • Aug 12, 2020 | KRYPTOMAGAZIN

    Researchers claim that hackers attack cryptoburses in three ways [Black Hat USA 2020]

    Researchers at the Black Hat security conference have revealed that cryptoburses can be vulnerable to hackers . Although cryptocurrencies provide a high level of privacy and security to protect their resources, scientists have found that hackers can attack in three ways.
    Read More
  • Aug 12, 2020 | Wall Street Journal

    Facebook and Other Tech Giants Gird for Chaotic Election [Black Hat USA 2020]


    Read More
  • Aug 12, 2020 | BizTech

    Black Hat 2020: How to Boost Security Problem-Solving [Black Hat USA 2020]

    But problem-solving isn’t necessarily a trait you’re born with. At Black Hat USA 2020, Matt Wixey, research lead at PwC U.K., said that it’s something that can be trained.
    Read More
  • Aug 12, 2020 | Autocasión

    They hack the Mercedes E-Class and even get to start it [Black Hat USA 2020]

    They could even have started the engine without having to enter the cabin . The investigation was started a couple of years ago and the results were sent to Daimler, from where we assume that they remedied the problem. Now they have been unveiled at the Black Hat cybersecurity conference.
    Read More
  • Aug 12, 2020 | BenzInsider

    Sky-Go Discusses How to Hack and Remotely Control the Mercedes-Benz E-Class [Black Hat USA 2020]

    In 2017, a video surfaced showing two thieves in the UK using a relay hacking method to exploit the keyless entry system of a Mercedes car. It only took them less than 30 seconds to drive off with it. This is just one of the examples that Sky-Go demonstrated in its presentation at a recent Black Hat cybersecurity conference.
    Read More
  • Aug 12, 2020 | TechTarget

    Security team analyzes data breach costs for better metrics [Black Hat USA 2020]

    Severski and Baker published their findings on the cost of data breaches in the Cyentia Information Risk Insights Study (IRIS 20/20) and the ripple effects of breaches in Ripples Across the Risk Surface (in collaboration with automated risk assessment firm RiskRecon). They discussed the topic at Black Hat 2020.
    Read More
  • Aug 12, 2020 | TechHQ

    Mercedes-Benz security bug — a sign of connected vehicle security issues? [Black Hat USA 2020]

    A team of security researchers at the Sky-Go Team detailed the way they were able to form an attack chain and remotely take control of the vehicle. The head of Sky-Go’s security research team, Minrui Yan, shared the findings at this year’s Black Hat security conference, as reported in TechCrunch.
    Read More
  • Aug 12, 2020 | Intelligent CIO

    Latest Mimecast research finds threat actors more motivated by money than intelligence or IP [Black Hat USA 2020]

    Mimecast Limited, a leading email security and cyber-resilience company, has launched the Threat Intelligence Report: Black Hat U.S.A. Edition 2020.
    Read More
  • Aug 12, 2020 | Dark Reading

    Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption [Black Hat USA 2020]

    Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
    Read More
  • Aug 12, 2020 | BizTech

    Black Hat 2020: How to Boost Security Problem-Solving [Black Hat USA 2020]

    But problem-solving isn’t necessarily a trait you’re born with. At Black Hat USA 2020, Matt Wixey, research lead at PwC U.K., said that it’s something that can be trained.
    Read More
  • Aug 12, 2020 | Bitcoin Mexico

    Blackhat: Innovation and case studies around cybersecurity [Black Hat USA 2020]

    The Blackchat event is a space that for 20 years has been dedicated to solving the doubts that may arise around cybersecurity and presenting innovations and research on the subject of the event.
    Read More
  • Aug 12, 2020 | Avast Blog

    An elections security progress report: Black Hat edition [Black Hat USA 2020]

    As you might expect, the election was a core topic at the virtual Black Hat and DEFCON voting village conferences held in early August. It has become a core feature of “hacker summer camp” to share the latest in election security from the perspective of the professionals doing the work.
    Read More
  • Aug 11, 2020 | Dark Reading

    Researchers Trick Facial-Recognition Systems [Black Hat USA 2020]

    At the Black Hat USA 2020 virtual event last week, researchers from McAfee showed how they were able to use such technologies to successfully trick a facial-recognition system into misclassifying one individual as an entirely different person.
    Read More
  • Aug 11, 2020 | Latest Hacking News

    Spying On Satellite Internet Now Possible With $300 Setup [Black Hat USA 2020]

    Researchers have devised a new strategy for spying on satellite internet traffic. Sharing the details in the recent Black Hat USA 2020, they revealed that anyone with mere home television equipment could intercept satellite internet traffic to snoop into the data.
    Read More
  • Aug 11, 2020 | Bitcoin Mexico

    Researchers discover a bug in Windows and prevent an attack [Black Hat USA 2020]

    " As a bonus, various Windows services loaded our DLL (wbemcomn.dll) as they did not verify the signature and tried to load the DLL from a non-existent path, which means we also got the code executed ," Hadar and Bar said. , who presented their finding at the Blackhat security conference .
    Read More
  • Aug 11, 2020 | Business Next

    Qualcomm, MediaTek Wi-Fi chip found loopholes, signal transmission, data packets may be intercepted [Black Hat USA 2020]

    At the Black Hat USA 2020 security conference held recently, ESET announced the vulnerability of the "Kr00k" variant, and emphasized that the key will be invalidated by disassociation, so that the original WPA2-type encryption protection will lose its function, and it can be blocked through Wi-Fi. The Fi signal transmits the content of the data packet.
    Read More
  • Aug 11, 2020 | EET

    Suspected mainland hackers stealing Taiwan semiconductor secrets, reason: working hours 996 [Black Hat USA 2020]

    A few days ago, the US technology media "Wired" reported that a cybersecurity company called CyCraft in Taiwan revealed at the "Black Hat USA" Black Hat Conference held last week, since the company released it in April this year. Since the white paper on cyber attacks on the semiconductor industry in Taiwan, many responses have been received, showing that at least 7 semiconductor companies in Taiwan have been locked down by the same mainland Chinese hacker group "Chimera".
    Read More
  • Aug 11, 2020 | CCTV News

    The cost of hacking a satellite is only 350,000 won? [Black Hat USA 2020]

    Research results showing that a satellite can be hacked for about $300 (about 350,000 won) is drawing attention from the industry. At'Black Hat 2020', a global information security conference held online from August 1 to 6, University of Oxford academic researcher James Pavur said that satellite Internet communication (ISP) is vulnerable to eavesdropping and signal blocking.
    Read More
  • Aug 11, 2020 | BizTech

    Black Hat 2020: The Security Implications of Disinformation Campaigns [Black Hat USA 2020]

    While this has been a known threat in the public space, businesses are at risk as well. At Black Hat USA 2020, Stanford Internet Observatory Research Manager Renee DiResta said that the vast opportunities of the internet and social media have left us with an avalanche of material at our fingertips, and some of it is ill-intentioned.
    Read More
  • Aug 11, 2020 | Avalanche Noticias

    Chinese hackers target Taiwan's semiconductor factories and look for technology secrets [Black Hat USA 2020]

    Due to the coronavirus pandemic, this year's Black Hat cybersecurity conference was held as an online event. One of the conference participants was CyCraft, whose experts presented an interesting report on the results of the investigation into a series of incidents related to attacks on Taiwanese companies operating in the semiconductor industry.
    Read More
  • Aug 11, 2020 | C-SPAN

    Communicators with Jeff Moss [Black Hat USA 2020]

    Jeff Moss, creator of the cybersecurity and hacker conferences Black Hat and DEF CON, talked about 2020 election security, the Chinese-owned Tik Tok and We Chat social media platforms, and where the internet is heading. Mr. Moss spoke from Singapore.
    Read More
  • Aug 11, 2020 | BTC-ECHO

    Vulnerabilities in popular Bitcoin exchanges revealed [Black Hat USA 2020]

    The Black Hat IT security conference took place at the beginning of the month. Due to the COVID-19 pandemic, this year's event took place online.
    Read More
  • Aug 11, 2020 | heise online

    Forum software vBulletin: New attack technique leverages old security patch [Black Hat USA 2020]

    The researcher apparently decided not to wait for the vBulletin team to publish a patch. In any case, this should be informed or alarmed: Jeff Moss, founder of the IT security conferences Black Hat and Def Con, announced via Twitter that the Def Con forum was already three hours after the PoC code was published in the researcher's blog entry had been attacked.
    Read More
  • Aug 11, 2020 | Linux

    The deplorable situation with satellite Internet security [Black Hat USA 2020]

    Black Hat presented a report on security problems in satellite Internet access systems . The author of the report demonstrated the ability to intercept Internet traffic transmitted through satellite communication channels using a low-cost DVB receiver.
    Read More
  • Aug 11, 2020 | RedesZone

    How they could easily spy on satellite connections [Black Hat USA 2020]

    At the 2020 Black Hat , a computer security researcher from the University of Oxford has shown how it is possible to access confidential information from corporate networks that use satellites to transmit the signal.
    Read More
  • Aug 11, 2020 | TechTarget

    Healthcare CISO offers alternatives to 'snake oil' companies [Black Hat USA 2020]

    Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his Black Hat USA 2020 talk.
    Read More
  • Aug 11, 2020 | Motor1

    Mercedes E-Class Had 19 Security Risks, Which Were Patched Last Year [Black Hat USA 2020]

    According to TechCrunch, the breakdown came from Minrui Yan, head of Sky-Go’s security research team, during this year’s Black Hat security conference. The team found 19 vulnerabilities in a Mercedes E-Class that gave researchers vast control over the vehicle.
    Read More
  • Aug 11, 2020 | Theatpost

    Researcher Publishes Patch Bypass for vBulletin 0-Day [Black Hat USA 2020]

    Indeed, hackers wasted no time in using Etemadieh’s bypass to try to hack into the forum at the DEF CON security conference, according to a post on Twitter by DEFCON and Black Hat founder Jeff Moss. However, administrators quickly applied Etemadieh’s advice to disable PHP to thwart the attack, he tweeted.
    Read More
  • Aug 11, 2020 | Dark Reading

    Is Edtech the Greatest APT? [Black Hat USA 2020]

    High-value users with no control over their infrastructure or security practices seem like characters in a dystopian novel, but Michelle Wolfe, who works with local governments in the UK, spoke at Black Hat USA about students in classrooms using dystopian terms.
    Read More
  • Aug 11, 2020 | Science Blog

    Baking And Boiling Botnets Could Drive Energy Market Swings And Damage [Black Hat USA 2020]

    Evil armies of internet-connected EV chargers, ovens, hot-water heaters, air-conditioners, and other high-wattage appliances could be hijacked to slightly manipulate energy demand, potentially driving price swings and creating financial damage to deregulated energy markets, warns a new report scheduled to be presented Aug. 5 at the Black Hat USA 2020 conference.
    Read More
  • Aug 11, 2020 | Krebs On Security

    Microsoft Patch Tuesday, August 2020 Edition [Black Hat USA 2020]

    Narang said researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 at the Black Hat security conference earlier this month.
    Read More
  • Aug 10, 2020 | The Daily Swig

    Anatomy of a healthcare data breach dissected at Black Hat 2020 [Black Hat USA 2020]

    Insecure technologies are making healthcare organizations easy prey for cybercriminals, as well as lucrative and egregious targets, attendees at Black Hat USA 2020 heard last week.
    Read More
  • Aug 10, 2020 | Xakep

    Chinese experts remotely hacked Mercedes-Benz E-class [Black Hat USA 2020]

    Now Sky-Go experts have finally made their findings public by presenting a talk at the Black Hat conference (this year's event is being held remotely). At the same time, some details of the bugs were deliberately omitted, both to protect Daimler's intellectual property and to prevent exploitation of vulnerabilities.
    Read More
  • Aug 10, 2020 | Dutch IT-Channel

    Chinese state hackers are targeting Taiwanese chip companies [Black Hat USA 2020]

    This is reported by security company CyCraft at the Black Hat conference, which will be held online this year. Wired writes that the attacks are attributed to Chinese hackers for various reasons.
    Read More
  • Aug 10, 2020 | TechCrunch

    The Station: Uber Eats ride, the next micromobility trend, Levandowski's day in court [Black Hat USA 2020]

    The Black Hat security conference is that annual event that reminds me of how vulnerable connected cars can be. This year, security researchers at the Sky-Go Team, the car hacking unit at Qihoo 360, found more than a dozen vulnerabilities in a Mercedes-Benz E-Class car that allowed them to remotely open its doors and start the engine.
    Read More
  • Aug 10, 2020 | heise online

    Black Hat 2020: From DoS to data theft - attacks via PDF documents [Black Hat USA 2020]

    Anyone who feels safe with PDFs compared to Office documents is wrong. Jens Müller showed several possible attacks at Black Hat 2020.
    Read More
  • Aug 10, 2020 | CarBuzz

    Mercedes-Benz E-Class Is Surprisingly Easy To Hack [Black Hat USA 2020]

    During a recent Black Hat cybersecurity conference, Sky-Go demonstrated how these flaws could have been exploited to remotely access a number of the car's functions and even start the engine without even touching the car.
    Read More
  • Aug 10, 2020 | TechTarget

    Games, not shame: Why security awareness training needs a makeover [Black Hat USA 2020]

    Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior.
    Read More
  • Aug 10, 2020 | SDxCentral

    Election 2020: Will Disinformation Trump Election Security? [Black Hat USA 2020]

    Election security took center stage at Black Hat, but not in the usual, who can hack a voting machine way. Hardware and software vulnerabilities still exist. But the COVID-19 pandemic, rampant disinformation campaigns, disenfranchisement, and impatient voters may pose far greater security risks.
    Read More
  • Aug 10, 2020 | Neowin

    Exploring the (lack of) security in a typical Docker and Kubernets installation [Black Hat USA 2020]

    To get up to speed, I signed up for the Black Hat 2020 session entitled, “From Zero to Hero: Pentesting and Securing Docker Swarm and Kubernetes Environments." The course, taught by Sheila A. Berta and Sol Ozzan, literally started with a description of how Docker containers worked and went all the way through a Kubernetes deployment.
    Read More
  • Aug 10, 2020 | Macworld

    Bugs in Office and macOS gave full control of Mac [Black Hat USA 2020]

    Security researcher Patrick Wardle (former NSA hacker and now head of security at Jamf) has an impressive track record for finding flaws security flaws on the Mac platform. His latest report was shared at this year's Black Hat conference (held virtually). He has also published a blog post where he goes in depth into how the attack works.
    Read More
  • Aug 10, 2020 | TechRepublic

    Black Hat 2020: Cybersecurity trends, tools, and threats [Black Hat USA 2020]

    This year’s Black Hat USA 2020 computer security conference was entirely virtual for the first time and took place from August 1-6. This is the 23rd year for the conference, which traditionally takes a close look at some of the top cybersecurity trends.
    Read More
  • Aug 10, 2020 | TechCentral.ie

    Protocol gateway flaws reveal ICS environment weak points [Black Hat USA 2020]

    Security researchers warn about widespread vulnerabilities in protocol gateways, small devices that connect industrial machinery and sensors to TCP/IP networks that are used to automate and control them. New research published by Trend Micro and presented at the Black Hat USA virtual security conference highlights a new threat via protocol translation attacks and reveals nine flaws found in protocol gateways from different vendors.
    Read More
  • Aug 10, 2020 | CSO

    18 (new) ways attackers can compromise email [Black Hat USA 2020]

    Vern Paxson, Professor of Computer Science at UC Berkeley and Co-Founder and Chief Scientist at Corelight, Jianjun Chen, Post-Doc researcher at the International Computer Science Institute and Jian Jiang, Senior Director of Engineering at F5 (Shape Security), presented the result of their research at Black Hat last week in a talk entitled “You Have No Idea Who Sent That Email: 18 Attacks on Email Sender Authentication.”
    Read More
  • Aug 10, 2020 | cryptonews

    Researchers Find Bugs that Could Expose Crypto Wallets on Exchanges [Black Hat USA 2020]

    At a recent Black Hat cybersecurity conference, experts said that some of the issues that affected exchanges have now been fixed – but claimed that others still pose a threat to their owners.
    Read More
  • Aug 10, 2020 | Android Headlines

    Chinese Hackers Steal From Taiwan's Semiconductor Industry [Black Hat USA 2020]

    At the Black Hat security conference, reports will be presented that detail the damage. The report shows that at least seven Taiwanese chip firms over the past two years were compromised by hackers.
    Read More
  • Aug 10, 2020 | Extreme Tech

    Chinese Hackers Infiltrate Taiwanese Semiconductor Companies [Black Hat USA 2020]


    Read More
  • Aug 10, 2020 | Silicon UK

    Researchers Uncover Stuxnet-Style Flaw In Windows [Black Hat USA 2020]

    At the Black Hat USA 2020 security conference Bar and Hadar said the privilege escalation flaw could be used by an attacker who has physical access to a system to gain escalated privileges.
    Read More
  • Aug 10, 2020 | The Daily Swig

    Top hacks from Black Hat and DEF CON 2020 [Black Hat USA 2020]

    As well as tackling core enterprise and web security threats, presenters at both Black Hat and DEF CON 2020 took hacking to weird and wonderful places. Anything with a computer inside was a target – a definition that these days includes cars, ATMs, medical devices, traffic lights, voting systems and much, much more.
    Read More
  • Aug 10, 2020 | WeLiveSecurity

    Black Hat 2020: Fixing voting – boiling the ocean? [Black Hat USA 2020]

    Following the Black Hat keynote about voting security, we wonder how fixing elections might be possible in the next few months amidst pressure of U.S. elections rapidly approaching, requiring massive, coordinated effort at immense expense. Is that possible? If so, how likely?
    Read More
  • Aug 10, 2020 | BleepingComputer

    vBulletin fixes ridiculously easy to exploit zero-day RCE bug [Black Hat USA 2020]

    According to Jeff Moss, aka The Dark Tangent and the creator of the Black Hat and Defcon security conferences, the defcon.org forum was attacked with this exploit three hours after it was disclosed.
    Read More
  • Aug 10, 2020 | SecurityWeek

    Over 30 Vulnerabilities Discovered Across 20 CMS Products [Black Hat USA 2020]

    Muñoz and Mirosh, who presented their findings last week at the Black Hat cybersecurity conference, focused on .NET and Java-based products, and they showed how an unprivileged attacker can escape template sandboxes and achieve remote code execution.
    Read More
  • Aug 10, 2020 | SecurityWeek

    Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight [Black Hat USA 2020]

    The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year.
    Read More
  • Aug 9, 2020 | Cointelegraph

    Researchers Claim Crypto Exchange Hacks Happen in Three Ways [Black Hat USA 2020]

    Researchers at the Black Hat security conference revealed that crypto exchanges might be vulnerable to hackers. Although crypto exchanges have high privacy and security to protect their funds, researchers still found three ways hackers can attack these crypto exchanges, according to Wired on August 9.
    Read More
  • Aug 9, 2020 | WIRED

    Flaws Could Have Exposed Cryptocurrency Exchanges to Hackers [Black Hat USA 2020]

    At the Black Hat security conference on Thursday, researchers detailed potential weaknesses in these specially secured wallet schemes, including some that affected real exchanges that have now been fixed.
    Read More
  • Aug 8, 2020 | SiliconANGLE

    As the pandemic hastens a cyberpunk future, hackers put democracy at risk [Black Hat USA 2020]

    Reflecting on a dystopian future described in a subgenre of science fiction known as “cyberpunk” in the 1980s, a somber Jeff Moss, Black Hat’s founder, opened this year’s all-digital event by capturing the state of computer security in a newly altered world.
    Read More
  • Aug 8, 2020 | WIRED

    Security News This Week: The NSA's Tips to Keep Your Phone From Tracking You [Black Hat USA 2020]

    This week marked the first-ever online-only Black Hat and Defcon security conferences, both of which still produced impactful work despite going remote. But before you dive into everything that's broken, start off with a tale of perseverance that starts with the private keys needed to recover $300,000 of bitcoin trapped in an old zip file.
    Read More
  • Aug 8, 2020 | Dark Reading

    Digital Clones Could Cause Problems for Identity Systems [Black Hat USA 2020]

    The fundamental technologies for creating digital clones of people — text, audio, and video that sound and look like a specific person — have rapidly advanced and are within striking distance of a future in which digital avatars can sound and act like specific people, Tamaghna Basu, co-founder and chief technology officer of neoEYED, a behavioral analytics firm, told attendees at the virtual Black Hat conference on Aug. 6.
    Read More
  • Aug 7, 2020 | BizTech

    Black Hat 2020: Security Needs Better Data for Better Policies [Black Hat USA 2020]

    But what if the information they’re basing their decisions on is skewed? What if it doesn’t take the right things into consideration? What if the data isn’t accurately represented? That is exactly what is happening when it comes to security, according to research presented this week at Black Hat USA 2020. Virginia Tech University professor and Cyentia Institute co-founder Wade Baker said that some well-known cybersecurity statistics, such as the notion that 60 percent of small businesses close within six months of a data breach, are widely repeated despite the original source of the information being unclear.
    Read More
  • Aug 7, 2020 | SDxCentral

    McAfee Scopes Threat Landscape, Sees Deep Fakes, Zombies [Black Hat USA 2020]

    “I think we’re going to continue to see these more advanced and evolution of [attack] techniques,” Povolny said, during an interview at this week’s virtual Black Hat. “We’re going to see the consistent use of ransomware, we’re going to see the same breaches we’ve been seeing forever. After 20 years, if it’s not changing, it’s not going anywhere for the foreseeable future.”
    Read More
  • Aug 7, 2020 | TechTarget

    Not just politics: Disinformation campaigns hit enterprises, too [Black Hat USA 2020]

    In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises.
    Read More
  • Aug 7, 2020 | PCMag

    Cybersecurity Training? Try the Carrot Instead of the Stick [Black Hat USA 2020]

    Masha Sedova leveraged her experience as a defense analyst for the government and Director of Trust Engagement at Salesforce to co-found Elevate Security, a company dedicated to using behavioral science to change security behaviors in ways that work. Per Sedova’s bio, her company can “transform employees into security super-humans.” In her Black Hat presentation this week, she demonstrated why traditional training doesn
    Read More
  • Aug 7, 2020 | CSO

    Protocol gateway flaws reveal a weak point in ICS environments [Black Hat USA 2020]

    Research presented at this week's Black Hat conference highlights a new threat via protocol translation attacks and reveals 9 flaws found in protocol gateways from different vendors.
    Read More
  • Aug 7, 2020 | PCMag

    Spectra Attack Turns Bluetooth and Wi-Fi Against Each Other [Black Hat USA 2020]

    Our smart devices need to communicate wirelessly and seamlessly with many other devices, in order to be useful. All these devices' radios also need to talk with one another. And that allowed researchers at the Black Hat security conference to show off a new kind of attack they dubbed Spectra.
    Read More
  • Aug 7, 2020 | Cyberscoop

    Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler [Black Hat USA 2020]

    While presenting their findings at the Black Hat hacking conference this week, Hadar and Bar release proof-of-concept code on GitHub designed to help detect attacks on the spooler service.
    Read More
  • Aug 7, 2020 | PCMag

    The Scariest Things We Saw at Black Hat 2020 [Black Hat USA 2020]

    Every year, hackers and researchers flock to Las Vegas for the Black Hat security conference (and some stay on for the free-wheeling DEF CON) to see and share the latest in security research. This year, everyone had to stay at home because of COVID-19, but there was still plenty to be worried about at this year's conference.
    Read More
  • Aug 7, 2020 | TechTarget

    10 years after Stuxnet, new zero-days discovered [Black Hat USA 2020]

    A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020.
    Read More
  • Aug 7, 2020 | Dark Reading

    Researcher Finds New Office Macro Attacks for MacOS [Black Hat USA 2020]

    Microsoft Office is no stranger to vulnerabilities and exploits. Most of those vulnerabilities led from Microsoft Office to Microsoft Windows, but it's possible for an attacker to take an exploit path from Microsoft Office to macOS — a path that Patrick Wardle, principal security researcher at Jamf, discussed in his presentation on Wednesday at Black Hat USA.
    Read More
  • Aug 7, 2020 | Gov InfoSecurity

    Researchers: IoT Botnets Could Influence Energy Prices [Black Hat USA 2020]

    High-wattage IoT devices and appliances, such as connected refrigerators, air conditioners and heaters, could be turned into massive botnets by malicious actors and used to influence energy prices, according to an academic study released at Black Hat 2020.
    Read More
  • Aug 7, 2020 | SecurityWeek

    Chinese Researchers Show How They Remotely Hacked a Mercedes-Benz [Black Hat USA 2020]

    Representatives of Sky-Go and Daimler disclosed the findings this week at the Black Hat cybersecurity conference and published a research paper detailing the findings. However, some information was not made public to protect Daimler’s intellectual property and to prevent malicious exploitation.
    Read More
  • Aug 7, 2020 | SDxCentral

    VMware Reports Destructive Attacks Surge During COVID-19 [Black Hat USA 2020]

    “We noted a dramatic increase in destructive attacks — the use of wipers and ransomware, NotPetya style, within networks,” said Tom Kellermann, head cybersecurity strategist at VMware Carbon Black, during a virtual Black Hat happy hour panel.
    Read More
  • Aug 7, 2020 | Gov InfoSecurity

    Exploring the Forgotten Roots of 'Cyber' [Black Hat USA 2020]

    At the same time, the word cyber arguably points to what is inherently leading-edge and subject to change. Entering the world of cybersecurity today, for example, "you're leaving the reality of what you know, for a fantasy world you know nothing about," Amanda Rousseau, an offensive security engineer at Facebook, said in a keynote speech at last year's Black Hat Europe conference in London.
    Read More
  • Aug 7, 2020 | Washington Post

    The Cybersecurity 202: Trump’s government is working to protect mail voting while Trump attacks it [Black Hat USA 2020]

    About 28 percent of voters cast ballots on such machines in 2016, according to a study by the Pew Research Center. CISA was estimating that figure would drop to about 8 percent in 2020 but it might be even lower because of mail voting, CISA Director Chris Krebs said during an address at the Black Hat cybersecurity conference this week.
    Read More
  • Aug 7, 2020 | PCMag

    Here's a Bright Idea: Use a Lightbulb to Eavesdrop [Black Hat USA 2020]

    The primary question Nassi and his team set out to answer was whether a hanging lightbulb can be used as a microphone—a challenge since "lightbulbs were not exactly designed to be used as microphones," Nassi said at this year's virtual Black Hat conference.
    Read More
  • Aug 7, 2020 | Dark Reading

    Researchers Create New Framework to Evaluate User Security Awareness [Black Hat USA 2020]

    In a presentation at the Black Hat USA event this week, Ron Bitton, principal research manager at BGU's cybersecurity research center, said the framework addresses some of the shortcomings of current approaches to evaluating user security awareness.
    Read More
  • Aug 7, 2020 | The Daily Swig

    Black Hat 2020: xGitGuard uses AI to detect inadvertently exposed data on GitHub [Black Hat USA 2020]

    Security researchers at Comcast have developed a tool that detects organizations’ secrets and user credentials in cases where they inadvertently spill onto GitHub. The tool, called xGitGuard, is designed to be both scalable and rapid. The tool was demonstrated during an Arsenal session at the Black Hat 2020 virtual conference on Thursday (August 7).
    Read More
  • Aug 7, 2020 | Help Net Security

    Researchers flag two zero-days in Windows Print Spooler [Black Hat USA 2020]

    Hadar and Bar shared more information about the two discovered zero-days at Black Hat USA 2020 this week.
    Read More
  • Aug 7, 2020 | The Daily Swig

    When TLS hacks you: Security friend becomes a foe [Black Hat USA 2020]

    During a session entitled ‘When TLS Hacks You’, during the Black Hat virtual conference on Wednesday, Maddux showed how “dangerous properties” of TLS can be abused to target internal services.
    Read More
  • Aug 7, 2020 | OODA Loop

    Satellite Comms Globally Open to $300 Eavesdropping Hack [Black Hat USA 2020]

    At the virtual Black Hat 2020 conference, academic researcher and Oxford University doctoral candidate James Pavur spoke about the risk of satellite hacking. Pavur stated that attackers can use basic home television gear to listen in on internet traffic occurring across the globe, including high-value targets such as shipping fleets and oil installations.
    Read More
  • Aug 7, 2020 | OODA Loop

    Mercedes-Benz E-Series Rife with 19 Bugs [Black Hat USA 2020]

    At Black Hat 2020, a famous cybersecurity conference held virtually this year, researchers explained the process of discovery and disclosure of security flaws found in Mercedes Benz vehicles. Although the flaws have since been fixed, the bugs impacted roughly 2 million Mercedes Benz connected cars before they were patched.
    Read More
  • Aug 7, 2020 | OODA Loop

    Chinese Hackers Have Pillaged Taiwan’s Semiconductor Industry [Black Hat USA 2020]

    Yesterday at the Black Hat security conferences, CyCraft researchers presented details of a previously unknown hacking campaign that compromised Taiwanese chip firms. CyCraft is a Taiwanese cybersecurity firm that has been investigating the campaign, which allegedly compromised at least seven firms over a two year period.
    Read More
  • Aug 7, 2020 | WeLiveSecurity

    Week in security with Tony Anscombe [Black Hat USA 2020]

    This week, the cybersecurity community ‘met up’ at the virtual Black Hat 2020, and ESET researchers elaborated on their discovery of the KrØØk vulnerability, revealing that variants of the same bug also affect Wi-Fi chips produced by other brands.
    Read More
  • Aug 7, 2020 | Channel Futures

    Black Hat: Public Opinion Hacking Hits Fever Pitch [Black Hat USA 2020]

    This week’s virtual Black Hat USA 2020 conference featured a keynote on how information operations are working overtime to manipulate public opinion. Renee DiResta, research manager at Stanford Internet Observatory, heads up research in this area.
    Read More
  • Aug 7, 2020 | The Daily Swig

    Mole in your network: Out-of-band exploitation framework showcased at Black Hat 2020 [Black Hat USA 2020]

    Mole, a new open source framework for identifying and exploiting out-of-band (OOB) application vulnerabilities, was launched at Black Hat 2020 this week.
    Read More
  • Aug 7, 2020 | The Daily Swig

    Mole in your network: Out-of-band exploitation framework showcased at Black Hat 2020 [Black Hat USA 2020]

    Mole, a new open source framework for identifying and exploiting out-of-band (OOB) application vulnerabilities, was launched at Black Hat 2020 this week.
    Read More
  • Aug 7, 2020 | Fast Company

    What becoming a poll worker taught me about securing the 2020 election [Black Hat USA 2020]

    In a keynote that opened the Black Hat conference Wednesday, security researcher and Georgetown Law professor of secure systems and cryptology Matt Blaze offered advice for our current situation. But his solution doesn’t center around software or protocols. Instead, it’s all about people.
    Read More
  • Aug 7, 2020 | Forbes

    From Russia With Lure: Why We’re Still Beset By Bots And Trolls Pushing Disinformation [Black Hat USA 2020]

    In a keynote at the Black Hat security conference Thursday, Renee DiResta, research manager at the Stanford Internet Observatory, offered a disinformation dissection that broke down how those two countries have worked to exploit social media and what to watch for as the election nears.
    Read More
  • Aug 7, 2020 | Infosecurity Magazine

    #BHUSA: Researchers Reveal Attacks Against Email Sender Authentication [Black Hat USA 2020]

    The ‘from’ address field in an email is supposed to identify the person that sent an email, but unfortunately that’s not always the case. In a Black Hat USA 2020 virtual conference session researchers outlined 18 different attacks against email sender authentication systems.
    Read More
  • Aug 7, 2020 | Infosecurity Magazine

    #BHUSA: Lack of Electronic Medical Record Security Amplified Opioid Crisis [Black Hat USA 2020]

    According to Mitchell Parker, CISO at Indiana University Health, a small part of the human suffering could have potentially been alleviated, if there was better control and security for Electronic Medical Record (EMR) systems. Parker presented his views during a session at the Black Hat USA 2020 virtual conference, where he outlined what has gone wrong with EMR systems and what can be done to make them more secure.
    Read More
  • Aug 7, 2020 | Infosecurity Magazine

    #BHUSA: How Nation States Hack Public Opinion [Black Hat USA 2020]

    Nation state threat actors, including Russia and China, are using multiple techniques to effectively ‘hack’ public opinion around the world, according to Renée DiResta. DiResta expressed her views in a keynote session at the Black Hat USA 2020 virtual conference.
    Read More
  • Aug 7, 2020 | Inside Cybersecurity

    Black Hat keynoter DiResta: Disinformation an effective, readily available tool for cyber adversaries [Black Hat USA 2020]

    She spoke Thursday on “Hacking Public Opinion,” on the final day of the all-digital Black Hat USA 2020. Cyber researcher Matt Blaze delivered the keynote on Wednesday, discussing election security challenges including securing software.
    Read More
  • Aug 6, 2020 | SC Magazine

    What security functions should small medical providers outsource? [Black Hat USA 2020]

    Lamenting the recent scourge of ransomware and data breach attacks against health care organizations, along with what he believes is lack of specific cybersecurity guidance and an overabundance of “snake oil” infosec companies that provide expensive risk assessments “while not delivering anything of value,” Parker presented a series of recommendations for smaller medical providers in a presentation at the 2020 virtual Black Hat conference.
    Read More
  • Aug 6, 2020 | The Daily Swig

    Spooler alert: A decade after Stuxnet, Windows printer component still a playground for zero-days [Black Hat USA 2020]

    Revisiting their discovery at the virtual Black Hat USA 2020 today, a pair of security researchers said they were astounded to find that the flaws in the Windows print spooler component were still exploitable, using fresh techniques.
    Read More
  • Aug 6, 2020 | Container Journal

    Palo Alto Networks Discloses Kata Container Flaws [Black Hat USA 2020]

    At the online Black Hat USA 2020 conference today, researchers from the Unit 42 arm of Palo Alto Networks disclosed how they had enabled malicious code to escape from a Kata Container runtime environment that makes use of lightweight virtual machines to isolate workloads.
    Read More
  • Aug 6, 2020 | Threatpost

    Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack [Black Hat USA 2020]

    That’s the word from James Pavur, an academic researcher and doctoral candidate at Oxford University, speaking at Black Hat 2020 on Wednesday.
    Read More
  • Aug 6, 2020 | Dark Reading

    Why Satellite Communication Eavesdropping Will Remain A Problem [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Dark Reading

    Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | GCN

    What will it take for a secure election? [Black Hat USA 2020]

    The virus "added a whole new set of concerns that were always there, but that got brought very sharply into focus" such as how to conduct voting in a state of emergency and what exceptions to make, said computer scientist and election security expert Matt Blaze during a speech at the Black Hat cybersecurity conference this week.
    Read More
  • Aug 6, 2020 | Dark Reading

    Information Operations Spotlighted at Black Hat as Election Worries Rise [Black Hat USA 2020]

    While the Russian government spends a fraction of the People's Republic of China on overt state-sponsored media properties, the covert activities targeting Western democracies and other rivals is "best-in-class," Renée DiResta, a research manager at the Stanford Internet Observatory, told attendees during an Aug. 6 keynote on information operations at virtual Black Hat USA.
    Read More
  • Aug 6, 2020 | WIRED

    Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry [Black Hat USA 2020]

    "This is very much a state-based attack trying to manipulate Taiwan's standing and power," says Chad Duffy, one of the CyCraft researchers who worked on the company's long-running investigation. The sort of wholesale theft of intellectual property CyCraft observed "fundamentally damages a corporation's entire ability to do business," adds Chung-Kuan Chen, another CyCraft researcher who will present the company's research at Black Hat today. "It's a strategic attack on the entire industry."
    Read More
  • Aug 6, 2020 | Theatpost

    Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs [Black Hat USA 2020]

    Researchers say the flaws, detailed at Black Hat USA on Thursday, potentially impacted over 2 million Mercedes-Benz connected cars before they were fixed.
    Read More
  • Aug 6, 2020 | Cyberscoop

    Hacking group has hit Taiwan's prized semiconductor industry, Taiwanese firm says [Black Hat USA 2020]

    “Based on the stolen data, we infer that the actor’s goal was to harvest company trade secrets,” CyCraft wrote in a report they are presenting Thursday at the 2020 Black Hat security conference.
    Read More
  • Aug 6, 2020 | ZDNet

    Black Hat: Hackers are using skeleton keys to target chip vendors [Black Hat USA 2020]

    At Black Hat USA on Thursday, CyCraft Technology researchers Chung-Kuan Chen and Inndy Lin described a set of attacks believed to have been conducted by the same Chinese APT group in the quest for semiconductor designs, source code, software development kits (SDKs), and other proprietary information.
    Read More
  • Aug 6, 2020 | TechCrunch

    Security bugs let these car hackers remotely control a Mercedes-Benz [Black Hat USA 2020]

    Since then, the car hacking world has bustled with security researchers looking to find new bugs — and ways to exploit them — in a new wave of internet-connected cars that have only existed the past decade. This year’s Black Hat security conference — albeit virtual, thanks to the coronavirus pandemic — is no different.
    Read More
  • Aug 6, 2020 | PCMag

    How to Be a Better Security Problem Solver [Black Hat USA 2020]

    His Thursday talk fell in the Black Hat conference’s Human Factors track, which has been growing in popularity the last several years. Most talks in this track involve guiding employees into doing the right thing security-wise, or devising systems that work even when employees do the wrong thing. With this session, Wixey focused on honing the skills of the security elite—a refreshing change.
    Read More
  • Aug 6, 2020 | Security Boulevard

    Live from Black Hat: Healthscare – An Insider’s Biopsy of Healthcare Application Security with Seth Fogie [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Dark Reading

    A Mix of Optimism and Pessimism for Security of the 2020 Election [Black Hat USA 2020]

    DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election.
    Read More
  • Aug 6, 2020 | The Washington Times

    State Dept. offers $10 million reward for info on cyberattackers targeting US elections [Black Hat USA 2020]

    Nearly a third of cybersecurity experts and hackers attending the Black Hat USA 2020 conference think cyberattacks and disinformation will ensure the upcoming election’s results will “always be in doubt,” according to a survey of 273 attendees conducted in advance of the conference.
    Read More
  • Aug 6, 2020 | PCMag

    How Security Research Can Get You Arrested [Black Hat USA 2020]

    Hiring a red team is a common practice among security-conscious companies and government entities. Getting the red team arrested on federal felony charges is not common, but that’s what happened to two security experts from Coalfire Systems. They presented their cautionary tale, along with a call for action, at this week's virtual Black Hat conference.
    Read More
  • Aug 6, 2020 | Dark Reading

    Platform Security: Intel Pushes to Reduce Supply Chain Attacks [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | PCMag

    Are Police Spying on Your Phone? Ask the Crocodile Hunter [Black Hat USA 2020]

    Nefarious devices have long masqueraded as cell towers in a bid to intercept data from mobile devices. But at this week's (virtual) Black Hat, Cooper Quintin, Senior Staff Technologist at the Electronic Frontier Foundation, outlined a way to detect these bogus base stations, and offered suggestions on how to prevent their use altogether.
    Read More
  • Aug 6, 2020 | PCMag

    Election Day 2020: Why security experts predict a chaotic mess [Black Hat USA 2020]

    This fall's U.S. presidential election may end up being a chaotic mess that won't yield a winner on Election Night, three election-security experts told the Black Hat 2020 security conference during its opening day Wednesday (Aug. 5).
    Read More
  • Aug 6, 2020 | PCMag

    Coronavirus Borked the 2020 Election, But We Can Still Save It [Black Hat USA 2020]

    At the Black Hat security conference, security researcher Matt Blaze outlines the difficulty of securing US elections in unprecedented times.
    Read More
  • Aug 6, 2020 | PCMag

    Sensitive Satellite Internet Data Is Easily Accessible, If You Know Where to Look [Black Hat USA 2020]

    At Black Hat, an Oxford University student outlines how his team intercepted unencrypted satellite internet data across a 'massive attack area' from government agencies, major shipping companies, Greek billionaires, and more.
    Read More
  • Aug 6, 2020 | Dark Reading

    New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet [Black Hat USA 2020]

    "We started digging in, looking at the original Stuxnet propagation, and then we found out there were problems. ... We decided to take the Spooler service to the next level, and eventually we found it was not fully patched," explains Tomer Bar, research team leader at Safe Breach, who along with his colleague Peleg Hadar found the flaws that they plan to detail today at Black Hat USA.
    Read More
  • Aug 6, 2020 | TechTarget

    Voting vendor ES&S unveils vulnerability disclosure program [Black Hat USA 2020]

    At Black Hat USA 2020 Wednesday, Chris Wlaschin, vice president of systems security for Election Systems & Software, (ES&S) formally announced the voting-machine manufacturer's vulnerability disclosure program, which aims to strengthen election security by working with independent security researchers.
    Read More
  • Aug 6, 2020 | SecurityWeek

    Researcher Discovers New HTTP Request Smuggling Attack Variants [Black Hat USA 2020]

    Klein told SecurityWeek ahead of his talk on HTTP request smuggling at the Black Hat conference that an attacker needs to find combinations of web servers and proxy servers with “matching” vulnerabilities in order to launch an attack, which makes it difficult to determine exactly how many servers are impacted.
    Read More
  • Aug 6, 2020 | BleepingComputer

    Unpatched bug in Windows print spooler lets malware run as admin [Black Hat USA 2020]

    Hadar and Bar will present their findings on Thursday at the Black Hat USA security conference.
    Read More
  • Aug 6, 2020 | TechXplore

    30-year-old file format behind MacOS hack [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | NHK

    Internet communication via satellite “Danger of leakage” pointed out by a British researcher [Black Hat USA 2020]

    It was held online at the world's largest international cybersecurity conference, "Blackhat," reported by James Pavo of Oxford University on Thursday.
    Read More
  • Aug 6, 2020 | Dark Reading

    A Real-World Tool for Organizing, Integrating Your Other Tools [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | ZDNet

    Black Hat: Entropy - the solution to malvertising and malspam? [Black Hat USA 2020]

    Speaking to attendees of Black Hat USA on Thursday, lead Cisco threat researcher Shyam Sundar Ramaswami revealed recent uses of steganography to hide malicious payloads in connection to the COVID-19 pandemic.
    Read More
  • Aug 6, 2020 | TechTarget

    CISA chief: Ransomware could threaten election security [Black Hat USA 2020]

    During a Black Hat USA 2020 session, CISA Chief Christopher Krebs said ransomware attacks on city, state and local governments are a major concern for election security.
    Read More
  • Aug 6, 2020 | Dark Reading

    Energy Market Manipulation with High-Wattage IoT Botnets [Black Hat USA 2020]

    Attackers that can compromise enough products such as smart ACs and heaters can tweak power demand in subtle ways for financial gain or to hurt market players, researchers at Black Hat say.
    Read More
  • Aug 6, 2020 | Krytech

    HTTP Request Smuggling now has 4 New Variants – Cyber Security Research 2020 [Black Hat USA 2020]

    HTTP Request smuggling attack now has four new variants and this was identified thanks to the new research presented by Amit Klein (VP of Security Research at SafeBreach) thus confirming the findings today at Black Hat Security Conference.
    Read More
  • Aug 6, 2020 | heise online

    Black Hat 2020: Temi assistant robot has serious security gaps [Black Hat USA 2020]

    For the IT security experts, this was reason enough to get one of the robots, test their network capabilities and, for example, also take a close look at the firmware and update procedures. As they explained on Thursday at the Black Hat hacker conference held virtually this year and in a technical report , they quickly came across massive targets.
    Read More
  • Aug 6, 2020 | Theatpost

    Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros [Black Hat USA 2020]

    The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at Black Hat USA 2020, runs macros without an alert or prompt from the Microsoft Office application that prompts explicit user approval – meaning that when a user opens the document, the macro is automatically executed.
    Read More
  • Aug 6, 2020 | ZDNet

    What happened when Black Hat went virtual [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Security Weekly

    How We Can Effectively Solve For Human Risk In Our Organizations - Masha Sedova - BH2020 [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | TechTarget

    Ripple20 vulnerabilities still plaguing IoT devices [Black Hat USA 2020]

    Months after Ripple20 vulnerabilities were reported, things haven't gotten much better, say experts at Black Hat USA 2020. In fact, the world may never be fully rid of the flaws.
    Read More
  • Aug 6, 2020 | The Daily Swig

    Tool that turns Domain Name System into a security layer unveiled at Black Hat 2020 [Black Hat USA 2020]

    Vadim Pavlov, Senior Security Product Manager, at Infoblox, outlined the benefits of ioc2rpz service as a defense against malware the during an Arsenal session of the Black Hat conference yesterday (August 5).
    Read More
  • Aug 6, 2020 | ExecutiveBiz

    Election Systems & Software Unveils Vulnerability Disclosure Policy; Chris Wlaschin Quoted [Black Hat USA 2020]

    The new policy announced at the virtual Black Hat conference will provide ES&S 90 days to address the cyber vulnerabilities before security researchers can publicly report those issues.
    Read More
  • Aug 6, 2020 | Dark Reading

    Ripple20: More Vulnerable Devices Identified [Black Hat USA 2020]

    JSOF researchers shared their findings this week at the virtual Black Hat USA conference, with a technical deep dive into DNS vulnerability CVE-2020-11901. The remote code execution (RCE) flaw has a CVSS score of 9.0 and can be triggered by answering a single DNS request made from the device.
    Read More
  • Aug 6, 2020 | PCMag

    Your Personal Health Data Is Not Safe [Black Hat USA 2020]

    You go to the doctor to get well, or check your health. You don’t expect the doctor’s apps to expose your privacy. But they do, as Penn Medicine's Information Security Director outlined at Black Hat
    Read More
  • Aug 6, 2020 | Security Weekly

    Hiding Process Memory Via Anti-Forensic Techniques - Frank Block - BH20 #4 [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Infosecurity Magazine

    #BHUSA: How Public Standards Help to Enable Financial Fraud [Black Hat USA 2020]

    In a session at the Black Hat USA 2020 virtual conference on August 5, Kevin Perlow, technical intelligence team lead for one of the largest banks in the US, explained how cyber-attackers are using public standards for financial transactions to enable multiple forms of fraud.
    Read More
  • Aug 6, 2020 | Journal of Cyber Policy

    BLACK HAT 2020 KEYNOTE: STRESS-TESTING DEMOCRACY [Black Hat USA 2020]

    Black Hat 2020 is all-virtual, which I rather like. The fog machines and laser shows are good eye candy, but they distract us from what event founder Jeff Moss calls Black Hat’s “community of ideas.” People were watching from 117 countries, ready to dig into dozens of online presentations.
    Read More
  • Aug 6, 2020 | Inside Cybersecurity

    Election security depends on addressing software issues, says Black Hat keynoter Matt Blaze [Black Hat USA 2020]

    Cyber researcher Matt Blaze, in an opening keynote at the all-virtual Black Hat USA 2020, framed election security as largely a software issue and said solutions are available between the extremes of completely eliminating computers from the process or going all-in with a blockchain approach.
    Read More
  • Aug 6, 2020 | International Business Times

    $10 Million Reward For Info Foreign Hackers Trying To Interfere With US Election [Black Hat USA 2020]

    “On the election infrastructure targeting, there is just not near anything of what we were seeing in 2016,” Krebs said during a virtual Black Hat cybersecurity conference. “Shifting over to the disinformation space and the potential for hack and leak, Russia has never taken its foot off the gas, China’s in the game, Iran’s in the game, so I just really encourage everyone to pay attention to your sources of information, think before you click, think before you share.”
    Read More
  • Aug 6, 2020 | Infosecurity Magazine

    #BHUSA: Can the US Election be Held During the Pandemic? [Black Hat USA 2020]

    The Black Hat USA 2020 virtual conference kicked off on August 5 with a keynote session exploring the challenges of modern election security in the US and the impact of the COVID-19 pandemic.
    Read More
  • Aug 6, 2020 | The Daily Swig

    Black Hat 2020: Threagile toolkit enables code-driven threat modeling [Black Hat USA 2020]

    ‘Threat modelling as code’ is poised to supplant whiteboard diagrams as the definitive AppSec risk mapping paradigm, Black Hat USA attendees heard yesterday.
    Read More
  • Aug 6, 2020 | ZDNet

    How hackers could spy on satellite internet traffic with just $300 of home TV equipment [Black Hat USA 2020]

    PhD candidate in the Department of Computer Science James Pavur revealed his research at the Black Hat USA virtual conference after previously disclosing his findings to the affected parties in order to help them improve security.
    Read More
  • Aug 6, 2020 | Theatpost

    U.S. Offers Reward of $10M for Info Leading to Discovery of Election Meddling [Black Hat USA 2020]

    The COVID-19 pandemic has created new concerns in the upcoming election. Election security has been a hot topics at this year’s Black Hat USA 2020, which is being held this week for the first time virtually due to the pandemic.
    Read More
  • Aug 6, 2020 | Dark Reading

    Getting to the Root: How Researchers Identify Zero-Days in the Wild [Black Hat USA 2020]

    "We care a lot about making it harder for people to exploit users using zero-days," said Google Project Zero researcher Maddie Stone in a Black Hat presentation on the topic. "When zero-day exploits are detected in the wild, that's the failure case for these attackers. And so we need to learn as much as possible each time that happens."
    Read More
  • Aug 6, 2020 | Defense One

    Deepfakes Are Getting Better, Easier to Make, and Cheaper [Black Hat USA 2020]

    In the paper published online today and presented (virtually) at the cybersecurity conference Black Hat, researchers Philip Tully and Lee Foster write that it takes thousands of dollars and weeks to produce new software tools for synthetic media generation.
    Read More
  • Aug 6, 2020 | Infosecurity Magazine

    #BHUSA: Android Phones at Risk of BlueRepli Bluetooth Attack [Black Hat USA 2020]

    There has been no shortage of Bluetooth related attacks disclosed in recent years, including BlueBorne and BadBlueTooth among numerous others. At the Black Hat USA 2020 virtual event on August 5, a new attack was added to the list of Bluetooth vulnerabilities, with the public disclosure of BlueRepli.
    Read More
  • Aug 6, 2020 | The Daily Swig

    Black Hat 2020: New HTTP request smuggling variants levied against modern web servers [Black Hat USA 2020]

    Four new variants of HTTP request smuggling attacks were disclosed at Black Hat USA yesterday (August 6).
    Read More
  • Aug 6, 2020 | Threatpost

    Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem [Black Hat USA 2020]

    The use of social media to sway opinion, sow division and hurt reputations is now part of a threat-actor’s playbook, according DiResta. During a keynote address at Black Hat on Thursday entitled “Hacking Public Opinion,” she said threat actors are fine-tuning these attacks.
    Read More
  • Aug 6, 2020 | The Daily Swig

    Black Hat USA: Open source post-exploitation framework automates silent RCE attacks on Windows devices [Black Hat USA 2020]

    A security tool designed to enable the complete remote takeover of a victim’s desktop was presented at Black Hat USA yesterday (August 5).
    Read More
  • Aug 6, 2020 | OODA Loop

    Linux Spyware Stack Ties Together 5 Chinese APTs [Black Hat USA 2020]

    On Wednesday, BlackBerry released an analysis to the Black Hat 2020 conference group in which evidence linking five Chinese APT groups was presented. The five groups are allegedly splinters of the Winnti group, which is a supply-chain specialist threat actor group.
    Read More
  • Aug 6, 2020 | The Daily Swig

    US government offers $10 million reward for information on cyber interference in elections [Black Hat USA 2020]

    Yesterday, attendees at the annual Black Hat USA conference heard cryptographer Matt Blaze discuss the pitfalls of current voting systems.
    Read More
  • Aug 6, 2020 | Xakep

    EtherOops Attack Exploits Ethernet Cabling Issues [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Security Weekly

    JavaScript Security - Taemin Park - BH2020 [Black Hat USA 2020]


    Read More
  • Aug 6, 2020 | Dark Reading

    The Long Shadow of Stuxnet: New Microsoft Print Spooler Vulns Revealed [Black Hat USA 2020]


    Read More
  • Aug 5, 2020 | The Register

    America was getting on top of its electronic voting machine security – then suddenly... A wild pandemic appears [Black Hat USA 2020]

    Just as America was getting a grip on improving the security of its electronic ballot boxes, the coronavirus pandemic hit, throwing a potential surge in remote voting unexpectedly into the mix, the Black Hat hacking conference was told today.
    Read More
  • Aug 5, 2020 | The Register

    Ever wonder how a pentest turns into felony charges? Coalfire duo explain Iowa courthouse arrest debacle [Black Hat USA 2020]

    Part of the problem, the two professional attackers told the Black Hat online conference today, was the imprecise terms of the penetration tests Coalfire was hired to perform at the request of the US state of Iowa.
    Read More
  • Aug 5, 2020 | Dark Reading

    Tales from the Trenches Show Security Issues Endemic to Healthcare [Black Hat USA 2020]

    As the chief information security officer for Indiana University Health, he has seen a spectrum of issues: information overload from risk assessments, ancient — in Internet years — computers managing physical systems and devices, a chaotic mess of password systems that don't interoperate, and legacy data that cannot be decrypted, he said during a virtual Black Hat USA presentation on Aug. 5.
    Read More
  • Aug 5, 2020 | Channel Futures

    Black Hat: Election Security Issues Aplenty with ‘Interference,’ ‘Lots of Misinformation’ [Black Hat USA 2020]

    This week’s virtual Black Hat USA 2020 conference kicked off with a call to arms for cybersecurity professionals to help with election security issues this November.
    Read More
  • Aug 5, 2020 | Ars Technica

    Insecure satellite Internet is threatening ship and plane safety [Black Hat USA 2020]

    In a briefing delivered on Wednesday at the Black Hat security conference online, researcher and Oxford Ph.D. candidate James Pavur presented findings that show that satellite-based Internet is putting millions of people at risk, despite providers adopting new technologies that are supposed to be more advanced.
    Read More
  • Aug 5, 2020 | Apple Insider

    Now-fixed exploit used Microsoft Office macros to hack macOS [Black Hat USA 2020]

    The exploit was developed by Jamf security engineer and ex-NSA hacker Patrick Wardle, who has long specialized in hacking Macs. Wardle showed off the attack method at the Black Hat 2020 security conference Wednesday.
    Read More
  • Aug 5, 2020 | Cyberscoop

    Researchers found another way to hack Android cellphones via Bluetooth [Black Hat USA 2020]

    Attackers looking to steal sensitive information like contacts, call history, and SMS verification codes from Android devices only need to target Bluetooth protocols, according to new DBAPPSecurity research presented at the 2020 Black Hat conference Wednesday.
    Read More
  • Aug 5, 2020 | The Hill

    Top federal official says 'more details coming' on foreign election interference [Black Hat USA 2020]

    “That was the beginning of a conversation with the American people about these threats, about the risks we face, more is absolutely coming, more details and more granular information,” Krebs said during the virtual Black Hat cybersecurity conference.
    Read More
  • Aug 5, 2020 | FCW

    'Unprecedented' challenges to safe, secure 2020 vote [Black Hat USA 2020]

    The virus "added a whole new set of concerns that were always there, but that got brought very sharply into focus" such as how to conduct voting in a state of emergency and what exceptions to make, said computer scientist and election security expert Matt Blaze during a speech at Black Hat this week.
    Read More
  • Aug 5, 2020 | The Daily Swig

    ATTPwn: Adversary emulation tool allows pen testers to identify security holes before attackers do [Black Hat USA 2020]

    A new security tool designed to emulate adversaries conducting malware campaigns or probing networks for secrets was presented at Black Hat USA today.
    Read More
  • Aug 5, 2020 | TechTarget

    Matt Blaze warns of election security challenges amid COVID-19 [Black Hat USA 2020]

    In his Black Hat USA 2020 keynote, Security researcher Matt Blaze discussed the challenges facing U.S. elections this year and what must be done to solve them.
    Read More
  • Aug 5, 2020 | The Daily Swig

    KubiScan: Open source Kubernetes security tool showcased at Black Hat 2020 [Black Hat USA 2020]

    On the opening morning of Black Hat 2020’s virtual Arsenal program, security researcher Eviatar Gerzi explained how KubiScan trawls Kubernetes environments for risky permissions that attackers could potentially exploit to compromise the clusters.
    Read More
  • Aug 5, 2020 | ZDNet

    New EtherOops attack takes advantage of faulty Ethernet cables [Black Hat USA 2020]

    Tomorrow at the Black Hat USA security conference, security researchers from IoT research outfit Armis are set to present details about a new technique that can be used to attack devices located inside internal corporate networks.
    Read More
  • Aug 5, 2020 | Dark Reading

    Attack of the Clone: Next-Gen Social Engineering [Black Hat USA 2020]

    NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.
    Read More
  • Aug 5, 2020 | Dark Reading

    Tales from the Trenches Show Security Issues Endemic to Healthcare [Black Hat USA 2020]

    As the chief information security officer for Indiana University Health, he has seen a spectrum of issues: information overload from risk assessments, ancient — in Internet years — computers managing physical systems and devices, a chaotic mess of password systems that don't interoperate, and legacy data that cannot be decrypted, he said during a virtual Black Hat USA presentation on Aug. 5.
    Read More
  • Aug 5, 2020 | WIRED

    Cheap, Easy Deepfakes Are Getting Closer to the Real Thing [Black Hat USA 2020]

    THERE ARE MANY photos of Tom Hanks, but none like the images of the leading everyman shown at the Black Hat computer security conference Wednesday: They were made by machine-learning algorithms, not a camera.
    Read More
  • Aug 5, 2020 | Dark Reading

    SynerComm Reboots a Security Staple with 'Continuous' Pen Testing [Black Hat USA 2020]


    Read More
  • Aug 5, 2020 | Dark Reading

    Building Cybersecurity Strategies in Sub-Saharan Africa [Black Hat USA 2020]

    Evelyn Kilel and Laura Tich of Shehacks Ke discuss how they are working to build cybersecurity strategies that suit the needs and capabilities of developing nations.
    Read More
  • Aug 5, 2020 | SC Magazine

    ‘We want to have more protection’: Arrested pen testers push for Good Samaritan law [Black Hat USA 2020]

    Coalfire employees Gary DeMercurio, managing senior, and Justin Wynn, senior security consultant, lobbied Wednesday at the virtual Black Hat conference for a Good Samaritan law that would protect their industry peers from the kind of overzealous prosecution they say they experienced for roughly five months, after a local sheriff had them arrested on Sept. 11, 2019 for alleged third-degree burglary.
    Read More
  • Aug 5, 2020 | Dark Reading

    What a Security Engineer & Software Engineer Learned by Swapping Roles [Black Hat USA 2020]

    As part of the swap, principal security engineer Craig Ingram was dropped into the Salesforce runtime team. Principal infrastructure engineer Camille Mackinnon joined the platform security assessment team. In a Black Hat briefing on Aug. 5, the two shared stories and lessons learned.
    Read More
  • Aug 5, 2020 | WIRED

    Voting Machine Makers Are Finally Playing Nice With Hackers [Black Hat USA 2020]

    At the Black Hat security conference today, Chris Wlaschin, vice president of systems security and chief information security officer of the election technology giant ES&S, and Mark Kuhr, chief technology officer of the security firm Synack, detailed how the two companies would work together to allow for so-caled penetration testing on some ES&S products—and pointed to the larger project of bridging the longstanding gap between their two worlds.
    Read More
  • Aug 5, 2020 | Threatpost

    Black Hat 2020: Scaling Mail-In Voting Spawns Broad Challenges [Black Hat USA 2020]

    Security researcher Matt Blaze opened Black Hat 2020 with a call-to-arms for cybersecurity experts, asking them during his keynote to leverage their passion for election security to help secure the upcoming U.S. presidential elections, which will likely be a mostly vote-by-mail affair.
    Read More
  • Aug 5, 2020 | The Daily Swig

    Black Hat 2020: Web cache poisoning offers fresh ways to smash through the web stack [Black Hat USA 2020]

    The potentially devastating consequences of attacks against contemporary web caches were once again pulled into stark focus at Black Hat USA this week, as security researcher James Kettle documented his ongoing study in the field.
    Read More
  • Aug 5, 2020 | The Daily Swig

    How do you solve a problem like election security? Matt Blaze tackles the age-old question at Black Hat 2020 [Black Hat USA 2020]

    Matt Blaze provided a Black Hat 2020 keynote on election security Confidence in the outcome of an election increasingly depends on the integrity of the voting systems themselves, cryptographer Matt Blaze told Black Hat 2020 attendees today.
    Read More
  • Aug 5, 2020 | SDxCentral

    Why Cisco Duo’s on a Quest to Kill the Password [Black Hat USA 2020]

    However, while it’s highly irrational and unlikely to happen, this innate fear of losing fingers and eyeballs proves Goerlich’s point, which he hopes to hammer home during his Black Hat session about passwordless security. “What can we do from an enterprise security perspective to increase the trust in passwordless authentication? That’s what’s important right now.”
    Read More
  • Aug 5, 2020 | ZDNet

    Black Hat: When penetration testing earns you a felony arrest record [Black Hat USA 2020]

    Speaking at Black Hat USA on Wednesday, Demercurio and Wynn said that after-hours testing, at night, was originally only what the client wanted -- and this was then extended to day and evening testing.
    Read More
  • Aug 5, 2020 | The Washington Times

    Cybersecurity professionals: Upcoming elections vulnerable to hackers [Black Hat USA 2020]

    The organizers of the Black Hat USA 2020 cybersecurity conference found that 31% of those attending think the level of cyberattacks and disinformation will be so great that the election results will “always be in doubt,” according to a survey of 273 attendees conducted in advance of the conference.
    Read More
  • Aug 5, 2020 | Threatpost

    Black Hat 2020: Open-Source AI to Spur Wave of ‘Synthetic Media’ Attacks [Black Hat USA 2020]

    At a Wednesday session at Black Hat USA 2020, researchers with FireEye demonstrated how freely-available, open-source tools – which offer pre-trained natural language processing, computer vision, and speech recognition tools – can be used to create malicious the synthetic media.
    Read More
  • Aug 5, 2020 | Fox News

    Hackers encouraged to breach US voting technology to test security before election day [Black Hat USA 2020]

    Election Systems & Software LLC Chief Information Security Officer Chris Wlaschin on Wednesday is expected to unveil an outreach program to security researchers during the annual Black Hat USA convention for hackers, which will be hosted remotely this year amid the coronavirus pandemic, the Wall Street Journal first reported.
    Read More
  • Aug 5, 2020 | iPhone in Canada

    Former NSA Hacker to Demonstrate How to Hack Mac Users Via Microsoft Office [Black Hat USA 2020]

    During the annual Black Hat security conference, which is being held online this year due to the COVID-19 pandemic, security researcher and former NSA hacker Patrick Wardle will demonstrate how he was able to create a chain of exploits that can take control of a Mac by simply convincing the target to open a Microsoft Office file.
    Read More
  • Aug 5, 2020 | Dark Reading

    How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis [Black Hat USA 2020]

    Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
    Read More
  • Aug 5, 2020 | Nextgov

    CISA Director Identifies Main Targets of Russian Adversaries in Election Security Efforts [Black Hat USA 2020]

    Interagency collaboration has informed a focus on defending election night reporting and voter registration databases from ransomware attacks by Russian adversaries, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs told attendees of the annual Black Hat information security conference Wednesday.
    Read More
  • Aug 5, 2020 | Veracode

    Live From Black Hat: Stress-Testing Democracy - Election Integrity During a Global Pandemic with Matt Blaze [Black Hat USA 2020]

    Matt Blaze, this year’s Black Hat keynote speaker, is a researcher in the areas of secure systems, cryptography, and trust management. He is currently the McDevitt Chair of Computer Science and Law at Georgetown University.
    Read More
  • Aug 5, 2020 | ZDNet

    Black Hat: How your pacemaker could become an insider threat to national security [Black Hat USA 2020]

    At Black Hat USA on Wednesday, Dr. Alan Michaels, Director of the Electronic Systems Lab at the Hume Center for National Security and Technology at the Virginia Polytechnic Institute and State University, echoed the same sentiment.
    Read More
  • Aug 5, 2020 | ZDNet

    Black Hat: How hackers gain root access to SAP enterprise servers through SolMan [Black Hat USA 2020]

    Speaking at Black Hat USA on Wednesday, Onapsis cybersecurity researchers Pablo Artuso and Yvan Genuer explained how the bugs were found in SAP Solution Manager (SolMan), a system comparable to Windows Active Directory.
    Read More
  • Aug 5, 2020 | CNET

    Coronavirus brings election security threats. Experts say tech community must help [Black Hat USA 2020]

    Election security, meet the coronavirus pandemic. That was the theme of the Black Hat security conference Wednesday, a meeting of cybersecurity experts from around the world that is taking place virtually this year to help limit the spread of COVID-19.
    Read More
  • Aug 5, 2020 | MacRumors

    Security Researcher Shows Off Now-Fixed macOS Hack That Used Microsoft Office [Black Hat USA 2020]

    Wardle shared a blog post on the exploit that he found for manipulating Office files to impact Macs, which he's highlighting during today's online Black Hat security conference.
    Read More
  • Aug 5, 2020 | Security Weekly

    A Decade After Stuxnet's Printer Vulnerability - Peleg Hadar, Tomer Bar - BH2020 [Black Hat USA 2020]


    Read More
  • Aug 5, 2020 | Dark Reading

    Pen Testers Who Got Arrested Doing Their Jobs Tell All [Black Hat USA 2020]

    De Mercurio and Wynn, who were fully exonerated in January after all charges against them were dropped, today at Black Hat USA Virtual will publicly share the full story of their harrowing experience and how it's shaped new pen-testing engagement protocols at their company — and their advice and recommendations for fellow physical pen testers so they can avoid a similar backlash to their social engineering and physical pen-test engagements.
    Read More
  • Aug 5, 2020 | Spiegel

    The exception hack [Black Hat USA 2020]

    He has now presented his experiment in the virtual edition of the Black Hat IT security conference, which usually takes place every summer in Las Vegas.
    Read More
  • Aug 5, 2020 | BizTech

    Black Hat 2020: CISO Summit Advisory Board Members Reflect on the State of Security [Black Hat USA 2020]

    As part of Black Hat USA 2020, BizTech spoke with advisory board members of the event’s CISO Summit about the state of the industry. Wendy Nather, head of advisory CISOs at Cisco’s Duo Security; Trey Ford, vice president of trust and strategy at Salesforce; and Justine Bone, CEO of MedSec, discussed current security trends, the evolving role of the CISO and what they believe businesses should be preparing for.
    Read More
  • Aug 5, 2020 | Threatpost

    Black Hat 2020: In a Turnaround, Voting Machine Vendor Embraces Ethical Hackers [Black Hat USA 2020]

    Voting machine technology seller Election Systems & Software (ES&S) offered an olive branch to security researchers with new safe harbor terms and vulnerability disclosure policies at Black Hat USA 2020.
    Read More
  • Aug 5, 2020 | Digit

    Meetup Vulnerabilities Help Hackers to Takeover ‘Groups’ on the Platform [Black Hat USA 2020]

    The vulnerabilities, which have now been patched, were discovered at the Black Hat USA 2020 information security event.
    Read More
  • Aug 5, 2020 | Vice Motherboard

    Ex-NSA Hacker Finds a Way to Hack Mac Users Via Microsoft Office [Black Hat USA 2020]

    As it turns out, they could. Wardle published a blog post on Wednesday morning, and will demonstrate his findings during the Black Hat security conference on Wednesday, which is being held online this year due to the coronavirus pandemic.
    Read More
  • Aug 5, 2020 | Tom's Guide

    Mac malware could take over your laptop with a single Microsoft Office file [Black Hat USA 2020]

    Wardle plans to further demonstrate and detail his attack method in a virtual presentation at the Black Hat security conference on August 5.
    Read More
  • Aug 5, 2020 | Decipher

    THE DOH CONTINUES TO RISE [Black Hat USA 2020]

    “Most endpoints are behind an edge network now, so the IP address and the stuff you can get by watching the network connection doesn’t tell you much anymore. So people are turning to DNS for monitoring or infection,” said Eldridge Alexander, security tools manager at Duo, who is speaking about DoH benefits and concerns during the Black Hat conference Wednesday.
    Read More
  • Aug 5, 2020 | TechXplore

    Baking and boiling botnets could drive energy market swings and damage [Black Hat USA 2020]

    Evil armies of internet-connected EV chargers, ovens, hot-water heaters, air-conditioners, and other high-wattage appliances could be hijacked to slightly manipulate energy demand, potentially driving price swings and creating financial damage to deregulated energy markets, warns a new report scheduled to be presented Aug. 5 at the Black Hat U.S. 2020 conference.
    Read More
  • Aug 5, 2020 | WIRED

    Inside the Courthouse Break-In Spree That Landed Two White-Hat Hackers in Jail [Black Hat USA 2020]

    Wynn and DeMercurio spoke to WIRED ahead of a talk they plan to give about their experience at the Black Hat security conference today.
    Read More
  • Aug 5, 2020 | WIRED

    An '80s File Format Enabled Stealthy Mac Hacking [Black Hat USA 2020]

    At the Black Hat security conference today, former NSA hacker Patrick Wardle plans to detail that technique, which exploits a series of vulnerabilities in both Microsoft Office and macOS to gain full access to the target Mac.
    Read More
  • Aug 5, 2020 | Bank InfoSecurity

    A Flaw Used by Stuxnet Wasn't Fully Fixed [Black Hat USA 2020]

    Hadar and his colleague, Tomer Bar, a research team manager at SafeBreach, will present their research Thursday at the Black Hat security conference, which is a virtual event this year due to the pandemic.
    Read More
  • Aug 5, 2020 | Wall Street Journal

    Hackers Get Green Light to Test Election Voting Systems [Black Hat USA 2020]

    With the U.S. presidential election less than three months away, ES&S Chief Information Security Officer Chris Wlaschin on Wednesday will unveil the company’s outreach effort to security researchers at the annual Black Hat hacker convention that is taking place virtually this year, according to ES&S.
    Read More
  • Aug 5, 2020 | Threatpost

    A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return [Black Hat USA 2020]

    During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet’s recent return -and how a cyber vigilante is attempting to thwart the malware’s comeback.
    Read More
  • Aug 5, 2020 | Cyberscoop

    Researchers uncover vulnerabilities in devices used at industrial facilities [Black Hat USA 2020]

    “These devices tend to be overlooked,” said Trend Micro’s Marco Balduzzi, who will present his findings at the Black Hat virtual hacking conference this week. “There are some vendors that are security-conscious and others that are not.”
    Read More
  • Aug 5, 2020 | Security Boulevard

    5 Tools Out of Black Hat to Gain Better IoT Visibility [Black Hat USA 2020]

    Even in the COVID era, August can’t officially start for the cybersecurity community without Black Hat USA researchers offering up some juicy exploit announcements and dropping useful security tools onto GitHub. This year’s event is fully virtual, which means no rockin’ Vegas parties—but still plenty of interesting research lined up.
    Read More
  • Aug 5, 2020 | Inside Cybersecurity

    CISA’s Krebs cites three big changes in ‘night and day’ comparison of election security in ’16, this year [Black Hat USA 2020]

    Krebs spoke today during the opening of the Black Hat USA 2020 virtual briefings, delivering pre-recorded remarks followed by a live chat.
    Read More
  • Aug 5, 2020 | Cyberscoop

    Top voting vendor ES&S publishes vulnerability disclosure policy [Black Hat USA 2020]

    On Wednesday at the Black Hat virtual conference, CISA Director Chris Krebs urged voters to be vigilant in the face of disinformation campaigns and patient in waiting for votes to be counted. “The last measure of resilience in the 2020 election is going to be an informed, patient voter,” he said.
    Read More
  • Aug 5, 2020 | Decipher

    HACKING MEDICAL DEVICES TO HIJACK SECURE FACILITIES [Black Hat USA 2020]

    Michaels described how implanted medical devices—such as pacemakers and insulin pumps— could be compromised to listen to conversations, access classified information, even expose the location of these secure facilities in his presentation at this year’s Black Hat conference (which was offered virtually).
    Read More
  • Aug 4, 2020 | Forbes

    The Cybersecurity World Strives To Fill The Void Of Large Conferences And Events [Black Hat USA 2020]

    I should be in Las Vegas right now at the Black Hat security conference—known affectionately in cybersecurity circles as “Hacker Summer Camp”. I had it penciled in on my calendar since this time last year, but the COVID-19 pandemic derailed the plan.
    Read More
  • Aug 4, 2020 | PC Magazine

    What to Expect at Black Hat 2020 [Black Hat USA 2020]

    While Black Hat lasts a week, most of that time is devoted to training sessions that help researchers hone their skills. The two days of Black Hat briefings, open to the press and others, are where the latest revelations come to light. Each day has a keynote, and both keynotes relate to election security.
    Read More
  • Aug 4, 2020 | WIRED

    Decades-Old Email Flaws Could Let Attackers Mask Their Identities [Black Hat USA 2020]

    At the Black Hat security conference on Thursday, researchers will present "darn subtle" flaws in industry-wide protections used to ensure that emails come from the address they claim to.
    Read More
  • Aug 4, 2020 | Bloomberg

    Robots Running the Industrial World Are Open to Cyber Attacks [Black Hat USA 2020]

    “Attacks on industrial environments in these sectors could have serious consequences, including operational failure, physical damage, environmental harm and injury or loss of life,” according to Federico Maggi, a researcher at Trend Micro Inc., and Marcello Pogliani, an information security researcher at Politecnico di Milano, in a research report reviewed by Bloomberg News. The report will be presented Wednesday at a virtual forum organized by Black Hat, which hosts cybersecurity events around the world.
    Read More
  • Aug 4, 2020 | WIRED

    Hackers Could Use IoT Botnets to Manipulate Energy Markets [Black Hat USA 2020]

    At the Black Hat security conference on Wednesday, the researchers will present their findings theorizing that high-wattage IoT botnets—those made up of power-guzzling devices like air conditioners, car chargers, and smart thermostats—could be deployed strategically to increase demand at certain times in any of the nine private energy markets around the US.
    Read More
  • Aug 4, 2020 | CBS News

    2020 election could be under threat from "old adversaries" and "domestic disinformation campaigns" [Black Hat USA 2020]

    "The new stuff we're hearing about now, this is really interesting," said Patterson, who is covering the annual Black Hat cybersecurity conference this week.
    Read More
  • Aug 4, 2020 | VentureBeat

    Microsoft has paid security researchers $13.7 million for bug bounties in 12 months [Black Hat USA 2020]

    But the timing is no coincidence: The Black Hat USA 2020 security conference kicks off tomorrow. Microsoft is championing its holistic approach to customer security, which includes the wider security community engaging in its bug bounties.
    Read More
  • Aug 4, 2020 | Security Weekly

    "Demystifying Modern Windows Rootkits" - Bill Demirkapi - BH2020 [Black Hat USA 2020]


    Read More
  • Aug 4, 2020 | SecurityWeek

    High-Wattage IoT Botnets Can Manipulate Energy Market: Researchers [Black Hat USA 2020]

    The notorious IoT botnet Mirai was powered by 600,000 devices, but those were mostly low-wattage devices. However, the researchers told SecurityWeek in an interview ahead of a talk at the Black Hat cybersecurity conference, an attacker with large resources could create a botnet of high-wattage devices from scratch, by searching for vulnerabilities in the targeted IoT devices and then exploiting them in an effort to ensnare them in a botnet.
    Read More
  • Aug 3, 2020 | Dark Reading

    Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020 [Black Hat USA 2020]

    Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees.
    Read More
  • Aug 3, 2020 | Threatpost

    Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes [Black Hat USA 2020]

    Critical flaws in the popular Meetup platform were revealed Monday as part of research unleashed at this week’s Black Hat USA 2020. The flaws, which have been patched, enable the full takeover of Meetup “Groups” by threat actors, who can also redirects payments and carryout other malicious actions.
    Read More
  • Aug 3, 2020 | Dark Reading

    11 Hot Startups to Watch at Black Hat USA [Black Hat USA 2020]

    A sneak peek at the up-and-coming organizations to check out on the Black Hat USA virtual show floor
    Read More
  • Aug 3, 2020 | Security Weekly

    Satellite Broadband Security - James Pavur - BH2020 [Black Hat USA 2020]

    In my upcoming Blackhat and DEFCON briefings, I will be presenting the result of several experiments looking at real-world security and privacy in satellite broadband communications.
    Read More
  • Aug 3, 2020 | Security Weekly

    Protecting Ethical Hackers - Gary De Mercurio, Justin Wynn - BH20 #1 [Black Hat USA 2020]


    Read More
  • Aug 3, 2020 | Security Weekly

    Why Secure Remote Access Is Like The Emperors New Clothes - Charl van der Walt, Wicus Ross - BH20 #1 [Black Hat USA 2020]

    Our research for Black Hat demonstrates that the Secure Remote Access or so-called 'VPN' technologies typically used by enterprises to facilitate access to their networks for remote employees are poorly understood, improperly configured and don't provide the full level of protection typically expected of them.
    Read More
  • Aug 3, 2020 | Inside Cybersecurity

    Black Hat and Def Con 2020 go into ‘safe mode,’ offering a week of virtual trainings, briefings [Black Hat USA 2020]

    The annual Black Hat USA mega-conference has launched as a virtual event with training sessions already underway, and moves into keynotes and briefings Wednesday with an opening speech by researcher Matt Blaze on election security, and on Thursday with a keynote by Renee DiResta of the Stanford Internet Observatory on “Hacking Public Opinion.”
    Read More
  • Aug 3, 2020 | Container Journal

    Common Container and Kubernetes Vulnerabilities [Black Hat USA 2020]

    I recently spoke with Rory McCune, principal security consultant at NCC Group, to discover what common vulnerabilities exist in today’s containers and container orchestration environments. McClune will be leading the Mastering Container Security IV training, a deep two-day dive into mastering container security, during the Black Hat virtual conference Aug. 3–4.
    Read More
  • Aug 3, 2020 | Verdict

    Tech Report Weekly: TikTok braces for US clampdown, Uber posts earnings, Black Hat USA [Black Hat USA 2020]

    Black Hat USA, one of the largest cybersecurity conferences in the world, takes place in a virtual format.
    Read More
  • Aug 3, 2020 | Politico

    Enjoy Black Hat and DEF CON from home [Black Hat USA 2020]

    In normal times, the first week of August sees a huge chunk of the cybersecurity community — researchers, journalists, vendors and policymakers — converge on Las Vegas for talks, demos, announcements and schmoozing at Black Hat and DEF CON, two of the year’s biggest hacker conferences. The coronavirus pandemic has ruled out those giant in-person confabs this year, but both conferences have adapted by implementing virtual formats, and there’s still a smorgasbord of good programming coming our way this week.
    Read More
  • Aug 3, 2020 | The Daily Swig

    Black Hat USA: Your guide to the top web hacking sessions in 2020 [Black Hat USA 2020]

    All eyes are on the upcoming US Presidential Election, so it’s perhaps unsurprising that voter security is top of the agenda for Black Hat USA this year.
    Read More
  • Aug 2, 2020 | KSNV

    Annual Black Hat convention travels from the Las Vegas Strip to the digital world [Black Hat USA 2020]

    “Security researchers spend a lot of time finding bugs and trying to investigate how to make our digital world more secure. So, they come to Black Hat to share the results of that,” said Steve Wylie, Black Hat General Manger.
    Read More
  • Jul 31, 2020 | Dark Reading

    'Hidden Property Abusing' Allows Attacks on Node.js Applications [Black Hat USA 2020]

    A team made up of security researchers from the Georgia Institute of Technology has found a way to exploit Node.js applications by manipulating the hidden properties used to track internal program states, the group plans to announce at the virtual Black Hat USA security conference next week.
    Read More
  • Jul 31, 2020 | heise online

    IT security conference Black Hat USA 2020 starts on Saturday [Black Hat USA 2020]

    Due to the corona virus pandemic, this year's Black Hat Conference, one of the most important annual IT security events, will take place from August 1st through August 6th. The necessity of social distancing gives conference visitors from all over the world the advantage of being able to attend from the comfort of their own home.
    Read More
  • Jul 31, 2020 | Threatpost

    Anti-NATO Disinformation Campaign Leveraged CMS Compromises [Black Hat USA 2020]

    The topic of disinformation and influence campaigns is slated to be a big topic this year at Black Hat USA 2020, with keynotes surrounding election security and COVID-19 disinformation over the past few months.
    Read More
  • Jul 31, 2020 | Dark Reading

    'Hidden Property Abusing' Allows Attacks on Node.js Applications [Black Hat USA 2020]

    A team made up of security researchers from the Georgia Institute of Technology has found a way to exploit Node.js applications by manipulating the hidden properties used to track internal program states, the group plans to announce at the virtual Black Hat USA security conference next week.
    Read More
  • Jul 31, 2020 | TechRepublic

    Top 6 cybersecurity trends to watch for at Black Hat USA 2020 [Black Hat USA 2020]

    At this year's Black Hat USA 2020 computer security conference, some of the top trends expected to surface include ransomware, election security and how to protect a remote workforce.
    Read More
  • Jul 31, 2020 | Threatpost

    Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More [Black Hat USA 2020]

    Despite COVID-19 pushing the Black Hat USA 2020 conference to go virtual for the first time, you can expect a steady stream of new security research, threat intel and an impressive lineup of high-profile speakers.
    Read More
  • Jul 30, 2020 | ITSP Magazine

    Universities Explore A Path For A Safe And Secure Healthcare Ecosystem | Black Hat USA 2020 Coverage [Black Hat USA 2020]

    The healthcare train is barreling down the tracks of society, fueled by new technologies and massive amounts of data. Security companies offer products and services for traditional protection/detection/response but many miss the mark on the interconnected core of the healthcare ecosystem: healthcare apps, devices, data, and 3rd-party vendors. Upon further inspection, the safety train may be running wild in the healthcare space. And that's exactly why we decided to bring these 3 Black Hat presenters together.
    Read More
  • Jul 30, 2020 | Dark Reading

    Black Hat Virtually: An Important Time to Come Together as a Community [Black Hat USA 2020]

    It's an odd dichotomy for cybersecurity leaders and vendors this summer: Many of us are gearing up for Black Hat USA 2020, long one of the most influential conferences in the industry. But none of us are booking plane tickets, setting aside (just a little bit of) cash for the blackjack tables, or booking dinner meetings at whichever steakhouse doesn't require going out into the Las Vegas heat.
    Read More
  • Jul 30, 2020 | ITSP Magazine

    Universities Explore A Path For A Safe And Secure Healthcare Ecosystem | Black Hat USA 2020 Coverage | With Seth Fogie, Alan Michaels, And Mitchell Parker [Black Hat USA 2020]

    The healthcare train is barreling down the tracks of society, fueled by new technologies and massive amounts of data. Security companies offer products and services for traditional protection/detection/response but many miss the mark on the interconnected core of the healthcare ecosystem: healthcare apps, devices, data, and 3rd-party vendors.
    Read More
  • Jul 29, 2020 | ITSP Magazine

    Election Security: Securing America's Future | With Christopher Krebs, CISA | Black Hat USA 2020 [Black Hat USA 2020]

    Listen to this podcast we had with Christopher Krebs, Director at the Cybersecurity and Infrastructure Security Agency (CISA) as he presents his upcoming session at Black Hat 2020 Virtual Edition; and so much more.
    Read More
  • Jul 29, 2020 | Dark Reading

    Dark Reading Video News Desk Returns to Black Hat [Black Hat USA 2020]

    For 2020, Black Hat USA has transformed into Black Hat Virtual, moving out of Vegas and onto the Internet. And when the action kicks off next week, the Dark Reading News Desk team will be there. (The desk won't.)
    Read More
  • Jul 29, 2020 | Dark Reading

    11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event [Black Hat USA 2020]

    lack Hat Arsenal is a venue for developers and researchers to showcase the latest open source tools to members of the cybersecurity community.
    Read More
  • Jul 29, 2020 | TechTarget

    How CISOs can deal with cybersecurity stress and burnout [Black Hat USA 2020]

    Cybersecurity stress and mental health conversations have become more frequent recently, and Mogull said the security industry can learn a lot from EMS. Mogull is presenting on the topic at Black Hat 2020.
    Read More
  • Jul 28, 2020 | ITSP Magazine

    Election Security: Securing America's Future | With Christopher Krebs, CISA | Black Hat USA 2020 [Black Hat USA 2020]

    Seems that now, more than ever, we found ourselves in a situation where the outcome of a Democratic election could be manipulated by external actors — or at least we are very worried that it is a possibility. We know for a fact that various sorts and levels of cultural propaganda have been tried for many decades, but it has never been as powerful as it has been since the advent of the Internet and social media. At this point, we know that not only is it possible; it is also a fact.
    Read More
  • Jul 24, 2020 | Dark Reading

    Email Security Features Fail to Prevent Phishable 'From' Addresses [Black Hat USA 2020]

    Three standards for email security that are supposed to verify the source of a message have critical implementation differences that could allow attackers to send emails from one domain and have them verified as sent from a different — more legitimate-seeming — domain, says a research team who will present their findings at the virtual Black Hat conference next month.
    Read More
  • Jul 24, 2020 | ITSP Magazine

    Black Hat USA 2020 Coverage The Virtual Experience | With BH General Manager Steve Wylie [Black Hat USA 2020]

    Listen to our chat with Steve to find out all that the Black Hat virtual experience has to offer.
    Read More
  • Jul 23, 2020 | Digital Trends

    Google lead says he’s ‘disappointed’ with Apple’s new iPhone security program [Black Hat USA 2020]

    Apple’s Security Research Device program has been long overdue and was first mentioned last year at the Black Hat security conference by the company’s head of security, Ivan Krstic.
    Read More
  • Jul 23, 2020 | Dark Reading

    8 Cybersecurity Themes to Expect at Black Hat USA 2020 [Black Hat USA 2020]

    While many a security professional currently laments the inability to meet up with peers for real-life security summer camp this year, the good news is that Black Hat USA 2020 is a go for virtual attendees. The conference organizers have still managed to capture the zeitgeist of the security industry through Black Hat programming, which will feature the same kinds of vulnerability disclosures, attack research, and exploit tools that regulars have come to expect.
    Read More
  • Jul 23, 2020 | ITSP Magazine

    Black Hat USA 2020 Coverage The Virtual Experience | With BH General Manager Steve Wylie [Black Hat USA 2020]

    While we will miss being there, here is what we won't miss as it's all still happening: training, tracks, an amazing conversation about election security, healthcare, mobile, digital transformation, and obviously, cybersecurity's new world connected to the work-from-home new normal. Listen to our chat with Steve to find out all that the Black Hat virtual experience has to offer.
    Read More
  • Jul 22, 2020 | iMore

    Apple is now supplying bug bounty hunters with special iPhones [Black Hat USA 2020]

    During the Black Hat security conference last year, Apple said that it intended to provide special iPhones to bug hunters. The idea was to help them find bugs so that Apple could squash them and the company is now coming good.
    Read More
  • Jul 22, 2020 | Interesting Engineering

    Apple's New iPhone Rewards Hackers for Bugs [Black Hat USA 2020]

    At last year's Black Hat hacker conference in Las Vegas, Apple announced that it would be releasing hackable iPhones to help security researchers investigate the smartphones for vulnerabilities.
    Read More
  • Jul 22, 2020 | CNET

    Apple's new security program gives special iPhone hardware, with restrictions attached [Black Hat USA 2020]

    At last year's Black Hat cybersecurity conference, Apple first said it would be providing modified iPhones for security researchers. It launched the program Wednesday, saying it would be accepting applications immediately and that researchers who apply should expect to get their devices very soon.
    Read More
  • Jul 22, 2020 | TechCrunch

    Apple Starts Giving 'Hacker Friendly' iPhones to Top Bug Hunters [Black Hat USA 2020]

    Last year at the Black Hat security conference, Apple’s head of security Ivan Krstic told a crowd of security researchers that it would give its most-trusted researchers a “special” iPhone with unprecedented access to the the device’s underbelly, making it easier to find and report security vulnerabilities that Apple can fix in what it called the iOS Security Research Device program.
    Read More
  • Jul 22, 2020 | Security Weekly

    An Overview of Black Hat USA 2020 - Steve Wylie - ESW #191 [Black Hat USA 2020]

    Tune-in to get the inside scoop on Blackhat 2020! Steve Wylie, Black Hat General Manager, joins us to talk about to what attendees can expect from this year's virtual Blackhat event. Steve discusses the highly-anticipated briefings, trainings, new tracks, community programs, and the all new virtual conference platform.
    Read More
  • Jul 22, 2020 | Dark Reading

    Q&A: How Systemic Racism Weakens Cybersecurity [Black Hat USA 2020]

    Stewart will lead a discussion session at Black Hat USA Virtual on "Taking Steps to Break Down Systemic Racism in Cybersecurity," in the event's Community track, on Thursday, Aug. 6, at 10 a.m. PT.
    Read More
  • Jul 20, 2020 | Infosecurity Magazine

    Checkmate: Cybersecurity Strategy on the Modern Battlefield [Black Hat USA 2020]

    The same technique can be applied to security. In fact, according to recent research conducted at Black Hat conference in 2019, over 70% of respondents said their businesses conduct ‘red team’ exercises. Simulated attacks can be employed to actively seek out vulnerabilities in their own security infrastructure – an effective way to proactively prepare for real attacks in the future.
    Read More
  • Jul 16, 2020 | The Daily Swig

    Infosec pro Vandana Verma on improving diversity and helping to grow the Indian security community [Black Hat USA 2020]

    “Keeping pace with the current restrictions due to the spread of Covid-19, OWASP Bangalore Chapter has also gone online and our sessions are published on our YouTube channel.” This is part of a wider move towards online events: Verma was due to speak at Black Hat in August.
    Read More
  • Jul 16, 2020 | Inside Cybersecurity

    Researcher Matt Blaze tapped for Black Hat keynote on election security issues [Black Hat USA 2020]

    Matt Blaze, cyber researcher and professor of computer science and law at Georgetown University, will deliver a keynote on election security to help launch this year’s all-digital Black Hat conference in August.
    Read More
  • Jul 15, 2020 | Dark Reading

    Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems [Black Hat USA 2020]

    Wixey will share more puzzles, riddles, and observations made while creating this initiative in his upcoming Black Hat USA talk, "Breaking Brains, Solving Problems: Lessons Learned from Two Years of Setting Puzzles and Riddles for Infosec Professionals" on Thursday, August 6.
    Read More
  • Jul 13, 2020 | Dark Reading

    Lost in Translation: Serious Flaws Found in ICS Protocol Gateways [Black Hat USA 2020]

    Marco Balduzzi, senior research scientist with Trend Micro, next month at the Black Hat USA virtual event will disclose details of multiple vulnerabilities he and his team discovered in a sampling study of five popular ICS gateway products. Their findings focused not on the gateways' software nor the industrial protocols as in previous research, but rather on a lesser-studied function: the protocol translation process the devices conduct.
    Read More
  • Jul 13, 2020 | Dark Reading

    A Paramedic's Lessons for Cybersecurity Pros [Black Hat USA 2020]

    Mogull will share stories and lessons about his parallel careers in an upcoming Black Hat USA talk, "The Paramedic's Guide to Surviving Cybersecurity," on Thursday, August 6.
    Read More
  • Jul 9, 2020 | Inside Cybersecurity

    Black Hat announces first keynote for August virtual conference, focusing on disinformation [Black Hat USA 2020]

    The first announced keynote speech for Black Hat’s all-digital 2020 conference will focus on disinformation, with a presentation from a leading researcher into one of the hottest and most difficult issues facing policymakers.
    Read More
  • Jul 8, 2020 | Dark Reading

    A Most Personal Threat: Implantable Devices in Secure Spaces [Black Hat USA 2020]

    Michaels will be presenting results of his research at Black Hat, in a session titled "Carrying Our Insecurities with Us: The Risks of Implanted Medical Devices in Secure Spaces" at 10:00 a.m. on Wednesday, August 5.
    Read More
  • Jul 8, 2020 | Dark Reading

    How Advanced Attackers Take Aim at Office 365 [Black Hat USA 2020]

    Madeley and Bienstock will discuss more of these attack methods in their upcoming Black Hat USA talk, "My Cloud is APT's Cloud: Investigating and Defending Office 365," on August 6, 2020.
    Read More
  • Jul 2, 2020 | Dark Reading

    Building Security Strategies in Sub-Saharan Africa: Trends and Concerns [Black Hat USA 2020]

    Tich and Kilel will share insights into the sub-Saharan security landscape, along with proposed policies and solutions, in their upcoming Black Hat USA talk, "Building Cyber Security Strategies for Emerging Industries in Sub-Saharan Africa," to take place on Aug. 6, 2020.
    Read More
  • Jun 29, 2020 | Barracuda

    COVID-19 pandemic has changed cybersecurity utterly [Black Hat USA 2020]

    A survey of more than 270 cybersecurity professionals published this week by the host of the Black Hat Conference finds 80 percent of respondents said they believe the pandemic will lead to significant changes in cybersecurity operations. Only 15 percent said they believe cybersecurity operations and threat flow will return to normal once the COVID-19 pandemic subsides.
    Read More
  • Jun 29, 2020 | GovCon Wire

    Cybersecurity Risks Increase as Nation Adapts to Effects of COVID-19; Bryan Ware Quoted [Black Hat USA 2020]

    COVID-19 has triggered a wave of cybersecurity threats in a variety of industries, and security professionals predict that there will be no return to normality. Black Hat has found that 94 percent of current and former attendees believe that COVID-19 increases the cyber threat to enterprise systems and data.
    Read More
  • Jun 28, 2020 | Government Technology

    Security Predictions: COVID-19 Edition [Black Hat USA 2020]

    Black Hat's survey, Cyber Threats in Turbulent Times, describes how the COVID-19 pandemic will have a huge impact on the information security industry in the second half of 2020.
    Read More
  • Jun 25, 2020 | Healthcare IT News

    COVID-19-triggered threat changes will linger beyond crisis, say most security pros [Black Hat USA 2020]

    A commanding 94% majority of respondents to a new Black Hat survey says the pandemic has increased cybersecurity threats to enterprise systems and data – and many say it will continue to.
    Read More
  • Jun 24, 2020 | Politico

    FBI alerts on ransomware threat to schools [Black Hat USA 2020]

    Past Black Hat attendees said in a survey that they believe the coronavirus will have a long-term effect on cybersecurity
    Read More
  • Jun 24, 2020 | Inside Cybersecurity

    Black Hat survey: Unprecedented stress in cyber ecosystem amid COVID-19 upheaval [Black Hat USA 2020]

    Black Hat USA on Tuesday released the results of its sixth annual survey of attendees at one of the world’s largest conferences for cyber professionals – to be held online this year – finding deep concerns about the lasting impact of the pandemic on cybersecurity.
    Read More
  • Jun 24, 2020 | Politico

    Administration officials under spotlight [Black Hat USA 2020]

    Only 15 percent of experts “believe that cyber operations and threat flow will return to normal” after the pandemic ends, the organizers of the Black Hat security conference said in their annual survey of past attendees. Eighty-four percent of respondents “believe that significant, lasting changes will occur, at least in some industries.”
    Read More
  • Jun 24, 2020 | Dark Reading

    Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19 [Black Hat USA 2020]

    Annual "Black Hat USA Attendee Survey" indicates unprecedented concern over possible compromises of enterprise networks and US critical infrastructure.
    Read More
  • Jun 23, 2020 | Politico

    Coronavirus creating big cyber risks that will persist in long term, experts say [Black Hat USA 2020]

    Only 15 percent of experts “believe that cyber operations and threat flow will return to normal” after the pandemic ends, the organizers of the Black Hat security conference said in their annual survey of past attendees. Eighty-four percent of respondents “believe that significant, lasting changes will occur, at least in some industries.”
    Read More
  • Jun 15, 2020 | CISO Mag

    Threat Actors Can Eavesdrop Using a Light Bulb’s Vibrations: Research [Black Hat USA 2020]

    The researchers are planning to demonstrate this experiment at the Black Hat USA 2020 conference this August.
    Read More
  • Jun 15, 2020 | Threatpost

    ‘Lamphone’ Hack Uses Lightbulb Vibrations to Eavesdrop on Homes [Black Hat USA 2020]

    “Fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time,” said researchers with the Ben-Gurion University of the Negev and Weizmann Institute of Science, in a paper published this week. The research will be further presented at the Black Hat USA 2020 virtual conference in August.
    Read More
  • Jun 13, 2020 | ZDNet

    Lamphone attack lets threat actors recover conversations from your light bulb [Black Hat USA 2020]

    Additional details are available in the research team's academic paper, entitled "Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations". The research team's work will be presented in August at the Black Hat security conference.
    Read More
  • Jun 12, 2020 | Popular Mechanics

    How You Can Use a Light Bulb to Eavesdrop on People's Conversations [Black Hat USA 2020]

    "We show how fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time," the researchers write in their new paper, which they plan to present later this year at the Black Hat USA security conference.
    Read More
  • Jun 12, 2020 | WIRED

    Spies Can Eavesdrop by Watching a Light Bulb's Vibrations [Black Hat USA 2020]

    "Any sound in the room can be recovered from the room with no requirement to hack anything and no device in the room," says Ben Nassi, a security researcher at Ben-Gurion who developed the technique with fellow researchers Yaron Pirutin and Boris Zadov, and who plans to present their findings at the Black Hat security conference in August. "You just need line of sight to a hanging bulb, and this is it."
    Read More
  • May 22, 2020 | Computer Business Review

    Hacker Used £270 of TV Equipment to Eavesdrop on Sensitive Satellite Communications [Black Hat USA 2020]

    James Pavur, a Rhodes Scholar and DPhil student at Oxford, will detail the attack in a session at the Black Hat security conference in early August.
    Read More
  • May 21, 2020 | ZDNet

    New Spectra attack breaks the separation between Wi-Fi and Bluetooth [Black Hat USA 2020]

    "Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum, and wireless chips need to arbitrate the channel access," the research team said today in a short abstract detailing an upcoming Black Hat talk.
    Read More
  • May 20, 2020 | The Register

    Tech's Volkswagen moment? Trend Micro accused of cheating Microsoft driver QA by detecting test suite [Black Hat USA 2020]

    "Most of the security concerns I have with Trend Micro's driver were shocking because most of them were not mistakes," said Demirkapi, who has presented at hacking super-conference DEF CON and is due to discuss Windows rootkits at Black Hat USA 2020.
    Read More
  • May 13, 2020 | ZDNet

    PrintDemon vulnerability impacts all Windows versions [Black Hat USA 2020]

    PrintDemon is tracked under the CVE-2020-1048 identifier. Two security researchers from SafeBreach Labs, Peleg Hadar and Tomer Bar, were the first to discover the issue and report it to Microsoft. The two will be presenting their own report on the issue at the Black Hat security conference in August.
    Read More
  • May 11, 2020 | The Tech Portal

    New flaw in the Intel Thunderbolt port puts millions of laptops in risk of being hacked [Black Hat USA 2020]

    Ruytenberg also said that no software update can patch this issue, and Intel has to get back to the drawing board and make hardware changes to fix this issue. Ruytenberg plans to present his Thunderspy research at the Black Hat security conference this summer.
    Read More
  • May 11, 2020 | New York Post

    Hacking technique makes millions of devices vulnerable, research finds [Black Hat USA 2020]

    The researcher will be detailing his discovery at a Black Hat security conference this summer, and is releasing a tool so that people can see if their computers might be vulnerable to the hack.
    Read More
  • May 11, 2020 | Threatpost

    Millions of Thunderbolt-Equipped Devices Open to ‘ThunderSpy’ Attack [Black Hat USA 2020]

    A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes. Ruytenberg plans to present his research at the Black Hat USA conference this summer.
    Read More
  • May 10, 2020 | WIRED

    Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking [Black Hat USA 2020]

    "All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop," says Ruytenberg, who plans to present his Thunderspy research at the Black Hat security conference this summer—or the virtual conference that may replace it.
    Read More
  • Jan 8, 2020 | TechBeacon

    The best security conferences of 2020 [Black Hat Asia 2020]

    This is the Asian sister of the famous North American conference for hackers held in Las Vegas. It combines hands-on training sessions taught by industry experts with briefings containing cutting-edge research, including the latest zero-day vulnerabilities. There's also a business hall for solutions and service providers, and an "arsenal" feature where the latest open-source security tools are demonstrated.
    Read More
  • Dec 27, 2019 | Bank InfoSecurity

    Ransomware Attackers May Lurk for Months, FBI Warns [Black Hat Europe 2019]

    Or in the case of nation-state hacking operations, attackers may deploy ransomware to make the intrusion look like a criminal undertaking, while helpfully wiping their digital forensic tracks, as Jake Williams, head of cybersecurity consultancy Rendition Infosec, told me at this month's Black Hat Europe conference in London
    Read More
  • Dec 23, 2019 | Bank InfoSecurity

    Ransomware 2.0: Cybercrime Gangs Apply APT-Style Tactics [Black Hat Europe 2019]

    In this interview (see audio link below the image) recorded a the recent Black Hat Europe 2019 conference, Williams also discusses how hackers are "surgically targeting backup solutions" before deploying ransomware
    Read More
  • Dec 17, 2019 | The Daily Swig

    Google charts progress in developing Site Isolation browser technology [Black Hat Europe 2019]

    During a presentation at the Black Hat Europe conference in London earlier this month, Google software engineers Nasko Oskov and Charlie Reis offered an update (PDF) on the development of its Site Isolation technology.
    Read More
  • Dec 13, 2019 | The Daily Swig

    #SocialSec – Hot takes on this week’s biggest cybersecurity news (Dec 13) [Black Hat Europe 2019]

    Google believes the feature will help to combat SMS phishing attacks – a topic covered at Black Hat Europe last week – that seek to deceive users with “things like one-time passwords, account alerts, or appointment confirmations”.
    Read More
  • Dec 13, 2019 | Bank InfoSecurity

    Analysis: A Better Approach to Cyber Defense [Black Hat Europe 2019]

    ISMG's Mathew Schwartz offer takeaways for defense teams from the recent Black Hat Europe conference;
    Read More
  • Dec 12, 2019 | Stock Daily Dish

    YouTube users be aware: Your viewing habits can be tracked [Black Hat Europe 2019]

    Ran Dubin, a doctoral student in the BGU Department of Communication Systems Engineering who is an expert in cyber security, presented this research at the Black Hat Europe meeting in London.
    Read More
  • Dec 12, 2019 | DataBreachToday

    Visual Journal: Black Hat Europe 2019 [Black Hat Europe 2019]

    Black Hat Europe returned to London last week. Once again held at the ExCeL conference center in the city's Docklands quarter, the annual cybersecurity conference featured in-depth training as well as two days of briefings, vendor exhibitions in a packed business hall, sessions run by vendors, in-depth technical demonstrations and more.
    Read More
  • Dec 11, 2019 | ZDNet

    Cybersecurity: How Facebook's red team is pushing boundaries to keep your data safe [Black Hat Europe 2019]

    Amanda Rousseau, offensive research engineer at Facebook, who was formerly a malware researcher and a computer forensic examiner, detailed how the red teaming at Facebook works – and the challenges it involves – at the Black Hat Europe 2019 cybersecurity conference in London.
    Read More
  • Dec 11, 2019 | The Daily Swig

    ‘Alexa, hack my serverless technology’ – attacking web apps with voice commands [Black Hat Europe 2019]

    Speaking at the Black Hat Europe conference in London last week, researcher Tal Melamed took control of vulnerable applications hosted on serverless environments using Alexa-guided SQL injection attacks.
    Read More
  • Dec 11, 2019 | Infosecurity Magazine

    Top Ten: Things We Learned in 2019 [Black Hat USA 2019]

    Deepfakes have been an emerging trend in 2019, with claims that their use could have political impact. At the Black Hat conference in Las Vegas in August, security vendor ZeroFOX disclosed research on deepfakes, and how to improve detection.
    Read More
  • Dec 10, 2019 | Version2

    Security researcher: 'A false flag technique doesn't have to be perfect to be effective' [Black Hat Europe 2019]

    It traces security researcher Jake Williams, who Version2 met at the Black Hat Europe conference, which took place in London last week.
    Read More
  • Dec 10, 2019 | Cyberthreat.id

    Panasonic Use Honeypot for the Safety of its IoT Products [Black Hat Europe 2019]

    Panasonic uses two web sites honeypots that are built specifically and have the effect of exposing the device to the internet. "This is to lure cyber criminals to attack the device," ZDNet wrote , Monday (9 December 2019) which summarizes the presentations of two Panasonic officials at the "Black Hat Europe" event in London.
    Read More
  • Dec 10, 2019 | The Register

    SIEMs like a stretch: Elastic searches for cash from IT pros with security budgets [Black Hat Europe 2019]

    They're a bit coy about it, though. The global biz's James Spiteri told The Register at Black Hat Europe that this was all about offering customers a better choice of integrated tools, with eating a slice of the pies being baked by others on its Elasticsearch tool as a very distant second priority. Of course.
    Read More
  • Dec 9, 2019 | Linux Magazin

    When it rappels in the cloud container [Black Hat Europe 2019]

    Fork Bombs are not new, but they seem to be able to dislodge a Kubernetes. How the bomb can be defused and what other potential problems lurk in build environments was a topic at Black Hat Europe.
    Read More
  • Dec 9, 2019 | Dark Reading

    Maersk CISO Says NotPeyta Devastated Several Unnamed US firms [Black Hat Europe 2019]

    Speaking at Black Hat Europe 2019, A.P. Moller Maersk A/S Chief Information Security Officer Andrew Powell said he believes globally approximately 600 companies were damaged by NotPetya around the time of the Maersk attack.
    Read More
  • Dec 9, 2019 | CISO Mag

    Honeypots: Best Bet for IoT Security? [Black Hat Europe 2019]

    In a recent presentation at Black Hat Europe in London, security researchers from Panasonic, Hikohiro Y Lin and Yuki Osawa, detailed that how they’re executing honeypots.
    Read More
  • Dec 9, 2019 | ZDNet

    How Panasonic is using internet honeypots to improve IoT device security [Black Hat Europe 2019]

    The process was detailed by Hikohiro Y Lin, general manager and head of the product security incident response team, and Yuki Osawa, senior engineer at Panasonic Corporation, presenting a session at Black Hat Europe in London.
    Read More
  • Dec 9, 2019 | The Register

    Metasploit for drones? Best of luck with that, muses veteran tinkerer [Black Hat Europe 2019]

    Alexandre D'Hondt and Yannick Pasquazzo gave a quick talk about Dronesploit during Black Hat Europe, held in London last week.
    Read More
  • Dec 9, 2019 | The Daily Swig

    When the screens went black: How NotPetya taught Maersk to rely on resilience – not luck – to mitigate future cyber-attacks [Black Hat Europe 2019]

    ecounting the remarkable stroke of luck at the Black Hat Europe conference in London last week, Maersk CISO Andy Powell said the malware wiped out almost all online backups of the company’s Active Directory – save, mercifully, for a piece held in its powered-down Lagos office.
    Read More
  • Dec 8, 2019 | Bank InfoSecurity

    8 Takeaways: Black Hat Europe's Closing 'Locknote' Panel [Black Hat Europe 2019]

    On Thursday, the final day of this year's annual cybersecurity conference, Black Hat founder and organizer Jeff Moss (@thedarktangent) took to the stage, joined by several member of the Black Hat review board. The board reviews and selects all of the conference briefings.
    Read More
  • Dec 8, 2019 | Security Affairs

    SEC Xtractor – Experts released an open-source hardware analysis tool [Black Hat Europe 2019]

    An open-source bootloader was used to program the device via USB. No external programmer is needed to reflash the ATXmega microcontroller. The black color for the main PCB and the NAND/NOR adapters were chosen because the launch was made during Black Hat Europe 2019 Arsenal.
    Read More
  • Dec 6, 2019 | Linux Magazin

    Encrypted PDFs can be manipulated [Black Hat Europe 2019]

    Encrypted PDFs are not really well encrypted, but can be easily manipulated, showed Fabian Ising and Jens Müller at Black Hat Europe.
    Read More
  • Dec 6, 2019 | Version2

    Maersk CISO: I don't trust the built-in security of the cloud [Black Hat Europe 2019]

    At Maersk, CISO (Chief Information Security Officer) Andy Powell does not immediately have the big scam of the built-in security on the cloud platforms. He came up with the topic during a presentation at the Black Hat Europe Security Conference taking place in London this week.
    Read More
  • Dec 6, 2019 | Bank InfoSecurity

    How the Adversarial Mindset Is Making Cybersecurity Better [Black Hat Europe 2019]

    In this interview (see audio link below the image) recorded at Black Hat Europe 2019, Moss also discusses the increased use of red teams to help organizations' blue teams and engineers to be more effective
    Read More
  • Dec 6, 2019 | The Daily Swig

    The best hacks from Black Hat Europe 2019 [Black Hat Europe 2019]

    If there was still any semblance of doubt, security researchers proved once again that anything based on a computer can and will be hacked during the Black Hat Europe conference this week.
    Read More
  • Dec 5, 2019 | Linux Magazin

    Search engine detects security holes in security cameras [Black Hat Europe 2019]

    At Black Hat Europe 2019, Japanese security researchers from NTT have launched an online search that will help them discover security holes in no-name security cameras.
    Read More
  • Dec 5, 2019 | Linux Magazin

    Doors of Durin: backdoor in Siemens PLC [Black Hat Europe 2019]

    After a welcome by the Black Hat founder Jeff Moss started yesterday the 19th Black Hat Europe in London. Among other things, security researchers from the University of Bochum showed that there is a backdoor in a Siemens PLC.
    Read More
  • Dec 5, 2019 | The Register

    How to fool infosec wonks into pinning a cyber attack on China, Russia, Iran, whomever [Black Hat Europe 2019]

    Faking digital evidence during a cyber attack – planting a false flag – is simple if you know how, as noted infosec veteran Jake Williams told London's Black Hat Europe conference.
    Read More
  • Dec 5, 2019 | The Daily Swig

    Behind the story: Journalist Geoff White takes a closer look at the fragile ties between security and the media [Black Hat Europe 2019]

    Speaking at the Black Hat Europe conference in London yesterday (December 4), White noted that media outlets published the story on public interest grounds.
    Read More
  • Dec 5, 2019 | The Daily Swig

    Barq: Post-exploitation framework plays havoc with AWS infrastructure [Black Hat Europe 2019]

    Barq, a post-exploitation framework that allows penetration testers and red teamers to easily perform attacks on running AWS infrastructure, was showcased during the Arsenal sessions at Black Hat Europe today (December 5).
    Read More
  • Dec 5, 2019 | ComputerWeekly

    Black Hat Europe: Mental health websites are leaking user data [Black Hat Europe 2019]

    At Black Hat Europe in London, researchers reveal the extent to which confidential data is being leaked to third parties by online mental health websites
    Read More
  • Dec 5, 2019 | The Daily Swig

    Black Hat Europe: New tool offers Metasploit-like framework for hacking into drones [Black Hat Europe 2019]

    Progress in developing the tool, dubbed ‘DroneSploit’, was outlined by its developers, Alexandre D’Hondt and Yannick Pasquazzo, during an Arsenal session at the Black Hat Europe conference in London today (December 5).
    Read More
  • Dec 5, 2019 | SC Magazine

    Black Hat Europe 2019: Did your employee leave with the data? [Black Hat Europe 2019]

    Departing employees account for more than half of all insider threat incidents; Two out of three professionals openly admit to taking data with them when they quit
    Read More
  • Dec 5, 2019 | Tech World IDG

    "Hackers hack - but you should know the tools they use" [Black Hat Europe 2019]

    Lars Dobos attends the Black Hat conference in London and is struck by the fact that the world certainly does not suffer from a lack of hacking tools.
    Read More
  • Dec 5, 2019 | The Daily Swig

    Offensive hacking tool maintains API security [Black Hat Europe 2019]

    Security vendor Imperva has open-sourced an automatic API attack tool in line with this year’s Black Hat Europe security conference.
    Read More
  • Dec 5, 2019 | Infosecurity Magazine

    #BHEU: Mental Health and Depression Websites Share Details in Plain Text [Black Hat Europe 2019]

    Revealing research around web and cookie security at Black Hat Europe in London, Eliot Bendinelli, technologist at Privacy International and Frederike Kaltheuner, formerly of Privacy International and now tech policy fellow at Mozilla, described how a number of websites offering “tests” on mental health and depression shared results with third parties.
    Read More
  • Dec 5, 2019 | The Daily Swig

    False flag cyber operations likely to further muddle the complex attribution puzzle [Black Hat Europe 2019]

    Jake Williams, principal consultant at Rendition Infosec and former US Department of Defense (DoD) cybersecurity expert who has taken part in offensive ops, told delegates at this year’s Black Hat Europe that conducting a false flag cyber operation is a lot easier than people tend to think.
    Read More
  • Dec 4, 2019 | Dark Reading

    Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism [Black Hat Europe 2019]

    Now that major data leaks are a semi-regular occurrence it’s more important than ever for cybersecurity professionals to understand how the media covers them, and there’s no better place to do that than Black Hat Europe in London this week.
    Read More
  • Dec 4, 2019 | The Daily Swig

    Black Hat Europe 2019: Facebook’s Amanda Rousseau on rabbit holes, red team ops, and challenging security assumptions [Black Hat Europe 2019]

    Facebook red teamer Amanda Rousseau lamented an incipient hyper-specialization among infosec professionals during her keynote address at Black Hat Europe 2019 today (December 4).
    Read More
  • Dec 4, 2019 | Infosecurity Magazine

    #BHEU: Consider Adversarial Thinking, Ask If the Tool Works [Black Hat Europe 2019]

    Delivering the opening keynote at Black Hat Europe, offensive security engineer Amanda Rousseau talked about the move from a defensive to offensive role, and how narrow that has made our thinking.
    Read More
  • Dec 4, 2019 | SC Magazine

    Black Hat Europe 2019: Trust your vendors, but verify [Black Hat Europe 2019]

    If partners in your supply chain have access or information on your data or your network, their risk is your risk
    Read More
  • Dec 4, 2019 | New Money Review

    Gates wide open to contactless fraud [Black Hat Europe 2019]

    But two security researchers, speaking at the Black Hat Europe 2019 conference in London on December 4, painted a much darker picture of contactless payment risks.
    Read More
  • Dec 4, 2019 | The Daily Swig

    WHID Elite: Weaponized USB gadgets boast multiple features for the stealthy red teamer [Black Hat Europe 2019]

    Presenting the tool on the Arsenal track at this year’s Black Hat Europe, Bongiorni explained how he wanted to develop the capabilities of a previous iteration, WHID Injector – a USB device that, once plugged into a target’s machine, could allow an attacker to remotely inject keystrokes without the need for physical access.
    Read More
  • Dec 4, 2019 | Infosecurity Magazine

    #BHEU: Foster the Right Skills, Culture and Share Knowledge [Black Hat Europe 2019]

    Opening the 19th Black Hat Europe in London, founder Jeff Moss said that over the years the diversity of the security community has grown as well has the expansion of skills to include both hard and soft skills.
    Read More
  • Dec 4, 2019 | TechWorld IDG

    Unknown error in Windows Hello for Business - fix released today, but not by Microsoft [Black Hat Europe 2019]

    A hitherto unknown error in Windows Hello for Business has been discovered by a Czech security researcher presenting his findings at the Black Hat conference in London. The researcher has developed his own tool, but Microsoft's own patch may be delayed.
    Read More
  • Dec 4, 2019 | ComputerWeekly

    Black Hat Europe: Red teams and blue teams must evolve in the 2020s [Black Hat Europe 2019]

    The concepts of red teams and blue teams in cyber security should be redefined for the 2020s, and both sides need to come together and learn from each other, according to Facebook offensive security engineer Amanda Rousseau, who opened Black Hat Europe 2019 by calling for a new approach to this fundamental aspect of security culture.
    Read More
  • Dec 4, 2019 | The Daily Swig

    Attack detection: Zhouhe uses machine learning to hunt for network traffic threats [Black Hat Europe 2019]

    “Meanwhile, our machine learning algorithms let us know some unknown threats or 0day that cannot be detected by the ruleset, so that we can better write rules.” Rui Xiao and Rui Zhang demonstrated their tool during a Black Hat Europe Arsenal presentation earlier today (December 4).
    Read More
  • Dec 4, 2019 | WIRED

    The Future of Texting Is Far Too Easy to Hack [Black Hat Europe 2019]

    At the Black Hat security conference in London on Tuesday, German security consultancy SRLabs demonstrated a collection of problems in how RCS is implemented by both phone carriers and Google in modern Android phones. Those implementation flaws, the researchers say, could allow texts and calls to be intercepted, spoofed, or altered at will, in some cases by a hacker merely sitting on the same Wi-Fi network and using relatively simple tricks
    Read More
  • Dec 4, 2019 | Dark Reading

    What's in a Botnet? Researchers Spy on Geost Operators [Black Hat Europe 2019]

    García, Shirokova, and their fellow researcher María José Erquiaga, also of the Czech Technical University in Prague, presented their findings today at Black Hat Europe.
    Read More
  • Dec 4, 2019 | Dark Reading

    Password-Cracking Teams Up in CrackQ Release [Black Hat Europe 2019]

    Security services firm Trustwave has released an open source project aimed at companies that want to provide password-cracking as a service to their security teams and red teams, the company announced today at the Black Hat Europe conference.
    Read More
  • Dec 4, 2019 | Bank InfoSecurity

    Cybersecurity Defenders: Channel Your Adversary's Mindset [Black Hat Europe 2019]

    A clear theme Wednesday throughout the first day of the Black Hat Europe conference was the importance of approaching the design and defense of networks and systems by thinking like the enemy.
    Read More
  • Dec 4, 2019 | The Daily Swig

    SMS phishing: TapIt framework enables large-scale social engineering campaigns [Black Hat Europe 2019]

    A framework for automating large-scale SMS phishing campaigns, including SMS tracking, web payloads, and credential harvesting, has been showcased at this year’s Black Hat Europe.
    Read More
  • Dec 4, 2019 | The Daily Swig

    Hack that lifts limits on contactless card payments debuts at Black Hat‪‬‬ Europe‬ 2019 [Black Hat Europe 2019]

    During a presentation at the Black Hat Europe conference in London today (December 4) the researchers demonstrated for the first time how to bypass the UK £30 ($39) limit for contactless payments made using physical cards.‬
    Read More
  • Dec 3, 2019 | Latest Hacking News

    Vulnerabilities In RCS Technology Exposes Android Users To Cyber Attacks Attribution link: https://latesthackingnews.com/2019/12/03/vulnerabilities-in-rcs-technology-exposes-android-users-to-cyber-attacks/ [Black Hat Europe 2019]

    Presently, researchers have briefly hinted towards their findings. Whereas, they plan to reveal more about the RCS vulnerabilities in the upcoming Black Hat Europe 2019.
    Read More
  • Dec 3, 2019 | Bank InfoSecurity

    15 Hot Sessions at Black Hat Europe 2019 [Black Hat Europe 2019]

    Black Hat Europe returns this week to London. Now in its 18th year, the conference features 100 speakers and researchers delivering 15 in-depth technical training sessions and more than 40 briefings.
    Read More
  • Dec 3, 2019 | Dark Reading

    Siemens Offers Workarounds for Newly Found PLC Vulnerability [Black Hat Europe 2019]

    Ali Abbasi, a research scholar at Ruhr-University Bochum, doctoral student Tobias Scharnowski, and professor Thorsten Holz will present their findings this week in London at Black Hat Europe. The researchers alerted Siemen, which says it plans to fix the flaw.
    Read More
  • Dec 3, 2019 | Dark Reading

    When Rogue Insiders Go to the Dark Web [Black Hat Europe 2019]

    "In English-language forums, they tend to be a lot more cautious and suspicious," especially now that they are aware of researchers and law enforcement infiltrating their spaces, she says. And because law enforcement has been shuttering some of these forums over the past couple of years, it's harder to track where the rogue insiders go next, notes Wright, who will present some of IntSights' latest Dark Web findings at Black Hat Europe in London this week.
    Read More
  • Dec 3, 2019 | The Parallax

    RCS delivers new texting features—and old security vulnerabilities [Black Hat Europe 2019]

    Since our original interview in November, Nohl has uncovered another method of intercepting RCS texts and calls that exploits how the messaging app validates the certificate. SR Labs plans to include this discovery in its Black Hat Europe presentation.
    Read More
  • Dec 3, 2019 | Built In

    20 TOP CYBERSECURITY TRAINING PROGRAMS [Black Hat Europe 2019]

    Black Hat hosts multi-day labs in urban centers (like Las Vegas and Singapore) that are focused on topics like penetration testing and web application vulnerabilities. The professional organization for cybersecurity vendors and professionals has hosted those types of educational events for more than two decades.
    Read More
  • Dec 1, 2019 | PiunikaWeb

    RCS messaging features may entice you, but its carrier implementation is reportedly not safe [Black Hat Europe 2019]

    Though it seems to be a major security threat, for now, there is no evidence that hackers have done any such thing. Hopefully, researchers would reveal more information when they talk about the findings at the Black Hat Europe conference in December.
    Read More
  • Dec 1, 2019 | Android Police

    Some carrier RCS implementations have security issues [Black Hat Europe 2019]

    Full details will be revealed at the Black Hat Europe conference later this week, but the short version is that, while nothing is wrong with the base RCS standard, it is partly undefined, leaving certain details up to the carriers. It's those parts that are prone to security issues.
    Read More
  • Nov 30, 2019 | betanews

    RCS is being implemented dangerously, leaving users vulnerable to attack [Black Hat Europe 2019]

    While SRLabs's full research is due to be presented at December's Black Hat Europe conference, the group has given a summary of its findings ahead of this. It found that RCS left users exposed to the risk of message interception, impersonation, tracking, and much more.
    Read More
  • Nov 30, 2019 | Fossbytes

    New SMS Alternative ‘RCS Standard’ Is Exposing Users To Security Threats [Black Hat Europe 2019]

    GSM told Vice that while they appreciate the efforts made by SLabs to the public the security issues; however, the research includes “no new, vulnerabilities” that the body wasn’t aware of. The SLabs researchers will report their findings in the Black Hat December conference in Europe.
    Read More
  • Nov 30, 2019 | Forbes

    New Android Text Messaging Update ‘Exposes Most Users To Hacking’ [Black Hat Europe 2019]

    The issues raised by SRLabs are more straightforward. And with RCS already being deployed in around 70 countries, it needs fixing quickly. The good news is that the major networks seem to be open to reviewing the research and adapting deployments. SRLabs will present more of its findings at Black Hat Europe in December.
    Read More
  • Nov 29, 2019 | Tutto Android

    The new RCS services are not all bed and roses: they hide serious security problems [Black Hat Europe 2019]

    But there is more: according to Nohl it is indeed a scandal that important Telco companies such as Vodafone , AT&T, Verizon, Sprint and many others have embraced the RCS services without the consent of their users, obviously exposing them to such important security problems. Researchers Luca Melette and Sina Yazdanmehr will present all their findings during the Black Hat Europe conference this December, showing all the limitations discovered so far.
    Read More
  • Nov 29, 2019 | The Verge

    Bad RCS implementations are creating big vulnerabilities, security researchers claim [Black Hat Europe 2019]

    SRLabs will be presenting its findings at the Black Hat Europe conference in December, after showing off some of its work at the DeepSec conference today.
    Read More
  • Nov 29, 2019 | BGR

    Google’s RCS messaging could rival iMessage, but for now it’s a security nightmare [Black Hat Europe 2019]

    The good news is that the GSMA and the carriers are aware of these issues, and fixes are probably on the way. The researchers will further explain their RCS findings at the Black Hat Europe conference next December.
    Read More
  • Nov 29, 2019 | VICE Motherboard

    SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos [Black Hat Europe 2019]

    SRLabs researchers Luca Melette and Sina Yazdanmehr will present their RCS findings at the upcoming Black Hat Europe conference in December, and discussed some of their work at security conference DeepSec on Friday
    Read More
  • Nov 28, 2019 | ITProPortal

    The hidden reason why companies are struggling to secure cloud infrastructure [Black Hat Europe 2019]

    In an upcoming talk for Black Hat Europe 2019 ("Inside Out: The Cloud Has Never Been So Close"), XM Cyber senior security researchers will outline a new approach to attacking cloud infrastructure. This technique illustrates the relationships between various identities, resources and policies, in the process identifying vulnerable choke points that require immediate remediation.
    Read More
  • Nov 27, 2019 | Dark Reading

    New Free Emulator Challenges Apple's Control of iOS [Black Hat Europe 2019]

    A security researcher at Black Hat Europe in London next week plans to release an open source low-level emulator that can run a version of Apple's mobile operating system.
    Read More
  • Nov 22, 2019 | Dark Reading

    Researchers Explore How Mental Health Is Tracked Online [Black Hat Europe 2019]

    Bendinelli and Frederike Kaltheuner, tech policy fellow with the Mozilla Foundation, will present more of these research findings at the Black Hat Europe 2019 conference in a briefing entitled "Is Your Mental Health for Sale?"
    Read More
  • Nov 22, 2019 | Dark Reading

    Black Hat Europe Q&A: Unveiling the Underground World of Anti-Cheats [Black Hat Europe 2019]

    Anti-cheat software safeguards countless online game players every year, but it’s not bulletproof. At Black Hat Europe in London next month attendees will learn firsthand where the chinks are in the armor of modern anti-cheat solutions
    Read More
  • Nov 22, 2019 | The Block Daily

    Global Witness urges UK authorities to investigate links between illicit crypto exchanges and Russian security services [Black Hat USA 2019]

    Thus, the FSB-Bilyuchenko case could further highlight the emerging trend os "infighting among Russian security services in the cyber sphere," a theme that headlined a briefing given by Kimberly Zenz, an American cyber-threat intelligence expert who focuses on Russia, at the 2019 Black Hat hacker conference in Las Vegas last August.
    Read More
  • Nov 18, 2019 | Dark Reading

    Windows Hello for Business Opens Door to New Attack Vectors [Black Hat Europe 2019]

    To learn more about how WHfB operates, Grafnetter has spent the past year studying the feature and the past two months doing a deep dive. He will present his findings at the upcoming Black Hat Europe show in a briefing entitled "Exploiting Windows Hello for Business."
    Read More
  • Nov 17, 2019 | Security Affairs

    Experts found undocumented access feature in Siemens SIMATIC PLCs [Black Hat Europe 2019]

    The team of experts will present the results of its research in December at the Black Hat Europe conference in London.
    Read More
  • Nov 15, 2019 | SecurityWeek

    Undocumented Access Feature Exposes Siemens PLCs to Attacks [Black Hat Europe 2019]

    Abbasi says they have reported their findings to Siemens in March and the company released an advisory this week to inform customers that it’s working on a solution. In the meantime, customers have been advised to ensure protection against physical access and apply defense-in-depth recommendations. The industrial giant told the researchers that it would remove the problematic access mode from PLCs. The researchers plan on presenting their findings next month at the Black Hat Europe conference in London.
    Read More
  • Nov 15, 2019 | CNET

    Android users beware: 146 bugs found in preinstalled apps [Black Hat USA 2019]

    In a Black Hat 2019 presentation, Google security researcher Maddie Stone said an Android device often has 100 to 400 preinstalled apps. If you're a malicious actor, Stone said in the presentation, you "only have to convince one company to include your app, rather than thousands of users."
    Read More
  • Nov 14, 2019 | Catalin Cimpanu

    Officials warn about the dangers of using public USB charging stations [Black Hat USA 2019]

    Across the years, several proofs-of-concept were created. The most notorious is Mactans, presented at the Black Hat 2013 security conference, which was a malicious USB wall charger that could deploy malware on iOS devices.
    Read More
  • Nov 12, 2019 | CPO Magazine

    Chinese Hackers Now Stealing Text Messages, Phone Records From Telecom Companies [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas, FireEye detailed how APT41 Chinese hackers broke into the production environment of a video gaming company, so as to manipulate the amount of virtual currency available to them. They are also using ransomware to shake down companies in exchange for cryptocurrency ransom payments.
    Read More
  • Nov 11, 2019 | Dark Reading

    Researchers Find New Approach to Attacking Cloud Infrastructure [Black Hat Europe 2019]

    At this year's Black Hat Europe, Gofman and Shani plan to demonstrate an alternative new approach to attacking cloud infrastructure in a talk titled "Inside Out — The Cloud Has Never Been So Close." Their methodology involves using a graph to show permission relationships between different entities, revealing risky choke points that need to be addressed and eliminated.
    Read More
  • Nov 7, 2019 | SecurityLab

    Hidden access function detected in Siemens PLC [Black Hat Europe 2019]

    Researchers reported the find of Siemens, now the company is working to eliminate the vulnerability. Experts will present detailed results of the study at the Black Hat Europe conference in December 2019.
    Read More
  • Nov 7, 2019 | Dark Reading

    Black Hat Q&A: Hacking a '90s Sports Car [Black Hat Europe 2019]

    Communicating with your car and building your own tools is easier than you think, and well worth the effort, says Stanislas Lejay who will be briefing attendees in London at Black Hat Europe next month on Unleashing the Power of My 20+ Years Old Car. It's a fun and fascinating look at Lejay's efforts to bypass the speed limiter (set at ~180 km/h) and still pass inspection.
    Read More
  • Nov 5, 2019 | Dark Reading

    Siemens PLC Feature Can Be Exploited for Evil - and for Good [Black Hat Europe 2019]

    The researchers built a tool that performs this forensic memory dump, which they will release at Black Hat Europe next month in London when they will present their research findings
    Read More
  • Nov 1, 2019 | The Daily Swig

    #SocialSec – Hot takes on this week’s biggest cybersecurity news (Nov 1) [Black Hat Europe 2019]

    In other security industry news this week, Amanda Rousseau has been named as the keynote speaker at this year’s Black Hat Europe.
    Read More
  • Oct 16, 2019 | The CyberWire

    The CyberWire Daily Podcast, Wednesday, October 16, 2019 [Black Hat Europe 2019]

    It's a great way to demonstrate that either you have the offensive capabilities or that you have the defense capabilities. The capture the flag scenarios and games that are being run at conferences like Black Hat and Defcon are serving several purposes. - See more at: https://thecyberwire.com/podcasts/cw-podcasts-daily-2019-10-16.html#.dpuf
    Read More
  • Oct 8, 2019 | GovInfoSecurity

    Developers' Code Reuse Security Conundrum: Cut, Paste, Fail [Black Hat Europe 2019]

    That question was posed at the December 2018 Black Hat Europe in London. At the ending "locknote" panel discussion, an audience member asked Black Hat founder Jeff Moss if it was time to get tough on vendors that produce poor software, because the basics - including the Open Web Application Security Project's top 10 most critical application security risks - haven't changed fundamentally in years.
    Read More
  • Sep 17, 2019 | Help Net Security

    Targeted threat intelligence and what your organization might be missing [Black Hat USA 2019]

    In this Help Net Security podcast recorded at Black Hat USA 2019, Adam Darrah (Director of Intelligence), Mike Kirschner (Chief Operating Officer) and Christian Lees (Chief Technology Officer) from Vigilante, talk about how their global threat hunting and dark web cyber intelligence research team extends the reach of a company’s security resources, and lives within the underground community to remain ahead of emerging threats.
    Read More
  • Sep 4, 2019 | Help Net Security

    Security pros need more and better visibility into their cloud networks [Black Hat USA 2019]

    In this Help Net Security podcast, Kevin Sheu, VP Product Marketing and Marcus Hartwig, Senior Product Marketing Manager at Vectra AI, discuss the Vectra superhero survey from Black Hat USA 2019, which provides insight into the current cloud adoption and top-of-mind concerns of attendees.
    Read More
  • Sep 3, 2019 | CPO Magazine

    Cyber Insurance: You Get What You Pay For [Black Hat USA 2019]

    These risks were highlighted recently by a study from mutual insurance giant FM Global, and summit helmed by cyber insurance experts at the annual Black Hat USA security conference in Las Vegas.
    Read More
  • Sep 2, 2019 | VICE

    This Has Been the Worst Year for iPhone Security Yet [Black Hat USA 2019]

    Before Solnik’s Black Hat talk, Apple had yet to provide decrypted kernels to the public. Analysing the kernel is a key step to hacking the iPhone and to understanding how iOS really works under the hood. And these dev-fused iPhones, available on the gray market for four or five figures, are the perfect tool to do that.
    Read More
  • Sep 1, 2019 | Help Net Security

    Week in review: Mass iPhone hacking, SSL VPNs under attack, SOC analysts overwhelmed [Black Hat USA 2019]

    According to a survey of 476 IT security professionals at Black Hat USA 2019, nearly one in four (24%) said they would take company information to help apply for a position at a competitor.
    Read More
  • Aug 31, 2019 | Fifth Domain

    What’s changing in the cyber domain? We ask industry experts [Black Hat USA 2019]

    Fifth Domain posed this question to cybersecurity experts at Black Hat, a cybersecurity conference in Las Vegas, Nevada, that ran from Aug. 3-8. With the cyber domain rapidly evolving, we wanted to know how conversations within the cyber community are changing.
    Read More
  • Aug 30, 2019 | The Washington Post

    Google uncovers 2-year iPhone hack that was ‘sustained’ and ‘indiscriminate’ [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas earlier this month, Apple’s head of security engineering said the company will pay as much as $1.5 million for a “bug bounty” to any researcher who discovers iOS attack techniques and discreetly reports them to Apple.
    Read More
  • Aug 30, 2019 | TechRepublic

    How the Cloud Security Alliance helps businesses identify and mitigate cybersecurity risks [Black Hat USA 2019]

    At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with Cloud Security Alliance's John Yeoh about how implementing new technology leads to success. The following transcript has been edited for clarity purposes.
    Read More
  • Aug 29, 2019 | Forbes

    How To Make $1 Million From Hacking: Meet Six Hacker Millionaires [Black Hat USA 2019]

    If you need any more convincing that hacking can be a very profitable career path, then you only have to look at the Hacker Summer Camp this year. This is the name given to the week in August that sees both Black Hat USA and DEF CON hacker conferences happening in Las Vegas.
    Read More
  • Aug 27, 2019 | TechRadar.pro

    Business VPN flaws exploited by hackers [Black Hat USA 2019]

    Pulse Secure VPN and Fortinet's FortiGate VPN were targeted after flaws in both products were made public during a talk at this month's Black Hat security conference.
    Read More
  • Aug 26, 2019 | Help Net Security

    Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs [Black Hat USA 2019]

    Fixes exist for both: Pulse Secure released them in April and Fortinet in May, months before Devcore researchers Meh Chang and Orange Tsai shared their discovery with the audience at Black Hat USA 2019.
    Read More
  • Aug 26, 2019 | Ars Technica

    Hackers are actively trying to steal passwords from two widely used VPNs [Black Hat USA 2019]

    The vulnerabilities can be exploited by sending unpatched servers Web requests that contain a special sequence of characters, researchers at the Black Hat security conference in Las Vegas said earlier this month.
    Read More
  • Aug 26, 2019 | Help Net Security

    Using deep learning and natural language understanding to protect enterprise communication [Black Hat USA 2019]

    In this Help Net Security podcast recorded at Black Hat USA 2019, Dhananjay Sampath, CEO at Armorblox, talks about how they use natural language understanding and deep learning to automatically create and adapt policies, continuously measure risk exposure, and prevent attacks and data loss.
    Read More
  • Aug 25, 2019 | ZDNet

    Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs [Black Hat USA 2019]

    But if this week started bad, it ended even worse. By Friday, attackers also started exploiting another set of vulnerabilities, also disclosed at a security conference -- but this time at Black Hat.
    Read More
  • Aug 24, 2019 | WIRED

    SECURITY NEWS THIS WEEK: CRYPTOCURRENCY MINERS EXPOSE NUCLEAR PLANT TO INTERNET [Black Hat USA 2019]

    While the cybersecurity world took a collective deep breath after the Black Hat and Defcon hacker conferences, there was still plenty of news to be had this week.
    Read More
  • Aug 24, 2019 | Fifth Domain

    How can the government improve its cyber posture? [Black Hat USA 2019]

    Several industry experts interviewed by Fifth Domain at Black Hat USA, a cybersecurity conference held in Las Vegas, Nevada, from Aug. 3-8, expressed concern that government agencies don’t know what’s on their networks.
    Read More
  • Aug 23, 2019 | CSO

    4 takeaways from Black Hat 2019 [Black Hat USA 2019]

    The Black Hat conference not only sheds light on the IT security issues currently plaguing organizations, but the emerging issues that will soon affect people and companies. At the latest Black Hat, held in the Mandalay Bay in Las Vegas in August, industry experts offered their insights on how cybercriminals are upping the ante and what IT security professionals can do to combat the constant and unyielding tide of attacks.
    Read More
  • Aug 22, 2019 | Enterprise Times

    The challenge of creating a 2,500 person security team [Black Hat USA 2019]

    One of the major challenges is how to align, integrate and organise complimentary business units into single functions that operate across the new business. Matthew Gyde is the new CEO of NTT Security. At Black Hat 2019, in a very hot Las Vegas, he sat with Enterprise Times to talk through some of the challenges he and the new company face.
    Read More
  • Aug 22, 2019 | The Daily Swig

    HTTPS everywhere? Cloudflare planning improvements to middleware detection utility [Black Hat USA 2019]

    At Black Hat USA earlier this month, Cloudflare’s Gabriele Fisher and Luke Valenta offered a deep dive into HTTPS interception practices, in which TLS-terminating middleboxes or middleware can be used to potentially snoop on internet users, or even steal private data.
    Read More
  • Aug 22, 2019 | Dark Reading

    Aviation Faces Increasing Cybersecurity Scrutiny [Black Hat USA 2019]

    Boeing pushed back hard on the research just prior to the presentation at Black Hat, saying its existing network defenses would thwart the attack cases Santamarta posed, and that an attacker could not reach its avionics systems via those attack methods. IOActive had been in contact with Boeing for months after the initial findings, holding weekly teleconferences.
    Read More
  • Aug 22, 2019 | TechTarget

    Yubikey 5Ci for iPhone, biometric attacks, and other odds and ends from Black Hat [Black Hat USA 2019]

    I laid out my initial thoughts from Black Hat 2019 last week and also took a deeper look at Apple’s session around their new bug bounty program and research devices.
    Read More
  • Aug 22, 2019 | Security Ledger

    Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson [Black Hat USA 2019]

    In this week’s episode of the Podcast, # 156: we’re back at “hacker summer camp” in Las Vegas this week – also known as the Black Hat, B-Sides and DEF CON conferences, which bring tens of thousands of the world’s top security experts to the Las Vegas Strip.
    Read More
  • Aug 22, 2019 | ZDNet

    What is Black Hat and why is it so important? [Black Hat USA 2019]


    Read More
  • Aug 21, 2019 | Cyber Defense Magazine

    The Future of Cyber security: Putting the capital “C” in Community! [Black Hat USA 2019]

    As you know, Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a variety of people interested in information security ranging from non-technical individuals, executives, hackers, and industry-leading security professionals.
    Read More
  • Aug 21, 2019 | TechTarget

    Black Hat 2019 brings out new security, protection offerings [Black Hat USA 2019]

    The 22nd Black Hat conference in Las Vegas brought together a slew of vendors in network and data security with a variety of security offerings to pitch.
    Read More
  • Aug 19, 2019 | The Register

    KNOB turns up the heat on Bluetooth encryption, hotels leak guest info, city hands $1m to crook, and much, much more [Black Hat USA 2019]

    Let's run through all the bits and bytes of security news beyond what we've already covered. Also, don't forget our articles from this year's Black Hat, DEF CON, and BSides Las Vegas conferences in the American desert.
    Read More
  • Aug 19, 2019 | Threatpost

    Post GandCrab, Cybercriminals Scouring the Dark Web for the Next Top Ransomware [Black Hat USA 2019]

    Hi, everyone. I’m Lindsey O’Donnell with Threatpost and I’m here today at Black Hat USA 2019, here with Winnona DeSombre with Recorded Future. Winnona, how are you doing?
    Read More
  • Aug 19, 2019 | ITPro Today

    Black Hat 2019: Building Communities of Women in Security [Black Hat USA 2019]

    But also at Black Hat, I noted many initiatives and sessions to foster diversity in information security. One thing that surprised me was an on-site daycare offered this year where attendees could drop kids to attend sessions. Several other booths and groups along the floor were promoting women in infosec. As much as women are still few in number, there is movement and gains to increase their ranks in security.
    Read More
  • Aug 19, 2019 | ITSPmagazine

    Black Hat USA 2019 Event Coverage | A Conversation With Kymberlee Price [Black Hat USA 2019]

    Fortunately, both of these activities came together in a single setting during Black Hat, as Marco and I got to meet Kymberlee not only to discuss the micro summit, but to also hear about her journey in InfoSec and her role in establishing some of the best practices being leveraged by the industry for some time now—specifically via her work at Microsoft, at Bugcrowd, and Microsoft (again).
    Read More
  • Aug 19, 2019 | Active Cyber

    Diverse Set of Security Innovators Converge at Black Hat 2019 [Black Hat USA 2019]

    Black Hat 2019 has come and gone and I am still recovering from the sensory overload caused by the 19K+ attendees of this big conference amidst the backdrop of Las Vegas. My focus going into the conference was mainly on meeting startups… I was looking for something new – a solution that attacks the cyber problem from a new angle.
    Read More
  • Aug 17, 2019 | TechCrunch

    Voyage’s driverless future, ghost work, B2B growth strategies, and Black Hat takeaways [Black Hat USA 2019]

    In the autonomous vehicle space, startups have taken radically different strategies to building our AV future. Some companies like Waymo have driven all across different types of environments in order to rack up the datasets that they believe will be needed to effectively maneuver without a human driver.
    Read More
  • Aug 17, 2019 | VentureBeat

    The fight against deepfakes [Black Hat USA 2019]

    Last week at the Black Hat cybersecurity conference in Las Vegas, the Democratic National Committee tried to raise awareness of the dangers of AI-doctored videos by displaying a deepfaked video of DNC Chair Tom Perez. Deepfakes are videos that have been manipulated, using deep learning tools, to superimpose a person’s face onto a video of someone else.
    Read More
  • Aug 17, 2019 | Tech Zim

    Apple’s Face ID Can Be Bypassed By Using A Pair Of Glasses &Tape [Black Hat USA 2019]

    The details of the attack were explained on Black Hat USA 2019 which is an annual security conference. Researchers were able to get into the victim’s iPhone by using a modified pair of glasses. The glasses have a combination of white and black tape pasted on them and they call it the “X-glasses”- which you can see below
    Read More
  • Aug 16, 2019 | Security Boulevard

    Key Themes from Black Hat Conference 2019 [Black Hat USA 2019]

    It hasn’t even been a week since Black Hat Conference 2019. Somehow, it seems like it’s been longer than that. Speaking from both the vendor and attendee perspective, it was a fantastic event overall. I managed to squeeze in a couple sessions, and I had the opportunity to speak to a variety of attendees and visit vendor booths on the show floor. After 4 days and nearly 50,000 steps—some of it in 100-plus degree heat outdoors—I’m back in Houston and back to the daily grind and I’ve had some time to reflect on the time in Las Vegas.
    Read More
  • Aug 16, 2019 | Colorado Springs Business Journal

    Cause for alarm: Advice from a cyber summit [Black Hat USA 2019]

    From phony iPhones preloaded with malware to election meddling and the rules of cyberwar, Black Hat USA 2019 wrapped up in Nevada last week with something for everyone to lie awake worrying about. Unlike most of us, Shawn Murray was there, with about 17,000 other infosec professionals. He’s a cybersecurity consultant with the Pikes Pea
    Read More
  • Aug 16, 2019 | BGR

    Apple sues Corellium for creating virtual copies of iOS [Black Hat USA 2019]

    Apple also makes a point of highlighting its recent decision to give security researchers customized iPhones with fewer security barriers as to make it easier for serious exploits and bugs to be discovered. Ivan Krstic, Apple’s head of security and engineering, announced the new program at the Black Hat security conference earlier this month.
    Read More
  • Aug 16, 2019 | Grand Canyon University News

    GCU students log in to ‘hacker summer camp’ [Black Hat USA 2019]

    The GCU student, whose IT emphasis is in cybersecurity, was just one of 52 Lopes who made their way to Vegas for, not just Defcon, but for Black Hat, the world’s largest IT event. The back-to-back IT security and hacker gatherings — together they’re dubbed “hacker summer camp” — attracted tens of thousands of cyber professionals and enthusiasts.
    Read More
  • Aug 16, 2019 | Threatpost

    News Wrap: DejaBlue Bugs and Biometrics Data Breaches [Black Hat USA 2019]

    On the heels of Black Hat USA 2019 and DEF CON, Threatpost editors break down the biggest news of this past week ended Aug. 16, from Patch Tuesday craziness to publicly-exposed databases.
    Read More
  • Aug 16, 2019 | Dark Reading

    NSA Researchers Talk Development, Release of Ghidra SRE Tool [Black Hat USA 2019]

    NSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework
    Read More
  • Aug 16, 2019 | SC Magazine

    Red/Blue team exercises show defensive shortfalls: Survey [Black Hat USA 2019]

    The survey was conducted by Exabeam during Black Hat earlier this month.
    Read More
  • Aug 16, 2019 | IT Web

    Trend Micro fixes DLL hijacking vulnerability [Black Hat USA 2019]

    Hot on the heels of Black Hat where security vendors spoke to audiences about their ability to protect against breaches, SafeBreach discovered a new vulnerability in Trend Micro Password Manager software that could have led to DLL hijacking, privilege escalation, and code execution attacks.
    Read More
  • Aug 16, 2019 | Security Intelligence

    7 Can’t-Miss Cybersecurity Lessons From Black Hat USA and Vegas Security Week [Black Hat USA 2019]

    As Black Hat USA and DEF CON 2019 draw to a close, the security industry continues to buzz over events from the annual Las Vegas security week. Each year, nearly 20,000 security professionals, researchers and hackers convene on the Las Vegas strip for a week of cutting-edge security trainings, sessions and research. Black Hat and DEF CON sessions served up a shocking amount of internet of things (IoT) vulnerabilities and research on security best practices.
    Read More
  • Aug 16, 2019 | Digit India

    APPLE SUES MOBILE DEVICE VIRTUALISATION FIRM CORELLIUM ALLEGING IT ‘ILLEGALLY REPLICATED’ IOS, APPS [Black Hat USA 2019]

    Apple argues that Corellium’s iOS virtualisation product infringes on Apple's copyrights. The iPhone-maker says that Corellium has simply copied everything: the code, the graphical user interface, the icons -- all of it, in exacting detail. In fact, at the two-day Black Hat USA conference that concluded on August 8, Corellium emphasised that its “Apple product” is an exact copy of iOS, macrumours reported.
    Read More
  • Aug 16, 2019 | The New York Times

    The Week in Tech: Are Lawmakers Too Eager to Weaken Big Tech’s Legal Shield? [Black Hat USA 2019]


    Read More
  • Aug 16, 2019 | In Homeland Security

    Hackers Stole Over $4 Billion From Crypto Crimes In 2019 So Far, Up From $1.7 Billion In All Of 2018 [Black Hat USA 2019]

    As we’ve seen so many times again—most recently with the latest massive data breaches (Equifax, Capital One…), and the new exploits revealed at the Black Hat and DefCon hacking conferences — the Cloud is far from being the most secure place to store your data, even less your hard-earned money, especially in digital form.
    Read More
  • Aug 16, 2019 | Security Boulevard

    Software Vulnerabilities in the Boeing 787 [Black Hat USA 2019]

    At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called electronic flight bag, a collection of navigation documents and manuals used by pilots. Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane’s network. An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane’s safety-critical systems, including its engine, brakes, and sensors. Boeing maintains that other security barriers in the 787’s network architecture would make that progression impossible.
    Read More
  • Aug 16, 2019 | Security Boulevard

    The Business Challenges and Opportunities in Cybersecurity Black Hat USA 2019: Key Takeaways by Michael Vaillancourt [Black Hat USA 2019]


    Read More
  • Aug 16, 2019 | TechSpot

    Apple sues mobile device virtualization company Corellium for selling iOS clones [Black Hat USA 2019]

    What just happened? At the Black Hat Conference earlier this month, a small startup called Corellium showcased a tool that is claimed to provide customers access to virtual iOS devices inside a web browser. Apple has sued for damages and asked for an immediate ban on the sale of Corellium's product. The iPhone maker argues the tool is an "unlawful commercialization of Apple's valuable copyrighted works," or in other words an exact replica of iOS down to the underlying code.
    Read More
  • Aug 16, 2019 | Dark Reading

    Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown [Black Hat USA 2019]

    At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
    Read More
  • Aug 16, 2019 | VICE

    Apple’s Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market [Black Hat USA 2019]

    These announcements, made to much fanfare at the Black Hat security conference in Las Vegas, were met with delight and enthusiasm by the jailbreaking and iOS hacking community, who saw this as a “historic moment” for the security of iPhones all over the world.
    Read More
  • Aug 16, 2019 | Hackaday

    THIS WEEK IN SECURITY: BLACK HAT, DEF CON, AND PATCH TUESDAY [Black Hat USA 2019]

    Blackhat and DEF CON both just wrapped, and Patch Tuesday was this week. We have a bunch of stories to cover today.
    Read More
  • Aug 16, 2019 | CSO Online

    The best and worst of Black Hat 2019 [Black Hat USA 2019]

    Black Hat hit high notes and low last week in Vegas. Here's our roundup of what you missed.
    Read More
  • Aug 16, 2019 | ITSPmagazine

    Black Hat USA 2019 Event Coverage | A Conversation With Stephanie “Snow” Carruthers [Black Hat USA 2019]

    Next time you think that a social engineer is a social media expert or a criminal of some sort, do me a favor and look at yourself in the mirror — chances are you won't see either. One thing that you will see is a social engineer; all humans are social engineers—it is in our nature, and we are damn good at it.
    Read More
  • Aug 16, 2019 | Mashable

    Cybersecurity conference attendees possibly exposed to IRL virus [Black Hat USA 2019]

    Hackers and cybersecurity researchers who attended this year's annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in Vegas over the course of the conference may have been exposed to measles.
    Read More
  • Aug 16, 2019 |

    [Black Hat USA 2019]

    Hackers and cybersecurity researchers who attended this year's annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in Vegas over the course of the conference may have been exposed to measles.
    Read More
  • Aug 15, 2019 | TechCrunch

    But also at Black Hat, I noted many initiatives and sessions to foster diversity in information security. One thing that surprised me was an on-site daycare offered this year where attendees could drop kids to attend sessions. Several other booths and groups along the floor were promoting women in infosec. As much as women are still few in number, [Black Hat USA 2019]

    Black Hat and Def Con came and went as quickly as it ever does. The week-long pair of back-to-back conferences, referred to as “hacker summer camp,” draws in the security crowd from across the world onto Las Vegas, where startups tout their technologies as hackers and researchers reveal their findings.
    Read More
  • Aug 15, 2019 | MIMECAST BLOG

    MASS MARKET VS. TARGETED MARKETING: TECHNIQUES AND TECHNOLOGY BEHIND THESE TWO STRATEGIE [Black Hat USA 2019]

    One of the takeaways from the recently released report, Mimecast Threat Intelligence Report: Black Hat Edition 2019, is that some attackers use more simplistic attack strategies that are broadly deployed, whereas other attackers use more complex and sophisticated strategies that are deployed much more narrowly. The data for this report came from three months of analysis from Mimecast’s processing of nearly 160 billion emails on behalf of our customers. Not a small sample!
    Read More
  • Aug 15, 2019 | MacRumors

    Apple Files Lawsuit Against Virtualization Company Corellium for Illegally Replicating iOS and Apple Apps [Black Hat USA 2019]

    Corellium's product creates digital replicas of iOS, iTunes, and user interface elements available on a web-based platform or a custom platform built by Corellium. It is designed to create virtual iOS devices for the purpose of running iOS, and at the recent Black Hat USA conference, Corellium emphasized that its "Apple product" is an exact copy of iOS, able to allow researchers and hackers to find and test vulnerabilities.
    Read More
  • Aug 15, 2019 | TechRepublic

    How to limit the impact of data breaches [Black Hat USA 2019]

    At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Wendi Whitmore about how to defend against and respond to data breaches.The following is an edited transcript of the interview.
    Read More
  • Aug 15, 2019 | i-programmer

    Apple Opens IPhone To Security Researchers [Black Hat USA 2019]

    The announcements were made at this year's Black Hat cybersecurity conference in Las Vegas by Ivan Krstic, Apple's head of security.
    Read More
  • Aug 15, 2019 | Dark Reading

    5 Things to Know About Cyber Insurance [Black Hat USA 2019]

    After years of trying, Risk Based Security CISO Jake Kouns finally managed to get cyber insurance the attention he thinks it deserves. He had been submitting ideas for insurance-related talks for the annual Black Hat USA event since 2012 - and had been rejected four times. But at last week's Black Hat in Las Vegas, he led one of the sessions during a dedicated micro summit about cyber insurance.
    Read More
  • Aug 15, 2019 | TechCrunch

    What security pros need to know from Black Hat & Def Con 2019 [Black Hat USA 2019]

    Black Hat and Def Con came and went as quickly as it ever does. The week-long pair of back-to-back conferences, referred to as “hacker summer camp,” draws in the security crowd from across the world onto Las Vegas, where startups tout their technologies as hackers and researchers reveal their findings.
    Read More
  • Aug 15, 2019 | TechRepublic

    How to prevent data destruction from cybersecurity attacks [Black Hat USA 2019]

    At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Global Remediation Lead Christopher Scott about how cyberattackers get into environments, and why using multifactor authentication is crucial if you use an online service. The following is an edited transcript of the interview.
    Read More
  • Aug 15, 2019 | ZDNet

    Def Con and Black Hat 2019: Enterprise security is stronger than ever [Black Hat USA 2019]


    Read More
  • Aug 15, 2019 | Security Boulevard

    The Best Of Black Hat And DEF CON 2019 | Avast [Black Hat USA 2019]

    If you didn’t go to the Black Hat or DEF CON cybersecurity conferences last week in Las Vegas, we’ve got a quick summary of some of the best stories, presentations, social media, and just plain weirdness.
    Read More
  • Aug 15, 2019 | Metro Jornal

    Falha no WhatsApp permite alterar a resposta de mensagens citadas [Black Hat USA 2019]

    Durante uma apresentação realizada na conferência Black Hat, na semana passada, em Las Vegas (EUA), os pesquisadores, Dikla Barda, Roman Zaikin e Oded Vanunu, apresentaram uma ferramenta usada como prova de conceito.
    Read More
  • Aug 15, 2019 | CSO Online

    Black Hat 2019: 3 cybersecurity concerns and 3 things that give hope [Black Hat USA 2019]


    Read More
  • Aug 15, 2019 | Forbes

    Bug Bounties Go Big [Black Hat USA 2019]

    Not anymore. At the recent Black Hat security conference in Las Vegas, Ivan Krstić, Apple's head of security engineering and architecture, announced an overhaul of Apple’s bug bounty program that massively sweetens the payouts—the top award will jump from $200,000 to $1 million—and also opens it up to all researchers.
    Read More
  • Aug 15, 2019 | i-programmer

    Apple Opens IPhone To Security Researchers [Black Hat USA 2019]

    The announcements were made at this year's Black Hat cybersecurity conference in Las Vegas by Ivan Krstic, Apple's head of security.
    Read More
  • Aug 15, 2019 | Politico

    The cost of replacing paperless voting machines [Black Hat USA 2019]

    RED TEAM > BLUE TEAM — Nearly 70 percent of IT pros consider red team hackers more effective than the blue teams trying to stop them, Exabeam reported in a survey out today. More than one-third of those defensive teams fail to halt the red teams, the pros said in a survey conducted at Black Hat. Overall, 72 percent said their organizations perform red team tests, while 60 percent practice blue team.
    Read More
  • Aug 15, 2019 | BoingBoing

    Defeating Apple's Faceid's proof-of-life by putting tape over glasses' lenses [Black Hat USA 2019]

    Researchers from Tencent demo'ed the attack at Black Hat last week and used it to unlock a phone and approve a cash transfer from the owner's Apple Pay account to their own.
    Read More
  • Aug 15, 2019 | TechRepublic

    IBM's Wendi Whitmore explains why a data breach isn't a one-time cost and recommends cost-saving tips, which include having access to an incident response team. [Black Hat USA 2019]

    At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM's Wendi Whitmore about why a data breach isn't a one-time cost and recommends cost-saving tips, The following is an edited transcript of the interview.
    Read More
  • Aug 15, 2019 | Forbes

    Hackers Stole Over $4 Billion From Crypto Crimes In 2019 So Far, Up From $1.7 Billion In All Of 2018 [Black Hat USA 2019]

    As we've seen so many times again—most recently with the latest massive data breaches (Equifax, Capital One...), and the new exploits revealed at the Black Hat and DefCon hacking conferences— the Cloud is far from being the most secure place to store your data, even less your hard-earned money, especially in digital form.
    Read More
  • Aug 15, 2019 | Dark Reading

    68% of Companies Say Red Teaming Beats Blue Teaming [Black Hat USA 2019]

    A survey conducted by Exabeam at Black Hat USA 2019 found red teams, which are made up of internal or hired security experts who imitate cybercriminals' behavior to test a business' security defenses, are also more popular. Seventy-two percent of respondents conduct red team exercises, with 23% performing them monthly, 17% quarterly, 17% annually, and 15% biannually.
    Read More
  • Aug 15, 2019 | Channel Futures

    Cybersecurity Roundup: Black Hat USA 2019 Edition [Black Hat USA 2019]

    Last week’s Black Hat USA 2019 conference in Las Vegas drew record attendance and highlighted the latest hot topics in the fight against cybercriminals.
    Read More
  • Aug 15, 2019 | ZDNet

    Def Con and Black Hat 2019: Enterprise security is stronger than ever [Black Hat USA 2019]


    Read More
  • Aug 14, 2019 | Digital Munition

    Apple to offer up to $1.5 million to hackers who find flaws and report them to the company [Black Hat USA 2019]

    At a recent Black Hat security conference in Las Vegas, the tech giant took the opportunity to announce that it’s raising its reward to ethical hackers who uncover and disclose problematic susceptibilities directly to the company.
    Read More
  • Aug 14, 2019 | TechTarget

    Microsoft discovers BlueKeep-like flaws in Remote Desktop Services [Black Hat USA 2019]


    Read More
  • Aug 14, 2019 | Voice of America

    Apple Offers $1 Million to Anyone Who Can Break into iPhone [Black Hat USA 2019]

    The Black Hat conference is attended by many security researchers who attempt to hack the computer systems of companies and governments. The researchers seek security weaknesses that need to be fixed to prevent outside attackers from breaking into systems and devices.
    Read More
  • Aug 14, 2019 | Security Ledger

    Huge Survey of Firmware Finds No Security Gains in 15 Years [Black Hat USA 2019]

    Zatko presented the findings of CITL’s extensive study in Las Vegas on Friday on the sidelines of the Black Hat and DEF CON conferences at an event hosted by The Hewlett Foundation. CITL was started by Sarah and her husband Peiter (aka “Mudge”) Zatko. It bills itself as a kind of “Consumer Reports” for cyber security, partnering with that organization as well as The Ford Foundation, The Digital Standard and online payments firm Stripe.
    Read More
  • Aug 14, 2019 | Digital Munition

    Apple reveals special new iPhones for security researchers [Black Hat USA 2019]

    Apple is planning to supply special iPhones to security researchers next year to help them find security flaws in iOS. The devices will be made available to researchers that report bugs through the company’s invitation-only bug bounty program for iOS. Apple first launched this bug bounty program three years ago at the Black Hat conference, and it’s now extending its use at the same conference today to cover macOS, Apple Watch, Apple TV, and more.
    Read More
  • Aug 14, 2019 | Beebom

    New Vulnerabilities Can Alter Your WhatsApp Messages [Black Hat USA 2019]

    WhatsApp, a popular instant messaging platform now owned by Facebook with over 1.5 billion users across the globe has a major vulnerability that has not been fixed completely so far. The vulnerability was discovered by researchers at Check Point and was made public in Black Hat 2019, an annual Black Hat security conference.
    Read More
  • Aug 14, 2019 | Public Now

    Black Hat, DEF CON, And BSides 2019: Highlights And Emerging Industry Trends [Black Hat USA 2019]

    As Hacker Summer Camp comes to a close, we sat down with a few friends in the security space to discuss the major highlights from Black Hat, DEF CON, and BSides and what have emerged as the latest industry trends over the past week.
    Read More
  • Aug 14, 2019 | Data Center Knowledge

    Black Hat 2019: Investment, Interest in AI for Security Ramps Up [Black Hat USA 2019]

    An emphasis on AI was clear at this year’s Black Hat event in Las Vegas, where several vendors were promoting platforms that leverage AI and machine learning capabilities to address threat detection.
    Read More
  • Aug 14, 2019 | Threatpost

    TikTok Scammers Cash In On Adult Dating, Impersonation Tricks [Black Hat USA 2019]

    LO: I’m good just coming off of Black Hat craziness, so a little tired. So Tenable on the kind of outskirts of Black Hat has come out with some new research today about several popular scams that are taking a hold of the popular video platform TikTok, which is very prevalent. I mean, it’s the number one app for App Store downloads and the number three download overall in terms of apps. So with that kind of success, obviously comes security issues, as we’ve seen in the past with other apps and social media platforms. So Satnam, can you give us some context about TikTok, what do we need to know about the social platform as it relates to the attacks that you’ve outlined in your research?
    Read More
  • Aug 14, 2019 | Security Boulevard

    NEW TECH: Trend Micro inserts ‘X’ factor into ‘EDR’ – endpoint detection and response [Black Hat USA 2019]

    With all the talk of escalating cyber warfare, the spread of counterfeit smartphones and new forms of self-replicating malware, I came away from Black Hat USA 2019 (my 15th) marveling, once more, at the panache of modern cyber criminals.
    Read More
  • Aug 14, 2019 | Security Boulevard

    Black Hat Recap: Automation is Key to Managing Threats and Scaling the Future of Security (Video) [Black Hat USA 2019]

    Another Black Hat USA is in the books, and anyone leaving the festivities feeling apprehensive about the state of security seems well justified.
    Read More
  • Aug 14, 2019 | Coindesk

    Meet FumbleChain, the Deliberately Flawed Blockchain [Black Hat USA 2019]

    Demonstrated for the first time last Thursday at the Black Hat infosec event, the deliberately flawed technology is meant to act as an educational tool for crypto developers.
    Read More
  • Aug 14, 2019 | CSO Online

    Thoughts from Defcon 27 – This is why I do what I do [Black Hat USA 2019]

    Every year, thousands of security professionals descend upon Las Vegas to take part in a series of conferences known as Hacker Summer Camp. This year, Black Hat, BSides Las Vegas, Defcon 27 and the Diana Initiative took up the majority of the conference space. So, what makes this one of the most relevant and successful security conferences?
    Read More
  • Aug 14, 2019 | VICE

    Apple’s New Bug Bounty Is a ‘Historical Moment’ For the iPhone’s Security [Black Hat USA 2019]

    The company’s head of security engineering Ivan Krstic made these announcements at the Black Hat security conference on Thursday of last week. What he didn’t say is that this is a major win not only for iOS hackers and jailbreakers, but also for users—and ultimately even for Apple.
    Read More
  • Aug 14, 2019 | Techspective

    Qualys Has a Prescription for Better Cybersecurity [Black Hat USA 2019]

    One of the first things I saw when I arrived in Las Vegas for Black Hat—aside from the flashing lights of the banks of slot machines and the large neon “Welcome to Las Vegas” sign in the airport terminal—was an ad on the wall for Qualys. The ad shows a red and white pill with the Qualys logo, accompanied by the tagline “A New Prescription for Security and It’s Free.”
    Read More
  • Aug 14, 2019 | Brian Madden Blog

    Apple finally expands bug bounty program, talks about research devices at Black Hat [Black Hat USA 2019]

    On the last day of Black Hat 2019, I attended an interesting session where Apple provided a peek behind the curtain on macOS and iOS security, as well as finally announced an expansion to Apple’s bug bounty program and its new iOS Security Research Devices.
    Read More
  • Aug 14, 2019 | Enterprise Times UK

    Threat hunting, attribution and identifying what motives threat actors [Black Hat USA 2019]

    Jaime Blasco is the AVP Product Development at Alien Labs, part of AT&T Cybersecurity. At Black Hat 2019, Jaime sat down with Enterprise Times to talk about threat intelligence. It’s a subject that is high on a lot of organisations agenda. The problem, is that many organisations don’t know what to do with it. They are overwhelmed by the intelligence they gather and when they try and DIY, they lack the tools. But when they go to many vendors, what they get are a series of alerts which often lack an actionable element.
    Read More
  • Aug 14, 2019 | Expert Reviews UK

    Millions of Android phones at risk of shipping with malware pre-installed [Black Hat USA 2019]

    Millions of Android phones are at risk of shipping with malicious pre-installed apps, a recent report from Black Hat has uncovered. The findings were presented by Maddie Stone, a former employee of Android Security and current member of the Project Zero team, who revealed that it’s near-impossible to protect your device against the flaw.
    Read More
  • Aug 14, 2019 | Security Boulevard

    Black Hat 2019 Highlights [Black Hat USA 2019]

    Last week, a number of nCipher employees attended the 2019 Black Hat USA conference. The booth, which saw around 1,000 visitors, was home to a mix of activity.
    Read More
  • Aug 14, 2019 | Security Boulevard

    New Switch Vulnerability Discovered by Nozomi Networks Labs [Black Hat USA 2019]

    Nozomi Networks Labs responsibly disclosed the security issue to Siemens CERT and CISA. This effort is part of ongoing research conducted by Nozomi Networks Labs to test common devices for vulnerabilities. For example, the Labs team recently presented its research on securing intelligent electronic devices (IEDs) using the IEC 62351-7 Standard for Monitoring at BlackHat 2019. While doing this analysis, we discovered a previously unknown device vulnerability.
    Read More
  • Aug 14, 2019 | Help Net Security

    Optimizing the patch management process [Black Hat USA 2019]

    In this podcast recorded at Black Hat USA 2019, Jimmy Graham, Senior Director of Product Management at Qualys, discusses the importance of a tailored patch management process.
    Read More
  • Aug 13, 2019 | Heise Online

    Forscher manipulieren Inhalt und Absender von WhatsApp-Nachrichten [Black Hat USA 2019]

    Auf der diesjährigen Black-Hat-Konferenz demonstrierte ein Forscherteam live, dass Angreifer unter bestimmten Voraussetzungen Inhalt und Absender per WhatsApp verschickter Kurznachrichten auf verschiedene Arten verändern könnten.
    Read More
  • Aug 13, 2019 | Digital Munition

    ‘Bug bounty’: Apple to pay hackers more than $1m to find security flaws | Technology [Black Hat USA 2019]

    Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 13, 2019 | Lifeboat

    Pre-installed apps in 7 million Android devices found containing malware [Black Hat USA 2019]

    At the Black Hat cybersecurity conference in Las Vegas, Maddie Stone, a security researcher on Project Zero and who previously served as Senior Reverse Engineer & Tech Lead on Android Security team, revealed that her team discovered three instances of Android malware being pre-installed in budget Android phones in the recent past.
    Read More
  • Aug 13, 2019 | Digital Munition

    Black Hat 2019 brings out new security, protection offerings [Black Hat USA 2019]

    At the 22nd annual Black Hat conference in Las Vegas for computer security consulting, training and briefing, industry experts came together from Aug. 3 to 8 to discuss emerging threats in cybersecurity, such as new attack methods and critical vulnerabilities across various industries. The conference also served as the birthplace for many potential answers to the security issues highlighted. Vendors in security and networking used Black Hat as an opportunity to unveil their newest products and services to the tens of thousands of attendees that ranged from executives and security professionals to small-business owners to individuals with an interest in the cybersecurity world.
    Read More
  • Aug 13, 2019 | Insurance Journal

    Car Makers Befriend Hackers to Learn About Cyber Vulnerabilities [Black Hat USA 2019]

    Known for its sprawling resorts and casinos, Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference.
    Read More
  • Aug 13, 2019 | Semiconductor Engineering

    System Bits: Aug. 13 [Black Hat USA 2019]

    The team presented their findings at the recent Black Hat USA conference in Las Vegas, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7.
    Read More
  • Aug 13, 2019 | Within Nigeria

    Apple Offers $1m Reward To Anyone Who Can Hack An IPhone [Black Hat USA 2019]

    The bounty, which was announced by the iPhone-maker at the annual Black Hat hacker convention in Las Vegas, is the company’s biggest ever.
    Read More
  • Aug 13, 2019 | Teach Beacon

    Zero-trust in a cloud-native world: Best practices emerge [Black Hat USA 2019]

    How the industry should update zero-trust in today’s cloud-native computing world is the question I hoped to answer at this year’s Black Hat USA conference in Las Vegas. To this end, I whittled the list of vendor PR pitches down to four from companies that were breaking the zero-trust mold.
    Read More
  • Aug 13, 2019 | Digital Munition

    Millions of New Android Phones Sold With Preinstalled Malware [Black Hat USA 2019]

    Stone shared her team’s findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file.
    Read More
  • Aug 13, 2019 | Digital Munition

    Black Hat USA 2019 Featuring Cisco, Webroot, Microsoft [Black Hat USA 2019]

    A record 19,000-plus cybersecurity professionals descended on Las Vegas last week for the massive Black Hat USA 2019 conference.
    Read More
  • Aug 13, 2019 | Pulse2

    "Apple Is Offering A $1 Million Reward For Anyone Who Can Hack An iPhone " [Black Hat USA 2019]

    Ivan Krstić — the Head of Security Engineering and Architecture at Apple — announced the bug bounty at Black Hat. And Apple is also launching a bug bounty program for Macs, watchOS, and Apple TV. Apple will also give developer devices to bug bounty participants.
    Read More
  • Aug 13, 2019 | Fifth Domain

    What government can do to keep its cyber workforce [Black Hat USA 2019]

    “They have to value these people, and I don’t know that they’re fully valued,” said Greg Conti, current senior security strategist at IronNet, former director of the Army Cyber Institute and a senior cyber warfare adviser to U.S. Cyber Command, in an Aug. 8 interview at Black Hat 2019, held in the Mandalay Bay Resort & Casino.
    Read More
  • Aug 13, 2019 | Olajide TV

    Apple Offers $1m To Anyone Who Can Hack An iPhone [Black Hat USA 2019]

    The bounty, which was announced by the iPhone-maker at the annual Black Hat hacker convention in Las Vegas, is the company’s biggest ever.
    Read More
  • Aug 13, 2019 | Insinuator

    Black Hat US 2019 / Some Talks [Black Hat USA 2019]

    I’ve been at Black Hat Vegas last week and in the following I’ll shortly discuss some talks I’ve attended and which I found interesting.
    Read More
  • Aug 13, 2019 | FlyerTalk

    Leaked Dreamliner Code Reveals “Startling” Vulnerabilities [Black Hat USA 2019]

    A cybersecurity researcher has offered a presentation on exploitable bugs he discovered in the code used in Boeing Dreamliner aircraft this week at the Black Hat cybersecurity conference in Las Vegas. Ruben Santamarta says he was surprised to find the code used in Boeing’s 737 and 787 aircraft readily available online, but he was even more shocked to find flaws in the software which could allow hackers to take control of some of the Dreamliner’s systems.
    Read More
  • Aug 13, 2019 | Paste Magazine

    Google Researchers Say Android Malware Could Come Pre-Installed on Devices [Black Hat USA 2019]

    "In a talk called “Securing The System” at last week’s Black Hat cybersecurity conference, Google researcher Maddie Stone outlined how pre-installed applications are exploited to run malware without the user’s knowledge. This security vulnerability is especially acute for Android’s open-source operating system, which is a favorite for low-budget Android device-makers. Typically, an Android device has about 100-400 pre-installed applications (don’t confuse them with the other sense of the word apps—not all of them have icons on your home screen). Since these apps are pre-installed, anti-virus software does not detect them if they behave maliciously, and they can never be entirely deleted from the device, only deactivated.
    Read More
  • Aug 13, 2019 | Digital Information World

    "Hackers can Change the Messages received on WhatsApp" [Black Hat USA 2019]

    "An annual Black Hat security conference was held on 7th August in Las Vegas. At conference Israeli Security Company, Check Point disclosed the WhatsApp's vulnerability that let hackers change the message and also modify the sender’s identity.
    Read More
  • Aug 13, 2019 | IT Pro Today

    BGP Hijackings Take on New Meaning in Cybersecurity Climate [Black Hat USA 2019]

    The Border Gateway Protocol is vulnerable to malicious actors -- and as of right now, little can be done about it from a security perspective, although there have been attempts to make it more reliable. Despite the apparent risk, last week's Black Hat and Def Con events didn't have one session that mentioned BGP hijackings.
    Read More
  • Aug 13, 2019 | IT Pro Today

    Black Hat 2019: The Promise of 5G Also Brings Security Concerns [Black Hat USA 2019]

    While several large cities in the US are rolling out 5G networks, before we get to a world with the widespread use of 5G, a lot obviously needs to be worked out with the security around it too. Hailed initially as an ultra-secure protocol, one session at Black Hat proved that to be far from true.
    Read More
  • Aug 13, 2019 | CRN

    Microsoft opens security lab to test vulnerabilities [Black Hat USA 2019]

    Microsoft has introduced the Azure Security Lab — a dedicated customer-safe Cloud environment, at the Black Hat USA 2019 conference. The Azure Security Lab is a set of dedicated Cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios.
    Read More
  • Aug 13, 2019 | We Live Security

    Hacking my airplane – BlackHat edition [Black Hat USA 2019]

    Until it did. Here at BlackHat a while back we got to see videos of vehicles swerving out of control following a hack. Thankfully, the automotive industry came to terms with the hacking reality, and (some) even sponsored hacking opportunities like the automotive hacking village here at DefCon later in the week. It was a very positive turn of events. By engaging the hacker culture in a more open way, automobile technology started to get better at defending against hacks, which helps to keep us all safe.
    Read More
  • Aug 13, 2019 | Cisco Magazine

    What I learned at the Black Hat USA 2019 Conference [Black Hat USA 2019]

    The phrase ‘black hat’ refers to a hacker with criminal intentions, so I expected my first trip to the Black Hat USA conference held in Las Vegas this year to give me exposure to the shady underbelly of the cybersecurity world.
    Read More
  • Aug 13, 2019 | Cisco Magazine

    Apple offers $1 million Bug Bounty to hack its iPhone [Black Hat USA 2019]

    Speaking at the Black Hat technology security conference in Las Vegas, Krstic stated that the company is also going to reward another $500,000 (£415,500) to those who can find a Network Attack or any other technical flaws in its devices, making it more lucrative to security researchers.
    Read More
  • Aug 13, 2019 | Inc.

    Apple Will Give You $1 Million if You Can Do This 1 Thing (and Why It's Happy to Do So) [Black Hat USA 2019]

    "Apple's bug-bounty program has been around since 2016, but the company just upped the ante last week during the Black Hat cybersecurity conference in Las Vegas. Of course, in order to get paid, you have to show that you're able to gain remote access to the core functionality of iOS without the device's owner doing anything at all.
    Read More
  • Aug 13, 2019 | Dark Reading

    2019 Pwnie Award Winners (And Those Who Wish They Weren't) [Black Hat USA 2019]

    The awards ceremony, held at the Black Hat USA security conference, bears little resemblance to the Oscars, Grammys, Emmys, or pretty much any other awards show. There's no glitz or glamour. The dress code is strictly informal; shorts and T-shirt are perfectly acceptable sartorial choices. Judges lightheartedly B-box and/or thigh-slap the drumrolls, and the awards themselves recognize not just excellence in the field of information security, but also the more dubious distinctions and epic fails.
    Read More
  • Aug 13, 2019 | Security Boulevard

    Building a Culture of Security: 73 articles Summarizing Black Hat USA 2019 [Black Hat USA 2019]

    If there was a common theme at the 2019 Black Hat USA conference in Las Vegas, it may well have been security culture. Culture emerged in some of the most prominent sessions and talks, including, notably, a keynote address by Dai Zovi and a session presented by Equifax CISO Jamil Farshchi.
    Read More
  • Aug 13, 2019 | Naked Security

    Fake news doesn’t (always) fool mice [Black Hat USA 2019]

    Still, the ability of mice to recognize real vs. fake phonetic construction can come in handy for sniffing out deep fakes. According to researchers at the University of Oregon’s Institute of Neuroscience, who presented their findings during a presentation at the Black Hat security conference last Wednesday (7 August), recent work has shown that “the auditory system of mice resembles closely that of humans in the ability to recognize many complex sound groups.”
    Read More
  • Aug 13, 2019 | Health IT Security

    Google Finds Phishing Success Based on Targeted Nature, Evolving Variants [Black Hat USA 2019]

    Presented at Black Hat last week, the report showed that Google blocks more than 100 million phishing emails every day. Google Safe Browsing protects about 4 billion devices from phishing and other malicious sites.
    Read More
  • Aug 13, 2019 | Pulse2

    Apple Is Offering A $1 Million Reward For Anyone Who Can Hack An iPhone [Black Hat USA 2019]

    Apple is providing a reward of up to $1 million for hackers who can break into an iPhone and inform the company about how it was done. Apple announced the massive bug bounty at the annual Black Hat hacker convention in Las Vegas last week. This is Apple’s largest-ever bug bounty and it is five times bigger than its previous largest payout.
    Read More
  • Aug 13, 2019 | The Cyberwire

    Black Hat and Def Con [Black Hat USA 2019]

    Cyber insurance policies currently fetch a surprisingly low premium, as TechTarget notes from discussions it heard at Black Hat. The low cost is a supply-side phenomenon: a lot of insurers are working to get into the market, and they're competing on price. But the low premiums being charged probably mean that the underwriters are still working without the actuarial data and models they need to be fully comfortable with the risk they're accepting in transfer from their customers. Expect prices to change as the actuaries catch up with the consequences of cyber incidents.
    Read More
  • Aug 13, 2019 | The Cyberwire Podcast

    Episode 913 [Black Hat USA 2019]

    "More on the UN Security Council’s report on North Korean state-sponsored cyber crime. PsiXBot evolves. BITTER APT probes Chinese government networks in an apparent espionage campaign. A study looks at the state of spearphishing. It’s not just the three-letter agencies out securing US voting systems; it’s the four-letter agencies who are taking point. And a last look back at Black Hat and Def Con. Jonathan Katz from UMD on Apple’s clever new cryptographic protocol. Guest is Mike Overly from Foley and Lardner LLP on the House’s hold on the State Department’s proposal for a Bureau of Cyberspace Securities and Emerging Technologies.
    Read More
  • Aug 13, 2019 | Ars Technica

    Hack in the box: Hacking into companies with “warshipping” [Black Hat USA 2019]

    Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque. At the Black Hat security conference here last week, Ars got a close look at the hardware that has weaponized cardboard.
    Read More
  • Aug 13, 2019 | Wall Street Journal

    Researchers Hack Into Industrial Equipment Thought to Be Secure [Black Hat USA 2019]


    Read More
  • Aug 13, 2019 | SANS Security Insights

    Don't Fear DevOps: Black Hat 2019 [Black Hat USA 2019]

    BLACK HAT 23, LAS VEGAS — During his keynote at the Black Hat security conference last Wednesday, Dino Dai Zovi, Staff Security Engineer at Square, challenged the audience to fully immerse themselves in DevOps in order to support today's pace of web- and cloud-based business.
    Read More
  • Aug 13, 2019 | Bitcoin.com.mx

    Una blockchain vulnerable para aprender sobre las trampas de seguridad [Black Hat USA 2019]

    Un ejemplo de ello es el proyecto, Hack the Block! FumbleChain, desarrollado por la compañía Kudelski, el cual fue lanzado durante la conferencia de Black Hat, evento realizado en Las Vegas, Estados Unidos del 3 al 8 de agosto.
    Read More
  • Aug 12, 2019 | Ubergizmo

    WhatsApp Flaw Lets Hackers Alter Your Chats [Black Hat USA 2019]

    During a recent Black Hat security conference held in Las Vegas, it has been revealed by the researchers that there are several WhatsApp flaws in which it would allow chat messages to be altered. This means that in theory, a hacker could take a message and change its contents to make it seem like a completely different message.
    Read More
  • Aug 12, 2019 | Dice

    Apple Offering Insane Payday for This Type of Bug [Black Hat USA 2019]

    At this year’s edition of the Black Hat security conference in Las Vegas, Ivan Krstic, Apple’s head of security engineering and architecture, told the audience (and the world at large) that Apple would give that million-dollar payday to anyone who discovered a remote attack that allowed an attacker to gain total control of a user’s iPhone without that user doing anything to help.
    Read More
  • Aug 12, 2019 | Find Biometrics

    Researchers Use Tape and Glasses to Spoof Face ID Liveness Detection [Black Hat USA 2019]

    The technique is effective because the Face ID algorithm does not make a complete scan when the user is wearing glasses. Tencent’s researchers were able to use the “X-Glasses” to unlock someone’s phone and authorize a financial transaction, and presented their findings at the recent Black Hat conference in Las Vegas.
    Read More
  • Aug 12, 2019 | Xinhua Net

    国际顶尖黑客如何一决高下 [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | Reuters TV

    Black Hat Def Con Pose Challenge to Las Vegas [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | Wall Street Journal

    Hackers Go Pro, Seeking Bounties for Bugs [Black Hat USA 2019]

    LAS VEGAS—Finding fundamental flaws in software used to be a shady business. Companies often mistrusted the researchers who brought bugs to their attention, dealing with them at arm’s length, if at all.
    Read More
  • Aug 12, 2019 | USA Today

    WiFi can be a free-for-all for hackers. Heres how to stop them from taking your data [Black Hat USA 2019]

    LAS VEGAS — The connectivity at Black Hat and DEF CON is not where you want to gamble. Both conferences attract thousands of information-security professionals, some of whom will snoop around networks here.
    Read More
  • Aug 12, 2019 | Futurism

    HACKERS ARE ROASTING A TERRIBLE SPONSORED TALK AT BLACK HAT [Black Hat USA 2019]

    Cybersecurity experts at the Black Hat security conference in Las Vegas last week ridiculed a bizarre, sponsored presentation by a company called Crown Sterling to the point that its materials got taken off of the conference website.
    Read More
  • Aug 12, 2019 | VICE

    Google Hackers Found 10 Ways to Hack an iPhone Without Touching It [Black Hat USA 2019]

    Project Zero has returned with a new report by researcher Natalie Silvanovich highlighting 10 new ways that the iPhone can be covertly compromised by hackers. Silvanovich and fellow Project Zero researcher Samuel Groß revealed the flaws last week at the Black Hat hacking and security conference in Las Vegas.
    Read More
  • Aug 12, 2019 | TechTarget

    Black Hat 2019 brings out ne security, protection offerings [Black Hat USA 2019]

    At the 22nd annual Black Hat conference in Las Vegas for computer security consulting, training and briefing, industry...
    Read More
  • Aug 12, 2019 | Mobile ID World

    Tencent Researchers Beat Face ID Liveness Detection with Glasses and Tape [Black Hat USA 2019]

    The technique is effective because the Face ID algorithm does not make a complete scan when the user is wearing glasses. Tencent’s researchers were able to use the “X-Glasses” to unlock someone’s phone and authorize a financial transaction, and presented their findings at the recent Black Hat conference in Las Vegas.
    Read More
  • Aug 12, 2019 | Security Boulevard

    Black Hat 2019 Recap: Transformation & the New Cybersecurity Culture [Black Hat USA 2019]

    As the security industry finally leaves Las Vegas after a full week of Black Hat, Defcon, and Bsides, we wanted to set aside some time to take stock and think about all the trainings, presentations, research, and conversations during our week in the desert. One of the overarching takeaways that was cemented by Dino Dai Zovi’s keynote is the critical need for security to become embedded in our culture.
    Read More
  • Aug 12, 2019 | iConnect 007

    TAU and TechnionResearchers Hack One of World's Most Secure PLCs [Black Hat USA 2019]

    The team is slated to present their findings at Black Hat USA week in Las Vegas this month, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7.
    Read More
  • Aug 12, 2019 | Haber7

    Apple, bunu yapabilene 1 milyon dolar ödül verecek [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | IT Pro Today

    Black Hat 2019: Can Products Make Up Security Talent Shortfall? [Black Hat USA 2019]

    At this year’s Black Hat event in Las Vegas, several vendors in the talent and training space introduced new concepts and ideas for addressing the so-called skills gap that's leaving roles in security departments empty.
    Read More
  • Aug 12, 2019 | IT Pro Today

    Black Hat 2019: Investment, Interest in AI for Security Ramps Up [Black Hat USA 2019]

    An emphasis on AI was clear at this year’s Black Hat event in Las Vegas, where several vendors were promoting platforms that leverage AI and machine learning capabilities to address threat detection.
    Read More
  • Aug 12, 2019 | Naked Security

    GDPR privacy can be defeated using right of access requests [Black Hat USA 2019]

    In his session entitled GDPArrrrr: Using Privacy Laws to Steal Identities at this week’s Black Hat show, Pavur documents how he decided to see how easy it would be to use right of access requests to ‘steal’ the personal data of his fiancée (with her permission).
    Read More
  • Aug 12, 2019 | Naked Security

    Apple will hand out unlocked iPhones to vetted researchers [Black Hat USA 2019]

    Well, here’s some good news for a select group of researchers: at the Black Hat 2019 security conference on Thursday, Apple’s head of security, Ivan Krstic, unveiled a new program through which the company is offering some form of pre-dev iPhones, specifically for security researchers.
    Read More
  • Aug 12, 2019 | News Guardian

    Apple is offering £830,000 to anyone who can hack an iPhone [Black Hat USA 2019]

    Apple’s head of security, Ivan Krstić, recently announced the news at the Black Hat technology security conference in Las Vegas.
    Read More
  • Aug 12, 2019 | Decipher

    PHISHERS PLAY ON EMOTIONS TO FOOL VICTIMS [Black Hat USA 2019]

    The researchers presented their results at the Black Hat USA conference here, and in addition to the findings on emotional responses, they found that targeted phishing is more common and effective than bulk campaigns. The massive phishing spam runs pushing pharmaceuticals, lottery scams, and gift cards are still out there, but those emails rarely make it into users’ inboxes these days, thanks to better detection methods. The ones that present the clear and present danger to most people are the spear phishing or boutique phishing campaigns. Spear phishing targets a handful of individual people or organizations and boutique campaigns go after a few dozen companies or people. Google’s numbers show that enterprises are 4.8 times more likely to be targeted by phishing campaigns than any other group.
    Read More
  • Aug 12, 2019 | Analytics India Magazine

    5 Biggest Cybersecurity Updates From Black Hat 2019 You Should Know [Black Hat USA 2019]

    The biggest event for hackers concluded in Las Vegas last week. During the conference, there were many revelations that threw light on the cybersecurity space and some of them were shocking enough to get all the eyes. Here are the top updates that came out of Black Hat conference that you need to know about:
    Read More
  • Aug 12, 2019 | The Cyberwire Podcast

    Black Hat and Def Con [Black Hat USA 2019]

    Black Hat and Def Con have concluded. Here are few observations about the discussion of technology and policy that took place at the events.
    Read More
  • Aug 12, 2019 | MSSPalert

    A. Today’s MSSP Alerts [Black Hat USA 2019]

    1. Black Hat 2019 and 2020: The Black Hat 2020 cybersecurity conference dates and location are now confirmed. Track all of our Black Hat conference news and analysis here. Special thanks to the more than 30 executives and companies with whom we met at last week’s event. We’ll be sharing more event thoughts soon.
    Read More
  • Aug 12, 2019 | Brian Madden Blog

    Black Hat 2019: Learning about the latest in authentication, workspaces, and security [Black Hat USA 2019]

    Black Hat 2019 felt like a blur to me as I ran from meeting to session to meeting (while still finding time for the business hall). I sat down with over a half dozen vendors, some old and new to me, and attended several interesting sessions.
    Read More
  • Aug 12, 2019 | Wellington Research

    Black Hat Notes: A Cyber Industry In Transition [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | Wellington Research

    Black Hat Notes: Dirt NOT Dished Here [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | Channel Partners Online

    Image Gallery: Black Hat USA 2019 Featuring Cisco, Webroot, Microsoft [Black Hat USA 2019]

    A record 19,000-plus cybersecurity professionals descended on Las Vegas last week for the massive Black Hat USA 2019 conference.
    Read More
  • Aug 12, 2019 | Tech Target

    Why cyber insurance policies are so 'ridiculously cheap' [Black Hat USA 2019]

    The cyber insurance market is growing rapidly and policies are incredibly inexpensive -- but experts at Black Hat 2019 had concerns about those low prices.
    Read More
  • Aug 12, 2019 | Digital Trends

    Google flags preinstalled malware as hidden threat on millions of Android phones [Black Hat USA 2019]

    Stone shared her team’s findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file.
    Read More
  • Aug 12, 2019 | IT Pro Today

    Black Hat 2019: Election security gets top billing at Black Hat, Def Con [Black Hat USA 2019]

    LAS VEGAS — With the U.S. still dealing with the fallout of the 2016 presidential election, and with the 2020 vote just 15 months away, the state of election security was top of mind at the Black Hat and Def Con security conferences last week.
    Read More
  • Aug 12, 2019 | News18

    Microsoft Azure Security Lab will Offer Cybersecurity Researchers a New Guinea Pig [Black Hat USA 2019]

    Microsoft has introduced the Azure Security Lab -- a dedicated customer-safe Cloud environment, at the Black Hat USA 2019 conference which convened here this week. The Azure Security Lab is a set of dedicated Cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers, according to Microsoft, Xinhua news agency reported.
    Read More
  • Aug 12, 2019 | Autoblog

    Automakers' vulnerabilities on display at hackers convention in Vegas [Black Hat USA 2019]

    Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference.
    Read More
  • Aug 12, 2019 | Threatpost

    Black Hat 2019 News Wrap: The Best and Worst of the Show [Black Hat USA 2019]

    Threatpost breaks down the highs and lows from Black Hat 2019, from new vulnerabilities and industry collaboration to a scandal around a sponsored session.
    Read More
  • Aug 12, 2019 | The Guardian

    Bug bounty': Apple to pay hackers more than $1m to find security flaws [Black Hat USA 2019]

    Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 12, 2019 | Online PC.ch

    WhatsApp bestreitet Expertenbericht über Schwachstellen [Black Hat USA 2019]


    Read More
  • Aug 12, 2019 | SMB Nation

    http://www.smbnation.com/big-data-analytics/2938-black-hat-the-cyber-shell-game-war-information-warfare-and-the-darkening-web [Black Hat USA 2019]

    Alexander Klimburg’s speech at Black Hat was well received and combined hacking, security and geopolitical topics. In this 1:1 interview after his presentation, Klimburg shares the six stages of cyber warfare and much more.
    Read More
  • Aug 12, 2019 | The Gaurdian

    'Bug bounty': Apple to pay hackers more than $1m to find security flaws [Black Hat USA 2019]

    Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 12, 2019 | PCMag

    Researcher Breaches iPhone by Sending an iMessage [Black Hat USA 2019]

    At Black Hat, a Google security researcher details numerous bugs in iMessage that could be exploited remotely without interaction from the victim.
    Read More
  • Aug 11, 2019 | z6Mag

    All you need is some sunglasses and some tape to bypass the iPhone’s FaceID [Black Hat USA 2019]

    There was a flaw in the liveness detection function of the biometric authentication system that is used by Apple for unlocking an iPhone using face recognition and that dangerous discovery has shocked attendees of the Black Hat hacker convention held in Las Vegas when cybersecurity researchers have managed to bypass the iPhone’s face recognition feature in just a mere 120 seconds and some things you can find in your desk.
    Read More
  • Aug 11, 2019 | VICE

    Apple Will Give You $1 Million to Hack an iPhone [Black Hat USA 2019]

    The bounty, which was announced by the iPhone-maker at the annual Black Hat hacker convention in Las Vegas on Thursday, is the company’s biggest ever -- in fact, it’s five times bigger than its previous largest payout.
    Read More
  • Aug 11, 2019 | CBS 8 News Now

    Black Hat Convention highlights the importance of cybersecurity [Black Hat USA 2019]

    The issue is one being talked about at the annual Black Hat Convention here in town.
    Read More
  • Aug 11, 2019 | iLounge

    Black Hat researchers demonstrate unlocking Face ID using ‘X-Glasses’ [Black Hat USA 2019]

    Tencent researchers have found a way to unlock another person’s iPhone by using tape, glasses and the unconscious person’s facial features. At the Las Vegas Black Hat conference, the group from Tencent demonstrated how they could fool the iPhone’s liveness detection feature, which was advertised to distinguish between real and fake facial features.
    Read More
  • Aug 11, 2019 | VICE

    Black Hat Talk About ‘Time AI’ Causes Uproar, Is Deleted By Conference [Black Hat USA 2019]

    A controversial sponsored talk at the Black Hat security conference caused an uproar among security professionals and prompted the conference to delete the talk from the internet.
    Read More
  • Aug 11, 2019 | HelpNet Security

    Week in review: SWAPGS attack, DNS security, vulnerable Siemens PLCs, Black Hat USA 2019 [Black Hat USA 2019]


    Read More
  • Aug 11, 2019 | ZDNet

    Two weird ways your iPhone or Mac can be hacked [Black Hat USA 2019]

    As for hacking into an iPhone, security researchers at the Black Hat hacker convention in Las Vegas managed to bypass the iPhone's Face ID authentication system in 120 seconds.
    Read More
  • Aug 11, 2019 | Latest Hacking News

    Apple Bug Bounty Program Expands To Include MacOS and Other Products [Black Hat USA 2019]

    Here comes good news for all researchers who demanded bug bounties for MacOS. Three years back, at Black Hat USA.
    Read More
  • Aug 11, 2019 | BeeBom

    You Can Unlock an iPhone Protected with Face ID Using Glasses and Tape [Black Hat USA 2019]

    The details of the attack were explained on Black Hat USA 2019 which is an annual security conference. Researchers were able to get into the victim’s iPhone by using a modified pair of glasses. The glasses have a combination of white and black tape pasted on them and they call it the “X-glasses“.
    Read More
  • Aug 11, 2019 | Shine.cn

    Microsoft introduces security lab to test vulnerabilities, attacks [Black Hat USA 2019]

    Microsoft has introduced the Azure Security Lab, a dedicated customer-safe cloud environment, at the Black Hat USA 2019 conference which convened here this week.
    Read More
  • Aug 11, 2019 | Reuters

    Automakers warm up to friendly hackers at cybersecurity conference [Black Hat USA 2019]

    Known for its sprawling resorts and casinos, Las Vegas once a year becomes the gathering place for tens of thousands of cybersecurity enthusiasts who attend DEF CON and the preceding corporate Black Hat conference.
    Read More
  • Aug 10, 2019 | Spiegel

    "It's not about exposing other manufacturers" [Black Hat USA 2019]

    Black Hat in Las Vegas
    Read More
  • Aug 10, 2019 | Xinhua Net

    黑帽黑客大会聚焦网络安全新趋势 [Black Hat USA 2019]


    Read More
  • Aug 10, 2019 | Xinhua Net

    Black Hat USA 2019 conference explores new trends in cybersecurity [Black Hat USA 2019]

    LAS VEGAS, Aug. 8 (Xinhua) -- Tens of thousands of the world's best cybersecurity professionals gathered in Las Vegas this week for the Black Hat USA 2019 cybersecurity conference, which focuses on latest development and new trend in cybersecurity.
    Read More
  • Aug 10, 2019 | Financial Express

    Apple offers $1 million if you can hack an iPhone [Black Hat USA 2019]

    The bounty was announced by the company at the annual Black Hat hacker convention in Las Vegas last week. It is said to be the biggest ever payout by the iPhone-maker.
    Read More
  • Aug 10, 2019 | The Telegraph UK

    Inside Black Hat, the world’s biggest ethical hacker conference in Las Vegas [Black Hat USA 2019]

    Black Hat, the world’s biggest annual cyber security conference, opened its doors in 1997 and has since grown from an obscure “hacker summer camp” for geeks into a vast and increasingly mainstream event sponsored by blue chip companies such as Cisco and Accenture. Attendees pay $3,000 a ticket to join hacking lessons, to network and relax in casinos.
    Read More
  • Aug 10, 2019 | WIRED

    SECURITY NEWS THIS WEEK: ELECTION SYSTEMS ARE WAY MORE VULNERABLE THAN WE THOUGHT [Black Hat USA 2019]

    HACKER SUMMER CAMP is here again! You know what that means: WIRED is back in Las Vegas for the annual Black Hat and Defcon security conferences, where we’re digging into the latest and greatest hacks on display. First, let’s talk about iPhones. A researcher found it’s possible to break into one just by sending a text message. To help uncover similar vulnerabilities in the future, Apple is handing out new, hacker-friendly iPhones to its favorite security researchers, and paying up to $1.5 million in bug bounties.
    Read More
  • Aug 10, 2019 | PCMag

    Black Hat Attendees: Sponsored Session Was 'Snake Oil Crypto' [Black Hat USA 2019]

    LAS VEGAS—The Black Hat security conference is no stranger to controversy, but that's usually limited to daring hacks or heated debates about privacy. This year, a sponsored session drew ridicule from attendees who claim it was little more than pseudoscience, and the uproar prompted Black Hat organizers to remove the content from the website.
    Read More
  • Aug 9, 2019 | Heise Online

    Soziale Netzwerke: Zweifelhafte Phishing-Tests mit Mitarbeitern [Black Hat USA 2019]

    Das erste Tool, das Jacob Wilkin im Rahmen einer Präsentation auf der Black-Hat-Konferenz vorstellte, nennt sich "Social Attacker". Die in Python geschriebene Software dient der weitgehenden Automatisierung von Phishing-Angriffen innerhalb von Facebook, LinkedIn, Twitter und VKontakte.
    Read More
  • Aug 9, 2019 | Heise Online

    Biometrics: Life detection in biometric authentication on the iPhone undone [Black Hat USA 2019]

    HC Ma of Tencent Security demonstrated during the Black Hat 2019 the research results of his colleagues who could not present themselves due to lack of visa. The hackers studied the ways in which face, voice, fingerprint, iris, or palm detection sensors determine whether a living human is interacting with them - or just a photo or voice record. This sets them apart from the researchers, who focused exclusively on kicking off the sensors themselves, while leaving aside features such as Apple's "attention checking for face ID".
    Read More
  • Aug 9, 2019 | Inside Cybersecurity

    New report describes acute threat from criminal cyber actors in Russia [Black Hat USA 2019]

    “The first rule of Russian dark web communities is to never target victims in CIS countries, especially Russia,” according to “The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime,” released Thursday at the Black Hat USA 2019 conference here.
    Read More
  • Aug 9, 2019 | Researcher details how GDPR, privacy laws can be manipulated for identity theft

    Researcher details how GDPR, privacy laws can be manipulated for identity theft [Black Hat USA 2019]

    James Pavur used the GDPR’s “right of access” provision, requiring companies to reveal information they hold on citizens upon their request, to collect data including his girlfriend’s social security number, date of birth, credit card activity and even account passwords. Pavur detailed the experience in a white paper released here at Black Hat.
    Read More
  • Aug 9, 2019 | Security Boulevard

    Live From Black Hat USA: Making Big Things Better the Dead Cow Way [Black Hat USA 2019]

    In InfoSec, we know and understand that hackers are not inherently bad. Many of them are hactivists looking to make positive change in the world. During the Black Hat panel discussion, “Making Big Things Better the Dead Cow Way,” Menn talked about how O’Rourke was 14 or 15 years old when he joined the cDc and left before the organization grew in notoriety, and that he interviewed a neo-Nazi in Texas and proceeded to let him hang himself with his own words. Even at that young age, he was all about diversity and engagement, especially within the cDc.
    Read More
  • Aug 9, 2019 | LiveMint

    Black Hat 2019 smokes out vulnerabilities in WhatsApp, iOS, Azure [Black Hat USA 2019]

    Your favourite messenger's end-to-end encryption may not be as secure as you think. At the Black Hat cybersecurity conference 2019 (August 7-8) in Las Vegas, security researchers from CheckPoint reverse-engineered WhatsApp's web source code to successfully intercept and manipulate private messages. WhatsApp isn't the only major platform that is under scrutiny at the conference.
    Read More
  • Aug 9, 2019 | Patently Apple

    While Face ID was hacked at the Black Hat Conference, the Plausibility of it occurring could only be found in a bad B-Movie [Black Hat USA 2019]

    The Black Hat 2019 Conference ran from August 3-8 and we reported earlier this week that Microsoft and Apple Leveled up their Hacker Bug Bounties. Yesterday Forbes posted a report titled "Black Hat USA 2019: Apple iOS New Flaws Let Hackers Break Into All iPhones." The report pointed out that "the Google team exploited the iOS vulnerabilities to hack and take control of an iPhone by just sending text messages."
    Read More
  • Aug 9, 2019 | SiliconANGLE

    Report from Black Hat: Escalating cyberthreats swirl around Apple, IoT and 5G [Black Hat USA 2019]

    “The thing that has really stood out to us is more IoT-based attacks,” Andrew Tsonchev, director of technology at Darktrace, said in an exclusive interview with SiliconANGLE at the Black Hat USA 2019 cybersecurity conference this past week in Las Vegas. “They slip under the radar and the impact is huge. IoT puts this in the firing line and so does 5G,” the next generation of wireless carrier networks.
    Read More
  • Aug 9, 2019 | CNET

    What a security researcher learned from monitoring traffic at Defcon [Black Hat USA 2019]

    The first time I saw Mike Spicer, I spotted him from a mile away. He was hard to miss as he threaded his way through the crowd at the 2017 Black Hat hacking conference in Las Vegas with 35 pounds of gear on his back.
    Read More
  • Aug 9, 2019 | ComputerWorld

    Apple announces a new iPhone (and you can’t have it) [Black Hat USA 2019]

    Ivan Krstić, Apple’s head of security engineering, provided big insights into Apple’s platform security during his presentation at Black Hat U.S. 2019.
    Read More
  • Aug 9, 2019 | ZDNet

    Black Hat 2019 trends: Social media influence campaigns, big business, ATM hacking [Black Hat USA 2019]

    CNET and CBS News Senior Producer Dan Patterson is reporting on the Black Hat USA 2019 cybersecurity conference in Las Vegas. He spoke with TechRepublic's Karen Roby about the main topics at Black Hat 2019.
    Read More
  • Aug 9, 2019 | IT Pro Today

    Black Hat: Using Tech to Offset User Behavior Risks [Black Hat USA 2019]

    At Black Hat 2019, several sessions looked at the human factors in security, and offered suggestions on preventing people from making costly errors.
    Read More
  • Aug 9, 2019 | IT Pro Today

    Black Hat 2019: Security Pros Must Start Informing Govt. Policies [Black Hat USA 2019]

    In two sessions at Black Hat 2019, security luminary Bruce Schneier, currently a fellow at the Harvard Kennedy School, made the argument for the need for the role public interest technologist and offered suggestions to address ways to get more individuals prepared for it, and to create more roles that demand the background.
    Read More
  • Aug 9, 2019 | Xinhua Net

    Spotlight: Black Hat USA 2019 conference focuses on new trend in cybersecurity [Black Hat USA 2019]

    Tens of thousands of the world's best cybersecurity professionals gathered in Las Vegas this week for the Black Hat USA 2019 cybersecurity conference, which focuses on latest development and new trend in cybersecurity.
    Read More
  • Aug 9, 2019 | PCMag

    Researcher Exploits GDPR Fears to Obtain Private Data [Black Hat USA 2019]

    GDPR grants you the right to access any personal data a company or other entity holds about you. But how are companies verifying that those data requests are legitimate? Some are not, one researcher revealed at Black Hat.
    Read More
  • Aug 9, 2019 | PCMag

    Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage [Black Hat USA 2019]

    Western audiences might view the disarray in Russian's intelligence agencies as a good thing, but security expert Kimberly Zenz argues at Black Hat that it just encourages risky behavior.
    Read More
  • Aug 9, 2019 | PCMag

    Black Hat 2019: The Craziest, Most Terrifying Things We Saw [Black Hat USA 2019]

    Black Hat is over for another year, but we'll be thinking of the fascinating and terrifying things we heard and saw for years to come.
    Read More
  • Aug 9, 2019 | Security Report

    Black Hat USA: perímetro controlado e além [Black Hat USA 2019]

    De volta a Las Vegas, a Black Hat USA encerrou nesta quinta-feira (08/08) a sua jornada, iniciada no dia 03 de agosto, apresentando as principais tendências e novidades em segurança da informação, cobrindo desde vulnerabilidades críticas encontradas em máquinas de votação, aeronaves, carros, dispositivos móveis, plataformas de mídia social e muito mais.
    Read More
  • Aug 9, 2019 | Business Insider

    Apple is offering a $1 million reward to anyone who can pull off this specific iPhone hack (AAPL) [Black Hat USA 2019]

    Apple announced the changes to its bug bounty program during the Black Hat cybersecurity conference in Las Vegas alongside other critical updates. In addition to the new $1 million reward, Apple also revealed that it's expanding the program to its other platforms such as macOS, tvOS, and watchOS, the software that powers its Mac, Apple TV, and Apple Watch products.
    Read More
  • Aug 9, 2019 | Channel E2E

    Hackers Disable MSP Backups, Launch Ransomeware Attacks [Black Hat USA 2019]

    Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce.
    Read More
  • Aug 9, 2019 | Politico

    Out in Vegas: DOJ, BlueKeep, VoIP phones [Black Hat USA 2019]

    The financial services industry has proven best at patching BlueKeep, the vulnerability that sparked worries about a massive attack on the scale of WannaCry or NotPetya, according to a SecurityScorecard analysis that coincides with a Black Hat presentation today. Across the industry, systems vulnerable to BlueKeep that were patched were typically patched within 13 days. Overall, the response to the vulnerability has been very slow, SecurityScorecard assessed.
    Read More
  • Aug 9, 2019 | Infosecurity Magazine

    #BHUSA: DevSecOps, Looking Beyond the Buzzword [Black Hat USA 2019]

    DevSecOps isn't just yet another meaningless buzzword, it's an approach that has a number of steps and real technologies that can be used to help effectively reduce risk. That's the message coming out of a session at the Black Hat USA conference in Las Vegas titled, "DevSecOps: What, Why and How."
    Read More
  • Aug 9, 2019 | SC Magazine

    Consumers feel privacy is no safer under GDPR [Black Hat USA 2019]

    Dave Meltzer, CTO at Tripwire, chatted with SC Media at Black Hat on the survey and sais that while some of the perceptions uncovered in the survey do reflect people’s gut reaction to the situation there is some evidence to prove that corporations are behaving differently under GDPR. He noted significant investment being made by companies in people, technology and processes by companies in order to comply with GDPR.
    Read More
  • Aug 9, 2019 | Computing

    NSA to build new features into its open-source malware analysis tool Ghidra [Black Hat USA 2019]

    Knighton and Delikat discussed their plans with specialist website Cyber Scoop before a session of the Black Hat security conference held in Las Vegas, California this week.
    Read More
  • Aug 9, 2019 | SC Magazine

    #BHUSA: Cult of the Dead Cow Members Discuss Hacktivism, Influence & Politicians [Black Hat USA 2019]

    In a panel at Black Hat USA, former members of the hacking collective Cult of the Dead Cow were joined by author Joseph Menn, who wrote the recent memoir Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World.
    Read More
  • Aug 9, 2019 | SC Magazine

    Destructive malware attacks double as attackers pair ransomware with disk wipers [Black Hat USA 2019]

    “Now you have to not only recover the data that you lost, but you have to recover the entire operating system along with that and that’s a larger effort for a company to work with,” said Christopher Scott, global remediation lead at X-Force IRIS, in a video interview with SC Media at Black Hat in Las Vegas. And that places more pressure on impacted organizations to acquiesce to the attackers’ demands.
    Read More
  • Aug 9, 2019 | Metro

    Apple to release super-exclusive new iPhone you’ll probably never get to try out [Black Hat USA 2019]

    Ivan Krstić told a group of tech security experts at the Black Hat conference that Apple would soon begin to hand out new iPhones to a chosen group of researchers.
    Read More
  • Aug 9, 2019 | Naked Security

    Parents, it’s time to delete Pet Chat from your child’s LeapPad [Black Hat USA 2019]

    The news about LeapFrog was released at Black Hat 2019 on Wednesday by the application security testing company Checkmarx.
    Read More
  • Aug 9, 2019 | Dark Reading

    Significant Vulnerabilities Found in 6 Common Printer Brands [Black Hat USA 2019]

    Printers have long been a target of vulnerability researchers and hackers. At the Black Hat Security Briefings in 2002, two security researchers demonstrated that HP printers could be remotely exploited using security weaknesses in a variety of access methods. In 2017, a graduate thesis presented a survey of the security flaws in printers and multifunction devices, identifying more than 125 printer vulnerabilities in the National Vulnerability Database dating back nearly 20 years.
    Read More
  • Aug 9, 2019 | Threatpost

    Misinformation to Voting Machine Flaws [Black Hat USA 2019]

    At Black Hat USA 2019, Threatpost caught up with Matt Olney, director of threat intelligence at Cisco Talos, to discuss the challenges that elections are facing. On one hand, election security is now top of mind for the information operations space in Facebook, Twitter and other social media companies looking to battle misinformation campaigns, cyber-influence operations and other, newer threats like deep fakes
    Read More
  • Aug 9, 2019 | The Daily Swig

    ‘This happens a lot more than many customers realize, it's often just brushed under the carpet’ [Black Hat USA 2019]

    What’s a show without an award? In the case of Black Hat, it’s the Pwnie Awards, where Bloomberg’s controversial story about Super Micro won in the “most overhyped bug” category.
    Read More
  • Aug 9, 2019 | Engadget

    New DoS attack exploits algorithms to knock sites offline [Black Hat USA 2019]

    The exploit was detailed at the Black Hat cybersecurity conference in Las Vegas by Nathan Hauke and David Renardy security company Two Six Labs, as reported by Wired.
    Read More
  • Aug 9, 2019 | International Business Times

    A Simple Text Message Can Put iPhone Users At Risk, Project Zero Reports [Black Hat USA 2019]

    Natalie Silvanovich, a Google Project Zero researcher, unveiled a presentation Wednesday on how hackers will be able to break into iPhone users’ data through a simple text message. The presentation was done in a Black Hat security conference held in Las Vegas.
    Read More
  • Aug 9, 2019 | TechCentral.ie

    Why security culture needs to change [Black Hat USA 2019]

    In a Black Hat conference keynote heralded by rock concert lighting and sound effects, a security engineer from Square told a packed arena in Las Vegas that culture is a key lever to automate security in an organisation.
    Read More
  • Aug 9, 2019 | PCMag

    Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage [Black Hat USA 2019]

    Instead of thinking of Russia and its myriad intelligence agencies as a single, monolithic entity, we need to view it as a collection of individual groups that are often at odds with each other, Zenz explained here at Black Hat. Unfortunately, that chaos is bad for US, too.
    Read More
  • Aug 9, 2019 | ZDNet

    Phishing emails: Here's why we are still getting caught out after all these years [Black Hat USA 2019]

    In a talk at the Black Hat 2019 security conference Google security researcher Elie Bursztein and University of Florida professor Daniela Oliveira detailed why these social engineering attacks remain effective, even though they have been around for decades
    Read More
  • Aug 9, 2019 | Fast Company

    We keep falling for phishing emails, and Google just revealed why [Black Hat USA 2019]

    At a briefing Wednesday evening at the Black Hat security conference in Las Vegas, Google security researcher Elie Bursztein and University of Florida security professor Daniela Oliveira shared that and other insights about the business of coaxing people into giving up their usernames and passwords.
    Read More
  • Aug 9, 2019 | Federal Times

    How technologists in government could shape better tech policy [Black Hat USA 2019]

    The resounding message out of BSides Las Vegas and Black Hat — two information security conferences that took place the week of Aug. 5 — is that government is falling far short in the technology space.
    Read More
  • Aug 9, 2019 | The Daily Swig

    Early warning: Website defacement alert utility debuts in the desert [Black Hat USA 2019]

    A tool that provides an automatic warning about web site defacements was among the range of utilities released during the Black Hat Arsenal sessions this week.
    Read More
  • Aug 9, 2019 | PCMag

    Detecting Deepfakes May Mean Reading Lips [Black Hat USA 2019]

    At Black Hat here, ZeroFox researchers presented their techniques for identifying deepfake videos. CTO Mike Price ran through the history of deepfakes and outliend the process used to create them. ZeroFox Principal Research Engineer Matt Price (no relation) then ran through the available detection tools, and their respective drawbacks, before introducing his own.
    Read More
  • Aug 9, 2019 | The Mac Observer

    Apple Offers New Bug Bounty of up to $1.5 Million [Black Hat USA 2019]

    Apple will now offer bug bounty payouts for vulnerabilities found in macOS, watchOS, tvOS, iPadOS, and iCloud. Its head of security engineering and architecture, Ivan Krstic, laid out the plans at the Black Hat conference.
    Read More
  • Aug 9, 2019 | Mashable India

    WhatsApp Security Flaw Could Let Hackers Manipulate Messages [Black Hat USA 2019]

    The flaw was revealed at the Black Hat conference, and to make matters worse it seems that Facebook was informed about the vulnerability over a year ago but has failed to patch it.
    Read More
  • Aug 9, 2019 | TechRadar

    Hackers can alter WhatsApp chats to show fake information [Black Hat USA 2019]

    The flaw, published at the Black Hat security conference in Las Vegas, could affect both private and public chats, potentially leading to the spread of false information or "fake news" by what were thought to be trusted sources.
    Read More
  • Aug 9, 2019 | ZDNet

    Microsoft names top security researchers, zero-day contributors [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas, Microsoft announced the top security researchers and enterprise partners who contributed the most vulnerability and zero-day reports affecting the company's products.
    Read More
  • Aug 9, 2019 | Cyberscoop

    NSA's reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy [Black Hat USA 2019]

    In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday.
    Read More
  • Aug 9, 2019 | TechCrunch

    The Russians are coming! The Russians are … complicated! [Black Hat USA 2019]

    Of course it’s nothing of the sort. Instead it is a complex, seething, tiered morass of many figures and institutions, often incentivized against one another, in a time of profound and rapid change. Today I attended a Black Hat talk by Kimberley Zenz, who opened with a plea for nuanced consideration of Russia and Russian activities. She’s right, of course, but sadly the internet tends to be where nuance goes to die.
    Read More
  • Aug 9, 2019 | The Register

    Talk about unintended consequences: GDPR is an identity thief's dream ticket to Europeans' data [Black Hat USA 2019]

    In a presentation at the Black Hat security conference in Las Vegas James Pavur, a PhD student at Oxford University who usually specialises in satellite hacking, explained how he was able to game the GDPR system to get all kinds of useful information on his fiancée, including credit card and social security numbers, passwords, and even her mother's maiden name.
    Read More
  • Aug 9, 2019 | The Register

    Who will save us from deepfakes? Other AIs? Humans? What about vastly hyperintelligent pandimensional beings? [Black Hat USA 2019]

    In a presentation at the Black Hat security conference in Las Vegas, data scientists examined various ways to identify deepfake videos – something that is going to become increasingly important as US elections approach in 2020.
    Read More
  • Aug 9, 2019 | The Register

    You can easily secure America's e-voting systems tomorrow. Use paper – Bruce Schneier [Black Hat USA 2019]

    “Paper ballots are almost 100 per cent reliable and provide a voter-verifiable paper trail,” he told your humble Reg vulture and other hacks at Black Hat in Las Vegas on Thursday. “This isn’t hard or controversial. We use then all the time in Minnesota, and you make your vote and it’s easily tabulated.”
    Read More
  • Aug 9, 2019 | ITPro Today

    Black Hat: Using Tech to Offset User Behavior Risks [Black Hat USA 2019]

    At Black Hat 2019, several sessions looked at the human factors in security, and offered suggestions on preventing people from making costly errors.
    Read More
  • Aug 9, 2019 | Forbes

    Black Hat USA 2019: IBM X-Force Red Reveals New 'Warshipping' Hack To Infiltrate Corporate Networks [Black Hat USA 2019]

    At the annual Black Hat cybersecurity conference happening this week in Las Vegas, Nevada, IBM’s X-Force Red presented in front of more than 19,000 security professionals from roughly 90 countries a new attack technique they’ve nicknamed "warshipping".
    Read More
  • Aug 9, 2019 | Help Net Security

    Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc [Black Hat USA 2019]

    Following the best practices of responsible disclosure, the research findings were shared with Siemens well in advance of the scheduled Black Hat USA 2019 presentation, allowing the manufacturer to prepare.
    Read More
  • Aug 9, 2019 | CBS News

    Apple offers $1 million reward to anyone who can hack an iPhone [Black Hat USA 2019]

    The bug bounty program, which previously offered rewards of up to $200,000 for finding problems in iOS devices, first launched in 2016. Apple head of security Ivan Krstić announced major changes to the program on stage at the Black Hat conference in Las Vegas Thursday, CNET reports.
    Read More
  • Aug 8, 2019 | Heise Online

    Pwnie Awards 2019: Even the press gets her fat away [Black Hat USA 2019]

    Like every year, the Pwnie Awards were held at the Black Hat conference in Las Vegas. They are almost the Oscars of the security scene and award spectacular failure as well as outstanding achievements around IT security.
    Read More
  • Aug 8, 2019 | Heise Online

    Boeing 787: Forscher dokumentiert Schwachstellen in Netzwerkkomponenten-Firmware [Black Hat USA 2019]

    Da der Sicherheitsexperte Rubens Santamarta nach eigener Auskunft unter Flugangst leidet, setzt er sich besonders gründlich mit der Sicherheit in der Luftfahrt auseinander. Wie der in den Diensten von IOActive stehende Forscher in einem Vortrag während der Black Hat 2019 in Las Vegas ausführte, brachte ihn eine Google-Suche im Herbst 2018 zu einem öffentlich zugänglichen Server von Boeing, auf dem sich diverse Firmware-Files fanden.
    Read More
  • Aug 8, 2019 | Heise Online

    Double threat: Chinese APT group spies on state and enriches itself [Black Hat USA 2019]

    At Black Hat, security company FireEye presented information on the spying and other activities of a newly identified APT group.
    Read More
  • Aug 8, 2019 | Inside Cybersecurity

    New NSS Labs analysis shows ‘technology suites’ can meet claims of enhanced protection [Black Hat USA 2019]

    Brvenik and Peter Armstrong of Munich Re Group are on a panel today here at Black Hat to discuss “Trendspotting through Cybersecurity Testing.
    Read More
  • Aug 8, 2019 | Inside Cybersecurity

    Commerce’s Friedman says ‘champions’ can promote software bill of materials, avoiding regulation [Black Hat USA 2019]

    The public-private initiative’s four working groups will discuss “baseline” SBOM drafts at a Sept. 5 meeting in Washington, DC, an important milestone, Friedman noted in a presentation Wednesday at the Black Hat conference here.
    Read More
  • Aug 8, 2019 | Inside Cybersecurity

    Leading figures offer ways to assess effectiveness of Trump’s aggressive cyber deterrence strategy [Black Hat USA 2019]

    The Trump strategy of “persistent engagement” is “the most significant policy change in 20 years,” said Columbia University’s Jason Healey, a prominent cyber strategist and policy voice. Healey and research partner Neil Jenkins of the Cyber Threat Alliance discussed their work today here at Black Hat.
    Read More
  • Aug 8, 2019 | Threatpost

    Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward [Black Hat USA 2019]

    The device manufacturer in a Thursday Black Hat USA 2019 session said it will open the historically private program to all researchers in the fall. In addition, it plans to drastically boost some rewards for vulnerabilities found in its devices – including a $1 million payout – and adding a much-wanted program for its Mac devices.
    Read More
  • Aug 8, 2019 | ComputerWorld.co.nz

    Black Hat keynote: Why security culture needs to change [Black Hat USA 2019]

    Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale
    Read More
  • Aug 8, 2019 | Threatpost

    Researchers Bypass Apple FaceID Using Biometrics ‘Achilles Heel’ [Black Hat USA 2019]

    Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim’s FaceID and log into their phone simply by putting a pair of modified glasses on their face. By merely placing tape carefully over the lenses of a pair glasses and placing them on the victim’s face the researchers demonstrated how they could bypass Apple’s FaceID in a specific scenario. The attack itself is difficult, given the bad actor would need to figure out how to put the glasses on an unconscious victim without waking them up.
    Read More
  • Aug 8, 2019 | PC Mag UK

    Google Researcher: The iPhone Is Not Exactly a Paragon of Security [Black Hat USA 2019]

    At Black Hat, a Google security researcher details numerous bugs in iMessage that could be exploited remotely without interaction from the victim.
    Read More
  • Aug 8, 2019 | Portswigger

    Researcher uses GDPR data transparency clause to obtain users’ sensitive information [Black Hat USA 2019]

    Presenting his research at Black Hat USA in Las Vegas earlier today, Pavur pulled focus on GDPR’s ‘right of access’ clause, which stipulates that individuals have the right to request a copy of all the information a company holds on them.
    Read More
  • Aug 8, 2019 | PCMag

    What Are the Rules of Engagement in a Cyberwar? [Black Hat USA 2019]

    When is it appropriate to respond to a cyberattack by launching missiles? At Black Hat, security expert Mikko Hypponen exhaustively explored the topic.
    Read More
  • Aug 8, 2019 | PCMag

    How Often Can One Program Infect Another? Let Us Count the Way [Black Hat USA 2019]

    At Black Hat, experts from SafeBreach report on the many different ways a malicious program could infect another process with its own code. Spoiler alert: it's a lot.
    Read More
  • Aug 8, 2019 | PCMag

    Apple Beefs UApple Beefs Up Its Bug Bounty Program With $1M Prizep Its Bug Bounty Program With $1M Prize [Black Hat USA 2019]

    Apple's macOS is inherently more secure than Windows or Android, but securing any operating system is a 24/7 operation, and at Black Hat, Ivan Krstic, Apple's Head of Security Engineering and Architecture, detailed three highly technical security accomplishments and added his own One More Thing.
    Read More
  • Aug 8, 2019 | PCMag

    Detecting Deepfakes May Mean Reading Lips [Black Hat USA 2019]

    At the Black Hat security conference, researchers evaluated the deepfake detection tools currently available and released their own mouth-centric deepfake detector.
    Read More
  • Aug 8, 2019 | PCMag

    5G Is the Future of Wireless, But It Has Weaknesses [Black Hat USA 2019]

    At Black Hat, a researcher shows how to identify devices connected to 5G base stations and modify what those devices can do on the network.
    Read More
  • Aug 8, 2019 | Threatpost

    Black Hat 2019: WhatsApp Users Still Open to Message Manipulation [Black Hat USA 2019]

    Researchers at Black Hat USA 2019 demoed how known vulnerabilities in WhatsApp could still be exploited in several attacks that manipulate chats.
    Read More
  • Aug 8, 2019 | 9to5 Mac

    Apple vastly expands security bounty program: higher payouts, ‘dev’ devices, Mac support [Black Hat USA 2019]

    After hearing rumors about Apple expanding its bug bounty program earlier this week along with expectations for the company to start giving out dev devices like iPhones to security researchers, Apple has confirmed at the Black Hat conference today a vast expansion to its bounty program along with opening it up to all.
    Read More
  • Aug 8, 2019 | Apple Insider

    Apple's expanded bug bounty program covers all operating systems, payouts up to $1M, special iPhones, more [Black Hat USA 2019]

    Rumored in a report on Monday and announced during the Black Hat conference by Apple's head of security engineering and architecture Ivan Krstic, the bug bounty system has been expanded to cover Apple's other operating systems. For the first time, Apple is defining levels of payments that will be provided to security researchers who disclose vulnerabilities they find in macOS, with similar schemes also created for other platforms, including watchOS and tvOS.
    Read More
  • Aug 8, 2019 | Digital Munition

    NSA’s reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy [Black Hat USA 2019]

    In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday.
    Read More
  • Aug 8, 2019 | Bloomberg

    Apple to Give Researchers Special iPhones to Up Its Security [Black Hat USA 2019]

    Ivan Krstic made the announcement in Las Vegas at the annual Black Hat security conference at the end of a 50-minute long presentation to discuss Apple’s security efforts for its hardware and software products. Apple has long positioned the security of its systems as a core tenet of its products.
    Read More
  • Aug 8, 2019 | Reuters

    Apple offers record 'bounty' to researchers who find iPhone security flaws [Black Hat USA 2019]

    At the annual Black Hat security conference in Las Vegas on Thursday, the company said it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called “bounties,” for the most significant findings.
    Read More
  • Aug 8, 2019 | Forbes

    Apple Confirms $1 Million Reward For Anyone Who Can Hack An iPhone [Black Hat USA 2019]

    As Forbes reported on Monday, Apple is also launching a Mac bug bounty, which was confirmed Thursday, but it's also extending it to watchOS and its Apple TV operating system. The announcements came in Las Vegas at the Black Hat conference, where Apple’s head of security engineering Ivan Krstić gave a talk on iOS and macOS security.
    Read More
  • Aug 8, 2019 | The Verge

    Apple extends its bug bounty program to cover macOS with $1 million in rewards [Black Hat USA 2019]

    Apple is finally rewarding security researchers for finding security flaws in macOS. At the Black Hat conference today, Apple announced that it is greatly expanding its existing bug bounty program to include macOS, tvOS, watchOS, and iCloud. It will include rewards of up to $1 million for a zero-click, full chain kernel code execution attack.
    Read More
  • Aug 8, 2019 | VentureBeat

    Apple adds Macs, Watches, and Apple TVs to $1 million bug bounty program [Black Hat USA 2019]

    The news went public today at the annual Black Hat security conference in Las Vegas (via TechCrunch), where lead Apple security developer Ivan Krstić disclosed key updates to the bug bounty program. Apple will now pay $1 million for a deadly serious exploit — a zero-click attack that enables complete, persistent control of an iPhone’s kernel with nothing more than knowledge of the device’s phone number — up from a peak of $200,000 before. Less serious exploits will qualify for smaller amounts.
    Read More
  • Aug 8, 2019 | MSPower User

    Azure to improve security with enhanced access control experience [Black Hat USA 2019]

    Microsoft announced that they are doubling down on Azure security at their recent Black Hat conference in Las Vegas.
    Read More
  • Aug 8, 2019 | BGR

    Google researcher details iOS exploit that can take over an iPhone with a text message [Black Hat USA 2019]

    That notwithstanding, security researchers from Google’s Project Zero team recently divulged a sophisticated exploit that would allow a malicious actor to take control of a targeted device with no interaction required from the device owner at all. As Google researcher Natalie Silvanovich detailed during a presentation at the Black Hat security conference this week, there are a handful of iOS 12 exploits — which have since been patched by Apple with iOS 12.4 — that can let a third-party gain full control of a device simply by sending over a text message.
    Read More
  • Aug 8, 2019 | Cisco Newsroom

    Rebels with a cause: Hacking for good [Black Hat USA 2019]

    In an invite-only session at the Black Hat USA 2019 conference sponsored by Cisco and Duo Security Joseph Menn, author of the new bestseller "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World, talked to a panel of hackers on how they first got involved and why hacking can be a good thing.
    Read More
  • Aug 8, 2019 | 7th Space

    Tel Aviv U and Technion researchers wrest control of one of world's most secure PLCs [Black Hat USA 2019]

    The team is slated to present their findings at Black Hat USA week in Las Vegas this month, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7.
    Read More
  • Aug 8, 2019 | Daily Tech News Show

    BATTERY RIGHTS MANAGEMENT – DTNS 3591 [Black Hat USA 2019]

    At Black Hat, Researchers from security firm Checkpoint demonstrated an exploit of WhatsApp that would let an attacker alter text in a quoted message to change what a person appeared to write. Early results from a study by Apple, Eli Lilly and Evidation Health found that data from an iPhone, an Apple Watch, and a Beddit sleep monitor, differentiated patients with mild Alzheimer’s disease dementia from those without symptoms.
    Read More
  • Aug 8, 2019 | Data Insider

    Hacking for the Greater Good Has Never Been Easier [Black Hat USA 2019]

    Experts on a panel at Black Hat stressed Wednesday that there's never been a greater need for hackers and public interest technologists to foster a safe digital society.
    Read More
  • Aug 8, 2019 | Security Affairs

    WhatsApp flaws allow the attackers to manipulate conversations [Black Hat USA 2019]

    Vanunu explained at the Black Hat conference in Las Vegas, Nevada, that the vulnerabilities were responsibly disclosed in 2018, but remained exploitable for a long time.
    Read More
  • Aug 8, 2019 | Data Insider

    Using GDPR Subject Access Requests to Harvest Data [Black Hat USA 2019]

    In a talk at this year's Black Hat an Oxford University student explained how he used GDPR Access Requests and a Python script to steal a slew of sensitive information on another person.
    Read More
  • Aug 8, 2019 | PC Magazine

    What Are the Rules of Engagement in a Cyberwar? [Black Hat USA 2019]

    "The lines between real and virtual worlds are blurring fast," Mikko Hypponen, Chief Research Officer for Finnish security company F-Secure, said here at Black Hat. "Several governments have publicly stated that they reserve the right to respond to cyber attacks with kinetic force. Now we are seeing that happening for real."
    Read More
  • Aug 8, 2019 | ZDNet

    Apple expands bug bounty to macOS, raises bug rewards [Black Hat USA 2019]

    Speaking on stage at Black Hat today, Ivan Krstić, Apple's head of security, also announced a considerable increase in the rewards hackers are eligibe to make.
    Read More
  • Aug 8, 2019 | WIRED

    APPLE GIVES HACKERS A SPECIAL IPHONE—AND A BIGGER BUG BOUNTY [Black Hat USA 2019]

    At the Black Hat security conference Thursday, Apple's head of security engineering and architecture Ivan Krstić announced a broad revamping of the company's bug bounty program. It's now open to all researchers, rather than its current invite-only eligibility; includes not just iOS but MacOS and other Apple operating systems; and vastly increases the rewards for certain rare forms of attack, from $100,000 for physical access attacks to bypass an iPhone's lock screen to an unprecedented $1 million for a remote attack that can gain total, persistent control of a user's computer without any interaction on the victim's part.
    Read More
  • Aug 8, 2019 | PC Mag UK

    Security Researcher Says He Cracked 787 Airliner, But Boeing, FAA Disagree [Black Hat USA 2019]

    LAS VEGAS—The Black Hat security conference is no stranger to controversy, but it has been a while since a presentation elicited much pushback. That changed when a security researcher from IOActive presented what he says are vulnerabilities in the Boeing 787 Dreamliner that could be used for several different attacks. Boeing disputes the firm's findings and its disclosure process, highlighting the cracks between security researchers and the subjects of their work.
    Read More
  • Aug 8, 2019 | MacRumors

    Researchers Demonstrated Method for Bypassing 'Attention Aware' Feature on a Victim's iPhone Using Glasses and Tape [Black Hat USA 2019]

    During the Black Hat USA conference in Las Vegas, researchers demonstrated a Face ID bypass method that used glasses and tape to unlock and infiltrate the iPhone of an "unconscious" victim.
    Read More
  • Aug 8, 2019 | The Next Web

    Apple announces developer iPhones with root access for security research [Black Hat USA 2019]

    The company made the announcement at the Black Hat conference today, an update to the bug bounty program it launched three years ago. The deeper access should make researchers’ lives a lot easier, able to access deeper iOS functions without waiting for a jailbreak to be available for every update. Even though researchers won’t have quite the same level of access as Apple itself, it’s a huge step in the right direction – one that should make it easier to catch an increasing number of attacks on Apple‘s software.
    Read More
  • Aug 8, 2019 | Reuters

    Apple offers record 'bounty' to researchers who find iPhone security flaws [Black Hat USA 2019]

    At the annual Black Hat security conference in Las Vegas on Thursday, the company said it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called “bounties,” for the most significant findings.
    Read More
  • Aug 8, 2019 | The Cyber-Security source

    Black Hat 2019 keynote: Transformative change needed to improve cyber-security [Black Hat USA 2019]

    A transformative change in how security ops and devops staffs function is needed in order for organisations to get ahead of the curve combating cyber-security issues, said Square’s head of security Dino Dai Zovi during his Black Hat 2019 keynote address.
    Read More
  • Aug 8, 2019 | Infosecurity Magazine

    #BHUSA: Five Years of Google Project Zero Should Influence Similar Groups [Black Hat USA 2019]

    Speaking at Black Hat USA, Google Project Zero manager Ben Hawkes looked back at five years of the vulnerability research team and deemed the future success of the group to be focused on more groups forming.
    Read More
  • Aug 8, 2019 | Infosecurity Magazine

    #BHUSA Empathy is Key to Hiring and Retaining Women in Cybersecurity [Black Hat USA 2019]

    At Black Hat Las Vegas on August 08 2019, Rebecca Lynch of Duo Security gave a talk on hiring, and just as importantly retaining, women in the cybersecurity industry.
    Read More
  • Aug 8, 2019 | Infosecurity Magazine

    #BHUSA: How GDPR Can Help Attackers Steal Identities [Black Hat USA 2019]

    In a session at the Black Hat USA conference in Las Vegas, titled, "GDPArrrrr: Using Privacy Laws to Steal Identities", James Pavur, DPhil student and Rhodes Scholar at Oxford University, outlined how he was able to abuse a key component of the GDPR to get access to personally identifiable information for his fiance.
    Read More
  • Aug 8, 2019 | Threatpost

    Critical RCE Bug Found Lurking in Avaya VoIP Phones [Black Hat USA 2019]

    Researchers found the Avaya 9600 series IP Deskphone vulnerability in a piece of open source software that Avaya likely copied and modified 10 years ago. The same bug was reported in 2009, according to the analysis from McAfee shared with Threatpost at Black Hat 2019, “yet its presence in the phone’s firmware remained unnoticed until now.”
    Read More
  • Aug 8, 2019 | Threatpost

    Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says [Black Hat USA 2019]

    Speaking at Black Hat 2019 on Thursday, Doerr pointed out that supply-chain risk comes from four main areas: Hardware, software, services and people. All are important, but it’s the latter, he maintained, that should be the top focus.
    Read More
  • Aug 8, 2019 | Financial Times

    Facebook leaves flaw in WhatsApp unresolved for a year [Black Hat USA 2019]

    Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour. https://www.ft.com/content/3d106036-b981-11e9-8a88-aa6628ac896c Speaking at the Black Hat cyber security conference, Oded Vanunu, head of product vulnerability research at the security company, said Facebook blamed WhatsApp’s flaws on “limitations that can’t be solved due to their structure and architecture”.
    Read More
  • Aug 8, 2019 | The Next Web

    WhatsApp’s chat manipulation exploit remains unresolved even after a year (Updated) [Black Hat USA 2019]

    Details of the vulnerabilities were disclosed by Israeli cybersecurity firm Checkpoint Research at Black Hat 2019 security conference in Las Vegas on August 7.
    Read More
  • Aug 8, 2019 | PC Magazine

    How Often Can One Program Infect Another? Let Us Count the Ways [Black Hat USA 2019]

    Fast forward to the modern world, and the possibilities are more complex and numerous. At the Black Hat conference here, a pair of researchers from SafeBreach, which contracts to assess and mitigate security risks, unveiled an exhaustive survey of all the ways one program can inject code into another. Their session isn't until Thursday, but we caught up with them ahead of the briefing.
    Read More
  • Aug 8, 2019 | Digital Munition

    Wi-Fi-spying gizmos may lurk in future parcels – [Black Hat USA 2019]

    Black Hat IBM’s X-Force hacking team have come up with an interesting variation on wardriving – you know, when you cruise a neighborhood scouting for Wi-Fi networks. Well, why not try using the postal service instead, and called it “warshipping,” Big Blue’s eggheads suggested earlier today.
    Read More
  • Aug 8, 2019 | Security Boulevard

    Report Identifies 6 DevSecOps Pillars [Black Hat USA 2019]

    At the Black Hat USA conference, the DevSecOps Working Group of the Cloud Security Alliance (CSA) announced it has published a report identifying the six pillars on which any set of best DevSecOps processes should be based.
    Read More
  • Aug 8, 2019 | PC Mag India

    How Lab Mice Are Helping Detect Deepfakes [Black Hat USA 2019]

    Creating a convincing deepfake takes a lot of time and computing power, as does training computers to distinguish humans from deepfakes. At the Black Hat conference here, a cross-discipline team of researchers presented some novel ideas on how to manage the problem, looking specifically at the problem of generating voice audio that sounds human.
    Read More
  • Aug 8, 2019 | WIRED

    HIDDEN ALGORITHM FLAWS EXPOSE WEBSITES TO DOS ATTACKS [Black Hat USA 2019]

    Many websites and services rely on algorithms to transform data inputs into actions and results. But new research detailed Thursday at the Black Hat cybersecurity conference in Las Vegas shows how a small, seemingly innocuous input for an algorithm can cause it to do a huge amount of work—slowing a service down or crashing it entirely in the process, all with just a few bytes.
    Read More
  • Aug 8, 2019 | PC Magazine

    Bogus Satellite Nav Signals Send Autonomous Cars Off the Road [Black Hat USA 2019]

    At the Black Hat security conference, a researcher demonstrated how making tweaks to navigation signals could send a self-driving car careening off the road.
    Read More
  • Aug 8, 2019 | Hot Hardware

    WhatsApp Is Vulnerable To Hack That Could Allow Attackers To Put Words In Your Mouth [Black Hat USA 2019]

    Researchers at Checkpoint disclosed the a trio of attack vectors last year, explaining that they could enable a hacker to change a user's messages, change a sender's identity, and make private messages viewable to the public. One of those has been addressed, but two of the attack vectors still remain, as researchers recently demonstrated at the Black Hat USA 2019 conference in Las Vegas.
    Read More
  • Aug 8, 2019 | CNET

    Equifax's push to regain public trust calls on companies to work together [Black Hat USA 2019]

    At Black Hat, Equifax's chief information security officer talks about how companies need to collaborate on cybersecurity to win back public confidence.
    Read More
  • Aug 8, 2019 | PC Mag Australia

    The Evolution of Russia's Dark Web [Black Hat USA 2019]

    Ahead of releasing a report on the topic, Charity Wright, formerly with the NSA, and Ariel Ainhoren, Research Team Leader at IntSights, graciously summarized this evolution for us here at the Black Hat conference.
    Read More
  • Aug 8, 2019 | PC Mag Australia

    Security Researcher Says He Cracked 787 Airliner, But Boeing, FAA Disagree [Black Hat USA 2019]

    LAS VEGAS—The Black Hat security conference is no stranger to controversy, but it has been a while since a presentation elicited much pushback. That changed when a security researcher from IOActive presented what he says are vulnerabilities in the Boeing 787 Dreamliner that could be used for several different attacks. Boeing disputes the firm's findings and its disclosure process, highlighting the cracks between security researchers and the subjects of their work.
    Read More
  • Aug 8, 2019 | BBC

    Black Hat: GDPR privacy law exploited to reveal personal data [Black Hat USA 2019]

    University of Oxford-based researcher James Pavur has presented his findings at the Black Hat conference in Las Vegas.
    Read More
  • Aug 8, 2019 | Forbes

    WhatsApp Hack Attack Can Change Your Messages [Black Hat USA 2019]

    During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today.
    Read More
  • Aug 8, 2019 | The Register UK

    Ransomware attackers have gone from 'spray and pray' to 'slayin' prey' [Black Hat USA 2019]

    Black Hat Ransomware infections may be down, but only because attackers are getting better at targeting them.
    Read More
  • Aug 8, 2019 | India Times

    WhatsApp's New Security Vulnerability Can Allow Hackers To Change Messages In Your Chats [Black Hat USA 2019]

    On August 7th, in a briefing at the annual Black Hat security conference in Las Vegas, researchers from Israeli security company 'Check Point' shed light on WhatsApp's security vulnerabilities where one could hack the chat and change the text of a message as well as the identity of the sender.
    Read More
  • Aug 8, 2019 | Digital Munition

    Hack computers to steal someone’s identity in China? Why? You can just buy one from a bumpkin for, like, $3k [Black Hat USA 2019]

    Black Hat Black Hat founder Jeff Moss opened this year’s shindig in Las Vegas with tales of quite how odd the hacking culture in China is.
    Read More
  • Aug 8, 2019 | Fifth Domain

    Why North Korea is a different kind of cyberthreat [Black Hat USA 2019]

    LAS VEGAS — Security experts have come to expect certain behaviors from nation-state cyber actors — such as Russia, China and Iran — but North Korea stands apart, according to a speaker at Black Hat USA, a hacking conference held in Las Vegas Aug. 3-8.
    Read More
  • Aug 8, 2019 | India Times

    WhatsApp hack attack can change your messages, says Israeli security firm [Black Hat USA 2019]

    The hacking tool was revealed publicly during a briefing at the annual Black Hat security conference in Las Vegas on August 7, news magazine Forbes reported on Wednesday. However, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today.
    Read More
  • Aug 8, 2019 | The Mirror UK

    Terrifying WhatsApp flaw discovered that could let hackers edit your messages [Black Hat USA 2019]

    Cyber security researchers at Check Point Research demonstrated how the flaw could be exploited at the Black Hat cybersecurity conference in Las Vegas this week.
    Read More
  • Aug 8, 2019 | Daily Mail UK

    WhatsApp flaw could let hackers alter your quoted messages and change the words you appear to have sent to your friends [Black Hat USA 2019]

    Their team detailed the hack at the Black Hat cyber-security conference in Las Vegas, attended by other experts who also uncover vulnerabilities in popular software.
    Read More
  • Aug 8, 2019 | Times of Israel

    Researchers wrest control of one of world’s most secure industrial controllers [Black Hat USA 2019]

    Details of the attack will be presented on Thursday at the Black Hat Conference in Las Vegas.
    Read More
  • Aug 8, 2019 | The Mac Observer

    Researchers Spoof Face ID Using Tape and Glasses [Black Hat USA 2019]

    During the Black Hat 2019 conference, researchers demonstrated a way to spoof Face ID using nothing more than glasses and tape.
    Read More
  • Aug 8, 2019 | Silicon Republic

    Cyberattackers can change and manipulate your WhatsApp messages [Black Hat USA 2019]

    Israeli security firm Check Point revealed in a briefing at the annual Black Hat security conference in Las Vegas, Nevada, that WhatsApp messages can be manipulated to change the content of a message and even the identity of the sender.
    Read More
  • Aug 8, 2019 | Daily Mail UK

    Code leak in a Boeing 787 Dreamliner reveals security flaw which could allow hackers to access flight controls, expert claims [Black Hat USA 2019]

    Ruben Santamarta, a consultant with cyber security firm IOActive, is scheduled to explain his method at this week's Black Hat hacking conference in Las Vegas.
    Read More
  • Aug 8, 2019 | MSPower User

    iMessage bug lets you get hacked with just one message [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas, Google Project Zero researcher Natalie Silvanovich demonstrated interactionless bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device.
    Read More
  • Aug 8, 2019 | Dark Reading

    Black Hat 2019: Security Culture Is Everyone's Culture [Black Hat USA 2019]

    In his Black Hat USA keynote, Square's Dino Dai Zovi discussed lessons learned throughout his cybersecurity career and why culture trumps strategy.
    Read More
  • Aug 8, 2019 | Decipher

    PROJECT ZERO WANTS YOU TO HELP MAKE 0-DAY HARD [Black Hat USA 2019]

    “Good defense requires a detailed knowledge of offense. We approach vulnerability research the way that an attacker does,” Hawkes said during a talk at the Black Hat USA conference here Thursday.
    Read More
  • Aug 8, 2019 | iMore

    Researchers allegedly bypass Apple's Face ID using modified glasses [Black Hat USA 2019]

    Researchers presenting at the 2019 Black Hat conference have revealed a possible flaw with facial biometrics, including Apple's Face ID. The exploit, however, isn't especially easy to pull off.
    Read More
  • Aug 8, 2019 | Dark Reading

    Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find [Black Hat USA 2019]

    Security researchers who built a phony engineering workstation that was able to dupe — and alter — operations of the Siemens S7 programmable logic controller (PLC) found that modern S7 PLC families running the same firmware also share the same public cryptographic key, leaving the devices vulnerable to attacks like the ones they simulated.
    Read More
  • Aug 8, 2019 | The Daily Swig

    Communication placed front and center during Black Hat 2019 opening sessions [Black Hat USA 2019]

    During his opening remarks at the Mandalay Bay Events Center, Black Hat and DEF CON founder Jeff Moss underlined the importance of communication – not just within the security community, but also in terms of how CISOs, pen testers, and network defenders communicate with those outside of the industry.
    Read More
  • Aug 8, 2019 | The Daily Swig

    Evading antivirus with AVET [Black Hat USA 2019]

    “In general, AV evasion works most of the time,” Sauder told The Daily Swig ahead of this year’s Black Hat USA conference, where he demonstrated his multifaceted tool on the Arsenal track.
    Read More
  • Aug 8, 2019 | Help Net Security

    AttackSurfaceMapper automates the reconnaissance process [Black Hat USA 2019]

    Georgiou and Wilkin are demonstrating the tool at the Black Hat USA 2019 Arsenal and at DEFCON (the Recon Village).
    Read More
  • Aug 8, 2019 | Dark Reading

    How Behavioral Data Shaped a Security Training Makeover [Black Hat USA 2019]

    "When you think about the ways how you could lower that number, the first thing that comes to mind is training," said Aika Sengirbay, current security awareness program manager at Airbnb and former senior security engagement specialist at Autodesk, in the Black Hat briefing "It's Not What You Know, It's What You Do: How Data Can Shape Security Engagement."
    Read More
  • Aug 8, 2019 | WIRED

    HOW APPLE PAY BUTTONS CAN MAKE WEBSITES LESS SAFE [Black Hat USA 2019]

    APPLE PAY HAS a slew of protective features that make it a secure method of online credit card transactions. And since 2016, third-party merchants and services have been able to embed Apple Pay into their websites and offer it as a payment option. But at the Black Hat security conference in Las Vegas on Thursday, one researcher is presenting findings that this integration inadvertently introduces vulnerabilities that could expose the host website to attack.
    Read More
  • Aug 8, 2019 | CSO

    Black Hat keynote: Why security culture needs to change [Black Hat USA 2019]

    Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale
    Read More
  • Aug 8, 2019 | InCyberDefense

    WhatsApp Hack Attack Can Change Your Messages [Black Hat USA 2019]

    During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today.
    Read More
  • Aug 8, 2019 | Axios

    Codebook, Thursday, August 8 [Black Hat USA 2019]

    Ghidra also netted the NSA two nominations for "Pwnie" awards at the typically NSA-adverse Black Hat cybersecurity conference this week.
    Read More
  • Aug 8, 2019 | Fifth Domain

    How uncertainty in the cyber domain changes war [Black Hat USA 2019]

    “It’s very easy to say these things; it’s much more different to do these things,” Mikko Hypponen, chief research officer of Finnish cybersecurity and privacy company F-Secure, said at Black Hat USA, a hacker conference in Las Vegas running Aug. 3-8. “The reason why it’s so hard is basically one word: attribution.”
    Read More
  • Aug 8, 2019 | Bradley Barth

    Selling zero-days to governments takes some business savvy, says former bug broker [Black Hat USA 2019]

    Not all researchers are comfortable with the ethics of selling the zero-day vulnerabilities they’ve discovered to governments and offensive security companies. But those who do seek profit beyond that of a traditional bug bounty reward will require a fair share of business savvy to seal the deal, according to former vulnerability broker Maor Shwartz, in a Black Hat presentation yesterday that offered a unique inside glimpse into the zero-day economy.
    Read More
  • Aug 8, 2019 | Joan Goodchild

    Black Hat 2019: Software Businesses Need a Different Security Approach [Black Hat USA 2019]

    That was the message coming out of Black Hat 2019 in Las Vegas as security professionals convened for a multi-day event with sessions on fresh research and insights for the community. Organizers predicted the event, in its 23rd year, would exceed 19,000 attendees from around the world this year.
    Read More
  • Aug 8, 2019 | The Daily Swig

    Eyeballer: AI utility scours website screenshots for bug bounty candidates [Black Hat USA 2019]

    “Having AI that can identify ‘old-looking’ websites has proven to be very useful,” they concluded. Petro and Stroy unveiled the tool during an Arsenal session of the Black Hat conference in Las Vegas earlier today (August 8).
    Read More
  • Aug 8, 2019 | The Register

    Pwn an iPhone to bank $1m and Check Point gripes about WhatsApp privacy again [Black Hat USA 2019]

    Apple's security engineering boss Ivan Krstić told Black Hat attendees that Cupertino is expanding its bug-bounty program in various ways. For instance, it will now cover macOS, WatchOS, and Apple TV, whereas previously it was only interested in coughing up cash for details of iOS vulnerabilities.
    Read More
  • Aug 8, 2019 | Security Boulevard

    Live From Black Hat USA: The Inevitable Marriage of DevOps & Security [Black Hat USA 2019]

    During her briefing with Kelly Shortridge, vice president of product strategy at Capsule8, Dr. Nicole Forsgren, research and strategy at Google, did a beautiful job of adding imagery to the story she told of the attendee reactions during the now-famous talk Paul Hammond and John Allspaw gave at Velocity in 2009. If you’re not familiar, the title of said talk was, “10 Deploys Per Day: Dev & Ops Cooperation at Flickr.”
    Read More
  • Aug 8, 2019 | Channel Futures

    Black Hat: Lessons Learned from the Equifax Data Breach [Black Hat USA 2019]

    That’s according to Jamil Farshchi, Equifax’s chief information security officer, who spoke during this week’s Black Hat USA 2019 conference in Las Vegas. He joined Equifax after it suffered a massive data breach, which resulted in unauthorized access to the personal information of nearly 44% of the U.S. population.
    Read More
  • Aug 8, 2019 | Channel Futures

    Black Hat: Lessons Learned from the Equifax Data Breach [Black Hat USA 2019]

    That’s according to Jamil Farshchi, Equifax’s chief information security officer, who spoke during this week’s Black Hat USA 2019 conference in Las Vegas. He joined Equifax after it suffered a massive data breach, which resulted in unauthorized access to the personal information of nearly 44% of the U.S. population.
    Read More
  • Aug 8, 2019 | CNET

    Apple opens up hacker-friendly iPhone to researchers at Black Hat [Black Hat USA 2019]

    Apple's head of security, Ivan Krstic, unveiled the new program at Black Hat, a cybersecurity conference in Las Vegas. These iPhones aren't the same as the ones you can buy in a store. They're specifically coded for developers who want to poke around iOS and Apple's hardware to find security flaws.
    Read More
  • Aug 8, 2019 | WIRED

    13-Year-Old Encryption Bugs Still Haunt Apps and IoT [Black Hat USA 2019]

    Hackers try to find novel ways to circumvent or under­mine data encryption schemes all the time. But at the Black Hat security conference in Las Vegas on Wednesday, Purdue University researcher Sze Yiu Chau has a warning for the security community about a different threat to encryption: Vulnerabilities that were discovered more than a decade ago still very much persist today.
    Read More
  • Aug 8, 2019 | Washington Post

    The Cybersecurity 202: Hackers are going after medical devices — and manufacturers are helping them [Black Hat USA 2019]

    That marks a massive shift since 2011, when cybersecurity researcher Jay Radcliffe first demonstrated how he could hack his own implantable insulin pump at Def Con's sister conference Black Hat.
    Read More
  • Aug 8, 2019 | Politico

    From Vegas: a scoop, zero-days and cyber weapons [Black Hat USA 2019]

    Security researchers who want to sell a zero-day vulnerability to a company should look for one with an in-house security team, because “they will understand the value of it and be willing to pay more,” zero-day broker Maor Shwartz said during a candid presentation Wednesday at Black Hat in Vegas.
    Read More
  • Aug 8, 2019 | The Daily Swig

    Microsoft recognizes top-tier security researchers at Black Hat 2019 [Black Hat USA 2019]

    At Black Hat USA this week, Microsoft named Yuki Chen as its Most Valuable Security Researcher for 2018-19. Chen (@guhe120), a researcher at Chinese security firm Qihoo 360, topped a list of 75 hackers, who were ranked by both the frequency and quality of bugs reported through Microsoft’s Coordinated Vulnerability Disclosure program.
    Read More
  • Aug 8, 2019 | CRN

    12 Most Exciting Cybersecurity Technologies To Watch At Black Hat 2019 [Black Hat USA 2019]

    CRN asks 12 executives, sales and technical leaders attending Black Hat 2019 which cybersecurity technologies they're most excited to see come to fruition and how customers and solution providers will benefit.
    Read More
  • Aug 8, 2019 | Forbes

    Black Hat USA 2019: Apple iOS New Flaws Let Hackers Break Into Any iPhones -- Users Must Update Now [Black Hat USA 2019]

    The sheer number of critical security vulnerabilities revealed at the Black Hat USA 2019 conference, happening this week in Las Vegas, Nevada, is becoming overwhelming.
    Read More
  • Aug 7, 2019 | Tom's Guide

    WhatsApp Hackers Can Manipulate Your Messages: Here's How [Black Hat USA 2019]

    WhatsApp messages can be manipulated to add fake quotations from other WhatsApp users, to alter the quoted text of real replies, and to send secret messages to individuals within group chats, two Israeli researchers revealed Wednesday (Aug. 7) at the Black Hat conference here.
    Read More
  • Aug 7, 2019 | HelpNet Security

    SWAPGS Attack: A new Spectre haunts machines with Intel CPUs [Black Hat USA 2019]

    Bitdefender is scheduled to present their findings at Black Hat USA 2019.
    Read More
  • Aug 7, 2019 | CNET

    Hackers want you to be happy. People in a good mood are easier to trick, research says [Black Hat USA 2019]

    UF Professor Daniela Oliveira, who led the study along with Dr. Natalie Ebner, presented the research at the Black Hat cybersecurity conference in Las Vegas on Wednesday. Oliveira was joined by Elie Burszstein, who leads Google's anti-abuse research team.
    Read More
  • Aug 7, 2019 | Forbes

    WhatsApp Hack Attack Changes Your Messages, And Facebook Doesn't Seem To Care [Black Hat USA 2019]

    During a briefing at the annual Black Hat security conference in Las Vegas on August 7, researchers from Israeli security company Check Point revealed how Facebook-owned WhatsApp could be hacked to change the text of a message and the identity of the sender. If that sounds worrying enough, these vulnerabilities were revealed to WhatsApp last year but remain exploitable today.
    Read More
  • Aug 7, 2019 | BBC News

    WhatsApp flaw 'puts words in your mouth' [Black Hat USA 2019]

    The tool was demonstrated at Black Hat, a cyber-security conference in Las Vegas, as a follow up to a research paper published by Checkpoint last year.
    Read More
  • Aug 7, 2019 | Portswigger

    The service worker hiding in your browser [Black Hat USA 2019]

    Red teamers looking for creative ways to put ‘pseudo’ backdoors into browsers should turn their attention to service workers, following the release of a new exploitation kit at Black Hat USA.
    Read More
  • Aug 7, 2019 | Help Net Security

    What’s cybercriminals’ most effective weapon in a ransomware attack? [Black Hat USA 2019]

    The 2019 Spotlight Report on Ransomware is based on observations and data from the 2019 Black Hat Edition of the Attacker Behavior Industry Report, which reveals behaviors and trends in networks from a sample of over 350 opt-in Vectra customers. The Attacker Behavior Industry Report provides statistical data on the behaviors motivated attackers use to blend in with existing network traffic behaviors and mask their malicious actions.
    Read More
  • Aug 7, 2019 | Decipher

    ILL COMMUNICATION: IMPROVING SECURITY BY TALKING IT OUT [Black Hat USA 2019]

    “Communication is just transmitting information between humans. Risks are shared. If you can reinforce that security is everyone’s job, you can move toward a more generative culture,” Dino Dai Zovi, mobile security lead at Square, sad during his keynote speech at the Black Hat USA conference here Wednesday.
    Read More
  • Aug 7, 2019 | Infosecurity Magazine

    #BHUSA Need For Technologists to Be Recognized and Empowered [Black Hat USA 2019]

    In a panel at Black Hat USA, cryptographer Bruce Schneier; Camille Francois, research and analysis director at Graphika and fellow at Harvard Law School Berkman Center; and Eva Galperin, director of cybersecurity at the EFF, talked about the benefits of technologists to society.
    Read More
  • Aug 7, 2019 | VentureBeat

    Linux security startup Capsule8 raises approximately $6.5 million led by Intel Capital [Black Hat USA 2019]

    This week, Capsule8 executives will lead several sessions at the Black Hat USA 2019 security conference in Las Vegas. Capsule8 vice president (and Pwnie Award judge) Kelly Shortridge spoke at the CISO Summit and will team with Nicole Forsgren, research and strategy expert at Google Cloud, to present “Controlled Chaos: The Inevitable Marriage of DevOps and Security” on Wednesday, August 7 at 4 p.m. Pacific time. Additionally, Capsule8 chief scientist Brandon Edwards and research scientist Nick Freeman will explore “A Compendium of Container Escapes” on Thursday, August 8 at 3:50 p.m.
    Read More
  • Aug 7, 2019 | Threatpost

    Black Hat 2019: Ethical Hackers Must Protect Digital Human Rights [Black Hat USA 2019]

    At a time when technology is being utilized for human-rights abuses, the security space needs to turn its focus to public interest defense technology, security stalwarts urged during Black Hat USA 2019.
    Read More
  • Aug 7, 2019 | NEWSHEATER

    SYMANTEC CORPORATION (SYMC) SHARES DROP -1.10% TO -$0.22 IN EARLY TRADING HOURS: IS IT GOOD TIME TO BUY? [Black Hat USA 2019]

    The Symantec Corporation (NASDAQ:SYMC) is going down by -1.10% in today’s trading session, a fall equivalent to -0.22% of the stock’s price from yesterday’s market close. A news came out on 08/01/19 stating that Symantec Presents on DEF CON 27 Main Stage and Hosts Live-Hacking Demo at Black Hat USA 2019 by WSJ. The lowest point that the shares touched during the trading session was $20.095, while the peak of the day was recorded at a share price of $20.67. SYMC finished the previous session at $20.46 according to the data provided by Barchart, while the trading volume was observed to be $2,161,832.
    Read More
  • Aug 7, 2019 | Infosecurity Magazine

    IBM's Warshipping Attacks Wi-Fi Networks From Afar [Black Hat USA 2019]

    Speaking at Black Hat USA, IBM researchers explained how they used off-the-shelf components costing under $100 to create a single-board computer with Wi-Fi and 3G capability. This enables it to connect to a Wi-Fi network to harvest data locally and then send it to a remote location using its cellular connection. The small device runs on a cell phone battery and easily fits into a small package.
    Read More
  • Aug 7, 2019 | Pulse2

    Ann Arbor-Based Censys Unveils Enterprise-Level Attack Surface Management Software Platform [Black Hat USA 2019]

    Censys is premiering the upcoming launch of its new enterprise-level attack surface management software platform at the Black Hat USA 2019 conference
    Read More
  • Aug 7, 2019 | Infosecurity Magazine

    #BHUSA Jeff Moss Talks of Need to be Better Communicators [Black Hat USA 2019]

    Opening Black Hat USA’s keynote, founder Jeff Moss talked of the need to focus on better communication, and look at “how we communicate and what we talk about.”
    Read More
  • Aug 7, 2019 | The Register UK

    Hack-age delivery! Wardialing, wardriving... Now warshipping: Wi-Fi-spying gizmos may lurk in future parcels [Black Hat USA 2019]

    "Think of the volume of boxes moving through a corporate mailroom daily," said Charles Henderson of IBM X-Force Red on Wednesday, just in time for this year's Black Hat USA conference in Las Vegas. "Or consider the packages dropped off on the porch of a CEO's home, sitting within range of their home Wi-Fi. Using warshipping, X-Force Red was able to infiltrate corporate networks undetected."
    Read More
  • Aug 7, 2019 |

    Linux security startup Capsule8 raises approximately $6.5 million led by Intel Capital [Black Hat USA 2019]

    This week, Capsule8 executives will lead several sessions at the Black Hat USA 2019 security conference in Las Vegas. Capsule8 vice president (and Pwnie Award judge) Kelly Shortridge spoke at the CISO Summit and will team with Nicole Forsgren, research and strategy expert at Google Cloud, to present “Controlled Chaos: The Inevitable Marriage of DevOps and Security” on Wednesday, August 7 at 4 p.m. Pacific time. Additionally, Capsule8 chief scientist Brandon Edwards and research scientist Nick Freeman will explore “A Compendium of Container Escapes” on Thursday, August 8 at 3:50 p.m.
    Read More
  • Aug 7, 2019 | TechRadar.pro

    Fancy Bear hackers used IoT devices to hack corporate networks [Black Hat USA 2019]

    Fortunately Microsoft was able to block these attacks in their early stages but this means that it investigators won't be able to determine exactly what Fancy Bear was attempting to steal from the compromised networks. The company will reveal additional details regarding Fancy Bear's activities online at this year's Black Hat USA security conference.
    Read More
  • Aug 7, 2019 | ITZA Goal 365

    QualPwn is a new exploit for Qualcomm Snapdragon chips, here’s what you need to know [Black Hat USA 2019]

    We don’t have all the details about how this would happen or how easy it would be, but those are coming during Tencent Blade’s Black Hat 2019 and DEFCON 27 presentations.
    Read More
  • Aug 7, 2019 | Threatpost

    Black Hat: LeapFrog Tablet Flaws Let Attackers Track, Message Kids [Black Hat USA 2019]

    The LeapPad Ultimate is a rugged tablet made by LeapFrog that targets children with an array of education, game and eBook apps. Researchers, who disclosed the flaws at Black Hat 2019 on Wednesday, said the tablet has a number of security issues opening the door to a slew of malicious activities by an adversary. Those include allowing bad actors to track the devices, send messages to children or launch man-in-the-middle attacks.
    Read More
  • Aug 7, 2019 | The Cyberwire

    Daily briefing. [Black Hat USA 2019]

    We're in Las Vegas at Black Hat this week. Here are some of the stories that have caught our eye.
    Read More
  • Aug 7, 2019 | WIRED

    HACKERS CAN BREAK INTO AN IPHONE JUST BY SENDING A TEXT [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas on Wednesday, Google Project Zero researcher Natalie Silvanovich is presenting multiple so-called “interaction-less” bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device. And while Apple has already patched five of them, a few have yet to be patched.
    Read More
  • Aug 7, 2019 | Threatpost

    Black Hat 2019: Security’s Powerful Cultural Transformation [Black Hat USA 2019]

    “Start with yes.'” That’s the advice to security teams from Dino Dai Zovi, mobile security lead at Square, giving the keynote on Wednesday at the 23rd annual Black Hat conference in Las Vegas.
    Read More
  • Aug 7, 2019 | Infosecurity Magazine

    #BHUSA Keynote Encourages Positivity and Collaboration [Black Hat USA 2019]

    Speaking in the opening keynote at Black Hat USA, Dino Dai Zovi, researcher and head of security for the cash app at Square, talked about security teams acknowledging developers and vice versa.
    Read More
  • Aug 7, 2019 | Dark Reading

    Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says [Black Hat USA 2019]

    Las Vegas – IOActive industrial cybersecurity expert Ruben Santamarta last fall discovered an Internet-exposed Boeing Co. server housing firmware specifications for the aviation manufacturer's 787 and 737 airplane networks.
    Read More
  • Aug 7, 2019 | Threatpost

    Black Hat 2019: Microsoft Protocol Flaw Leaves Azure Users Open to Attack [Black Hat USA 2019]

    At Black Hat USA 2019, researchers showed how a previously-disclosed flaw on Windows systems that could allow arbitrary code execution could also impact Hyper-V.
    Read More
  • Aug 7, 2019 | BleepingComputer

    Microsoft Ignored RDP Vulnerability Until it Affected Hyper-V [Black Hat USA 2019]

    Details about the attack and the underlying flaw that enabled it are presented at the Black Hat USA security conference where Itkin and Dana Baril, security software engineer at Microsoft, talk from the perspective of both an attacker and a defender.
    Read More
  • Aug 7, 2019 | Threatpost

    Security Vulnerabilities Are Increasingly Putting Kids at Risk [Black Hat USA 2019]

    The latest example of this fear was seen at Black Hat 2019, where serious vulnerabilities were disclosed in LeapFrog’s tablet for kids, the LeapPad Ultimate. Erez Yalon, director of security research at Checkmarx, who disclosed the flaws at Black Hat 2019 on Wednesday, said the tablet has a number of security issues opening the door to a slew of malicious activities by an adversary. Those include allowing bad actors to track the devices, send messages to children or launch man-in-the-middle attacks.
    Read More
  • Aug 7, 2019 | HelpNet Security

    Tenable unveils new product innovations in Tenable.sc and Tenable.io [Black Hat USA 2019]

    Tenable, the Cyber Exposure company, announced at Black Hat USA 2019 new product innovations in Tenable.sc (formerly SecurityCenter) and Tenable.io to continuously discover and assess known and unknown assets across on-premises and cloud environments from a single platform at no extra charge.
    Read More
  • Aug 7, 2019 | Dark Reading

    Researchers Show Vulnerabilities in Facial Recognition [Black Hat USA 2019]

    Researchers Yu Chen, Bin Ma, and Zhuo (HC) Ma of Tencent Security's Zuanwu Lab were scheduled to speak here at Black Hat USA, but Visa denials left HC Ma alone on the stage. He said his colleagues had begun the research to find out how biometric authentication was being implemented and, specifically, how the routines designed to separate a living human from a photo or other fake were put into practice.
    Read More
  • Aug 7, 2019 | Inside Cybersecurity

    Black Hat keynoter: If cybersecurity is everyone’s job, what’s the security team’s job? [Black Hat USA 2019]

    Black Hat kicked off here with a keynote by Dino Dai Zovi -- the mobile security lead at Square -- and with a record 20,000 participants expected to attend the two-day conference.
    Read More
  • Aug 7, 2019 | ITPro Today

    Black Hat 2019: Deepfakes Require a Rethink of Incident Response [Black Hat USA 2019]

    Two sessions at this year’s Black Hat event here in Las Vegas dive into the issue and offer insights on how deepfakes are created, and also highlight advances in technology that can possibly be used to detect the videos. Titled "Detecting deepfakes with Mice" and "Playing Offense and Defense with deepfakes," the sessions’ place on the agenda solidify that this is an issue for the security department to pay attention to as more criminals use deepfakes in social engineering attacks.
    Read More
  • Aug 7, 2019 | Portswigger

    Ancient technique tears a hole through modern web stacks at Black Hat 2019 [Black Hat USA 2019]

    Presenting at Black Hat USA today, the PortSwigger Web Security researcher demonstrated how isolated HTTP requests can be exploited to poison web caches and desynchronize entire systems – including those belonging to major companies such as PayPal and Red Hat.
    Read More
  • Aug 7, 2019 | Patently Apple

    Microsoft and Apple Level up Star Hacker Bug Bounties [Black Hat USA 2019]

    The iPhones will be given to the rock star hackers that participate in the Cupertino company's invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference.
    Read More
  • Aug 7, 2019 | Security Ledger

    Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson [Black Hat USA 2019]

    In this week’s episode of the Podcast, # 156: we’re back at “hacker summer camp” in Las Vegas this week – also known as the Black Hat, B-Sides and DEF CON conferences, which bring tens of thousands of the world’s top security experts to the Las Vegas Strip.
    Read More
  • Aug 7, 2019 | CRN

    Black Hat 2019: 12 Cybersecurity Myths That Could Put You At Risk [Black Hat USA 2019]

    CRN asks 12 executives, sales and technical leaders attending Black Hat 2019 what they see as the top oft-repeated beliefs about cybersecurity that are foolishly accepted as fact.
    Read More
  • Aug 7, 2019 | Portswigger

    JSShell takes cross-site scripting to new highs [Black Hat USA 2019]

    Akamai’s Daniel Abeles today walked Black Hat attendees through version 2.0 of JSShell – a free-to-install web tool that aims to make XSS-to-RCE exploitation easier than ever.
    Read More
  • Aug 7, 2019 | The CyberWire Daily Podcast

    Episode 909 [Black Hat USA 2019]

    A new speculative execution processor flaw is addressed with software mitigations. LokiBot gets more persistent, and it adopts steganography for better obfuscation. The cyber-spies of APT41 seem to be doing some moonlighting. An accused criminal who bribed telco workers to unlock phones is in custody. Scammers are exploiting the tragedies in El Paso and Dayton. And a call at Black Hat for the security sector to bring in some safety engineers. Ben Yelin from UMD CHHS on Virginia updating legislation to address Deep Fakes. Guest is James Plouffe from MobileIron on the challenges of authentication and the legacy of passwords.
    Read More
  • Aug 7, 2019 | Gizmodo

    Windows Quietly Patches Bug That Could Reverse Meltdown, Spectre Fixes for Intel CPUs [Black Hat USA 2019]

    The issue hit Intel by far the hardest, but also competitors like AMD and ARM to a lesser degree. Patches have since been issued, but at around the same time researchers for security firm Bitdefender discovered a related issue that threatened to make the patches useless for Windows machines, Tom’s Guide wrote. Bitdefender researchers revealed their findings at the Black Hat security conference in Las Vegas on Tuesday, almost exactly a year to the date after finding it.
    Read More
  • Aug 7, 2019 | The Register UK

    Hack computers to steal someone's identity in China? Why? You can just buy one from a bumpkin for, like, $3k [Black Hat USA 2019]

    Black Hat Black Hat founder Jeff Moss opened this year's shindig in Las Vegas with tales of quite how odd the hacking culture in China is.
    Read More
  • Aug 7, 2019 | TechTarget

    Black Hat 2019 keynote: Software teams must own security [Black Hat USA 2019]

    In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasized security as a collaborative effort by all software teams that relies on communication, automation and feedback.
    Read More
  • Aug 7, 2019 | Container Journal

    Sysdig Injects More AI into Container Security [Black Hat USA 2019]

    At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments.
    Read More
  • Aug 7, 2019 | WIRED

    A BOEING CODE LEAK EXPOSES SECURITY FLAWS DEEP IN A 787'S GUTS [Black Hat USA 2019]

    At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called electronic flight bag, a collection of navigation documents and manuals used by pilots. Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane's network. An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors. Boeing maintains that other security barriers in the 787's network architecture would make that progression impossible.
    Read More
  • Aug 7, 2019 | Enterprise Times

    Cloud security offers significant benefits if you start right [Black Hat USA 2019]

    At Black Hat 2019 in Las Vegas, Enterprise Times talked with Sergio Caltagirone, Vice President, Threat Intelligence at Dragos and John Yeoh, Vice President of Research at the Cloud Security Alliance. With the skills shortage hurting many small to medium businesses (SMB), cloud is being seen, by some sectors, as a panacea to the problem.
    Read More
  • Aug 7, 2019 | WIRED

    [Black Hat USA 2019]


    Read More
  • Aug 7, 2019 | Hilltop Monitor

    Microsoft launches Azure Security Lab [Black Hat USA 2019]

    At the ongoing Black Hat USA 2019 conference, Microsoft announced the Azure Security Lab ‚ a sandbox-like environment for security researchers to test Azure security without putting the company's customers at risk.
    Read More
  • Aug 7, 2019 | Tech Lapse

    Major flaw affects latest-generation Intel processors [Black Hat USA 2019]

    On the occasion of the Black Hat conference, Bitdefender explained that the vulnerability of these processors is at the level of the speculative execution feature. The latter is to guess the instructions that will potentially be used later to make the processors faster. However, this can leave traces exploitable by hackers and allow them to lead an attack “by auxiliary channel” .
    Read More
  • Aug 7, 2019 | Infosecurity Magazine

    Children's Tablet Revealed Location, Researchers Found [Black Hat USA 2019]

    Researchers at the Black Hat security conference this week have revealed vulnerabilities in a leading child's tablet product.
    Read More
  • Aug 7, 2019 | Forecast Wire

    Your security team is probably an infuriating obstacle – but it doesn’t have to be this way [Black Hat USA 2019]

    Which is why it was such a glorious breath of fresh air to hear Dino Dai Zovi‘s keynote speech at the Black Hat security conference in Las Vegas this morning. Dai Zovi, staff security engineer at Square, argued that the all-too-common model of security as a team which sits and snipes at the people who actually build things, telling them no and pointing fingers, is in fact fantastically counterproductive.
    Read More
  • Aug 7, 2019 | Fox 5 Las Vegas

    Cybersecurity experts from around the world descend on Las Vegas for Black Hat 2019 [Black Hat USA 2019]

    Voting machines could be very vulnerable during the 2020 election. Black Hat surveyed cyber-security experts from around the world. They said there's a 60% chance the 2020 presidential election will be hacked.
    Read More
  • Aug 7, 2019 | IT News Australia

    Chinese government hackers suspected of moonlighting for profit [Black Hat USA 2019]

    The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world's most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns.
    Read More
  • Aug 7, 2019 | Dark Reading

    Censys To Unveil Attack Surface Visibility Platform at Black Hat [Black Hat USA 2019]

    LAS VEGAS — Censys, Inc., the leading provider of Internet security data trusted by the likes of Google and The US Department of Homeland Security, today from Black Hat USA 2019, announced the upcoming launch of its enterprise-level attack surface management software platform that provides real-time visibility and actionable insights over entire network attack surfaces.
    Read More
  • Aug 7, 2019 | Politico

    Scoop: Buttigieg gets a CISO [Black Hat USA 2019]

    HAPPY WEDNESDAY and welcome to Morning Cybersecurity! It’s a very report-y edition of MC, what with Black Hat and DEF CON kicking off. Please send your thoughts, feedback and especially tips to tstarks@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
    Read More
  • Aug 7, 2019 | Digital Munition

    Microsoft intros security lab to test Azure vulnerabilities [Black Hat USA 2019]

    Announced at the Black Hat USA 2019 conference this week, the Azure Security Lab is a set of dedicated cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers.
    Read More
  • Aug 7, 2019 | Security Boulevard

    Live From Black Hat USA: Four Key Takeaways from Dino Dai Zovi’s Keynote [Black Hat USA 2019]

    “Did you know that your 20th Black Hat is when you get to give the keynote at Black Hat?” Dino Dai Zovi, head of security for Cash App at Square, joked to the packed ballroom. While it may have been Dai Zovi’s 20th conference, the topic of his keynote has never been more fitting for where we are in security and the ways in which it mirrors what we experience in our day-to-day life.
    Read More
  • Aug 7, 2019 | Security Boulevard

    Live From Black Hat USA: Communication’s Key Role in Security [Black Hat USA 2019]

    The kick-off keynote for the 23rd Black Hat USA Conference in Las Vegas set the stage for the conversations that will undoubtedly be discussed in great detail over the next two days – and likely the next two years – if Black Hat founder Jeff Moss’ opening remarks are indicative of a trend. Moss pointed out that security had been asking for the spotlight, both in legislative and more corporate settings, and the industry has had it for the last two years.
    Read More
  • Aug 7, 2019 | Digital Mutation

    Wi-Fi-spying gizmos may lurk in future parcels [Black Hat USA 2019]

    "Think of the volume of boxes moving through a corporate mailroom daily," said Charles Henderson of IBM X-Force Red on Wednesday, just in time for this year's Black Hat USA conference in Las Vegas. "Or consider the packages dropped off on the porch of a CEO's home, sitting within range of their home Wi-Fi. Using warshipping, X-Force Red was able to infiltrate corporate networks undetected."
    Read More
  • Aug 7, 2019 | VentureBeat

    Vectra: Ransomware attacks are spreading to cloud, datacenter, and enterprise infrastructure [Black Hat USA 2019]

    The Vectra 2019 Spotlight Report on Ransomware finds that the most significant ransomware threat — in which hackers steal your data and hold it for ransom — is malicious encryption of shared network files in cloud service providers. San Jose, California-based Vectra released the report ahead of the Black Hat 2019 security conference in Las Vegas this week.
    Read More
  • Aug 7, 2019 | PC Magazine

    APT41 Is Not Your Usual Chinese Hacker Group [Black Hat USA 2019]

    A Chinese hacker group known as APT41 appears to have taken up financial crimes in addition to the usual state-sponsored cyber espionage, FireEye researchers revealed here at Black Hat.
    Read More
  • Aug 7, 2019 | The Washington Post

    The Cybersecurity 202: Here's how the Justice Department wants to befriend ethical hackers [Black Hat USA 2019]

    Bailey acknowledged the conflict. He joked in a 2016 address that when he first met with ethical hackers at the Black Hat cybersecurity conference in 2015 “only half [of the meeting] was being yelled at.” In succeeding years, he says, those conversations have become far less hostile and more productive. Now, he says ethical hackers frequently call him to talk over policy disagreements.
    Read More
  • Aug 7, 2019 | Reuters

    Chinese government hackers suspected of moonlighting for profit [Black Hat USA 2019]

    The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world’s most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns.
    Read More
  • Aug 7, 2019 | 9to5 Mac

    PSA: Latest Spectre and Meltdown scare only affects Macs running Windows [Black Hat USA 2019]

    Security company Bitdefender revealed the issue at the Black Hat security conference yesterday, reports Tom’s Guide. Interestingly, they actually discovered it a year ago, but Intel didn’t initially believe it to be a real-life problem.
    Read More
  • Aug 7, 2019 | MacTrast

    New Meltdown and Spectre Security Bugs Affects Macs Running Windows [Black Hat USA 2019]

    Tom’s Guide reports security company Bitdefender announced the issue at the Black Hat security conference on Tuesday. Although the flaw was discovered a year ago, Intel didn’t initially believe it to be a real-life issue.
    Read More
  • Aug 7, 2019 | Tom's Guide

    New Intel Flaw Exposes Secrets on Windows Machines: What to Do [Black Hat USA 2019]

    Bitdefender disclosed the flaw in conjunction with Microsoft today (Aug. 6) here at the Black Hat security conference, almost one year to the day after Bitdefender's researchers told Intel of the flaw.
    Read More
  • Aug 7, 2019 | Linux

    Sysdig Injects More AI into Container Security [Black Hat USA 2019]

    At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments. At the same time, Sysdig unveiled Falco Rule Builder, a more flexible user interface (UI) for creating runtime security policies, which integrates tightly with Sysdig Secure. Knox Anderson, director of product management for Sysdig, says these extensions will make it easier for organizations to embrace best DevSecOps processes by relying on container monitoring and security tools for Kubernetes environments delivered via a software-as-a-service (SaaS) application, dubbed Sysdig Cloud Native Visibility and Security Platform (VSP).
    Read More
  • Aug 7, 2019 | iLounge

    Apple Hands Hackers Secret iPhones In A Bid To Boost Security [Black Hat USA 2019]

    Apple will be giving security researchers special iPhones for better testing of potential weaknesses and vulnerabilities. According to Forbes, Apple is expected to announce the program during the Black Hat security conference which will be held in Las Vegas.
    Read More
  • Aug 7, 2019 | ABC 13 Las Vegas KTNV

    DEF CON, Black Hat in Las Vegas unite cybersecurity pros and show possible security dangers [Black Hat USA 2019]

    Tens of thousands of the world’s best cybersecurity professionals are in Las Vegas this week for two events, DEF CON and Black Hat .
    Read More
  • Aug 7, 2019 | Windows Report

    Windows 10 gets silent security patch to deal with SWAPGS vulnerability [Black Hat USA 2019]

    As such, Microsoft released a silent patch to address the problem. The update to the Linux kernel was part of last month’s Patch Tuesday, but it wasn’t revealed until recently, at the BlackHat security conference.
    Read More
  • Aug 7, 2019 | PowerPage

    Apple reportedly set to announce iOS, macOS bug bounty programs starting later this month [Black Hat USA 2019]

    Apple is also expected to announce plans to offer security researchers iPhone handsets at the Black Hat security conference in Las Vegas later this week. This program is expected to make it easier for Apple to find weaknesses in iOS’ security features.
    Read More
  • Aug 7, 2019 | PowerPage

    Apple reportedly set to announce iOS, macOS bug bounty programs starting later this month [Black Hat USA 2019]

    Apple is also expected to announce plans to offer security researchers iPhone handsets at the Black Hat security conference in Las Vegas later this week. This program is expected to make it easier for Apple to find weaknesses in iOS’ security features.
    Read More
  • Aug 7, 2019 | Engadget

    The Morning After: Instagram's 'huge booty' issue [Black Hat USA 2019]

    Apple plans to offer security researchers special iPhones and finally launch a bug bounty program for Mac, according to a Forbes report. Cupertino will reportedly announce those security measures at the Black Hat security conference in Las Vegas later this week in an effort to strengthen its flawed bug bounty program -- and security.
    Read More
  • Aug 7, 2019 | TechSpot

    Microsoft quietly patched a Spectre-style vulnerability in Intel chips that could expose user data [Black Hat USA 2019]

    Intel dismissed the initial report of the issue, saying it already knew of the vulnerability and had no plans to fix it, but Bitdefender provided a proof-of-concept attack that showed how it could be exploited and the flaw was disclosed at the Black Hat security conference yesterday. It exploits the SWAPGS kernel-level instruction set, which was introduced with Ivy Bridge processors back in 2012.
    Read More
  • Aug 7, 2019 | IT Pro UK

    SWAPGS Attack is the latest Windows exploit to worry about [Black Hat USA 2019]

    The security flaw, which was revealed at the annual Black Hat conference 2019 in Las Vegas, affects every single Windows computer running an Intel CPU dating back to 2012, regardless of which version of Windows is installed.
    Read More
  • Aug 7, 2019 | CNET

    Black Hat and Defcon look to boost diversity through day care [Black Hat USA 2019]

    When Jeff Moss started Defcon in 1993, it was unheard of to bring kids to the hacker conference in Las Vegas. Now, as the conference and its attendees grow up, and more security researchers and hackers are becoming parents, services like day cares and childcare rooms at Black Hat and Defcon are in high demand.
    Read More
  • Aug 7, 2019 | WIRED

    SAMSUNG'S NEW PHONES, A BOEING 787 SOFTWARE FLAW, AND MORE NEWS [Black Hat USA 2019]

    At the Black Hat conference, security researchers lifted the curtain on "interaction-less bugs" in Apple's iOS, which would give a hacker access to your phone without you doing anything at all. An attacker could send a specially crafted text message, and even if you don't open it, the iMessage server would send back specific user data, like the content of your SMS messages or images.
    Read More
  • Aug 7, 2019 | News 3 Las Vegas

    HACKERS BEWARE: Black Hat 2019 brings advanced cybersecurity [Black Hat USA 2019]

    The annual hacking and security conference is here again.Experts and researchers from all over the world are showcasing cybersecurity and privacy risks at Black Hat 2019. Black Hat USA is in its 23rd year. It's the world's leading information security event.
    Read More
  • Aug 7, 2019 | Channel Futures

    Black Hat: Everyone Has a Part to Play in Cybersecurity [Black Hat USA 2019]

    That was the message conveyed Wednesday by keynoter Dino Dai Zovi, Square’s mobile security lead, at this week’s Black Hat USA 2019 conference in Las Vegas. In its 23rd year, the conference has drawn a record 19,000-plus attendees.
    Read More
  • Aug 7, 2019 | CNET

    Black Hat and Defcon look to boost diversity through day care [Black Hat USA 2019]

    When Jeff Moss started Defcon in 1993, it was unheard of to bring kids to the hacker conference in Las Vegas. Now, as the conference and its attendees grow up, and more security researchers and hackers are becoming parents, services like day cares and childcare rooms at Black Hat and Defcon are in high demand.
    Read More
  • Aug 7, 2019 | HelpNet Security

    Kiuwan’s application security testing platform helps teams realize DevSecOps goals [Black Hat USA 2019]

    Kiuwan, a provider of application security testing tools, announced the availability of free software vulnerability scan trials for the US market, with live demonstrations at Black Hat USA 2019.
    Read More
  • Aug 7, 2019 | Gadgets 360

    SWAPGS Speculative Execution Vulnerability for Intel CPUs Disclosed, Microsoft Releases Windows 10 Patch [Black Hat USA 2019]

    Security vendor Bitdefender has disclosed details of a new speculative execution security vulnerability in Intel CPUs dating back to 2012, which could be used to steal sensitive information including passwords from a computer. The newly discovered issue, named SWAPGS, could also negate all the patches so far released for the infamous Spectre and Meltdown flaws. According to Bitdefender, the issue was first discovered over a year ago, and the company has been working with Intel and other ecosystem stakeholders in order to minimise its impact. Public disclosure was withheld till just now, at the ongoing Black Hat security conference, where Bitdefender has released a detailed whitepaper on its research.
    Read More
  • Aug 7, 2019 | ZDNet

    New ‘warshipping’ technique gives hackers access to enterprise offices [Black Hat USA 2019]

    At Black Hat USA in Las Vegas, Nevada, IBM researchers said that warshipping is made possible through the proliferation of e-commerce deliveries, now an everyday occurrence which has slowly replaced visits to traditional brick-and-mortar stores.
    Read More
  • Aug 7, 2019 | IT Web

    Microsoft intros security lab to test Azure vulnerabilities [Black Hat USA 2019]

    Announced at the Black Hat USA 2019 conference this week, the Azure Security Lab is a set of dedicated cloud hosts, aimed at allowing security researchers to aggressively test attacks against infrastructure-as-a-service scenarios. It also allows participants to identify research vulnerabilities in Azure and do their best to emulate criminal hackers.
    Read More
  • Aug 6, 2019 | Tom's Guide

    How Europe's GDPR Privacy Rules Help Identity Thieves [Black Hat USA 2019]

    The truth is, though, that "many organizations fail to employ adequate safeguards against Right of Access abuse and thus risk exposing sensitive information to unauthorized third parties," as Knerr and Pavur wrote in a white paper released in conjunction with Pavur's Black Hat presentation.
    Read More
  • Aug 6, 2019 | Forbes

    Android Alert: Users Urged To Patch Critical Flaw In Recent Qualcomm Chips, Millions At Risk [Black Hat USA 2019]

    More critical security vulnerabilities are being unveiled at the Black Hat USA 2019 conference which is now in full swing in Las Vegas, Nevada, and this time it’s coming from Tencent’s Blade Team.
    Read More
  • Aug 6, 2019 | ZDNet

    New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits [Black Hat USA 2019]

    The vulnerability was discovered by researchers at Bitdefender as they researched CPU architectures. They've chosen to reveal what they found in a session at Black Hat USA after working with Intel, Microsoft and others to ensure an update was released to fix the bug as part of Patch Tuesday.
    Read More
  • Aug 6, 2019 | Security Boulevard

    Mimecast introduced community based tailored threat intelligence tool at Black Hat 2019 [Black Hat USA 2019]

    Yesterday, at Black Hat 2019, Mimecast Limited, a leading email and data security company, introduced Mimecast Threat Intelligence which offers a deeper understanding of the cyber threats faced by organizations.
    Read More
  • Aug 6, 2019 | Android Central

    QualPwn is a new exploit for Qualcomm Snapdragon chips, here's what you need to know [Black Hat USA 2019]

    This makes finding these bugs and vulnerabilities an industry in its own right. At DEFCON 27 and Black Hat 2019, huge venues where exploits are made public and demonstrated (and hopefully, patched), a vulnerability in Qualcomm chips has been announced by the Tencent Blade Team that would allow an attacker to gain access through the kernel and potentially get into your phone and cause harm. The good news is that it was responsibly announced and Qualcomm worked with Google to fix the issue with the August 2019 Android Security Bulletin.
    Read More
  • Aug 6, 2019 | Channel Futures

    Dell’s Secureworks Releases SaaS-Based Red Cloak TDR with Managed Services Option [Black Hat USA 2019]

    BLACK HAT USA — Secureworks is using this week’s Black Hat USA 2019 conference in Las Vegas to release its new Red Cloak Threat Detection and Response (TDR), the company’s first of a planned suite of SaaS-based software offerings announced earlier this year.
    Read More
  • Aug 6, 2019 | Solutions Review

    Exploring Bug Bounties With Microsoft’s Bug Bounty Challenge [Black Hat USA 2019]

    Recently, at the Black Hat 2019 conference, technology giant and cybersecurity provider Microsoft made two startling announcements:
    Read More
  • Aug 6, 2019 | Portswigger

    Black Hat Briefings: Assessing the impact of last year’s pioneering security research [Black Hat USA 2019]

    On the eve of the Black Hat 2019 Briefings sessions, The Daily Swig takes a closer look at the real-world impact of the security research that’s showcased in the desert each year
    Read More
  • Aug 6, 2019 | DevClass

    Microsoft waves $300,000 at hackers, says ‘do your worst’ to Azure Security Lab [Black Hat USA 2019]

    The company chose the Black Hat Conference in Las Vegas to announce it was “inviting a select group of talented individuals to come and do their worst to emulate criminal hackers in a customer-safe cloud environment called the Azure Security Lab.”
    Read More
  • Aug 6, 2019 | Fudzilla

    Microsoft provides tools to find holes in Azure [Black Hat USA 2019]

    Addressing the assembed throngs at the Black Hat conference, Kymberlee Price, Microsoft’s security community manager said that Azure Security Lab is a set of dedicated cloud hosts isolated from Azure customers so security researchers can test attacks against cloud scenarios. The isolation means researchers can not only research vulnerabilities in Azure, they can attempt to exploit them.
    Read More
  • Aug 6, 2019 | The Washington Post

    The Cybersecurity 202: The government's relationship with ethical hackers has improved, security experts say [Black Hat USA 2019]

    The relationship between ethical hackers and the federal government is better now than it was in 2013, when then-National Security Agency chief Keith Alexander first spoke at the Black Hat cybersecurity conference — not long after Edward Snowden revealed the government's sweeping surveillance programs.
    Read More
  • Aug 6, 2019 | Engadget

    Apple may soon hand special iPhones to security researchers [Black Hat USA 2019]

    Apple will start providing security researchers special iPhones and will finally launch a bug bounty program for Mac, according to Forbes. Cupertino will reportedly announce those security measures at the Black Hat security conference in Las Vegas later this week in an effort to strengthen its flawed bug bounty program.
    Read More
  • Aug 6, 2019 | Mashable India

    Apple To Provide "Pre-Jailbroken" iPhones To Researchers As Part Of A Reward Program: Report [Black Hat USA 2019]

    According to a report by Forbes, Apple will be announcing the new program at the ongoing Black Hat security conference in Las Vegas which runs in till Thursday, August 8.
    Read More
  • Aug 6, 2019 | Cult of Mac

    Apple might give hackers special iPhones to plug security problems [Black Hat USA 2019]

    According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS.
    Read More
  • Aug 6, 2019 | TechTarget

    LogicHub introduces automation updates to its SOAR platform [Black Hat USA 2019]

    LogicHub is demonstrating its newest intelligent automation features at the Black Hat conference in Las Vegas until Aug. 9, 2019.
    Read More
  • Aug 6, 2019 | Times of India

    Here's why Microsoft paid Rs 31.2 crores to 'hackers' last year [Black Hat USA 2019]


    Read More
  • Aug 6, 2019 | CRN

    12 Big New Network And Endpoint Security Tools From The Black Hat 2019 Conference [Black Hat USA 2019]

    Vendots attending the Black Hat 2019 conference have placed big bets around network and endpoint security, debuting offerings that turn network assets into security devices, redirect attempted endpoint access into deception environments, and use machine-learning algorithms on network flows and packet data.
    Read More
  • Aug 6, 2019 | InfoSecurity Magazine

    Microsoft, Apple Level Up Bounties [Black Hat USA 2019]

    An announcement at Black Hat 2019 this week would mark the third anniversary of Apple's original bug bounty program, in which it promised to pay up to $200,000 for the best reported security flaws.
    Read More
  • Aug 6, 2019 | Meritalk

    GSA Reflects on Years of Lessons Learned for Cloud Security [Black Hat USA 2019]

    Senior Security Architect for the General Services Administration’s (GSA’s) Technology Transformation Services (TTS) and Centers of Excellence (CoE) Dan Jacobs wants agencies and industry alike to heed the lessons GSA has learned from experience and the Black Hat conference over the past 16 years when it comes to securely implementing cloud.
    Read More
  • Aug 6, 2019 | BGR

    Apple will provide jailbroken iPhones to researchers investigating iOS security [Black Hat USA 2019]

    Additionally, Apple wants to open a Mac bug bounty program that will also offer financial incentives to researchers who find vulnerabilities and alert Apple. It’s unclear when the Mac bug bounty program will be announced. Apple might reveal more details on Thursday when Apple’s head of security and engineering Ivan Krstić will deliver a Black Hat talk titled Behind the Scenes of iOS and Mac Security
    Read More
  • Aug 6, 2019 | IoT Evolution World

    Armis Finds 11 Zero-Day Vulnerabilities, Exposing 200 Million Critical Devices using VxWorks [Black Hat USA 2019]

    Ben Seri and Dor Zusman, security researcher at Armis will present the exploration of the URGENT/11 vulnerabilities at Black Hat 2019 in Las Vegas on Thursday, August 8, 2019. The talk will also include a demonstration of real-world end-to-end attacks on VxWorks-based devices including a firewall and printer.
    Read More
  • Aug 6, 2019 | TechTarget

    I’m at Black Hat 2019 for the next couple days: Here’s what I hope to learn [Black Hat USA 2019]

    I’m off at Black Hat 2019 through Thursday evening. This is the first time BrianMadden.com has attended this conference, so despite being stuck in Las Vegas for more time than I’d ever like, I’m excited!
    Read More
  • Aug 6, 2019 | FossBytes

    Microsoft Asks Researchers To “Do Their Worst,” Doubles Azure Bounty To $40,000 [Black Hat USA 2019]

    At the ongoing Black Hat USA 2019 conference, Microsoft announced the Azure Security Lab ‚ a sandbox-like environment for security researchers to test Azure security without putting the company’s customers at risk.
    Read More
  • Aug 6, 2019 | iDropNews

    ‘Rock Star’ Hackers Will Get Special iPhones from Apple to Help Boost Security [Black Hat USA 2019]

    A new report in Forbes reveals that Apple is planning to announce a new program at this week’s Black Hat security conference in Las Vegas where it will give select security researchers special “pre-jailbroken” iPhones to make it easier for them to find weaknesses in the iPhone hardware and iOS operating system
    Read More
  • Aug 6, 2019 | Digital Munition

    Apple might give hackers special iPhones to plug security problems [Black Hat USA 2019]

    According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS.
    Read More
  • Aug 6, 2019 | TechRadar

    Microsoft launches Azure Security Lab for greater cloud protection [Black Hat USA 2019]

    At this year's Black Hat USA security conference, the company unveiled its new Azure Security Lab which is made up of a set of dedicated cloud hosts that security professionals invited by the software giant will be able to use to test for vulnerabilities and exploits in Azure.
    Read More
  • Aug 6, 2019 | The Mac Observer

    Apple Bug Bounty Program Coming This Month [Black Hat USA 2019]

    The iPhones will be given to the rock star hackers that participate in the Cupertino company’s invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference. What makes these iPhones special? One source with knowledge of the Apple announcement said they would essentially be “dev devices.” Think of them as iPhones that allow the user to do a lot more than they could on a traditionally locked-down iPhone. For instance, it should be possible to probe pieces of the Apple operating system that aren’t easily accessible on a commercial iPhone. In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities. This would allow them to see what happens at the code level when they attempt an attack on iOS code.
    Read More
  • Aug 6, 2019 | MSSP Alert

    LogicHub SOAR Gains Autonomous Detection and Response [Black Hat USA 2019]

    SOAR+ with autonomous detection and response is now available, and LogicHub will showcase the updated platform at the Black Hat USA 2019 conference in Las Vegas, Nevada.
    Read More
  • Aug 6, 2019 | CSO Australia

    Microsoft dangles USD$300k in updated Azure cloud bug bounty [Black Hat USA 2019]

    Microsoft unveiled Azure Security Lab at the Black Hat USA conference in Las Vegas on Monday, where it also told security researchers it was doubling the top bounty for Azure bugs to $40,000. But the program, which is open to eligible applicants only, also offers hackers “scenario-based challenges” that max out at $300,000.
    Read More
  • Aug 6, 2019 | EE News Europe

    A secure wireless environment for Light Communication [Black Hat USA 2019]

    Speaking ahead of DEF CON 27, a hacker convention that takes place immediately after Black Hat USA 2019, Dr Dauphinee highlighted the potential that VLC has for environments where there is sensitive information that could be the target of a cyberattack. These environments include financial institutions, government buildings, critical businesses and military bases.
    Read More
  • Aug 6, 2019 | Toolbox

    Stellar Cyber Unveils Starlight™ 3.3; Offers AI-Based Dynamic Phishing Detection and Automated Event Correlation [Black Hat USA 2019]

    Black Hat USA 2019 — Security analytics provider Stellar Cyber recently unveiled Starlight™ 3.3, which is the first Unified Security Analytics Platform having two industry-first capabilities:
    Read More
  • Aug 6, 2019 | z6mag

    Microsoft offers $300k bounty for those who can hack Azure Security Lab [Black Hat USA 2019]

    In a process to find and locate bugs and vulnerabilities in its Azure cloud platform, Microsoft announced in public at the Black Hat USA 2019 that the tech giant will reward $300,000 to researchers who successfully attack and launch test exploits for the platform.
    Read More
  • Aug 6, 2019 | z6mag

    Russian hackers are targeting corporate VoIP phones and IoT devices [Black Hat USA 2019]

    Security research presented at the Black Hat, Microsoft said that in April, Russian hackers compromised VoIP phones, office printers, and video decoders across multiple corporations. “In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords, and in the third instance the latest security update had not been applied to the device,” Microsoft said in a blog post.
    Read More
  • Aug 6, 2019 | 9to5 Google

    Vulnerability in Snapdragon chips, ‘QualPwn,’ fixed with August security patch [Black Hat USA 2019]

    If you’re interested in seeing a full demonstration of QualPwn in action, Tencent Blade will be presenting it at Black Hat USA 2019 on Thursday
    Read More
  • Aug 6, 2019 | Container Journal

    Sysdig Injects More AI into Container Security [Black Hat USA 2019]

    At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments.
    Read More
  • Aug 6, 2019 | Threatpost

    Millions of Android Smarphones Vulnerable to Trio of Qualcomm Bugs [Black Hat USA 2019]

    The QualPwn vulnerabilities will be discussed by Tencent’s Blade Team researchers at BlackHat USA 2019 and DEFCON 27 later this week, according to researchers. Researchers declined to share vulnerability specifics until, as they put it: “we’re informed that the flaws are fixed and consumers have time to install security updates on their devices.”
    Read More
  • Aug 6, 2019 | Portswigger

    Spies piggyback on IoT insecurity to hack into corporate networks [Black Hat USA 2019]

    Microsoft has published at outline of the attack and indicators of compromise ahead of a talk on the topic by Microsoft Eric Doerr at Black Hat USA on Thursday (8 August).
    Read More
  • Aug 6, 2019 | Forbes

    Microsoft Confirms It Has Paid $4.4M To Hackers [Black Hat USA 2019]

    Microsoft has announced, at the start of the Black Hat 2019 hacking and security event in Las Vegas, that it has paid $4.4 million (£3.6 million) to hackers over the past 12 months. What's more, it has issued a new challenge for confident and aggressive hackers to come and have a go if they think they're hard enough.
    Read More
  • Aug 6, 2019 | Forbes

    Cybereason Raises $200 Million Led By SoftBank Group Ahead Of IPO [Black Hat USA 2019]

    Cybereason, a cloud-based cybersecurity company and Forbes 2019 Next Billion-Dollar Startups honoree announced Tuesday $200 million in new funding. Led by SoftBank Group, the Series E round boosts the company’s valuation to $900 million, with $389 million in total equity. The fresh influx provides padding as Cybereason prepares for an initial public offering, the timing of which depends on market conditions., CEO and cofounder Lior Div told Forbes. In the meantime, Cybereason aims to expand its already global reach, the details of which will be announced this week at Black Hat, the annual infosec conference in Las Vegas.
    Read More
  • Aug 6, 2019 | Verdict

    Black Hat conference gets underway / Which? publishes Facebook fake review findings / Disney announces Q3 results with streaming in its sights [Black Hat USA 2019]

    Following a weekend of technical sessions, the main Black Hat 2019 conference will get underway today, providing attendees with insight into the latest developments and trends in information security.
    Read More
  • Aug 6, 2019 | The Register

    It's 2019 – and you can completely pwn a Qualcomm-powered Android over the air [Black Hat USA 2019]

    Black Hat It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices.
    Read More
  • Aug 6, 2019 | TechTarget

    I’m at Black Hat 2019 for the next couple days: Here’s what I hope to learn [Black Hat USA 2019]

    Meanwhile, Black Hat looks to offer slightly more technical sessions that might help grow my knowledge about security and the vulnerabilities in the wild.
    Read More
  • Aug 6, 2019 | CNET

    How to prepare for the world's largest hacker fest [Black Hat USA 2019]

    One of the largest gatherings of hackers is happening in Las Vegas in August, with Black Hat and Defcon are set to start this week. The back-to-back cybersecurity conferences are often referred to as "Hacker Summer Camp," which raises questions about how to keep yourself safe when you're surrounded by hackers.
    Read More
  • Aug 6, 2019 | CRN

    12 Cool New Threat Detection And Response Products Unveiled At Black Hat 2019 [Black Hat USA 2019]

    Here's a look at 12 products released around Black Hat 2019 that make it easier for customers and partners to locate and prioritize advanced threats and respond to security incidents in an automated fashion.
    Read More
  • Aug 6, 2019 | CRN

    20 Hot New Cybersecurity Products Unleashed At Black Hat Las Vegas 2019 [Black Hat USA 2019]

    From inspecting encrypted traffic in real time to using machine learning to build profiles of containers to ranking security gaps by their potential business impact, here's a look at 20 hot cybersecurity products unleashed at Black Hat this year.
    Read More
  • Aug 6, 2019 | MJ Tsai Blog

    Hacker-Friendly iPhones and Mac Bug Bounty Program [Black Hat USA 2019]

    Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It’ll also be announcing an Apple Mac bounty, so anyone who can find security issues in macOS will get rewarded, sources claimed.
    Read More
  • Aug 5, 2019 | CRN

    Black Hat 2019 News and Analysis [Black Hat USA 2019]

    CRN is live in Las Vegas for Black Hat 2019 Bookmork this page for the latest news and announcements from the show floor
    Read More
  • Aug 5, 2019 | MS Power User

    Microsoft is doubling down on Azure security [Black Hat USA 2019]

    At Black Hat conference in Las Vegas, Microsoft today announced that it is doubling down on Azure security. First, Microsoft is encouraging more security researchers to exploit Azure by doubling the top bounty reward for Azure vulnerabilities to $40,000. Second, Microsoft is making it easier for security researchers to aggressively test Azure in a closed environment. Microsoft is inviting a select group of security individuals to emulate criminal hackers in a cloud environment called the Azure Security Lab.
    Read More
  • Aug 5, 2019 | 9to5 Mac

    Report: Apple to provide ‘pre-jailbroken’ iPhones to researchers, launch macOS bug bounty program [Black Hat USA 2019]

    Apple is reportedly set to provide security researchers with unique iPhone models that would allow them to more easily find weaknesses in iOS. Forbes reports that Apple will make this announcement at the Black Hat security conference later this week.
    Read More
  • Aug 5, 2019 | Security Boulevard

    Black Hat 2019 On Your Mark, Get Set, Go [Black Hat USA 2019]

    It’s that time. The Black Hat Conference is taking place in Las Vegas this week and tens of thousands of people will fill the space in and around the Mandalay Bay hotel to gain insight on emerging attack trends and techniques—and how to effectively defend against those exploits.
    Read More
  • Aug 5, 2019 | HelpNet Security

    Devo Technology defines vision for next-gen cloud SIEM [Black Hat USA 2019]

    According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS.
    Read More
  • Aug 5, 2019 | Forbes

    Apple Is Giving Out Hacker-Friendly iPhones, Plots Mac Bug Bounty — Sources [Black Hat USA 2019]

    From a cybersecurity perspective, it appears so. Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It'll also be announcing an Apple Mac bounty, so anyone who can find security issues in macOS will get rewarded, sources claimed. Apple declined to comment.
    Read More
  • Aug 5, 2019 | SiliconAngle

    Microsoft launches new Azure Security Lab, offering up to $300K to anyone who can hack its public cloud [Black Hat USA 2019]

    Microsoft Corp. announced today at the Black Hat USA Conference in Las Vegas the creation of a new Azure Security Lab that it believes will bolster the security of its public cloud service.
    Read More
  • Aug 5, 2019 | BleepingComputer

    QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air [Black Hat USA 2019]

    Tencent's Blade researchers are scheduled to present the technical details for the QualPwn bugs and exploiting them on Thursday, at the Black Hat security conference. They have already published a brief advisory about the two vulnerabilities.
    Read More
  • Aug 5, 2019 | Forbes

    Microsoft Warns Russian Hackers Can Breach Secure Networks Through Simple IoT Devices [Black Hat USA 2019]

    Just ahead of Black Hat 2019, Microsoft has reported that in April its Threat Intelligence Center discovered a targeted attack against IoT devices—a VOIP phone, a printer and a video decoder. The attack hit multiple locations, using the devices as soft access points into wider corporate networks. Two of the three devices still carried factory security settings, the software on the third hadn't been updated.
    Read More
  • Aug 5, 2019 | Embedded Computing

    HomeGrid Forum Promotes Light Communication for Secure Wireless [Black Hat USA 2019]

    The Visible Light Communication (VLC) industry is growing at a rapid rate, and is set to exceed ten billion devices by 2023, according to HomeGrid Forum President Dr. Len Dauphinee. Speaking ahead of DEF CON 27, a hacker convention that takes place immediately after Black Hat USA 2019, Dr Dauphinee highlighted the potential that VLC has for environments where there is sensitive information that could be the target of a cyberattack.
    Read More
  • Aug 5, 2019 | CRN

    11 Top Cybersecurity Trends To Watch For At Black Hat 2019 [Black Hat USA 2019]

    Black Hat has grown over the past 22 years into the premier stage for cybersecurity professionals to share cutting-edge research and insights though demos, technical trainings and hands-on labs.
    Read More
  • Aug 5, 2019 | Security Boulevard

    What to expect at Black Hat USA 2019 [Black Hat USA 2019]

    Black Hat USA 2019 kicks off this week! We’re incredibly excited for another week of impactful sessions, to hear from industry thought leaders, and even to unwind with other infosec professionals. On the heels of exciting announcements, including a significant Series B funding round and key additions to the leadership team, Swimlane will once again be your headquarters for security orchestration, automation and response (SOAR). Here’s some of what you can expect from this year’s conference:
    Read More
  • Aug 5, 2019 | The Register

    LAPD loses job applicant details, Project Zero pokes holes in iOS, AWS S3 whack-a-mole continues, and more [Black Hat USA 2019]

    Also, look out this week for our Black Hat, DEF CON, and Bsides Las Vegas coverage: our vultures out in the Nevada desert will produce a string of articles from the hacking conferences.
    Read More
  • Aug 5, 2019 | Forbes

    Data Breach Alert: Over 1 Million Credit Card Data From The U.S., South Korea Have Been Leaked [Black Hat USA 2019]

    There’s not a day that goes by anymore without yet another major data leak uncovered and with the Black Hat conference—sort of a boot camp for hackers—kicking off in Las Vegas this week, we might hear more of them in the coming days.
    Read More
  • Aug 5, 2019 | Forbes

    Data Breach Alert: Over 1 Million Credit Card Data From The U.S., South Korea Have Been Leaked [Black Hat USA 2019]

    There’s not a day that goes by anymore without yet another major data leak uncovered and with the Black Hat conference—sort of a boot camp for hackers—kicking off in Las Vegas this week, we might hear more of them in the coming days.
    Read More
  • Aug 5, 2019 | Forbes

    MITRE's ATT&CK Prioritizes Cyber Defenses [Black Hat USA 2019]

    On Wednesday, August 7, at 2:40pm, Black Hat USA 2019, Nichols and Ryan Kovar, Principal Security Strategist at Splunk, will present MITRE ATT&CK: The Play at Home Edition.
    Read More
  • Aug 5, 2019 | Los Angeles Times

    Newsletter: Cal Inc.: It’s not about the Equifax settlement cash. It’s about sending a message [Black Hat USA 2019]

    The Black Hat USA conference, now in its 22nd year, brings the world’s top hackers and information security experts to Las Vegas. Be on the lookout for some scary headlines on Wednesday and Thursday as researchers reveal the latest vulnerabilities they’ve uncovered.
    Read More
  • Aug 5, 2019 | Threatpost

    Microsoft Lab Offers $300K For Working Azure Exploits [Black Hat USA 2019]

    Las Vegas – In an attempt to sniff out bugs in its Azure cloud platform, Microsoft announced at Black Hat USA 2019 on Monday that it will offer rewards of up to $300,000 for researchers who launch successful test exploits for the platform.
    Read More
  • Aug 5, 2019 | VentureBeat

    Microsoft launches Azure Security Lab, doubles top bug bounty to $40,000 [Black Hat USA 2019]

    At Black Hat 2019 today, Microsoft announced the Azure Security Lab, a sandbox-like environment for security researchers to test its cloud security. The company also doubled the top Azure bug bounty to $40,000.
    Read More
  • Aug 5, 2019 | ZDNet

    Microsoft launches Azure Security Lab, expands bug bounty rewards [Black Hat USA 2019]

    At the Black Hat USA conference in Las Vegas, Nevada on Monday, Microsoft said the new Azure Security Lab, a set of dedicated cloud hosts, will be made available to security professionals invited by the Redmond giant to "confidently and aggressively test Azure."
    Read More
  • Aug 5, 2019 | Politico

    ELECTION SURVEY: Tracking the move to paper-based voting machines [Black Hat USA 2019]

    It’s Black Hat and DEF CON time, and late last week brought some news about the events. At Black Hat, the Pwnie Award nominations are out. Notable nominees for the sometimes-cheeky cyber awards include the NSA for “most innovative research” and “most epic achievement” due to its reverse engineering tool Ghidra, to the consternation of some hacker types who don’t have much admiration for the spy agency.
    Read More
  • Aug 5, 2019 | CSO

    Looking for answers at Black Hat 2019: 5 important cybersecurity issues [Black Hat USA 2019]

    As Black Hat 2019 begins, the cybersecurity topics top of mind include network security platforms, threat detection/response services, new cloud security strategies, and clarification around security analytics.
    Read More
  • Aug 4, 2019 | Help Net Security

    Week in review: Capital One breach, Visa payment limit bypass flaw, VxWorks RTOS vulnerabilities [Black Hat USA 2019]

    Black Hat USA 2019 is just around the corner! Selecting which sessions to attend from among the conference’s jam-packed catalog of training sessions, panels and briefings can be a daunting task without a clear strategy. In the run-up to every conference, we compile a list of the most engaging content and identify the most compelling cybersecurity trends highlighted in the agenda.
    Read More
  • Aug 3, 2019 | WIRED

    5G IS HERE—AND STILL VULNERABLE TO STINGRAY SURVEILLANCE [Black Hat USA 2019]

    At the Black Hat security conference in Las Vegas next week, a group of network communication security researchers will present findings on flaws in the 5G protections meant to thwart the surveillance devices known as stingrays.
    Read More
  • Aug 2, 2019 | TechTarget

    CloudKnox Security adds privileged access features to platform [Black Hat USA 2019]

    The company will demonstrate the new features at Black Hat USA in Las Vegas this year for the first time. CloudKnox's update to its Cloud Security Platform follows competitor CyberArk's recent updates to its own privileged access management offering, including zero-trust access, full visibility and control of privileged activities for customers, biometric authentication and just-in-time provisioning.
    Read More
  • Aug 2, 2019 | MSSP Alert

    Black Hat USA 2019 Cybersecurity Conference: Live Blog [Black Hat USA 2019]

    The Black Hat USA 2019 cybersecurity conference will attract thousands of IT professionals, researchers, MSPs and MSSPs. Track this live blog from MSSP Alert for the latest news, analysis and chatter throughout the conference.
    Read More
  • Aug 2, 2019 | Cyberscoop

    How offense and defense came together to plug a hole in a popular Microsoft program [Black Hat USA 2019]

    ne RDS discovery in particular prompted close, behind-the-scenes cooperation between Microsoft and an outside researcher. They will share what they learned about detection and remediation next week at the Black Hat conference in Las Vegas.
    Read More
  • Aug 2, 2019 | Security Boulevard

    Black Hat 2019 Braving the Heat and Chaos in Search of Peace of Mind [Black Hat USA 2019]

    Black Hat 2019 is taking place next week in Las Vegas. A biblical swarm of grasshoppers large enough to be seen on radar has invaded the city and temperatures outside in the scorching sun will approach 110 degrees, but that won’t stop tens of thousands of IT and cybersecurity professionals from making the trek to learn about emerging attack techniques and trends and find out what vendors have to offer to help guard against a growing and shifting threat landscape.
    Read More
  • Aug 2, 2019 | Dark Reading

    Black Hat: A Summer Break from the Mundane and Controllable [Black Hat USA 2019]

    Next week, security practitioners from across the globe will make their summer pilgrimage to Las Vegas for Black Hat, DEF CON, and other security gatherings. As in years past, there will be no shortage of surprises
    Read More
  • Aug 2, 2019 | CSO

    7 must-see talks at Black Hat and DEF CON 2019 [Black Hat USA 2019]

    Infosec is political. It's about power — who has it, who doesn't, and how it will be used. Some geeks like to pretend otherwise, but that will be harder this year during hacker summer camp in Las Vegas, as politicians and policymakers join hackers to merge tech and policy in some much-anticipated talks.
    Read More
  • Aug 1, 2019 | ITSPmagazine

    Chats On The Road To Hacker Summer Camp 2019 | Black Hat — CyberInsurance Micro Summit | A Conversation With Jeffrey Smith [Black Hat USA 2019]

    The newly-formed cyber insurance micro summit is being chaired by Jeremiah Grossman and is taking place on Wednesday, August 7th, during Black Hat. So, if you want to learn more about cyber insurance from a group of people that know this space like the back of their hands, you’ll have to join Jeffrey and the rest of the micro summit team for their half-day session. Details for the three talks are below.
    Read More
  • Aug 1, 2019 | SANS Security Insights

    Writing the Book on Hacking Web Applications [Black Hat USA 2019]

    Even before this week's announcement of the Capital One breach, application security/secure DevOps has been heating up. The topic is important enough to make the keynote at the Black Hat Briefings next week. Respected researcher Dino Dai Zovi, security engineer at Square, titled his keynote "Every Security Team Is a Software Team Now."
    Read More
  • Aug 1, 2019 | Security Boulevard

    Every security team is a software team now: Why you should attend the Black Hat keynote [Black Hat USA 2019]

    Building and facilitating a culture with continuous collaboration between engineers and security forces is becoming the new philosophy in security, which is why I am stoked for this year’s Black Hat USA keynote speaker: Dino Dai Zovi, staff security engineer at Square.
    Read More
  • Aug 1, 2019 | Security Boulevard

    Top 5 Black Hat 2019 Sessions Not to Miss. Plus: Bonus Travel Tips to Hacker Cons [Black Hat USA 2019]

    The Black Hat USA 2019 conference is about to start. Over 17,000 security professionals will come from all around the world to Las Vegas, USA. They will learn, share, educate and disclose security research on the latest cyber-threats and attacks, vulnerabilities, and techniques used to bypass security used by most governments and organizations globally.
    Read More
  • Jul 31, 2019 | Threatpost

    Black Hat USA 2019 Preview [Black Hat USA 2019]

    Despite bizarre reports of a grasshopper infestation, Black Hat USA 2019 and DEF CON are set to kick off next week in Las Vegas, bringing on a wave of sessions, keynotes and security-themed villages.
    Read More
  • Jul 31, 2019 | Dark Reading

    8 Free Tools to Be Showcased at Black Hat and DEF CON [Black Hat USA 2019]

    The security research community is getting ready to not only drop a lot of knowledge on their colleagues in the coming weeks, but also a boatload of new and evolving tools. Black Hat and DEF CON presenters always give out the best party favors in the form of hacking frameworks, open source software, hardware design plans, and other free goodies targeted at all different stripes of security practitioners.
    Read More
  • Jul 31, 2019 | TechTarget

    Project Zero drops six iOS vulnerabilities ahead of Black Hat [Black Hat USA 2019]

    Silvanovich will present her findings in these "interaction-less" iOS attacks at the Black Hat 2019 conference in Las Vegas next week.
    Read More
  • Jul 31, 2019 | Fedscoop

    DHS ‘blew up’ its hiring system for cybersecurity talent [Black Hat USA 2019]

    “We’re going to have the ability to go to Black Hat and some of the different conferences and be able to recruit directly and make job offers directly to those folks out of those different technical conferences and things like that,” she told the Regulatory Affairs and Federal Management Subcommittee.
    Read More
  • Jul 30, 2019 | Dark Reading

    Black Hat Q&A: Cracking Apple's T2 Security Chip [Black Hat USA 2019]

    Duo Labs' Mikhail Davidow and Jeremy Erickson speak about their research on the Apple's T2 security chip, and why they're sharing it at Black Hat USA.
    Read More
  • Jul 30, 2019 | BBC

    Google reveals fistful of flaws in Apple's iMessage app [Black Hat USA 2019]

    One of the two Google researchers involved - Natalie Silvanovich - intends to share more details of her findings at a presentation at the Black Hat conference in Las Vegas next month.
    Read More
  • Jul 30, 2019 | Engadget

    Google researchers discovered serious iOS security flaws [Black Hat USA 2019]

    Six critical security vulnerabilities that were patched in the iOS 12.4 update released earlier this month were originally discovered by security researchers at Google. Natalie Silvanovich and Samuel Groß, two members of Google's Project Zero bug-hunting team, alerted Apple to the issues. Silvanovich will be laying out the details on several of the bugs and provide a demonstration of exploits in action at the Black Hat security conference set to be held in Las Vegas next week.
    Read More
  • Jul 30, 2019 | Forbes

    Confluera Secures $9 Million Series A To Map Attacks In Real-Time [Black Hat USA 2019]

    Confluera will make its debut at Black Hat, the annual security conference in Las Vegas, in August. Until then, to scale initial outreach, Confluera has been meeting with companies’ IT and cybersecurity teams to solve specific use cases.
    Read More
  • Jul 30, 2019 | SC Magazine

    Google researchers discover six iPhone vulnerabilities, one unpatched [Black Hat USA 2019]

    All of the vulnerabilities are “interaction-less,” meaning they can be run without any interaction from a user and can be exploited via SMS, MMS, Visual Voicemail, iMessage and Mail, according to an abstract of a presentation the researchers will give at Black Hat 2019 that will reveal details of the exploits.
    Read More
  • Jul 30, 2019 | BGR

    Apple has yet to fix a mysterious iMessage bug spotted by Google researchers [Black Hat USA 2019]

    Next week in Las Vegas at the Black Hat security conference, Google Project Zero researcher Natalie Silvanovich is set to give a presentation about interactionless iPhone vulnerabilities that can run without the victim taking any action at all. The talk will come on the heels of Silvanovich and a Google Project Zero colleague, Samuel Groß, discovering half a dozen iOS vulnerabilities that can be exploited via iMessage — although five of those flaws, according to ZDNet, were fixed with last week’s iOS 12.4 update.
    Read More
  • Jul 30, 2019 | TechCrunch

    Confluera snags $9M Series A to help stop cyberattacks in real time [Black Hat USA 2019]

    It’s early days for Confluera, as it has 19 employees and three customers using the platform so far. For starters, it will be officially launching next week at Black Hat. After that, it has to continue building out the product and prove that it can work as described to stop the types of attacks we see on a regular basis.
    Read More
  • Jul 30, 2019 | MSSP Alert

    Managed Security Services Provider (MSSP) News: 30 July 2019 [Black Hat USA 2019]

    Spirent Communications during the Black Hat USA 2019 conference will demonstrate several new capabilities in its CyberFlood Data Breach Assessment solution and preview new use cases for security assessment in 5G networks.
    Read More
  • Jul 30, 2019 | ConsumerAffairs

    Google researchers find six major security vulnerabilities in Apple’s iOS [Black Hat USA 2019]

    During her presentation at the Black Hat security conference, Silvanovich will discuss “the remote, interaction-less attack surface of iOS” and the “potential for vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Mail.” She will also play out two examples of vulnerabilities discovered.
    Read More
  • Jul 30, 2019 | Help Net Security

    Security trends to follow at Black Hat USA 2019 [Black Hat USA 2019]

    Black Hat USA 2019 is just around the corner! Selecting which sessions to attend from among the conference’s jam-packed catalog of training sessions, panels and briefings can be a daunting task without a clear strategy. In the run-up to every conference, we compile a list of the most engaging content and identify the most compelling cybersecurity trends highlighted in the agenda.
    Read More
  • Jul 29, 2019 | Lily Hay Newman

    AN OPERATING SYSTEM BUG EXPOSES 200 MILLION CRITICAL DEVICES [Black Hat USA 2019]

    VxWorks developer Wind River is in the process of distributing patches for the bugs. But the Armis researchers, who first disclosed their findings to Wind River in March, say that the patching process will be long and difficult, as is often the case with IoT and critical infrastructure updates. The researchers will present their findings at the Black Hat security conference in Las Vegas next week.
    Read More
  • Jul 29, 2019 | ZDNet

    Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices [Black Hat USA 2019]

    It's this work that has resulted in the discovery of the Urgent11 vulnerabilities impacting VxWorks, which Armis researchers have made public today, and will detail in greater depth in a presentation at the Black Hat security conference next week, on August 8, in Las Vegas.
    Read More
  • Jul 29, 2019 | CSO

    Critical VxWorks flaws expose millions of devices to hacking [Black Hat USA 2019]

    The researchers plan to demonstrate three real-world attack scenarios against a SonicWall firewall, a Xerox printer and a patient monitor at the upcoming Black Hat USA security conference.
    Read More
  • Jul 29, 2019 | Help Net Security

    200 million enterprise, industrial, and medical devices affected by RCE flaws in VxWorks RTOS [Black Hat USA 2019]

    Ben Seri and Dor Zusman will ​present the vulnerabilities at Black Hat USA 2019 and will demonstrate real-world end-to-end attacks on three VxWorks-based devices: a SonicWall firewall, a Xerox printer and a patient monitor.
    Read More
  • Jul 29, 2019 | SC Magazine

    Over 200M devices affected by critical flaws found in real-time operating system [Black Hat USA 2019]

    Collectively referred to as URGENT/11, the flaws were originally discovered by researchers at Armis, who publicly detailed their findings today in an online vulnerability summary, as well as a technical paper authored by Armis team members Ben Seri, Gregory Vishnepolsky and Dor Zusman. Seri and Zusman will also present their findings next week at the Black Hat conference in Las Vegas.
    Read More
  • Jul 29, 2019 | Forbes

    Critical 'Update Now' Warning Issued For VxWorks OS Inside 2 Billion IoT Devices [Black Hat USA 2019]

    Armis will present its URGENT/11 at Black Hat 2019 in Las Vegas next month. The company's researchers will also demonstrate three end-to-end attacks on a SonicWall firewall, a Xerox printer and a patient monitor.
    Read More
  • Jul 29, 2019 | SecurityWeek

    Critical Industries at Risk from Eleven Zero-day Flaws in Real Time Operating System [Black Hat USA 2019]

    Armis researchers will demonstrate exploitation of these vulnerabilities at Black Hat 2019. The demonstrations will involve real-world end-to-end attacks on three VxWorks-based devices: a SonicWall firewall, a Xerox printer and a patient monitor. Armis believes that there are more than 200 million vulnerable mission-critical devices around the world.
    Read More
  • Jul 29, 2019 | Dark Reading

    Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices [Black Hat USA 2019]

    Seri and fellow researcher For Zusman will present their findings in Critical Zero Days Remotely Compromise the Most Popular Real-Time OS, on Thursday, August 8, at Black Hat USA.
    Read More
  • Jul 29, 2019 | ZDNet

    US files lawsuit against Bitcoin exchange that helped launder ransomware profits [Black Hat USA 2019]

    A day later after the BTC-e shutdown, a team of academics that also included Google staffers presented research at the Black Hat USA 2017 security conference, revealing that 95% of all ransomware ransom payments that had been made up until that point had been cashed out and converted into fiat currency through Vinnik's BTC-e portal.
    Read More
  • Jul 26, 2019 | Inside Bitcoins

    The World’s First Vulnerable Blockchain Will Debut at Black Hat Conference [Black Hat USA 2019]

    Researchers plan to launch the intentionally vulnerable blockchain in hopes of drawing attention to the flaws of the open-sourced public ledgers. The blockchain, designed by Kudelski Security, will debut at the Black Hat conference next month.
    Read More
  • Jul 26, 2019 | Dark Reading

    Black Hat Q&A: Inside the Black Hat NOC [Black Hat USA 2019]

    When you sign up to attend Black Hat USA in Las Vegas next month, make sure to leave time in your busy schedule to check out the Black Hat Network Operations Center (NOC), the heart of the Black Hat network.
    Read More
  • Jul 26, 2019 | Total Security Daily Advisor

    How Secure is Your Virtual Private Network? [Black Hat USA 2019]

    Orange Tsai and Meh Chang, researchers with Devcore, previewed their findings for Zak Whittaker of Tech Crunch ahead of their presentation at the upcoming Black Hat conference in Las Vegas. According to Tsai and Chang, three enterprise VPN providers (Palo Alto Networks, Pulse Secure, and Fortinet) have flaws in their products that “are ‘easy’ to remotely exploit.”
    Read More
  • Jul 26, 2019 | ITPro Today

    Black Hat 2019: 2020 Election Fraud Worries Attendees [Black Hat USA 2019]

    Security professionals tend to be natural cynics. But as thousands prepare to head to Las Vegas early next month for the annual Black Hat conference, the attitude among them seems downright dark. Data from Black Hat’s fifth attendee survey of more than 300 information security professionals uncovered massive concern over the security of the 2020 U.S. presidential election – and most think the picture is bleak.
    Read More
  • Jul 26, 2019 | CSO

    Managed security services will take center stage at Black Hat [Black Hat USA 2019]

    In my humble opinion, RSA is an industry event, while Black Hat is more of a cybersecurity professional gathering. The focus is on cyber-adversary tactics, techniques, and procedures (TTPs); threat intelligence; and defensive playbooks. Rather than hosting lavish cocktail parties, vendors who participate in Black Hat must roll up their sleeves and demonstrate their technology acumen to gain street cred with this crowd.
    Read More
  • Jul 25, 2019 | Tech Xplore

    VPN providers address vulnerability findings by researchers [Black Hat USA 2019]

    Pulse Secure said they released a patch in April, according to Computing. TechRadar said that Fortinet updated its firmware to address the vulnerability. You can expect to hear more from them on August 7, where their work is scheduled as a briefing at Black Hat.
    Read More
  • Jul 25, 2019 | CSO

    11 top DEF CON and Black Hat talks of all time [Black Hat USA 2019]

    Since 1997, the Black Hat and DEF CON events have gained a reputation for presenting some of the most cutting-edge research in information security.
    Read More
  • Jul 25, 2019 | Dark Reading

    Security Training That Keeps Up with Modern Development [Black Hat USA 2019]

    Black Hat USA speakers to discuss what it will take to 'shift knowledge left' to build up a corps of security-savvy software engineers.
    Read More
  • Jul 25, 2019 | Security Boulevard

    Black Hat 2019: Best sessions for SecOps [Black Hat USA 2019]

    Yet again, it’s that time of year when the InfoSec community swarms to Las Vegas. It’s the 22nd annual Black Hat USA Conference. Anyone with a thirs for all things cybersecurity is guaranteed six full days of training courses, demos, breifings, and of course, plenty of opportunities for social networking.
    Read More
  • Jul 25, 2019 | Computerworld

    Researchers to launch intentionally ‘vulnerable’ blockchain at Black Hat [Black Hat USA 2019]

    Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm Kudelski Security next week plans to launch the industry’s first "purposefully vulnerable" blockchain – and will demo it at next month's Black Hat conference.
    Read More
  • Jul 24, 2019 | The Inquierer

    VPN flaw enables hackers to easily infiltrate corporate networks [Black Hat USA 2019]

    "A few SSL VPN vendors dominate the market. Therefore, if we find any vulnerability on these vendors, the impact is huge," Tsai told TechCrunch, ahead of a presentation at the Black Hat USA event in August.
    Read More
  • Jul 24, 2019 | SecurityIntelligence

    5 IoT Security Conferences You Don’t Want to Miss [Black Hat USA 2019]

    While not a focused IoT conference, Black Hat USA will feature an important industry announcement and session by Armis Security, a pioneer in agentless security for unmanaged and IoT devices.
    Read More
  • Jul 24, 2019 | TechNadu

    Researchers Find a Way to Compromise Corporate Networks Through Their VPN [Black Hat USA 2019]

    According to a TechCrunch report, DEVCORE researchers Orange Tsai and Meh Chang are about to present security flaws that plague three corporate VPN products on the upcoming Black Hat conference. The flaws allow an attacker to perform remote exploitation to the target systems, and the vendors that are affected by the revelations are Palo Alto Networks, Pulse Secure, and Fortinet.
    Read More
  • Jul 23, 2019 | TechCrunch

    Flaws in widely used corporate VPNs put company secrets at risk [Black Hat USA 2019]

    Devcore researchers Orange Tsai and Meh Chang, who shared their findings with TechCrunch ahead of their upcoming Black Hat talk, said the flaws found in the three corporate VPN providers — Palo Alto Networks, Pulse Secure and Fortinet — are “easy” to remotely exploit.
    Read More
  • Jul 22, 2019 | CNET

    Equifax to pay at least $575M as part of FTC settlement [Black Hat USA 2019]

    The FTC also required Equifax to have a designated employee in charge of its cybersecurity program. At the Black Hat cybersecurity conference in 2018, Equifax's new chief information security officer, Jamil Farschi, told CNET the company was going through a major shift to regain the public's trust, spending $200 million on its cybersecurity program last year.
    Read More
  • Jul 22, 2019 | Dark Reading

    How Cybercriminals Break into the Microsoft Cloud [Black Hat USA 2019]

    At this year's Black Hat USA, Morowczynski and Metcalf will discuss threats specific to Microsoft cloud services in their talk, "Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)." The goal, Metcalf says, is to help people understand how to secure Microsoft cloud environments, common mistakes made, and which configurations could make them vulnerable.
    Read More
  • Jul 22, 2019 | Ars Technica

    Chances of destructive BlueKeep exploit rise with new explainer posted online [Black Hat USA 2019]

    Williams said he previously expected there to be publicly available exploits no later than the middle of next month, when the Black Hat and Defcon security conferences in Las Vegas conclude. The new insights could shorten this predicted timeline.
    Read More
  • Jul 22, 2019 | ITPro Today

    Black Hat 2019: Cyber Insurance Joins the Security Conversation [Black Hat USA 2019]

    Although cyber insurance is still a small market, rising threat scenarios -- and rising damages from data breaches -- are fueling interest in the topic at the upcoming Black Hat 2019.
    Read More
  • Jul 19, 2019 | Help Net Security

    Crack the defenses of iOS and other platforms at Black Hat USA 2019 [Black Hat USA 2019]

    Cybersecurity professionals, take note: There’s an entire track of Platform Security Briefings lined up for Black Hat USA this August that will equip you with the latest knowledge, tools, and tricks to improve or compromise the security of iOS Windows hardware and software.
    Read More
  • Jul 19, 2019 | Help Net Security

    Crack the defenses of iOS and other platforms at Black Hat USA 2019 [Black Hat USA 2019]

    Cybersecurity professionals, take note: There’s an entire track of Platform Security Briefings lined up for Black Hat USA this August that will equip you with the latest knowledge, tools, and tricks to improve or compromise the security of iOS Windows hardware and software.
    Read More
  • Jul 19, 2019 | Infosecurity Magazine

    Artificial Intelligence & Cybersecurity: Attacking & Defending [Black Hat USA 2019]

    How do we know for sure? It is true that it is quite hard to attribute a botnet or a phishing campaign to AI rather than a human. Industry practitioners, however, believe that we will see an AI-powered cyber-attack within a year; 62% of surveyed Black Hat conference participants seem to be convinced in such a possibility.
    Read More
  • Jul 18, 2019 | Dark Reading

    Open Source Hacking Tool Grows Up [Black Hat USA 2019]

    "It's much more efficient now. It can be used to compromise entire networks in a matter of minutes," says Dillon, who plans to show off Koadic's new features next month at the Black Hat USA Arsenal in Las Vegas.
    Read More
  • Jul 18, 2019 | Dark Reading

    RDP Bug Takes New Approach to Host Compromise [Black Hat USA 2019]

    Clipboards were designed to be used locally and therefore trusted, Baril adds. This vulnerability exposes machines to a clipboard they can no longer trust. Baril and Itkin will discuss the details of the vulnerability, and approach the attack from both offensive and defensive perspectives, in their upcoming Black Hat USA briefing, "He Said, She Said — Poisoned RDP Offense and Defense."
    Read More
  • Jul 18, 2019 | Vice Motherboard

    No, You Don’t Need a Burner Phone at a Hacking Conference [Black Hat USA 2019]

    Every year, infosec Twitter debates whether people should bring a burner phone to conferences like Def Con or Black Hat. Here’s why we think you don’t need to worry about that.
    Read More
  • Jul 17, 2019 | Dark Reading

    MITRE ATT&CK Framework Not Just for the Big Guys [Black Hat USA 2019]

    At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.
    Read More
  • Jul 17, 2019 | Help Net Security

    The importance of hardening firmware security [Black Hat USA 2019]

    To date, firmware attacks have been few and far between. The first known BIOS attack, called the Chernobyl Virus, happened in 1998 and was used to erase flash ROM BIOS contents on chipsets. It wasn’t until Black Hat in 2006 that another BIOS vulnerability was demonstrated by researcher John Heasman (elevating privileges and reading physical memory), and then again in 2009 when Alfredo Ortega demonstrated a persistent BIOS infection (inserting malicious code into the decompression routines).
    Read More
  • Jul 17, 2019 | Medical Design and Outsourcing

    Report: Literal killer app prompted Medtronic MiniMed recall [Black Hat USA 2019]

    Billy Rios and Jonathan Butts discovered the vulnerabilities and raised awareness in August 2018, Wired reports. The two researchers, who work at security firm QED Security Solutions, publicized the issue at the Black Hat security conference in Las Vegas that year. With the presentation, the FDA, the Department of Homeland Security and Medtronic warned customers of the potential risks and vulnerabilities associated with the MiniMed pumps.
    Read More
  • Jul 16, 2019 | KrebsOnSecurity

    Meet the World’s Biggest ‘Bulletproof’ Hoster [Black Hat USA 2019]

    In a talk given at the Black Hat security conference in 2017, researchers from cyber intelligence firm Intel 471 labeled Yalishanda as one the “top tier” bulletproof hosting providers worldwide, noting that in just one 90-day period in 2017 his infrastructure was seen hosting sites tied to some of the most advanced malware contagions at the time, including the Dridex and Zeus banking trojans, as well as a slew of ransomware operations.
    Read More
  • Jul 16, 2019 | WIRED

    Hackers Made An App That Kills To Prove A Point [Black Hat USA 2019]

    Rios and Butts, who work at the security firm QED Security Solutions, had first raised awareness about the issue in August 2018 with a widely publicized talk at the Black Hat security conference in Las Vegas. Alongside that presentation, the Food and Drug Administration and Department of Homeland Security warned affected customers about the vulnerabilities.
    Read More
  • Jul 12, 2019 | Security Boulevard

    12 Events at Black Hat USA 2019 You Won’t Want to Miss [Black Hat USA 2019]

    “We are totally overwhelmed by the amount of [tasks] we should be doing but can’t because of a lack of resources.” That’s how one respondent characterized the state of cybersecurity affairs in the fifth annual survey of attendees conducted by Black Hat.
    Read More
  • Jul 9, 2019 | Dark Reading

    DevOps' Inevitable Disruption of Security Strategy [Black Hat USA 2019]

    With DevOps principles taking root and reaching greater maturity at an increasing number of enterprises today, security strategists are in for some major disruption of the status quo in the coming years. That's the message being brought forward by a number of talks at next month's Black Hat USA, which will feature discussions on the impact that DevOps-driven practices and tools will have on the security world.
    Read More
  • Jul 8, 2019 | Dark Reading

    7 Hot Cybersecurity Trends to Be Highlighted at Black Hat [Black Hat USA 2019]

    Black Hat USA is fast approaching. With the full conference schedule online, now is the time for security pros to dive in and plan out their paths to exploring a wide range of learning opportunities. As with years past, the conference will feature sessions about new zero-day vulnerabilities, research that stretches the bounds of what's breakable in emerging technology, and new methods of defending systems in the ever-evolving tech world.
    Read More
  • Jul 8, 2019 | Dark Reading

    Researchers Poke Holes in Siemens Simatic S7 PLCs [Black Hat USA 2019]

    Eli Biham and Sara Bitan of Technion, and Avishai Wool and Uriel Malin of Tel Aviv University, at Black Hat USA next month in Las Vegas will reveal security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7
    Read More
  • Jul 6, 2019 | ITSPmagazine

    Chats On The Road To Hacker Summer Camp 2019 | Black Hat USA | A Conversation With Steve Wylie [Black Hat USA 2019]

    As we are gearing up to cover three more conferences, we are having our pre-event conversations for each one. As we are planning to make all them a recurring series, this particular podcast is already part of a solid ITSPmagazine tradition: the third Chats on the Road conversation with Black Hat General Manager, Steve Wylie. This episode kicks off our coverage for such a pillar event in our industry.
    Read More
  • Jul 5, 2019 | Bitdefender

    Vulnerabilities in US Defense Could Lead to Major Breach in Two Years, Says Black Hat Survey [Black Hat USA 2019]

    Upcoming US elections and critical infrastructure security were among heated discussion topics at Black Hat USA 2019. According to 40 percent of Black Hat USA’s 2019 survey respondents, “large nation-states” are the number one threat that US critical infrastructures will have to fight. When specifically asked about the US election, more than 60 percent expect Kremlin-supported hackers will compromise voting machines to influence the outcome. 77 percent expect a critical attack on US critical infrastructure to succeed in the next two years, up 10 percent since 2018.
    Read More
  • Jul 3, 2019 | Dark Reading

    Black Hat Q&A: Understanding NSA’s Quest to Open Source Ghidra [Black Hat USA 2019]

    The National Security Agency (NSA) made a splash in the cybersecurity industry this year when it released its Ghidra software reverse-engineering framework as open source for the community to use. Now that the tool is in the public’s hands, NSA senior researcher Brian Knighton and his colleague Chris Delikat, will be presenting a talk at Black Hat USA about how Ghidra was designed, and the process of rendering it open source.
    Read More
  • Jul 2, 2019 | Dark Reading

    'Human Side-Channels': Behavioral Traces We Leave Behind [Black Hat USA 2019]

    At Black Hat USA, Wixey will examine multiple human side-channels, how they can be used in attacks and defense, privacy implications, and how they can be countered in his briefing, "I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy."
    Read More
  • Jul 2, 2019 | InfoSecurity Magazine

    Black Hat Survey Reveals Cyber Concerns [Black Hat USA 2019]

    In advance of the 2019 Black Hat conference in Las Vegas, Black Hat USA has released its latest report on the growing concerns of consumers. Based on survey responses from conference attendees, the report, Consumers in the Crosshairs, looks at consumer concerns about their personal data potentially ending up in the hands of criminals as well as the ways in which security will affect the 2020 US presidential election.
    Read More
  • Jul 1, 2019 | The Daily Swig

    Risky business: Security pros outline key concerns ahead of Black Hat USA [Black Hat USA 2019]

    With corporate mega-breaches now an all-too-common occurrence, consumers should work to the assumption that their data has already been compromised and take action to minimize further exposure to cybercriminals. This is one of the key takeaways of the 2019 Black Hat USA Attendee Survey – an annual poll of industry professionals that was released today, ahead of the eponymous security conference next month.
    Read More
  • Jul 1, 2019 | Inside Cybersecurity

    Heading into Black Hat, cyber community in dark mood on data protection [Black Hat USA 2019]

    Cybersecurity professionals appear increasingly pessimistic about the likelihood of major breaches, attacks on critical infrastructure including election systems, and the effectiveness of government-industry responses, according to a survey of some of those planning to attend the massive annual Black Hat conference in Las Vegas.
    Read More
  • Jul 1, 2019 | Fifth Domain

    Will hacked voting machines decide the 2020 election? [Black Hat USA 2019]

    Cybersecurity professionals are concerned about foreign cyber operations and vulnerabilities in voting machines as the days tick down to the first 2020 primaries in February. According to a new survey of 345 cybersecurity professionals by Black Hat USA, 63 percent of respondents said that the hacking of voting machines in the next election is “very likely” or “somewhat likely” to have a “significant impact” on election results.
    Read More
  • Jul 1, 2019 | Dark Reading

    Consumer Data, Upcoming Elections Are at Risk, Black Hat Survey Says [Black Hat USA 2019]

    Newly published '2019 Black Hat USA Attendee Survey' recommends users stay off social media and remain wary of products that promise to solve security problems.
    Read More
  • Jun 28, 2019 | Threatpost

    FDA Warns of Potentially Fatal Flaws in Medtronic Insulin Pumps [Black Hat USA 2018]

    Rios and other researchers have previously disclosed several other serious vulnerabilities in Medtronic products (including insulin pumps). A proof-of-concept exploit attack was released by researchers in March 2018 — after which the manufacturer issued advisories for the flaws on August 7. That’s more than 570 days after they were first reported. “It’s disappointing to know these have been out there for a long time,” said Rios at Black Hat 2018. “For the last two years, we’ve been increasingly frustrated with how our research was dealt with.”
    Read More
  • Jun 27, 2019 | Mac Rumors

    Apple Head of Security Engineering to Speak About iOS and Mac Security at 2019 Black Hat Event [Black Hat USA 2019]

    Apple's Head of Security Engineering and Architecture Ivan Krstić will be attending the Black Hat 2019 event where he will give a "Behind the Scenes" look at iOS and macOS security. Black Hat is an annual event that's designed for the global InfoSec community, providing security professionals with a place to meet up and gain training on new techniques.
    Read More
  • Jun 27, 2019 | Cult of Mac

    Apple security chief will talk iOS 13, macOS Catalina at Black Hat [Black Hat USA 2019]

    Apple security chief Ivan Krstic will be returning to the Black Hat security conference this summer to discuss iOS 13 and macOS Catalina — as well as the security protections in Apple’s new Find My service.
    Read More
  • Jun 27, 2019 | Apple Insider

    Apple security chief to cover iOS 13, macOS security at Black Hat [Black Hat USA 2019]

    Apple's security engineering chief Ivan Krstic will be making a reappearance at the Black Hat security conference in August, discussing the technologies protecting iOS 13 and macOS Catalina as well as how the Find My feature is kept secure.
    Read More
  • Jun 27, 2019 | Dark Reading

    Inside MLS, the New Protocol for Secure Enterprise Messaging [Black Hat USA 2019]

    By next year, he hopes, MLS will be ready to integrate into messaging platforms. Robert, along with INRIA's Benjamin Beurdouche and independent researcher Katriel Cohn Gordon, will discuss the research behind, and details of, MLS this summer at Black Hat USA in a briefing entitled "Messaging Layer Security: Towards a New Layer of Secure Group Messaging."
    Read More
  • Jun 24, 2019 | Dark Reading

    A Socio-Technical Approach to Cybersecurity's Problems [Black Hat USA 2019]

    In their upcoming Black Hat USA briefing, "Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project," Breuer and Perlman will discuss their framework, how security principles apply to STS, how red team and blue team processes could look in the context of STS security, and examples of red team analyses of influence operations.
    Read More
  • Jun 21, 2019 | Ars Technica

    A tale of two cities: Why ransomware will just get worse [Black Hat USA 2017]

    In 2017, the information security conference Black Hat USA surveyed attendees and found that 58% believed their organizations didn't have sufficient budget to recover from a ransomware attack or other breach. Twelve percent said that ransomware response was the biggest demand on their time during an average day. And there's a wealth of data from research (mostly funded by disaster recovery companies) that suggests most organizations are more confident in their data recovery plans than they should be, if they even have one.
    Read More
  • Jun 19, 2019 | Dark Reading

    With GDPR's 'Right of Access,' Who Really Has Access? [Black Hat USA 2019]

    Some businesses improved their verification over time, he adds, but mistakes are still being made: a handful of organizations accidentally deleted his fiancée's account when asked for data. He points to a need for businesses to feel comfortable denying suspicious GDPR requests. Pavur will be presenting the details of his case study this August at Black Hat USA in a presentation "GDPArrrrr: Using Privacy Laws to Steal Identities."
    Read More
  • Jun 16, 2019 | Dark Reading

    Black Hat Q&A: Defending Against Cheaper, Accessible ‘Deepfake’ Tech [Black Hat USA 2019]

    The tools and techniques to create false videos via AI-driven image synthesis are getting easier to access every year, and few people know that better than ZeroFox’s Matt Price and Mike Price (not related). In an email interview with Black Hat's Alex Wawro, the pair of security experts shared their latest research, which will be presented at Black Hat USA in Las Vegas this summer.
    Read More
  • Jun 10, 2019 | ZDNet

    Major HSM vulnerabilities impact banks, cloud providers, governments [Black Hat USA 2019]

    The duo's research paper is currently available only in French, but the two are also scheduled to present their findings at the Black Hat security conference that will be held in the US in August.
    Read More
  • May 20, 2019 | Dark Reading

    Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists [Black Hat USA 2019]

    Veteran security researcher, cryptographer, and author Bruce Schneier is one of the many cybersecurity experts who will be speaking at Black Hat USA in Las Vegas this August. He’s presenting Information Security in the Public Interest, a 50-minute Briefing about why it’s so important for public policy discussions to include technologists with practical understanding of how today’s tech can be used and abused.
    Read More
  • May 14, 2019 | Bank InfoSecurity

    Cisco's 'Thrangrycat' Router Flaw Tough to Neuter [Black Hat USA 2019]

    The flaw, designated CVE-2019-164, was discovered by Jatin Kataria, Richard Housley and Ang Cui of Red Balloon Security, which investigates embedded systems. The team is due to present their research into the flaw and techniques for mitigating it in August at the Black Hat security conference in Las Vegas.
    Read More
  • May 13, 2019 | ZDNet

    Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear [Black Hat USA 2019]

    On a website dedicated to the Thrangrycat vulnerability, the Red Balloon Security team said plan to present a tool for detecting Thrangrycat attacks in August this year, at the Black Hat 2019 security conference.
    Read More
  • May 13, 2019 | The Register

    It's 2019 so now security vulnerabilities are branded using emojis: Meet Thrangrycat, a Cisco router secure boot flaw [Black Hat USA 2019]

    The full details are not going to be released until this year's Black Hat USA security conference in August. Cisco was privately tipped off by Red Balloon Security in November 2018, and only now is the issue public. The ??? exploits were tested on a Cisco ASR 1001-X, though plenty of devices are at risk because they use the FPGA-based TAm.
    Read More
  • Feb 27, 2019 | Dark Reading

    Security Firm to Offer Free Hacking Toolkit [Black Hat Asia 2019]

    A penetration testing and consulting firm plans to release a free penetration testing toolkit next month at Black Hat Asia; the toolkit includes privilege escalation and network attack functions.
    Read More
  • Feb 27, 2019 | Dark Reading

    Whose Line Is It? When Voice Phishing Attacks Get Sneaky [Black Hat Asia 2019]

    In a presentation at Black Hat Asia, entitled "When Voice Phishing Met Malicious Android App," Jang will disclose and discuss the findings of criminal traces in voice phishing analysis conducted by his research team over the past few months.
    Read More
  • Feb 21, 2019 | Security Boulevard

    These Recently Discovered POODLEs Can Bypass Your TLS [Black Hat Asia 2019]

    If Zombie POODLE and GOLDENDOODLE has you biting your nails, Young is ready to present his full findings at Black Hat Asia in Singapore at some point during the March 26th to March 29th event.
    Read More
  • Feb 14, 2019 | Dark Reading

    Toyota Prepping 'PASTA' for its GitHub Debut [Black Hat Asia 2019]

    Toyama will demonstrate PASTA next month at Black Hat Asia in Singapore.
    Read More
  • Feb 13, 2019 | Dark Reading

    Researchers Dig into Microsoft Office Functionality Flaws [Black Hat Asia 2019]

    At Black Hat Asia, coming up March 26-29 in Singapore, Hegt and Ceelen will take the stage to present their talk "Office in Wonderland," in which they will disclose details on new Word and Excel vulnerabilities, release attack vectors which Microsoft deemed Office features, and demonstrate the security impact of the architectural design of the full Office suite.
    Read More
  • Feb 8, 2019 | Dark Reading

    New Zombie 'POODLE' Attack Bred from TLS Flaw [Black Hat Asia 2019]

    Citrix issues update for encryption weakness dogging the popular security protocol.
    Read More
  • Jan 9, 2019 | Data Breach Today

    Visual Journal: Black Hat Europe 2018 [Black Hat Europe 2019]

    The recent Black Hat Europe conference in London touched on topics ranging from combating "deep fake" videos and information security career challenges to hands-on lock-picking tutorials and the dearth of researchers submitting proposed briefings centered on deception technology.
    Read More
  • Dec 17, 2018 | Version2

    Neil and Bart tried to find the right malicious traffic on hackers' conference [Black Hat Europe 2018]

    This was the situation at the Black Hat IT Security Conference, which took place recently in the European edition in London. Thousands of people from around the world participated. This year's conference had a visit of approx. 3000 participants from 106 countries. And some of the participants fell under the hacker category.
    Read More
  • Dec 16, 2018 | TU

    Researchers warn against AI-based videos: May be misused for political impact [Black Hat Europe 2018]

    They told about their job in a post at the IT Security Conference Black Hat Europe, which was hosted in London last week.
    Read More
  • Dec 14, 2018 | The Daily Swig

    ‘Dear Bloomberg, you still owe everyone a retraction, explanation or some proof’ [Black Hat Europe 2018]

    “The attack exploits DNS Cache Poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker’s public key to a victim domain,” the researchers explained during this year’s Black Hat Europe.
    Read More
  • Dec 11, 2018 | CSO

    Researchers find over 40,000 stolen logins for government portals [Black Hat Europe 2018]

    Researchers find Certificate Authorities to be weak point in web crypto.
    Read More
  • Dec 11, 2018 | Version2

    Researchers warn against AI-based videos: May be misused to influence choices [Black Hat Europe 2018]

    They told about their work a speech at the Black Hat Europe IT Security Conference, which took place in London last week.
    Read More
  • Dec 11, 2018 | CHIP

    Innovation backfires: Security feature makes Windows 10 unsafe [Black Hat Europe 2018]

    Researchers were quick to prove that integrating security issues produced exactly the wrong result: Instead of generating more security, Windows 10 users are more exposed to malicious hackers than before. Researchers Magal Baz and Tom Sela presented their findings about a week ago at the Black Hat Security Conference in London.
    Read More
  • Dec 11, 2018 | Lifehacker

    How to Secure Windows 10 by Disabling Its Password Recovery Questions [Black Hat Europe 2018]

    This is exactly the scenario a group of security researchers described in a recent presentation at the Black Hat Europe Security Conference, as Ars Technica writes.
    Read More
  • Dec 11, 2018 | The Register

    Texas Instruments flicks Armis' Bluetooth chip vuln off its shoulder [Black Hat Europe 2018]

    At Black Hat London last week, Ben Seri and Dor Zusman from research house Armis went into full detail about their November discovery of how to pwn TI-made Bluetooth Low Energy (BLE) chips.
    Read More
  • Dec 10, 2018 | ZDNet

    These hackers are using Android surveillance malware to target opponents of the Syrian government [Black Hat Europe 2018]

    Dubbed SilverHawk by researchers at security firm Lookout, they detailed their findings at the Black Hat Europe conference in London. The malware is thought to have been in operation since mid-2016 and is capable of secretly recording audio, taking photos, downloading files, monitoring contacts, tracking location and more.
    Read More
  • Dec 10, 2018 | The Daily Swig

    Russian doll steganography allows users to mask covert drives [Black Hat Europe 2018]

    During a presentation at Black Hat Europe last week, Schaub demonstrated a self-concealing encryption/steganography suite.
    Read More
  • Dec 10, 2018 | The Daily Swig

    CAs exposed as a weak point in web crypto [Black Hat Europe 2018]

    Presentations at Black Hat Europe last week gave contrasting views the state of cryptography on the web. Hackers are unlikely to find it easy to break elliptic curve crypto, but according to a separate study they might well be able to subvert the trustworthiness of popular commercially-used Certificate Authorities (CAs).
    Read More
  • Dec 8, 2018 | Komando

    Fake apps are infecting smartphones with the ultimate spyware [Black Hat Europe 2018]

    New research from cybersecurity firm Lookout presented during this year's Black Hat Europe conference has revealed that the SEA has expanded its hacking toolset and it now includes the entire SilverHawk "surveillanceware" family.
    Read More
  • Dec 7, 2018 | BankInfoSecurity

    Face Off: Researchers Battle AI-Generated Deep Fake Videos [Black Hat Europe 2018]

    Security researchers are facing off against deep-fake videos over fears that they might be used for nation-state disinformation campaigns or to ruin someone's reputation or social standing.
    Read More
  • Dec 7, 2018 | The Daily Swig

    The best hacks from Black Hat Europe 2018 [Black Hat Europe 2018]

    Thermal imaging might be impressive – but the main prize for sheer mis-appropriation of science during Black Hat Europe has to go to a talk by IBM researchers on attacking hardware systems using resonance.
    Read More
  • Dec 7, 2018 | SC Magazine

    Researchers: Syrian Electronic Army targeting secure messaging app users with spyware [Black Hat Europe 2018]

    Known for its ardent support of Syrian President Bashar al-Assad, the threat group is targeting in particular users of secure messaging apps such as WhatsApp and Telegram. The SEA is spreading malicious updates for these apps through a combination of watering hole websites and phishing emails, according to a report from Forbes, citing researchers at Lookout who presented their findings at the Black Hat conference in London this week.
    Read More
  • Dec 7, 2018 | The Daily Swig

    Threat intelligence marketplace aims to ease skills shortage [Black Hat Europe 2018]

    That’s according to Ben Schmidt, one of the founders of new decentralized platform PolySwarm, which is hoping to change the industry by linking the work of individual security researchers to the companies that may need their specialized expertise. “The idea really came about because we were frustrated,” Schmidt told The Daily Swig at this year’s Black Hat Europe conference.
    Read More
  • Dec 7, 2018 | Version2

    Researchers sneak Android data out during charging in an inventive way [Black Hat Europe 2018]

    It told one of the researchers, Riccardo Spolaor, the details of the IT Security Conference Black Hat Europe, which will take place in London this week.
    Read More
  • Dec 6, 2018 | Linux Magazin

    Black Hat Europe 2018 attracts more visitors [Black Hat Europe 2018]

    The hacker conference Black Hat Europe 2018 ended today in London. Topics included container safety and machine and deep learning.
    Read More
  • Dec 6, 2018 | ZDNet

    oo little, too late? Should we be faster to point the finger of blame at cyber attackers? [Black Hat Europe 2018]

    "Our then defence minister answered the question and his logic was if somebody looks like a dog, talks like a dog, eats like a dog, then most probably it's a dog -- in our case it was a bear," Kaljurand said during her keynote address at Black Hat Europe in London.
    Read More
  • Dec 6, 2018 | The Daily Swig

    Biggest casualty of a breach is security jobs, not share price [Black Hat Europe 2018]

    The Daily Swig spoke to Hypponen on the fringes of the Black Hat Europe conference in London this week. Business leaders should realise their responsibility, he claimed, while adding that – according to research by Hypponen himself – very few companies have failed or gone bust as the result of a breach.
    Read More
  • Dec 6, 2018 | Infosecurity Magazine

    #BHEU: We Must Update Cybersec Education to Develop More Security Experts [Black Hat Europe 2018]

    Speaking at Black Hat Europe in London, Nahman Khayet, security researcher and Shlomi Boutnaru, CTO at Rezilion, explored the current cybersecurity skills shortage and its link to the education system.
    Read More
  • Dec 6, 2018 | Infosecurity Magazine

    #BHEU: AI is Going Rogue with ‘Deep Fake’ Videos [Black Hat Europe 2018]

    Speaking at Black Hat Europe 2018 in London Vijay Thaware, security response lead at Symantec and Niranjan Agnihotri, associate threat analysis engineer at Symantec, explored the rise of a threat called ‘Deep Fakes.’
    Read More
  • Dec 5, 2018 | Bleeping Computer

    SNDBOX - an AI Powered Malware Analysis Site is Launched [Black Hat Europe 2018]

    Today at Blackhat Europe, a new malware analysis service was unveiled called SNDBOX that utilizes artificial intelligence and a hardened virtual environment to perform static and dynamic analysis of malware samples.
    Read More
  • Dec 5, 2018 | Bank Info Security

    Black Hat Europe: The Power of Attribution [Black Hat Europe 2018]

    "But where was Germany, where was France, where was Italy, where were others?" asked Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, in her opening keynote speech at Black Hat Europe conference in London on Wednesday (see: 14 Hot Sessions at Black Hat Europe 2018).
    Read More
  • Dec 5, 2018 | Dark Reading

    Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy [Black Hat Europe 2018]

    As nation-state cyberattacks continue to evolve into more complex and disruptive campaigns, the pressure is on for countries to set specific cybernorms and support one another in the attribution of nation-state hacks, according to Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace (GCSC) and Member of the UN Secretary General's High Level Panel on Digital Cooperation.
    Read More
  • Dec 5, 2018 | Dark Reading

    Windows 10 Security Questions Prove Easy for Attackers to Exploit [Black Hat Europe 2018]

    In a presentation at this week's Black Hat Europe, security researchers from Illusive Networks demonstrated a new method for maintaining domain persistence by exploiting Windows 10 security questions.
    Read More
  • Dec 5, 2018 | Infosecurity Magazine

    #BHEU: Attribution & Offensive Capabilities Changed Cybersecurity in 2018 [Black Hat Europe 2018]

    Delivering the opening keynote at the Black Hat Europe conference in London, Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, spoke of the 2007 attacks by Russia on her home nation of Estonia, and how it was “primitive by today’s standards” but enabled the country to build better defenses and its e-government services.
    Read More
  • Dec 5, 2018 | The Daily Swig

    ‘Cyber-attacks have become the new normality’ [Black Hat Europe 2018]

    Marina Kaljurana, current chair of the Global Commission of the Stability of Cyberspace, was the Estonian ambassador to Russia at the time her country’s critical infrastructure was hit by the politically motivated offensive. “I had two tasks,” Kaljurana said, in her keynote address to attendees at this year’s Black Hat Europe conference in London.
    Read More
  • Dec 5, 2018 | Ars Technica

    Why, in 2018, is Microsoft adding security questions to Windows 10? [Black Hat Europe 2018]

    By answering questions such as “What was your first car?” the users can reset the forgotten password and regain control of the account. It didn’t take long for researchers to identify weaknesses in the newly introduced feature. They presented their findings today at the Black Hat Europe Security Conference in London.
    Read More
  • Dec 5, 2018 | Forbes

    Syrian Electronic Army Hackers Are Targeting Android Phones With Fake WhatsApp Attacks [Black Hat Europe 2018]

    But the SEA hasn't made headlines in some time, largely because it's turned its focus away from Western targets and gone after people closer to home as it continues to support the Bashar Al-Assad regime. And, as research released at the Black Hat conference in London this week shows, the group is putting significant resources into an Android spyware tool that can keep constant tabs on a target's mobile life.
    Read More
  • Dec 5, 2018 | Infosecurity Magazine

    #BHEU: How Google Aurora Attacks Changed the Consciousness of Cybersecurity [Black Hat Europe 2018]

    Opening the Black Hat Europe conference, founder Jeff Moss cited the 2010 attacks on Google as a point where attacks became more serious, as this enabled people in cybersecurity to “speak to a new audience.”
    Read More
  • Dec 5, 2018 | Infosecurity Magazine

    #BHEU: Did the 'Grain of Rice Chip' Drive New Risk Assessments? [Black Hat Europe 2018]

    Speaking at the Black Hat Europe conference in London, trainer and researcher Joe FitzPatrick from SecuringHardware.com asked delegates if their risk assessment considers $5 hardware attacks and if not, “why worry about $1m [hardware attacks], as what is more likely?”
    Read More
  • Dec 5, 2018 | The Daily Swig

    Battery charger hack offers covert way to spy on mobile devices [Black Hat Europe 2018]

    A novel side-channel attack was demoed during a presentation at Black Hat Europe today (December 5) by Dr Riccardo Spolaor of the University of Oxford – one of a team of four European computer scientists that have developed a means of exfiltrating data from a compromised device based on power consumption fluctuations alone.
    Read More
  • Dec 5, 2018 | Silicon UK

    ‘London Blue’ Fraud Group Targets Financial Services Industry [Black Hat Europe 2018]

    The group has taken the basic techniques of targeted scams, known as spear phishing attacks, relying on detailed knowledge about a target’s relationships to send a fraudulent email, and “turned it into massive BEC campaigns”, Agari said in a report. The study was launched to coincide with Black Hat Europe, taking place in London this week.
    Read More
  • Dec 5, 2018 | Dark Reading

    Toyota Builds Open-Source Car-Hacking Tool [Black Hat Europe 2018]

    A Toyota security researcher on his flight from Japan here to London carried on-board a portable steel attaché case that houses the carmaker's new vehicle cybersecurity testing tool.
    Read More
  • Dec 5, 2018 | The Register

    Estonian ex-foreign sec urges governments: Get cosy with the private sector on cybersecurity [Black Hat Europe 2018]

    Black Hat Governments need to "turn from public private partnership slogans to real partnerships" on cybersecurity, former Estonian foreign minister Marina Kaljurand told the Black Hat infosec conference in London this morning.
    Read More
  • Dec 5, 2018 | Ars Technica

    Why, in 2018, is Microsoft adding security questions to Windows 10? [Black Hat Europe 2018]

    Enter Microsoft, which earlier this year added a security questions feature to Windows 10. It allows users to set up a list of security questions that can be asked in the event they later forget a password to one of their administrative accounts. By answering questions such as “What was your first car?” the users can reset the forgotten password and regain control of the account. It didn’t take long for researchers to identify weaknesses in the newly introduced feature. They presented their findings today at the Black Hat Europe Security Conference in London.
    Read More
  • Dec 5, 2018 | Computer Business Review

    Black Hat Europe: You Can be Lucky if You’re the First to Be Attacked [Black Hat Europe 2018]

    Speaking at Black Hat Europe, a cyber and information security event in London, Kaljurand discussed the cyberattack on her country that forced the government to change how it thought about cybersecurity.
    Read More
  • Dec 5, 2018 | Dark Reading

    Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy [Black Hat Europe 2018]

    The former Estonian Foreign Minister, who was serving as the ambassador to Russia in 2007 when her country was hit with historic distributed denial-of-service (DDoS) attacks by Russia, said in an interview with Dark Reading that without "a clear understanding" of attack attribution, bad actors continue to operate in the "gray zone."
    Read More
  • Dec 5, 2018 | Infosecurity Magazine

    #BHEU: Attribution & Offensive Capabilities Changed Cybersecurity in 2018 [Black Hat Europe 2018]

    Delivering the opening keynote at the Black Hat Europe conference in London, Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, spoke of the 2007 attacks by Russia on her home nation of Estonia, and how it was “primitive by today’s standards” but enabled the country to build better defenses and its e-government services.
    Read More
  • Dec 5, 2018 | The Daily Swig

    ‘Cyber-attacks have become the new normality’ [Black Hat Europe 2018]

    Estonia’s former Foreign Minister Marina Kaljurand delivers Black Hat keynote on lessons learned from 2007 offensive.
    Read More
  • Dec 5, 2018 | Bank Info Security

    Black Hat Europe: The Power of Attribution [Black Hat Europe 2018]

    Kaljurand, who previously served as the foreign minister of Estonia and an ambassador to six countries, including the U.S., told the audience at the annual information security conference that the NotPetya attribution by the seven nations represented a breakthrough in countries' ability to hold others to account.
    Read More
  • Dec 4, 2018 | Dark Reading

    ‘London Blue’ BEC Cybercrime Gang Unmasked [Black Hat Europe 2018]

    Agari today disclosed details of both its unmasking of the group – which it has dubbed "London Blue" – as well as its inner workings. Security researchers at Agari flipped the equation on the attackers in an email exchange by posing as Lim's assistant and drawing out enough details to drill down into the particulars of the group as well as the physical location of its operators in London.
    Read More
  • Dec 4, 2018 | Bank Info Security

    14 Hot Sessions at Black Hat Europe 2018 [Black Hat Europe 2018]

    London is calling all information security professionals, as the Black Hat Europe conference returns to the U.K. capital for the third year in a row.
    Read More
  • Dec 3, 2018 | Latest Hacking News

    Latest Hacking News Podcast #175 [Black Hat Europe 2018]

    Black Hat Europe 2018 kicks off today in London so on episode 175 of our daily podcast we highlight just a few of the cybersecurity talks scheduled to take place.
    Read More
  • Nov 20, 2018 | Security Boulevard

    Lax Employee Cybersecurity Habits Pose Growing Danger to Businesses [Black Hat Europe 2018]

    Research by Black Hat Europe indicates that the biggest danger to personal data is the collection and sale of personal information by enterprises and social media organizations that don’t properly protect privacy.
    Read More
  • Nov 15, 2018 | The Daily Swig

    Black Hat survey: User privacy doubts highlight cyber skills shortage [Black Hat Europe 2018]

    The growing skepticism toward the legislation, enacted in May of this year, was cast in new research published by the organizers of Black Hat Europe ahead of its annual meeting of infosec pros in December.
    Read More
  • Nov 15, 2018 | Help Net Security

    What’s keeping Europe’s top infosec pros awake at night? [Black Hat Europe 2018]

    Black Hat Europe’s new research report entitled, Europe’s Cybersecurity Challenges, details the thoughts that are keeping Europe’s top information security professionals awake at night.
    Read More
  • Nov 14, 2018 | The Register

    Just because you're paranoid doesn't mean hackers won't nuke your employer into the ground tomorrow [Black Hat Europe 2018]

    So reckon the people behind the Black Hat cybersecurity knees-up, who polled 130 European infosec folk to find out what keeps them awake at night.
    Read More
  • Nov 14, 2018 | Dark Reading

    Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues [Black Hat Europe 2018]

    The 2018 Black Hat Europe Attendee Survey, published Wednesday, offers a sobering look at the state of cybersecurity defenses in Europe, bolstering the Paris meeting's conclusion that greater efforts are needed to protect data and infrastructure across national boundaries.
    Read More
  • Nov 12, 2018 | Dark Reading

    7 Cool New Security Tools to be Revealed at Black Hat Europe [Black Hat Europe 2018]

    Security researchers will convene in London next month to share findings at Black Hat Europe and unveil new tools at the conference's "Arsenal" event. At Arsenal reseachers will pass around dozens of new tools to advance vulnerability discovery, auditing, and other security practices. Here are a few highlights of what's to come.
    Read More
  • Nov 7, 2018 | Dark Reading

    Finding Gold in the Threat Intelligence Rush [Black Hat Europe 2018]

    At Black Hat Europe, in London this December, van der Walt and Pillarisetty will take the stage to share their findings in "Don't Eat Spaghetti with a Spoon: An Analysis of the Practical Value of Threat Intelligence." They hope to "move the needle along" in terms of understanding threat intelligence and equip other researchers with the data structures, tooling, methodology, and language to enable future research in the space, van der Walt says.
    Read More
  • Nov 1, 2018 | TechCrunch

    A pair of new Bluetooth security flaws expose wireless access points to attack [Black Hat Europe 2018]

    Security company Armis calls the vulnerabilities “Bleeding Bit,” because the first bug involves flipping the highest bit in a Bluetooth packet that will cause its memory to overflow — or bleed — which an attacker can then use to run malicious code on an affected Cisco or Meraki hardware.
    Read More
  • Nov 1, 2018 | ZDNet

    Bleedingbit zero-day chip flaws may expose majority of enterprises to remote code execution attacks [Black Hat Europe 2018]

    Armis plans to release a full technical white paper describing the vulnerabilities at the Black Hat Europe conference, which is due to take place in the first week of December.
    Read More
  • Nov 1, 2018 | Dark Reading

    New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points [Black Hat Europe 2018]

    Seri and Armis security researcher Dor Zusman will discuss their chip findings on in detail in the session "BLEEDINGBIT: Your APs Belong to Us" at Black Hat Europe, December 3 - 6.
    Read More
  • Oct 31, 2018 | Dark Reading

    Hardware Cyberattacks: How Worried Should You Be? [Black Hat Europe 2018]

    "Reactions are not rational or appropriate to what should be done," says Joe Fitzpatrick, trainer and researcher at SecuringHardware.com. He'll be putting hardware threats into context and explaining how they fit into enterprise threat models during a briefing, titled "A Measured Response to a Grain of Rice," at Black Hat Europe in London this December.
    Read More
  • Oct 26, 2018 | Dark Reading

    DeepPhish: Simulating Malicious AI to Act Like an Adversary [Black Hat Europe 2018]

    At this year's Black Hat Europe event, taking place in London in December, Correa will present the team's findings in a session entitled "DeepPhish: Simulating Malicious AI."
    Read More
  • Oct 25, 2018 | Dark Reading

    Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites [Black Hat Europe 2018]

    So far, Twitter and eBay have updated their platforms to prevent the attack, and some browsers, including Microsoft Edge, Microsoft Internet Explorer, and Mozilla Firefox, have added a feature to thwart the attack, according to Takuya Watanabe, who will present his team's findings in December at Black Hat Europe in London
    Read More
  • Oct 18, 2018 | Dark Reading

    New Security Woes for Popular IoT Protocols [Black Hat Europe 2018]

    Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
    Read More
  • Oct 17, 2018 | Threatpost

    Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers [Black Hat USA 2018]

    At Black Hat 2018, researchers stressed that the healthcare device landscape remains insecure and in need of addressing.
    Read More
  • Oct 16, 2018 | TechCrunch

    Medical Device Maker Medtronic Finally Fixes its Hackable Pacemaker [Black Hat USA 2018]

    The company said in a notice this week that it’s switching off the software distribution network after researchers found that a hacker could update the pacemaker’s software with malicious software that could manipulate the impulses that regulate a patient’s heartbeat. The researchers, Jonathan Butts and Billy Rios, revealed the vulnerability at the Black Hat conference in August, more than a year after first reporting the vulnerability to Medtronic.
    Read More
  • Oct 15, 2018 | HealthITSecurity

    FDA Warns of Cybersecurity Vulnerabilities in CareLink Programmers [Black Hat USA 2018]

    In a presentation at the BlackHat security conference held in August, security researchers Bill Rios and Jonathan Butts criticized Medtronic for dragging its feet regarding the vulnerabilities in the CareLink programmers.
    Read More
  • Oct 15, 2018 | Minneapolis Star Tribune

    Medtronic cuts cyber access to vulnerable devices [Black Hat USA 2018]

    The Irish medical device company, operated from offices in Fridley, announced that it was shutting down the ability of its CareLink 2090 and CareLink Encore 29901 device programmers to download new software updates remotely. The news follows a demonstration at the Black Hat USA cybersecurity conference in Las Vegas in August by independent researchers who showed that the vulnerabilities in Medtronic device programmers could negatively impact patient care.
    Read More
  • Oct 12, 2018 | NBC News

    Medtronic disables pacemaker programmer updates over hack concern [Black Hat USA 2018]

    Medtronic in August issued an alert on the issue with its CareLink programmers after researchers discussed the vulnerability at the Black Hat hacking conference. Medical device security experts said they had uncovered a bug that could enable hackers to update malicious software onto the programmers, then attack implanted pacemakers.
    Read More
  • Oct 12, 2018 | The Washington Post

    The Cybersecurity 202: Kanye West is going to make password security great again [Black Hat USA 2018]

    Security researchers at the Black Hat hacker conference in Las Vegas in August demonstrated how a bug in the devices “could enable hackers to update malicious software onto the programmers, then attack implanted pacemakers.” Medtronic said in its letter that it is working on security updates to “further address these vulnerabilities and will be implemented pending regulatory agency approvals.”
    Read More
  • Oct 12, 2018 | GovInfoSecurity

    Medtronic Cardiac Devices Recalled Due to Cyber Concerns [Black Hat USA 2018]

    https://www.govinfosecurity.com/medtronic-cardiac-devices-recalled-due-to-cyber-concerns-a-11597
    Read More
  • Oct 12, 2018 | Cyberscoop

    FDA warns users of cyber vulnerability in pacemaker programmers [Black Hat USA 2018]

    In August at the Black Hat conference, security researchers demonstrated how a hacker could run malicious firmware on one of the programmers, the CareLink 2090, to make life-threatening changes in care. The security researchers, Billy Rios and Jonathan Butts, said they disclosed the vulnerabilities to Medtronic in January 2017 and criticized the vendor for taking months to address the issue.
    Read More
  • Oct 11, 2018 | Reuters

    Medtronic disables pacemaker programmer updates over hack concern [Black Hat USA 2018]

    Medtronic in August issued a security bulletin on the issue with its CareLink programmers after researchers discussed the vulnerability at the Black Hat hacking conference in Las Vegas. Medical device security experts said they had uncovered a bug that could enable hackers to update malicious software onto the programmers, then attack implanted pacemakers.
    Read More
  • Oct 11, 2018 | FierceBiotech

    Medtronic disables updates for pacemaker programmers over cybersecurity concerns [Black Hat USA 2018]

    n a presentation at the annual Black Hat cybersecurity conference in Las Vegas, two researchers demonstrated the security weaknesses in the pacemaker's control unit, saying the vulnerabilities allowed for “the disruption of therapy as well as the ability to execute shocks to a patient.”
    Read More
  • Oct 9, 2018 | Medial Plastics News

    Why the hacking of medical devices is still big news [Black Hat USA 2018]

    The vulnerability of medical devices to be hacked is nothing new. But picking up on news reports from the Black Hat security event that took place in Las Vegas at the beginning of August, it seems that these concerns continue to be top of the agenda where products such as pacemakers and implantable devices, are concerned.
    Read More
  • Oct 2, 2018 | Enterprise Mobility Exchange

    Medical Device Flaws Shine Light On Security And IoT Issues [Black Hat USA 2018]

    This technology helps medical professionals make more accurate and safer health decisions for patients. Just like computer systems, medical devices are vulnerable to security breaches. In August at the Black Hat security conference in Las Vegas, researchers uncovered vulnerabilities in heart monitoring devices by Medtronic, and insisted that hackers could remotely install malware.
    Read More
  • Sep 6, 2018 | Politico

    House panels consider airline cyber threats [Black Hat USA 2018]

    early 85 percent of security pros in a poll out today said they believed there would be hacking during the 2018 midterms. The poll, conducted by cybersecurity company Lastline of Black Hat conference attendees, found a variety of opinions about how it might happen.
    Read More
  • Sep 6, 2018 | CSO

    Why data loss prevention is a throwback technology [Black Hat USA 2018]

    Black Hat is one of the top conferences for security professionals to learn about the latest technologies and vulnerabilities to be aware of in the coming year. From the surprising safety of self-driving cars, to new ways to hack into what many thought were secure systems, Black Hat is the spot for the latest innovations, hacking methods and more.
    Read More
  • Sep 5, 2018 | CBS News

    Phishing for political secrets: Hackers take aim at midterm campaigns [Black Hat USA 2018]

    "[Phishing is] one of the biggest threats … and it's still a continuous attack factor," said Microsoft's Diana Kelley in an interview at the 2018 Black Hat cybersecurity conference. "I don't even call [targeted email attacks] spearphishing, I think of them as laser fishing now because they're so well-crafted."
    Read More
  • Sep 5, 2018 | Forbes

    Medical Device Security Improvements Coming - But Not Anytime Soon [Black Hat USA 2018]

    At Black Hat in Las Vegas last month, researchers Billy Rios and Jonathan Butts brought a similar message, with a session titled, “Exploiting Implanted Medical Devices.”
    Read More
  • Sep 3, 2018 | Information Age

    How is Facebook battling cyber crime? [Black Hat USA 2018]

    High-performing students may be eligible for internships with the social media platform after graduating from the scheme, and be able to attend cyber security conferences, such as the Black Hat Briefings.
    Read More
  • Aug 31, 2018 | Vice Motherboard

    Experts Call for Transparency Around Google’s Chinese-Made Security Keys [Black Hat USA 2018]

    “I should not have to wait until Black Hat next year to find answers to these questions from an unaffiliated third-party,” he added.
    Read More
  • Aug 30, 2018 | BBC

    How Do You Run A Hacking Operation? [Black Hat USA 2018]

    Thousands of cyberattacks occur every single day. Some hackers steal credit card details or pilfer money from online bank accounts. Others cripple businesses, or even governments. As tensions mount in cyberspace, what are countries doing to strengthen their cyber power and build a hacking army? In this Inquiry, we delve into some of the world’s most intriguing cyber operations – including Iran, Russia and North Korea.
    Read More
  • Aug 30, 2018 | TechRepublic

    Risk & Repeat: Are the Meltdown and Spectre flaws overhyped? [Black Hat USA 2018]

    Were the Meltdown and Spectre flaws as bad as some claimed? That question was raised by the Pwnie Awards at Black Hat 2018 earlier this month.
    Read More
  • Aug 30, 2018 | Dark Reading

    Lessons From the Black Hat USA NOC [Black Hat USA 2018]

    At Black Hat USA, the network operations center (NOC) and security operations center (SOC) are one in the same — reasonable for a network that exists to serve a huge gathering of security professionals. While the network that exists for a high-intensity week is unique in many ways, in others it is a concentrated example of what is possible when professionals with different areas of expertise — and different vendors — work together.
    Read More
  • Aug 29, 2018 | San Antonio Business Journal

    Texas A&M-San Antonio partners with Facebook for cybersecurity education [Black Hat USA 2018]

    This fall, the university is slated to offer a hybrid cybersecurity course to students underwritten by Facebook. It includes curriculum, mentorship, project development and training during a simulated cybersecurity attack side by side with Facebook employees in San Antonio. It also includes potential internships with Facebook for its students and scholarships to attend competitions like cybersecurity events Black Hat Conference and DEF CON in Las Vegas.
    Read More
  • Aug 29, 2018 | ScienceDaily

    How unsecured medical record systems and medical devices put patient lives at risk [Black Hat USA 2018]

    The researchers from UC San Diego and UC Davis detailed their findings Aug. 9 at the Black Hat 2018 conference in Las Vegas, where they staged a demonstration of the attack. Dubbed Pestilence, the attack is solely proof-of-concept and will not be released to the general public. While the vulnerabilities the researchers exploited are not new, this is the first time that a research team has shown how they could be exploited to compromise patient health.
    Read More
  • Aug 29, 2018 | PYMNTS

    Why Security Techniques Need To Evolve As Fast As Hackers [Black Hat USA 2018]

    And the bad news of impressive feats in hacking have been pouring out of various hacking professional conferences all summer long. A research team at the Black Hat conference managed to trick voice recognition software from Microsoft by convincing it a machine voice was human.
    Read More
  • Aug 28, 2018 | The Last Watchdog

    MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police? [Black Hat USA 2018]

    Phishing is the number one way organizations are breached, Aaron Higbee, CTO and co-founder of Cofense, told me at Black Hat USA 2018 in Las Vegas. Even though phishing has been a problem for years and most people are aware of what a phishing email looks like, we still fall for them.
    Read More
  • Aug 28, 2018 | CSO

    Why Security and DevOps Desperately Need Couples Counseling [Black Hat USA 2018]

    “Nobody thinks security is their friend,” laughed Brad Senetza, security assurance architect, Oracle in an on-camera interview at the 2018 Black Hat Conference in Las Vegas.
    Read More
  • Aug 28, 2018 | Journal of Cyber Policy

    BLACK HAT 2018: ATTACK SIMULATION [Black Hat USA 2018]

    Inspector Clouseau, of Pink Panther fame, had Cato Fong, his manservant, attack him by surprise to keep his self-defense reflexes strong. (And funny) Businesses and government agencies today should have their own version of Cato in the form of attack simulation software. Black Hat 2018 had several vendors offering this kind of solution, sometimes called Breach and Attack Simulation (BAS). These included AttackIQ, XM Cyber, Cymulate and others.
    Read More
  • Aug 28, 2018 | Bloomberg Law

    https://biglawbusiness.com/device-makers-combating-cyber-risks-to-patient-health/ [Black Hat USA 2018]

    The Black Hat and DefCon conferences in Las Vegas where McAfee presented its research showed how vulnerable some of these medical devices are, but there’s a real lack of awareness of the risks that exist in deployed devices in most hospitals, McMillan said.
    Read More
  • Aug 28, 2018 | CSO

    Stop playing “whack-a-mole” with your security [Black Hat USA 2018]

    Those were the key takeaways in a presentation by Parisa Tabriz, a director of engineering from Google. Tabriz spoke at the August Black Hat US 2018 conference in Las Vegas. In the session, the underlying theme was that security professionals must do whatever they can to incentivize firms to make better and more secure products.
    Read More
  • Aug 28, 2018 | Forbes

    iCloud Compromise With A Twist [Black Hat USA 2018]

    When I first wrote about iCloud compromises there was a far more salacious bent to the story line. Now with BSidesLV, Blackhat and DEF CON only recently passed by it only seemed appropriate that a clever iCloud related hack story would fall into my lap.
    Read More
  • Aug 27, 2018 | Fifth Domain

    Will more sanctions drive Iran to a cyberattack? [Black Hat USA 2018]

    Iranian hackers usually take three to four months to carry out an attack, Levi Gundert, vice president of intelligence at Recorded Future, told Fifth Domain during the Black Hat conference in Las Vegas. That means the Nov. 4 date for potentially another round of U.S. sanctions coincides with the timeline for an expected retaliation.
    Read More
  • Aug 27, 2018 | CyberScoop

    Cisco Talos' Craig Williams on the hunt for bugs and abnormal behavior [Black Hat USA 2018]

    On the sidelines of the Black Hat and DEF CON conference in Las Vegas this month, CyberScoop sat down with Craig Williams, Talos’ director of outreach, to get his take on some of these high-profile threats and how he approaches the craft of investigating malware campaigns.
    Read More
  • Aug 27, 2018 | Networks Asia

    Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says [Black Hat USA 2018]

    The emergence of Petya/NotPetya and other virulent forms of malware have showcased how the best and most successful black-hat hacks are not entirely new—bad actors simply take older, more established approaches or attack vectors and add a new twist. And so it is with PHP unserialization attacks, as showcased at the Black Hat conference earlier this month by Sam Thomas, director of research for Secarma Ltd, an information security consultancy.
    Read More
  • Aug 26, 2018 | Journal of Cyber Policy

    BLACK HAT 2018: REDUCING ATTACK SURFACES [Black Hat USA 2018]

    The theme of reducing attack surfaces emerged repeatedly at Black Hat 2018. While many cyber security professionals acknowledge the risk exposure hidden in today’s proliferating collection of attack surfaces, not everyone is taking action.
    Read More
  • Aug 26, 2018 | The Daily Dot

    How hackers can use AI to hide their malware and target you [Black Hat USA 2018]

    Thanks to advances in artificial intelligence, such fine-grained targeted cyberattacks are no longer the stuff of dark hacker movies, as security researchers at IBM demonstrated at the recent Black Hat USA security conference in Las Vegas.
    Read More
  • Aug 24, 2018 | Journal of Cyber Policy

    BLACK HAT 2018: THE ICS CONVERSATION [Black Hat USA 2018]

    The subject of Industrial Control Systems (ISCs) came up frequently at Black Hat 2018. The threats are very real, with serious potential consequences in the event of a successful attack. Talking to various experts at the conference, the state of industrial cyber security seems to be on a trajectory of improvement, but with much work to be done in many “spheres of activity.
    Read More
  • Aug 24, 2018 | Security Boulevard

    Looking Back on Black Hat 2018: Four Key Learnings from This Year’s Event [Black Hat USA 2018]

    Two weeks ago I attended the Black Hat USA 2018 conference: As one of the largest cybersecurity events in the world, it’s always interesting to hear the key themes and trends the industry is buzzing about. Here are my observations on four actionable takeaways from the 2018 conference.
    Read More
  • Aug 23, 2018 | TechTarget

    AI bias and data stewardship are the next ethical concerns for infosec [Black Hat USA 2018]

    Laura Norén, director of research at Obsidian Security, spoke about data science ethics at Black Hat USA 2018, and discussed the potential pitfalls of not having quality data, including AI bias learned from the people training the model.
    Read More
  • Aug 23, 2018 | TechTarget

    Risk & Repeat: Meltdown and Spectre disclosure in review [Black Hat USA 2018]

    A Black Hat panel discussion provided a behind-the-scenes look at the process from the perspective of Microsoft, Google and Red Hat representatives.
    Read More
  • Aug 23, 2018 | GCN

    Assembling an ingredients list for software [Black Hat USA 2018]

    Speaking at the Black Hat conference earlier this month, Allan Friedman, director of cybersecurity for the National Telecommunications and Information Administration, discussed how his unit is working to develop a “software bill of materials,” a list of ingredients for business software products.
    Read More
  • Aug 23, 2018 | CSO

    Detecting bot attacks | Salted Hash Ep 44 [Black Hat USA 2018]

    In this episode, host Steve Ragan talks with Engin Akyol, CTO at Distil Networks at the Black Hat 2018 conference, about bot account takeovers and how they can be detected.
    Read More
  • Aug 22, 2018 | Network World

    IoT vendors talk open buildings, black hats and a jam conspiracy [Black Hat USA 2018]

    In what may be one of the most predictable headlines readers of this piece will see, some of the world’s leading information security professionals attending the Black Hat security conference told the media that unsecured IoT devices still pose a large-scale threat to networks around the globe.
    Read More
  • Aug 22, 2018 | CSO

    Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says [Black Hat USA 2018]

    Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research, introduced at Black Hat this month, shows that malevolent hackers can introduce this vulnerability, even in environments that were previously considered low-risk for this attack.
    Read More
  • Aug 21, 2018 | USA Today

    Here comes Russia, back at it again with the hacking in time for midterms: Today's talker [Black Hat USA 2018]

    Recent security conferences (Black Hat and DEF CON) discussed research on the latest threats, vulnerabilities and techniques of the cyberworld. And this time around, the voting systems for the U.S. midterms drew paramount focus from security researchers, learning that several states that use electronic voting systems had been purchasing parts off eBay after some of their systems became faulty.
    Read More
  • Aug 21, 2018 | Threatpost

    Video: Bishop Fox on Device Threats and Layered Security [Black Hat USA 2018]

    Threatpost talked to Christie Terrill, partner at Bishop Fox, about the top trends and security issues that were discussed at Black Hat USA in Las Vegas this month.
    Read More
  • Aug 21, 2018 | Inside Cybersecurity

    Former DHS attorney: Info-sharing system needs incentives, smoother process [Black Hat USA 2018]

    Allison Bender, interviewed on the sidelines of the recent Black Hat conference in Las Vegas, said “very few organizations are sharing into” DHS' Automated Indicator Sharing program even as sharing expands among private entities.
    Read More
  • Aug 21, 2018 | Vice Motherboard

    Meet 'Intrusion Truth,' the Mysterious Group Doxing Chinese Intel Hackers [Black Hat USA 2018]

    “We won’t achieve anything by publicly naming,” Andrei Barysevich, director of advanced collection at threat intelligence firm RecordedFuture, told Motherboard at the annual Black Hat cybersecurity conference earlier this month. Likely the only time the company may publish names is in a direct collaboration with law enforcement, a RecordedFuture spokesperson added.
    Read More
  • Aug 20, 2018 | Security Intelligence

    Stories From the Edge of IoT Security: Threat Demos From Black Hat and DEF CON [Black Hat USA 2018]

    As the annual security week in Las Vegas drew to a close, cybersecurity professionals left Black Hat 2018 and DEF CON 26 armed with knowledge, renewed energy and no shortage of exposure to emerging Internet of Things (IoT) security flaws. Perhaps fittingly, Black Hat event founder Jeff Moss helped kick off the conference by acknowledging threats faced by the security industry and citing a sense that they were in the “final exams stage.”
    Read More
  • Aug 20, 2018 | Risky Business

    Risky Business feature: Adam Boileau recaps Black Hat and DEF CON [Black Hat USA 2018]

    But that’s ok, because Adam went to both Black Hat and DEF CON and he joined me to talk about the highlights from his point of view. This was his first trip to the Vegas cons since 2005, and agreed with me that the content this year was actually pretty bloody good.
    Read More
  • Aug 20, 2018 | TechHQ

    AI for cybersecurity: Friend or foe? [Black Hat USA 2018]

    “What’s happening is a little concerning, and in some cases even dangerous,” warned Raffael Marty, vice president of corporate strategy at security firm Forcepoint, at the Black Hat cybersecurity conference in Las Vegas.
    Read More
  • Aug 20, 2018 | The Star

    These Android phones have security defects out of the box, researchers say [Black Hat USA 2018]

    Ryan Johnson, Kryptowire's director of research, and Angelos Stavrou, the company's CEO, disclosed their findings recently at the Black Hat security conference in Las Vegas, according to Wired. Kryptowire's research was partially funded by the Department of Homeland Security.
    Read More
  • Aug 20, 2018 | The Register

    So phar, so FUD: PHP flaw puts WordPress sites at risk of hacks [Black Hat USA 2018]

    Research into the vulnerability was presented by Secarma's Sam Thomas at Thursday's BSides cybersecurity conference in Manchester, UK – days after it was first unveiled at Black Hat in Las Vegas last week. His presentation (video below) was entitled It's A PHP Unserialization Vulnerability Jim, But Not As We Know It.
    Read More
  • Aug 20, 2018 | Help Net Security

    Making informed decisions: The importance of data driven security [Black Hat USA 2018]

    In this podcast recorded at Black Hat USA 2018, Vikram Phatak, CEO of NSS Labs, talks about data driven security.
    Read More
  • Aug 20, 2018 | Security Intelligence

    X-Force Red in Action: Spotlight on ATM Testing With David ‘VideoMan’ Bryan [Black Hat USA 2018]

    The good news: The X-Force Red team survived Black Hat and DEF CON and is back with a new edition of the X-Force Red in Action podcast.
    Read More
  • Aug 20, 2018 | Dark Reading

    How Better Intel Can Reduce, Prevent Payment Card Fraud [Black Hat USA 2018]

    Royal Bank of Canada machine learning researcher Cathal Smyth and Terbium Labs chief scientist Clare Gollnick discuss how they use intelligence about the carding market to predict the next payment card fraud victims. Filmed at the Dark Reading News Desk at Black Hat USA 2018.
    Read More
  • Aug 18, 2018 | The Register

    'Oh sh..' – the moment an infosec bod realized he was tracking a cop car's movements by its leaky cellular gateway [Black Hat USA 2018]

    “What happens when people go after police officers because they know where they live,” Justin Shattuck, principal threat researcher at F5 Networks, who gave a Black Hat USA talk this week about the findings, told The Register. “Using GPS we know where they buy their donuts, how long to get their orders – we know where they are down to the metre.”
    Read More
  • Aug 17, 2018 | Fast Company

    Heart-stopping security news: Hackers can now get into pacemakers [Black Hat USA 2018]

    At the recent Black Hat information security conference, researchers demonstrated how the Carelink 2090 pacemaker, along with the company’s insulin pump, could be hacked.
    Read More
  • Aug 17, 2018 | IT News Africa

    Black Hat: Protecting Industrial Control System [Black Hat USA 2018]

    Industrial Control System (ICS) security was ramped up at Black Hat USA – with packed sessions ranging from specific attacks to vulnerable hardware – all with the aim of protecting critical infrastructure, whose security shortcomings so frequently hit the headlines these days.
    Read More
  • Aug 17, 2018 | BleepingComputer

    Combating Social Engineering: Tips From Black Hat 2018 [Black Hat USA 2018]

    Matt Wixey, one of the presenters this year at Black Hat USA, leads technical research for the PwC Cyber Security practice in the UK. He works closely with the Ethical Hacking team and is a PhD candidate at University College London. Prior to joining PwC, Wixey led a technical R&D team for a law enforcement agency in the UK.
    Read More
  • Aug 17, 2018 | TechRepublic

    Black Hat 2018: Sneaker bots and their challenges [Black Hat USA 2018]

    Josh Shaul, vice president of web security at Akamai, sat down with TechRepublic's Dan Patterson at Black Hat 2018 to speak about sneaker sales' market and after-market.
    Read More
  • Aug 17, 2018 | TechTarget

    ICS security fails the Black Hat tes [Black Hat USA 2018]

    Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren't really trying.
    Read More
  • Aug 17, 2018 | TechRepublic

    Black Hat 2018: Connecting cars to enhance the way we drive [Black Hat USA 2018]

    Thomas Mackenzie, associate partner at X-Force Red at IBM, talks to TechRepublic's Dan Patterson about the importance of connecting communication technologies between vehicles at Black Hat 2018.
    Read More
  • Aug 17, 2018 | TechRepublic

    Demo at Black Hat 2018 of what corrupt data does to a Libelium Meshlium [Black Hat USA 2018]

    Daniel Crowley, research baron for X-Force Red at IBM, and Jennifer Savage, security researcher at Threatcare, show TechRepublic's Dan Patterson an exploited demo based on vulnerabilities that were found in the Libelium Meshlium at Black Hat.
    Read More
  • Aug 17, 2018 | CNBC

    Security researchers say they can hack Medtronic pacemakers [Black Hat USA 2018]

    Rios and Butts demonstrated the security weaknesses earlier this month at the annual Black Hat cyber security conference in Las Vegas, one of the industry's most prestigious annual meetings.
    Read More
  • Aug 17, 2018 | Medium

    Black Hat Conference Vendors Use Cybersecurity Marketing Theme to Gain Attendees’ Attention [Black Hat USA 2018]

    Many vendors and cybersecurity companies attend the Black Hat USA 2018 conference. The world’s leading annual information security event took place in Las Vegas August 5–9.
    Read More
  • Aug 17, 2018 | CNET

    Black Hat and Defcon cybersecurity experts share tips on how to protect yourself [Black Hat USA 2018]

    During the week of Black Hat and Defcon, tens of thousands of security experts and hackers flock to Las Vegas for the back-to-back conferences. They hold discussions on issues like smart cities getting hacked, two-factor authentication, and security issues with voice assistants
    Read More
  • Aug 17, 2018 | Defense One

    Ep. 16: Hypersonic missiles; Black Hat/Defcon 2018; Q&A w/ Chris Lynch of Defense Digital Services. [Black Hat USA 2018]

    Then (13:25) we’ll get into what’s new from the world of hackers at this year’s Black Hat / DefCon. Our own Patrick Tucker has returned from Sin City to tell us all about what happened in Vegas.
    Read More
  • Aug 17, 2018 | WeLiveSecurity

    Week in security with Tony Anscombe [Black Hat USA 2018]

    In this week’s cybersecurity news, Tony Anscombe covers the Instagram hack that left some users locked out of their accounts. There is a report from Black Hat from our Security Researcher Cameron Camp and a look at why New York University researchers have come up with a novel idea to make software more secure.
    Read More
  • Aug 16, 2018 | Journal of Cyber Policy

    SECURE SYSTEM ENGINEERING AND THE TORAH [Black Hat USA 2018]

    I attended the session, “Open Sesame: Picking Locks with Cortana” at Black Hat 2018, in which presenters Tal Be’ery, Amichai Shulman, Ron Marcovich and Yuval Ron revealed several different ways to access private information on a locked PC using the Cortana voice assistant.
    Read More
  • Aug 16, 2018 | Security Boulevard

    New Foreshadow Vulnerabilities Defeat Memory Defenses on Intel CPUs [Black Hat USA 2018]

    These are the latest in a long string of architectural vulnerabilities in CPUs that have been found and disclosed since Spectre and Meltdown. Last week at the Black Hat USA security conference, researcher Ben Gras from VU Amsterdam presented the details of another CPU vulnerability called TLBleed that abuses hyper-threading and the translation lookaside buffer (TLB) to leak secrets such as encryption keys.
    Read More
  • Aug 16, 2018 | Entrepreneur

    The Latest Thing You Need to Worry About Cybercriminals Hacking? Your Voice.] [Black Hat USA 2018]

    We've already seen cybersecurity researchers demonstrate some of these methods in proof-of-concept attacks, and the risk gained further priority this August at the Black Hat conference, where ethical hackers demonstrated new methods of voice "spoofing" and attacking a widely used personal digital assistant through voice commands.
    Read More
  • Aug 16, 2018 | CBS News

    Obama campaign used security keys during both elections to defend against hackers [Black Hat USA 2018]

    As political campaigns in the 2018 midterm elections fight off hackers, the Obama campaign might have figured out the key solution a decade ago. President Obama's campaign used Yubikeys, which are security keys for protecting logins, in both the 2008 and 2012 elections to defend itself from hackers, according to Yubico CEO Stina Ehrensvard. "The woman who tried after him did not, and you can see the results," Stina Ehrensvard, the CEO and founder of Yubico, said in an interview at Black Hat.
    Read More
  • Aug 16, 2018 | PaymentsSource

    How mobile POS devices succumb to hackers [Black Hat USA 2018]

    With payments increasingly shifting to mobile, the ability to exploit mobile point-of-sale systems that make it possible for merchants to accept card and even cryptocurrency payments on the go is also shifting. Presenting at the Black Hat USA cybersecurity conference last week in Las Vegas, prominent security researchers from U.K.-based Positive Technologies showcased research detailing the inherent vulnerabilities they discovered among four of the most popular mPOS systems operating in both the United States and Europe.
    Read More
  • Aug 16, 2018 | CRN

    WATCH: XM Cyber Fights Hackers With An Automated Red Team [Black Hat USA 2018]

    As seen at Black Hat USA 2018, automation has become a valued technology for security companies, which are challenged by a talent shortage and a constantly evolving threat landscape. The Global Information Security Workforce Study from the Center for Cyber Safety and Education, predicts a shortfall of 1.8 million cybersecurity workers by 2022.
    Read More
  • Aug 16, 2018 | TechRepublic

    Black Hat 2018: Xerox CISO on why the tech industry needs to simplify [Black Hat USA 2018]

    TechRepublic's Dan Patterson interviewed Alissa Johnson, Xerox Chief Information Security Officer, at Black Hat. She discussed defining IT processes, simplifying the tech industry, and more. The following is an edited transcript of the interview.
    Read More
  • Aug 16, 2018 | SDxCentral

    Classic Rock and Cloud-Native Attacks Collide at Black Hat [Black Hat USA 2018]

    Serpa said that compared to past security conferences, many more people approached the Bitglass booth at last week’s Black Hat conference knowing what CASB is. Now the burning question is what is different about Bitglass CASB compared to others?
    Read More
  • Aug 16, 2018 | Channel Partners

    Security Roundup: Black Hat Edition [Black Hat USA 2018]

    Last week’s Black Hat USA 2018 conference in Las Vegas was the place to be for all things cybersecurity. Among the topics explored were the need for more collaboration among cybersecurity providers and more information sharing in the industry to battle the ever-increasing volume of cyberthreats. Other individual topics included securing IoT and stopping election hacking.
    Read More
  • Aug 16, 2018 | CSO

    Hack mobile point-of-sale systems? Researchers count the ways [Black Hat USA 2018]

    Presenting at the Black Hat USA information security conference last week in Las Vegas, prominent U.K. security researchers showcased recent research detailing the inherent vulnerabilities they discovered among four of the most popular mPOS systems operating in both the United States and Europe.
    Read More
  • Aug 16, 2018 | The Intercept

    BLACK HAT HACKER CONFERENCE BEGINS TO GRAPPLE WITH GENDER DISCRIMINATION AND SEXUAL ASSAULT IN CYBERSECURITY [Black Hat USA 2018]

    But last week, for the first time in Black Hat’s history, the conference invited speakers to address gender discrimination, sexual assault, mental health, and substance abuse. The conference’s inaugural Community Track briefings provided a window into problems in the cybersecurity world that have long been hidden in plain sight.
    Read More
  • Aug 16, 2018 | The Daily Swig

    Until next year: A look back at hacker summer camp [Black Hat USA 2018]

    Dave Lewis reflects on his time in Las Vegas attending BSides, Black Hat, and Def Con.
    Read More
  • Aug 15, 2018 | Inside Cybersecurity

    Messages from Black Hat: Cybersecurity tools are better, and the risk is worse [Black Hat USA 2018]

    A duality of messages permeated last week's Black Hat and Def Con conferences: Cybersecurity tools are improving, business and government entities alike are better organizing themselves, and yet, the cyber threat environment continues to darken and grow more dangerous.
    Read More
  • Aug 15, 2018 | Threatpost

    Microsoft Cortana Flaw Allows Web Browsing on Locked PCs [Black Hat USA 2018]

    Last week at Black Hat USA, researchers discussed another flaw (patched in June by Microsoft) dubbed “Open Sesame,” which also allowed an adversary to bypass a Windows 10 lock screen using the voice assistant aspect of Cortana; from there, they were able to unleash a number of “dangerous” functions.
    Read More
  • Aug 15, 2018 | Journal of Cyber Policy

    SOPHOS RELEASE IN-DEPTH REPORT ON ATYPICAL SAMSAM RANSOMWARE [Black Hat USA 2018]

    Sophos announced the publication of a detailed report on the notorious SamSam ransomware threat at Black Hat 2018. The 47-page report covers how the attacks began in 2016. It explores how SamSam targets victims in ways unlike any previous ransomware attack had before.
    Read More
  • Aug 15, 2018 | TechTarget

    Infosec mental health support and awareness hits Black Hat 2018 [Black Hat USA 2018]

    Rather than continue being reactive to social issues, Black Hat 2018 took steps to be more proactive in addressing and bringing awareness to the topic of infosec mental health.
    Read More
  • Aug 15, 2018 | Dark Reading

    Miller & Valasek: Security Stakes Higher for Autonomous Vehicles [Black Hat USA 2018]

    Valasek and Miller, now both principal security architects for autonomous-vehicle manufacturer Cruise Automation, at Black Hat USA last week mapped out the key issues surrounding securing this new generation of driverless cars, based on their past three years working in the self-driving vehicle industry collectively for Uber, Didi Chuxing, and now Cruise, of which General Motors is a majority owner.
    Read More
  • Aug 15, 2018 | Dark Reading

    2018 Pwnie Awards: Who Pwned, Who Got Pwned [Black Hat USA 2018]

    A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
    Read More
  • Aug 14, 2018 | Fedscoop

    Marines launch bug bounty at Las Vegas event [Black Hat USA 2018]

    he Hack the Marine Corps program, jointly created by the Department of Defense and vulnerability disclosure platform company HackerOne, launched Aug. 12 with a live hacking event in Las Vegas on the heels of the annual Black Hat and DEF CON hacker conventions. Hackers discovered 75 unique vulnerabilities during the event worth more than $80,000 in prizes.
    Read More
  • Aug 14, 2018 | Dark Reading

    Flaws in Mobile Point of Sale Readers Displayed at Black Hat [Black Hat USA 2018]

    Leigh-Anne Galloway and Tim Yunusov - Positive Technologies' security researcher and senior banking security expert, respectively - sought to answer that question in research presented at Black Hat USA and DEF CON.
    Read More
  • Aug 14, 2018 | WeLiveSecurity

    Black Hat 2018: AI was supposed to fix security – what happened? [Black Hat USA 2018]

    At Black Hat 2018 the aisles were bustling and activity kept ramping up, not subsiding. Last year there were no shortage of security breaches and they seem to be continuing unabated, so what happened with the promise of AI?
    Read More
  • Aug 14, 2018 | SecurityIntelligence

    A Black Hat Veteran Reflects on the Hot Topics at This Year’s Conference [Black Hat USA 2018]

    A somewhat less sexy topic that also got a lot of play at this year’s Black Hat is the evolving nature of vulnerability and threat management. Vulnerability management has been around for a while to help security teams scan their networks, rank vulnerabilities and remediate them with the resources they have.
    Read More
  • Aug 14, 2018 | Security Boulevard

    Industrial Control Gateways: It’s Like Exploiting in the 1990s [Black Hat USA 2018]

    “It’s like exploiting in the 1990s,” said Thomas Roth, a German security researcher and consultant who analyzed the firmware of industrial control gateways from several vendors over the past year. Roth presented his findings at the Black Hat USA security conference last week.
    Read More
  • Aug 14, 2018 | Mobile App Daily

    Blackberry's Latest Feature Makes Ransomware Recovery Quick And Easy [Black Hat USA 2018]

    The announcement was made on Monday at the Black Hat conference in Las Vegas. In a press release, BlackBerry called the feature a precise recovery tool with the ability to protect businesses against ransomware attack.
    Read More
  • Aug 14, 2018 | BleepingComputer

    VORACLE Attack Can Recover HTTP Data From VPN Connections [Black Hat USA 2018]

    A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions. The attack was discovered by security researcher Ahamed Nafeez, who presented his findings at the Black Hat and DEF CON security conferences held last week in Las Vegas.
    Read More
  • Aug 14, 2018 | GreekMoney.gr

    DIGITAL MONEYBlack Hat cyber security conference in Las Vegas: "Hackers can turn satellite into weapon" [Black Hat USA 2018]

    From the announcements at the Black Hat security conference in Las Vegas last week, the international community learned that malicious hackers could kill someone by remotely violating an implanted medical device such as a pacemaker or insulin pump.
    Read More
  • Aug 14, 2018 | The Parallax

    There’s more to election integrity than secure voting machines [Black Hat USA 2018]

    Researcher Carsten Schürmann revealed inconclusive results of a forensic examination of the solid-state drives of eight WinVote machines in a Thursday morning talk at the Black Hat USA security conference here. During his presentation, Schürmann, a professor at the IT University of Copenhagen and founder of the research project DemTech, emphasized two things: how little a WinVote autopsy reveals, and the importance of securing voting with paper trails and risk-limiting audits.
    Read More
  • Aug 14, 2018 | PC Magazine

    What We Saw at Black Hat 2018 [Black Hat USA 2018]

    From breaking voice authentication and remote-controlling airplanes to hijacking emergency sirens and protecting self-driving cars, this year's Black Hat conference was a wild ride.
    Read More
  • Aug 14, 2018 | eWeek

    NSA Research Looks at How Stress Impacts Cyber-Security Operations [Black Hat USA 2018]

    Celeste Lyn Paul, senior researcher, and Josiah Dykstra, deputy technical director of NSA Cyber-Security Operations, gave a presentation at Black Hat USA in Las Vegas on Aug. 8 titled "Stress and Hacking," which included details on research about the impact of stress on cyber-operations.
    Read More
  • Aug 14, 2018 | PC & Tech Authority

    Black Hat USA 2018: Car hackers Miller and Valasek now using their skills for good [Black Hat USA 2018]

    The duo last appeared at Black Hat two years ago when they revealed their hack of a Jeep Cherokee and announced their retirement from car hacking. But this latest appearance featured the two guys, who now work for Cruise - a GM division developing self-driving vehicles for ride-share businesses - discussing how they have used their hacking skills to help make the upcoming generation of autonomous vehicles as safe as possible from a cyber-attack.
    Read More
  • Aug 14, 2018 | SDxCentral

    IBM Hackers, Cloud Security Alliance Take On IoT at Black Hat [Black Hat USA 2018]

    The week before Black Hat, the FBI warned of cybercriminals hacking IoT devices and using those devices to attack other devices on the network. And at the annual security conference in Las Vegas, startup Armis surveyed 130 security professionals and found 93 percent of them expect nation-states will target or exploit connected devices in the next year.
    Read More
  • Aug 14, 2018 | TWiT

    HACKING THE MAC AT BLACK HAT AND DEF CON [Black Hat USA 2018]

    Security demonstrations at Black Hat and DEF CON 2018 include a remote macOS hack and invisible mouse clicks.
    Read More
  • Aug 14, 2018 | PC Magazine

    17 Remarkable (and Scary) Things We Saw at Black Hat 2018 [Black Hat USA 2018]

    The 2018 Black Hat conference—summer's week-long celebration of all things infosec—kicked off with an inspiring exhortation by Parisa Tabriz, Director of Engineering at Google. She urged attendees to forget the status quo and stop playing security Whack-A-Mole.
    Read More
  • Aug 13, 2018 | Decipher

    TRAILBLAZER HUNTS CREDENTIAL ABUSE IN AWS [Black Hat USA 2018]

    Netflix relies on Amazon Web Services for its infrastructure and computing needs, and needs to know when a credential is potentially compromised, Will Bengtson, a senior software security engineer at Netflix, said at Black Hat USA. Netflix has hundreds of thousands of virtual server instances on AWS and utilizes AWS Security Token Service to generate credentials for AWS Identity and Access Management.
    Read More
  • Aug 13, 2018 | SDxCentral

    Cisco Execs: Cryptomining, Election Security Threats Loom Large [Black Hat USA 2018]

    Talos is Cisco’s threat research team made up of about 300 researchers globally. Williams is the group’s director of outreach. He and other Talos members set up shop at a room with a fireplace inside the Irish Pub at Mandalay Bay during last week’s Black Hat security conference.
    Read More
  • Aug 13, 2018 | TechTarget

    Lessons learned from Meltdown and Spectre disclosure process [Black Hat USA 2018]

    During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre.
    Read More
  • Aug 13, 2018 | SecurityWeek

    IBM Describes AI-powered Malware That Can Hide Inside Benign Applications [Black Hat USA 2018]

    At the Black Hat conference on Thursday, IBM presented just one way that black hats could do just that: a new class of AI-enhanced malware attack it calls DeepLocker.
    Read More
  • Aug 13, 2018 | Security Now

    Microsoft Cortana Vulnerability Can Unlock a Locked Windows PC [Black Hat USA 2018]

    During last week's Black Hat conference in Las Vegas, researchers showed how Microsoft's Cortana virtual assistant could be used to bypass the Windows lock screen. The vulnerability affects Windows 10 machines and Windows 10 Servers.
    Read More
  • Aug 13, 2018 | Nextgov

    Hackers Target Marines for Pentagon's Latest Bug Bounty [Black Hat USA 2018]

    The challenge, dubbed “Hack the Marine Corps,” began with a live-hacking event in Las Vegas, where hackers from around the world gathered last week for the Black Hat USA, DefCon and BSides Las Vegas cybersecurity conferences.
    Read More
  • Aug 13, 2018 | Business Insider

    Hackers just spent the week in Las Vegas breaking into planes, politicians' websites, printers, heart monitors and slot machines [Black Hat USA 2018]

    Perhaps the most alarming Black Hat presentation for many this week came from Ruben Santamara of IOActive. He showed how by accessing a satellite communications network, he could access phones, tablets and laptops on planes as they flew overhead.
    Read More
  • Aug 13, 2018 | ZDNet

    The future of IoT? State-sponsored attacks, say security professionals [Black Hat USA 2018]

    During Black Hat, IoT security firm Armis surveyed over 130 IT and security professionals attending the conference in Las Vegas last week.
    Read More
  • Aug 13, 2018 | Dark Reading

    Social Engineers Show Off Their Tricks [Black Hat USA 2018]

    It's not every day you hear or see social engineers in action – well, knowingly, anyway – but that's exactly what the crowd did at Black Hat and DEF CON 2018 held last week in Las Vegas.
    Read More
  • Aug 13, 2018 | TechRepublic

    How unsecured gateways put emergency first responders in real, physical danger [Black Hat USA 2018]

    Organizations must stay vigilant in keeping their wireless networks safe and secure, which is something Shattuck hopes to bring to the forefront of conversation. He spoke about his findings at the 2018 Black Hat event in Las Vegas last week.
    Read More
  • Aug 13, 2018 | Dark Reading

    Hacker Unlocks 'God Mode' and Shares the 'Key' [Black Hat USA 2018]

    When a room filled with hundreds of security professionals erupts into applause, it's notable. When that happens less than five minutes into a presentation, it's remarkable. But that's what transpired when security researcher Christopher Domas last week showed a room at Black Hat USA how to break the so-called ring-privilege model of modern CPU security.
    Read More
  • Aug 13, 2018 | Silicon Republic

    Why Fortnite’s absence from the Google Play Store is a big security headache [Black Hat USA 2018]

    Last week, security researchers presenting at Black Hat revealed a compromise that could make Macs used for enterprises vulnerable the first time they connect to Wi-Fi.
    Read More
  • Aug 13, 2018 | BleepingComputer

    Backdoor Mechanism Discovered in VIA C3 x86 Processors [Black Hat USA 2018]

    At the Black Hat 2018 and DEF CON 26 security conferences held in Las Vegas last week, a security researcher detailed a backdoor mechanism in x86-based VIA C3 processors, a CPU family produced and sold between 2001 and 2003 by Taiwan-based VIA Technologies Inc.
    Read More
  • Aug 13, 2018 | Threatpost

    Black Hat 2018: Mobile APTs Redefining Phishing Attacks [Black Hat USA 2018]

    Mike Murray, vice president of security intelligence at Lookout, talks with Threatpost’s Tom Spring to discuss the latest trends in mobile advanced persistence threats (APTs).
    Read More
  • Aug 13, 2018 | Fox News

    Black Hat hacker says he accessed 'hundreds' of aircraft already in the sky [Black Hat USA 2018]

    The Black Hat cybersecurity conference currently being held in Las Vegas brings together a variety of experts to discuss the risks, pitfalls — and locations — of flaws in computer networks.
    Read More
  • Aug 13, 2018 | Security Boulevard

    Black Hat USA 2018: A SecOps Recap [Black Hat USA 2018]

    Last week, I had the pleasure of joining thousands of security researchers, vendors, marketers, press, and bloggers converging on the desert and Mandalay Bay for my first-ever Black Hat USA conference. Attendees discussed the newest research, latest technologies, scariest threats, and biggest trends in this crazy world of cybersecurity. If you weren’t lucky enough to be part of the fun, here’s a quick recap of Black Hat USA 2018 (aka Security Summer Camp).
    Read More
  • Aug 13, 2018 | GovernmentCIO Media

    Cellphone Privacy and Remote Hacking Policies Remain Blurry Areas [Black Hat USA 2018]

    “Almost everything we do today is stored in the cloud," she said in an Aug. 8 panel at Black Hat. "And the government’s argument for years has been . . . if you have information that is in the hands of third parties, it’s not private, not protected by the Fourth Amendment."
    Read More
  • Aug 13, 2018 | ESG Blogs

    Takeaways from Black Hat USA 2018 [Black Hat USA 2018]

    There was a lot to see and discuss at Black Hat – too much to elaborate on in a short blog. Nevertheless, here are a few things that stood out to me:
    Read More
  • Aug 13, 2018 | PC Magazine

    Hackers Can Exploit Fax Machines to Compromise Entire Networks [Black Hat USA 2018]

    At Black Hat 2018, for example, a researcher revealed that he was able to connect to the satellite communications systems of ships and aircraft inflight because the device's modems were accessible over the internet.
    Read More
  • Aug 13, 2018 | eWeek

    Cyber-Security Failure Brings Societal Risks: Black Hat Researchers [Black Hat USA 2018]

    The message was clear at this year's Black Hat conference: The "culture," for lack of a better term, of security must change, or society faces living in a world of perpetual cyber-risk.
    Read More
  • Aug 13, 2018 | CSO

    Take-aways from Black Hat USA 2018 [Black Hat USA 2018]

    Black Hat USA 2018 had record crowds, revealed a growing attack surface, and proved we have lots of work ahead.
    Read More
  • Aug 13, 2018 | Yahoo Finance

    How two car hackers plan to keep GM's self-driving cars safe [Black Hat USA 2018]

    Two famed car hackers have a plan to stop people like them from compromising the vehicles of their new employer — and, as outlined in a presentation Thursday afternoon at the Black Hat USA security conference here, it involves security addition through subtraction.
    Read More
  • Aug 13, 2018 | USA Today

    Hacks of Macs, Microsoft Cortana are two more reasons why you should install updates [Black Hat USA 2018]

    Security professionals have made those points for years, but two presentations at the Black Hat USA conference here provided fresh arguments for them – and signs companies are getting snappier at fixing vulnerabilities.
    Read More
  • Aug 12, 2018 | TechCrunch

    Nobody minding the store: Security in the age of the lowest bidder [Black Hat USA 2018]

    At last week’s Black Hat conference, its creator Jeff Moss mused: “attackers have strategies, but defenders only seem to have tactics.”
    Read More
  • Aug 12, 2018 | SiliconANGLE

    While the US hangs back, China and Europe seize control of internet policy [Black Hat USA 2018]

    Several of the commissioners, appearing in a panel discussion at Black Hat USA conference in Las Vegas on Thursday, sounded realistic about the current direction to create a set of common norms in concert with major nations of the world.
    Read More
  • Aug 12, 2018 | CSO

    Hacking pacemakers, insulin pumps and patients' vital signs in real time [Black Hat USA 2018]

    Medical device insecurity was covered at the recent Black Hat and Def Con security conferences in Las Vegas. One set of researchers showed off hacks to pacemakers and insulin pumps that could potentially prove lethal, while another researcher explained how hospital patients’ vital signs could be falsified in real time.
    Read More
  • Aug 11, 2018 | The Register

    Snap code snatched, Pentagon bans bands, pacemakers cracked, etc [Black Hat USA 2018]

    Infosec bods Billy Rios and Jonathan Butts reported the flaws over a year ago to the manufacturer, and this week spoke about their experiences in dealing with the biz, and the slow rate of progress in getting things fixed, at Black Hat USA 2018
    Read More
  • Aug 11, 2018 | MIT Technology Review

    AI for cybersecurity is a hot new thing—and a dangerous gamble [Black Hat USA 2018]

    Black Hat cybersecurity conference in Las Vegas, I was struck by the number of companies boasting about how they are using machine learning and artificial intelligence to help make the world a safer place.
    Read More
  • Aug 10, 2018 | The Telegraph

    Security flaws in ZTE phones mean they can be hacked to spy on users [Black Hat USA 2018]

    It’s not yet clear if the flaws in ZTE phones have been used by hackers to steal any data. The full research into the flaws is expected to be announced at the Black Hat cybersecurity conference in Las Vegas on Friday.
    Read More
  • Aug 10, 2018 | Threatpost

    Black Hat 2018: With Healthcare Security Flaws, Safety’s Increasingly at Stake [Black Hat USA 2018]

    At Black Hat today, a group of experts specializing in both healthcare and security from UC-San Diego and UC-Davis outlined how to exploit vulnerabilities in the Health Level 7 (HL7) standard – the protocol which acts as a common language in hospitals to transmits order or lab results – to change lab results coming from blood gas machines and urinalysis machines.
    Read More
  • Aug 10, 2018 | WIRED

    Millions of Android Devices Are Vulnerable Right Out of the Box [Black Hat USA 2018]

    That’s the key finding of new analysis from mobile security firm Kryptowire, which details troubling bugs preloaded into 10 devices sold across the major US carriers. Kryptowire CEO Angelos Stavrou and director of research Ryan Johnson will present their research, funded by the Department of Homeland Security, at the Black Hat security conference Friday.
    Read More
  • Aug 10, 2018 | Threatpost

    Black Hat 2018: Voice Authentication is Broken, Researchers Say [Black Hat USA 2018]

    However, according to two researchers John Seymour and Azeem Aqil, both with Salesforce’s research team, voice authentication for account access is extremely insecure. At a Black Hat session Thursday, the two showed how easy it is to spoof someone’s voice well enough to access protected accounts
    Read More
  • Aug 10, 2018 | The Verge

    Many Android devices ship with firmware vulnerabilities, researchers find [Black Hat USA 2018]

    The security lapses could lead to everything from letting an attacker lock someone out of their device, to getting control over their microphone and more — though most of the attacks that the researchers detailed required users to download some sort of malicious app before they could take advantage of the holes present in the firmware. Their research, funded by the Department of Homeland Security, is being presented today at the Black Hat USA security conference.
    Read More
  • Aug 10, 2018 | Threatpost

    Chris Valasek and Charlie Miller: How to Secure Autonomous Vehicles [Black Hat USA 2018]

    “We know [autonomous car security] is not perfect, but for the time being, it’s something,” said Miller, speaking at Black Hat 2018. Miller and Valasek, who last year joined GM’s self-driving car unit Cruise, also released a new report on the challenges and opportunities behind autonomous driving at the conference.
    Read More
  • Aug 10, 2018 | The Register

    The off-brand 'military-grade' x86 processors, in the library, with the root-granting 'backdoor' [Black Hat USA 2018]

    This weird and wonderful piece of semiconductor history was uncovered by Christopher Domas, an adjunct instructor at Ohio State University in the US, who presented his findings on Thursday at the 2018 Black Hat USA security conference in Las Vegas.
    Read More
  • Aug 10, 2018 | NBC

    Smartphones or pen and paper? Cybersecurity experts split on tech in voting [Black Hat USA 2018]

    Election hacking was one of the main themes at Black Hat, a conference in Las Vegas this week that brought together thousands of ethical hackers to discuss cybersecurity threats and solutions.
    Read More
  • Aug 10, 2018 | TechTarget

    2018 Pwnie Awards cast light and shade on infosec winners [Black Hat USA 2018]

    The Meltdown and Spectre research teams won big at the Pwnie Awards this year at Black Hat, while the late-entry Bitfi Wallet team overwhelmingly won for Lamest Vendor Response.
    Read More
  • Aug 10, 2018 | The Register

    Spec-exec CPU bugs sweep hacking Oscars – and John McAfee’s in there like a bullet [Black Hat USA 2018]

    This week, amid Black Hat USA 2018, they won a gong for the best privilege escalation bug, and also the award for the most innovative research, although when popping up to the stage to pick up their glammed up My Little Pony-style trophies, they said they honestly didn’t think that they had done the best research of the year.
    Read More
  • Aug 10, 2018 | Computer Business Review

    Kernel Attack Fully Compromises Windows Machines [Black Hat USA 2018]

    On Thursday at the Black Hat conference in Las Vegas, researchers from cybersecurity firm Endgame demonstrated how kernel attacks can go beyond standard malware and exploits to fully compromise a Windows machine with a fileless technique.
    Read More
  • Aug 10, 2018 | ZDNet

    PayPal, Square vulnerabilities impact mobile point-of-sale machines [Black Hat USA 2018]

    On Thursday at the Black Hat conference in Las Vegas, security experts from Positive Technologies said that vulnerabilities present in mPOS machines could allow unscrupulous merchants to raid the accounts of customers or attackers to steal credit card data.
    Read More
  • Aug 10, 2018 | ComputerWeekly

    NCR patches ATM vulnerabilities [Black Hat USA 2018]

    Criminals could steal cash in this way by taking advantage of poor physical security to connect a computer to the dispenser, Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov told attendees of the Black Hat USA security conference in Las Vegas.
    Read More
  • Aug 10, 2018 | SC Magazine

    Black Hat USA 2018: SamSam has yielded $6M for creators [Black Hat USA 2018]

    Peter MacKenzie, global malware escalations manager working in Sophos Technical Support, told SC Media during the Black Hat 2018 show in Las Vegas that 74 percent of known victims are located in the U.S., with the largest random payout topping $64,000.
    Read More
  • Aug 10, 2018 | Computer Business Review

    Research Revealed at Black Hat shows Airplane’s SATCOM’s are Hackable [Black Hat USA 2018]

    New research presented at Black Hat in Las Vegas has identified serious vulnerabilities within the satellite communication systems that connect Ships and Airplanes to the internet.
    Read More
  • Aug 10, 2018 | Help Net Security

    IoT malware found hitting airplanes’ SATCOM systems [Black Hat USA 2018]

    Ruben Santamarta, principal security consultant with IOActive, presented this latest research at this year’s Black Hat conference in Las Vegas, and showed that it’s possible for remote attackers to take control of airborne SATCOM equipment on in-flight commercial aircrafts, earth stations on vessels and those used by the US military in conflict zones.
    Read More
  • Aug 10, 2018 | SiliconANGLE

    At Black Hat, hacks of voting machines, satellites, pacemakers – and more to come [Black Hat USA 2018]

    n the heat of the desert summer, when the annual cybersecurity circus known as Black Hat comes to Las Vegas, no industry or technology is safe. Flaws are found, vulnerabilities are identified, fixes are issued (or not) and life in the digital world goes perilously onward.
    Read More
  • Aug 10, 2018 | The Daily Swig

    ‘Stay humble, keep learning, and have fun’ [Black Hat USA 2018]

    This year’s awards, part of the Black Hat conference, saw some big-name vulnerabilities scoop prizes, such as Meltdown/Spectre, which was named best privilege escalation bug.
    Read More
  • Aug 10, 2018 | CNET

    Equifax has a plan to win your trust back. It’ll take three years. [Black Hat USA 2018]

    CNET sat down with Farshchi at the Black Hat cybersecurity conference in Las Vegas on Thursday to discuss his plans, and the hardest part about trying to fix Equifax.
    Read More
  • Aug 10, 2018 | SDxCentral

    Alphabet’s Chronicle Exec Talks IoT Security [Black Hat USA 2018]

    Chronicle is a security company that spun out of Alphabet’s secretive X research lab. In an interview with SDxCentral at Black Hat, Caccia said IoT amplifies many of the challenges that companies still struggle with.
    Read More
  • Aug 10, 2018 | SecurityWeek

    Researcher Finds Hundreds of Planes Exposed to Remote Attacks [Black Hat USA 2018]

    Further research into satcom systems revealed the existence of various types of vulnerabilities, including insecure protocols, backdoors, and improper configuration that could allow attackers to take control of affected devices. The expert disclosed his findings this week at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 10, 2018 | heise

    Bug Bounty: Google hacker demands millions of Apple [Black Hat USA 2018]

    Since the introduction of Apple's bug-bounty program, he has had 30 bugs that can wipe out crucial parts of the iOS security model in more detail reported the iPhone maker, as Beer explained at the hacker conference Black Hat in Las Vegas.
    Read More
  • Aug 10, 2018 | heise

    MDM gap enabled complete Mac takeover on initial installation [Black Hat USA 2018]

    Brand new Apple computers were completely hijacked at the first network contact. Security researchers at the Black Hat conference in Las Vegas showed how a vulnerability in macOS High Sierra can be abused accordingly. Apple has closed the gap meanwhile.
    Read More
  • Aug 10, 2018 | The Register

    Can we talk about the little backdoors in data center servers, please? [Black Hat USA 2018]

    "They are basically a machine inside a machine – even if the server is down, as long as it has power, the BMCs will work,” said Nico Waisman, VP of security shop Immunity, in a talk at this year's Black Hat USA hacking conference on Thursday.
    Read More
  • Aug 10, 2018 | PC Magazine

    Self-Driving Cars Are Surprisingly Secure [Black Hat USA 2018]

    At the Black Hat 2018 conference, they revealed a surprising fact: self-driving cars are tougher to hack than their less-smart counterparts, and they're getting tougher.
    Read More
  • Aug 10, 2018 | PC Magazine

    Beware of Short-Distance Crypto Data Leaks [Black Hat USA 2018]

    The device doesn't store or send ones and zeroes; it sends wavelengths modulated to represent ones and zeroes. That's not a problem normally, and our devices act exactly as if they were pristinely digital. But, as a group of students and researchers demonstrated at Black Hat, bad things can happen when these digital signals interact with other components on popular chips.
    Read More
  • Aug 10, 2018 | TechRepublic

    Despite patches, Samsung Galaxy S7 open to Meltdown exploit and millions are affected [Black Hat USA 2018]

    Samsung Galaxy S7 smartphones are left open to hacking with microchip security flaw, according to research at the Black Hat conference.
    Read More
  • Aug 10, 2018 | Infosecurity Magazine

    Risk of Fraud in Mobile Point-of-Sale Device Flaw [Black Hat USA 2018]

    At yesterday’s final day of Black Hat USA 2018, researchers from Positive Technologies demonstrated how attackers could exploit a flaw in mobile point-of-sale (mPOS) devices to charge fraudulent transactions and alter the amount charged during a transaction.
    Read More
  • Aug 10, 2018 | eSecurity Planet

    How Netflix Secures AWS Cloud Credentials [Black Hat USA 2018]

    In a session at Black Hat USA, Will Bengtson, senior software security engineer on Netflix's security tools and operations team, explained some of the steps the streaming media giant takes to identify potentially compromised or unauthorized credentials.
    Read More
  • Aug 10, 2018 | eWeek

    Positive Technologies Reveals Mobile Point of Sale Device Flaws [Black Hat USA 2018]

    Leigh-Anne Galloway, cyber-security resilience lead, and Tim Yunusov, senior banking security expert at Positive Technologies, detailed their findings on mobile POS risks in a session at Black Hat USA here on Aug. 9.
    Read More
  • Aug 10, 2018 | Infosecurity Magazine

    Satellite Flaws Raise Aviation Fears [Black Hat USA 2018]

    IOActive’s Ruben Santamarta authored the first paper, launched at Black Hat yesterday, which is a follow-up to his 2014 research on satcom vulnerabilities.
    Read More
  • Aug 10, 2018 | ITProPortal

    Macs can be hacked by new security flaw [Black Hat USA 2018]

    Researchers have discovered an exploit that allowed them to remotely hack Apple's Mac computers right out of the box which they will demonstrate during this year's Black Hat security conference in Las Vegas.
    Read More
  • Aug 10, 2018 | TechRepublic

    How some business Macs could get hacked right out of the box [Black Hat USA 2018]

    Such attacks were demonstrated Thursday during the Black Hat security conference, according to the report. The attacks target enterprise devices that use Apple's device enrollment program (DEP) and its Mobile Device Management (MDM) platform.
    Read More
  • Aug 10, 2018 | The Register

    Say what you will about self-driving cars – the security is looking 'OK' [Black Hat USA 2018]

    The duo, who work for General Motors’ robo-automaker offshoot Cruise, told this year's Black Hat USA conference on Thursday while self-driving vehicles are much less hackable than you may think, there are still serious issues that need to be shored up. Given this is an emerging and fledgling market, it's in every manufacturer's interest to get security right, to avoid one PR nightmare crashing them all.
    Read More
  • Aug 10, 2018 | PC Magazine

    Black Hat: Google Chief Says Stop Playing Security Whack-A-Mole [Black Hat USA 2018]

    The 2018 Black Hat keynote kicked off with a celebration of noise, smoke, and lasers worthy of any Hollywood production. Last year's conference drew more than 17,000 attendees. Black Hat doesn't release totals until the event is complete, but this year may be even bigger. In keeping with the size of the crowd, the keynote took place in the sports arena of the Mandalay Bay Resort.
    Read More
  • Aug 10, 2018 | Channel Futures

    Black Hat: Sharing Information, Hiring and Retaining Women Cybersecurity Engineers [Black Hat USA 2018]

    And that's a wrap for this week's massive Black Hat USA 2018 conference in Las Vegas, which focused on latest opportunities to stop cybercriminals.
    Read More
  • Aug 9, 2018 | Business Insider

    An elite Google hacker is directly challenging Apple CEO Tim Cook to donate over $2 million to charity [Black Hat USA 2018]

    Ian Beer, a Google employee, tweeted during a talk at Black Hat, a high-profile security conference in Las Vegas
    Read More
  • Aug 9, 2018 | PC Magazine

    Satellite Communications Hacks Are Real, And They're Terrifying [Black Hat USA 2018]

    Where fiber and cell phones can't reach, satellite communications (SATCOM) systems pick up the slack. At the Black Hat security conference in Las Vegas, a security researcher demonstrated that not only are SATCOM systems vulnerable to attack, the consequences could be dire.
    Read More
  • Aug 9, 2018 | Fossbytes

    Black Hat 2018: Satellite Communication Systems Hackable; Threat For Aviation Industry [Black Hat USA 2018]

    Black Hat USA 2018 which commenced on August 4 has seen some of the famous researchers putting out their research works. While all the demos were impressive, one that stood out from the rest was a research activity from Ruben Santamarta of IOActive team.
    Read More
  • Aug 9, 2018 | TechTarget

    Irregularities discovered in WinVote voting machines [Black Hat USA 2018]

    At Black Hat 2018, security researcher Carsten Schuermann unveiled the results of a forensic analysis of eight WinVote voting machines that had been used in Virginia elections.
    Read More
  • Aug 9, 2018 | TechTarget

    Netflix launches tool for monitoring AWS credentials [Black Hat USA 2018]

    At Black Hat 2018, a Netflix security engineer introduced a new open source tool designed to more effectively monitor AWS credentials in large cloud environments, like Netflix's.
    Read More
  • Aug 9, 2018 | TechTarget

    Meltdown and Spectre disclosure suffered "extraordinary miscommunication" [Black Hat USA 2018]

    Speaking at a panel on Meltdown and Spectre disclosure at Black Hat 2018 Wednesday, Matt Linton, senior security engineer and self-described "chaos specialist" at Google's incident response team, explained how his company surprisingly fell through the cracks when it came time for the chip makers to notify OS vendors about the vulnerabilities.
    Read More
  • Aug 9, 2018 | SC Magazine

    Black Hat 2018: Retaining and promoting women cybersecurity staffers [Black Hat USA 2018]

    In her session "The Science of Hiring and Retaining Female Cybersecurity Engineers" at Black Hat 2018, Holtz boiled down the results of more than 100 reports conducted worldwide on the topic of women working in engineering and cybersecurity. She found, for the most part, that women want the same thing as men: job security, a chance to be promoted and fair pay.
    Read More
  • Aug 9, 2018 | Threatpost

    Black Hat 2018: Widespread Critical Flaws Found in Smart-City Gear [Black Hat USA 2018]

    Researchers from Threatcare and IBM X-Force Red joined forces to test several smart-city devices that are widely deployed, with the specific goal of investigating “supervillain-level” attacks from afar. The research, presented at Black Hat and DEF CON 2018, delved into three categories of devices: Intelligent transportation systems, disaster management and industrial IoT.
    Read More
  • Aug 9, 2018 | PC Magazine

    Black Hat Researcher Shows Why Air Gaps Won't Protect Your Data [Black Hat USA 2018]

    For your most important secrets, it isn't enough to simply have layers of security. The better option is to simply shun the internet and keep your computer safely offline behind what's called an air gap. But even without a connection to the internet, your secrets aren't necessarily safe, as security researcher Mordechai Guri demonstrated at the Black Hat conference.
    Read More
  • Aug 9, 2018 | CNET

    Why more people don't use simple two-factor authentication [Black Hat USA 2018]

    Yet, it's still a long way from widespread adoption, researchers from Indiana University said at the Black Hat security conference on Thursday. Indiana University Professor L. Jean Camp and Sanchari Das, a doctoral student at Indiana University Bloomington, conducted a study of 500 people to find out why the simple security measure isn't popular, despite its benefits and ease.
    Read More
  • Aug 9, 2018 | BBC News

    Warning over 'panic' hacks on cities [Black Hat USA 2018]

    "While no evidence exists that such attacks have taken place, we have found vulnerable systems in major cities in the US, Europe and elsewhere.” The team plans to explain the vulnerabilities at Black Hat - a cyber-security conference - on Thursday.
    Read More
  • Aug 9, 2018 | Threatpost

    Hacking For Sport: A Journey in Reverse Engineering a Toshiba Wireless SD Card [Black Hat USA 2018]

    At a Black Hat session here on Wednesday, Valadon demonstrated how he hacked the Toshiba FlashAir SD storage card and was able to execute code on the card. The challenge, he pointed out, was that the card was a virtual black box. He had nothing to go by – from the unidentified OS running on the card, the mystery firmware and a custom unidentified Toshiba chipset.
    Read More
  • Aug 9, 2018 | Fifth Domain

    New research says ZTE phones could be hacked [Black Hat USA 2018]

    Fifth Domain reported earlier this week that research funded by the Department of Homeland Security’s Science and Technology Directorate has found a “slew” of vulnerabilities in millions of mobile devices offered by U.S. cell phone carriers. The research is expected to be formally announced during the Black Hat conference in Las Vegas Aug. 10
    Read More
  • Aug 9, 2018 | Vice Motherboard

    Google Hacker Asks Tim Cook to Donate $2.45 Million In Unpaid iPhone Bug Bounties [Black Hat USA 2018]

    On Wednesday, after a talk at the Black Hat security conference in Las Vegas, Beer tweeted a message to Apple’s CEO Tim Cook, challenging him to pay for each bug he has reported since 2016, and asking him to donate $2.45 million to to human rights group Amnesty International.
    Read More
  • Aug 9, 2018 | Fast Company

    Researchers find security flaws in “smart city” technology [Black Hat USA 2018]

    The researchers say they found a total of 17 vulnerabilities across systems used in smart-city technology from Libelium, Echelon and Battelle. Each of the vendors has released patches to fix the bugs, which the researchers are announcing at the Black Hat security conference, in Las Vegas.
    Read More
  • Aug 9, 2018 | WIRED

    A NEW PACEMAKER HACK PUTS MALWARE DIRECTLY ON THE DEVICE [Black Hat USA 2018]

    At Black Hat, Rios and Butts will demonstrate a series of vulnerabilities in how pacemaker programmers connect to Medtronic's software delivery network. The attack also capitalizes on a lack of "digital code signing"—a way of cryptographically validating the legitimacy and integrity of software—to install tainted updates that let an attacker control the programmers, and then spread to implanted pacemakers.
    Read More
  • Aug 9, 2018 | Threatpost

    Google Bug Hunter Urges Apple to Change its iOS Security Culture [Black Hat USA 2018]

    Since 2016, the Project Zero team member said he has found over 30 iOS bugs. In his Black Hat session “A Brief History of Mitigation: The Path to EL1 in iOS 11” he reviewed the “async_wake” exploit for iOS 11.1.2 he released in December along with reviewing nearly a half dozen additional bugs he suggested Apple dragged its feet to fix.
    Read More
  • Aug 9, 2018 | Politico

    Research: Smart cities are dumb on defense [Black Hat USA 2018]

    Your MC host is navigating the overflowing toilets, cooked crytopjacking router eggs and APT DARKPIGEONs of Mandalay Bay in Las Vegas, but mostly spent time Wednesday getting lost at the Black Hat conference. Here are some highlights of various chats, speakers and other news from Black Hat and the forthcoming DEF CON.
    Read More
  • Aug 9, 2018 | Fifth Domain

    New research says ZTE phones could be hacked [Black Hat USA 2018]

    Fifth Domain reported earlier this week that research funded by the Department of Homeland Security’s Science and Technology Directorate has found a “slew” of vulnerabilities in millions of mobile devices offered by U.S. cell phone carriers. The research is expected to be formally announced during the Black Hat conference in Las Vegas Aug. 10
    Read More
  • Aug 9, 2018 | Forbes

    This Guy Hacked Hundreds Of Planes From The Ground [Black Hat USA 2018]

    Throughout November and December last year, Ruben Santamarta was sat in front of his computer peeking inside the technical bowels of hundreds of aircraft flying thousands of meters above him. That included commercial aircraft operated by some of the biggest airlines in the world.
    Read More
  • Aug 9, 2018 | Cyber Security Hub

    Black Hat Day 2 Coverage Centers Around Mobile Sec, AI & ML [Black Hat USA 2018]

    Black Hat Day 2 was loaded with pertinent content, interactive sessions, outreach creativity, booth demos and more cyber excitement.
    Read More
  • Aug 9, 2018 | SC Magazine

    Black Hat USA 2018: Analysis of email address in Mueller indictments exposes 9M weaponized email accounts [Black Hat USA 2018]

    Researchers ran the 4.7 milllion-strong batch against the FCC's efforts to accept public comments regarding its net neutrality repeal effort and found more than 30,000 accounts generating comments -- many of them the exact same message, which were posted “all in one second,” indicating an enormous botnet intended to “influence policy discourse,” Minder said.
    Read More
  • Aug 9, 2018 | Las Vegas Sun

    Black Hat: Voting Machine Hack [Black Hat USA 2018]

    Carsten Schuermann, associate professor at IT University of Copenhagen, presents a session called “Lessons from Virginia - A Comparative Forensic Analysis of WINVote Voting Machines” at the Black Hat USA cyber security convention in Mandalay Bay Thursday, Aug. 9, 2018.
    Read More
  • Aug 9, 2018 | The Register

    Should I infect this PC, wonders malware. Let me ask my neural net... [Black Hat USA 2018]

    DeepLocker was developed by IBM eggheads, and is due to be presented at the Black Hat USA hacking conference in Las Vegas on Thursday. It uses a convolutional neural network to stay inert until the conditions are right to pounce.
    Read More
  • Aug 9, 2018 | The Guardian

    Hacked satellite systems could launch microwave-like attacks, expert warns [Black Hat USA 2018]

    According to research presented at the Black Hat information security conference in Las Vegas, a number of popular satellite communication systems are vulnerable to the attacks, which could also leak information and hack connected devices. The attacks, which are merely a nuisance for the aviation sector, could pose a safety risk for military and maritime users, the research claims.
    Read More
  • Aug 9, 2018 | The Guardian

    Hackable implanted medical devices could cause deaths, researchers say [Black Hat USA 2018]

    In new research presented at the Black Hat information security conference, a pair of security researchers remotely disabled an implantable insulin pump, preventing it from delivering the lifesaving medication, and then took total control of a pacemaker system, allowing them to deliver malware directly to the computers implanted in a patient’s body.
    Read More
  • Aug 9, 2018 | SDxCentral

    Microsoft- and Facebook-Led Cybersecurity Tech Accord Tackles Router Security [Black Hat USA 2018]

    In an interview at Black Hat with SDxCentral, Johnnie Konstantas, senior director of Microsoft’s Enterprise Cybersecurity group, said the Cybersecurity Tech Accord and other collaborative efforts show that Microsoft is committed to working with tech companies — as well as public-sector groups and law enforcement — to advance security for customers and the general public.
    Read More
  • Aug 9, 2018 | Fortune

    Are Trading Apps Safe? Not All of Them, Report Finds [Black Hat USA 2018]

    Ten of the 80 applications tested over a one-year period store passwords of subscribers without encryption, a flaw that could lead to funds being stolen, IOActive reported at the Black Hat cybersecurity conference Thursday in Las Vegas.
    Read More
  • Aug 9, 2018 | WIRED

    HACKING A BRAND NEW MAC REMOTELY, RIGHT OUT OF THE BOX [Black Hat USA 2018]

    That attack, which researchers will demonstrate Thursday at the Black Hat security conference in Las Vegas, targets enterprise Macs that use Apple's Device Enrollment Program and its Mobile Device Management platform.
    Read More
  • Aug 9, 2018 | The Daily Swig

    Under the hood: New tool simplifies the vulnerability replication process [Black Hat USA 2018]

    Developers seeking to reproduce issues discovered by pen testers were given a deep dive into PortSwigger's Replicator BApp yesterday at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 9, 2018 | WIRED

    BUGS IN MOBILE CREDIT CARD READERS COULD EXPOSE BUYERS [Black Hat USA 2018]

    All four manufacturers are addressing the issue, and not all models were vulnerable to all of the bugs. In the case of Square and PayPal, the vulnerabilities were found in third-party hardware made by a company called Miura. The researchers are presenting their findings Thursday at the Black Hat security conference.
    Read More
  • Aug 9, 2018 | Bloomberg

    Trading Apps Expose Investors to Cyber Criminals, Report Finds [Black Hat USA 2018]

    Ten of the 80 applications tested over a one-year period store passwords of subscribers without encryption, a flaw that could lead to funds being stolen, IOActive reported at the Black Hat cybersecurity conference Thursday in Las Vegas.
    Read More
  • Aug 9, 2018 | Ars Technica

    In-vehicle wireless devices are endangering emergency first responders [Black Hat USA 2018]

    Shattuck said he has spent the past 22 months investigating the problem and helping wireless gateway providers—which, besides Sierra Wireless, also includes Moxa and Digi—to begin fixing it. Despite the efforts, he said scans regularly show large numbers of unsecured devices continue to expose not only emergency first responders but also remote pipelines, hydrogen refueling stations, traffic monitoring systems, tolls, bridges, and airports. Now, after almost two years of keeping the problem a carefully guarded secret, he plans to discuss it in detail Thursday at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 9, 2018 | Vice Motherboard

    Zero-Day Shop Opens the Floodgates for People to Sell Exploits to Governments [Black Hat USA 2018]

    “We are now dealing with researchers who are not on the market,” Andrea Zapparoli Manzoni, the director of Crowdfense, told Motherboard in an interview at the annual Black Hat hacking conference on Thursday.
    Read More
  • Aug 9, 2018 | CNET

    Smart cities around the world were exposed to simple hacks [Black Hat USA 2018]

    Jennifer Savage, a security researcher from Threatcare, and Daniel Crowley, a research director with IBM's X-Force Red, disclosed their findings at the Black Hat cybersecurity conference in Las Vegas on Thursday.
    Read More
  • Aug 9, 2018 | eWeek

    Researchers Reveal Smart City System Flaws at Black Hat [Black Hat USA 2018]

    A pair of researchers from IBM and Threatcare have discovered 17 vulnerabilities across three different manufacturers and four different smart city products and will detail their findings at Black Hat USA here on Aug. 9.
    Read More
  • Aug 9, 2018 | ITProPortal

    Blockchain may not be the answer to security worries, Google chief says [Black Hat USA 2018]

    During the start of this year's Black Hat USA conference in Las Vegas, Director of Engineering and head of Project Zero at Google, Parisa Tabriz shared her insights from working on the search giant's bug-hunting team and the push to label non-HTTPS websites as insecure.
    Read More
  • Aug 9, 2018 | Ars Technica

    Hack causes pacemakers to deliver life-threatening shocks [Black Hat USA 2018]

    At the Black Hat security conference in Las Vegas, researchers Billy Rios and Jonathan Butts said they first alerted medical device maker Medtronic to the hacking vulnerabilities in January 2017. So far, they said, the proof-of-concept attacks they developed still work. The duo on Thursday demonstrated one hack that compromised a CareLink 2090 programmer, a device doctors use to control pacemakers after they’re implanted in patients.
    Read More
  • Aug 9, 2018 | eWeek

    Car Hackers Discuss What It Takes to Secure Autonomous Vehicles [Black Hat USA 2018]

    Three years ago at the Black Hat conference, Charlie Miller and Chris Valasek (pictured) detailed flaws in Chrysler cars that led to the recall of millions of vehicles. The pair have now changed their focus from offense to defense, detailing ways to help secure autonomous vehicles at the Black Hat USA 2018 event on Aug. 9.
    Read More
  • Aug 9, 2018 | SC Media

    Black Hat USA 2018: IBM X-Force finds 17 zero-day vulnerabilities in four smart city systems [Black Hat USA 2018]

    The study, released by IBM's X-Force Red Team today at Black Hat 2018, looked at four common devices and found 17 vulnerabilities, nine of which were considered critical in nature, said Daniel Crowley, research baron at IBM X-Force Red. These included ICS components, devices used in conjunction with connected cars, and other products that control various types of sensors.
    Read More
  • Aug 9, 2018 | ZDNet

    Smart city systems are riddled with critical security vulnerabilities [Black Hat USA 2018]

    At the Black Hat conference in Las Vegas on Monday, the cybersecurity firm's X-Force Red team of penetration testers and hackers demonstrated how old-school threats are placing the cities of the future at risk in the present day.
    Read More
  • Aug 9, 2018 | The Daily Swig

    Black Hat 2018: ‘We are now being tested. Are we as good as we say we are?’ [Black Hat USA 2018]

    And with global spending on cybersecurity products and services expected to exceed $1 trillion cumulatively between 2017 and 2021, the growth of information security as an industry is no more evident than at Black Hat, taking place this week in Las Vegas.
    Read More
  • Aug 9, 2018 | golem.de

    Long breath for IT security [Black Hat USA 2018]

    Google security expert Parisa Tabriz opens Las Vegas Black Hat conference. She wants more transparency and collaboration, and uses site isolation in Chrome to explain the challenges that sometimes need to be overcome in the event of major security enhancements.
    Read More
  • Aug 9, 2018 | Journal of Cyber Policy

    BLACK HAT 2018 KEYNOTE: COMING TOGETHER TO TACKLE ROOT CAUSES OF CYBER VULNERABILITY [Black Hat USA 2018]

    Parisa Fabriz, Director of Engineer at Google, ascended a round stage at Black Hat 2018 that had been covered until moments earlier with a projection of the moon’s surface. The whole celestially themed warm up to the speech, with copious smoke effects and spinning spotlights, seemed a tad overproduced. The moon like stage sat against a backdrop of shooting stars and floating galaxies.
    Read More
  • Aug 9, 2018 | MSSP Alert

    10 Managed Security Developments at Black Hat USA 2018 - Day 3 [Black Hat USA 2018]

    This week’s Black Hat USA 2018 conference in Las Vegas continues to generate new products and services designed for MSSPs and channel partners that are pushing deeper into managed security, managed detection and response (MDR), and more.
    Read More
  • Aug 9, 2018 | PC Magazine

    Are Hackers Happy? No, They're Probably Stressed Out [Black Hat USA 2018]

    During a panel here at Black Hat, Dr. Celeste Lyn Paul, a senior researcher with the NSA, pointed out that it was one of four conference tracks focusing on mental health; others cover addiction, PTSD, and avoiding burnout and depression.
    Read More
  • Aug 9, 2018 | PC Magazine

    Compression and VPNs Make for Leaked Secrets [Black Hat USA 2018]

    Nafeez noticed that OpenVPN, a popular VPN protocol, has compression enabled by default. This is used by several VPN companies, many of which, Nafeez said, leave compression on by default. In the research he presented at Black Hat, Nafeez didn't use a VPN provided by VPN company like TunnelBear or NordVPN$2.75 at NordVPN - Limited Deal. Instead, he used the OpenVPN code and rolled his own.
    Read More
  • Aug 9, 2018 | PC Magazine

    It Takes Just $200 to Tie Cell Networks in Knots [Black Hat USA 2018]

    Most of the attacks featured at the Black Hat conference in Las Vegas hinge on stealing money, exfiltrating data, or, in extreme cases, blowing up factories with bubbles.
    Read More
  • Aug 9, 2018 | eSecurity Planet

    How Blackberry Does Secure Release Management [Black Hat USA 2018]

    Gadsby shared her experience and some templates during a session at the Black Hat USA 2018 conference titled, "Stop that Release, There's a Vulnerability!" The session was one of ten must-see sessions we noted earlier this week.
    Read More
  • Aug 9, 2018 | eWeek

    F5 Details Cellular Gateway IoT Flaws at Black Hat [Black Hat USA 2018]

    Cellular gateways are leaking information that could be exposing critical infrastructure to risk. That's the conclusion of Justin Shattuck, principal threat researcher for F5 Labs, who talked about the issue of cellular gateway flaws for internet of things (IoT) in a session at Black Hat USA here on Aug .9.
    Read More
  • Aug 9, 2018 | Dark Reading

    Dark Reading News Desk Live at Black Hat USA 2018 [Black Hat USA 2018]

    Whether you are hitting the Mandalay Bay for the Black Hat USA 2018 conference this week or peeking at the news feeds from afar, keep your browser open here from 2 pm to 6 pm Eastern (11 - 3 Pacific) on Wednesday, Aug. 8 and Thursday Aug. 9. The Dark Reading News Desk will once again be streaming live.
    Read More
  • Aug 9, 2018 | ZDNet

    Open, Cortana: Voice assistant used to bypass locked Windows 10 machine security [Black Hat USA 2018]

    Researchers have revealed how Microsoft's Cortana could be used to bypass the security protection of Windows 10.
    Read More
  • Aug 9, 2018 | Fox 5 Las Vegas

    Tips to protect your data and privacy from hackers at Black Hat [Black Hat USA 2018]

    The annual Black Hat conference brings together some of the most tech-savvy minds from across the world.
    Read More
  • Aug 9, 2018 | eSecurity Planet

    10 Vendors Making News at Black Hat USA 2018 [Black Hat USA 2018]

    The core of the Black Hat USA conference is security research, but in recent years it has also become a chance for cybersecurity vendors to unveil new products.
    Read More
  • Aug 9, 2018 | Las Vegas Review Journal

    Black Hat experts in Las Vegas address hacking cars, medical devices [Black Hat USA 2018]

    Security experts at the Black Hat conference Thursday in Las Vegas sought to alleviate fears about the ease of hacking autonomous cars.
    Read More
  • Aug 8, 2018 | Las Vegas Review Journal

    Black Hat conference in Las Vegas addresses cryptocurreny theft [Black Hat USA 2018]

    The rise of cryptocurrencies is creating more opportunities for cyber criminals to steal, according to Cisco Systems. Crypto phishing — sending emails or creating websites that resemble a trusted crypto company — and cryptojacking — using another person’s computer to mine currencies — are two new methods that are increasingly used, Cisco representatives told a attendees Wednesday at the Black Hat conference in Las Vegas.
    Read More
  • Aug 8, 2018 | Politico

    Staying off DEF CON’s ‘Wall of Sheep’ [Black Hat USA 2018]

    AVOIDING THE WALL OF SHEEP — The meat of the Black Hat and DEF CON hacker conferences kick off today in Las Vegas, where your MC host stepped off his plane into the 106-degree heat, and we imagine some people at Mandalay Bay and Caesar’s Palace — home to the respective events — might be reading this newsletter. Nobody in the business, whether journalists, hackers or whoever, wants to end up on the dreaded DEF CON “Wall of Sheep” that memorializes insecure visitors by the hundreds or even thousands annually. Conference officials with both events have some tips.
    Read More
  • Aug 8, 2018 | Wired

    Online Stock Trading Has Serious Security Holes [Black Hat USA 2018]

    IT’S NEVER BEEN easier to trade stocks; just a few taps or clicks will do the trick. But most of the platforms that millions of market participants rely on to move their money suffer from cybersecurity shortcomings, new research warns. As if stocks weren’t risky enough already.
    Read More
  • Aug 8, 2018 | TechCrunch

    Hack the planet: vulnerabilities unearthed in satellite systems used around the globe [Black Hat USA 2018]

    So this is bad. Black Hat, the king of enterprise security conventions, kicked off today, and most noticeable amid the fusillade of security research was some impressive work from Ruben Santamarta of IOActive, whose team has unearthed worrying vulnerabilities in satellite communication systems, aka SATCOM, used by airplanes, ships and military units worldwide.
    Read More
  • Aug 8, 2018 | CNET

    This cryptocurrency-mining router got hot enough to fry an egg, so we did [Black Hat USA 2018]

    This egg is being cooked on top of a router that's overheated thanks to malware that mines for cryptocurrency. It tasted awful.
    Read More
  • Aug 8, 2018 | PC Magazine

    Can Security Software Compromise Your Privacy? [Black Hat USA 2018]

    Security tools should eliminate bad files and leave good ones alone. But some handle unknowns by sending them to the cloud for analysis, and that analysis can compromise your privacy, according to a talk at Black Hat.
    Read More
  • Aug 8, 2018 | CNBC

    Cybersecurity expert found people could hack computers using Microsoft's Cortana [Black Hat USA 2018]

    Tal Be’ery, Kzen Networks co-founder, sits down with CNBC's Josh Lipton at the Black Hat Conference in Las Vegas to discuss how he uncovered a security flaw that allows hackers to access computers by targeting Microsoft’s Cortana.
    Read More
  • Aug 8, 2018 | CNBC

    Samsung Galaxy S7 smartphones are vulnerable to hacking: Researchers [Black Hat USA 2018]

    Samsung's Galaxy S7 smartphones contain a microchip security flaw, uncovered earlier this year, that put tens of millions of devices at risk to hackers looking to spy on their users, researchers told Reuters.
    Read More
  • Aug 8, 2018 | Dark Reading

    Understanding Firewalls: Build Them Up, Tear Them Down [Black Hat USA 2018]

    A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
    Read More
  • Aug 8, 2018 | Channel Partners Online

    Black Hat: Collaboration Needed to Fight Cybercriminals [Black Hat USA 2018]

    BLACK HAT USA — More collaboration among cybersecurity providers is needed to continue making progress against ever-increasing cyber threats.
    Read More
  • Aug 8, 2018 | SecurityIntelligence

    DeepLocker: How AI Can Power a Stealthy New Breed of Malware [Black Hat USA 2018]

    Cybersecurity is an arms race, where attackers and defenders play a constantly evolving cat-and-mouse game. Every new era of computing has served attackers with new capabilities and vulnerabilities to execute their nefarious actions.
    Read More
  • Aug 8, 2018 | eWeek

    IBM Demonstrates DeepLocker AI Malware at Black Hat [Black Hat USA 2018]

    IBM researchers have developed a new proof of concept malware that can be highly targeted and very difficult to detect.
    Read More
  • Aug 8, 2018 | Reuters

    New genre of artificial intelligence programs take computer hacking to another level [Black Hat USA 2018]

    SAN FRANCISCO (Reuters) - The nightmare scenario for computer security - artificial intelligence programs that can learn how to evade even the best defenses - may already have arrived.
    Read More
  • Aug 8, 2018 | The Register

    Google Project Zero boss: Blockchain won’t solve your security woes – but partying just might [Black Hat USA 2018]

    Black Hat Parisa Tabriz, a director of engineering at Google and head of the web giant's Project Zero bug-hunting squad, today opened this year's Black Hat USA conference with a reminder that partying is key to securing software.
    Read More
  • Aug 8, 2018 | CNET

    Google doesn't want you to have to think about cybersecurity [Black Hat USA 2018]

    Your safety online shouldn't be your problem -- it should be the tech giants'.
    Read More
  • Aug 8, 2018 | eWeek

    Google Exec Says It's Time to Stop Playing Whack-a-Mole with Security [Black Hat USA 2018]

    BLACK HAT USA: Parisa Tabriz, director of engineering at Google doesn't want organizations to just focus on fixing bugs, she says they should look at root causes.
    Read More
  • Aug 8, 2018 | SC Magazine

    Google's Tabriz calls for more collaboration in Black Hat keynote [Black Hat USA 2018]

    Google's Director of Engineering Parisa Tabriz kicked off Black Hat 2018 with a wide-ranging keynote address this morning at the Mandalay Bay Events Center calling the industry's current approach to cybersecurity insufficient.
    Read More
  • Aug 8, 2018 | TechTarget

    Parisa Tabriz's Black Hat 2018 keynote challenges infosec's status quo [Black Hat USA 2018]

    In her Black Hat 2018 keynote, Google's Parisa Tabriz celebrated the unrecognized, long-term work that can cause real change in security and challenge the status quo.
    Read More
  • Aug 8, 2018 | CNET

    Voice of concern: Smart assistants are creating new openings for hackers [Black Hat USA 2018]

    Let's talk about the security of smart speakers.
    Read More
  • Aug 8, 2018 | CNET

    Samsung Galaxy 7 vulnerable to hacking due to flaw, researchers say [Black Hat USA 2018]

    Samsung phones were previously thought to be immune to Meltdown, which is said to endanger most computing devices. The team will release its findings at the Black Hat security conference in Las Vegas on Thursday.
    Read More
  • Aug 8, 2018 | 3 News Las Vegas

    Annual Black Hat Convention in Las Vegas expected to draw the largest crowd ever this year [Black Hat USA 2018]

    It's the largest conference of its kind in the United States, bringing together like-minded computer types with a singular purpose: Hackers!
    Read More
  • Aug 8, 2018 | Threatpost

    Black Hat 2018: Bridging the Gap Between Complex Security Landscapes [Black Hat USA 2018]

    At Black Hat, Google’s Parisa Tabriz discussed how to navigate the complex security environment with long-term thinking and a policy of open collaboration.
    Read More
  • Aug 8, 2018 | eWeek

    Black Hat Talk Reveals How Embedded Systems Expose Airlines to Risk [Black Hat USA 2018]

    Security firm IOActive is set to disclose multiple vulnerabilities in the embedded systems used for satellite communications and in-flight WiFi, revealing the larger challenge of supply chain risk.
    Read More
  • Aug 8, 2018 | CRN

    20 Hot Cybersecurity Products Announced At Black Hat 2018 [Black Hat USA 2018]

    Vendors are taking advantage of Black Hat 2018's bright spotlight to launch new cybersecurity products, features and platforms that will set the stage for the year to come. For the more than 300 exhibitors expected at Black Hat, the massive gathering provides a chance to explore new strategic directions and evangelize new products to an audience of more than 17,000.
    Read More
  • Aug 8, 2018 | Silicon

    IBM DeepLocker Turns AI Into Hacking Weapon [Black Hat USA 2018]

    The IBM presentation of DeepLocker at the Black Hat USA 2018 conference on Wednesday comes amid concern that cybercriminals will turn to AI to help them bypass the very best cyber defences.
    Read More
  • Aug 8, 2018 | Las Vegas Review Journal

    Cybersecurity professionals flock to Las Vegas for Black Hat [Black Hat USA 2018]

    Black Hat USA, the largest annual cybersecurity conference, is expecting a record 17,000 attendees during its six-day run at the Mandalay Bay Convention Center this week.
    Read More
  • Aug 8, 2018 | PC Magazine

    Black Hat 2018: What to Expect [Black Hat USA 2018]

    Black Hat is known for its showmanship as much as its research. Previous years have seen hacked Linux rifles, ATMs spewing $100 bills, insecure satellite phones, and high-tech "smart" cars driven off the road by researchers.
    Read More
  • Aug 8, 2018 | eSecurity Planet

    Demisto Demonstrates Tool to Validate IOC Detection at Black Hat [Black Hat USA 2018]

    Organizations typically get all manner of threat reports providing Indicators of Compromise (IOCs) warning them know they might be under cyber attack. But how can an organization know if their systems are properly identifying the IOCs? That's a question that Lior Kolnik, head of security research at security firm Demisto, wants to help organizations answer. Kolnik is set to detail his research alongside a new tool at the Black Hat USA 2018 conference on Aug. 8
    Read More
  • Aug 8, 2018 | Threatpost

    Podcast: enSilo CEO on Black Hat USA 2018 Top Trends [Black Hat USA 2018]

    As Black Hat’s keynote kicks off today, Threatpost pinpoints the most popular trends of the conference with enSilo’s CEO.
    Read More
  • Aug 8, 2018 | Infosecurity Magazine

    #BHUSA: Better Collaboration and Recognition Can Make a Safer Internet [Black Hat USA 2018]

    Delivering the keynote address at Black Hat USA in Las Vegas, Google’s director of engineering Parisa Tabriz talked about the need to collaborate, celebrate progress and recognize those doing the defensive work.
    Read More
  • Aug 8, 2018 | SDxCentral

    Google’s Project Zero Chief: Stop Playing Security Whack-A-Mole [Black Hat USA 2018]

    It’s time to stop treating security problems like a game of Whack-A-Mole, Google’s Parisa Tabriz said during the keynote today at Black Hat 2018. Oh, and blockchain isn’t the magic bullet. “Blockchain is not going to solve all our security problems,” she quipped.
    Read More
  • Aug 8, 2018 | Threatpost

    Black Hat 2018: Google’s Tabriz Talks Complex Security Landscapes [Black Hat USA 2018]

    At Black Hat, Google’s Parisa Tabriz discussed how to navigate the complex security environment with long-term thinking and a policy of open collaboration.
    Read More
  • Aug 8, 2018 | The Parallax

    Google’s ‘Security Princess’ calls for stronger collaboration [Black Hat USA 2018]

    ”The blockchain is not going to solve all our problems,” Parisa Tabriz, Google’s head of security for the Chrome browser and leader of the Project Zero security vulnerability-hunting team, told an audience of more than 6,000 to kick off the Black Hat conference here.
    Read More
  • Aug 8, 2018 | Dark Reading

    Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push [Black Hat USA 2018]

    As Black Hat founder Jeff Moss put it in his introduction, there are "maybe 20 companies in the world who are in a position to actually do something about raising the level of security and resiliency for all of us."
    Read More
  • Aug 8, 2018 | Fox 5 Las Vegas

    Airplane hacking explained at Black Hat 2018 [Black Hat USA 2018]

    lack Hat 2018 is in full swing at Mandalay Bay. The annual event began in 1997 and brings in more than 17,000 hackers and cyber security experts. Every year, the event focuses on security concerns, and this year, there's a big one, shared by Ruben Santamarta.
    Read More
  • Aug 8, 2018 | MSSP Alert

    10 Managed Security Developments at Black Hat USA 2018 - Day 2 [Black Hat USA 2018]

    New products, services and partnerships designed for MSSPs and channel partners are surfacing at this week’s Black Hat USA 2018 conference in Las Vegas. Here are Day Two conference highlights involving cloud, artificial intelligence, endpoint security, vulnerability management and more.
    Read More
  • Aug 8, 2018 | Dark Reading

    No, The Mafia Doesn't Own Cybercrime: Study [Black Hat USA 2018]

    Lusthaus found an interesting paradox: While many of the people he interviewed believed organized crime plays a major role in cybercrime, few were able to provide examples. "Many participants in this study believed that organized crime involvement in cybercrime was substantial. But when pressed, this appeared to be a theoretical rather than an empirical view," he wrote in a white paper he released in conjunction with his Black Hat presentation.
    Read More
  • Aug 8, 2018 | The Wall Street Journal

    Cybersecurity Burnout Can Trigger Frustration, Stress and Depression [Black Hat USA 2018]

    Mental health is in the spotlight at Black Hat this year, with several panels advising organizations on ways to combat depression, burnout, suicide and post-traumatic stress in the cybersecurity community.
    Read More
  • Aug 8, 2018 | The Wall Street Journal

    Reporter’s Notebook: Black Hat Summer Camp for Hackers [Black Hat USA 2018]

    About 17,000 researchers, academics and cybersecurity professionals from the public and private sectors have descended on Las Vegas this week for what some refer to as summer camp for hackers.
    Read More
  • Aug 8, 2018 | The Wall Street Journal

    Google’s Director of Engineering on How to Build a Cyber Defense Strategy [Black Hat USA 2018]

    In cybersecurity, the bad guys have the upper hand, according to Parisa Tabriz, director of engineering at Alphabet Inc.’s Google.
    Read More
  • Aug 7, 2018 | The Parallax

    App nutrition labels? Hackers disagree on software bill of materials [Black Hat USA 2018]

    LAS VEGAS—Imagine if software came with a complete list of ingredients. And instead of revealing whether an app contains a digital equivalent of gluten or peanuts, this list would indicate whether it’s vulnerable to hackers. Call it a software bill of materials.
    Read More
  • Aug 7, 2018 | CNET

    Phones at all major US carriers filled with vulnerabilities, say researchers [Black Hat USA 2018]

    Researchers funded by the Department of Homeland Security discovered security vulnerabilities in mobile devices used by Verizon, AT&T, T-Mobile, Sprint and more, DHS program manager Vincent Sritapan told Fifth Domain at the Black Hat security conference in Las Vegas on Tuesday.
    Read More
  • Aug 7, 2018 | VentureBeat

    RiskSense raises $12 million to prioritize security risks — like safeguarding midterm elections [Black Hat USA 2018]

    RiskSense will use the money to accelerate growth through sales, marketing, and research and development investments. It is also one of many security companies exhibiting at the Black Hat corporate security conference in Las Vegas this week.
    Read More
  • Aug 7, 2018 | Fifth Domain

    Hackers targeted a fake power grid. Is the real one next? [Black Hat USA 2018]

    The experiment “showed a whole new tier of threat actor that operates against these highly sensitive systems,” Ross Rustici, Cybereason’s senior director of intelligence, told Fifth Domain during the Black Hat conference in Las Vegas. “When you talk about the industrial control system, you don’t think of the criminal network. It’s almost always the nation-state actors.”
    Read More
  • Aug 7, 2018 | KSNV

    Annual Black Hat Convention in Las Vegas expected to draw the largest crowd ever this year [Black Hat USA 2018]

    It's the largest conference of its kind in the United States, bringing together like-minded computer types with a singular purpose: Hackers! The Black Hat Convention in Las Vegas aims to teach people how to stop them.
    Read More
  • Aug 7, 2018 | eWeek

    IOActive to Detail Stock Trading App Vulnerabilities at Black Hat [Black Hat USA 2018]

    Alejandro Hernandez, senior consultant at IOActive, will detail multiple vulnerabilities found in the desktop and mobile stock trading applications of major financial institutions at Black Hat USA in Las Vegas on Aug. 8.
    Read More
  • Aug 7, 2018 | CRN

    Black Hat USA 2018: Mimecast Describes New Channel Ecosystem [Black Hat USA 2018]

    The initiative will be on display at the Black Hat USA 2018 conference this week, where the vendor will be highlighting several recent announcements, like the recent acquisition of Ataata.
    Read More
  • Aug 7, 2018 | CRN

    10 Cool Network And Endpoint Security Products Unveiled At Black Hat USA 2018 [Black Hat USA 2018]

    Vendors attending Black Hat USA 2018 have continued to keep network and endpoint security front and center, debuting offerings that protect against signatureless malware while infusing stronger threat intelligence and vulnerability assessments into the ecosystem.
    Read More
  • Aug 7, 2018 | CoinDesk

    Researchers Discover Huge Crypto Scam Botnet on Twitter [Black Hat USA 2018]

    The Duo team described how the botnet works in a paper to be presented at the 2018 Black Hat cybersecurity event on Wednesday.
    Read More
  • Aug 7, 2018 | ZDNet

    IBM, Fortinet team on cyber threat data sharing [Black Hat USA 2018]

    IBM and Fortinet have expanded their strategic relationship by agreeing to share threat information in an effort to help customers respond to emerging threats more quickly. The agreement, detailed during the Black Hat cybersecurity conference taking place in Las Vegas, runs primarily through IBM's X-Force research team and Fortinet's FortiGuard Labs.
    Read More
  • Aug 7, 2018 | ITPro

    Duo unravels massive three-tiered ‘crypto-giveaway’ botnet [Black Hat USA 2018]

    Duo's principal R&D engineer Jordan Wright and data scientist Olabode Anise published their findings in a report titled 'Dont @ Me: Hunting Twitter Bots at Scale', ahead of a presentation at the 2018 Black Hat cybersecurity conference in Las Vegas tomorrow.
    Read More
  • Aug 7, 2018 | Futurism

    Researchers Inadvertently Discover Crypto Scam Involving 15,000 Twitter Bots [Black Hat USA 2018]

    While conducting a study to figure out the best way to identify Twitter bots — accounts controlled by software, not humans — researchers from security software companyDuo Security came across a network of at least 15,000 bots working together to perpetuate a cryptocurrency scam. The researchers plan to present their study on Wednesday at Black Hat, an information security conference in Las Vegas, NV.
    Read More
  • Aug 7, 2018 | Threatpost

    Podcast: Black Hat USA 2018 Preview [Black Hat USA 2018]

    Threatpost editors Tom Spring, Lindsey O’Donnell and Tara Seals break down the biggest trends to watch out for at Black Hat USA and DEF CON 2018, which both kick off this week in Las Vegas. There is much to watch out for, including a keynote from Google’s Director of Engineering Parisa Tabriz, as well as announcements about new vulnerabilities and interesting sessions.
    Read More
  • Aug 7, 2018 | InCyberDefense

    Black Hat USA 2018 Conference Focuses on Cyber Threats and Unique Solutions [Black Hat USA 2018]

    The Black Hat USA 2018 Conference is the world’s leading information security event, now taking place through August 9 in Las Vegas. Attendees are learning about the latest in cyber research, development and trends.
    Read More
  • Aug 7, 2018 | Politico

    Mental health, overhyped bugs on Black Hat and DEF CON agendas [Black Hat USA 2018]

    Black Hat and DEF CON are making the mental health of cybersecurity pros a priority this week at their conferences. Black Hat has a whole speaker track devoted to the topic, including one that addresses a subject that stirred controversy this year — post-traumatic stress disorder within the cybersecurity community.
    Read More
  • Aug 7, 2018 | Fifth Domain

    Don’t get pwned at Black Hat [Black Hat USA 2018]

    Every August, the hacker community gathers in Las Vegas for one of the industry’s most well-known conferences, Black Hat. Black Hat has become something of a spectacle both inside and outside of the talks, with dramatic presentations and vendor marketing teams all vying for the flashiest parties, promotions, and giveaways. It’s fitting that it takes place in Vegas.
    Read More
  • Aug 7, 2018 | Fifth Domain

    Twitter botnets are becoming more sophisticated [Black Hat USA 2018]

    A wave of Twitter accounts are spoofing celebrity profiles, engaging in fraud and using verified profiles that have been hacked, according to new research from Duo Security, a protection company based out of Michigan. Researchers from there will present their research at the Black Hat conference this week in Las Vegas.
    Read More
  • Aug 7, 2018 | Inside Cybersecurity

    Security firm: Possible regulatory impact of GDPR is front-of-mind concern for cyber clients [Black Hat USA 2018]

    Black Hat 2018 opened Saturday with training sessions, and features a closed-press “CISO Summit” today before moving into a full schedule of briefings on Wednesday and Thursday, beginning with a keynote from Google director of engineering Parisa Tabriz, who will discuss vulnerability disclosure and other issues. Inside Cybersecurity will provide full coverage of the Black Hat conference in addition to exclusive interviews with representatives from a variety of cybersecurity firms.
    Read More
  • Aug 6, 2018 | eWeek

    DFLabs to Release Free Live Forensics Tool at Black Hat [Black Hat USA 2018]

    To solve this challenge, Moran, who now works as a senior product manager at DFLabs, wrote his own tool called No-Script Automation Tool (NAT), which he will demonstrate on Aug. 8 at the Black Hat USA conference in Las Vegas.
    Read More
  • Aug 6, 2018 | eSecurity Planet

    Top 10 Talks to See at Black Hat USA 2018 [Black Hat USA 2018]

    The Black Hat USA security conference has an allure unlike no other cybersecurity event. Over the years, some of the most infamous and audacious security attacks and research have been announced at Black Hat, and the 2018 event looks like it will once again live up to the hype.
    Read More
  • Aug 6, 2018 | MSSP Alert

    Live Blog: Black Hat USA 2018 Day 1 [Black Hat USA 2018]

    Thousands of cybersecurity professionals, vendors and partners are attending this week’s Black Hat USA 2018 conference in Las Vegas. MSSP Alert is blogging live — each day — from the conference. Here’s our update for Monday, August 6, 2018.
    Read More
  • Aug 6, 2018 | CRN

    10 Top Cybersecurity Trends To Watch For At Black Hat 2018 [Black Hat USA 2018]

    The annual Black Hat conference has grown over the past two-plus decades into a premier stage for security researchers to demonstrate the latest hacks on devices, systems and critical infrastructure.
    Read More
  • Aug 6, 2018 | Politico

    Bracing for Black Hat, DEF CON [Black Hat USA 2018]

    It’s that special time of year when tens of thousands of hackers of all shades descend on Las Vegas for some dry heat and security talks at the back-to-back Black Hat and DEF CON conferences. While the more pro-oriented Black Hat officially kicked off this weekend, the meat of its briefings begin midweek, after which the more loose DEF CON takes over going into next weekend.
    Read More
  • Aug 6, 2018 | The Register

    IBM, ATMs – WTF? Big Blue to probe cash machines, IoT, vehicles, etc in new security labs [Black Hat USA 2018]

    t has been eight years since the late, great hacker Barnaby Jack took to the stage at the Black Hat USA conference in Las Vegas, and showed attendees how in just a few steps an ATM can be tricked into spewing dollar bills onto the floor for free...
    Read More
  • Aug 6, 2018 | ZDNet

    ATM hacking becomes a priority in IBM cybersecurity facilities [Black Hat USA 2018]

    At the Black Hat conference in Las Vegas on Monday, IBM said the facilities will be based in Austin, TX; Hursley, England; Melbourne, Australia; and Atlanta, GA, and include a dedicated ATM testing practice "in response to increased demand for securing financial transaction systems."
    Read More
  • Aug 6, 2018 | The Register

    BlackBerry claims it can do to ransomware what Apple did to its phones [Black Hat USA 2018]

    The Canadian biz's days as the smartphone king long gone, with Apple making quick work of its hardware. And although it still licenses its name to a few handsets, BlackBerry now focuses on software. It is using this year's Black Hat USA security show, held this week in Las Vegas, to unveil what it claims is a fast response to ransomware infections.
    Read More
  • Aug 6, 2018 | PC Magazine

    Blackberry Can Now Reverse Ransomware Attacks [Black Hat USA 2018]

    At Black Hat USA 2018 being held in Las Vegas this week, Blackberry unveiled a new ransomware recovery capability for Blackberry Workspaces Collaborate and Secure Plus editions at no extra cost. Once enabled, it allows an administrator to freeze accounts once a ransomware infection is detected.
    Read More
  • Aug 6, 2018 | Help Net Security

    Researchers open source tools to identify Twitter bots at scale [Black Hat USA 2018]

    Wright and Anise will present their research on Wednesday at the 2018 Black Hat USA security conference in Las Vegas. Following the presentation, they will make their research tools available on Github to enable other researchers to identify automated Twitter accounts at scale.
    Read More
  • Aug 6, 2018 | TechRepublic

    New BlackBerry Workspaces platform could help businesses quickly recover from ransomware [Black Hat USA 2018]

    BlackBerry Limited announced its updated BlackBerry Workspaces content collaboration platform on Monday at the annual Black Hat USA security conference in Las Vegas.
    Read More
  • Aug 5, 2018 | Fifth Domain

    How to not get hacked at Black Hat [Black Hat USA 2018]

    Few environments provide a more target-rich environment for cyber criminals than the estimated 17,000 information security experts gathered in Las Vegas this week for the annual Black Hat security conference.
    Read More
  • Aug 5, 2018 | Fifth Domain

    3 storylines to watch during Black Hat 2018 [Black Hat USA 2018]

    More than 17,000 security experts, hackers and analysts are expected to attend Black Hat USA for a combination of trainings and briefings by experts. Now in its 21st year, the conference is one of the largest information security events in the world and includes more than 300 speakers or trainers, 120 briefings and more than 80 trainings.
    Read More
  • Aug 5, 2018 | Fifth Domain

    3 storylines to watch during Black Hat 2018 [Black Hat USA 2018]

    The cybersecurity community is descending on Las Vegas this week for a series of conferences just as digital warfare has been thrust into the national spotlight. More than 17,000 security experts, hackers and analysts are expected to attend Black Hat USA for a combination of trainings and briefings by experts. Now in its 21st year, the conference is one of the largest information security events in the world and includes more than 300 speakers or trainers, 120 briefings and more than 80 trainings.
    Read More
  • Aug 5, 2018 | Fifth Domain

    How to not get hacked at Black Hat [Black Hat USA 2018]

    Few environments provide a more target-rich environment for cyber criminals than the estimated 17,000 information security experts gathered in Las Vegas this week for the annual Black Hat security conference.
    Read More
  • Aug 4, 2018 | Las Vegas Review Journal

    Black Hat, with big names and crowds, infiltrates Las Vegas [Black Hat USA 2018]

    More than 17,000 cybersecurity professionals from government, academia and the private sector are expected to turn out for the six-day show to attend some of the 80 training sessions and 120 briefings on offer. The show has nearly doubled in size since 2014.
    Read More
  • Aug 4, 2018 | Yahoo Finance

    3 trends hackers at Black Hat and DEFCON are watching [Black Hat USA 2018]

    One of the best ways to gain insights into these evolving tactics is to follow the hacking announcements that come out each year at the Black Hat and DEF CON security conferences. These twin hacker cons, which take place in August this year, are a bellwether of sorts for the information security field. They cover a vast range of new hacking research and tend to be a good predictor of the new trends emerging in the hacker and cybercrime communities.
    Read More
  • Aug 4, 2018 | The Register

    Security world to hit Las Vegas for a week of hacking, cracking, fun [Black Hat USA 2018]

    Fast forward to 2018, and that get-together has grown into events that will see an estimated 30,000 people converge on Las Vegas for the biggest security shindig in the world – the combination of Black Hat USA, DEF CON and BSidesLV.
    Read More
  • Aug 4, 2018 | The Register

    Security world to hit Las Vegas for a week of hacking, cracking, fun [Black Hat USA 2018]

    While that first gathering morphed into the DEF CON hacking conference, the biggest event is Black Hat USA, which begins on Saturday, and runs through until Thursday, August 9. This is the flashy corporate brother of DEF CON, and features four days of security training, a one-day invite-only CISO summit day (from which press are strictly barred) and two days of briefings featuring everything from government agents to hardcore hackers talking about the tricks of the trade.
    Read More
  • Aug 4, 2018 | Las Vegas Review Journal

    Black Hat, with big names and crowds, infiltrates Las Vegas [Black Hat USA 2018]

    Black Hat USA, the largest annual cybersecurity conference, is expecting record attendance in Las Vegas this week as high-profile breaches and election meddling fears dominate headlines.
    Read More
  • Aug 3, 2018 | Information Age

    Cyber security vulnerabilities: What's causing them and what can be done? [Black Hat USA 2018]

    According to a recent study, based on the results of attendees at Black Hat USA 2018, infosec professionals cited cyber security staff shortages as a prominent challenge that occurs when dealing with potential cyber threats.
    Read More
  • Aug 3, 2018 | Security Boulevard

    Four Cool Tools Expected Out of Black Hat [Black Hat USA 2018]

    In just about a week the hacking community will converge on Las Vegas to drop their biggest discoveries of the year at the podiums of Black Hat USA. This annual confab always offers up a range of great new ideas for defenders, red teamers and security researchers—as well as a boatload of new tools. This year’s show should be no different.
    Read More
  • Aug 2, 2018 | The Daily Swig

    Black Hat 2018: A survival guide [Black Hat USA 2018]

    The next year I returned to attend the Black Hat conference. I had been indoctrinated in the chaos of the Alexis Park Hotel and I decided to try my hand at this more stoic iteration of a security conference. Now, decades later I can share some of the key lessons I’ve learned from regularly attending Def Con, Black Hat, and BSides Las Vegas.
    Read More
  • Aug 2, 2018 | TechTarget

    Black Hat 2018 survey: Cybersecurity staffing, budgets still lacking [Black Hat USA 2018]

    Attendees for next week's 2018 Black Hat USA conference said they are still facing significant challenges when it comes to cybersecurity staffing and budgets. According to the 2018 Black Hat USA Attendee Survey, which was conducted in May with 315 infosec professionals, a majority of respondents said they don't have "the staffing or budget to defend adequately against current and emerging threats."
    Read More
  • Aug 2, 2018 | CSO

    Anticipating Black Hat USA 2018 [Black Hat USA 2018]

    Looking forward to learning more about new developments in artificial intelligence, cloud security, enterprise risk management, and lots of other topics
    Read More
  • Aug 1, 2018 | Dark Reading

    Google Researcher Unpacks Rare Android Malware Obfuscation Library [Black Hat USA 2018]

    Stone, who will present her findings next week at Black Hat USA in Las Vegas, describes the defense architecture as a "wedding cake" because there are many layers to the defense. The first is aimed at thwarting human analysts, the second at humans using automated systems, and the third autonomous systems running alone.
    Read More
  • Aug 1, 2018 | Help Net Security

    Three security trends to watch for at Black Hat USA 2018 [Black Hat USA 2018]

    Black Hat USA, an annual cybersecurity conference taking place in August, is a great opportunity for practitioners to get a glimpse into both emerging attack vectors and the latest technologies designed to protect against these attacks.
    Read More
  • Jul 31, 2018 | ITProPortal

    Cofense looks to wipe out phishing attacks with new SOAR platform [Black Hat USA 2018]

    Cofense will be demonstrating its new Phishing SOAR platform during the Black Hat 2018 conference in Las Vegas.
    Read More
  • Jul 31, 2018 | Dark Reading

    10 More Women in Security You May Not Know But Should [Black Hat USA 2018]

    Tomasello is an advocate of employee wellness and inclusion, and will be presenting a session at this year's Black Hat USA, entitled "Holding on for Tonight: Addiction in Infosec."
    Read More
  • Jul 31, 2018 | BetaNews

    Managed detection and response supports internal security teams [Black Hat USA 2018]

    These data-driven insights, combined with machine learning and automation help provide a seamless incident response workflow, ensuring quick and accurate detection and response that removes false positives and produces only actionable intelligence. You can find out more on the Fidelis website or on the company's stand at next week's Black Hat USA conference.
    Read More
  • Jul 31, 2018 | CRN

    HP Announces First-Ever Bug Bounty Program For Printer Security [Black Hat USA 2018]

    HP's print bug bounty program has been running since May, and researchers have uncovered several bugs since it began, Albright said. The program is being disclosed now just ahead of the Black Hat USA 2018 conference, which takes place Aug. 4-9 in Las Vegas.
    Read More
  • Jul 31, 2018 | CSO

    $10,000 for hacking HP printers: First bug bounty program for printer security [Black Hat USA 2018]

    Announcing the first-ever printer bug bounty program is not quite the same thing as launching it; according to CNet, HP quietly launched the bug bounty program in May. The program is being disclosed before the upcoming Black Hat USA 2018 conference which takes place August 4 - 9 in Las Vegas.
    Read More
  • Jul 31, 2018 | Naked Security

    Leaky radio devices broadcast chipset data, discover researchers [Black Hat USA 2018]

    The researchers will also be sharing their findings at the Black Hat conference in Las Vegas next week. In the meantime, they have called upon microelectronics manufacturers to implement better protections against this kind of attack
    Read More
  • Jul 30, 2018 | Hackaday

    SIDE CHANNEL ATTACKS AGAINST MIXED SIGNAL MICROCONTROLLERS [Black Hat USA 2018]

    You shouldn’t transmit encryption keys over Bluetooth, but that’s exactly what some popular wireless-enabled microcontrollers are already doing. This is the idea behind Screaming Channels, an exploit published by researchers at EUERCOM, and will be a talk at Black Hat next week.
    Read More
  • Jul 30, 2018 | Straight Talk

    The Black Hat Barometer [Black Hat USA 2018]

    Discover everything about the origin, the quintessential parameters of growth, and the changes brought about by the Black Hat in the arena of cybersecurity, exclusively on Straight Talk.
    Read More
  • Jul 27, 2018 | The Register

    Boffins: Mixed-signal silicon can SCREAM your secrets to all [Black Hat USA 2018]

    The paper will be presented at BlackHat in August, and at the ACM's Conference on Computer and Communications Security in October.
    Read More
  • Jul 27, 2018 | Dark Reading

    Automating Kernel Exploitation for Better Flaw Remediation [Black Hat USA 2018]

    Black Hat researchers plan on open sourcing a new framework they say can help organizations get a better rein on vulnerability fixes for kernel bugs.
    Read More
  • Jul 25, 2018 | Dark Reading

    The ABCs of Hacking a Voting Machine [Black Hat USA 2018]

    A hacker who successfully infiltrated a voting machine at last year's DEF CON will demonstrate at Black Hat USA how he did it, as well as what he later found stored on other decommissioned WinVote machines.
    Read More
  • Jul 24, 2018 | PC Magazine

    How to Get Infected With Malware [Black Hat USA 2018]

    Originally demonstrated at Black Hat, now marketed as a tool for testing, the USB Killer uses your computer's own USB power to charge up its capacitors, then zap the PC with 200 volts.
    Read More
  • Jul 23, 2018 | Security Boulevard

    Virtualization Flaw Uptick: It’s ‘Just Getting Underway’ [Black Hat USA 2018]

    And the increased interest among security researchers in virtualization flaws is reflected in programming expected to be highlighted at Black Hat USA next week. For example, one pair of researchers at the show is planning on disclosing a vulnerability on the kernel virtual machine (KVM) on ARM systems that can be exploited to install a hypervisor rootkit affected systems.
    Read More
  • Jul 23, 2018 | Dark Reading

    Software is Achilles Heel of Hardware Cryptocurrency Wallets [Black Hat USA 2018]

    Upcoming Black Hat talk will detail software vulnerabilities that can put private cryptocurrency wallets and currency exchange services at risk.
    Read More
  • Jul 19, 2018 | TechTarget

    Risk & Repeat: Closing the gender gap at cybersecurity conferences [Black Hat USA 2018]

    And while cybersecurity conferences such as Black Hat 2018 will prominently feature women infosec professionals as keynote speakers, there is still a significant gender gap at cybersecurity conferences.
    Read More
  • Jul 16, 2018 | Inquirer.net

    White hat hacker’ aims to protect world, encourage women [Black Hat Asia 2018]

    Nakajima also serves as a peer reviewer of reports for Black Hat, a series of international conferences that hackers from all over the world participate in.
    Read More
  • Jul 15, 2018 | CSO

    Concerned about smart TVs invading privacy, lawmakers ask FTC to investigate [Black Hat USA 2018]

    Smart TVs were called the perfect target for spying on users back in 2013 – the same year as a Black Hat presentation about hacking Samsung Smart TVs. It was not just exploits that allowed for spying as a scandal erupted about LG Smart TV spying in 2013.
    Read More
  • Jul 13, 2018 | BleepingComputer

    The Types of Hackers & Why They Hack [Black Hat USA 2018]

    A black hat may engage in illegal activities for a living, while also being involved in hacktivism, essentially as a hobby. And, some black hat hackers move on to the ethical hacking arena as can be seen at computer security conventions such as Black Hat and DEF CON.
    Read More
  • Jul 13, 2018 | Dark Reading

    8 Big Processor Vulnerabilities in 2018 [Black Hat USA 2018]

    Here's what we've had to contend with this year on the CPU vulnerability front — and what we can expect in a couple of weeks when new research hits the stage at Black Hat.
    Read More
  • Jul 12, 2018 | Politico

    Voting machine vendors under pressure [Black Hat USA 2018]

    he Black Hat conference has finalized its agenda for the 2018 event running Aug. 4 through 10, organizers announced Wednesday. One of the highlights: a presentation on how researchers hacked an airplane, in-flight, from the ground.
    Read More
  • Jul 11, 2018 | ITSP Magazine

    Are Security Researchers Worried About Privacy? This And More With Black Hat Events GM, Steve Wylie [Black Hat USA 2018]

    This podcast episode is part of our Las Vegas cybersecurity event coverage called “Chats on the Road to Las Vegas”, which, of course, is centered around the extremely popular cybersecurity research and training event, Black Hat.
    Read More
  • Jul 10, 2018 | Politico

    DEF CON Voting Village grows this year [Black Hat USA 2018]

    Black Hat and DEF CON are just around the corner, and one of the biggest headlines from last year’s conferences was the Voting Village where hackers broke into voting machines en masse.
    Read More
  • Jul 6, 2018 | Dark Reading

    Trading Platforms Riddled With Severe Flaws [Black Hat USA 2018]

    Next month at Black Hat USA, a researcher from IOActive will detail some stark examples of this during a presentation that will show the depths of flaws found present in stock-trading platforms used by millions of traders around the globe.
    Read More
  • Jul 3, 2018 | eWeek

    Five Ways Digital Assistants Pose Security Threats in Home, Office [Black Hat USA 2018]

    At the Black Hat conference later this month, for example, four researchers will show how Cortana can be used to bypass the security on locked Windows PCs and other devices.
    Read More
  • Jul 2, 2018 | Dark Reading

    6 Drivers of Mental and Emotional Stress in Infosec [Black Hat USA 2018]

    Every year, thousands of cybersecurity pros descend on Las Vegas for Black Hat USA, where they learn the latest in security research, hone new skills, and connect with the infosec industry
    Read More
  • Jul 2, 2018 | Help Net Security

    Are privacy and personal identity impossible to protect? [Black Hat USA 2018]

    These findings are outlined in Black Hat USA’s new research report entitled, Where Cybersecurity Stands. The report, compiled from the fourth installment of Black Hat’s Attendee Survey, includes critical industry intel directly from more than 300 top information security professionals.
    Read More
  • Jun 29, 2018 | Dark Reading

    Natural Language Processing Fights Social Engineers [Black Hat USA 2018]

    The duo will present their approach to detecting social engineering attacks, and release the tool so attendees can test it, at Black Hat 2018 in a panel entitled "Catch me, Yes we can! Pwning Social Engineers Using Natural Language Processing Techniques in Real-Time."
    Read More
  • Jun 29, 2018 | Fifth Domain

    Experts agree that a critical infrastructure attack is imminent [Black Hat USA 2018]

    A report from Black Hat released June 26 said that 69 percent of respondents believe that an attack on American critical infrastructure is coming in the next two years. Only 15 percent of respondents said they believe that the county will be able to respond. The suspected culprits of such an attack were hardly surprising: China and Russia.
    Read More
  • Jun 28, 2018 | SDxCentral

    Jask Raises $25M Series B Funding for Autonomous Security Platform [Black Hat USA 2017]

    Jask, which debuted its autonomous security platform at last year’s Black Hat USA conference, today said it raised $25 million in Series B funding. This brings its total to $39 million.
    Read More
  • Jun 27, 2018 | TechTarget

    TLBleed attack can extract signing keys, but exploit is difficult [Black Hat USA 2018]

    The researchers plan to release the full paper this week. And, in August, Gras will present on the topic at Black Hat 2018 in Las Vegas.
    Read More
  • Jun 27, 2018 | ExtremeTech

    New Details Leak on Security Flaw That Led OpenBSD to Disable Hyper-Threading [Black Hat USA 2018]

    Last week, the head of OpenBSD development, Theo de Raadt, told the press that the OS project he leads would no longer enable Hyper-Threading on Intel processors because of security issues. A full paper is due to be released in August at the Black Hat security conference.
    Read More
  • Jun 27, 2018 | Credit Union Times

    Are Black Hat Professionals Raising White Flag on Privacy Protection? [Black Hat USA 2018]

    These findings outlined in San Francisco-based Black Hat USA’s new research report, Where Cybersecurity Stands, compiled from Black Hat’s Attendee Survey in May 2018, from more than 300 information security professionals.
    Read More
  • Jun 26, 2018 | ZDNet

    TLBleed is latest Intel CPU flaw to surface: But don't expect it to be fixed [Black Hat USA 2018]

    The flaw, which will be presented at the Black Hat USA 2018 conference, is why OpenBSD recently decided to disable hyperthreading on Intel CPUs.
    Read More
  • Jun 26, 2018 | Infosecurity Magazine

    Survey Finds Privacy Protection a Lost Cause [Black Hat USA 2018]

    Black Hat today released a new report, Where Cybersecurity Stands, based on a survey of Black Hat USA attendees. The survey looked, in part, at whether privacy protection is a lost cause and posed questions to more than 300 top information security professionals about privacy, election hacking, the US federal government’s ability to handle cyber-threats, nation-state attacks, the cryptocurrency hype and the perceived risks to the nation’s critical infrastructure.
    Read More
  • Jun 26, 2018 | Nextgov

    Cyber Researchers Don’t Think Feds or Congress Can Protect Against Cyberattacks [Black Hat USA 2018]

    Only 13 percent of researchers “believe that Congress and the White House understand cyber threats and will take steps for future defenses,” according to the poll of attendees at the Black Hat cybersecurity conference.
    Read More
  • Jun 26, 2018 | PYMNTS

    Black Hat: Cybersecurity Is More Than A Tech Problem [Black Hat USA 2018]

    Black Hat has conducted this survey annually since 2015, with the most recent survey being conducted in May of 2018. Three hundred and fifteen cybersecurity professionals were interviewed, including chief information officers, chief technology officers and researchers in sectors such as financial services, government and healthcare.
    Read More
  • Jun 26, 2018 | Dark Reading

    Black Hat Survey: Enterprise Tech, US Government Unprepared for Cyberattacks [Black Hat USA 2018]

    The 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure.
    Read More
  • Jun 26, 2018 | Fast Company

    Cybersecurity pros are limiting their personal use of Facebook, survey says [Black Hat USA 2018]

    About 65% of surveyed current and former attendees at the annual Black Hat USA security conference say they’re limiting their use of Facebook or not using it at all after the recent controversies over the company’s security practices, Black Hat reports.
    Read More
  • Jun 26, 2018 | TechRepublic

    Privacy, identity 'impossible to protect' say 74% of security pros [Black Hat USA 2018]

    New precautions and regulations like GDPR may not be able to help protect online identities, according to a Black Hat survey.
    Read More
  • Jun 26, 2018 | The Daily Swig

    Black Hat: People are still the weakest link in the security chain [Black Hat USA 2018]

    The Black Hat USA 2018 Attendee Survey, released today, found that 38% of infosec pros perceive the biggest weakness to be “end users who violate security policy and are too easily fooled by social engineering attacks”.
    Read More
  • Jun 26, 2018 | TechSpot

    Researchers warn of new Hyper-Threading-based Intel CPU vulnerability [Black Hat USA 2018]

    Project leader Theo de Raadt is set to present a research paper at the Black Hat conference this August that will reveal why they made the change.
    Read More
  • Jun 25, 2018 | Ars Technica

    Hyperthreading under scrutiny with new TLBleed crypto key leak [Black Hat USA 2018]

    Last week, developers on OpenBSD—the open-source operating system that prioritizes security—disabled hyperthreading on Intel processors. Project leader Theo de Raadt said that a research paper due to be presented at Black Hat in August prompted the change, but he would not elaborate further.
    Read More
  • Jun 25, 2018 | TechRepublic

    Why Intel won't patch TLBleed vulnerability, despite serious concerns for cloud users [Black Hat USA 2018]

    While the whitepaper describing the finer technical details of TLBleed is set to be released next week—Ben Gras, one of the researchers involved, is giving a presentation at the Black Hat USA conference in August—a draft version has been shared in OS development circles, as well as with The Register.
    Read More
  • Jun 22, 2018 | Dark Reading

    Cracking Cortana: The Dangers of Flawed Voice Assistants [Black Hat USA 2018]

    Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
    Read More
  • Jun 22, 2018 | The Register

    Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about [Black Hat USA 2018]

    The team's paper is due to be made public next week. Gras will give a talk at Black Hat USA in August on the vulnerability.
    Read More
  • Jun 20, 2018 | The Register

    OpenBSD disables Intel’s hyper-threading over CPU data leak fears [Black Hat USA 2018]

    And this talk at Black Hat in August that promises to reveal how miscreants can extract encryption keys from application memory via hyper-threading and TLB data leaks. Specifically, that presentation, by Ben Gras, will cover a technique dubbed TLBleed that exploits hyper-threading to swipe sensitive data
    Read More
  • Jun 19, 2018 | BleepingComputer

    OpenBSD Disables Intel CPU Hyper-Threading Due to Security Concerns [Black Hat USA 2018]

    According to the infosec community, the reason why OpenBSD disabled Intel HT is related to a research paper detailing a new vulnerability named TLBleed, which will be presented at the Black Hat security conference that will be held in Las Vegas in August.
    Read More
  • Jun 18, 2018 | Forbes

    Watch Windows 10 Hack Steal Passwords And Photos By Abusing Cortana [Black Hat USA 2018]

    The weakness was found separately by McAfee researchers, and Yuval Ron and Ron Marcovich, software engineering students at the Technion Israeli Institute of Technology, as part of a project overseen by independent security researchers Amichai Shulman and Tal Be'ery.
    Read More
  • Jun 15, 2018 | InCyberDefense

    Cybersecurity Conference Season Starts Soon in Las Vegas [Black Hat USA 2018]

    The Black Hat USA conference, now in its 21st year, features recent research, development and trends. Black Hat is often the show where some of the most controversial vulnerability research in the field of information technology is unveiled.
    Read More
  • Jun 14, 2018 | Dark Reading

    Demystifying Mental Health in the Infosec Community [Black Hat USA 2018]

    Security experts talk about burnout, diversity, mental health, and legal issues in a new Community track at Black Hat USA.
    Read More
  • Jun 12, 2018 | CSO

    The best Windows 10 antivirus? Kaspersky, Symantec and Trend Micro lead in latest tests [Black Hat USA 2017]

    According to a survey of this year's Black Hat attendees, 73 percent think that traditional antivirus is irrelevant or obsolete.
    Read More
  • Jun 12, 2018 | Dark Reading

    New Hack Weaponizes the Web Cache [Black Hat USA 2018]

    Kettle is holding back much of the secret sauce of the Web-caching hack as well as his Web targets until his Black Hat USA talk in August. But he does say that with his attack, he can force a cache into behaving in an unsavory way without directly targeting it.
    Read More
  • Jun 11, 2018 | Forbes

    Why Every Enterprise Should Have A Cyber Range In Its Security Arsenal [Black Hat USA 2017]

    In fact, in another poll conducted at the 2017 Black Hat security conference, 84% of the organizations that experienced an attack attributed it to human error.
    Read More
  • Jun 11, 2018 | Mashable

    Not everyone is so hot about this free USB fan handed to journalists at Trump-Kim summit [Black Hat USA 2014]

    Security researchers Karsten Nohl and Jakob Lell demonstrated malware they had developed, called BadUSB, at the Black Hat Conference back in 2014.
    Read More
  • Jun 7, 2018 | Fast Company

    It might be possible to hack airplanes in mid-flight from the ground, says security expert [Black Hat USA 2018]

    If your summer plans include attending the 2018 Blackhat hacker conference, be sure to add Ruben Santamarta’s not-at-all alarming “Last Call for SATCOM Security.”
    Read More
  • Jun 6, 2018 | Newsweek

    In-Flight Airplanes Can Now Be Hacked From the Ground, Cyber Expert Warns [Black Hat USA 2018]

    Building on research first published in 2014, Ruben Santamarta, an expert at cybersecurity company IO/Active, will tell attendees at 2018’s BlackHat hacker conference in August how “entire fleets” of airplanes were left accessible from the internet, leaving hundreds of in-flight craft at risk.
    Read More
  • Jun 5, 2018 | Dark Reading

    Researcher Successfully Hacked In-Flight Airplanes - From the Ground [Black Hat USA 2018]

    IOActive researcher will demonstrate at Black Hat USA how satellite equipment can be 'weaponized.'
    Read More
  • May 29, 2018 | The Daily Swig

    What’s your poison? New attack method turns the tables on web caching [Black Hat USA 2018]

    During his presentation at Black Hat USA, which takes place in Las Vegas on August 4-9, the researcher will illustrate how he was able to use his new web cache poisoning technique to compromise websites by using esoteric web features that turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage.
    Read More
  • Apr 11, 2018 | The Wall Street Journal

    You Think Discovering a Computer Virus Is Hard? Try Naming One [Black Hat USA 2017]

    Heartbleed gained so much attention it inspired the Pwnie Awards—pronounced “Pony” Awards—which recognize the best bug branding at the annual Black Hat computer-security conference in Las Vegas.
    Read More
  • Mar 28, 2018 | Tweakers

    Intel: Recent BranchScope side channel on CPUs does not require new patches [Black Hat Asia 2018]

    Intel also responded to The Register on another attack that was presented at Black Hat Asia by two researchers from the Technical University of Graz, who also collaborated on Meltdown and Specter. They claimed that it is possible to run malware from the user space into a protected SGX enclave to attack another enclave on the same hardware with a cache attack.
    Read More
  • Mar 28, 2018 | The Register

    Intel shrugs off ‘new’ side-channel attacks on branch prediction units and SGX [Black Hat Asia 2018]

    One of the new allegations was discussed at Black Hat Asia in Singapore last week, where University of Graz PhD Students Moritz Lipp and Michael Schwarz delivered a talk titled “When good turns to evil: using Intel SGX to stealthily steal Bitcoins.”
    Read More
  • Mar 26, 2018 | golem.de

    Microsoft stops RDP requests from unpatched clients [Black Hat Asia 2018]

    The vulnerability introduced by researchers at security company Preempt at the Black Hat Asia conference has been fixed by Microsoft as part of Patch Tuesday. The company is taking the unusual step of completely locking out unpatched clients. Specifically, the authentication of the computer via RDP is aborted.
    Read More
  • Mar 26, 2018 | security.nl

    Korean banks hacked through zero-days in anti-virus and VM [Black Hat Asia 2018]

    In recent years, South Korean banks have become the target of several targeted attacks, with the attackers also using zero-days in anti-virus software and virtual machine software to compromise the banking networks. That is what employees at the Korean Financial Security Institute have announced during the Black Hat Asia security conference
    Read More
  • Mar 25, 2018 | internetua

    The expert described ways to compromise mobile payments [Black Hat Asia 2018]

    Paying for purchases using a smartphone - frankly dangerous, warns the expert Fudan University (China) Jae Zhou. In the speech at the Black Hat Asia conference in Singapore, the researcher described a number of ways to intercept tokens when making contactless payments, writes The Register.
    Read More
  • Mar 23, 2018 | Tech Talk Thai

    [BHAsia 2018] Researchers Offer New SDL Models for Wearable Devices Focus on Security and Privacy [Black Hat Asia 2018]

    At the Black Hat Asia 2018 conference, Kavya Racharla, senior security researcher at Intel and Sumanth Naropanth, founder of Deep Armor, presented a new Software Development Lifecycle (SDL) model for new generation Wearable devices, focusing on security, security and Be personal.
    Read More
  • Mar 23, 2018 | Tech Talk Thai

    [BHAsia 2018] Researchers point out that national hackers are beginning to attack for more money [Black Hat Asia 2018]

    Shen and Kwak argue that in the past, hackers like Lazarus, Bluenoroff, Andariel and Reaper began to change their purpose of being a Nation-state Attacker.
    Read More
  • Mar 23, 2018 | Dark Reading

    Looking Back and Thinking Ahead on Cyberwar, Nation-State Attacks [Black Hat Asia 2018]

    Nation-state threats dominated the themes of this week's keynotes at Black Hat Asia, where experts dug into past and current cyberattacks, efforts to mitigate nation-state attacks, and the broad and evolving realm of cyber warfare.
    Read More
  • Mar 23, 2018 | cnsoftnews.com

    Black Hat Asia 2018 Special Recommendation Topic: Tencent Security Anti-Virus Lab Uncovers New loT Attack [Black Hat Asia 2018]

    From March 20th to 23rd, Black Hat Asia 2018 (Asian Black Hat Conference), the highest event in the global information security industry, was held in Singapore. Security experts from around the world gathered here to discuss and share the latest research on current hot security issues. Achievements.
    Read More
  • Mar 23, 2018 | The Register

    Microsoft to re-enforce March patch that owns Windows over RDP [Black Hat Asia 2018]

    Black Hat Asia Microsoft will soon prevent Windows from authenticating un-patched RDP clients to cap a March patch addressed a flaw that can allow lateral movement across a network from a compromised remote desktop protocol session.
    Read More
  • Mar 23, 2018 | ComputerWeekly.com

    Private sector over-investing against nation-state attacks [Black Hat Asia 2018]

    “We’re all spending a lot of money trying to defend ourselves against attacks that are conducted using tax money that we’re paying to our governments,” Bill Woodcock, executive director of Packet Clearing House, a non-governmental organisation that builds and supports critical internet infrastructure, said at Black Hat Asia 2018 in Singapore this week.
    Read More
  • Mar 23, 2018 | The Register

    Reflection of a QR code on PoS scanner used to own mobile payments [Black Hat Asia 2018]

    Black Hat Asia Paying for stuff with your smartphone is downright dangerous according to Zhe Zhou, a pre-tenure associate professor at Fudan University, who yesterday explained how three different payment methods can be cracked at Black Hat Asia in Singapore.
    Read More
  • Mar 22, 2018 | TekCrispy

    Smartwatch are more vulnerable to information hacking [Black Hat Asia 2018]

    Black Hat Asia, is a technology conference where the gurus in computer security come together to, among other things, talk about the vulnerabilities that certain devices have, among which they decided to analyze the weareables or smartwatch, devices that -although it seems incredible- represent a great opportunity for hackers.
    Read More
  • Mar 22, 2018 | Dark Reading

    Hunting Cybercriminals with AWS Honey Tokens [Black Hat Asia 2018]

    Researchers at Black Hat Asia demonstrated how they used AWS honey tokens to detect security breaches at scale.
    Read More
  • Mar 22, 2018 | The Register

    Diplomats, 'Net greybeards work to disarm USA, China and Russia’s cyber-weapons [Black Hat Asia 2018]

    As explained today in a keynote at Black Hat Asia by GCSC commissioner and executive director of Packet Clearing House Bill Woodcock, those behind state-sponsored attacks are usually either hopelessly optimistic, or indifferent, to the notion that their exploits will be re-used.
    Read More
  • Mar 22, 2018 | Dark Reading

    Hunting Cybercriminals with AWS Honey Tokens [Black Hat Asia 2018]

    Researchers at Black Hat Asia demonstrated how they used AWS honey tokens to detect security breaches at scale.
    Read More
  • Mar 22, 2018 | Error404 Cyber News

    [Black Hat Asia 2018] Vulnerability of Mobile Payment System [Black Hat Asia 2018]

    According to Zhe Zhou, an associate professor at Fudan Unveristy, making payments via smartphone is really dangerous.
    Read More
  • Mar 22, 2018 | The Register

    Holy sweat! Wearables have THREE attack surfaces [Black Hat Asia 2018]

    Black Hat Asia Wearable devices – and anything that relies on an app to help with configuration – has at least three attack surfaces and your existing secure development lifecycle probably isn’t going to cope with the complexity that creates.
    Read More
  • Mar 15, 2018 | securityasia

    Why a major data breach will happen across Asia in next two years [Black Hat Asia 2018]

    These concerns and more are outlined in Black Hat Asia’s first-ever research report, Cybersecurity Risk in Asia. The report, compiled from a survey of nearly 100 current and former attendees at Black Hat Asia, provides insights on critical information security issues pertaining to Asian cyber defenses and vulnerabilities.
    Read More
  • Mar 15, 2018 | GBHackers on Security

    New Black Hat Asia Research: More than 70% of Security Professionals Predict a Major Data Breach Across Asian Countries in the Next Two Years [Black Hat Asia 2018]

    Cyber attacks levels have raised concerning the IT security professionals across the globe, and Asia is not an exception to it. A majority of the respondents in Black Hat Asia 2018 survey believe their organizations will have to respond to a major security incident in the next 12 months.
    Read More
  • Mar 14, 2018 | Redmond Magazine

    'Fascinating' CredSSP Flaw Affects All Versions of Windows [Black Hat Asia 2018]

    A team from Preempt will give a presentation on the vulnerability at Black Hat 2018 Asia next week.
    Read More
  • Mar 14, 2018 | Homeland Security Today

    Report: Asia-Pacific Cybersecurity Chiefs Expect Major Attack on Critical Infrastructure [Black Hat Asia 2018]

    More than two-thirds of Asia-Pacific cybersecurity leaders believe there will be a major successful attack on multiple countries’ critical infrastructure in the next two years, according to a survey from Black Hat Asia.
    Read More
  • Mar 14, 2018 | SecurityBrief Asia

    Asia's security professionals wary of Russia, China, North Korea [Black Hat Asia 2018]

    Attendees at this year’s Black Hat Asia conference are wary of what’s ahead from some of the world’s most notorious countries behind cyber attacks.
    Read More
  • Mar 14, 2018 | Free Malaysia Today

    Major data breach across Asia predicted in next 2 years [Black Hat Asia 2018]

    Based on the report, Black Hat found that more than 30% of respondents believe the primary reason cybersecurity strategies fail in Asia is because of a shortage of skilled professionals.
    Read More
  • Mar 14, 2018 | ComputerWeekly

    APAC security chiefs expect imminent attack on critical systems [Black Hat Asia 2018]

    According to the survey conducted ahead of Black Hat Asia in Singapore, 52% of nearly 100 respondents either “strongly agree” or “somewhat agree” that such an attack would happen in their own country in the next two years.
    Read More
  • Mar 14, 2018 | Error404 Cyber News

    Black Hat Asia Research: Over 70% of Security Professionals Predict Major Breach in Next Two Years [Black Hat Asia 2018]

    Black Hat is a conference of cybersecurity researchers the most famous, well-established and professional corporate information security.
    Read More
  • Mar 13, 2018 | TeleAnalysis

    Black Hat Predicts Major Data Breach In Asia In Two Years [Black Hat Asia 2018]

    As in Black Hat surveys conducted in the USA and Europe, security professionals in the Black Hat Asia study are concerned that recent incidents in their region may indicate that a major breach of critical infrastructure is forthcoming.
    Read More
  • Mar 13, 2018 | dailysecu.com

    More than 70% of security experts raise the possibility of massive data leakage in Asia [Black Hat Asia 2018]

    This is described in detail in the CyberSecurity Risk in Asia report by Black Hat Asia. This report contains the results of surveys conducted by about 100 attendees of Black Hat Asia, and provides insight into major information security issues related to cybersecurity and vulnerability in Asia.
    Read More
  • Mar 13, 2018 | International Business Times

    Almost 60% of Asia-based cybersecurity pros fear malicious attacks on the horizon [Black Hat Asia 2018]

    Such concerns are highlighted in Black Hat Asia’s research report titled “Cybersecurity Risk in Asia.” The report was compiled from a poll of about 100 current and former attendees at Black Hat Asia.
    Read More
  • Mar 13, 2018 | TeleAnalysis

    Black Hat Predicts Major Data Breach In Asia In Two Years [Black Hat Asia 2018]

    A new Black Hat study says nearly 60% of Asia-based cybersecurity professionals fear malicious attacks on the horizon from Russia, China and North Korea.
    Read More
  • Mar 13, 2018 | BS News

    Black Hat Asia Announces 'Cybersecurity Risk in Asia' Research Report [Black Hat Asia 2018]

    Leveraging its own expert community, Black Hat draws insights from executives, executives, information technology and information security teams, network managers and security officers in Asia, including CEOs, CSOs and CIOs in Asia.
    Read More
  • Mar 12, 2018 | Dark Reading

    Asia's Security Leaders Feel Underprepared for Future Threats: Report [Black Hat Asia 2018]

    The study, Cyber Risk in Asia, is being published by Black Hat Asia, one of the region's top cybersecurity conferences. This year's event will take place Mar. 20-23 in Singapore.
    Read More
  • Mar 10, 2018 | TechWorm

    Design flaw in Microsoft’s Control Flow Guard allows complete bypass [Black Hat Asia 2018]

    The Italian researchers have dubbed this exploit as the Back to the Epilogue (BATE) attack, which they will be explaining in detail at the Black Hat Asia Conference this month.
    Read More
  • Mar 8, 2018 | ITavisen

    Researchers say they have found severe Windows vulnerability - over 500 million PCs may be exposed [Black Hat Asia 2018]

    According to reports, which can be read in its entirety here , more than 500 million PCs are exposed to attacks. The research team plans to demonstrate BATE weakness - using the Edge browser in Windows 10 - during the Black Hat Asia Conference, which will be released later this month.
    Read More
  • Mar 7, 2018 | Dark Reading

    Researchers Defeat Android OEMs' Security Mitigations [Black Hat Asia 2018]

    At Black Hat Asia, two security experts will bypass security improvements added to Android by equipment manufacturers.
    Read More
  • Mar 7, 2018 | MUO

    Why Wi-Fi Direct Isn’t as Secure as You Think [Black Hat Europe 2017]

    Of course, no new technology is without downsides. According to research presented at Black Hat Europe 2017, Wi-Fi Direct may be compromising our security. In doing so, it unwittingly grants hackers an easy way into our digital lives—all in the pursuit of convenience.
    Read More
  • Mar 7, 2018 | Dark Reading

    Intel SGX Can Be Used to Hide, Execute Malware [Black Hat Asia 2018]

    In a talk at the Black Hat Asia conference later this month, researchers from the Graz University of Technology in Austria plan to show how attackers can abuse Intel's Software Guard Extensions (SGX) microprocessor security feature to steal cryptographic keys and other secrets.
    Read More
  • Mar 1, 2018 | Dark Reading

    Securing the Web of Wearables, Smartphones & Cloud [Black Hat Asia 2018]

    At this year's Black Hat Asia, taking place March 23–26 in Singapore, Naropanth will discuss security and privacy research related to the development of IoT devices, including a custom SDL designed to incorporate wearables, phones, and the cloud.
    Read More
  • Feb 27, 2018 | Forbes

    Mind The Gap -- How Quantum Computers May Leave Today's Online Services Vulnerable [Black Hat USA 2017]

    "In particular there are concerns that if your data needs to live longer than twenty years, you might be inside the window right now," said Chris Burchett, Vice President, Dell Endpoint Security during an interview at last summer's Black Hat USA 2017 conference.
    Read More
  • Feb 23, 2018 | TechTarget

    Facebook's 2FA bug lands social media giant in hot water [Black Hat USA 2017]

    At Black Hat USA 2017, Facebook CSO Alex Stamos said “As a community we tend to punish people who implement imperfect solutions in an imperfect world.”
    Read More
  • Feb 23, 2018 | Dark Reading

    10 Can't-Miss Talks at Black Hat Asia [Black Hat Asia 2018]

    Mobile and platform security are popular topics for next month's Black Hat Asia conference in Singapore, where industry experts will meet from March 20-23 to learn about newly discovered exploits and the tools and techniques to defend against them.
    Read More
  • Feb 20, 2018 | Dark Reading

    Researcher to Release Free Attack Obfuscation Tool [Black Hat Asia 2018]

    Bohannon will release his new Invoke-DOSfuscation framework tool next month at Black Hat Asia in Singapore, where he will present his research on how attackers like FIN7 use the relatively basic cmd.exe to slip malware into their targets' systems.
    Read More
  • Jan 29, 2018 | TechRepublic

    Jackpotting cyberattack hits US, forces ATMs to spit out money for hackers [Black Hat USA 2017]

    Demonstrators at Black Hat 2017 were able to force open an ATM to gain access to an unprotected USB port, and within minutes were able to empty it of its cash reserves.
    Read More
  • Jan 29, 2018 | Ars Technica

    In a first, US hit by “Jackpotting” attacks that empty ATMs in minutes [Black Hat USA 2010]

    A year later, researcher Barnaby Jack demonstrated a series of ATM attacks at the Black Hat Security conference in Las Vegas.
    Read More
  • Jan 29, 2018 | The Verge

    ‘Jackpotting’ attacks are now hitting US ATMs, report says [Black Hat USA 2010]

    Jackpotting, in which thieves use a variety of tools to hack into ATMs and cause them to dispense large amounts of cash on demand, has been a legitimate threat for several years now. The late computer hacker Barnaby Jack famously showed off an ATM exploit at the Black Hat conference back in 2010.
    Read More
  • Jan 29, 2018 | ABC News

    Secret Service warns banks of coming wave of ATM 'jackpotting' attacks [Black Hat USA 2010]

    It's called "jackpotting." It works just like it sounds, an ATM machine is compromised to spit out cash to a fraudster at a furious rate of 40 bills every 23 seconds.
    Read More
  • Jan 28, 2018 | Engadget

    ATM 'jackpotting' hacks reach the US [Black Hat USA 2016]

    For some ATM thieves, swiping card data involves too much patience -- they'd rather just take the money and run. The US Secret Service has warned ATM makers Diebold Nixdorf and NCR that "jackpotting" hacks, where crooks force machine to cough up large sums of cash, have reached the US after years of creating problems in Asia, Europe and Mexico.
    Read More
  • Jan 28, 2018 | The Washington Post

    Hackers are making U.S. ATMs spit out cash like slot machines [Black Hat USA 2010]

    Hackers able to make ATMs spit cash like winning slot machines are now operating inside the United States, marking the arrival of “jackpotting” attacks after widespread heists in Europe and Asia, according to the world’s largest ATM makers and security news website, Krebs on Security.
    Read More
  • Jan 25, 2018 | Ars Technica

    Vulnerable industrial controls directly connected to Internet? Why not? [Black Hat USA 2015]

    Yet some of these attacks may go undocumented simply because the companies affected by them have had no cause to report them. At the Black Hat USA security conference in 2015, Marina Krotofil, a researcher at Hamburg University of Technology told attendees that utilities had been regularly blackmailed by ICS hackers on a large scale since at least 2006.
    Read More
  • Jan 25, 2018 | Industry Daily

    Black Hat Asia 2018 addresses global information security vulnerabilities [Black Hat Asia 2018]

    According to Black Hat, a global information security event provider, this year's event will be held at Marina Bay Sands in Singapore and will share information on vulnerabilities such as research, hacking and mobile hacking.
    Read More
  • Jan 22, 2018 | Infosecurity Magazine

    CAPTCHA + reCAPTCHA: Are they the Best Fraud Prevention Solution for your Business? [Black Hat Asia 2017]

    Despite the security and UX improvements, there are still many ways for bad actors to get around CAPTCHA systems. CAPTCHA bots and CAPTCHA farms even exist where low-skilled workers are utilized to mass solve CAPTCHAs for rates as low as 80 cents for 1,000 solved codes. CAPTCHA attack systems presented at Black Hat Asia in Singapore showed a more than 70% CAPTCHA-cracking success rate with an average running time of just 19.2 seconds.
    Read More
  • Jan 22, 2018 | ComputerWeekly.com

    Taking complexity out of cyber security [Black Hat Asia 2017]

    Tan: At Black Hat Asia last year, cyber security experts called for the software industry to do more to plug the vulnerabilities in their products.
    Read More
  • Jan 18, 2018 | Krebs on Security

    Drugs Tripped Up Suspects In First Known ATM “Jackpotting” Attacks in the US [Black Hat USA 2010]

    Jackpotting has been a real threat to ATM owners and manufacturers since at least 2010, when the late security researcher Barnaby Michael Douglas Jack (known to most as simply “Barnaby Jack”) demonstrated the attack to a cheering audience at the Black Hat security conference.
    Read More
  • Jan 13, 2018 | Chicago Daily Herald

    Inside the semiconductor industry's meltdown

    At Black Hat USA, a major cybersecurity conference in Las Vegas, in August 2016 a team from Graz Technical University presented their research from earlier in the year on a way to prevent attacks against the kernel memory of Intel chips.
    Read More
  • Jan 11, 2018 | Federal Times

    Democratic report warns of Russian meddling in Europe, US [Black Hat USA 2017]

    Fifth Domain editor Aaron Boyd asks Black Hat attendees if they consider Russian Meddling a hack.
    Read More
  • Jan 5, 2018 | CSO

    Enterprise endpoint protection failures will continue until accountability increases

    A recent discovery of a new and terrifying malicious code attack technique helps begin to illustrate the acceptance of cyber inadequacy. It is called Process Doppleganging and researchers explained it at Black Hat Europe in December 2017.
    Read More
  • Dec 19, 2017 | Version2

    Security through suspicion: Tear the firmware out of the laptops and make builds in several places

    During another speech at the Black Hat Europe conference, Mark Ermolov and Maxim Goryachy from Positive Technologies talked about a vulnerability found in the Intel Management Engine (ME) and which, in principle, makes it possible to compromise firmware on a computer.
    Read More
  • Dec 19, 2017 | Rambler

    The US announced the involvement of the DPRK in the creation of the WannaCry virus

    In the first decade of December, a new way was found to bypass any protection of the computer, even if it installed an antivirus. The method of hacking any version of the Windows operating system was presented by enSilo specialists at the Black Hat Europe 2017 conference.
    Read More
  • Dec 15, 2017 | golem.de

    Qubes OS should be "just like Ubuntu"

    In her keynote address at Black Hat Europe last week, the hacker said that she had removed all microphones from her iPhone and was only using a Bluetooth headset on the phone.
    Read More
  • Dec 15, 2017 | The Register

    We need to talk about mathematical backdoors in encryption algorithms

    During a presentation at Black Hat Europe last week, titled By-design Backdooring of Encryption System - Can We Trust Foreign Encryption Algorithms?, Filiol and his colleague Arnaud Bannier, explained how it is possible to design a mathematical backdoor.
    Read More
  • Dec 13, 2017 | The Register

    Intel to slap hardware lock on Management Engine code to thwart downgrade attacks

    Last month, in response and ahead of Ermolov and Goryachy's public presentation of their research at Black Hat Europe, Chipzilla published eight vulnerability notices: the tech giant admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) could be attacked to give miscreants access to the controversial hidden administrative layer - effectively granting God-mode on the computer.
    Read More
  • Dec 13, 2017 | Version2

    "If I had known, I'd never cooperated with Intel"

    As Version2 could report a week ago, experts from security company Positive Technologies held last week a presentation at the Black Hat Europe Conference, claiming that more of the vulnerabilities could still be exploited.
    Read More
  • Dec 13, 2017 | dobreprogramy

    You will no longer undo the firmware in the Intel chips: this is how the Management Engine has been secured

    Only last month, just before the public presentation of these vulnerabilities at the Black Hat Europe conference , patches were released , which, however, have yet to be adapted by the equipment manufacturers and published as computer firmware updates.
    Read More
  • Dec 12, 2017 | The Register

    Why bother cracking PCs? Spot o' malware on PLCs...Done. Industrial control network pwned

    The Black Hat presentation, entitled Exfiltrating Reconnaissance Data from Air-Gapped ICS/SCADA Networks, feature a live demo.
    Read More
  • Dec 12, 2017 | ZDNet Japan

    A vulnerability in a programming language puts the application at risk? - Researcher's report

    This view was published by IOActive researcher Fernando Arnaboldi at the "Black Hat Europe 2017" conference held in London on December 4-7, local time . He says that serious vulnerabilities exist in interpreters used by the five popular programming languages, posing a danger to interpreted / executed applications.
    Read More
  • Dec 12, 2017 | Silicon France

    5 computer languages that introduce security vulnerabilities

    The Security Researcher for IOActive (US IT Security Audit and Consulting Firm) took advantage of the Black Hat Europe conference held last week in London to highlight the risks involved in five programming languages.
    Read More
  • Dec 12, 2017 | ZDNet.de

    Vulnerabilities in programming languages make apps vulnerable

    Fernando Arnaboldi, security researcher at IOActive, has presented severe security vulnerabilities in five programming languages at the Black Hat Europe conference.
    Read More
  • Dec 12, 2017 | Gazeta.pl

    Doppelganging - there is still no answer to this type of attack. Antiviruses blind and helpless

    During the Black Hat Europe 2017 conference, a completely new type of attack on Windows computers was presented. Antivirus programs and security built into the system remain blind and helpless.
    Read More
  • Dec 12, 2017 | Sohu

    Black Hat Europe 2017: Security experts spotted the vulnerabilities in 5 of the most popular programming languages

    This week at Black Hat Europe 2017 security conference, a security researcher disclosed vulnerabilities appear several currently very popular interpreted programming language. Programming languages that exist on these issues may make an application to use these language development and therefore very vulnerable to attack.
    Read More
  • Dec 11, 2017 | Znaj.ua

    WARNING! Your Windows may not be able to see a new generation virus

    A new kind of virus does not leave traces and parasites on the internal mechanisms of AVS-scanners. This program community was told at the Black Hat Europe 2017 conference.
    Read More
  • Dec 11, 2017 | TechWorld

    Impossible to write secure code when the language itself has shortcomings

    IOActive Security Consultant Fernando Arnaboldi presented a report at the Black Hat Europe Conference last week, describing this. His founding is that the language itself could mean that code works in a way that programmer can not predict. Among unexpected, undesired behaviors are security holes.
    Read More
  • Dec 11, 2017 | ZDNet

    These five programming languages have flaws that expose apps to attack

    IOActive researcher Fernando Arnaboldi revealed at last week's Black Hat Europe conference that serious flaws in interpreters for five popular programming languages put applications parsed by them at risk.
    Read More
  • Dec 11, 2017 | TechRepublic

    Five programming languages with hidden flaws vulnerable to hackers

    At the recent Black Hat Europe conference, IOActive security services revealed it had identified flaws in five major, interpreted programming languages that could be used by hackers in crafting an attack.
    Read More
  • Dec 11, 2017 | The Register

    Language bugs infest downstream software, fuzzer finds

    Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use. That's the conclusion of research presented last week at Black Hat Europe by IOActive's Fernando Arnaboldi.
    Read More
  • Dec 11, 2017 | Security Ledger

    Researchers use radio to jump air gapped industrial control systems

    The researchers presented their work at the Black Hat Europe conference in London on December 6. Researchers David Atch and George Lashenko demonstrated a method for reprogramming Siemens programmable logic controllers (PLCs) to generate "encoded radio signals" that could be received over ordinary AM radios. The signals could be used to steal (or "exfiltrate" sensitive data from the networks, the researchers claim.
    Read More
  • Dec 10, 2017 | Security Affairs

    Severe flaws in most popular programming languages could expose to hack any secure application built on top of them

    Last week, IOActive Senior Security Consultant Fernando Arnaboldi presented at the Black Hat Europe 2017 security conference the results of an interesting research about vulnerabilities in several popular interpreted programming languages.
    Read More
  • Dec 9, 2017 | Golem

    Weekly Review KW 49 2017

    Researchers have been showing details of the Intel ME hack for months at the Black Hat Europe security conference. You can exploit security holes in the management engine of modern Intel CPUs even if it was actually partially disabled by kill bit.
    Read More
  • Dec 9, 2017 | Techworm

    Major Intel ME Firmware Flaw Allows Attackers Get 'God Mode' On A Vulnerable Machine

    In a recent presentation held at Black Hat Europe in London, security researchers from Positive Technologies, Mark Ermolov and Maxim Goryachy revealed how a buffer overflow they discovered in the Intel's secret Management Engine 11's firmware can be exploited by sophisticated attackers to gain unauthorized access to ME functionality even when it's turned 'off.'
    Read More
  • Dec 8, 2017 | eWeek

    Intel Chip Flaw Enables Malware to Gain Full Access to Computer Assets

    A flaw in Intel processors allows malware to reside undetectable on nearly any recent Intel-based computer manufactured since at least 2015, researchers from Positive Technologies revealed Dec. 6 at Black Hat Europe.
    Read More
  • Dec 8, 2017 | Sky News

    North Korea is 'hacking soaring Bitcoin exchanges', say researchers

    Ms Shen and her colleagues have tracked attacks by hacking groups Lazarus, Bluenoroff and Andariel - suspected to be North Korean operations - on financial institutions including banks in Europe and South Korea, an ATM company and Bitcoin exchange.
    Read More
  • Dec 8, 2017 | BleepingComputer

    Secure Apps Exposed to Hacking via Flaws in Underlying Programming Languages

    Research presented this week at the Black Hat Europe 2017 security conference has revealed that several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks.
    Read More
  • Dec 8, 2017 | Enterprise Times UK

    Malwarebytes sees New Mafia launching cyber-attacks

    Walking around Black Hat Europe this week we asked vendors should we 'out' companies over breaches? The majority agreed with Malwarebytes that the current headlines were not helpful and many suggested that they knew of clients who would pay to make the situation go away.
    Read More
  • Dec 8, 2017 | PC Forum

    A new, unbreakable virus attack attacks Windows

    All this is due to a new technique used by pests, details of which have been presented by security researchers at the recent Black Hat Europe conference .
    Read More
  • Dec 7, 2017 | Laptop Mag

    'Doppelganging' Attack Evades Antivirus, Hits All Windows Versions

    A newly discovered malware attack affects all versions of Windows, often isn't detected by antivirus software and can't be patched. This isn't a riddle: it's the Process Doppelganging attack, which was presented today (Dec. 7) at the Black Hat Europe 2017 security conference in London.
    Read More
  • Dec 7, 2017 | Hack Read

    Process Doppelganging attack affects all Windows version & evades AV products

    Dubbed 'Process Doppelganging' by Tal Liberman and Eugene Kogan of EnSilo, the attack was demonstrated during Black Hat Europe 2017 security conference in London earlier today.
    Read More
  • Dec 7, 2017 | Dark Reading

    Rutkowska: Trust Makes Us Vulnerable

    "In computer security, 'trusted' means this piece of code, or whatever is being trusted, is capable of destroying my whole security integrity," she said in her keynote entitled "Security Through Distrusting" here today at Black Hat Europe. She says we have too much trust in technology and this trust is leaving us vulnerable to attack.
    Read More
  • Dec 7, 2017 | BleepingComputer

    "Process Doppelganging" Attack Works on All Windows Versions

    Today, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelganging."
    Read More
  • Dec 7, 2017 | SC Magazine UK

    Market-leading security products broken by Doppelganging attack

    Two researchers from enSilo, Eugene Kogan and Tal Liberman, revealed the 'Process Doppelganging' attack methodology at Black Hat Europe on this morning (Thursday).
    Read More
  • Dec 7, 2017 | Wccftech

    Intel ME Flaws Not Perfectly Fixed: Gives Attackers "God Mode" on a Vulnerable Machine

    During a presentation at Black Hat Europe, security researchers talked about the much hyped Intel Management Engine issues.
    Read More
  • Dec 7, 2017 | Hackaday

    Another Defeat of the Intel Management Engine

    If you're thinking that this seems like an incredible security vulnerability then you're not alone, and a team at Black Hat Europe 2017 has demonstrated yet another flaw in this black box, allowing arbitrary code execution and bypassing many of the known ME protections.
    Read More
  • Dec 7, 2017 | TugaTech

    Windows Fails to Bypass Any Security Software

    During the Black Hat Europe 2017 event, the security company demonstrated how it is possible to inject code into the operating system during file movement due to a flaw in the NTFS file system, circumventing security measures and the anti-virus systems themselves installed.
    Read More
  • Dec 7, 2017 | The Register

    Security industry needs to be less trusting to get more secure

    Delegates to Black Hat Europe have been encouraged to turn conventional security thinking on its head by practicing security through distrust.
    Read More
  • Dec 7, 2017 | SecurityWeek

    'Process Doppelganging' Helps Malware Evade Detection

    The security firm disclosed its findings this week at the Black Hat Europe conference in London. Technical details and proof-of-concept (PoC) code will be made available shortly.
    Read More
  • Dec 7, 2017 | Techspot

    New code injection method avoids malware detection on all versions of Windows

    Presented at Black Hat Europe, a new fileless code injection technique has been detailed by security researchers Eugene Kogan and Tal Liberman. Dubbed Process Doppelganging, commonly available antivirus software is unable to detect processes that have been modified to include malicious code.
    Read More
  • Dec 7, 2017 | Infosecurity Magazine

    #BHEU: Attackers and Spies Merge with Evolved Attacks

    Speaking to Infosecurity at Black Hat Europe, Eward Driehuis, research chief at SecureLink said that convergence is happening now, as cyber-criminals are doing Big Data analysis on their victims to determine what would be of value.
    Read More
  • Dec 7, 2017 | Infosecurity Magazine

    #BHEU: Social Engineer Shows How to Get Easy Cash

    Speaking at Black Hat Europe in London, Joshua Crumbaugh, Chief Hacker and CEO at PeopleSec, gave live red teaming tips and recorded examples of how to successfully hack into a company using only a confident manner over the phone.
    Read More
  • Dec 7, 2017 | ZDNet

    Doppelganging: How to circumvent security products to execute code on Windows

    At Black Hat Europe on Thursday, security professionals Eugene Kogan and Tal Liberman from endpoint security firm enSilo revealed research into how cybersecurity products on the market can be circumvented by exploiting how they scan for malware and interact with memory processes.
    Read More
  • Dec 6, 2017 | Dark Reading

    Why Cybersecurity Must Be an International Effort

    "How many people think we're better off today than seventeen years ago?" Chris Painter, the former and first-appointed cyber coordinator for the US State Department asked in his keynote at Black Hat Europe, held this week in London. He didn't seem surprised at the response.
    Read More
  • Dec 6, 2017 | The Register

    Intel Management Engine pwned by buffer overflow

    On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
    Read More
  • Dec 6, 2017 | Dark Reading

    How the Major Intel ME Firmware Flaw Lets Attackers Get 'God Mode' on a Machine

    Researchers who discovered the flaw went public today at Black Hat Europe in London with details of their finding, a stack buffer overflow bug in the Intel Management Engine (ME) 11 system that's found in most Intel chips shipped since 2015. ME, which contains its own operating system, is a system efficiency feature that runs during startup and while the computer is on or asleep, and handles much of the communications between the processor and external devices.
    Read More
  • Dec 6, 2017 | The Register

    Former US State Department cyber man: We didn't see the Russian threat coming

    Chris Painter, former co-ordinator for cyber issues at the US State Department, told delegates at the Black Hat EU conference that cyber issues have emerged as a core topic for governments worldwide.
    Read More
  • Dec 6, 2017 | Infosecurity Magazine

    #BHEU: Government Agreements Needed on How to Prevent Cyber-Conflict

    Asking for a show of hands from the opening keynote at Black Hat Europe in London, Chris Painter, the first and former coordinator for cyber issues at the US State Department, found that only a few members of the audience felt governments were doing a good job of talking to the security industry about threats and problems.
    Read More
  • Dec 6, 2017 | Linux-Magazin Online

    Black Hat Europe 2017: Blueborne trifft Alexa, Intel ME ausgehebelt

    Alexa wurde per Bluetooth-Lucke ubernommen, Intels Management Engine uber einen komplizierten Exploit. Und auch sonst war einiges los am ersten Tag der Black Hat Europe in London.
    Read More
  • Dec 6, 2017 | Infosecurity Magazine

    #BHEU: Security Created Fragility Without Consideration for the World

    Kicking off the opening day of Black Hat Europe in London, founder Jeff Moss said that the event was "trying to be different and be more practical" and encouraged the audience to try at home or at work if they "see something on the screen."
    Read More
  • Dec 6, 2017 | eWeek

    Newly Revealed Flaw in Intel Processors Allows Undetectable Malware

    The vulnerability presented by researchers from Positive Technologies at Black Hat Europe Dec. 6 detail a nightmare scenario. The CPU flaw allows malware to reside on nearly any recent Intel-based computer manufactured since at least 2015 so that it's completely undetectable.
    Read More
  • Dec 4, 2017 | Enterprise Times

    CyberX to demonstrate jumping the ICS air gap

    Security vendor CyberX is to demonstrate how to jump the industrial control system (ICS) air gap at Black Hat Europe this week.
    Read More
  • Dec 4, 2017 | Dark Reading

    Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches

    Saurabh Harit, managing consultant with Spirent, will present his findings on flaws in IV infusion pumps and digital smart pens at Black Hat Europe this week.
    Read More
  • Dec 1, 2017 | PC Magazine

    Joe 'Kingpin' Grand on Hacker History

    If you're in London on Dec 4-5, Joe Grand will be doing hardware hacking training at Black Hat Europe 2017.
    Read More
  • Nov 27, 2017 | eWeek

    AT&T Prepared for Court Battle to Defend Proposed Time Warner Merger

    The vulnerabilities allow an attacker "to run unsigned code in [the Platform Controller Hub] on any motherboard via Skylake ," an abstract states from a Black Hat Europe security conference talk scheduled for Dec. 6.
    Read More
  • Nov 25, 2017 | Security Intelligence

    Managing Security Risk in the Face of Intel ME Vulnerabilities

    Later in the year, researchers from Russia-based Positive Technologies discovered additional vulnerabilities in the firmware. The duo submitted the information to Black Hat Europe and announced that they plan to share it publicly in a 50-minute briefing on Dec. 6, 2017.
    Read More
  • Nov 24, 2017 | TechPulse

    Leaky Intel chips: many systems only patched next year

    Next month at the hacker conference Black Hat Europe , the researchers will give a demonstration of the attack. Then more details of the problem must become clear.
    Read More
  • Nov 23, 2017 | SecurityLab.ru

    Samsung Pay reveals the data of mobile device owners

    Samsung has already been informed about the problem. More information about the HC research will be presented at the Black Hat Europe 2017 conference, which will be held on December 4-7 in London.
    Read More
  • Nov 22, 2017 | Techspot

    Millions of devices could be at risk from Intel Management Engine vulnerabilities

    Intel has issued a security advisory over security flaws on its PC, server, and Internet-of-Things processors that make the platforms vulnerable to remote attacks. Mark Ermolov and Maxim Goryachy of Positive Technologies Research identified the issues, and will reveal full details of the Intel Management Engine flaws in a talk at the Black Hat Europe security conference on December 6.
    Read More
  • Nov 22, 2017 | Silicon Valley Business Journal

    Feds urge companies to take Intel's latest security vulnerability seriously

    Security researchers Mark Ermolov and Maxim Goryachy first described the situation in late August in an article posted to their company's blog. They plan to talk about their research at the Black Hat Europe conference next month in London.
    Read More
  • Nov 22, 2017 | CNET Japan

    Fix multiple vulnerabilities - firmware for Intel's "Management Engine" and others

    Mr. Goryachy and Ermolov are planning to announce the research results on ME at "Black Hat Europe" in December . An attacker is trying to reveal a method of moving unsigned code in a microprocessor in a form invisible from the main CPU and anti-malware software.
    Read More
  • Nov 22, 2017 | Clubic

    Intel: millions of vulnerable PCs with 11 vulnerabilities (even extinct)

    The two researchers are expected to present the results of their study in December 2017 at the Black Hat Europe conference, but Intel took the lead and conducted an audit of the affected systems, including the Management Engine (ME).
    Read More
  • Nov 22, 2017 | Monitor

    Millions of Intel processors are vulnerable due to the secret code

    This vulnerability, which the researcher will present at the Black Hat Europe November conference in depth, has spurred Intel with a thorough research.
    Read More
  • Nov 22, 2017 | Laptop Mag

    Intel CPUs Have Serious Security Flaws: What You Should Know

    Two Russian researchers working for a firm called Positive Technologies claim to have found ways to attack the ME via a USB port and thus take over a PC. They'll be presenting their findings at the Black Hat Europe 2017 security conference on Dec. 6.
    Read More
  • Nov 21, 2017 | ZDNet

    Intel: We've found severe bugs in secretive Management Engine, affecting millions

    Goryachy and Ermolov will present their research on an ME flaw at Blackhat in December, detailing how an attacker can run unsigned code in the microprocessor and remain invisible to the main CPU and any anti-malware software.
    Read More
  • Nov 21, 2017 | WIRED

    INTEL CHIP FLAWS LEAVE MILLIONS OF DEVICES EXPOSED

    Intel specifically undertook what spokesperson Agnes Kwan called a "proactive, extensive, rigorous evaluation of the product," in light of findings that Russian firmware researchers Maxim Goryachy and Mark Ermolov will present at Black Hat Europe next month.
    Read More
  • Nov 21, 2017 | eWeek

    Intel Patches Management Engine for Critical Vulnerabilities

    The flaws were reported to Intel by security researchers Mark Ermolov and Maxim Goryachy from Positive Technologies. The two researchers plan to provide full details of the Intel ME flaws in a talk on Dec. 6 at the Black Hat Europe security conference. The researchers said they found a vulnerability in a subsystem of Intel ME versions 11 and higher.
    Read More
  • Nov 21, 2017 | TechPulse

    Critical leaks with Intel chips: you too may be at risk

    Next month at the hacker conference Black Hat Europe , the researchers will give a demonstration of the attack. Then more details of the problem must become clear.
    Read More
  • Nov 21, 2017 | Radar

    Hackers can remotely control computers with Intel chip due to vulnerability

    Currently it is not yet known how serious the leak is. Security researcher Filippo Valsorda says to the Wired tech website: "This looks bad, but we do not yet know how easy it will be to abuse these vulnerabilities." According to expectation, researchers of the leak will publish more details next month, after the hacker conference Black Hat Europe.
    Read More
  • Nov 17, 2017 | ITSP Magazine

    Black Hat's Newest Research: The Cyber Threat in Europe

    Black Hat Europe's first-ever research report entitled, The Cyber Threat in Europe, details major concerns among the InfoSec community including infrastructure security, nation state attacks, enterprise security risks, and the implications of the NIS Directive and GDPR requirements.
    Read More
  • Nov 16, 2017 | ComputerWeekly.com

    Europe not ready for imminent cyber strikes, say infosec professionals

    According to a poll of more than 120 IT and security professionals registered to attend Black Hat Europe 2017, 42% said cyber espionage by major nation states such as Russia and China and attacks by rogue nations such as North Korea pose the biggest threat to EU critical infrastructure.
    Read More
  • Nov 15, 2017 | eWeek

    Researcher Provides Insight Into North Korea Cyber-Army Tactics

    Shen concluded her session by noting that she will be discussing more details about the cyber-crime activities of the North Korean hacker groups in December at a session at the Black Hat Europe conference.
    Read More
  • Nov 15, 2017 | Computable

    Forcepoint NGFW excels in security

    In December 2017 Forcepoint will be present at Black Hat Europe 2017, where we will provide more information about the evasion techniques that NSS discovered.
    Read More
  • Nov 14, 2017 | Tom's Hardware FR

    Big security breach in Intel platforms from Skylake CPUs

    The problem was revealed by the firm Positive Technologies which will give more details to the conference Black Hat Europe to be held on December 4th. Meanwhile, we know that they go through the Intel Management Engine, a module within the chipset with its own calculation units and operating system.
    Read More
  • Nov 10, 2017 | Fossbytes

    "Game Over!" - Intel's Hidden, MINIX-powered ME Chip Can Be Hacked Over USB

    The security firm Postive Technologies earlier promised to tell more about the God-Mode in December at Black Hat Europe and said that they had found a way for "an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard."
    Read More
  • Nov 9, 2017 | Dark Reading

    Stealthy New PLC Hack Jumps the Air Gap

    Researchers at Black Hat Europe next month will demonstrate a data-exfiltration attack on Siemens PLCs that uses combination of code manipulation and Radio Frequency (RF) emissions.
    Read More
  • Nov 6, 2017 | Dark Reading

    Cognitive Mindhacks: How Attackers Spread Disinformation Campaigns

    In a few weeks, Kropotov will join fellow FTR senior researchers Fyodor Yarochkin and Lion Gu to present tools and techniques used among cyber propaganda perpetrators around the world in a Black Hat Europe presentation titled "Enraptured Minds: Strategic Gaming of Cognitive Mindhacks."
    Read More
  • Nov 2, 2017 | Dark Reading

    Social Engineer Spills Tricks of the Trade

    He will present a recording of the call, lessons learned, and best practices from years of social engineering research, during his Black Hat Europe session "How to Rob a Bank Over the Phone - Lessons Learned and Real Audio from an Actual Social Engineering Engagement."
    Read More
  • Oct 31, 2017 | Threatpost

    Apple Patches KRACK Vulnerability in iOS 11.1

    More details are available in a research paper called a "Key Resinstallation Attacks: Forcing Nonce Reuse in WPA2," scheduled to be formally presented tomorrow at the Computer and Communications Security (CCS) conference and at Black Hat Europe.
    Read More
  • Oct 21, 2017 | The Register

    Wanna exorcise Intel's secretive hidden CPU from your hardware? Meet Purism's laptops

    Positive Technologies, a London-based security biz, recently discovered how Intel does this, and at Black Hat Europe 2017 in December is expected to disclose a Management Engine flaw that allows the execution of unsigned code in the Platform Controller Hub, on motherboards sporting Skylake or later CPUs. Such code can switch off the engine by flipping an undocumented bit.
    Read More
  • Oct 18, 2017 | WIRED

    As our power grids get smarter, they're more vulnerable to attack

    At the Black Hat conference in Las Vegas earlier this year, he watched a room full of hackers get to work cracking into smart home devices.
    Read More
  • Oct 18, 2017 | Channel Partners

    The KRACK in Wi-Fi Security: What Partners Need to Know Now

    'Any data or information that the victim transmits can be decrypted,' said Vanhoef in his write-up of the vulnerability. He has published the details in a research paper titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, and will present the findings at Black Hat Europe in December, as well as the Computer and Communications Security conference in Dallas next month.
    Read More
  • Oct 17, 2017 | WIRED

    First companies respond to WPA2 hack

    The researchers will present the details of their exploit at the Black Hat Europe conference in December.
    Read More
  • Oct 16, 2017 | eWeek

    Researchers Reveal Critical KRACK Flaws in WPA WiFi Security

    The researchers have disclosed the details of the KRACK attack in a research paper and plan on discussing it further in talks at the Computer and Communications Security (CCS) and Black Hat Europe conferences later this year.
    Read More
  • Oct 16, 2017 | Threatpost

    KRACK Attack Devastates Wi-fi Security

    More details are available in a video, below, and in a research paper also published today called a 'Key Resinstallation Attacks: Forcing Nonce Reuse in WPA2,' scheduled to be formally presented Nov. 1 at the Computer and Communications Security (CCS) conference and at Black Hat Europe.
    Read More
  • Oct 16, 2017 | BleepingComputer

    New KRACK Attack Breaks WPA2 WiFi Protocol

    The expert describes the attack in much more depth on a website dedicated to the KRACK attack, and in a research paper the expert plans to present at this year's Computer and Communications Security (CCS) and Black Hat Europe conference.
    Read More
  • Oct 16, 2017 | Dark Reading

    Secure Wifi Hijacked by KRACK Vulns in WPA2

    The KRACK attacks work on all modern wireless networks using the WPA2 protocol and any device that supports WiFi is most likely impacted, the researchers said in a technical paper that they will present at the upcoming Black Hat Europe security conference.
    Read More
  • Oct 16, 2017 | Forbes

    Update Every Device -- This KRACK Hack Kills Your Wi-Fi Privacy

    The research appears to have been built on previously-released findings from July, when Vanhoef and colleagues discussed issues with Wi-Fi security at the Black Hat conference in Las Vegas.
    Read More
  • Oct 16, 2017 | ZDNet Japan

    Multiple vulnerabilities in WPA 2 of Wi-Fi authentication? Researchers have announced the publication

    Vulnerability information on "Wi-Fi Protected Access II" (WPA 2) of Wi-Fi certification is stated in the lecture notice of the security conference "Black Hat Europe 2017" to be held in early December in London and security researcher Ripples are spreading among them.
    Read More
  • Oct 16, 2017 | IBT

    'All modern WiFi networks' now vulnerable to hackers, millions of Android devices at risk

    More on the WiFi flaw is set to be revealed on 1 November 2017 during the Black Hat Europe conference.
    Read More
  • Oct 16, 2017 | GovInfoSecurity

    WiFi Security Shredded via KRACK Attack

    Vanhoef has published his findings in a detailed research paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. He's due to present the findings on Nov. 1 at the Computer and Communications Security conference in Dallas, and in December at Black Hat Europe in London.
    Read More
  • Oct 16, 2017 | IT Pro

    Widespread Wi-Fi Flaw Allows Attackers to Snoop on Encrypted Chats

    Vanhoef will present his research at the Computer and Communications Security conference and the Black Hat Europe conference.
    Read More
  • Oct 16, 2017 | The Register

    WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto

    Research behind the attack will be presented at the Computer and Communications Security (CCS) conference in November, and at the Black Hat Europe conference in December.
    Read More
  • Sep 26, 2017 | The Register

    Researchers promise demo of 'God-mode' pwnage of Intel mobos

    Security researchers say they've found a way to exploit Intel's accident-prone Management Engine, and will reveal the problem at Black Hat Europe in December.
    Read More
  • Sep 21, 2017 | dobreprogramy

    Intel Management Engine scare again: chips not detectable infected?

    This year's Black Hat Europe conference, which will take place in early December, will feature a spectacular attack on Intel Management Engine (ME), the first of its kind, and at the same time, posing a big question of the legitimacy of using such technologies.
    Read More
  • Aug 25, 2017 | Computer Weekly

    Security professionals name top causes of breaches

    Nearly 55% of more than 130 attendees of the 2017 Black Hat security conference in Las Vegas admitted their organisations had been hit by cyber attacks.
    Read More
  • Aug 25, 2017 | The Register

    Hash of the Titan: How Google bakes security all the way into silicon

    As Clune notes, the recent Black Hat conference in Las Vegas research on firmware vulnerabilities (PDF) might be used to plant software backdoors. Google acknowledges such outside interference as a risk it is trying to exclude.
    Read More
  • Aug 25, 2017 | WIRED

    Microsoft's Bid to Save Powershell From Hackers Starts to Pay Off

    At the Black Hat and DefCon security conferences in Las Vegas last month, Microsoft's Holmes gave multiple presentations tracking methods attackers could use to hide their activity in PowerShell.
    Read More
  • Aug 22, 2017 | Forbes

    Inside the Black Hat USA Network Operations Center

    Created five years after DEF CON, a more rowdy hacker conference which takes place the weekend after, Black Hat in the United States is perhaps the best known of the annual gatherings of information security professionals in the world. So the Black Hat USA NOC has its work cut out for it.
    Read More
  • Aug 22, 2017 | The Register

    Apple iCloud Keychain easily slurped by cops, ElcomSoft claims

    Radocea elaborated on his findings in May and presented a more detailed account of his work at the Black Hat conference earlier this month.
    Read More
  • Aug 22, 2017 | Security Intelligence

    Is Antivirus Protection Still Relevant?

    Thycotic conducted a survey of Black Hat 2017 conference attendees to see what they thought about current security products.
    Read More
  • Aug 22, 2017 | Threatpost

    Android Spyware Linked to Chinese SDK Forces Google to Boot 500 Apps

    Google, meanwhile, has been out front in marketing its successes, in particular at the RSA and Black Hat conferences.
    Read More
  • Aug 18, 2017 | Help Net Security

    How security pros look at encryption backdoors

    72 percent of the respondents do not believe encryption backdoors would make their nations safer from terrorists, according to a Venafi survey of 296 IT security pros, conducted at Black Hat USA 2017.
    Read More
  • Aug 18, 2017 | Help Net Security

    Why you need to implement security controls across your environment

    In this podcast recorded at Black Hat USA 2017, Tim White, Director of Product Management, Policy Compliance at Qualys, discusses the importance of security configuration assessment as part of a comprehensive vulnerability management program, and why automating the configuration assessment and reporting of varied IT assets in a continuous manner is important to securing today's organizations.
    Read More
  • Aug 18, 2017 | Infosecurity Magazine

    Hiring More People is Top Need for Better Security in 2017

    The firm surveyed 108 pros at Black Hat USA last month and revealed that more than two-thirds (70%) of respondents who said 'people' consider hiring 'experienced professionals' as a priority whilst 30% said that they were willing to hire inexperienced individuals and train them on the job.
    Read More
  • Aug 18, 2017 | CSO

    Mobile device security for the road warrior

    Black Hat is one of the biggest hacker conventions and notorious for having attendees' phones breached. If you can survive Black Hat without your mobile device compromised, you can trust it to be reasonably secure anywhere. Here's how Ragan and Rashid stayed safe at Black Hat.
    Read More
  • Aug 17, 2017 | NetworkWorld Asia

    The best enterprise anti-virus protection may not be enough

    According to a survey of this year's Black Hat attendees, 73 percent think that traditional anti-virus is irrelevant or obsolete.
    Read More
  • Aug 17, 2017 | BetaNews

    72 percent of security pros say encryption backdoors won't stop terrorism

    A new survey of information security professionals carried out at last month's Black Hat conference suggests that the majority think encryption backdoors are ineffective and potentially dangerous.
    Read More
  • Aug 17, 2017 | Security Intelligence

    Incident Response and Threat Intelligence: A Potent One-Two Punch to Fight Cybercrime

    At the recent Black Hat event, Mike Oppenheim, global research lead for IBM X-Force Incident Response and Intelligence Services (IRIS), took the time to share his thoughts on some of the major threats that have wreaked havoc so far in 2017.
    Read More
  • Aug 17, 2017 | Scout

    Will U.S. Cyberwarriors be Ready for Next Big Hack?

    At Black Hat this year, there appeared to be more emphasis on 'proactive hunting,' which is a positive development, he said.
    Read More
  • Aug 17, 2017 | TechCrunch

    Can the security community grow up?

    We live in an imperfect world, as Alex Stamos, Chief Information Security Officer of Facebook pointed out in his recent BlackHat 2017 keynote address.
    Read More
  • Aug 17, 2017 | Help Net Security

    The human point: Gaining visibility into the context behind user actions

    In this podcast recorded at Black Hat USA 2017, Dr. Richard Ford, Chief Scientist at Forcepoint, talks about the security industry's need of a paradigm shift toward examining user behavior and intent.
    Read More
  • Aug 17, 2017 | eSecurity Planet

    Locky Ransomware Returns with New IKARUSdilapidated Phishing Campaign

    At Black Hat USA 2017 last month, researchers presented the results of a study by Google, Chainalysis, UC San Diego and the NYU Tandon School of Engineering, which found that 35 ransomware strains earned cybercriminals $25 million over the past two years.
    Read More
  • Aug 17, 2017 | IT Business Edge

    Studies Show Ways Organizations Struggle with Cybersecurity

    First, Tripwire surveyed people at Black Hat about security improvements after the WannaCry and Petya ransomware attacks.
    Read More
  • Aug 17, 2017 | InsideCounsel

    Passwords are Obsolete and Dangerous

    The cybersecurity 'walls' that organizations have built around sensitive information are failing to stop breaches: 73 percent of hackers surveyed at the recent 'Black Hat' convention believe traditional security perimeters of firewalls and antivirus are irrelevant or obsolete.
    Read More
  • Aug 17, 2017 | Security Weekly

    Black Hat Recap with Matt Alderman - Startup Security Weekly #50

    Matt joins Paul to recap the startups that caught their attention at the recent Black Hat conference in Las Vegas!
    Read More
  • Aug 16, 2017 | Security Affairs

    Faulty firmware OTA update bricked hundreds of LockState smart locks

    At the last Black Hat hacker conference security experts demonstrated how to hack electronic locks, and the news I'm going to tell you demonstrates how annoying could be an incident to occurred to hundreds of smart locks.
    Read More
  • Aug 16, 2017 | eSecurity Planet

    Most Small to Mid-Sized Organizations Don't Use Multi-Factor Authentication

    The impact can be significant. A recent Thycotic survey of more than 250 hackers at Black Hat 2017 found that 32 percent of respondents said accessing privileged accounts is the easiest and fastest way to get at sensitive data, while 27 percent said the same of accessing email accounts.
    Read More
  • Aug 16, 2017 | SDxCentral

    Docker Adds IBM Mainframes, Enhanced Security Support to EE

    Docker's Swarm container orchestration platform has been cited as the 'gold standard' in terms of security. However, the platform was the center of attention at several sessions dedicated to container security at the recent Black Hat USA event.
    Read More
  • Aug 15, 2017 | MediaPost

    Hacking From The Inside: A Report From The Black Hat Conference

    What do hackers want, and how do they go about getting it? Those questions were answered - by hackers themselves - in a survey conducted by Thycotic at this year's Black Hat Conference in Las Vegas.
    Read More
  • Aug 15, 2017 | CSO

    The best enterprise anti-virus protection may not be enough

    According to a survey of this year's Black Hat attendees, 73 percent think that traditional anti-virus is irrelevant or obsolete.
    Read More
  • Aug 15, 2017 | BetaNews

    Why hackers love privileged accounts

    Privileged account solutions specialist Thycotic carried out a survey of more than 250 hackers at 2017's Black Hat conference and found that 32 percent of respondents see privileged accounts as the best way of getting hold of sensitive data, with 27 percent preferring access to user email accounts.
    Read More
  • Aug 14, 2017 | Infosecurity Magazine

    Hackers See Privileged Accounts as Best Route to Sensitive Data

    When it comes to what works and doesn't work for protecting critical data, nearly one third (32%) of respondents at the recent Black Hat conference said that accessing privileged accounts was the number one choice for the easiest and fastest way to get access to critical data.
    Read More
  • Aug 14, 2017 | Help Net Security

    STIX and TAXII: Sharing cyber threat intelligence

    n this podcast recorded at Black Hat USA 2017, Allan Thomson, CTO at LookingGlass Cyber Solutions, talks about STIX and TAXII.
    Read More
  • Aug 14, 2017 | The New Stack

    JASK Employs Artificial Intelligence to Automate Smarter Security

    Add JASK to the list of startups looking to relieve the burden on overwhelmed security teams through the use of artificial intelligence. The San Francisco-based company unveiled its JASK Trident platform at the recent Black Hat conference in Las Vegas.
    Read More
  • Aug 14, 2017 | Dark Reading

    Cybersecurity's Ceiling

    n some cases, upper management is putting a cap on spending and hiring. In the recently published 2017 Black Hat Attendee Survey, most security professionals say they are increasing hiring and spending.
    Read More
  • Aug 14, 2017 | Help Net Security

    AI is key to speeding up threat detection and response

    Vectra Networks has polled 459 Black Hat attendees on the composition and effectiveness of their organizations' SOC teams.
    Read More
  • Aug 14, 2017 | SecurityWeek

    VMware Patches 'Hard-to-Exploit' DoS Vulnerability

    Last month, at the Black Hat security conference in Las Vegas, researchers showed how attackers with limited vSphere accounts could abuse a VMware API to access the guest operating system without authentication.
    Read More
  • Aug 14, 2017 | SDxCentral

    Time, Security Cited as Hurdles to Adoption of Containers

    During the recent Black Hat USA event, there were several sessions dedicated to container security issues. Kirkland said from what he heard, most of the vulnerabilities noted were mundane issues he thought were highlighted for maximizing exposure.
    Read More
  • Aug 14, 2017 | eSecurity Planet

    ICS Security Firm Dragos Raises $10M

    In a press conference at the Black Hat USA conference, Lee provided insight into how ICS security works (or doesn't) today and what more needs to be done.
    Read More
  • Aug 13, 2017 | IBT

    Are Organizations Safe From Cyber Attacks? Experts Say Most Still Vulnerable

    Threat detection firm Tripwire surveyed 108 security professionals at the Black Hat USA hacker conference held in Las Vegas in July. It found a considerable number of experts who were dismayed by the response of organizations in the wake of attacks like WannaCry and Petya.
    Read More
  • Aug 13, 2017 | Security Now

    Obscurity Hampers Security: The Latest Survey

    'Visibility' was one of the five words that defined this year's Black Hat conference, and its importance to security professionals is amplified in the results of the Vanson Bourne survey sponsored by Gigamon.
    Read More
  • Aug 11, 2017 | TechTarget

    Cybersecurity machine learning moves ahead with vendor push

    Oltsik attended the recent Black Hat conference, where technology vendors were abuzz with talk of cybersecurity machine learning.
    Read More
  • Aug 11, 2017 | Phandroid

    Top 10 Worst Tech Mistakes in the World of Android

    To their credit, BLU says they were unaware that the software was installed on the phones and quickly rolled out a software update to remove it, but Kryptowire shared concerns at a Black Hat security conference this year that Chinese companies are just getting better at masking their server pings rather than removing the firmware altogether.
    Read More
  • Aug 11, 2017 | TechTarget

    District attorney: Gathering cybercrime evidence can be difficult

    At Black Hat 2017, SearchSecurity sat down with Norman Barbosa, assistant U.S. state's attorney for the western district of Washington and the office's coordinator of computer hacking and intellectual property crimes, who is based in Seattle.
    Read More
  • Aug 11, 2017 | Government Technology

    On Metrics: Responding to Failing Security Grades

    Mr. Carson is a respected cybersecurity professional and ethical hacker with more than 25 years' experience in enterprise security. Joe speaks at global conferences such as Black Hat, and he serves as Chief Security Scientist at Thycotic.
    Read More
  • Aug 11, 2017 | SecurityWeek

    Hackers Say Humans Most Responsible for Security Breaches

    Thycotic surveyed a cross section of hackers attending Black Hat. Fifty-one percent described themselves as white hats; 34% described themselves as grey hats using their skills for both good and bad causes; and 15% self-identified as out-and-out black hats.
    Read More
  • Aug 11, 2017 | Information Security Buzz

    Black Hat USA 2017: Bigger and Better

    The 20th edition of Black Hat USA (BHUSA) did not disappoint, if your expectations were the largest exhibit floor, the most lasers, and the biggest attendance ever. Black Hat USA has become one of the most anticipated infosec conferences of the year
    Read More
  • Aug 11, 2017 | WeLiveSecurity

    Black Hat at 20, DefCon at 25: Not just about breaking things

    One way Black Hat has prospered is by becoming the venue of choice for security researchers seeking to showcase new ways to hack something interesting, like cars, an ATM, or insulin pumps. But these events are not just about breaking things; in this post I point to one of several briefings this year which made that point quite effectively.
    Read More
  • Aug 10, 2017 | Hindustan Times

    Are international cyber attacks the wave of the future?

    When cyber-security professionals were polled recently at their annual BlackHat conference in Las Vegas, 60% said they expected the United States to suffer a successful attack against its critical infrastructure in the next two years.
    Read More
  • Aug 10, 2017 | Bank Info Security

    Here's How Ugly Infosec Marketing Can Get

    Such notifications are customary to allow organizations time to fix problems. That's also despite the fact that representatives of both companies were together recently at the Black Hat security conference.
    Read More
  • Aug 10, 2017 | E&E News

    How can utilities protect shared data

    Brandstetter revealed security problems with popular "smart" home and building automation systems at the recent Black Hat security conference.
    Read More
  • Aug 10, 2017 | MIT Technology Review

    This New Squad of Internet Experts Will Try to Bring Order to Global Cyber Conflict

    But 'cyberspace is not a jungle,' the new commission's chair, Marina Kaljurand, told an audience at the Black Hat computer security conference in Las Vegas last month.
    Read More
  • Aug 10, 2017 | Help Net Security

    InfoArmor: Actionable intelligence, comprehensive protection

    In this podcast recorded at Black Hat USA 2017, Mike Kirschner, Senior Vice President of Advanced Threat Intelligence at InfoArmor, talks about how they offer operatively-sourced threat intelligence, specialized cyber security services and real-time, client-specific alerts to protect your network and prevent data exfiltration.
    Read More
  • Aug 10, 2017 | 451 Research

    Is defense the 'new Black (Hat)'? Notes from 2017's 'security summer camp'

    As security pros converged for their annual gathering in the Nevada desert, the growing maturity of the field is on display, along with a wide range of interests embracing both breakers and builders. But does Black Hat in particular back up its new emphasis on defense with action?
    Read More
  • Aug 10, 2017 | Gartner

    FAQ: What I thought about Black Hat USA 2017

    IMO Black Hat USA continues to grow into a better version of the RSA Conference. Less vendor marketing nonsense. Fewer suited, disconnected executive types. Actual practitioners and 'real' people to talk to, both in terms of attendees and vendors.
    Read More
  • Aug 9, 2017 | eWeek

    Carbon Black EDR Service Exposing Customer Data Through Cloud Scanning

    Compromised computers with no direct access to the Internet could still have data exfiltrated by attackers using the security software's cloud sandbox as a channel to the Internet, security firm SafeBreach stated in research presented at the Black Hat Security Briefings in Las Vegas last month.
    Read More
  • Aug 9, 2017 | Help Net Security

    Understanding your responsibility and security in the cloud

    In this podcast recorded at Black Hat USA 2017, Chris Drake, CEO at Armor, talks about the difference between security of the cloud and security in the cloud.
    Read More
  • Aug 9, 2017 | SiliconANGLE

    The security revolution: Is protecting critical infrastructure all talk and no action?

    And a survey of leading security experts at the Black Hat conference in Las Vegas, Nevada, last month found that 60 percent believed there will be a successful attack on the nation's critical infrastructure within two years.
    Read More
  • Aug 9, 2017 | TechTarget

    How FBI cyber investigations handle obfuscation techniques

    SearchSecurity sat down with David West, assistant section chief of the FBI's Cyber Division, operational section four, at the Black Hat conference in Las Vegas to talk about how the FBI performs cyber investigations.
    Read More
  • Aug 9, 2017 | CIO

    What hackers think of your cybersecurity efforts

    Survey of Black Hat 2017 attendees reveals what hackers consider toughest tech to beat
    Read More
  • Aug 8, 2017 | Threatpost

    Google Patches 10 Critical Bugs in August Security Bulliten

    Over the past several years, Google has prioritized shrinking the Android attack surface. Those efforts have included focusing on containment of key aspects the Android system such as the Media Framework and the Android kernel. Google calls these efforts architectural separation and architectural decomposition and were the subject of a Black Hat presentation last month.
    Read More
  • Aug 8, 2017 | Financial Times

    Cyber security: in need of a hack

    Recently, I saw him speak at the 20th anniversary of Black Hat, an annual cyber security conference in the desert attended by more than 15,000 people. Stamos had a simple message for the cyber security community that he refers to as a 'dysfunctional family': I love you, but you need to change.
    Read More
  • Aug 8, 2017 | TechTarget

    FBI: Cyber investigations no different from real world

    SearchSecurity sat down with David West, assistant section chief of the FBI's Cyber Division, operational section four, at the Black Hat conference in Las Vegas to talk about how FBI cyber investigations are performed and how the agency meets the burden of proof.
    Read More
  • Aug 8, 2017 | Dark Reading

    The Patching Dilemma: Should Microsoft Fix Flaws in Older Tech?

    The company's decision to choose the latter was a topic of conversation at Black Hat USA and DEF CON last month. Researchers presented on security holes Microsoft had declined to patch and instead offered users guidance and workarounds to protect their systems from attack.
    Read More
  • Aug 8, 2017 | Help Net Security

    Automating the hunt for cyber attackers

    n this podcast recorded at Black Hat USA 2017, Mike Banic, Vice President, Marketing, and Chris Morales, Head of Security Analytics at Vectra Networks, talk about the use of artificial intelligence to perform non-stop, automated threat hunting with always-learning behavioral models to find hidden and unknown attackers before they do damage.
    Read More
  • Aug 8, 2017 | Security Affairs

    Black Hat 2017 - Hacking the electronic locks to open the doors could be easy

    At Black Hat 2017 hacker conference, the expert Colin O'Flynn presented an interesting report on breaking electronic door locks.
    Read More
  • Aug 8, 2017 | Information Age

    What Wall Street can teach Black Hat's 'Wall of Sheep'

    Every July, thousands of the world's most savvy security professionals descend upon Las Vegas for the Black Hat conference. For the uninitiated, the well-understood rule of the conference is that mobile devices stay in your hotel room, lest you wind up on the 'Wall of Sheep,' a conference stalwart posting in which hackers happily embarrass those who aren't practicing 'safe' computing.
    Read More
  • Aug 7, 2017 | CSO

    Engineering firm exposes SCIF plans and power vulnerability reports

    During the Black Hat conference in Las Vegas, CSO spoke with two experts about ICS threats, including locating sensitive information online due to misconfigurations and general OSINT research.
    Read More
  • Aug 7, 2017 | BleepingComputer

    Severe Deserialization Issues Also Affect .NET, Not Just Java

    The research team presented their findings at this year's Black Hat and DEF CON security conferences, held in early August in Las Vegas, USA.
    Read More
  • Aug 7, 2017 | IO

    Blackhat USA 2017 and DEF CON 25

    But Blackhat, unlike its name suggests (the term Blackhat refers to a hacker who violates malicious security systems) is a business-oriented conference. According to Moss, the event was created to educate CSOs and information security professionals from large companies.
    Read More
  • Aug 7, 2017 | CRN

    New Frontiers: 10 Hot Security Opportunities For Solution Providers

    The latest threats were front and center at the Black Hat 2017 conference in Las Vegas last month.
    Read More
  • Aug 5, 2017 | Digital Journal

    Obama's cybersecurity advisor: We need to tackle 'statecraft'

    Daniel served as President Obama's top cyber advisor during his second term in office. The MIT Technology Review recently caught up with him in an interview during the Black Hat cybersecurity conference.
    Read More
  • Aug 4, 2017 | Info Security

    Infosec Pros: AI Could Soon Be Used Against Us

    The security vendor polled Black Hat USA attendees last week to gauge their thoughts on the rapidly emerging technology.
    Read More
  • Aug 4, 2017 | Enterprise Times UK

    Fresh WordPress sites like catnip to hackers

    Maunder references a presentation at Black Hat 2017 which recently took place in Las Vegas. Security researcher Hanno Bock demonstrated a method to detect new WordPress sites by monitoring for new security certificates.
    Read More
  • Aug 4, 2017 | Security Affairs

    Black Hat 2017 - GitPwnd tool could be used by attackers to communicate with compromised devices via Git repositories

    Even if the Black Hat conference was ended a few days ago, here we are discussing interesting talks of cyber security experts that participated at the event.
    Read More
  • Aug 4, 2017 | CSO

    Cybersecurity headhunter shares 10 secrets from Black Hat 2017

    Thousands of security-minded professionals gathered under one roof at the popular Black Hat USA 2017 Conference last week in Las Vegas. Recruiters from executive search firms, large organizations, and technology vendors were busy networking with the hacker crowd.
    Read More
  • Aug 4, 2017 | SecurityWeek

    Hackers Can Use Git Repos for Stealthy Attack on Developers

    Malicious actors can abuse GitHub and other services that host Git repositories for stealthy attacks aimed at software developers, experts showed recently at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 4, 2017 | CNET

    Paranoia and break dance battles: My first crazy hacker fest

    Defcon is the second of two Las Vegas conferences -- the first being Black Hat earlier in the week -- that offers people in the information security community a chance to share updates on the latest hacks and ways to stop them.
    Read More
  • Aug 3, 2017 | Ars Technica UK

    Privacy warnings spell trouble for millions of low-cost Android phone owners

    Last week's presentation at the Black Hat security conference in Las Vegas by security firm Kryptowire came eight months after the same company first warmed about Android devices sold by Blu.
    Read More
  • Aug 3, 2017 | Australian Financial Review

    Don't just fear the power grid hack. Fear how little engineers knows about it

    Electrical grids were on the minds of those gathered at Black Hat, the world's biggest hacker convention - appropriately enough in Las Vegas - that took place last week. The confab draws 16,000 hackers and information technology experts from around the globe.
    Read More
  • Aug 3, 2017 | TelecomTV

    "Weaponised AI" will be used to carry out cyber attacks "within the next 12 months"

    The new research was conducted and analysed just last week at the annual Black Hat USA symposium held in Las Vegas, Nevada, For the past 20 years the Black Hat events (which are held all over the world) been central to the dissemination and discussion of the latest news, data and scuttlebutt on trends and developments in information security.
    Read More
  • Aug 3, 2017 | Tom's Guide

    Amazon Halts Blu Phone Sales Amid Spyware Concerns (Update: Blu Responds)

    At the time, Blu said it would remove the software from its phones, but during last week's Black Hat security conference, Kryptowire said the software from Shanghai Adups Technology continues to collect user data.
    Read More
  • Aug 3, 2017 | SC Magazine

    Hackers will weaponize AI, survey says

    The majority of information security professionals (62 percent) surveyed by Cylance at Black Hat USA 2017 think that hackers will weaponize AI, using it offensively over the next year.
    Read More
  • Aug 3, 2017 | Robert Abel

    Amazon suspends sales of Blu Android phones amid spyware allegations

    Amazon Monday announced it is suspending sales of certain Android phones manufactured by Blu after a Black Hat presentation claimed that three of the firm's model's sent sensitive information to third parties in China, a claim Blu denies.
    Read More
  • Aug 3, 2017 | SC Magazine UK

    Weaponised AI. Davey Winder asks the industry - is that a thing yet?

    That artificial intelligence was on the agenda at Black Hat should come as no surprise. The promise of AI, from machine learning through to automation, in cyber security has become a major marketing tool amongst vendors.
    Read More
  • Aug 3, 2017 | CSO

    Moving Forward with Machine Learning for Cybersecurity

    At Black Hat last week, you couldn't pass a slot machine without some cybersecurity technology vendor crowing about machine learning or artificial intelligence. Yup, machine learning algorithms have great potential to help with security analytics and employee productivity, but this technology is in its infancy and not well understood.
    Read More
  • Aug 2, 2017 | Tom's Hardware

    Blu, Amazon Tussle Over Smartphone Privacy Issues (Updated)

    At last week's Black Hat conference, Kryptowire revealed that the firmware was still present on some devices. This time, however, it collected data in a much less obvious way.
    Read More
  • Aug 2, 2017 | Threatpost

    Will The Real Security Community Please Stand Up

    Black Hat 2017 was a vocabulary lesson for white hats, and yes, words matter. Words such as nihilism, empathy and inclusion have to matter, because what you're doing now matters so much.
    Read More
  • Aug 2, 2017 | Ars Technica

    Privacy warnings spell trouble for millions of low-cost Android phone owners

    Last week's presentation at the Black Hat security conference in Las Vegas by security firm Kryptowire came eight months after the same company first warned about Android devices sold by Blu. That
    Read More
  • Aug 2, 2017 | eWeek

    How the Federal Government Wants to Improve IoT Security

    At the Black Hat USA security conference on July 26, FTC Commissioner Terrell McSweeny outlined several steps her agency is already taking to help protect consumers of IoT devices. Sweeny's Black Hat talk was specifically about how vendors can market devices and make accurate claims about funcationality.
    Read More
  • Aug 2, 2017 | TechTarget

    Risk & Repeat: Black Hat 2017 highlights

    Black Hat 2017 was filled with the usual assortment of fresh vulnerabilities and emerging threats, including a devastating proof-of-concept attack for mobile devices and the first-known example of malware designed to cripple electrical grid substations.
    Read More
  • Aug 2, 2017 | MIS Training Institute

    How Cybersecurity Can Step Up Its Game Through Information Sharing

    'Unfortunately, the trend lines are currently against us,' Daniel told Infosec Insider during a recent video interview at the Black Hat conference in Las Vegas, Nevada.
    Read More
  • Aug 2, 2017 | Security Weekly

    Black Hat 2017 Montage


    Read More
  • Aug 2, 2017 | ISG Insights

    Black Hat 2017 and Workforce Strategy for the Cybersecurity Talent Shortage

    Black Hat 2017, held in Las Vegas from July 22 to 27, 2017, is one of the major cyber-security industry conferences of the year. This year's conference highlighted a growing need to reexamine the enterprise's workforce strategy when it comes to cybersecurity.
    Read More
  • Aug 2, 2017 | Washington Examiner

    Tech community confronts cyber policy at Black Hat

    Jeff Moss, founder of the Black Hat cybersecurity conference, said the annual event here provides "a crystal ball" on upcoming information-technology issues, and that may apply to cyber policy too.
    Read More
  • Aug 2, 2017 | BBC

    Black Hat: The conference teaching hacking skills

    The courses at this year's Black Hat information security conference taught more than 3,500 people how to hack.
    Read More
  • Aug 2, 2017 | eWeek

    Artificial Intelligence Taking a Bigger Role in Antimalware Technology

    At the Black Hat conference here, McAfee announced that its flagship product, McAfee ATD (Advanced Threat Defense) 4.0, is now augmented with machine learning models.
    Read More
  • Aug 2, 2017 | Neowin

    Black Hat: Shooting down drones in the wild

    The first day of Black Hat was a whirlwind of InfoSec stories and information. While I already covered the great keynote presentation by Facebook CSO Alex Stamos, and tried to shine a light on the lack of printer security courtesy of HP, there are so many different topics being discussed at the conference that nobody can possibly see even a fraction of what is being presented.
    Read More
  • Aug 2, 2017 | GeekWire

    3 key cybersecurity trends and takeaways from Black Hat and DEF CON 2017

    Unlike its name might suggest, Black Hat is the more business-oriented of the two conferences. Moss created it to educate CSOs and InfoSec security teams from large enterprises. Though the same speakers often attend both, the briefings at Black Hat are more professional and often focus on (or at least end with) defensive strategies.
    Read More
  • Aug 1, 2017 | Consumer Affairs

    Amazon suspends sale of Blu phones amidst privacy concerns

    Both Blue and Adups announced shortly after that they had taken steps to resolve the issue, but researchers showed at the Black Hat conference that phones made by Blue were still transmitting private information and were capable of installing apps, taking screenshots, recording screens, making calls, and wiping devices without users' permission.
    Read More
  • Aug 1, 2017 | Digital Trends

    How to keep yourself safe from Chinese spyware on budged Android phones

    Kryptowire appeared at July's Black Hat security conference in Las Vegas to say the spyware still existed on some of Blu's current phones, which led to Amazon's decision the following week.
    Read More
  • Aug 1, 2017 | Dark Reading

    Microsoft Security Put to the Test at Black Hat, DEF CON

    In his Black Hat presentation "Infecting the Enterprise: Abusing Office365 PowerShell for Covert C2," Craig Dods, chief architect of security at Juniper Networks, explained how Office 365 is ideal for a command and control infrastructure. He argued businesses aren't considering the risk of Office 365 adoption and demonstrated how attackers can take advantage.
    Read More
  • Aug 1, 2017 | ZDNet

    Amazon halts Blu phone sales over 'potential security issue'

    However, at the Black Hat security conference last week, Kryptowire demonstrated that Adups was still transmitting users' private data and featured a command-and-control server capable of installing apps, taking screenshots, recording the screen, making calls, and wiping devices without the user's permission.
    Read More
  • Aug 1, 2017 | Threatpost

    Amazon Halts sale of Android Blu Phone Amid Spyware Concerns

    The phone maker came under scrutiny last week by researchers at Kryptowire during a Black Hat session where they criticized the company for collecting personal identifiable information without user consent.
    Read More
  • Aug 1, 2017 | TechTarget

    Experts debate Vulnerabilities Equities Process disclosure

    A panel of experts at the Black Hat conference in Las Vegas discussed the topic, including Jason Healey, senior research scholar at Columbia University, who said the Vulnerabilities Equities Process has two major aims.
    Read More
  • Aug 1, 2017 | PC Magazine

    Amazon Pulls Blu Smartphones Over Spyware Concerns

    But at Black Hat last week, Kryptowire revealed that several Blu phones, including the best-selling Blu Advance 5.0, still contain spying software created by Shanghai Adups Technology.
    Read More
  • Aug 1, 2017 | Naked Security

    Should governments keep vulnerabilities secret?

    But two recent research papers, presented together at Black Hat, argue that data analysis should carry more weight than 'speculation and anecdote' in setting government policy on the matter.
    Read More
  • Aug 1, 2017 | IBT

    Amazon halts sale of Blu phones preloaded with 'potential' Chinese spyware

    At last week's Black Hat security conference, the company revealed that a spyware from Chinese software company Shanghai Adups Technology was present on a handful of Blu devices.
    Read More
  • Aug 1, 2017 | eWeek

    Google Tracks Ransomware Payments at Scale With Machine Learning

    Ransomware isn't just a hot topic in the media, it's a real and growing threat, according to a team of Google-led researchers. Google publicly presented its findings in a session titled "Tracking Ransomware End to End" at the Black Hat USA security conference in Las Vegas on July 26.
    Read More
  • Aug 1, 2017 | Daily Mail

    Amazon finally suspends sales of $60 Blu Android phones after discovering they STILL secretly send user data to China eight months after the firm first claimed spyware was a mistake

    'They replaced them with nicer versions,' Ryan Johnson, a research engineer and cofounder at Kryptowire, said last week at the Black Hat security conference in Las Vegas.
    Read More
  • Aug 1, 2017 | CBS News

    Researchers find some phones secretly sending data to China

    At the Black Hat security conference in Las Vegas on Wednesday, researchers from Kryptowire, a security firm, revealed that Adups' software is still sending a device's data to the company's server in Shanghai without alerting people. But now, it's being more secretive about it.
    Read More
  • Jul 31, 2017 | IBT India

    The weak side of strong 4G LTE network

    The attack, known as the 'Ghost Telephonist', was presented at the ongoing hacker summit Black Hat USA 2017 and DEF CON in Las Vegas, Nevada.
    Read More
  • Jul 31, 2017 | Golem

    Confuse servers with HTTP headers

    Numerous variants of so-called server-side-request-forgery attacks have been shown by James Kettle of Portswigger at the Black Hat conference in Las Vegas. Kettle's main focus was to confuse load balancers and web servers with cleverly chosen HTTP headers.
    Read More
  • Jul 31, 2017 | HardenStance

    Congratulations On A More User Centric BlackHat

    For the benefit of anyone who's still in doubt, Black Hat is evolving the focus of its core mission.
    Read More
  • Jul 31, 2017 | HackRead

    'Ghost Telephonist' Attack Exploits 4G LTE Flaw to Hijack Phone Numbers

    Unicorn Team demonstrated the findings on Sunday at the Black Hat USA 2017 hacker summit. As per the team of researchers, CSFB's authentication step is missing from its procedure, which can allow easy access to hackers to the phone.
    Read More
  • Jul 31, 2017 | ZDNet

    Exposed IoT servers let hackers unlock prison cells, modify pacemakers

    In one of the slides at his Black Hat talk, he described how a user-modified Tesla vehicle was leaking its real-time geolocation and other vital statistics.
    Read More
  • Jul 31, 2017 | Xinhua

    Same Chinese white hat group hacks into Tesla for second year

    In an impressive video demoed at the on-going hacker summit Black Hat USA 2017 and DEF CON in Las Vegas, Nevada, Chinese security researchers from the Keen Security Lab at Tencent managed to remotely take control of Tesla Model X cars.
    Read More
  • Jul 31, 2017 | Threatpost

    ShieldFS Can Detect Ransomware, Recover Files

    Researchers from Italy's Politecnico di Milano unveiled at Black Hat last week an add-on Windows driver and filesystem that detects ransomware and recovers files.
    Read More
  • Jul 31, 2017 | Threatpost

    Microsoft Releases Outlook and Office Click-to-Run Patches

    During the heat of Black Hat last week, Microsoft pushed out patches for Outlook that address three newly reported vulnerabilities.
    Read More
  • Jul 31, 2017 | Threatpost

    How Google Shrunk the Android Attack Surface

    During a Black Hat session on hardening Android, Kralevich discussed the multi-year journey Google developers have been on to get to where it is today.
    Read More
  • Jul 31, 2017 | Silicon UK

    Black Hat 2017: Hacked Car Wash Could 'Physically Attack' People

    The internet-connected control interface used by a range of car washes made by PDQ, a Wisconsin-based manufacturer, contains security vulnerabilities that make it easy for hackers to access, Billy Rios of WhiteScope and Jonathan Butts of QED Secure Solutions said in a presentation at the Black Hat USA security conference in Las Vegas.
    Read More
  • Jul 31, 2017 | Security Now

    Five Words for Black Hat

    Black Hat 2017 has come and gone, and attendees have scattered to the winds, going home to count their new t-shirts, run exhaustive anti-malware passes on their devices and take stock of everything they learned at the conference.
    Read More
  • Jul 31, 2017 | Security Intelligence

    Nuclear Power Plants at Risk Due to Radiation Monitoring Flaws

    Ruben Santamarta, principal security consultant at IOActive, presented his findings in a white paper titled, 'Go Nuclear: Breaking Radiation Monitoring Devices' at the Black Hat USA event last week. He found that the security shortcomings in RMDs could be significant, since the devices help detect radiation leaks and can alert organizations to issues at nuclear power plants.
    Read More
  • Jul 31, 2017 | SDxCentral

    Container Developers Viewed as New Security Attack Targets

    Developers are often viewed as the aggressors when it comes to online security. But participants at a Black Hat USA session argued that developers were actually the new targets of attacks. This is increasingly coming to light as container developers become a bigger part of enterprise operations.
    Read More
  • Jul 31, 2017 | PC Magazine

    Tesla Model S Hackers Return for Encore Attack

    A year after successfully hacking the Tesla Model S, the same team repeats their success at the Black Hat conference.
    Read More
  • Jul 31, 2017 | MIT Technology Review

    We're Thinking About Cybersecurity All Wrong

    MIT Technology Review caught up with Daniel at the Black Hat computer security conference in Las Vegas last week.
    Read More
  • Jul 31, 2017 | IT World Canada

    Black Hat/Def Con roundup: How Google ups Android security, another Microsoft SMB vulnerability

    The annual Black Hat and Def Con security conference in Las Vegas have wrapped up after more presentations of interest to CISOs.
    Read More
  • Jul 31, 2017 | eWeek

    BIOS Firmware Implementation Vulnerabilities Disclosed at Black Hat

    At the Black Hat USA security conference in Las Vega, Alex Matrosov, principal research scientist at Cylance, detailed multiple issues he found in Intel UEFI firmware protections used by major motherboard vendors.
    Read More
  • Jul 31, 2017 | eWeek

    Black Hat, DefCon Expose Flaws in Voting Machines to Smart Guns

    The Black Hat show that was held at Mandalay Bay celebrated its 20th anniversary and was headlined by a keynote address from Facebook Chief Security Officer Alex Stamos.
    Read More
  • Jul 31, 2017 | Dark Reading

    Iranian Hackers Ensnared Targets via Phony Female Photographer

    Researchers at SecureWorks last week at Black Hat USA in Las Vegas published a report on their findings of this attack campaign, which began in January of this year, first as a pure phishing campaign that soon evolved with Mia Ash's phony LinkedIn, Facebook, and blog accounts to further social-engineer the targets and earn their trust.
    Read More
  • Jul 31, 2017 | CSO

    Hackers can hijack car washes, remotely trap and 'physically attack' people

    It may sound like a scene from a science fiction horror flick, but security researchers Jonathan Butts, founder of QED, and Billy Rios, CEO of Whitescope, said at Black Hat vulnerabilities in 'smart,' internet-connected car wash systems could be exploited to make the car wash attacks users.
    Read More
  • Jul 31, 2017 | BleepingComputer

    A Botnet of Rogue Chrome Extensions Assaulted Wix in April 2016

    The attack went unreported at the time, but last week, speaking at the Black Hat and DEF CON security conferences that took place in Las Vegas, Tomer Cohen, lead for Wix's security team, revealed more details about the incident.
    Read More
  • Jul 31, 2017 | Tom's Guide

    Sonic weapon knocks drones right out of the sky

    Smartphones, virtual-reality headsets, toy robots, quadcopter drones and self-balancing scooters can be hacked by powerful sonic blasts, a team of Chinese researchers demonstrated at the Black Hat security conference here last week.
    Read More
  • Jul 30, 2017 | Xinhua

    Spotlight: Could we live safer, more secure lives in 2038? A question for 20th hacker summit

    During the past 20 years since the first Black Hat conference in 1997, the security community, tech industry and the world have been on a wild ride.
    Read More
  • Jul 30, 2017 | WIRED

    Security this week: The very best hacks from Black Hat and Def Con

    Here's a collection of some of our favorite talks from this week's Black Hat conference, including some we didn't get the chance to cover in depth.
    Read More
  • Jul 30, 2017 | TechCrunch

    When Snowden mattered

    Four years ago, the deep state was the enemy. Edward Snowden had just revealed its machinations. The head of the NSA was angrily catcalled during his Black Hat keynote.
    Read More
  • Jul 30, 2017 | BBC

    Power firms alerted on hack attack scenarios

    "Power grid operators need to be aware that these styles of events are out there and they need to prepare for them," said Robert M Lee of Dragos Security during a talk at the Black Hat show which detailed its work to analyse the malware used in the Ukraine attack.
    Read More
  • Jul 29, 2017 | Golem

    Data on the anti-virus cloud

    Cloud-based antivirus programs are increasingly used. Suspicious files are uploaded into a system of the manufacturer and analyzed there in detail. Two security researchers from the company Safebreach could now show on the Black Hat that the files are run in some anti-virus programs in a sandbox with network access. This can also be exploited by attackers.
    Read More
  • Jul 29, 2017 | WIRED

    How Hackers Can Use 'Evil Bubbles' to Destroy Industrial Pumps

    In a talk at the Black Hat security conference Thursday, Honeywell security researcher Marina Krotofil showed one example of an attack on industrial systems meant to drive home just how surreptitious the hacking of so-called cyberphysical systems might be.
    Read More
  • Jul 29, 2017 | WIRED

    The $10 Hardware Hack That Wrecks IoT Security

    The group, which includes the hackers Zenofex, 0x00string, and maximus64_, presented their flash memory hack this week at the Black Hat security conference in Las Vegas.
    Read More
  • Jul 29, 2017 | IoT Evolution World

    IoT Evolution World Week in Review: Dell, Black Hat and IoT Awards

    At the Black Hat USA 2017 conference in Las Vegas, a team of New York University researchers will disclose vulnerabilities in a component that combined with publicly available information provide sufficient information to model an advanced, persistent threat to the electrical grid.
    Read More
  • Jul 29, 2017 | CNET

    I play the security odds in Las Vegas by rolling the Wi-Fi dice

    There's an entire network operations center at Black Hat, where the convention's security teams are working around the clock to keep people safe.
    Read More
  • Jul 28, 2017 | The Register

    Inside the ongoing fight to stamp out govt-grade Android spyware

    'This was a known set of vulnerabilities,' Andrew Blaich, a security researcher at Lookout, told The Register this week at the Black Hat conference in Las Vegas.
    Read More
  • Jul 28, 2017 | The Register

    Flaws in web-connected, radiation-monitoring kit? What could go wrong?

    Vulnerabilities in widely deployed Radiation Monitoring Devices (RDMs) present a potential mechanism for triggering false alarms and worse, according to research unveiled at Black Hat on Wednesday.
    Read More
  • Jul 28, 2017 | The Register

    Wallet-snatch hack: ApplePay 'vulnerable to attack', claim researchers

    One of the attacks developed by the white hats, and presented at Black Hat USA yesterday, requires a jailbroken device to work, but the other assault does not.
    Read More
  • Jul 28, 2017 | The Register

    Malware? In my Docker container? It's more common than you think

    Speaking at the 2017 Black Hat USA conference in Las Vegas, Aqua Security researchers Michael Cherny and Sagie Dulce said [PDF] the Docker API can be abused for remote code execution and security bypass.
    Read More
  • Jul 28, 2017 | The Register

    Systemd wins top gong for 'lamest vendor' in Pwnie security awards

    The gongs are divided into categories, and nominations in each section are voted on by the hacker community. The ponies are then dished out every year at the Black Hat USA security conference in Sin City.
    Read More
  • Jul 28, 2017 | PC Magazine

    Your Printer Can Steal and Deface Your Documents

    Printers have been part of the modern home and office for decades, despite numerous attempts to go 'paperless.' But at the Black Hat conference her, Jens Muller of Ruhr University Bochum reminded attendees that just because something is ubiquitous doesn't mean it should be trusted.
    Read More
  • Jul 28, 2017 | NewsFactor

    At Black Hat Hacker Summit, Cybersecurity Shift Urged

    Against a backdrop of cyberattacks that amount to full-fledged sabotage, Facebook chief security officer Alex Stamos brought a sobering message to the hackers and security experts assembled at the Black Hat conference in Las Vegas. In effect, he said, it's time to grow up.
    Read More
  • Jul 28, 2017 | NBC News

    Black Hat 2017: A Wi-Fi Hopping Worm Targeting Smartphones

    Broadpwn, a vulnerability in a Wi-Fi chip found in more than a billion phones, could allow a hacker within Wi-Fi range to take over your smartphone, according to research presented on Thursday at the Black Hat security conference in Las Vegas.
    Read More
  • Jul 28, 2017 | Las Vegas Review Journal

    DefCon, Black Hat bring extra cybersecurity concerns to Las Vegas

    DefCon comes on the heels of Black Hat, a conference and trade show for cybersecurity professionals. The six-day Black Hat show, which attracted more than 15,000 people, ended Thursday at Mandalay Bay.
    Read More
  • Jul 28, 2017 | IT World Canada

    Black Hat roundup: Facebook CSO sounds off, and another warning on a social media scam

    The annual Black Hat USA conference in Las Vegas is another opportunity for Infosec pros to exchange ideas on improving enterprise security as well as be criticized for their failings. We have a roundup of this week's coverage.
    Read More
  • Jul 28, 2017 | Inc.

    Why You Must Update Your Smartphone Right Now

    At Blackhat, security researcher Nitay Artenstein revealed that he had detected a serious bug in the firmware--that is, the built-in software that controls and monitors--a Broadcom chip commonly used by smartphone providers (commonly meaning every iPhone and many modern Android phones including Google's Nexus and Samsung's Galaxy series) to deliver part of their WiFi capabilities.
    Read More
  • Jul 28, 2017 | Hack Net Security

    Hackable smart car wash systems can hurt people

    Also, their talk about the issues was accepted to Black Hat USA 2017, and the company obviously realized it could not afford to ignore them any longer
    Read More
  • Jul 28, 2017 | HackRead

    Update your phone: Avoid being Pwned by bug residing in WiFi chip

    Nitay Artenstein explained his findings at the Black Hat security conference on Thursday. As per Artenstein, the vulnerability in chipset would let hackers use Wi-Fi to control your phone by writing on the chip directly.
    Read More
  • Jul 28, 2017 | Geo News, Pakistan

    Demand for hackers is on the rise!

    The new reality is on display in Las Vegas this week at the annual Black Hat and Def Con security conferences, which now have a booming side business in recruiting.
    Read More
  • Jul 28, 2017 | eWeek

    Aqua Security Reveals Developer Security Risks With Docker Containers

    As Docker container use grows, so too is scrutiny into container security. In a session on July 27 at the Black Hat USA conference here, researchers from Aqua Security detailed vulnerabilities they found in Docker that could have put developers at risk.
    Read More
  • Jul 28, 2017 | eWeek

    Details of Apple iCloud Keychain Flaw Emerge at Black Hat

    At the Black Hat USA conference here, Radocea provided significantly more detail. In a session as well as a press conference, he revealed more insight into how he found the flaw and how bad it could have been for Apple's user base had it not been patched.
    Read More
  • Jul 28, 2017 | eWeek

    Vendors Use Black Hat Event to Launch New Products, Announce Advances

    This year marks the 20th anniversary of the Black Hat USA conference. In the early years of the Las Vegas event, security researcher presentations were the focus, as there were few vendor booths.
    Read More
  • Jul 28, 2017 | The Drive

    Automatic Car Washes Can Be Hacked to Trap, Attack Drivers Inside, Researchers Say

    The exploit was actually uncovered a couple of years ago, but it remains a theoretical possibility as they never had a chance to test it out. But a facility in Washington State finally agreed, and though they wouldn't allow the test to be filmed, it was successful (and scary) enough that they presented their findings at the annual Black Hat hacking conference in Las Vegas this week.
    Read More
  • Jul 28, 2017 | Digital Trend

    Wi-Fi Exploit Can Repeatedly Duplicate Itself and Infect Wireless Devices

    Researcher Nitay Artenstein revealed the flaw at the Black Hat security conference in Las Vegas on Thursday
    Read More
  • Jul 28, 2017 | Derby Telegraph UK

    Update your phones now to avoid wifi breaking bug

    Mr Artenstein gave a presentation at the Black Hat information security conference in Las Vegas on Thursday on what he calls Broadpwn bug.
    Read More
  • Jul 28, 2017 | Deccan Chronicle

    Facebook responds to hackers: 'It's time to grow up'

    Against a backdrop of cyber-attacks that amount to full-fledged sabotage, Facebook chief security officer Alex Stamos brought a sobering message to the hackers and security experts assembled at the Black Hat conference in Las Vegas. In effect, he said, it's time to grow up.
    Read More
  • Jul 28, 2017 | CRN

    33 Hot New Security Products Announced At Black Hat 2017

    ecurity vendors took advantage of the Black Hat 2017 stage to show off their latest security innovations. The launches went head to head with some of the most nefarious threats and vulnerabilities, which were also on display this week at the conference in Las Vegas.
    Read More
  • Jul 28, 2017 | CNN

    How a hacker could take down the electric grid

    At the Black Hat conference in Las Vegas this week, Lee explained how CrashOverride could be used as a blueprint for cyberattacks on energy facilities around the world.
    Read More
  • Jul 28, 2017 | BBC

    Hackers 'could make car wash attack'

    However, in a presentation at the Black Hat conference in Las Vegas, Billy Rios of security firm Whitescope and Jonathan Butts from the International Federation for Information Processing showed how easily the system could be hijacked.
    Read More
  • Jul 28, 2017 | Ars Technica

    Broadcom chip bug opened 1 billion phones to a Wi-Fi-hopping worm attack

    At the Black Hat security conference, Artenstein demonstrated proof-of-concept attack code that exploited a vulnerability in Wi-Fi chips manufactured by Broadcom.
    Read More
  • Jul 28, 2017 | Dark Reading

    DEF CON Rocks the Vote with Live Machine Hacking

    Alex Stamos, CISO of Facebook, during the keynote address earlier this week at Black Hat USA urged attendees to channel energy into innovative defensive solutions, rather than just breaking things.
    Read More
  • Jul 28, 2017 | ZDNet

    These were the best hacks at Black Hat and Defcon this year [Black Hat USA 2017]

    From ZDNet, sister-site CNET, and around the web, here's the best of Black Hat and Def Con.
    Read More
  • Jul 28, 2017 | Golem

    Broadpwn gap could allow wireless worm

    Again there is a serious security gap in the Broadcom WLAN firmware. The discoverer of the gap presented a particularly problematic scenario on the Black Hat : such a gap could be used for a WLAN worm that spreads itself.
    Read More
  • Jul 28, 2017 | Tech.Co

    Is Your Business Prepared to Offer a Bug Bounty?

    It's July in Las Vegas, and the cybersecurity community has once again gathered to attend Black Hat USA. As previously reported, there are a number of ways that small businesses can prepare for cyber attacks.
    Read More
  • Jul 28, 2017 | Inside Cybersecurity

    The Black Hat community has a few asks for the 'old-hat' policy community in DC

    Making the rounds of technologists, researchers and tech-security vendors at the just-concluded Black Hat 2017, a reporter usually got a shrug and a shake of the head when asking what the federal government could do to assist their efforts.
    Read More
  • Jul 28, 2017 | TechTarget

    Who are the Shadow Brokers? Signs point to an intelligence insider

    Suiche, founder of managed threat detection company Comae Technologies, spoke at Black Hat 2017 about the Shadow Brokers, the entity which has been releasing files and hacking tools over the last year from the Equation Group, a hacking outfit connected to the U.S. National Security Agency.
    Read More
  • Jul 28, 2017 | SecurityWeek

    VMware API Allows Limited vSphere Users to Access Guest OS

    In a presentation at the Black Hat security conference in Las Vegas, Ofri Ziv, VP of research at GuardiCore, revealed that an attacker can exploit the vulnerability to gain full control of the guest OS, including for arbitrary code execution with elevated privileges, lateral movement across the targeted data center (including to isolated networks), and data thef
    Read More
  • Jul 28, 2017 | IBT UK

    Chinese 'hackers' have hijacked the Tesla Model X to remotely control its brakes and doors

    One of those security researchers, Charlie Miller, was in attendance at the Black Hat conference where Tencent presented its findings.
    Read More
  • Jul 28, 2017 | SecurityWeek

    Researchers Demo Physical Attack via Car Wash Hack

    The attack was detailed in a presentation at the Black Hat security conference this week by WhiteScope founder Billy Rios, a researcher best known for finding vulnerabilities in medical devices and industrial control systems (ICS), and Dr. Jonathan Butts, founder of QED Secure Solutions and committee chair for the IFIP Working Group on Critical Infrastructure Protection.
    Read More
  • Jul 28, 2017 | E&E News

    Hacking for real damage still takes 'boutique' touch

    The team of academics laid out their findings yesterday at the Black Hat cybersecurity conference here, intending to jump-start a conversation about electric sector security. But despite posing a provocative question - 'Are cyber-attacks on the power grid limited to nation-state actors?' - the three researchers emphasized that their methodical approach to attacking the grid isn't suited for the faint of heart.
    Read More
  • Jul 28, 2017 | CNET

    Obama cybersecurity czar: We gave Trump a head start

    Michael Daniel was cybersecurity coordinator during Obama's last four years in office. We caught up with him at Black Hat on Thursday, more than six months after Obama left the White House, to talk about President Donald Trump's policies on security, what attacks Americans should be looking out for and the trouble with getting people to listen.
    Read More
  • Jul 28, 2017 | BBC

    Summer Camp For Hackers

    What the world's hackers have been up to at their big annual meetings Black Hat and Def Con in Las Vegas. Plus the man behind Amazon's Alexa business Dave Limp talks to us about how the service might develop. And we witness a - thankfully fictional - hacking challenge that involves preventing a rogue state from firing nuclear missiles. Presented by Jane Wakefield, with BBC Online tech editor Leo Kelion, and special guest William Goodwin, Commissioning Editor at Computer Weekly.
    Read More
  • Jul 28, 2017 | Bloomberg

    The Biggest Risks on the Cyber Battlefield

    Peter Tran, RSA general manager and senior director of cyber defense, discusses the Black Hat USA 2017 conference and the biggest cybersecurity risks with Bloomberg's Emily Chang on "Bloomberg Technology."
    Read More
  • Jul 28, 2017 | PC Magazine

    Ultrasonic Gun Tips Hoverboards and Wobbles VR

    t the Black Hat conference here, a pair of researchers from Alibaba Security demonstrated how a gun that fires ultrasonic sound can mess with these critical sensors, sending phones spinning and hoverboards toppling over.
    Read More
  • Jul 28, 2017 | Ars Technica

    Sounds bad: Researchers demonstrate 'sonic gun' threat against smart devices

    At the Black Hat security conference on Thursday, a team of researchers from Alibaba Security demonstrated how sound and ultrasound could be used to attack devices that depend on sensor input from gyroscopes, accelerometers, and other microelectromechanical systems (MEMS).
    Read More
  • Jul 28, 2017 | Tom's Guide

    ShieldFS Promises to Stop Ransomware Dead in Its Tracks

    The researchers began developing ShieldFS late in 2015, but it works on new ransomware as well as older strains. In a demonstration at the Black Hat security conference here this week, ShieldFS stopped the WannaCry ransomware, which first came to light in May 2017, and recovered all the files that the ransomware had managed to encrypt.
    Read More
  • Jul 28, 2017 | Security Affairs

    BLACK HAT USA - Hackers turn car washing machines in a mortal trap

    In a talk at the Black Hat 2017 conference in Las Vegas, the popular hacker Billy Rios, founder of security shop Whitescope, and Jonathan Butts, committee chair for the IFIP Working Group on Critical Infrastructure Protection, demonstrated how to compromise widely used control systems for car washing machines. The experts hacked: the Laserwash series manufactured by PDQ.
    Read More
  • Jul 28, 2017 | Tom's Guide

    Digital 'Epochalypse' Could Bring World to Grinding Halt

    In 2038, the world will face a computer crisis greater than the "Y2K bug" of the year 2000, a prominent security researcher told the Black Hat security conference here yesterday (July 27).
    Read More
  • Jul 28, 2017 | On the Wire

    Black Hat (Podcast)

    Black Hat 2017 was an adventure, as it always is, and to help make sense of it all, Dennis Fisher sat down with friends from across the security community for a long conversation. The discussion with Robert Hansen, Jessy Irwin, Jennifer Leggio of Flashpoint, Mike Mimoso of Threatpost, Patrick Gray of Risky Business, and Fahmida Rashid of CSO Online touches on vulnerability handling, security marketing, privacy, and a dozen other topics.
    Read More
  • Jul 28, 2017 | ZDNet

    These were the best hacks at Black Hat and Def Con this year

    Black Hat Briefings and Def Con, the two annual security conferences you shouldn't miss, are drawing to a close. Each year, security researchers and hackers bring their exploits and discoveries to share with the common aim of making the world more secure. But if you weren't in Las Vegas for the heat and hacking, we've got you covered.
    Read More
  • Jul 28, 2017 | WeLiveSecurity

    ESET's Anton Cherepanov picks up Pwnie for Best Backdoor

    Anton Cherepanov, a malware researcher at ESET has picked up a Pwnie Award for Best Backdoor at this year's ceremony at Black Hat USA 2017 in Las Vegas.
    Read More
  • Jul 28, 2017 | WeLiveSecurity

    Black Hat: Hacking the firmware, the next frontier

    With the onslaught of embedded devices hitting the streets, we see such devices with the operating system, hardware interfaces, and user-facing applications baked into a single blob called firmware. Trick the firmware and you have access to the whole system. Here at Black Hat, there are a lot of people doing just that.
    Read More
  • Jul 28, 2017 | TechTarget

    2017 cybersecurity trends at the Black Hat conference

    This week, bloggers look into 2017 cybersecurity trends leading up to the Black Hat conference, Movidius deep learning and Mist's approach to WLAN.
    Read More
  • Jul 28, 2017 | TechTarget

    Breaking down the Broadpwn exploit, world's first Wi-Fi worm

    At Black Hat 2017, Exodus Intelligence researcher Nitay Artenstein unveiled the Broadpwn exploit, which he called the world's first Wi-Fi worm and which puts billions of iOS and Android devices at risk.
    Read More
  • Jul 28, 2017 | TechTarget

    Cyber-risk analysis, time are keys to infosec says game theory

    Using game theory to describe the opportunities and challenges of cybersecurity may uncover new ways to secure enterprise networks, according to one talk at Black Hat 2017.
    Read More
  • Jul 28, 2017 | TechRadar

    Update your phone's operating system - it possibly has a malware vulnerability

    The vulnerability was discovered by Nitay Artenstein, a researcher presenting at the Black Hat information security conference in Las Vegas.
    Read More
  • Jul 28, 2017 | Silicon UK

    Unpatched Smartphones At Risk From Broadpwn Bug

    This was the warning at this week's Black Hat Security 2017 conference after Nitay Artenstein a vulnerability researcher at Exodus Intelligence, discovered the flaw.
    Read More
  • Jul 28, 2017 | Security Now

    Mobile Worries for a Security Pro

    I had a chance to sit down with Walker at Black Hat and we had a conversation that touched on a broad range of topics but the thing that brought me up short was when he said, "You know what really worries me?" That's a phrase guaranteed to get my attention.
    Read More
  • Jul 27, 2017 | Threatpost

    APT Group Uses Catfish Technique to Ensure Victims

    Today during Black Hat, SecureWorks released a report on Ash titled 'The Curious Case of Mia Ash: Cobalt Gypsy Uses Social Media to Lure Victims.'
    Read More
  • Jul 27, 2017 | Computer Business Review

    Google ransomware warning: How to keep your business secure

    The Google ransomware warning was made today at the Black Hat event today, with the company also outlining the effectiveness of ransomware over the last two years. Cyber criminals used this form of attack to steal $25 million, with 2016 proving to have been the most lucrative, according to Google.
    Read More
  • Jul 27, 2017 | Dark Reading

    Researchers Release Free Tool to Analyze ICS Malware

    Lipovsky announced the release of the tool during a session here at Black Hat yesterday, 'Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid.'
    Read More
  • Jul 27, 2017 | Zee News India

    Facebook works with Harvard against hackers targeting US elections

    Facebook made its move on Wednesday during Black Hat, an annual security event held in Las Vegas. The project will be co-led by Robby Mook, Democrat Hillary Clinton`s 2016 presidential campaign manager and Matt Rhoades, Republican Mitt Romney`s 2012 campaign manager.
    Read More
  • Jul 27, 2017 | WeLiveSecurity

    Black Hat 2017 industrial hacking: The song remains the same

    If industry cybersecurity frameworks are to inform and secure the critical infrastructure writ large, here at Black Hat there a lot of people punching holes in them, and in simple ways.
    Read More
  • Jul 27, 2017 | WeLiveSecurity

    Black Hat 2017: Non-standard hacking platforms reign supreme

    This year at Black Hat, tiny automated hacking platforms are everywhere, loaded with tasty purpose-built tools that can be used to break into your systems.
    Read More
  • Jul 27, 2017 | CRN

    Ramped-Up Investments In IoT Security Mean Solution Providers Better Be Ready

    As Internet of Things security threats continue to rise, solution providers and vendors say they are starting to see the tide turn when it comes to real investments in IoT security technologies.
    Read More
  • Jul 27, 2017 | Fortune

    Ransomware Cost Surpasses $25 Million Mark

    Companies and individuals have paid more than $25 million over the past two years to try to get their computer data back from hackers who hijacked it. This is according to new research by Google about the phenomenon.
    Read More
  • Jul 27, 2017 | IT Pro

    At Black Hat, Machine Learning Helps Scale Security - And Threats

    As researchers and vendors apply machine learning to spot security vulnerabilities, cybercriminals are using the same techniques to train bots to outsmart detection tools, according to presentations this week at Black Hat in Las Vegas.
    Read More
  • Jul 27, 2017 | Komando.com

    Scary mobile wireless flaw lets hackers track your cellphone's location

    If you're like a lot people, you've probably worried for many years about other parties spying on you. Maybe it's a weird and persistent feeling that somebody's tracking or watching you each time you make a phone call or go online.
    Read More
  • Jul 27, 2017 | Threatpost

    Attack Uses Docker Containters To Hide, Persist, Plant Malware

    The proof of concept attack was developed by researchers at Aqua Security, and the technique was first demonstrated today at Black Hat by Sagie Dulce, senior security researcher, with Aqua Security.
    Read More
  • Jul 27, 2017 | Infosecurity Magazine

    #BHUSA: Panel - Fad or Future? Getting Past the Bug Bounty Hype

    At Black Hat 2017 in Las Vegas today, a panel of experts gathered to discuss the concept of bug bounty programs and share their experiences with running these within their respective companies.
    Read More
  • Jul 27, 2017 | RSA

    Operational Rhythm at the Black Hat 2017 NOC

    In the Black Hat NOC, we have very little time to establish such a rhythm. However, a process for distributing critical information isn't more important than here. We need to provide access to hacker tools, but then insure they aren't used to attack the Black Hat network or other attendees.
    Read More
  • Jul 27, 2017 | Forbes

    Kaspersky Anti-Virus Can Actually Help Spies Steal Data, Warn Researchers

    The researchers from cybersecurity start-up SafeBreach, who'll present their findings at both Black Hat and DEF CON conferences this week, put together a sneaker attack that took advantage of a feautre of modern anti-virus tools, namely Avira Antivirus Pro, ESET NOD32, Kaspersky Total Security 2017 and Comodo Client Security.
    Read More
  • Jul 27, 2017 | Threatpost

    ShadowBrokers Remain an Enigma

    LAS VEGAS - Clarity and the ShadowBrokers are strange bedfellows. We're closing in on the first anniversary of the mysterious group's initial dump of NSA hacking tools and we're still no closer to understanding who they are, where they got their stuff, and what their true motivations are.
    Read More
  • Jul 27, 2017 | CRN

    Symantec President: We Aren't Done Making Acquisitions Yet

    Symantec has been on an acquisition tear, picking up two companies in the past month. But President and COO Michael Fey said the company isn't done yet.
    Read More
  • Jul 27, 2017 | Daily Mail

    Warning over internet connected car washes as hackers show they can 'go rogue' and be remotely controlled to trap motorists and damage cars

    Security researchers have discovered that internet-connected car washes can be hacked to attack vehicles and passengers.
    Read More
  • Jul 27, 2017 | Silicon UK

    Facebook Boss Scolds Security Industry And Urges Attitude Change

    This year's Black Hat conference is the 20th time it has been held. The conference provides security consulting, training, and briefings to both hackers, corporations, and government agencies.
    Read More
  • Jul 27, 2017 | The Guardian

    Bug in top smartphones could lead to unstoppable malware, researcher says

    A recently patched bug found in the chips used to provide wifi in iPhones, Samsung Galaxies and Google Nexus devices could be used to build malware which jumps unstoppably from device to device, according to Nitay Artenstein, the researcher who discovered the flaw.
    Read More
  • Jul 27, 2017 | TechCrunch

    When your fear is my opportunity

    Politicians scare you to stay in office. Police forces scare you to get worshipful adulation and military equipment. And the information security industry scares you to get more money, power, and influence.
    Read More
  • Jul 27, 2017 | Security Now

    Black Hat Keynote: A Call to Change

    Day One of Black Hat begins in earnest with the keynote address. Black Hat keynotes tend to be memorable, with names well known in the security community taking the stage to inspire, frighten, confound, or excite the audience.
    Read More
  • Jul 27, 2017 | SDxCentral

    Facebook CSO Lobbies for InfoSec Compassion, Diversity at Black Hat

    Facebook Chief Security Officer (CSO) Alex Stamos extolled Black Hat USA attendees to focus more on the positive social impact the information security (InfoSec) industry can have on society.
    Read More
  • Jul 27, 2017 | SC Magazine

    Facebook to fund election protection initiative

    In a wide-ranging keynote address at Black Hat 2017 that touched on diversity in the cyber workforce and expanding obligations of the security community, Stamos urged attendees to "build relationships between security and developers" and get better at "engaging on a global level."
    Read More
  • Jul 27, 2017 | Wired

    How A Bug In An Obscure Chip Exposed A Billion Smartphones

    If you haven't updated your iPhone or Android device lately, do it now. Until very recent patches, a bug in a little examined Wi-Fi chip would have allowed a hacker to invisibly hack into any one of a billion devices. Yes, billion with a b.
    Read More
  • Jul 27, 2017 | Las Vegas Review Journal

    When it comes to cybersecurity, employees are weakest link

    Black Hat, now it its 20th year, attracts more than 15,000 cybersecurity professionals and 290 exhibitors. The six-day show, which features courses and nearly 120 talks on various issues, ends Thursday.
    Read More
  • Jul 27, 2017 | SDxCentral

    Latest OpenFlow Combo with Open vSwitch Shows Security Chops

    A presentation at this week's Black Hat USA conference provided some good and bad security news for the OpenFlow software-defined networking (SDN) standard.
    Read More
  • Jul 27, 2017 | Information Age

    Facebook security boss challenges security industry to focus on people

    In the opening keynote speech at the 2017 Black Hat security conference, Alex Stamos - the security boss at Facebook - made clear that the security industry was in need of an attitude adjustment.
    Read More
  • Jul 27, 2017 | SC Magazine

    Researcher: In two decades adversaries at war could cause mass destruction via IoT attacks

    Two decades from now, warring adversaries could conceivably attack each other by sabotaging a population's Internet-connected consumer devices en masse, respected cybersecurity expert Mikko Hypponen predicted at Black Hat on Thursday.
    Read More
  • Jul 27, 2017 | Fortune

    Killer Car Wash: Hackers Can Trap and Attack Vehicles

    The researchers, who will present their findings at the Black Hat security conference this week, say they've shared their findings with the Department of Homeland Security.
    Read More
  • Jul 27, 2017 | Federal Times

    3 tips for starting bug bounty programs: Be social, be human, be mature [Black Hat 2017]

    Bug bounty programs - in which an agency or organization lets freelance hackers test their systems and report vulnerabilities for cash - are becoming all the rage in the public sector. Beginning with the Defense Department's Hack the Pentagon program to the IRS's managed crowdsource approach to the General Services Administration's 18F standing up a software-as-a-service platform, the trend is spreading.
    Read More
  • Jul 27, 2017 | Federal Times

    Does Russian meddling count as hacking an election?

    [video]
    Read More
  • Jul 27, 2017 | eSecurity Planet

    Black Hat: How To Break the First Law of Robotics

    Science fiction author Isaac Asimov famously defined the Three Laws of Robotics, with the very first law being that a robot should do no harm to a human. At the Black Hat USA conference here, security researchers from Politecnico di Milano and Trend Micro are set to detail how that first law can be broken.
    Read More
  • Jul 27, 2017 | TechTarget

    Phishing research shows troubling trends for enterprise users

    Karla Burnett of Stripe presented sobering results of phishing research from her company at Black Hat 2017, suggesting phishing training is ineffective against today's threats.
    Read More
  • Jul 27, 2017 | Dark Reading

    Get Ready for the 2038 'Epocholypse' (and Worse)

    Buckle in for a wild ride in the next two decades where the role of security professionals will rise in dramatic importance, Mikko Hypponen, F-Secure chief research officer, predicted at a Black Hat presentation today.
    Read More
  • Jul 27, 2017 | Hacker Read

    Hackers can take over Car Wash, trap you and smash your vehicle

    It is understandable to receive Internet of Things (IoT) related warnings like vulnerable public WiFi or charging spots that can be hacked but a drive-through car wash? Well, it turns out Internet connected car washes or smart car washes can be hacked and trap the customer inside with their vehicle or even smash it while you in there.
    Read More
  • Jul 27, 2017 | BleepingComputer

    Security Flaws In "Smart" Car Wash Can Be Exploited to Cause Physical Injuries

    In a presentation at this year's Black Hat USA 2015 security conference, the research team said they discovered an authentication bypass in this server's login procedures that allowed them to access the rig's control panel.
    Read More
  • Jul 27, 2017 | PC Magazine

    Researchers Reveal Secrets of SHA-1 Hash Collision

    Elie Bursztein, Google's lead anti-fraud researcher, began his talk here at Black Hat 2017 with an understatement: "It has been a long and interesting journey over the last few years."
    Read More
  • Jul 27, 2017 | TechTarget

    Industroyer malware a turning point for ICS security

    Security researchers at Black Hat 2017 analyzed the Industroyer malware, the attack on Ukraine's power grid and what it means for industrial control system security in the U.S.
    Read More
  • Jul 27, 2017 | Threatpost

    Google Quantifies Ransomware Profits

    The data comes from a study debuted Wednesday at Black Hat by Google, Chainalysis, UC San Diego, and the NYU Tandom School of Engineering. The study is unique in that it based calculations on bitcoin payments and blockchains.
    Read More
  • Jul 27, 2017 | The Register

    Hackers can turn web-connected car washes into horrible death traps

    n a presentation at the Black Hat conference in Las Vegas on Wednesday, Billy Rios, founder of security shop Whitescope, and Jonathan Butts, committee chair for the IFIP Working Group on Critical Infrastructure Protection, showed how easy it was to compromise a widely used car wash system: the Laserwash series manufactured by PDQ, based in Wisconsin, USA.
    Read More
  • Jul 27, 2017 | The Register

    The opsec blunders that landed a Russian politician's fraudster son in the clink for 27 years

    This week, US Department of Justice prosecutors who worked on the case told the Black Hat security conference how the fraudster was brought down.
    Read More
  • Jul 27, 2017 | BleepingComputer

    BTC-e Owner Arrested for Laundering Stolen Bitcoin, Ransomware Payments

    Coincidentally, a day earlier, a team of researchers speaking at the Black Hat USA 2017 security conference, said that 95% of the ransom payments they tracked during a yearlong experiment were cashed out through BTC-e as well.
    Read More
  • Jul 27, 2017 | Inside Cybersecurity

    Black Hat founder, Facebook leader urge researchers to focus on cyber defense, common threats

    The founder of Black Hat and Facebook's top security officer used their opening speeches here Wednesday to urge colleagues in the cyber research and security fields to focus more on cyber defense and the less 'sexy' everyday threats confronting users of the internet.
    Read More
  • Jul 27, 2017 | BleepingComputer

    ShieldFS Can Stop and Revert the Effect of Ransomware Infection

    Italian researchers have developed a Windows drop-in driver and custom filesystem that are capable of detecting the telltale signs of a ransomware infection, stop any malicious actions and even revert any encrypted files to their previous state.
    Read More
  • Jul 27, 2017 | BBC News

    Ransomware 'here to stay' warns Google study

    Cyber-thieves have made at least $25m from ransomware in the last two years, suggests research by Google.
    Read More
  • Jul 27, 2017 | BleepingComputer

    95% of All Ransomware Payments Were Cashed out via BTC-e Platform

    Research presented yesterday at the Black Hat USA 2017 security conference revealed that Bitcoin trading platform BTC-e is responsible for cashing out 95% of all ransomware payments made since the start of 2014.
    Read More
  • Jul 27, 2017 | CNBC

    At Black Hat Conference, good guy hackers have a bleak view of US cybersecurity

    In a dark conference room lit up by large electronic screens scattered across the walls, dozens of engineers are huddled over computers, trying to safeguard their network from hackers.
    Read More
  • Jul 27, 2017 | CNBC

    Cyber-security experts gather at Black Hat Summit

    CNBC's Aditi Roy reports the latest from the Black Hat Summit in Las Vegas.
    Read More
  • Jul 27, 2017 | CNET

    Security researchers hack ATM to make it spew cash

    They explain to a Black Hat panel how a small flaw near an ATM's speakers let them turn the machine into a cash fountain.
    Read More
  • Jul 27, 2017 | CNET

    Chip vulnerability could crash your outdated phone via Wi-Fi

    If your phone doesn't have the latest update, leaving your Wi-Fi open might let hackers take over your device.
    Read More
  • Jul 27, 2017 | CNET

    A flaw in wireless networks lets hackers pretend to be you

    There are calls and text messages coming from your phone number that you never made. Meet the "ghost telephonist."
    Read More
  • Jul 27, 2017 | MIS Training Institute

    How to Tackle the Expo Floor at Infosec Conferences

    'Folks that are in the trenches, actually deploying these technologies, can get overwhelmed by the number of both logos on the floor, but also information and messages,' Spanbauer told Infosec Insider in a recent video interview at Black Hat 2017 in Las Vegas, Nevada.
    Read More
  • Jul 27, 2017 | CNN

    How using personal email led to the downfall of notorious criminals

    Conventional wisdom says everyone should practice basic online security measures, like using different passwords for different accounts.
    Read More
  • Jul 27, 2017 | CSO

    Winners of the 2017 Pwnie Awards

    The very best and the very worst in the security community were recognized at the annual Pwnie Awards at Black Hat USA.
    Read More
  • Jul 27, 2017 | Dark Reading

    How to Build a Path Toward Diversity in Information Security

    Hiring women and minorities only addresses half the issue for the IT security industry -- the next step is retaining these workers.
    Read More
  • Jul 27, 2017 | eWeek

    Researcher Reveals BIOS Firmware Implementation Flaws at Black Hat

    LAS VEGAS - Intel has done a lot of work in recent years developing technologies that improve the security of firmware that underpins modern computing systems. At the Black Hat USA security conference here, Alex Matrosov, principal research scientist at Cylance, will detail multiple issues he found in UEFI firmware protections used by major motherboard vendors, in a session titled "Bettraying the BIOS: Where the Guardians of the BIOS Are Failing."
    Read More
  • Jul 27, 2017 | Golem.de

    Caches from CDN networks lead to data leakage

    Caches of content delivery networks and load balancers can be used to extract secret data from web services. However, two mistakes must be made. Among other Paypal was affected.
    Read More
  • Jul 27, 2017 | SiliconANGLE

    The downside of machine learning: It helps scammers target 400 companies daily with fake emails

    Thaware and his Symantec colleague, threat analyst Ankit Singh (right), presented their findings on Wednesday during the first day of the Black Hat USA 2017 cybersecurity conference briefings in Las Vegas.
    Read More
  • Jul 27, 2017 | International Business Times

    Ransomware Operators Now Have Customer Service Departments Just Like Legit Companies

    The internet is constantly evolving and the same is true with how ransomware makers operate. At present, cybercriminals thrive not only by producing malicious software, but also by making it seem as though they are legit businesses with customer service staff.
    Read More
  • Jul 27, 2017 | SiliconANGLE

    Do bug bounties pay off? They sure did for these three companies

    Valentine spoke about Indeed's bounty program on Thursday during a briefing at the Black Hat USA cybersecurity conference in Las Veags.
    Read More
  • Jul 27, 2017 | Infosecurity Magazine

    #BHUSA: Ransomware Profits Worth More than $25 Million (At Least)

    Speaking at Black Hat 2017 in Las Vegas, Luca Invernizzi, Kylie McRoberts and Elie Bursztein presented findings from research into the recent prevalence and impact of ransomware, revealing that, of the ransomware payments they were able to track, authors have made at least $25m in profit so far.
    Read More
  • Jul 27, 2017 | SiliconANGLE

    Can software containers be hacked? Yes, but Docker issues a fix

    The research, presented at the Black Hat USA 2017 cybersecurity conference in Las Vegas late last week, was documented by Sagie Dulce, senior security researcher for Aqua Security, as a way to show how one developer who accesses a malicious web page can place an entire container ecosystem at risk. Docker makes software for distributing applications in containers, which allow applications to run across multiple kinds of computers.
    Read More
  • Jul 27, 2017 | IT Pro

    Facebook CTO blasts security industry for focusing on 'stunt hacks'

    Facebook CTO Alex Stamos has told the security industry it needs to spend more time focusing on real-world problems, rather than worrying about high-concept 'stunt hacks'.
    Read More
  • Jul 27, 2017 | Motherboard

    Google Revealed an Israeli Spyware Company That Has Quietly Sold Its Wares for Years

    Sources tell Motherboard Equus Technologies, a little-known Israeli firm linked to the Android malware, also sells iOS capabilities.
    Read More
  • Jul 27, 2017 | NBC

    Las Vegas Is More Hackable Than Ever - But That Might Be A Good Thing

    You might as well rename Sin City "Sensor City." Las Vegas may be an iconic entertainment destination, but the city is also moving full speed ahead in its quest to become a smart city.
    Read More
  • Jul 27, 2017 | SecurityWeek

    Critical Vulnerabilities Found in Nuke Plant Radiation Monitors

    In a paper delivered by Ruben Santamarta, principal security consultant at Seattle-based IOActive, at Black Hat Wednesday, it was disclosed that radiation monitors supplied by Ludlum, Mirion and Digi contain multiple vulnerabilities.
    Read More
  • Jul 27, 2017 | Wired

    Meet Mia Ash, The Fake Woman Iranian Hackers Used To Lure Victims

    Mia Ash is a 30-year-old British woman with two art school degrees, a successful career as a photographer, and plenty of friends-more than 500 on Facebook, and just as many on LinkedIn.
    Read More
  • Jul 27, 2017 | TechRepublic

    How one small hack turned a secure ATM into a cash-spitting monster

    At BlackHat 2017, security researchers demonstrated how a small flaw in an ATM allowed them to empty all the cash out.
    Read More
  • Jul 27, 2017 | SC Magazine

    A quick Q&A with Chris Drake, Founder and CEO, Armor

    CISOs need to make sure they fully understand their cloud service agreement Armor's founder and CEO Chris Drake told SC Media's Online Editor Doug Olenick when the two sat down for a brief chat with at Black Hat 2017.
    Read More
  • Jul 27, 2017 | SC Magazine

    Easily guessed password led to downfall of Russian cybercriminal's empire, DOJ officials say

    The fate of convicted Russian hacker Roman Seleznev was all but sealed after federal authorities were able to easily gain access to his confiscated laptop containing incriminating information, according to U.S. Department of Justice officials who spoke at Black Hat on Wednesday.
    Read More
  • Jul 27, 2017 | PC Magazine

    Wind Farms Are Not Ready for Ransomware

    At the Black Hat conference, researcher Jason Staggs demonstrated that just about every wind farm in America is woefully unprepared for a cyberattack.
    Read More
  • Jul 27, 2017 | SC Magazine UK

    BlackHat: security researcher says ApplePay vulnerable to two separate attacks

    Positive Technologies' Timur Yunusov says ApplePay's security measures mean that on paper it appears to have the perfect defence. But that's not case.
    Read More
  • Jul 27, 2017 | Sky News

    Security flaws 'leave nuclear plants at risk'


    Read More
  • Jul 27, 2017 | E&E News

    Hackers warn of 'tipping point' for critical infrastructure

    Such potential hacking catastrophes are under the spotlight at the annual Black Hat cybersecurity conference this week, fueled by a string of recent real-world incidents from Ukraine to U.S. nuclear power plants.
    Read More
  • Jul 27, 2017 | USA Today

    Chinese group hacks a Tesla for the second year in a row

    Charlie Miller, the hacker who gained fame in 2015 for hacking a Jeep with fellow researcher Chris Valasek, attended the group's presentation at the Black Hat conference Thursday.
    Read More
  • Jul 27, 2017 | Reuters

    Flush times for hackers in booming cyber security job market

    Chris Wysopal, co-founder of code auditor Veracode, bought in April by CA Technologies, said that he was initially skeptical of the MedSec approach but came around to it, in part because it worked. He appeared at Black Hat with Bone.
    Read More
  • Jul 27, 2017 | IoT Evolution World

    NYU Security Researchers at Black Hat Reveal How to Protect the Power Grid

    At the Black Hat USA 2017 conference in Las Vegas, a team of New York University researchers will challenge that notion by disclosing vulnerabilities in a component that combined with publicly available information provide sufficient information to model an advanced, persistent threat to the electrical grid.
    Read More
  • Jul 26, 2017 | WIRED

    Google Finds and Blocks Spyware Linked to Cyberarms Group

    That's how Google spotted Lipizzan, which it described in a blog post and presented with mobile security firm Lookout at the Black Hat security conference in Las Vegas on Wednesday.
    Read More
  • Jul 26, 2017 | Threatpost

    FACEBOOK SECURITY BOSS: EMPATHY, INCLUSION MUST COME TO SECURITY

    Twenty years of Black Hat seemed to be the appropriate marker in time for Alex Stamos to remind security professionals of their unique position to affect change, not only in technology and business, but also in geopolitics and human rights.
    Read More
  • Jul 26, 2017 | Threatpost

    Vulnerable Radiation Monitoring Devices Won't Be Patched

    Santamarta is scheduled today at Black Hat to present technical details about potential attack vectors against these devices, including radio-frequency based attacks, firmware- and hardware-based attacks.
    Read More
  • Jul 26, 2017 | Threatpost

    Android Spyware Still Collects PII Despite Outcry

    LAS VEGAS - Shanghai Adups Technology Co. was roundly criticized Wednesday during a Black Hat session for continuing to use spyware called Adups on at least two Android handset makers' phones. Researchers said the company was still collecting personal identifiable information without user consent despite coming under fire for the practice last year.
    Read More
  • Jul 26, 2017 | Security Now

    Researchers Bring AI to Endpoint Security

    In the era of Skype and Facetime, it's easy for introverts (and CFOs) to ask why face-to-face events like Black Hat are still important. I've asked similar questions myself but ten minutes at Black Hat provided multiple examples of the value a gathering still possesses.
    Read More
  • Jul 26, 2017 | ZDNet

    Security flaw in 3G, 4G LTE networks lets hackers track phone locations

    The researchers say "very little" can be done to prevent stingray-style surveillance attacks.
    Read More
  • Jul 26, 2017 | The Parallax

    Facebook's Stamos on protecting elections from hostile attackers

    Facebook wants you to know that it takes election hacking seriously. So seriously that it had its hacker-in-chief, Alex Stamos, kick off the 20th Black Hat computer security conference Wednesday morning with a keynote speech and blog post detailing company plans to help prevent hackers from again interfering with the country's democratic processes.
    Read More
  • Jul 26, 2017 | Wired

    An Open-Source Toolkit to Help Patch Cell Networks' Critical Flaw

    In May, a well-known but long-ignored cell network flaw let cybercriminals drain bank accounts across Germany. The process of patching up the holes in Signaling System 7 has proven slow, and mostly reserved for large telecoms who can afford to invest in experimenting with defenses.
    Read More
  • Jul 26, 2017 | IT Pro

    Diversity to Drones: Black Hat Speakers Weigh in On Top Security Trends

    In the 20 years since the first Black Hat conference in 1997, security hacks have become incredibly cheap to initiate, increasingly expensive and complex to mitigate, and have more real-world consequences than ever before, according to speakers and attendees at this year's conference.
    Read More
  • Jul 26, 2017 | Wired

    Google Finds and Blocks Spyware Linked to Cyberarms Group

    Tonight, Google has discovered and blocked a new family of insidious Android spyware, called Lipizzan, that can surveil and capture user text messages, emails, voice calls, photos, location data, and other files.
    Read More
  • Jul 26, 2017 | eWeek

    Broadpwn Flaw Shown at Black Hat Could Have Enabled WiFi Worm Attack

    Today in a standing room only session at the Black Hat USA conference here, Nitay Artenstein, security researcher at Exodus Intelligence detailed how he discovered Broadpwn and what could have happened had a malicious hacker found it first.
    Read More
  • Jul 26, 2017 | Wired

    Hacker Warns Radioactivity Sensors Can Be Spoofed or Disabled

    The notion of a hacker-induced nuclear meltdown is the stuff of cyberpunk nightmares. And let's be clear, there's no sign digital saboteurs are anywhere close to unleashing a nuclear apocalypse.
    Read More
  • Jul 26, 2017 | WeLiveSecurity

    Black Hat 2017: Hacking the physical world

    For years, attacks against physical industrial plants have been either largely theoretical, or the sophisticated realm of nation-states. While we have spent time looking precisely at this style of attack in other posts, it seems a host of attack automation tools and techniques are starting to hit the streets, as highlighted here at Black Hat.
    Read More
  • Jul 26, 2017 | Wired

    Watch a Test of Anti-Drone Weapons, From Shotguns to Superdrones

    If drones could eat other drones, the SparrowHawk would sit somewhere near the top of the flying-robot foodchain.
    Read More
  • Jul 26, 2017 | Washington Examiner

    Facebook invests in anti-hacking election initiative

    Facebook has announced it will invest $500,000 in a Harvard-based nonprofit that aims to protect future elections from election hacking and foreign interference.
    Read More
  • Jul 26, 2017 | TNW

    Facebook teams with Harvard to defend democracy from hackers

    The announcement came during Black Hat, an annual security event held in Las Vegas.
    Read More
  • Jul 26, 2017 | IBT UK

    Facebook will spend over $500,000 to help Harvard fight election hacking

    The project, dubbed Defending Digital Democracy is also a bipartisan initiative and will reportedly be based at Harvard University's Kennedy School of Government. Speaking at the BlackHat event in Las Vegas on Wednesday, Facebook cybersecurity boss Alex Stamos said the tech giant hopes that the initiative to fend off attacks from hackers will be joined by others as well, Reuters reported.
    Read More
  • Jul 26, 2017 | Guiding Tech

    Facebook and Harvard Join Hands Against Hackers and Fake News

    According to an announcement made by Facebook's Chief Security Officer, Alex Stamos, at the Black Hat security conference in Las Vegas on Wednesday, the company will be funding the project too.
    Read More
  • Jul 26, 2017 | TechTarget

    Stamos preaches defensive security research in Black Hat keynote

    Black Hat 2017 marks the 20th anniversary of the conference and during the show's opening keynote, Facebook CSO Alex Stamos urged the community to take advantage of the voice it had and focus on bigger problems than just those that make good presentations and to expand that focus beyond traditional defensive security efforts.
    Read More
  • Jul 26, 2017 | Gizmodo

    Facebook Shells Out $500,000 For Project to Fight Election Hacking

    Facebook's chief security officer Alex Stamos announced the company's $500,000 investment in the effort, called Defending Digital Democracy, today during a keynote at the security conference Black Hat.
    Read More
  • Jul 26, 2017 | TechTarget

    At Black Hat 2017, an industry hits a milestone and finds new directions

    Having arrived at its 20th year in Las Vegas, Black Hat USA 2017 is struggling with creating a new maturity in the security industry at the same time that it is, in a sense, starting over in the still relatively greenfield arena of securing firmware and hardware components.
    Read More
  • Jul 26, 2017 | Federal Times

    FBI's 3-pronged approach to defeating botnets

    'I'm not going to tell you the FBI is the savior of the internet,' Grasso said during a briefing at the 2017 Black Hat convention in Las Vegas.
    Read More
  • Jul 26, 2017 | TechCrunch

    The security industry needs to change

    Every summer, suited and/or black-clad security geeks flock en masse to the sun-drenched surreality of Las Vegas for Hacker Summer Camp: a full week of various security and hacker conferences, the fanciest of which, is called Black Hat.
    Read More
  • Jul 26, 2017 | Federal Times

    How to hack back legally with the FBI's Help

    Speaking at the annual Black Hat conference in Las Vegas, Tom Grasso, supervisory special agent with the FBI's Cyber Division, continually reiterated the bureau's interest in working with the private sector, particularly when working with complex threats like botnets.
    Read More
  • Jul 26, 2017 | eSecurity Planet

    Managing Third Party Risk: Outside Law Firm Exposes Wells Fargo Client Data

    There is an increasing awareness of the need to manage those risks. In a recent survey [PDF] of 580 IT security pros at Black Hat USA 2017, when asked about the weakest link in today's enterprises defenses, 38 percent of IT security pros pointed to users who violate security policy, up significant from 28 percent a year ago.
    Read More
  • Jul 26, 2017 | Reuters

    Facebook funds Harvard effort to fight election hacking, propaganda

    Facebook Chief Security Officer Alex Stamos announced the company's backing at the opening of the Black Hat information security conference in Las Vegas on Wednesday. The event, named after the term for malicious hackers, is aimed mainly at corporate and government security professionals.
    Read More
  • Jul 26, 2017 | Popular Mechanics

    Car Washes Can Be Hacked to Trap You Inside or Smash Up Your Car

    This discovery comes by way of researchers at Whitescope security who spoke to Motherboard and plan to discuss their finding at this year's Black Hat security conference in Las Vegas.
    Read More
  • Jul 26, 2017 | Motherboard

    Hacker Says He Broke Through Samsung's Secure Smartphone Platform

    That doesn't mean these phones are immune to hackers, however. In a presentation this week at Black Hat, one researcher will present how he thwarted the extra security mechanisms of Samsung's security-focused mobile platform KNOX.
    Read More
  • Jul 26, 2017 | Cyberscoop

    Black Hat attendees are very vocal about the VEP

    As Black Hat USA is in full swing, Las Vegas buzzed with questions about the government's process for disclosing newly discovered software vulnerabilities, even as the government is working to change the way the process works.
    Read More
  • Jul 26, 2017 | Motherboard

    Car Wash Hack Can Strike Vehicle, Trap Passengers, Douse Them With Water

    The researchers reported their findings to the Department of Homeland Security and the vendor and are releasing a report this week in conjunction with their Black Hat talk.
    Read More
  • Jul 26, 2017 | MSSP Alert

    Live Blog: Black Hat USA 2017 Conference Part I

    Black Hat USA 2017 live blog features MSSP & cybersecurity news
    Read More
  • Jul 26, 2017 | CRN

    Black Hat 2017: 10 Security Threats To Watch Out For

    Black Hat brings together some of the best security researchers in the industry every year to present new threat research and vulnerability findings.
    Read More
  • Jul 26, 2017 | MSSP Alert

    How the Best Security Operation Centers (SOCs) Hunt Threats

    The McAfee 'Disrupting the Disruptors, Art or Science?' report, released during the Black Hat USA 2017 conference in Las Vegas, indicated that mature security operations centers (SOCs), i.e. those that use advanced threat hunting tools and technologies, are three times more willing than others to automate parts of the threat investigation process.
    Read More
  • Jul 26, 2017 | CRN

    Facebook CSO Calls For A Security Industry Attitude Adjustment

    If the security industry wants to succeed in the long run, it needs to undergo a cultural shift, Facebook's Chief Security Officer Alex Stamos said in a keynote at Black Hat 2017 in Las Vegas on Wednesday.
    Read More
  • Jul 26, 2017 | CNN

    Facebook funds Harvard program to fight election hacking

    Alex Stamos, chief security officer at Facebook, announced the company's involvement at the Black Hat security conference in Las Vegas on Wednesday. He is an adviser for the project.
    Read More
  • Jul 26, 2017 | MIT Technology Review

    Facebook Security Chief: Cybersecurity Pros Need More Empathy to Protect Us

    That will require something that's too often lacking in the security industry: more empathy. 'We have a real inability to put ourselves in the shoes of the people we are trying to protect,' Alex Stamos told the audience Wednesday at the Black Hat computer security conference in Las Vegas.
    Read More
  • Jul 26, 2017 | CNET

    Malware now comes with customer service

    Malware strains like Locky and Cerber helped make ransomware a $25 million industry in 2016 and its operators are starting to operate like conventional corporations with 'customer' service staff and outsourced resources, researchers explained Wednesday at Black Hat.
    Read More
  • Jul 26, 2017 | eWeek

    Defending Against a Drone Isn't Easy, Black Hat Session Reveals

    At the Black Hat USA 2016 event last year, Francis Brown, Managing Partner at security firm Bishop Fox demonstrated the Danger Drone, airborne hacking device.
    Read More
  • Jul 26, 2017 | ZDNet

    Security flaw in 3G, 4G LTE networks lets hackers track phone locations

    The findings, revealed Wednesday at the Black Hat conference in Las Vegas, detail a cryptographic flaw in the protocol used in 3G and 4G LTE networks which enables mobile devices to connect with the cell operator.
    Read More
  • Jul 26, 2017 | Mashable

    Facebook pledges money to help keep elections safe

    Facebook's chief security officer, Alex Stamos, announced the new funding on Wednesday at Black Hat USA, the largest conference dedicated to cybersecurity.
    Read More
  • Jul 26, 2017 | Dark Reading

    The Wild West of Security Post-Secondary Education

    Black Hat researchers will show how inconsistent security schooling is at the university level.
    Read More
  • Jul 26, 2017 | Las Vegas Review Journal

    Cybersecurity experts in Las Vegas told they're defenders of info

    Black Hat, which runs through Thursday and is closed to the public, attracts more than 15,00 industry professionals from about 100 countries.
    Read More
  • Jul 26, 2017 | WIRED

    Watch a Test of Anti-Drone Weapons, From Shotguns to Superdrones

    Fran Brown, a security researcher with the group, had invited WIRED to join the group for that day of testing, the results of which he plans to present at the Black Hat conference today.
    Read More
  • Jul 26, 2017 | Inverse

    Facebook is Funding the Effort to Fight Fake News

    The announcement, made Wednesday at the Black Hat information security conference in Las Vegas, marks the company's latest commitment to improving online security an getting involved in the fight against fake news.
    Read More
  • Jul 26, 2017 | Dark Reading

    Hacking the Wind

    A security researcher at Black Hat USA shows how wind turbine systems are susceptible to potentially damaging cyberattacks.
    Read More
  • Jul 26, 2017 | eWeek

    Facebook Donates $1M in New Funds for Internet Security at Black Hat

    Facebook Chief Security Officer Alex Stamos outlined his views in an hour-long keynote at the Black Hat USA conference here on how the security industry should improve and also announced new investments to promote improved security.
    Read More
  • Jul 26, 2017 | Inside Cybersecurity

    Black Hat founder sees software liability as major cybersecurity policy challenge

    Jeff Moss, the founder of the Black Hat and DEF CON conferences taking place here this week, sees software liability as an increasingly urgent cybersecurity policy question but one that might take a decade to resolve.
    Read More
  • Jul 26, 2017 | Infosecurity Magazine

    #BHUSA: Phishing Psychology: Why Training Fails & Attacks Prevail

    Speaking at Black Hat 2017 in Las Vegas today Karla Burnett, security engineer at Stripe, explored phishing as a science, shining a light on the psychology of phishing and why attacks continue to be successful.
    Read More
  • Jul 26, 2017 | Computer Weekly

    Radiation detection devices open to cyber attack, researcher finds

    Santamarta revealed the technical details of his research at Black Hat USA 2017 in a presentation entitled Go nuclear: breaking radiation monitoring devices.
    Read More
  • Jul 26, 2017 | Inside Cybersecurity

    Facebook CISO: Company working with Harvard center on election systems info-sharing group

    'We're going to work with Belfer to buil an ISAO that overs all the vulnerable areas of our democracy,' Stamos said in his keynote address at the 20th Black Hat conference here. He noted that the House and Senate campaigns, party organizations and state election offices all typically must build their own IT security systems.
    Read More
  • Jul 26, 2017 | Infosecurity Magazine

    #BHUSA: Infosec Community Not Yet Reached Full Potential, Says Facebook CSO

    These were the words of Alex Stamos, chief security officer at Facebook and opening keynote speaker at Black Hat 2017 in Las Vegas today.
    Read More
  • Jul 26, 2017 | Forbes

    Google May Have Just Uncovered An Israeli Surveillance Start-Up Spying On Androids

    Google said there were references to the firm in the code itself. Megan Ruthven, from Google's Android security team told Forbes during the Black Hat conference in Las Vegas that a config file within the app mentioned the Equus name. She said that was an indicator, but not guaranteed attribution.
    Read More
  • Jul 26, 2017 | Fast Company

    Car wash hack could be the first to cause the Internet of Things to 'physically attack someone'

    They plan to present the attack at this week's Black Hat security conference in Las Vegas, but say they've already shared the details of the vulnerability with the system maker and the Department of Homeland Security.
    Read More
  • Jul 26, 2017 | Fox 5 Vegas

    Black Hat 2017: Hackers using free apps to hack your phone

    Black Hat brings together cyber security experts and hackers to talk about threats businesses and people around the world. Dickson's job is to protect phones and computers from those threats.
    Read More
  • Jul 26, 2017 | Fortune

    Facebook Backs $1 Million Security Prizes and Anti-Election Hacking Group

    Alex Stamos, Facebook's (FB, 2.89%) chief security officer and Fortune 40 Under 40 alum, announced that the company would contribute to the initiative during a keynote address at the Black Hat hacking conference in Las Vegas
    Read More
  • Jul 26, 2017 | eWeek

    Inside the Black Hat USA 2017 Security Conference WiFi Network

    Providing WiFi to 16,000 people in a busy conference center is not always an easy task, especially when many of the users are actively trying to hack the network. Yet, that's the situation at the Black Hat USA 2017 security conference underway here this week.
    Read More
  • Jul 26, 2017 | eWeek

    Defending Against Drone Incursions Isn't Easy, Black Hat Session Reveals

    At the Black Hat USA 2016 event last year, Francis Brown, Managing Partner at security firm Bishop Fox demonstrated the Danger Drone, an airborne hacking device.
    Read More
  • Jul 26, 2017 | eWeek

    Facebook Donates $1M in New Funds for Internet Security at Black Hat

    Facebook Chief Security Officer Alex Stamos outlined his views in an hour-long keynote at the Black Hat USA conference here on how the security industry should improve and also announced new investments to boost security.
    Read More
  • Jul 26, 2017 | eSecurity Planet

    Black Hat: Building a Ransomware Resilient File System with ShieldFS

    But what if there was a way that a backup could automatically be triggered whenever a possible ransomware attack were detected? That's the promise of the ShieldFS project that was presented at the Black Hat USA security conference here today by a team of researchers from Politecnico di Milano in Italy.
    Read More
  • Jul 26, 2017 | eSecurity Planet

    The Dark Tangent Reflects on 20 Years of Black Hat

    The Black Hat security conference is legendary in the information security industry today as being the place where some of the most interesting security research is first revealed, but that wasn't the original founding vision for the event.
    Read More
  • Jul 26, 2017 | Rob LeFebvre

    Facebook pledges funding to non-profit election security group

    Facebook's chief of security Alex Stamos announced the initial amount during the opening of the Black Hat information security conference in Las Vegas, but did not reveal how much Facebook would spend in total.
    Read More
  • Jul 26, 2017 | Dark Reading

    How Attackers Use Machine Learning to Predict BEC Success

    ngh advised his Black Hat audience to be "very, very suspicious" when replying to emails. More than enough of their personal data is available publically and can be used for social engineering.
    Read More
  • Jul 26, 2017 | Dark Reading

    FBI Talks Avalanche Botnet Takedown

    Tom Grasso, unit chief of the FBI's cyber division, took the Black Hat stage to discuss the processes and partnerships leading up to the massive Avalanche takedown in December 2016.
    Read More
  • Jul 26, 2017 | Dark Reading

    The Wild West of Security Post-Secondary Education

    Black Hat researchers will show how inconsistent security schooling is at the university level.
    Read More
  • Jul 26, 2017 | Dark Reading

    Hacking the Wind

    A security researcher at Black Hat USA shows how wind turbine systems are susceptible to potentially damaging cyberattacks.
    Read More
  • Jul 26, 2017 | CNET

    Malware now comes with customer service

    Malware strains like Locky and Cerber helped make ransomware a $25 million industry in 2016 and its operators are starting to operate like conventional corporations with "customer" service staff and outsourced resources, researchers explained Wednesday at Black Hat.
    Read More
  • Jul 26, 2017 | CNET

    These cheap phones come at a price -- your privacy

    At the Black Hat security conference in Las Vegas on Wednesday, researchers from Kryptowire, a security firm, revealed that Adups' software is still sending a device's data to the company's server in Shanghai without alerting people. But now, it's being more secretive about it.
    Read More
  • Jul 26, 2017 | CNET

    Security researchers hack ATM to make it spew cash

    During IOActive's "Breaking Embedded Devices" panel at Black Hat on Wednesday, researchers showed that it's not just computers, phones and servers that can be exploited -- it's anything with a chip or an internet connection, no matter how small its function.
    Read More
  • Jul 26, 2017 | CBNC

    Facebook funds Harvard effort to fight election hacking, propaganda

    acebook Chief Security Officer Alex Stamos announced the company's backing at the opening of the Black Hat information security conference in Las Vegas on Wednesday.
    Read More
  • Jul 26, 2017 | Dark Reading

    The Wild West of Security Post-Secondary Education

    Black Hat researchers will show how inconsistent security schooling is at the university level.
    Read More
  • Jul 26, 2017 | BBC News

    Facebook calls for a more people-centric security industry

    Alex Stamos scolded the security industry in the opening keynote of the 2017 Black Hat conference.
    Read More
  • Jul 26, 2017 | ABC News

    At hacker summit, a new focus on preventing brazen attacks

    Against a backdrop of cyberattacks that amount to full-fledged sabotage, Facebook chief security officer Alex Stamos brought a sobering message to the hackers and security experts assembled at the Black Hat conference in Las Vegas. In effect, he said, it's time to grow up.
    Read More
  • Jul 26, 2017 | CNBC

    Former Homeland Security chief on Russia probe: I'm worried about 2018 and 2020

    The Russia probe is a "serious issue," but there may be more concerning matters to focus on, Michael Chertoff said.
    Read More
  • Jul 26, 2017 | CRN

    The 10 Best -- And Scariest -- Hacks From 20 Years Of Black Hat Conferences

    Black Hat is one of the biggest stages for hackers and security researchers to demonstrate the latest and greatest hacks on devices, systems, and critical infrastructure.
    Read More
  • Jul 26, 2017 | 3 News Las Vegas

    Protecting infrastructure on the agenda at Black Hat

    I met Devost at Mandalay Bay, the day before Black Hat 2017 gets underway in earnest. The conference will attract more than 16,000 computer and information technology experts, talking about all aspects of computer intrusion and hacker prevention.
    Read More
  • Jul 26, 2017 | CSO

    Black Hat and DEF CON: The evolution of Hacker Summer Camp

    If you had to select one symbol of cybersecurity industry, you'd be hard pressed to find a better choice than the pair of conference, Black Hat Briefings (Black Hat) and DEF CON.
    Read More
  • Jul 25, 2017 | Washington Examiner

    Cyber defenders have a message that US policymakers should hear

    This week's 20th Black Hat USA conference and the 25th DEF CON hackers conference here offer cybersecurity researchers and technologists a chance to exchange notes on their often obscure trade, but they also provide a rare venue for discussion between corporate and government officials on one side and in-the-trenches cyber practitioners on the other.
    Read More
  • Jul 25, 2017 | Bank Info Security

    20 Hot Sessions: Black Hat 2017

    Security comes to Las Vegas: This week's Black Hat USA 2017 security conference is in full swing at the Mandalay Bay hotel.
    Read More
  • Jul 25, 2017 | The Hill

    Five things to watch for at 'hacker summer camp'

    Black Hat and Def Con have long been recruiting grounds for federal agencies looking for young, savvy cybersecurity talent.
    Read More
  • Jul 25, 2017 | MSSP Alert

    U.S Department of Homeland Security Showcases 10 Cybersecurity Apps at Black Hat Conference

    The feds spent more than $1 billion annually on cybersecurity research last year but hardly any of it hits the commercial market, the document reads. In fact, the idea behind the Black Hat showcase is to bridge that divide.
    Read More
  • Jul 25, 2017 | Fox 5 Vegas

    With hundreds of hackers headed to Vegas, here's how to keep your phone secure

    Technology experts took over Las Vegas Boulevard this week as two major conferences brought thousands to the strip. The Black Hat Convention takes place at Mandalay Bay from July 22 - 27.
    Read More
  • Jul 25, 2017 | eWeek

    How to Exploit RAT Command and Control Toolkits Detailed at Black Hat

    Grange, who is also known by his alias Professor Plum, will discuss at the Black Hat security conference here on July 27 his insight and analysis in a session titled 'Digital Vengeance: Exploiting the Most Notorious C&C Toolkits.'
    Read More
  • Jul 25, 2017 | eSecurity Planet

    Black Hat: The Next Generation of Red and Blue Security Testing is Purple Team

    Justin Harvey, global lead for the Accenture Security's Incident Response and Threat Hunting practice, thinks that it's time to move beyond Red and Blue. In a session at the Black Hat USA security conference here, Harvey is set to detail how to use a Purple Team as part of an advanced pre-breach planning exercise that can help measure effectiveness.
    Read More
  • Jul 25, 2017 | eSecurity Planet

    CrowdStrike Debuts Cybersecurity Search Engine Technology at Black Hat

    At the Black Hat USA conference here, CrowdStrike announced its latest innovation, a new cybersecurity search engine.
    Read More
  • Jul 25, 2017 | Forbes

    Google Warns Ransomware Boom Scored Crooks $2 Million A Month

    Cerber is the current number one menace, making $6.9 million to date, according to the research, released ahead of the Black Hat conference in Las Vegas this week.
    Read More
  • Jul 25, 2017 | BBC

    How easy is it to hack a cash machine?

    After cash machines were hacked in Thailand and Taiwan in 2016, Click asks if the same thing could happen again. Leigh-Anne Galloway, a security expert with Positive Technologies, says most cash machines are effectively a Windows XP computer attached to a safe.
    Read More
  • Jul 25, 2017 | SD Times

    Black Hat USA 2017: Machine learning is not a silver bullet for security

    Hyrum Anderson, technical director of data science for cybersecurity provider Endgame, presented research on machine learning malware evasion at this week's Black Hat USA 2017 conference in Las Vegas.
    Read More
  • Jul 25, 2017 | eWeek

    Black Hat, DefCon 2017 Security Conferences to Reveal New Threats

    The annual week of security conferences in Las Vegas gets underway as security researchers prepare to detail all manner of threats that put the modern connected world at risk.
    Read More
  • Jul 25, 2017 | eWeek

    Black Hat: How Hackers Brief the Board to Improve Security Outcomes

    Devost is planning on sharing his lessons learned in a session at the Black Hat USA conference here on July 26. In an interview in advance of his session, Devost provided eWEEK with some insights on things that security professionals can do to improve executive management security briefings.
    Read More
  • Jul 24, 2017 | WIRED

    A Clever New Tool Shuts Down Ransomeware Before it's Too Late

    The group, based out of the Politecnico di Milano in Italy, will present ShieldFS at the Black Hat security conference in Las Vegas on Wednesday.
    Read More
  • Jul 24, 2017 | Dark Reading

    7 Hardware & Firmware Hacks Highlighted at Black Hat 2017

    Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.
    Read More
  • Jul 24, 2017 | eWeek

    10 Tips to Stay Safe When You're at Black Hat or Everywhere Else

    The annual Black Hat USA security conference is underway this week, with training running from July 22-25 and briefings on July 26 and 27 at the Mandalay Bay in Las Vegas
    Read More
  • Jul 24, 2017 | ZDNet

    New details emerge on Fruitfly, a near-undetectable Mac backdoor

    Wardle is set to talk about the malware in more detail at the Black Hat conference in Las Vegas on Wednesday.
    Read More
  • Jul 24, 2017 | TechRepublic

    iCloud Keychain encryption bug exposes iOS passwords, credit card numbers

    Longterm Security will present more information on the issue in a session at Black Hat on Wednesday.
    Read More
  • Jul 22, 2017 | WIRED

    Antivirus for Andriod as a long, long way to go

    The team will present on and release AVPass at the Black Hat hacking conference in Las Vegas on Thursday.
    Read More
  • Jul 21, 2017 | Cyber Scoop

    Study: Zero days rediscovered much faster

    Herr, along with security guru Bruce Schneier and Christopher Morris, a research assistant from the Harvard school of engineering, published their findings this week after a lengthy peer-review process, and will present them at the Black Hat USA conference in Las Vegas next week.
    Read More
  • Jul 21, 2017 | ZDNet

    iCloud security flaw put iPhone, Mac passwords at risk

    'The bug we found is exactly the kind of bug law enforcement or intelligence would look for in an end-to-end encryption system,' said Alex Radocea, co-founder of Longterm Security, who is set to reveal more details about the now-fixed vulnerability at the Black Hat conference in Las Vegas on Wednesday.
    Read More
  • Jul 21, 2017 | ZDNet

    Dump the snake oil and show security researchers some respect

    The next several days of Black Hat USA, DEF CON, BSides, and other great events kick off the 2017 edition of what's been lovably known for years as 'Hacker Summer Camp.'
    Read More
  • Jul 21, 2017 | InHomelandSecurity

    2017 Cybersecurity Conferences Offer Information and Possibilities

    Black Hat 2017, a world-class information security event, will hold four days of technical training courses from July 22 to 25. These courses will be followed by two days of briefings and discussions on topics such as cryptography, data forensics, incident response, exploit development, malware, network defense and platform security. Another current topic is smart grid/industrial security.
    Read More
  • Jul 21, 2017 | CSO

    What to expect at Black Hat: Security hype and reality

    Look for machine learning, automation, orchestration, integration and threat intelligence to dominate the Black Hat security conference.
    Read More
  • Jul 21, 2017 | Security Intelligence

    Getting the Most Out of Black Hat

    Either way, Black Hat is an exciting experience that's as much about learning as it is about making contact with other professionals who share your interests in security.
    Read More
  • Jul 21, 2017 | The Times

    Hackers hijack a Segway and throw off its rider

    He will present his findings next week at the Black Hat USA computer security convention in Las Vegas. They are the latest in a series of setbacks for Segway, whose devices were among half a million hoverboards that had to be recalled last year after reports that their battery packs were exploding or catching fire.
    Read More
  • Jul 21, 2017 | Engineering.com

    Cybersecurity Experts Anticipate Major Attack in the Next Two Years

    Now, a survey of nearly 600 cybersecurity professionals has found that 60 percent of respondents believe a major breach of U.S. infrastructure will occur in the next two years. They also don't believe that the relevant defense and government agencies are prepared to respond. The findings come from Black Hat, a conference of cybersecurity researchers and enterprise information security professionals.
    Read More
  • Jul 21, 2017 | Las Vegas Magazine

    Q&A: Chris Coleman

    Ahead of this year's Black Hat USA Conference on July 26-27 at Mandalay Bay, we chatted with Chris Coleman, CEO of LookingGlass Cyber Solutions, which specializes in cybersecurity and threat intelligence solutions, to get some answers.
    Read More
  • Jul 20, 2017 | Las Vegas Review Journal

    Black Hat brings cybersecurity experts to Las Vegas

    Black Hat USA, which will be held at the Mandalay Bay, attracts more than 15,000 cybersecurity specialists representing both private industry and government from approximately 100 countries.
    Read More
  • Jul 20, 2017 | Threatpost

    Apple Patches Broadpwn Bug in iOS 10.3.3

    Nitay Artenstein, the researcher with Exodus Intelligence who discovered the vulnerability, is scheduled to do a talk on the vulnerability at Black Hat next week.
    Read More
  • Jul 20, 2017 | Apple Insider

    Apple's iOS 10.3.3 update protects against 'Broadpwn' Wi-Fi exploit

    While the flaw isn't mentioned by name in Apple's security notes, its discovery is credited to Nitay Artenstein from Exodus Intelligence, who helped find the Android equivalent and is preparing a presentation at this month's annual Black Hat conference in Las Vegas, according to CNET.
    Read More
  • Jul 20, 2017 | CNET

    If you use Wi-Fi on your iOS device, get this security update

    Nitay Artenstein, a security researcher at Exodus Intelligence, discovered the exploit and will be providing more details about his findings at a Black Hat presentation in Las Vegas on July 27.
    Read More
  • Jul 20, 2017 | Mashable

    New iOS update fixes a very dangerous bug

    Vulnerabilities as severe as this one are rare, as the Wi-Fi chip is separate from the device's main processor and it's hard to escalate a vulnerability from one to the other. Artenstein will describe how he did it at the Black Hat conference. His talk is scheduled for July 27.
    Read More
  • Jul 20, 2017 | New York Magazine

    Update to iOS 10.3.3 Now to Fix a Major Security Flaw in Wi-Fi

    Now that the security hole has been patched, Artenstein will release fulls details about the hack at the Black Hat conference next week.
    Read More
  • Jul 20, 2017 | Washington Post

    Update your Apple devices. Right now.

    The flaw affects millions of Apple and Android devices; Google's Android team released a patch for that platform earlier this month. Artenstein will be presenting the details of his findings at the Black Hat security conference next week.
    Read More
  • Jul 20, 2017 | eWeek

    Apple Updates IOS and macOS Security Ahead of Black Hat

    Among the most noteworthy issued patched by Apple this month is a vulnerability that has been dubbed 'Broadpwn' which is set to be discussed in detail at the Black Hat USA conference on July 27.
    Read More
  • Jul 20, 2017 | Dark Reading

    Using DevOps to Move Faster than Attackers

    Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
    Read More
  • Jul 19, 2017 | Wired

    Watch Hackers Take Over A Segway With Someone on It

    When Thomas Kilbride got a Segway MiniPro, its paired mobile app piqued his interest; by day, Kilbride works as an embedded device security consultant at IOActive.
    Read More
  • Jul 19, 2017 | Motherboard

    Heads Up, Hoverboarders: Hackers Could've Hijacked Your Deck Mid-Hover

    Earlier this year, a researcher at Washington-based security firm IOActive discovered a way of hacking into these Segway scooters through the app, meaning they could be remotely hijacked while a rider is moving.
    Read More
  • Jul 19, 2017 | IBT

    Can Hoverboards Be Hacked? Security Flaws Found In Segway Ninebot MiniPRO Hoverboard

    The vulnerabilities, discovered by researchers at cybersecurity firm IOActive, affect the Segway Ninebot miniPRO hoverboard and, if exploited, would allow an attacker to bypass safety mechanisms and gain the ability to remotely control the hoverboard.
    Read More
  • Jul 19, 2017 | Dark Reading

    'AVPass' Sneaks Malware Past Android Antivirus Apps

    Researchers at Black Hat USA will release a toolset that studies and then cheats specific Android AV apps.
    Read More
  • Jul 19, 2017 | Dark Reading

    Best of Black Hat: 20 Epic Talks in 20 Years

    In celebration of Black Hat's 20th birthday, we take a look back at the most memorable presentations and demos since the show's inception in 1997.
    Read More
  • Jul 19, 2017 | Forbes

    How To Hack Someone Off A Segway Scooter In 20 Seconds

    Attacks could be carried out with just 20 seconds of continuous Bluetooth connection to a Segway hoverboard, said IOActive researcher Thomas Kilbride. 'It may be sped up using other means,' he told Forbes. 'It's a little bit alarming.'
    Read More
  • Jul 19, 2017 | CSO

    Hackers can remotely control, hijack a Segway MiniPro hoverboard

    Leading up to the Black Hat conference, IOActive shows how a Segway Ninebot MiniPro hoverboard can be hijacked.
    Read More
  • Jul 19, 2017 | The Register

    Segway hoverboard hijack hack could make hipsters eat pavement

    In a talk due to be given at next week's Black Hat conference in Las Vegas, Thomas Kilbride, embedded devices security consultant for IOActive, will explain how it was possible to disable the anti-theft system on the miniPro in seconds via Bluetooth, with full control achievable in less than half a minute using a smartphone.
    Read More
  • Jul 19, 2017 | CNET

    Hackers can hijack your connected hoverboard

    IOActive will release its full research at the Black Hat cybersecurity conference, set for July 26 and 27 in Las Vegas.
    Read More
  • Jul 19, 2017 | CNET

    A $945 class teaches online scammers of the future

    The company will disclose more information during a presentation at the Black Hat cybersecurity conference, set for July 26 and 27 in Las Vegas.
    Read More
  • Jul 19, 2017 | Forbes

    Stopping Self-Driving Cars From Becoming Cybersecurity Weapons

    At the upcoming 20th annual Black Hat Conference (July 22-27), Billy Rios of Whitescope and Jonathan Butts of QED will present When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices. The talk will demonstrate how to make an IoT device intentionally strike a person.
    Read More
  • Jul 18, 2017 | CSO

    The best of Black Hat: The consequential, the controversial, the canceled

    Over the past two decades, the annual Black Hat conference has had its share of controversy. CSO looks back at the most significant talks and demonstrations.
    Read More
  • Jul 17, 2017 | Dark Reading

    Researchers Create Framework to Evaluate Endpoint Security Products

    Black Hat USA researchers tested more than 30,000 types of malware to learn the effectiveness of endpoint security tools - and they'll demonstrate how they did it.
    Read More
  • Jul 17, 2017 | Cyber Scoop

    Despite its hacking prowess, Russia appears to have very messy networks

    He added that, in reports on future data, including one being prepared for release at Black Hat, he would examine malware infections over time.
    Read More
  • Jul 14, 2017 | TechGenix

    Radiation Monitoring Devices At Risk For Attack From Hackers

    hough the Black Hat USA conference is not taking place until late July, there have been interesting previews of certain scheduled presentations. One of these is Go Nuclear: Breaking Radiation Monitoring Devices by Ruben Santamarta, principal security consultant at IOActive.
    Read More
  • Jul 14, 2017 | Dark Reading

    Cloud AV Can Serve as an Avenue for Exfiltration

    Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.
    Read More
  • Jul 14, 2017 | ITSP Magazine

    Join The New Gearhead at Black Hat 2017

    At this event you'll see hacking, drones, artificial intelligence, you name it. If it's something to do with security then it will probably be at Black Hat.
    Read More
  • Jul 14, 2017 | Help Net Security

    NTT Security to give away Gap Assessment at Black Hat USA 2017

    This year at Black Hat USA 2017, NTT Security is focusing on incident response readiness with a promotion called Swimming with the Sharks: The Need for Proactive Critical Incident Response.
    Read More
  • Jul 13, 2017 | Dark Reading

    Black Hat to Host Discussion on Diversity

    Those are just some of the topics we'll explore in-depth during the 'Making Diversity a Priority' panel discussion on July 26 at 3 p.m. PT during the Black Hat USA conference in Las Vegas.
    Read More
  • Jul 13, 2017 | Secuirty Brief AU

    ESET to take on Industroyer malware & 'post-truth plague' at Black Hat

    ESET is set to reveal the underside of the notorious Industroyer malware and the 'post-truth plague' that muddies the waters of cybersecurity advice at the upcoming Black Hat information security conference in Las Vegas later this month.
    Read More
  • Jul 13, 2017 | Help Net Security

    EFF offers legal advice to researchers at Black Hat, B-Sides and DEF CON

    But for those attending the Black Hat, B-Sides and DEF CON conferences in Las Vegas, there is another option: visit the EFF booths in person, and make an appointment with the staff lawyers directly.
    Read More
  • Jul 12, 2017 | Dark Reading

    How Active Intrusion Detection Can Seek and Block Attacks

    Researchers at Black Hat USA will demonstrate how active intrusion detection strategies can help administrators detect hackers who are overly reliant on popular attack tools and techniques.
    Read More
  • Jul 12, 2017 | VR Scout

    Hackers Use Ultrasonic Waves to Disrupt VR Headsets

    They also plan on further demonstrating their new method of attack on a wider spectrum of devices at this year's Black Hat Conference in July, such as sonic strikes on DJI drones.
    Read More
  • Jul 11, 2017 | eSecurity Planet

    Threats to U.S. Nuclear Power Plants Highlight Need for Real-Time Intrusion Detection and Prevention

    A recent Black Hat survey of 580 cyber security professionals found that 60 percent of respondents expect to see a successful cyber attack on U.S. critical infrastructure within the next two years, and just 26 percent believe U.S. government and defense forces are equipped and trained to respond appropriately.
    Read More
  • Jul 11, 2017 | Circle ID

    U.S. Critical Infrastructure Will Be Attacked Within 2 Years, According to 2017 Black Hat Survey

    According to a 2017 Black Hat Attendee Survey, cyberattacks on U.S. enterprise and critical infrastructure are coming soon, and in most cases defenders are not prepared.
    Read More
  • Jul 11, 2017 | IT Business Edge

    Nuclear Plants the Latest Security Target

    Black Hat is coming up later this month, but as a preview, a survey of attendees has been released.
    Read More
  • Jul 11, 2017 | Tech.co

    Small Businesses Are Going to Need Bug Bounties to Combat Cyber Attacks

    According to data released last week by Black Hat USA, cyber security professionals do not feel confident that their organizations are prepared for attacks on their infrastructure.
    Read More
  • Jul 11, 2017 | TechRepublic

    Video: Researchers predict large-scale cyberattack against US infrastructure in the next two years

    Conner Forrest discusses a new study by Black Hat research
    Read More
  • Jul 11, 2017 | Forbes

    Want To Ruin Someone's Oculus Rift Fun? Fire This Sonic Gun At Their Head

    They plan to reveal attacks on a wide range of systems at the Black Hat conference in Las Vegas this July, where they've promised to show off hits on DJI drones, potentially causing them to crash.
    Read More
  • Jul 10, 2017 | Dark Reading

    IoT Devices Plagued by Lesser-Known Security Hole

    Later this month at Black Hat USA in Las Vegas, Lundgren plans to demonstrate how an attacker could compromise exposed MQTT-based servers and issue phony commands in order to alter their operation or outcomes of their IoT-attached equipment.
    Read More
  • Jul 10, 2017 | Security Intelligence

    Google Patches Critical Android Vulnerabilities

    Google credited security researcher Nitay Artenstein of Exodus Intelligence for his work on the patched Broadcom issue. According to eWEEK, Artenstein will provide more insight into this vulnerability at the Black Hat security conference on July 27.
    Read More
  • Jul 9, 2017 | Blorge

    New Security Fixes For Android Released By Google

    So far, the one who discovered the bug has not given any solution but he will present his findings and conclusions in Vegas at the Black Hat conference.
    Read More
  • Jul 8, 2017 | BleepingComputer

    Broadpwn Bug Affects Millions of Android and iOS Devices

    Artenstein has not disclosed any information about the bug or exploit to the public, and he's set to give a presentation about Broadpwn at this year's Black Hat USA security conference that will be held in Las Vegas at the start of August.
    Read More
  • Jul 8, 2017 | IB Times

    What is Broadpwn? Google fixes bug that allows millions of Android phones to be remotely hacked

    Artenstein is slated to present his research on Broadpwn at this year's upcoming Black Hat USA.
    Read More
  • Jul 7, 2017 | eWeek

    Google Patches Critical Android Vulnerabilities in July Update

    Google credits the discovery of the newly patched CVE-2017-9417 Broadcom issue to security researcher Nitay Artenstein of Exodus Intelligence. Artenstein is scheduled to deliver a talk at the Black Hat security conference on July 27 that will provide more insight into the Broadcom vulnerabilities.
    Read More
  • Jul 7, 2017 | TechTarget

    Flawed Broadcom Wi-Fi chipsets get a fix, but flaw remains a mystery

    Google's July 2017 Android Security Bulletin included a fix for the vulnerability known as Broadpwn, but the details of the flaw won't be disclosed until the Black Hat USA 2017 conference later this month.
    Read More
  • Jul 7, 2017 | SC Magazine

    Reports: Feds issue alert after adversary breaches power plant business networks

    In a newly released Black Hat USA survey of 580 recent conference attendees, 60 percent of information security professionals said they believe that a successful cyberattack on U.S. critical infrastructure will take place within the next two years.
    Read More
  • Jul 7, 2017 | Channel Partners

    Survey: Cyberattack on Critical U.S. Infrastructure Will Happen in Next 2 Years

    Steve Wylie, Black Hat's general manager, tells Channel Partners it's clear from the survey that security leaders are not confident in the technology and services they've gotten so far, and are expecting more breaches in the near term.
    Read More
  • Jul 7, 2017 | Dark Reading

    IoT Physical Attack Exploit to be Revealed at Black Hat

    One of the first examples of such an IoT exploit that will do just that is slated to be presented by renowned researcher Billy Rios later this month at Black Hat USA in Las Vegas.
    Read More
  • Jul 7, 2017 | TechRepublic

    Massive cyberattack on US critical infrastructure will hit within 2 years, say 60% of security pros

    New Black Hat Research suggests that a major breach on US infrastructure could be imminent, and government agencies won't be able to react appropriately.
    Read More
  • Jul 7, 2017 | SDxCentral

    Security for IoT is a Growing Concern for IT and Executives

    According to a new report and survey released by Black Hat, enterprise IT department concerns over attacks or exploits on cloud services, applications, or storage systems increased from 11 percent last year to 15 percent this year. At the executive level, concern increased only slightly from 7 percent last year to 8 percent this year.
    Read More
  • Jul 7, 2017 | GCN

    Gloomy cyber forecast from Black Hat

    At one of the largest gatherings of cybersecurity professionals, attendees voiced their concerns about an attack on the nation's critical infrastructure and enterprise vulnerabilities.
    Read More
  • Jul 7, 2017 | TechTarget

    Cybersecurity skills gap fixes must support minorities

    In a survey of 580 scheduled attendees of the 2017 Black Hat conference to be held in Las Vegas, Black Hat found that 71% of respondents felt their companies lacked sufficient staff to defend itself against current cyber threats.
    Read More
  • Jul 6, 2017 | Threat Post

    Google Patches Critical 'Broadpwn' Bug in July Security Update

    Artenstein, who is scheduled to present his research on the Broadpwn vulnerability at Black Hat USA 2017, said in a preview of his talk the vulnerability, 'can be triggered remotely, without user interaction.'
    Read More
  • Jul 6, 2017 | Dark Reading

    Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years

    These serious concerns are among those registered by respondents to the 2017 Black Hat Attendee Survey, the results of which are being published Wednesday. The survey offers insights on the plans and attitudes of 580 experienced security professionals, including many cybersecurity leaders who work in critical-infrastructure industries.
    Read More
  • Jul 6, 2017 | Forbes

    Help! Hackers Stole My Password Just By Listening To Me Type On Skype!

    "If you were taking a conference call from your office, and let's assume you're working in an open space where there are other people, the possibility could be we're able to eavesdrop your keystrokes, your colleague's keystrokes and maybe it'll be possible to distinguish the two different sets," Conti said. "We think it's possible, we're working on this now." They'll present their latest version of Skype&Type at the Black Hat conference in Las Vegas this July.
    Read More
  • Jul 6, 2017 | CSO

    3 Tips to Get the Most Out of Black Hat/Defcon

    Las Vegas. Hate it or love it, for seven days each year Sin City is the gathering place for BSides Las Vegas, Black Hat, and DEF CON. Combined, these events are arguably the largest security gathering in North America, with professionals and enthusiasts both in attendance. Here's how to get the most out of your trip to the desert this summer.
    Read More
  • Jul 6, 2017 | Vice Motherboard

    iPhone Bugs Are Too Valuable to Report to Apple

    In August 2016, Apple's head of security Ivan Krstic stole the show at one of the biggest security conferences in the world with an unexpected announcement. "I wanna share some news with you," Krstic said at the Black Hat conference, before announcing that Apple was finally launching a bug bounty program to reward friendly hackers who report bugs to the company.
    Read More
  • Jul 6, 2017 | The Hacker News

    Millions of Android Devices Using Broadcom Wi-Fi Chip Can Be Hacked Remotely

    The BroadPwn vulnerability (CVE-2017-3544) has been discovered by Exodus Intelligence researcher Nitay Artenstein, who says the flawed Wi-Fi chipset also impacts Apple iOS devices. Since Artenstein will be presenting his finding at Black Hat 2017 event, details about the BroadPwn bug is scarce at this moment.
    Read More
  • Jul 6, 2017 | FCW

    Survey: Cyber pros fear attack on critical infrastructure

    The Black Hat survey of nearly 600 security professionals, 40 percent of whom work in critical infrastructure sectors, showed that 60 percent believe a successful attack will happen within two years, and only 10 percent do not.
    Read More
  • Jul 5, 2017 | Dark Reading

    Researchers Build Firewall to Deflect SS7 Attacks

    Security researchers will release an open-source SS7 firewall at Black Hat USA that aims to bolster security of mobile operators' core networks.
    Read More
  • Jul 3, 2017 | ITSP Magazine

    What About Facebook's Alex Stamos' Black Hat Keynote Got My Attention

    In fact, when I first saw the title of the Facebook chief security officer's Black Hat USA keynote address, I almost spit out my coffee: Stepping Up Our Game: Re-focusing the Security Community on Defense
    Read More
  • Jun 29, 2017 | Dark Reading

    Hacking Factory Robot Arms for Sabotage, Fun & Profit

    Black Hat talk will discuss how hackers could take over robotic arms, create micro-defects in products, and open up a new world of subtle blackmail.
    Read More
  • Jun 28, 2017 | WIRED

    Researchers Found They Could Hack Entire Wind Farms

    In interviews with WIRED and a presentation they plan to give at the Black Hat security conference next month, they're detailing the security vulnerabilities they uncovered.
    Read More
  • Jun 27, 2017 | SDxCentral

    Security Startup Jask Raises $14.5M for AI-Based Network Monitoring

    The company will release its security platform, called Trident, at Black Hat USA 2017 in July. The platform focuses on discovery, investigation, and incident response.
    Read More
  • Jun 23, 2017 | Dark Reading

    8 Hot Hacking Tools to Come out of Black Hat USA

    High-impact tools for white hats that will be revealed and released next month at Black Hat USA in Las Vegas.
    Read More
  • Jun 23, 2017 | Dark Reading

    RAT Vulnerabilities Turn Hackers into Victims

    At this year's Black Hat USA conference in Las Vegas, Grange will disclose several exploits that could allow for remote execution or remote information disclosure on machines running these common C&C components. His talk is titled "Digital Vengeance: Exploiting the Most Notorious C&C Toolkits."
    Read More
  • Jun 22, 2017 | Dark Reading

    Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices

    Santamarta won't name the affected vendors or provide many of the technical details of his findings until his presentation on his research next month at Black Hat USA, Go Nuclear: Breaking Radiation Monitoring Devices.
    Read More
  • Jun 19, 2017 | Dark Reading

    Major Websites Vulnerable to their Own Back-End Servers

    "People are basically just plopping down really complex servers to do caching, analytics, and loads of fancy complex functionality in front of their Web server without much thought as to whether these features might carry risks," says Kettle, who next month at Black Hat USA in Las Vegas will reveal the details of the hacks in his Cracking The Lens: Targeting Http's Hidden Attack-Surface presentation there.
    Read More
  • Jun 16, 2017 | Dark Reading

    Hacker Bypasses Microsoft ATA for Admin Access

    Microsoft's Advanced Threat Analytics defense platform can be cheated, a researcher will show at Black Hat USA next month
    Read More
  • Jun 15, 2017 | Dark Reading

    Samsung KNOX Takes Some Knocks

    Researcher at Black Hat USA will reveal Samsung KNOX 2.6 vulnerabilities and bypass techniques, and notes that new KNOX 2.8 may be at risk as well
    Read More
  • Jun 13, 2017 | Dark Reading

    How Bad Data Alters Machine Learning Results

    Sensitivity analysis tweaks inputs for machine learning models to see how output is affected. Sanders will present sensitivity results in her presentation titled "Garbage In Garbage Out: How Purportedly Great Machine Learning Models Can Be Screwed Up By Bad Data" at this year's Black Hat USA conference in Las Vegas.
    Read More
  • May 31, 2017 | Gizmodo

    Cops Think This Tijuana Biker Gang Hacked Into and Stole Over 100 Jeeps

    Just a couple years ago, a pair of hackers won a standing ovation at the Black Hat security conference in Las Vegas (as well as international media attention) after they figured out how to remotely gain control of a Jeep Grand Cherokee. Chrysler later recalled 1.4 million of the SUVs due to the hacking threat.
    Read More
  • Apr 27, 2017 | The Register

    Homebrew crypto SNAFU on electrical grid sees GE rush patches

    The company hasn't published much by way of detail, but spoke to Reuters after this Black Hat abstract was published (the talk will be delivered to the July conference in Las Vegas).
    Read More
  • Apr 26, 2017 | Reuters

    GE fixing bug in software after warning about power grid hacks

    The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to "disconnect sectors of the power grid at will," according to an abstract posted late last week on the Black Hat security conference website.
    Read More
  • Apr 5, 2017 | SC Magazine

    Black Hat Asia: In the era of 'trust attacks', what can we trust now? [Black Hat Asia 2017]

    Cyber-attacks, phishing and malware is creating a culture of mistrust, according to a speaker from Darktrace at Black Hat Asia. Nothing can be trusted nor wished away.
    Read More
  • Apr 4, 2017 | Hackaday

    Gigabytes the Dust with UEFI Vulnerabilities

    At this year’s BlackHat Asia security conference, researchers from Cylance disclosed two potentially fatal flaws in the UEFI firmware of Gigabyte BRIX small computers which allow a would-be attacker unfettered low-level access to the computer.
    Read More
  • Apr 4, 2017 | bit-tech

    Gigabyte Brix hit by UEFI vulnerabilities

    Researchers from security specialist Cylance revealed the vulnerabilities at the BlackHat Asia 2017 event, following hints at the earlier RSA Conference 2017 and after contacting Gigabyte privately with its findings.
    Read More
  • Apr 4, 2017 | Dailysecu

    [BlackHat Asia 2017 Hot Issue] Black Duck

    At BlackHat Asia 2017 held in Marina Bay Sands, Singapore from March 28th to 31st, I was able to meet a Black Duck official who is famous for managing open source security vulnerabilities.
    Read More
  • Apr 4, 2017 | ZDNet

    Wassenaar Arrangement: When small words have the power to shatter security

    At Black Hat USA last year, in an interview with Dark Reading, Moussouris called the agreement a "dragnet" which sweeps in software used for legitimate purposes, as well as offensive software which can be used for illegal purposes.
    Read More
  • Apr 3, 2017 | Kaldata

    Bugs in the firmware of Gigabyte BRIX enable putting malware directly into UEFI

    During the event BlackHat Asia 2017, specialists Cylance presented a special report about the vulnerabilities in the firmware of minicomputer Gigabyte BRIX. These vulnerabilities allow deployment of malware in UEFI.
    Read More
  • Apr 3, 2017 | Dailysecu

    [BlackHat Asia 2017] Judge Lee Seung-jin, CEO of Gray Hash Interview

    BlackHat Asia 2017 was held at Marina Bay Sands, Singapore from March 28 to 31, with a large number of hacking security experts and global security companies from around the world attending. I met a nice face here.It is Lee Seung-jin (Beist) of GrayHash.com, an offensive security research specialist attending the BlackHat Asia 2017 judging committee.
    Read More
  • Apr 3, 2017 | IT World

    UEFI flaws can be exploited to install highly persistent ransomware

    On Friday, at the Black Hat Asia security conference, the team revealed how they did it: by exploiting vulnerabilities in the firmware of two models of ultra compact PCs from Taiwanese computer manufacturer Gigabyte Technology.
    Read More
  • Apr 3, 2017 | CSO

    How CISOs can overcome cybersecurity pollution

    Last week, I had the pleasure to lead High-Tech Bridge’s team at Black Hat Asia 2017 in Singapore and present a session entitled "Modern challenges of Web Application Security”. At the event, many great companies were presenting exciting cybersecurity products and solutions, with very attractive and quite well-thought out marketing claims.
    Read More
  • Apr 3, 2017 | iThome

    Gigabyte two mini quasi-system UEFI firmware was detonated loopholes, there are risk of implantation of eligibility software

    Security industry Cylance in the last week's black hat hacking conference to expose two Gigabyte mini quasi-system, the use of UEFI firmware loopholes, may be hacker implantation eligibility software, Gigabyte is ready for one of the products release patch , Another product due to termination of the product will not repair.
    Read More
  • Apr 3, 2017 | Tech Talk Thai

    [Black Hat Asia 2017] Keynote Day 2 "Saumil Shah" 7 Facts About Security

    This article is a summary of the session Keynote Day 2 of the conference Black Hat Asia 2017 by Saumil Shah, Founder and President of Net Square, which is described in the section "THE SEVEN AXIOMS OF SECURITY" about the fact 7 reasons to develop a strategy for. Proactive protection To deal with cyber threats in the future.
    Read More
  • Apr 3, 2017 | Dark Reading

    Reactive to Proactive: 7 Principles Of Intelligence-Driven Defense

    "Bugs are around, they're going to be around forever. That's fine," admitted Net Square CEO Saumil Shah in his keynote "The Seven Axioms of Security" at Black Hat Asia 2017. This isn't because all software is buggy, he noted, but because today's technology is complex.
    Read More
  • Apr 2, 2017 | xakep

    Bugs in the firmware allows Gigabyte BRIX introduce malware directly into the UEFI

    The conference BlackHat Asia 2017 Cylance of experts presented a report on vulnerability in the firmware minicomputers Gigabyte BRIX, whereby in UEFI, you can embed malicious code.
    Read More
  • Apr 1, 2017 | Dailysecu

    BlackHat Asia 2017] Han Seung-hun, Researcher Kang Jeong-hwan,

    'BlackHat Asia 2017' was held from March 28th to 31st in Marina Bay Sands, Singapore. Many security experts from around the world attended the event, including global security issues, vulnerability announcements, training courses and security exhibits. Black Hat can be seen as a medium-sized conference between the commercial conference "RSA" and the hacker festival "Defcon".
    Read More
  • Apr 1, 2017 | BleepingComputer

    Gigabyte Firmware Flaws Allow the Installation of UEFI Ransomware

    Yesterday, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware.
    Read More
  • Apr 1, 2017 | CCIDNET.com

    Tencent computer housekeeper Hubble analysis system selected Black Hat "weapons spectrum"

    As the only selected Black Hat weapons spectrum of China's open source system, Hubble analysis system with automation, from the massive data extracted from the threat of intelligence and automatically identify millions of malicious files and attacks, the number of Tencent computer housekeeper users Security escort.
    Read More
  • Apr 1, 2017 | Tech Talk Thai

    [Black Hat Asia 2017] sees a simple picture using Machine Learning to detect malware.

    Many people have heard of the product owner. Next-generation Endpoint Protection / Antivirus Speaking of Artificial Intelligence or Machine Learning techniques to detect threats or abnormalities never seen before at the recent Black Hat Asia 2017 , Greg Singh, Director of Pre-Sales Engineering. Cylance has come up with a technique to get us to see more of Machine Learning.
    Read More
  • Apr 1, 2017 | Tech Talk Thai

    [Black Hat Asia 2017] Keynote Session First Day of Black Hat Asia 2017 by Halvar Flake

    Ended with Black Hat Asia 2017 International Security Conference at Marina Bay Sands, Singapore. TechTalkThai team has the opportunity to attend this event. I will gradually summarize the content of each session to read it offline. Start with the first, which summarizes yesterday's Keynote session, by Halvar Flake, Google's Big Data and Machine Learning expert on "WHY WE ARE NOT BUILDING A DEFENDABLE INTERNET"
    Read More
  • Mar 31, 2017 | ComputerWeekly.com

    How IT can be more defensible

    Thomas Dullien, a reverse engineer and vulnerability researcher at Google, told a packed audience of IT security practitioners at Black Hat Asia in Singapore that part of the problem lays with the fact that the IT market is dominated by a few large suppliers.
    Read More
  • Mar 31, 2017 | The Register

    Researchers steal data from CPU cache shared by two VMs

    The results sound scarily impressive: a Black Hat Asia session detailing their work promised to peer into a host's cache and stream video from VM to VM.
    Read More
  • Mar 30, 2017 | Network Asia

    SDN solves a lot of network problems, but security isn't one of them

    In his Black Hat 2015 presentation, Abusing Software Defined Networks, Pickett said that SDN offers the ability to have the network respond on its own to threats. While it offers promise, SDN still has security holes.
    Read More
  • Mar 30, 2017 | TechWorm

    BEWARE iPhone Owners! Your Smartphones Can Be Hacked By Just Connecting To Any Wi-Fi

    “The victim will only have to join the Wi-Fi network, and then the device will be compromised without any user interaction, bypassing all iOS mitigations and sandboxes,” reads a blurb of Grassi’s presentation for the Black Hat Asia hacking conference.
    Read More
  • Mar 30, 2017 | Dark Reading

    Internet's Security Woes are Not All Technical

    Google engineer Halvar Flake discussed the actors, incentives, and industry challenges impeding Internet security as part of his keynote "Why We Are Not Building A Defendable Internet" here this week at Black Hat Asia 2017. Protected devices are part of the solution, but there's more to risk management, he said.
    Read More
  • Mar 28, 2017 | iTech Post

    iPhone Owners Beware, Your Smartphones Can Be Hacked Using Wi-Fi

    The hack was described as "remotely compromising iOS via Wi-Fi and escaping the Sandbox". Marco Grassi, the Senior Security Researcher of Keen Lab of Tencent, will discuss the possibility of hacking iPhones using Wi-Fi in a talk which will be held on March 30 at the Black Asia Hat hacking conference.
    Read More
  • Mar 27, 2017 | Forbes

    A Great Reason To Update Your iPhone: This Hack Breaks iOS Security With Just A Wi-Fi Connection [Black Hat Asia 2017]

    The blurb for a presentation at the Black Hat Asia hacking conference this week would likely concern any iPhone owner: "The victim will only have to join the Wi-Fi network, and then the device will be compromised without any user interaction, bypassing all iOS mitigations and sandboxes."
    Read More
  • Mar 27, 2017 | Forbes

    A Great Reason To Update Your iPhone: This Hack Breaks iOS Security With Just A Wi-Fi- Connection

    A Great Reason To Update Your iPhone: This Hack Breaks iOS Security With Just A Wi-Fi- Connection
    Read More
  • Mar 15, 2017 | CBS Chicago

    'Chip' Cards Not Infallible

    CBS 2's Dorothy Tucker reports on what consumers can do to protect themselves.
    Read More
  • Feb 13, 2017 | Dark Reading

    New Bug Bounty Program Targets IoT Security

    Both Liu and Song will be at Black Hat Asia 2017 to discuss design misconceptions and implementation mistakes that developers may overlook in IoT devices. Their briefing is entitled "Daily-Life Peeper: Bug Hunting and Exploit Techniques in IoT."
    Read More
  • Feb 5, 2017 | The Merkle

    HomeNewsFeatured4 Ways Your Devices are Spying on you Right now 4 Ways Your Devices are Spying on you Right now

    Researchers discovered this potential privacy attack and presented their findings during Black Hat Europe 2016. Although no law enforcement has officially confirmed they are using this technology, it appears to be a tool up the sleeve of agencies such as the NSA and FBI. Ultrasound cross-device tracking is a grave threat to privacy all over the world and it will not go away anytime soon.
    Read More
  • Nov 14, 2016 | International Business Times

    The little security flaw that enables you to immediately log into one billion Android app accounts

    At Black Hat Europe 2016, the researchers demonstrated that if the attacker could discover the email address associated with your Facebook profile, and your name that they could then get out their own mobile device, download the IMDB app and use a man-in-the-middle proxy to replace your profile with their profile.
    Read More
  • Nov 7, 2016 | SC Magazine

    Blackhat EU: Breaking Big Data

    Former intelligence officer David Venable gave a crowd at Blackhat EU 2016, a rundown of what big data, and bad data in the private sector could mean for your privacy.
    Read More
  • Nov 4, 2016 | International Business Times

    Belkin WeMo devices could be hacking your smartphone – here's why you need to update now

    The outcome of the hack could give a cybercriminal the ability to steal photos and even track locations in real time, the researchers said. The findings will be revealed in greater detail at Black Hat Europe in a talk titled 'Breaking BHAD: Abusing Belkin Home Automation Devices'.
    Read More
  • Nov 4, 2016 | International Business Times

    Security experts reveal secret to catching online scammers and counterfeiters

    Taking to the stage at Black Hat Europe 2016, attended by IBTimes UK, the researchers demonstrated how Passive DNS – a collection of domain names and IP addresses – can be mixed with advanced "web crawling" to create a visualisation of sellers and counterfeiters.
    Read More
  • Nov 4, 2016 | International Business Times

    Hacker, businessman, government adviser: Black Hat founder Jeff Moss on cybersecurity

    IBTimes UK speaks to The Dark Tangent at Black Hat Europe 2016.
    Read More
  • Nov 3, 2016 | SC Magazine

    Zero-days detected on WeMo Android apps, fixed

    The study into the security vulnerabilities will be presented on Friday at Black Hat Europe 2016 in London by the two Invincea researchers who detected the flaws: Scott Tenaglia, research director and principal research engineer, and Joseph Tanen, lead research engineer.
    Read More
  • Nov 3, 2016 | International Business Times

    How to stop the Mirai botnet: Can blocking Port 23 fight further DDoS attacks?

    ISPs might need to step in to deal with IoT devices that can't be patched.
    Read More
  • Nov 3, 2016 | CIO

    Mobile subscriber identity numbers can be exposed over Wi-Fi

    For example, someone could set up a device that creates spoofed access points for all the Auto Wi-Fi profiles hard-coded into iOS and then grab the IMSI numbers for all nearby iPhones, O'Hanlon said Thursday during a presentation at the Black Hat Europe security conference in London.
    Read More
  • Nov 3, 2016 | International Business Times

    The great smartphone security scare: Your mobile can be hijacked and tracked without you knowing

    Cybersecurity researchers Piers O'Hanlon and Ravishankar Borgaonkar from Oxford University have demonstrated a new attack at Black Hat Europe 2016 that enables hackers to capture a smartphone's unique 15-digit IMSI number within a second as they walk past, and then use that number to spy on the user's movements.
    Read More
  • Nov 3, 2016 | Forbes

    This Hack Can Silently Break Into 1 Billion Android App Accounts

    As they will note in the paper, released this week in anticipation of the researchers' Black Hat Europe talk on Friday, the flaws can be exploited remotely by an attacker to sign into a victim’s mobile app account without any awareness of the victim. Previously, attacks required some interaction from the user, the researchers said.
    Read More
  • Nov 2, 2016 | Forbes

    Your WeMo Smart Home Can Spy On Your Android Smartphone

    The update landed as Invincea Lab researchers Scott Tenaglia and Joe Tanen prepared to talk about the hacks at the Black Hat Europe conference taking place in London this week. And whilst Belkin's update addresses the issues, the hackers told FORBES it was possible to completely kill the update process on already-compromised devices, preventing any fix from ever being delivered.
    Read More
  • Nov 2, 2016 | IOT Journal

    Security Firm to Detail Vulnerabilities in WeMo Switch and Android App

    On Friday, at Black Hat Europe, an annual conference for the information security industry, Invincea Labs will detail two security vulnerabilities that it has discovered in smart-home products and an app made by WeMo—one of which would expose a user's smartphone photos and location to an attacker.
    Read More
  • Nov 2, 2016 | Computerworld

    WeMo devices can hack your Android phone, so attacker can track you, steal photos

    The duo’s talk, “Breaking BHAD: Abusing Belkin Home Automation Devices,” will be presented at Black Hat Europe in London.
    Read More
  • Nov 2, 2016 | eWeek

    Belkin Fixes Security Flaws in Its WEMO IoT Devices

    At Black Hat Europe, Invincea researchers will talk about vulnerabilities they found in Belkin's home automation devices. Belkin has since patched the flaws.
    Read More
  • Nov 2, 2016 | Network World

    Black Hat Europe: IoT devices can hack phones

    Tenaglia and his fellow researcher Joe Tanen are presenting their research this week at Black Hat Europe in London.
    Read More
  • Sep 30, 2016 | Dark Reading

    10 Hottest Sessions At Black Hat Europe 2016

    A sneak-peek at some of the more intriguing Briefings at the upcoming conference in London.
    Read More
  • Sep 15, 2016 | Dark Reading

    PLCs Possessed: Researchers Create 'Undetectable' Rootkit

    New attack to be revealed at Black Hat Europe conference silently overtakes industrial network processes.
    Read More
  • Aug 17, 2016 | Threat Post

    Browser Address Bar Spoofing Vulnerability Disclosed

    Some details about the flaw were disclosed yesterday by researcher Rafay Baloch, who presented a paper on the broader topic of address bar spoofing in March at Black Hat Asia in Singapore.
    Read More
  • Aug 13, 2016 | Investor's Business Daily

    Black Hat 2016: Ransomware Could Lock Your Brakes ... At 75 MPH

    Black Hat's most recent iteration this month drew more than 15,000 cybersecurity-minded professionals to Las Vegas, topping last year's event by at least 4,000. Neon was seemingly the color du jour, in theme with the Strip's bright lights.
    Read More
  • Aug 12, 2016 | IT Security Planet

    Certifications and Ratings in the Cybersecurity Guarantee Market

    Having written on the topic of cyber insurance in the past—and having seen Jeremiah Grossman, Chief of Security Strategy at SentinelOne, speak on the topic of cyber insurance and software guarantees at no fewer than three InfoSec conferences in the past year (AppSec California 2016, ISSA Los Angeles 2016, and Black Hat USA 2016)—I decided to explore the guarantee portion of the topic. This article is a result of Grossman’s presentation materials combined with interviews conducted with the software guarantee champion.
    Read More
  • Aug 11, 2016 | Business Insider

    We played with the extreme $1,000 case that stops your phone from spying on you

    Amid a huge number of cybersecurity companies pitching their wares at the Black Hat security conference last week in Las Vegas, one was offering a product geared toward CEOs and government officials — or the ultraparanoid.
    Read More
  • Aug 11, 2016 | CSO

    Samsung both denies and admits mobile payment vulnerability

    Security researcher Salvador Mendoza demonstrated a flaw in Samsung Pay at Black Hat last week, in which the tokens used to secure transactions could be predicted, and used to authorize fraudulent payments.
    Read More
  • Aug 10, 2016 | Dark Reading

    PLC Worms Pose Stealthy Threat To Industrial Systems

    Researchers at Black Hat USA demonstrated 'PLC Blaster' worm capable of infecting programmable logic controllers and spreading to other systems.
    Read More
  • Aug 10, 2016 | Yahoo! Finance

    Are Chip Cards Counterfeit-Proof? Not Exactly

    Computer researchers may have found a flaw in chip-based credit cards. Though the cards are designed to combat fraudulent cloning, apparently there’s a way to rewrite the magnetic strip code so it resembles the standard Europay, MasterCard and Visa (EMV) card. Researchers at the payment technology company NCR presented their findings at the Black Hat computer security conference last Wednesday, CNN Money reported. “There’s a common misperception EMV solves everything,” Patrick Watson, one of the researchers, reportedly told the site. “It doesn’t.”
    Read More
  • Aug 10, 2016 | Dark Reading

    Government, Hackers Learn To Make Nice

    It's not every day you hear the chief technologist at the Federal Trade Commission brag about learning how to pick a lock. But that small side trip during the recent Black Hat USA conference in Las Vegas proved illuminating for the FTC's Lorrie Faith Cranor and underscored the changing relationship between government and the hacker community.
    Read More
  • Aug 10, 2016 | TechTarget

    Breaking all the things at Black Hat

    The Black Hat conference has long been the security conference where speakers announce fairly frightening breaks in security. In the past, a lot of the energy went into targeting desktop and mobile operating systems, along with a steady stream of ways to convert the uncharted territory in widely used internet protocols into “weaponizable” exploits.
    Read More
  • Aug 9, 2016 | Fortune

    What Snapchat Was Doing at Black Hat

    Tucked away among the booths in a far corner on the showroom floor at the Black Hat cybersecurity conference this year, one company’s signage—a ghostly silhouette on a vertically-oriented, lemon-hued banner—stood out like the sore thumb of an avid selfie-snapper: Snapchat.
    Read More
  • Aug 9, 2016 | Business Insider

    These two guys just hacked the chip card that was supposed to keep your credit card safe

    In a demonstration of the research on Wednesday, Valtman and his colleague Patrick Watson showed that an attacker can capture what is called Track 2 data that's transmitted from the card to the card reader using a small Raspberry Pi computer. The captured data, which is sent unencrypted, can then be used to create a normal magstripe card for use on older, offline systems.
    Read More
  • Aug 9, 2016 | Help Net Security

    Bringing security into IT and application infrastructures

    In this podcast recorded at Black Hat USA 2016, Chris Carlson, VP of Product Management, Cloud Agent Platform at Qualys, talks about a new trend in bringing security into IT and application infrastructures, as well as working with the DevOps team for increased security.
    Read More
  • Aug 9, 2016 | CNN

    How hackers could swing the election

    At the Black Hat security conference in Las Vegas, Laurie Segall talks to CrowdStrike CEO George Kurtz about the DNC hack, and learns how electronic voting machines could be vulnerable to hackers.
    Read More
  • Aug 9, 2016 | Newsweek

    Nigerian Scammers Accidentally Infect Themselves With Own Malware

    The scheme, detailed in a report presented at the Black Hat security conference in Las Vegas last week, is a more sophisticated version previously used by scammers called a Business Email Compromise (BEC).
    Read More
  • Aug 9, 2016 | SC Magazine

    Researcher warns of flaws in Samsung Pay tokenisation and mag stripe features

    A researcher presenting at Black Hat claims to have found vulnerabilities in Samsung Pay's tokenisation mechanism and its magnetic secure transmission (MST) contactless payment technology that could allow hackers to steal users' tokens and make fraudulent purchases.
    Read More
  • Aug 9, 2016 | On the Wire

    On the Wire Podcast: Black Hat Roundtable

    n the midst of the Black Hat mayhem last week, Dennis Fisher took some time to sit down for a group podcast with some fellow journalists and other guests, including Patrick Gray of the Risky Business podcast, Jessy Irwin, Mike Mimoso of Threatpost, Fahmida Rashid of InfoWorld, Chris Brook of Threatpost, and Brian Donohue of Booz Allen Hamilton’s Cyber4Sight team. This episode covers a wide range of topics, including the most interesting sessions at the conference, 0-day sales, security research on security products, and how the media covers it all.
    Read More
  • Aug 9, 2016 | ZDNet

    Samsung is all talk, no fix after researcher finds Pay flaw

    In security, how a company responds to a potential flaw matters. Samsung may learn that lesson as it dueled on social media after a researcher revealed a flaw in Samsung Pay.The Korean electronics giant has disputed a security researcher's findings, who last week at the Black Hat security and hacking conference detailed what he described as "limitations" in the company's mobile payments system, Samsung Pay.
    Read More
  • Aug 9, 2016 | Engadget

    Samsung denies its mobile payment platform is insecure

    Every year the Black Hat conference highlights and analyzes security vulnerabilities in common services public awareness and a little infamy. On Sunday, a researcher released a paper criticizing the point-of-service purchasing system Samsung Pay for perceived weakness in its algorithm that could be exploited by hackers. In its security blog, the Korean tech giant refuted the claims, insisting that its math is different than described in the report and therefore still sound.
    Read More
  • Aug 8, 2016 | SC Magazine

    Black Hat Las Vegas: Miller, Valasek unveil new attack, retire from car hacking

    Famed car hackers Chris Valasek and Charlie Miller hung up their spikes Friday at Black Hat, announcing at the end of their presentation that they were moving on, but not before revealing a few more vulnerabilities in a Jeep Cherokee.
    Read More
  • Aug 8, 2016 | Threatpost

    iOS 9.3.4 Patches Critical Code Execution Flaw

    Apple last week patched a critical iOS memory corruption vulnerability that could allow attackers to execute code on compromised devices. The flaw was found by Team Pangu, a Chinese hacker group that specializes in building iOS jailbreak tools. The vulnerability is fixed in iOS 9.3.4.
    Read More
  • Aug 8, 2016 | PC Mag

    Apple Exposes iOS Security Details

    You've heard by now that Apple announced a new bug bounty program at the recent Black Hat conference. In an unusual appearance, Ivan Krstic, Apple's head of security engineering and architecture, made the announcement himself.
    Read More
  • Aug 8, 2016 | CRN

    10 Scenes From Black Hat 2016 That Show Security Is Red Hot

    More than 15,000 hackers and security professionals gathered at the Mandalay Bay hotel in Las Vegas last week for Black Hat 2016. With that came bunch of seriously wacky and wild sights, including giant robots, alien bars and booths to physically bash competitive security solutions. However, there were also some serious sights, including a keynote addressing the future of iInternet security, new vendor debuts and the latest in car hacking vulnerabilities. CRN was on site at the event last week – here are 10 sights that stood out from the show floor this year.
    Read More
  • Aug 8, 2016 | Network World

    A few thoughts from Black Hat 2016

    Last week’s Black Hat 2016 conference was a whirlwind of activity. Here are a few of my takeaways. I kind of like Black Hat better than the RSA Conference. At Black Hat, you talk about the real challenges facing our industry and discuss intellectual ways to overcome them.
    Read More
  • Aug 8, 2016 | The Guardian

    The state of cyber security: we’re all screwed

    When cybersecurity professionals converged in Las Vegas last week to expose vulnerabilities and swap hacking techniques at Black Hat and Defcon, a consistent theme emerged: the internet is broken, and if we don’t do something soon, we risk permanent damage to our economy.
    Read More
  • Aug 8, 2016 | Fortune

    Here's What You Missed at Black Hat and Defcon

    Greetings from Las Vegas, where Black Hat and Defcon, the world’s biggest code cracking confabs, took place this week. If you tried to contact me, our communications were probably intercepted. Oh well.
    Read More
  • Aug 8, 2016 | SDxCentral

    SDN Security Researchers State Their Case at Black Hat

    Presenting at Black Hat on Thursday, Yoon and Lee introduced SDNSecurity.org, an organization focusing on identifying SDN security issues and their possible solutions. The group has been at work for a little while, finishing eight projects with eight more in the hopper, and a relaunch of the website is due in September.
    Read More
  • Aug 8, 2016 | IT Security Planet

    Equal Respect: Removing Roadblocks to Diversity in Infosec

    Although there’s been a big push for decades to bring in more diverse candidates among those who qualify, the women on this panel illustrated how their industries are still inadvertently putting up a roadblock to diversity right from the initial recruiting and hiring stage. And women and minorities are being excluded – from job descriptions to informal company events – by people who aren’t necessarily aware that they are subscribing to some form of -ism (racism, sexism, heterosexism).
    Read More
  • Aug 8, 2016 | IT Security Planet

    Cybersecurity? There's No Accounting for Human Weakness

    The common thread I heard in the majority of the sessions at this year’s Black Hat conference was: the human factor. In other words, security only works if you actually implement it, rigorously stick to it, and consistently update it. It’s like having a state-of-the art alarm system on your house but then leaving the bedroom window open for fresh air. Or hiding the door key under the front mat.
    Read More
  • Aug 8, 2016 | ESG

    Six for 16: Black Hat 2016 takeaways

    With the largest Black Hat to date now in the rear view mirror, it’s clear there is edginess not only in the hacker community, but also in hot cybersecurity market segments where vendors are competing for thought leadership as well as wallet share.
    Read More
  • Aug 8, 2016 | Help Net Security

    Malware hidden in digitally signed executables can bypass AV protection

    Researchers have shown that it’s possible to hide malicious code in digitally signed executables without invalidating the certificate, and execute this code – all without triggering AV solutions. Tom Nipravsky, from Tel Aviv-based Deep Instinct, presented the results of their research at Black Hat USA 2016, but didn’t release PoC code as it would be too dangerous.
    Read More
  • Aug 8, 2016 | eWeek

    Black Hat USA Shows Enterprises Fail to Learn Security 101 Lessons

    There was plenty of news last week during Black Hat USA about new cyber-threats, vulnerabilities and exploits. The good news is that security technologies are more advanced than ever and researchers are getting better at spotting hacks and malware.
    Read More
  • Aug 8, 2016 | PC Mag

    The Good and the Terrifying Things at Black Hat 2016

    Black Hat is a gathering of security researchers, hackers, and industry that meets in Las Vegas to do three things: outline the latest threats, show how the good guys and the bad guys can be defeated, and launch attacks on the attendees.
    Read More
  • Aug 6, 2016 | International Business Times

    Top 5 scary hacks that emerged from the Black Hat USA hacker conference

    The annual Black Hat USA conference attracts thousands in the cybersecurity community every year and thanks to the milling hackers, new and innovative cyber-exploits have emerged, which can be both fascinating and scary. This year's conference has produced an impressive array of attacks, highlighting how hackers can manipulate every gadget and even the Internet of Things (IoT) to launch attacks.
    Read More
  • Aug 6, 2016 | NOS

    Future of Internet worries hackers

    When you think of the Internet decades ago never really thought about their safety. A large group of hackers, who this week together in Las Vegas, is therefore concerned about the future of the web. "We need to make the Internet safer really," said hacker Dan Kaminsky at Black Hat, one of the two security conferences in Las Vegas.
    Read More
  • Aug 5, 2016 | CRN

    Black Hat 2016: 10 Security Threats To Watch

    Thousands of hackers and security professionals turned out in Las Vegas this week to the annual Black Hat conference, looking to see the latest and greatest threats facing the security space today. In presentations throughout the week, security researchers and hackers presented their exploit and vulnerability findings, revealing vulnerabilities in connected devices, business infrastructure and more.
    Read More
  • Aug 5, 2016 | NBC News

    'Jeep Hackers' Are Back With a Scary New Trick

    Imagine driving down the highway with your foot on the gas and hands on the steering wheel, only to come to a screeching halt without ever hitting the brakes. Two security researchers who detailed an apparent hack into a 2014 Jeep Cherokee last year shared their latest exploits at the Black Hat hacker conference on Thursday in Las Vegas.
    Read More
  • Aug 5, 2016 | PC Mag

    Car Hackers Return to Black Hat with New Attacks to Drive You Off the Road

    Over the last few years, Charlie Miller and Chris Valasek have done dramatic work attacking connected cars. Now, they return to Black Hat to show off their most recent research. And this time, they can do even more.
    Read More
  • Aug 5, 2016 | NOS

    Hackers again break a Jeep Cherokee

    Two American security researchers hacked again a Jeep Cherokee. They told at Black Hat, a security conference in Las Vegas. They could send a sudden upset or turn on the brakes.
    Read More
  • Aug 5, 2016 | Motherboard VICE

    Afraid of the Dark? Too Bad, Your Smart Bulbs Can Be Hacked

    Ronen and Colin O’Flynn, a PhD student at Dalhousie University in Canada, detailed these risks in a presentation at the Black Hat Security conference in Las Vegas on Thursday. The two conducted independent, separate research into the Philips Hue.
    Read More
  • Aug 5, 2016 | Tech.Co

    Your Airbnb Wi-Fi Is Not Secure: How to Protect Yourself When Traveling

    Ask a room of security professionals, like a group of BlackHat attendees, whether they are willing to connect to wi-fi without using some secondary form of protection, and the answer will be a resounding “No.” But plenty of business travelers operate under the assumption that wi-fi security is increased at an Airbnb as opposed to connecting to the same network as hundreds of other visitors.
    Read More
  • Aug 5, 2016 | CNN

    Watch a hacked ATM spew cash

    Cybersecurity researchers took advantage of the lag time on a chip card to steal its information and route it to a hacked ATM, making the machine pour out cash.
    Read More
  • Aug 5, 2016 | Infosecurity Magazine

    #BUHSA Attacks on Activists are Prevalent, but Unsophisticated

    Speaking at the Black Hat conference in Las Vegas, EFF staff technologist Cooper Quintin and global policy analyst Eva Galperin revealed research about how activists and journalists were targeted. In particular, in what it called "Operation Manul".
    Read More
  • Aug 5, 2016 | Infosecurity Magazine

    #BHUSA: Iran’s Soft War Gets Harder

    Presenting before an audience at the Black Hat USA conference in Las Vegas on “Iran and the Soft War for Internet Dominance,” Collin Anderson, a Washington D.C.-based computer scientist focused on internet controls and restrictions on communications, and Claudio Guarnieri, senior research fellow at Citizen Lab, discussed the research they are doing into how groups in Iran use social media and applications to wage its propaganda war, and attack opponents.
    Read More
  • Aug 5, 2016 | Infosecurity Magazine

    #BHUSA: Apple To Pay Bug Bounties

    Speaking at the Black Hat conference in Las Vegas, Ivan Krstic, Apple’s head of security engineering and architecture, outlined the new security program, which launches in September. Citing “the increasing difficulty to find its most critical security issues,” Krstic says the added help from the white-hat hacking community is important to find flaws as Apple’s iOS security mechanisms are getting strong with the release of iOS 10.
    Read More
  • Aug 5, 2016 | Karen Epper Hoffman

    #BHUSA Researchers Present Deep Sea Phishing Exercise

    Presenting at the Black Hat conference in Las Vegas, John Seymour, data scientist, and Philip Tully, senior data scientist, both with ZeroFOX, discussed how they used a combination of traditional natural language processing, histograms, and parsing information from user profiles to build a much more effective automated phishing campaign.
    Read More
  • Aug 4, 2016 | Investor's Business Daily

    Black Hat 2016: Apple iPhone Updates Drub Android Counterparts

    Apple (AAPL) iPhones are drubbing their Android counterparts on the mobile security front, say Atredis Partners founders Shawn Moyer and Josh Thomas. But Apple's dominance isn't necessarily tied to a more potent security posture.
    Read More
  • Aug 4, 2016 | ZDNet

    With its bug bounty, Apple shows it finally finds hackers useful

    Apple will soon begin paying hackers and researchers who privately disclose security flaws in the company's products.
    Read More
  • Aug 4, 2016 | Reuters

    Apple offers big cash rewards for help finding security bugs

    The maker of iPhones and iPads provided Reuters with details of the plan, which includes some of the biggest bounties offered to date, ahead of unveiling it on Thursday afternoon at the Black Hat cyber security conference in Las Vegas.
    Read More
  • Aug 4, 2016 | CNET

    Hack Apple, get paid

    How much is a flaw in Apple software worth? The answer to that question has long been a mystery, because Apple didn't pay security researchers who reported bugs to the company.
    Read More
  • Aug 4, 2016 | Ars Technica

    Starting this fall, Apple will pay up to $200,000 for iOS and iCloud bugs

    As part of a security presentation given at this year's Black Hat conference, Apple today announced that it would be starting up a bug bounty program in the fall. The program will reward security researchers who uncover vulnerabilities in Apple's products and bring them to the company's attention. Google, Microsoft, Facebook, and many other companies have offered bug bounty programs for some time now, but this is Apple's first.
    Read More
  • Aug 4, 2016 | Tom's Guide

    'BadTunnel' Flaw Threatens All Versions of Windows

    An implementation flaw in an ancient Windows networking service lets attackers remotely seize control of the internet connections on every Windows PC made in the past 20 years, security researcher Yang Yu said at the Black Hat security conference here today (Aug. 4).
    Read More
  • Aug 4, 2016 | TechCrunch

    Apple announces long-awaited bug bounty program

    While security has been a crucial part of its corporate narrative, Apple has quietly refused to pay for bug reports, at times frustrating security researchers who found it difficult to report flaws to the company. That changed today, as Apple’s head of security engineering and architecture, Ivan Krstic, announced to Black Hat attendees that Apple will begin offering cash bounties of up to $200,000 to researchers who discover vulnerabilities in its products.
    Read More
  • Aug 4, 2016 | The Verge

    Apple is launching an invite-only bug bounty program

    Apple is planning a new bug bounty program that will offer cash in exchange for undiscovered vulnerabilities in its products, the company announced onstage at the Black Hat conference today. Launching in September, the program will offer cash rewards for working exploits that target the latest version of iOS or the most recent generation of hardware.
    Read More
  • Aug 4, 2016 | USA Today

    Car hackers say they've hijacked Jeep brakes

    In 2015, automotive cybersecurity researchers Charlie Miller and Chris Valasek showed how they could remotely stop a car and disable its brakes when it was going below five miles per hour. This year, they unveiled a new exploit: while in the car, plugging into the car's electronic system to hijack its steering and brake systems, while going at a much faster clip.
    Read More
  • Aug 4, 2016 | PC Mag

    Hacking Hue: Researchers Worm into the Internet of Things

    A presentation at this year's Black Hat conference in Nevada discusses a nightmare scenario: a digital worm spreading between Internet of Things and smart devices. Try to act natural, because your lightbulb might be watching you.
    Read More
  • Aug 4, 2016 | Wired

    At Black Hat, a Reminder That Decryption Can’t Be Legally Mandated

    WHAT KIND INFORMATION can the US legally demand that a company hand over? And under what circumstances? And which laws give the government and law enforcement those rights? Eh, it’s not currently very clear, as was recently proven by the Apple/FBI battle over unlocking one of the San Bernardino shooters’ iPhones and the death of secure email service Lavabit after its founder refused to produce its Secure Sockets Layer (SSL) private keys for an FBI probe.
    Read More
  • Aug 4, 2016 | TechCrunch

    The four cybersecurity terms everyone is talking about at Black Hat

    As the saying goes, knowledge is power. And when it comes to cybersecurity knowledge, every year thousands descend on Las Vegas for the Black Hat conference to acquire as much of it as they can. For some, it’s an opportunity to share research and to demonstrate the fragility of computing systems. For others, it’s a chance to show off new tools and technologies to defend against threats.
    Read More
  • Aug 4, 2016 | Golem.de

    Timing and compression attack on TLS

    Two researchers at the University of Leuven have on the security conference Black Hat in Las Vegas a new attack against HTTPS encrypted Web pages called HEIST presented (HTTP Encrypted information can be Stolen through TCP windows). This combines a timing attack using with known weaknesses of TLS in combination with compressed data.
    Read More
  • Aug 4, 2016 | El Pais

    ATM, target of attacks

    More than 10 years ago in Europe and Canada credit cards included a chip and not just a magnetic strip. This component that a combination of four numbers sum, the popular PIN, serves as a double safety factor to prevent theft. Two members of the company Rapid7, specializing in security, have demonstrated their weakness at Black Hat, the more relevant hacker conference taking place this week in Las Vegas.
    Read More
  • Aug 4, 2016 | CNN

    New security flaw in credit card chip system revealed

    Computer security researchers at the payment technology company NCR demonstrated how credit card thieves can rewrite the magnetic stripe code to make it appear like a chipless card again. This allows them to keep counterfeiting -- just like they did before the nationwide switch to chip cards.They presented their findings at the Black Hat computer security conference on Wednesday.
    Read More
  • Aug 4, 2016 | Internet News

    Black Hat: Google Project Zero Researcher Details the Year in Flash Flaws #BHUSA

    Few people have ever found as many bugs in Adobe's Flash as Google Project Zero security researcher Natalie Silvanovich. In a session at the Black Hat USA conference here Silvanovich detailed the year in Flash bugs and what a year it has been.
    Read More
  • Aug 4, 2016 | PC Mag

    Smart Bots Create Phishing Messages to Slide into Your Mentions

    To a smart attacker, Twitter and other social networks are veritable cornucopias of personal information being broadcast for the world to see. Scammers are already employing them for so-called "open source information gathering," but the researchers at this year's Black Hat conference felt that they could do better. They created a machine-learning model that creates highly clickable spear phishing links for Twitter.
    Read More
  • Aug 4, 2016 | Network World

    Getting hackers to notice you

    Attendees mill about the Black Hat 2016 trade show floor seeking tools they need to do their work. See how vendors make every effort to have them stop by.
    Read More
  • Aug 4, 2016 | Enterprise Networking Planet

    Black Hat: Kaminsky Talks DNS

    At the Black Hat USA conference here, Kaminsky answered a few questions about the current state of DNS as well as DNSSEC, which was originally seen in 2008 as being the long-term solution for DNS security.
    Read More
  • Aug 4, 2016 | SC Magazine

    HEIST attack on SSL/TLS can grab personal info, Black Hat

    The exploit of the HTTPS cryptographic scheme dupes end-users by hiding a file in a web ad or directly on a webpage. The attack, named HEIST by its developers, Mathy Vanhoef and Tom Van Goethem, doctoral candidates at the University of Leuven in Belgium, enables the exploit of flaws in network protocols without having to sniff actual traffic. The two presented their findings [pdf] at Black Hat on Wednesday.
    Read More
  • Aug 4, 2016 | SC Magazine

    Black Hat Las Vegas: MasterCard workers go "phishing" for malware

    With the ever increasing amounts of ransomware and general spam pouring into all companies, Green told SCMagazine.com in an exclusive interview at Black Hat that MasterCard wanted to come up with a way to not only spot the malware, but make everyone feel as if they are playing an important role in keeping the company safe.
    Read More
  • Aug 4, 2016 | Passcode

    Hackers grapple with a once-unthinkable idea: Political action

    http://www.csmonitor.com/World/Passcode/Security-culture/2016/0804/Hackers-grapple-with-a-once-unthinkable-idea-Political-action
    Read More
  • Aug 4, 2016 | ZDNet

    Severe vulnerabilities discovered in HTTP/2 protocol

    On Wednesday at Black Hat USA, cybersecurity firm Imperva released new research into a number of high-profile flaws found within the latest version of HTTP, HTTP/2, which underpins the worldwide web's underlying protocols and communication systems.
    Read More
  • Aug 4, 2016 | PC Mag

    Teaching Machines to Hunt for Hackers, Sing Taylor Swift

    At this year's Black Hat conference here, Cylance Senior Researcher Brian Wallace and Data Scientist Xuan Zhao walked attendees through some simply applications that could take the grunt work out of cyber security and, perhaps, generate new discoveries. They also generated a Taylor Swift song, but more on that later.
    Read More
  • Aug 4, 2016 | The Register

    Top infosec top bods praise and damn in Pwnie Awards

    Black Hat It’s Black Hat time and that means the Pwnie Awards ceremony, honoring the highlights and bottom feeders of the IT security industry. The ceremony - which hands out gold and technicolored toy ponies that would make a brony salivate - was held on Wednesday night at the Black Hat convention in Las Vegas. The judges that included Dark Tangent (aka the show’s founder Jeff Moss), HD Moore, car hackers Charlie Miller and Chris Valasek, and Dino Dai Zovi.
    Read More
  • Aug 4, 2016 | Computer Weekly

    Context warns of VoIP wars at Black Hat USA

    A lack of understanding of modern VoIP and unified communications security opens many service providers and businesses to cyber attack, a Context IS researcher warns at Black Hat USA
    Read More
  • Aug 4, 2016 | Computer Weekly

    Context warns of VoIP wars at Black Hat USA

    A lack of understanding of modern VoIP and unified communications security opens many service providers and businesses to cyber attack, a Context IS researcher warns at Black Hat USA
    Read More
  • Aug 4, 2016 | RT News

    Chip-and-PIN credit cards hacked easily, Black Hat conference proves

    The new credit card with a chip in it in your wallet ‒ touted as being less vulnerable than the old magnetic swipe version ‒ isn’t as safe as you think. Hackers at Black Hat proved once again the chip-and-PIN cards are not as impenetrable as they seem.
    Read More
  • Aug 4, 2016 | Infosecurity Magazine

    #BHUSA Dropped USB Experiment Detailed

    Earlier this year, a whitepaper was released which revealed the results of an experiment where malicious USB sticks were dropped around the campus of the University of Illinois. Working with researcher Elie Bursztein, the test gained further exposure this week at the Black Hat Conference in Las Vegas, with Bursztein declaring that they had been able to drop the USBs and it was “job done”.
    Read More
  • Aug 4, 2016 | PC Mag

    Hey Dummy, Drop That USB Drive

    n theory, hackers could break into a company by leaving a lot of USB drives for employees to find; surely at least one will be daft enough to plug it in. Elie Bursztein, anti-fraud and abuse research lead at Google, wondered if this would really work, so he put it to the test. At the Black Hat conference in Las Vegas, he reported on what he learned, and proceeded to instruct attendees on the creation of a USB drive that can pwn any Windows, OS/X, or Linux device in seconds.
    Read More
  • Aug 4, 2016 | Threatpost

    Never Trust a Found USB Drive, Black Hat Demo Shows Why

    At Black Hat USA, security researcher Elie Bursztein shared the results of an experiment where he dropped 297 USB drives with phone-home capabilities on the University of Illinois Urbana-Champaign campus. He also explained how an attacker might program and camouflage a malicious USB drive outfitted with a Teensy development board to take over a target’s computer within seconds after plugging the drive in.
    Read More
  • Aug 4, 2016 | VICE Motherboard

    How Drones Could Help Hackers Shut Down Power Plants

    When hackers took down the power grid in parts of Ukraine last year, local authorities sent operators to manually switch on power, coordinating the recovery efforts via cellphone. But what if the attackers could jam the cellphone network—perhaps using drones? That’s the hypothetical, though realistic, scenario that a security researcher posited on Wednesday during a presentation at the Black Hat security conference in Las Vegas. In the future, warned researcher Jeff Melrose, drones will be used to support and amplify cyberattacks against critical infrastructure.
    Read More
  • Aug 4, 2016 | Network World

    Black Hat: Quick look at hot issues

    Black Hat includes a variety of security topics from how USB drives are a menace and how drones are fast becoming a threat you need to pay attention to and much more. Here we take a look at just a few of the hot topics presented at the conference.
    Read More
  • Aug 4, 2016 | PC Mag

    A Peek Inside the Black Hat Network Operations Center

    Every year, the Black Hat conference presents two days of briefings that reveal amazing discoveries in the security realm. Those briefings are preceded by several days of trainings—hands-on classrooms teaching all aspects of hardware, software, and network hacking (and protection against hacking).
    Read More
  • Aug 4, 2016 | Network World

    Black Hat: ATM spits out cash after chip and pin hack

    Black Hat USA attendees who watched an ATM spit out hundreds of dollars might tend to agree. The demonstration was part of Hacking Next-Gen ATMs: From Capture to Washout, which was presented by Rapid7’s Weston Hecker. The abstract of his talk said the system he devised could “cash out around $20,000/$50,000 in 15 minutes.”
    Read More
  • Aug 4, 2016 | Network World

    Black Hat: How to make and deploy malicious USB keys

    USB keys were famously used as part of the Stuxnet attack on the Iranian nuclear program and for good reason: it’s got a high rate of effectiveness, according to a researcher at Black Hat 2016.
    Read More
  • Aug 4, 2016 | Investor's Business Daily

    Black Hat 2016: Drone Attacks, Ukraine's Digital War, Apple Domination

    The speed limit of a Terminator is 25 miles per hour, quipped Jeff Melrose, principal technology strategist for Yokogawa US, on Wednesday. And the U.S. Federal Aviation Administration just ruled it illegal to shoot down a drone.
    Read More
  • Aug 4, 2016 | PC Mag

    Black Hat Demo Cracks Chip-and-PIN

    The Black Hat session began very boldly. Nir Valtman, Head of Application Security for NCR Corporation, and his colleague, Application Security Architect Patrick Watson, promised to bypass chip and PIN, and they delivered.
    Read More
  • Aug 4, 2016 | Threatpost

    Miller, Valasek Deliver Final Car Hacking Talk

    Charlie Miller and Chris Valasek figuratively drove off into the sunset today at Black Hat, hanging up their car hacking exploits for good and leaving behind a pioneering legacy that elevated this type of research into the mainstream.
    Read More
  • Aug 4, 2016 | eWeek

    Black Hat: Car Hackers Find New Flaws

    For the third year in a row, security researchers Charlie Miller and Chris Valasek gave a talk at the Black Hat USA conference here about car hacking. Despite the high-profile recall of 1.4 million cars in 2015 after their talk, there are still risks in vehicles that can enable an attacker to take control of steering and brakes.
    Read More
  • Aug 4, 2016 | Investors Business Daily

    Black Hat 2016: Jeep Cherokee Hacking Tops 2015 'Parlor Tricks'

    Miller and Valasek, researchers at the Uber Advanced Technologies Center, returned Thursday to the Black Hat cybersecurity conference in Las Vegas, expanding on research that allowed them to perform "parlor tricks" on a Jeep Cherokee in 2015.
    Read More
  • Aug 4, 2016 | CNET

    Black Hat volunteers fight to keep hacking mayhem at bay

    Welcome to the NOC, or the network operations center, of Black Hat, an annual conference in Las Vegas where cybersecurity researchers gather to trade hacking secrets. The purpose of the conference, in theory, is to get better at stopping bad guys. But in practice, that means learning to think like a skilled hacker as new techniques are presented and taught.
    Read More
  • Aug 4, 2016 | SDxCentral

    How Hackable Is the Philips Smart Bulb?

    The Philips Hue is a light bulb that connects to an Ethernet network. So you know there’s got to be a way to hack it. Granted, light bulbs aren’t as ominous as, say, nuclear weapons. But what could you do if you loaded malicious firmware onto a smart bulb? Could you unleash a worm that jumps from bulb to bulb? Could this be a conduit for hacking into the network?
    Read More
  • Aug 4, 2016 | SDxCentral

    Maybe Security Isn’t Just a ‘Human Stupidity’ Problem

    One easy way to explain IT security problems is to say it’s all Layer 8 — that is, the root cause is human stupidity, and networks would be more secure if people would just follow instructions. Jelle Niemantsverdriet believes that’s not correct.
    Read More
  • Aug 4, 2016 | AP

    Jeep Hackers Back at Black Hat With New and Scarier Method

    Charlie Miller and Chris Valasek grabbed headlines last year by showing how they could kill a Jeep's engine while it was traveling down a highway. At the Black Hat hacker conference on Thursday the pair demonstrated how they could again take control of the Jeep Cherokee, this time by sending false messages to its internal network.
    Read More
  • Aug 4, 2016 | New York Times

    Apple Will Pay a ‘Bug Bounty’ to Hackers Who Report Flaws

    At the Black Hat hacking conference, Apple announced a list of vulnerabilities that would command big bounties, including $25,000 for ways around Apple’s digital compartments and into its customers’ data, $50,000 for bugs that give hackers a way into iCloud data, and $200,000 to turn over critical vulnerabilities in Apple’s firmware — the software that lies closest to the bare metal of the machine.
    Read More
  • Aug 4, 2016 | The Cipher Brief

    Black Hat Day 1: Threats Big and Small

    So what else is buzzing among the cybersecurity professionals at Black Hat? Across all the conversations I had today, two concerns emerged again and again: ransomware and insider threats. Ransomware is a type of malware that encrypts information or stops a device from working until a ransom is paid, usually using Bitcoin in order to preserve the anonymity of the attacker. An “insider threat” is a person within an organization who, through malice or negligence, causes damage to the organization’s networks or data.
    Read More
  • Aug 4, 2016 | NOS

    Hackers from around the world gathered in Las Vegas

    When you think of Las Vegas, thinks more likely to gamble than to hack. Yet gather here this week thousands of hackers for two major conferences: Black Hat and Def Con . There will subsequently 12,000 and 20,000 visitors away.
    Read More
  • Aug 4, 2016 | Motherboard VICE

    How Drones Could Help Hackers Shut Down Power Plants

    That’s the hypothetical, though realistic, scenario that a security researcher posited on Wednesday during a presentation at the Black Hat security conference in Las Vegas. In the future, warned researcher Jeff Melrose, drones will be used to support and amplify cyberattacks against critical infrastructure.
    Read More
  • Aug 4, 2016 | Help Net Security

    Why VoIP security is crucial for organizations

    With more organizations turning to VoIP (Voice over Internet Protocol) and cloud-based Unified Communications (UC) systems to underpin their commercial services and corporate communications, IT response and security testing teams are struggling to keep pace with the VoIP attack surface and growing number of threats in the wild, according to Fatih Ozavci from Context Information Security, speaking at the Black Hat USA 2016 on Thursday.
    Read More
  • Aug 4, 2016 | SC Magazine

    Black Hat Las Vegas: Point-of-sale experts bypass security measures in popular PIN pad, including EMV protections

    After physically demonstrating how to hijack retail point-of-sale transactions – including those using EMV-standard chip cards – two security experts from NCR Corporation offered attendees at Black Hat critical tips on preventing such incidents in real life.
    Read More
  • Aug 4, 2016 | Threatpost

    Researchers Bypass Chip-and-Pin Protections at Black Hat

    Nir Valtman and Patrick Watson, researchers with NCR Corporation, staged a series of malicious transactions in a talk here at Black Hat on Wednesday, demonstrating how they could capture Track 2 data and bypass chip and pin protections.
    Read More
  • Aug 4, 2016 | NPR

    Cybersecurity Conference Includes 'Hackers For Hillary' Fundraiser

    A Hillary Clinton fundraiser will take place at BlackHat in Las Vegas. Cybersecurity experts there say they support her over Donald Trump despite all the controversy over her email server.
    Read More
  • Aug 4, 2016 | CBS News

    Hackers reveal their cybersecurity secrets at Black Hat summit

    Heavy metal and hackers - it's a pair only Sin City could bring together. At the 19th annual Black Hat conference, an expected 11,000 hackers from 108 countries are trying to solve the cybersecurity problems of the future, reports CBS News correspondent Mireya Villarreal.
    Read More
  • Aug 4, 2016 | PC Mag

    Drones: A Hacker's New Favorite Toy?

    The best way to keep data safe is to keep it away from the Internet. This is what's called an "air gap," and it's considered the most practical and effective means to keep hackers out. But the wide availability of drones makes jumping the air gap easier than ever, as Yokogawa Senior Prinicpal Tech Specialist Jeff Melrose explained at this year's Black Hat conference.
    Read More
  • Aug 4, 2016 | RT News

    From Black Hat hacking to the shores of Tripoli

    Simone Del Rosario presents a special report on the hacker convention in Las Vegas.
    Read More
  • Aug 3, 2016 | eSecurity Planet

    The Black Hat Kaminsky DNS Flaw: Eight Years Later

    In the summer of 2008, my Black Hat USA experience was dominated by a single topic, from a single speaker, Dan Kaminsky and his big DNS flaw. On July 8, 2008, Kaminsky made a big splash announcing that he had found a huge flaw in the internet and that he had brought together the world's IT vendors to help fix the flaw.
    Read More
  • Aug 3, 2016 | The Register

    Forget card skimmers, chip-card shimmers will be your next nightmare

    At the Black Hat 2016 security conference in Las Vegas this week, engineers from Rapid7 demonstrated how a few small pieces of electronics could be used to stage a man-in-the-middle attack against an ATM.
    Read More
  • Aug 3, 2016 | eWeek

    Beware of the Airbnb WiFi Risks: Black Hat

    A common feature of most Airbnb rentals is WiFi access, but providing that connectivity might well come with risks for both the person providing the space and the guest, according to a Black Hat USA talk scheduled for Aug. 4 in Las Vegas.
    Read More
  • Aug 3, 2016 | Infosecurity Magazine

    #BHUSA: Apple "Winning" at Mobile Security

    Android’s version fragmentation puts Apple ahead in the mobile device security race, claim researchers at Black Hat. In a session titled ‘Can you trust me now? An exploration into the mobile threat landscape’, Atredis Partner researchers Josh Thomas and Shawn Moyer set out to contextualise the rest of the Black Hat mobile track.
    Read More
  • Aug 3, 2016 | BBC

    Black Hat: Chip and pin hack spits out cash

    Researchers speaking at the Black Hat conference in Las Vegas demonstrated how small modifications to equipment would allow attackers to intercept the systems used to authorise payments.
    Read More
  • Aug 3, 2016 | Network World

    Hot products at Black Hat 2016


    Read More
  • Aug 3, 2016 | eWeek

    Windows 10 Credential Guard Risk Exposed at Black Hat

    Microsoft's Windows 10 includes many innovative security features that are intended to help minimize risk and improve user experience. One such feature is Credential Guard, which aims to protect users against attacks. However, according to security firm Bromium, many risks remain.
    Read More
  • Aug 3, 2016 | Infosecurity Magazine

    #BHUSA Kaminsky Highlights Flaws of Leaderless Internet

    Delivering the opening keynote at Black Hat USA in Las Vegas, security researcher and chief scientist of White Ops Dan Kaminsky highlighted the challenges of what he called ‘this’ internet is facing, and why the likes of Minitel, AOL and AT&T (a company which he said is the equivalent of a kid putting on their Dad’s coat) had failed to deliver a lasting solution.
    Read More
  • Aug 3, 2016 | Threatpost

    Fixing 'This Internet' Before It Breaks Again

    There is no guarantee that the internet will succeed. And if we aren’t careful we can really screw it up. It has happened before and we can do it again. The warning comes from technologist Dan Kaminsky who says there is a need to treat the internet similarly to the way the National Institutes of Health is devoted to medical research. Kaminsky, who was delivering the keynote to over 6,000 Black Hat USA 2016 attendees, said problems that need to be addressed within the security community are political, technical and how the security community collaborates.
    Read More
  • Aug 3, 2016 | Dark Reading

    Kaminsky Creates Prototype To Lock Out Attackers

    Security guru Dan Kaminsky is calling for the security industry to embrace the “isolation” architecture of virtual machine and cloud technology as a way to protect online data and end users. Kaminsky, who delivered the keynote address here and detailed his prototype IronFrame browser and a new firewalling technology Autoclave, says the security industry has an opportunity to better secure the Internet.
    Read More
  • Aug 3, 2016 | FedScoop

    Dan Kaminsky's plan to make a better internet

    During his keynote at the Black Hat security conference Wednesday, the chief scientist for White Ops Security called on researchers, engineers and lawmakers to rethink what is possible with the internet and work toward making things work simpler and more secure at the same time.
    Read More
  • Aug 3, 2016 | The Register

    Kaminsky: The internet is germ-ridden and it's time to sterilize it

    Black Hat Dan Kaminsky, the savior of DNS and chief scientist for White Ops, has used the opening keynote of Black Hat 2016 to outline three technologies he has been working on that could make working online a lot safer – if they are adopted.
    Read More
  • Aug 3, 2016 | eWeek

    Kaminsky Warns Black Hat Audience of Risks to the Internet

    During his Black Hat keynote, Dan Kaminsky outlines a litany of risks to the continued functioning of the modern internet and identifies the keys for moving it forward.
    Read More
  • Aug 3, 2016 | CRN

    Black Hat 2016: We Need To Step Up Our Security Or Risk Losing The Internet As We Know It

    There’s something wrong, big time, with privacy and security around the Internet, and the security industry needs to step up or risk losing it altogether, Dan Kaminsky, chief scientist and founder of White Ops, said in a keynote speech Wednesday at Black Hat 2016 in Las Vegas.
    Read More
  • Aug 3, 2016 | Network World

    Black Hat: Kaminsky says Trump is a troll.

    Donald Trump is a troll looking to say whatever will stir up the most people, according to security expert Dan Kaminsky who delivered the keynote at Black Hat today.
    Read More
  • Aug 3, 2016 | TechTarget

    Black Hat 2016 keynote: We need sharing, not competition, in security

    Black Hat 2016 keynote speaker Dan Kaminsky called for more information sharing and in security and more long-term public work in the cybersecurity space.
    Read More
  • Aug 3, 2016 | Network World

    Black Hat: Be wary of HTTP/2 on Web servers

    Researchers at Black Hat describe finding four flaws – now fixed - in the way the major server vendors implemented HTTP/2, but warn that the year-old Web protocol remains fertile ground for hackers seeking weaknesses in the way it’s rolled out.
    Read More
  • Aug 3, 2016 | eWeek

    How Dangerous Is the Black Hat Network Operations Center?

    In a dark room on a busy floor at the Mandalay Bay Hotel here sits the Black Hat Network Operations Center (NOC), which could well be one of the most hostile environments many IT people will ever see.
    Read More
  • Aug 3, 2016 | Network World

    Black Hat: Kaspersky is seeking white hats

    Kaspersky Lab is using Black Hat’s hacker-rich environment as the launch pad for its first bug-bounty program that seeks talent to hack the company’s anti-malware software.
    Read More
  • Aug 3, 2016 | Investor's Business Daily

    Black Hat 2016: Apple iPhone Updates Drub Android Counterparts

    Apple (AAPL) iPhones are drubbing their Android counterparts on the mobile security front, say Atredis Partners founders Shawn Moyer and Josh Thomas. But Apple's dominance isn't necessarily tied to a more potent security posture.
    Read More
  • Aug 3, 2016 | News 3 Las Vegas

    Cyber security a spotlight at Black Hat convention

    It's grown to become one of the premiere cyber security conventions around the world. The Black Hat conference has the reputation as a hacker convention but for those attending it's really about protecting your information from the bad guys.
    Read More
  • Aug 3, 2016 | AP

    Highlights From the Black Hat Hacker Conference

    Thousands of hackers and other cybersecurity professionals converged on Las Vegas on Wednesday for the annual Black Hat conference. Here are some highlights of the day's events.
    Read More
  • Aug 3, 2016 | SDxCentral

    Black Hat: 5 Ways to Avoid Losing the Internet We Love

    Kaminsky, a well known security researcher, chief scientist at White Ops, and frequent speaker at the Black Hat conference, opened this year’s Black Hat with a kinetic and often rambling talk, peppered with random bits of prickly, amusing opinion.
    Read More
  • Aug 3, 2016 | Dark Reading

    Researchers Show How To Steal Payment Card Data From PIN Pads

    The manner in which many PIN pads used by consumers to pay for purchases and communicate with point-of-sale systems make it very easy for attackers to steal payment card data, researchers warned here this week.
    Read More
  • Aug 3, 2016 | EE Times

    New Jeep Hack Proves Cars Still Exposed

    When automotive security researchers Charlie Miller and Chris Valasek take the stage Thursday morning (Aug. 4) at the Black Hat conference in Las Vegas, they will outline new methods of CAN message injection.
    Read More
  • Aug 3, 2016 | VOA

    US Cyber Pros: Hackers Could Hit Electronic Voting Machines Next

    Could they be hacked as well? Cyber security pros attending an annual Las Vegas conference known as Black Hat think so.
    Read More
  • Aug 3, 2016 | USA Today

    Solar panels, vacation Wi-Fi at risk for hacking

    The computer security industry's annual pilgrimage to Las Vegas this week for a trio of conferences will hash out the myriad, creepy ways criminals can breach our increasingly connected world. Among this year's talks: the possibility drones perched high up on buildings could link into unsecured networks, the ease even a bored teen-ager could take over an Airbnb rental’s Wi-Fi, ransomware used to hijack connected cars, and how a hacked roof-top solar array could destabilize an entire power grid.
    Read More
  • Aug 2, 2016 | The Register

    Black Hats control Jeep's steering, kill brakes

    Car hackers Charlie Miller and Chris Valasek have again hacked a 2014 Jeep Cherokee, this time by physically linking a laptop to commandeer its steering and kill the brakes. The duo have captured the hack to be presented at Black Hat Las Vegas this week in video proof-of-concept demonstrations.
    Read More
  • Aug 2, 2016 | Threatpost

    Threatpost Black Hat Preview, August 2, 2016

    Mike Mimoso, Tom Spring, and Chris Brook preview Black Hat 2016, including Ivan Krstic’s talk on Apple/iOS security, Dan Kaminsky’s keynote, IoT, PAC malware, and more.
    Read More
  • Aug 2, 2016 | Threatpost

    KASPERSKY LAB LAUNCHES BUG BOUNTY PROGRAM

    Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry.
    Read More
  • Aug 2, 2016 | Las Vegas Sun

    Platform security a hot topic at this week’s hacker conference

    With over 12,000 expected participants from more than 100 countries at this week’s Black Hat Briefings convention, one of the world’s premier hacker conferences is anticipating record numbers for its 19th year in Las Vegas.
    Read More
  • Aug 2, 2016 | CSO

    Black Hat basics: Ruminations on 19 years of Black Hat Briefings

    Las Vegas in August. Common sense might suggest those things go together about as well as wearing mohair in the Mojave. From a security perspective, however, it means making the annual pilgrimage to the land where what happens there stays there, to participate in the week-long activities surrounding one of the oldest standing (and best) security conferences: the Black Hat Briefings.
    Read More
  • Aug 2, 2016 | CRN

    16 Hot New Security Products Launched At Black Hat 2016

    The security industry turned out in force to Las Vegas this week to attend the annual Black Hat Conference. Vendors used the opportunity to showcase their latest and greatest technology releases.
    Read More
  • Aug 2, 2016 | Dark Reading

    Dark Reading Radio at Black Hat 2016: 2 Shows, 4 #BHUSA Presenters

    Even if you can't physically be at Black Hat USA 2016, Dark Reading offers a virtual alternative to engage with presenters about hot show topics and trends.
    Read More
  • Aug 2, 2016 | PC Mag

    What to Expect at Black Hat 2016

    Each Black Hat begins with a major keynote speech that sets the tone for conference and is an opportunity for a noted individual to bring important issues to the security community's attention. This year, the keynote will be given by security researcher Dan Kaminsky.
    Read More
  • Aug 2, 2016 | Wall Street Journal

    Black Hat to target Internet of Things

    When computer hackers and ­security pros gather for twin conferences in Las Vegas this week, the focus will be on risks related to the growing assortment of connected thermostats, smartwatches, cars and other devices that the tech industry calls the “Internet of Things”. The side-by-side conferences, known as Black Hat and Defcon, offer both a snapshot of the current state of computer security and an early peek at tomorrow’s cybersecurity problems.
    Read More
  • Aug 1, 2016 | eWeek

    Black Hat USA and DefCon: Finding Security Risks in All the Things

    No week in the information security calendar is quite like this one, with the annual Black Hat USA and DefCon security conferences descending on Las Vegas. The mythos of the two security conferences runs deep across more than two decades as the places where new research is revealed and zero-day exploits are announced, and the 2016 events are no exception.
    Read More
  • Aug 1, 2016 | Dark Reading

    This Time, Miller & Valasek Hack The Jeep At Speed

    Miller and Valasek, both security experts with Uber’s Advanced Technology Center, on Thursday here at Black Hat USA will present their latest car hacks, which basically build upon the work they demonstrated a year ago on how they could control the 2014 Jeep Cherokee’s electronic functions from afar.
    Read More
  • Aug 1, 2016 | Wired

    The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse

    At the Black Hat security conference later this week, automotive cybersecurity researchers Charlie Miller and Chris Valasek will present a new arsenal of attacks against the same 2014 Jeep Cherokee they hacked in 2015.
    Read More
  • Jul 31, 2016 | Wall Street Journal

    At Black Hat, the ‘Internet of Things’ Gets Put Through Its Paces

    When computer hackers and security pros gather for twin conferences in Las Vegas this week, the focus will be on risks related to the growing assortment of connected thermostats, smartwatches, cars and other devices that the tech industry calls the “internet of things.”
    Read More
  • Jul 30, 2016 | Dark Reading

    8 Bad Ass Tools Coming Out Of Black Hat

    Amid the parties, the deal making and the overall catching up between security compatriots at the annual Black Hat pow wow in Las Vegas every year, there's a body of seriously good work that comes out of the show. Beyond the big vulnerability revelations, some of the most lasting contributions to ongoing security research and protection work comes in the form of new open source tools released by presenters at the show.
    Read More
  • Jul 29, 2016 | CIO Australia

    Black Hat: 9 free security tools for defense & attacking

    When Black Hat convenes next week in Las Vegas, it will be a rich environment for gathering tools that can be used to tighten security but also - in the wrong hands - to carry out exploits.
    Read More
  • Jul 29, 2016 | ESG

    Squirrel! What to chase at Black Hat 2016

    And off you go. Which is to say creating a plan for Black Hat next week, be it which sessions to attend, what tech to look for, what trends to double-click on (never mind what parties to hit), can be challenging. With an attempt to keep some of the squirrels out of my peripheral vision, here a few of the ones I’ll be chasing next week at Black Hat 2016.
    Read More
  • Jul 28, 2016 | REUTERS

    A run down on Black Hat for security newbs

    Are you attending Black Hat for the first time this year? As you try to manage your schedule and prepare for a few days in the blazing Vegas heat, perhaps you are starting to feel a little overwhelmed. I find it's always beneficial to manage my expectations, so If you've never been, I can tell you that it's a little overwhelming upon arrival.
    Read More
  • Jul 28, 2016 | On The Wire

    Apple to Detail iOS 10 Security at Black Hat

    Apple, notoriously closed-mouthed about its security technology, plans to detail three new security features of the upcoming iOS 10 operating system at the Black Hat conference next week.
    Read More
  • Jul 28, 2016 | 9to5 Mac

    Apple’s security chief to go behind the scenes of iOS security during upcoming BlackHat USA 2016 briefing

    Apple is planning on discussing various aspects of iOS 10 security in “unprecedented detail” at the upcoming BlackHat USA 2016 security conference. Ivan Krstic, head of Apple Security Engineering and Architecture, will give a 50-minute briefing to discuss cryptographic design, the Secure Enclave found in Touch ID-enabled devices, and a new JIT hardening mechanism in iOS 10.
    Read More
  • Jul 28, 2016 | Motherboard

    The ‘Danger Drone’ Is a $500 Flying Hacker Laptop

    The two will demo the drone, including its rickrolling capabilities, at the upcoming Black Hat security conference in Las Vegas next week.
    Read More
  • Jul 28, 2016 | eWeek

    Danger Drone Penetration Testing Device to Take Flight at Black Hat

    Security firm Bishop Fox will show off its new drone that can conduct aerial penetration tests at the Black Hat USA conference.
    Read More
  • Jul 28, 2016 | Network World

    Bugs & Bugs: National Moth Week, PHP, Black Hat & more

    As my colleague Tim Greene, our resident IT security editor discusses, next week's Black Hat event in Las Vegas will be filled with intriguing presentations by white hat hackers sharing their latest exploits, including one involving Bluetooth Low Energy that could impact internet of things devices.
    Read More
  • Jul 28, 2016 | Network World

    Anticipating Black Hat

    The conference heads back to Vegas next week, with a big interest in anti-ransomware, endpoint security, security analytics, cloud and IoT security
    Read More
  • Jul 28, 2016 | CSO

    A run down on Black Hat for security newbs

    Are you attending Black Hat for the first time this year? As you try to manage your schedule and prepare for a few days in the blazing Vegas heat, perhaps you are starting to feel a little overwhelmed. I find it's always beneficial to manage my expectations, so If you've never been, I can tell you that it's a little overwhelming upon arrival.
    Read More
  • Jul 28, 2016 | Dark Reading

    How To Stay Safe On The Black Hat Network: ‘Don’t Connect To It’

    As one of the guys that’s kept the network running at Black Hat for the last 14 years, I’m often asked the same question, “How do I stay safe on the Black Hat network?” It’s a simple and straightforward question and I always respond with a simple and straightforward answer: “Don’t connect to it.”
    Read More
  • Jul 28, 2016 | Motherboard VICE

    The ‘Danger Drone’ Is a $500 Flying Hacker Laptop

    The two will demo the drone, including its rickrolling capabilities, at the upcoming Black Hat security conference in Las Vegas next week.
    Read More
  • Jul 27, 2016 | The Verge

    How a new breed of hack compromised 2,500 gambling sites at once

    Now, new details of the attack are surfacing thanks to work by security researchers Gaby Nakibly, Jaime Schcolnik and Yossi Rubin, which will be presented at the Black Hat conference next month.
    Read More
  • Jul 27, 2016 | Nevada Public Radio

    Black Hat Brings Hackers, Cybersecurity Experts To Las Vegas

    The episode should provide food for thought at the Black Hat cybersecurity conference, which brings together hackers and those who want to stop them.
    Read More
  • Jul 25, 2016 | Dark Reading

    10 Hottest Talks at Black Hat USA 2016

    The Black Hat USA 2016 Conference is fast approaching—bringing scores of new briefings to life. Created nearly 20 years ago, the conference provides InfoSec professionals with a place to gather and learn from the very best. Attendees can learn about the latest risks and trends in the information security world.
    Read More
  • Jul 21, 2016 | Network World

    At Black Hat: A free tool for spear phishing Twitter

    A spear phishing tool to automate the creation of phony tweets - complete with malicious URLs – with messages victims are likely to click on will be released at Black Hat by researchers from ZeroFOX.wrestler windows 10 luchador9 ways to bend Windows 10 to your willCustomize Windows 10 to your liking, not theirs.READ NOW
    Read More
  • Jul 19, 2016 | Security Brief NZ

    Black Hat survey reveals critical security concerns facing enterprises

    Black Hat has released the results of its 2016: The Rising Tide of Cybersecurity Concern report, revealing some critical concerns about the information security industry and emerging cyber risks faced by today’s enterprises.
    Read More
  • Jul 19, 2016 | Help Net Security

    Flawed code hooking engines open endpoints to compromise

    EnSilo didn’t share any details about the discovered vulnerabilities – the researchers will present them at Black Hat 2016 – but said that most of these could allow an attacker to easily bypass the operating system and third-party exploit mitigations, and the worst ones would allow him to remain undetected on the victim’s machine or to inject code into any process in the system.
    Read More
  • Jul 19, 2016 | Security Week

    Security Product Flaws Allow Attackers to Compromise Systems

    enSilo will provide additional details about the vulnerabilities on August 3 at the Black Hat conference in a presentation titled “Captain Hook: Pirating AVs to Bypass Exploit Mitigations.”
    Read More
  • Jul 19, 2016 | PC World

    Security software that uses 'code hooking' opens the door to hackers

    The researchers plan to release technical details of the vulnerabilities during the upcoming Black Hat security conference in Las Vegas in early August.
    Read More
  • Jul 18, 2016 | Morning News USA

    iOS 9.3.2 Jailbreak Rumors: Pangu Expected To Release Crack Before iOS 10 Launch Date, Possibly At Black Hat USA 2016

    As it is, everything lies in Pangu’s hands. It could happen at Black Hat USA 2016, which takes place in Las Vegas from July 30 to Aug. 4. But like most rumors, that is another speculation that adds to the iOS jailbreak wait woes.
    Read More
  • Jul 14, 2016 | SDxCentral

    Black Hat Attendees Worry about IoT Security — Just Not Right Now

    Last year’s survey — the first one Black Hat ever conducted, with 460 respondents — had a similar result, with only 7 percent citing IoT as a top current concern.
    Read More
  • Jul 13, 2016 | Dark Reading

    What I Expect to See At Black Hat 2016: 5 Themes

    Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Here's what piques my interest this year.
    Read More
  • Jul 13, 2016 | Dark Reading

    AirbnBreach: How Networks At Short-Term Rentals Are Wide Open To Attack

    Galloway's Black Hat talk, "AirBnBeware: Short Term Rentals, Long Term Pwnage," is on August 4.
    Read More
  • Jul 12, 2016 | Infosecurity Magazine

    Experts: UK Driverless Car Consultation Must Consider Hacker Threat

    That hack, demonstrated at Black Hat last year, enabled researchers Charlie Miller and Chris Valasek to move laterally inside the embedded computing systems of a 2014 Jeep Cherokee and modify key firmware to remotely control functions such as the steering and brakes.
    Read More
  • Jul 12, 2016 | Dark Reading

    Dark Reading Launches Best Of Black Hat Awards Program; Finalists Selected

    Dark Reading today is announcing the launch of a new annual awards program, the Best of Black Hat Awards, which recognizes innovative companies and business leaders on the conference’s exhibit floor.
    Read More
  • Jul 8, 2016 | Peerlyst

    Yet another diversity hiring panel, but when will decision makers wake up?

    With hacks and cyberattacks in the news daily, everyone's got an eye on our industry. Starting July 30 and running through August 4, everyone will watching the news for reports at cybersecurity conference Black Hat USA 2016.
    Read More
  • Jul 7, 2016 | Dark Reading

    Hacking A Penetration Tester

    McGrew over the past few years has been examining vulnerabilities and security weaknesses in penetration testing tools, processes, and practices, and will present his latest findings next month in Las Vegas at Black Hat USA.
    Read More
  • Jul 7, 2016 | Dark Reading

    NATO Ambassador: How The Ukraine Crisis Fits Cyber War Narrative

    Kenneth Geers previews his Black Hat talk and discusses the strategic military maneuvers governments can make within cyberspace.
    Read More
  • Jul 7, 2016 | Dark Reading

    Ripping Away The Mobile Security Blanket

    Upcoming Black Hat USA talk will highlight vulns in Good Technology platform and discuss the dangers of overreliance on enterprise mobility security suites.
    Read More
  • Jun 29, 2016 | Dark Reading

    The Newbie’s 'How To Survive Black Hat' Guide

    Preparing to attend your first Black Hat conference can feel a little daunting. Between its reputation for having the most hostile network in the world and a dizzying agenda of security’s best and brightest presenting their most newsworthy research, where do you even start? Here is a checklist to help prepare you to get the most out of the festivities.
    Read More
  • Jun 27, 2016 | Dark Reading

    Free 'CANSPY' Car-Hacking Tool On Tap

    The concept for the so-called CANSPY auditing tool for cars evolved out of vulnerability assessment work that Jonathan-Christofer Demay and Arnaud Lebrun were doing for a major European carmaker, which they declined to identify. Demay and Lebrun in August will release the tool’s firmware as well as demonstrate CANSPY at Black Hat USA in Las Vegas.
    Read More
  • Jun 15, 2016 | Dark Reading

    Windows 'BadTunnel' Attack Hijacks Network Traffic

    Microsoft this week issued a patch for the so-called “BadTunnel” bug found by Yang Yu, director of Xuanwu Lab of Tencent in Beijing. Yu will detail and demonstrate his findings on the Windows flaw in August at Black Hat USA in Las Vegas in his presentation BadTunnel: How Do I Get Big Brother Power?
    Read More
  • May 27, 2016 | The Register

    Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge?

    Kaveh Razavi, one of the Vrije Universiteit researchers, told El Reg: “The previously published Google exploit is very practical. What has not been shown to be practical so far is exploiting Rowhammer 'in the browser', which significantly increases its impact given that every internet user is now a potential target.”
    Read More
  • May 26, 2016 | Ars Technica

    Forbidden attack” makes dozens of HTTPS Visa sites vulnerable to tampering

    "This results in catastrophic failure of authenticity, even if a nonce is only re-used a single time and enables us to carry out a practical forgery attack against HTTPS," the researchers wrote in a paper titled Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. The research will also serve as the basis for a briefing scheduled in August at the Black Hat security conference in Las Vegas.
    Read More
  • Mar 31, 2016 | GCN

    SideStepper exploit targets iOS MDM security

    The vulnerability is called SideStepper, according to Check Point Software Technologies, which will demonstrate the vulnerability at Black Hat Asia April 1.
    Read More
  • Mar 31, 2016 | InformationWeek

    iOS SideStepper Vulnerability Undermines MDM Services: Check Point

    Security researchers from Check Point plan to disclose a flaw at the Black Hat Asia conference which they claim endangers the way mobile device management software interacts with iPhones and iPads.
    Read More
  • Mar 31, 2016 | CIO

    Hackers can abuse the iOS mobile device management protocol to deliver malware

    In a presentation at the Black Hat Asia security conference on Friday, researchers from Check Point Software Technologies will demonstrate that the communication between MDM products and iOS devices is susceptible to man-in-the-middle attacks and can be hijacked to install malware on non-jailbroken devices with little user interaction.
    Read More
  • Mar 31, 2016 | Threat Post

    SIDESTEPPER ALLOWS FOR MITM BETWEEN IOS DEVICES, MDM TOOLS

    Check Point, which is scheduled to present its findings Friday at Black Hat Asia, notified Apple last October.
    Read More
  • Mar 31, 2016 | Ars Technica

    Weakness in iOS enterprise hooks could let bad apps sneak in

    And new research by Check Point being presented at Black Hat Asia 2016 shows that even with security improvements in iOS 9, attackers can kick that backdoor in by hijacking the enterprise management connection.
    Read More
  • Mar 31, 2016 | Tom's Guide

    Company-Authorized iPhones May Be Vulnerable to Attack

    Apple iPhones and iPads running mobile-device-management (MDM) software may be vulnerable to attack, Israeli security firm Check Point plan to demonstrate tomorrow (April 1) at the Black Hat Asia security conference in Singapore.
    Read More
  • Mar 31, 2016 | Investors Business Daily

    Billions Of Apple iPhones May Be Vulnerable To Attack: Check Point

    Bllions of Apple (AAPL) iPhones and iPads could be exposed in an iOS 9 vulnerability, Check Point Software Technology (CHKP) researchers announced early Thursday, in preparation of presenting their findings at Singapore’s Black Hat Asia 2016 conference late Thursday U.S. time.
    Read More
  • Mar 31, 2016 | The Register

    Android's unpatched dead device jungle is good for security

    But Dai Zovi, who today spoke at the Black Hat Asia conference in Singapore, says this fragmented heterogenous ecosystem brings safety to the un-patched masses because exploiting dangerous vulnerabilities like Stagefright requires tailoring for each device make
    Read More
  • Mar 31, 2016 | ZDNet

    Black Hat Asia: Decentralise security, devalue cyberattacks

    With billions of Internet of Things (IoT) devices expected to be connected to the web by end-2016, a more appropriate tactic would be required to better combat potential attacks, said Dino Dai Zovi, mobile security lead at Square, during his keynote Thursday at Black Hat Asia 2016 held in Singapore.
    Read More
  • Mar 31, 2016 | The Register

    Unpatched stealthy iOS MDM hack spells ruin for Apple tech enterprises

    Black Hat Asia Enterprises the world over are at risk from a seamless new attack that allows the latest Apple devices to be quietly compromised in what researchers say requires a total overhaul of Cupertino's enterprise provisioning architecture for mobile device management.
    Read More
  • Mar 30, 2016 | Help Net Security

    How to get your talk accepted at Black Hat

    There’s a wealth of technical information security conferences all over the globe, but Black Hat USA is the only one that gathers so many of the world’s top researchers under the same roof at the same time. In fact, last year more than 11,000 people showed up in Las Vegas to network and attend 110 research-based briefings presented by more than 190 researchers.
    Read More
  • Nov 12, 2015 | SC Magazine UK

    Black Hat Amsterdam: Oil & Gas cyber-vulnerabilities

    There is no air gap between IT and OT – that was the key message for oil and gas sector CISOs coming out of the Black Hat Amsterdam talk by Alexander Polyakov and Mathieu Geli.
    Read More
  • Nov 12, 2015 | SC Magazine UK

    Black Hat Amsterdam: Oil & Gas cyber-vulnerabilities

    There is no air gap between IT and OT – that was the key message for oil and gas sector CISOs coming out of the Black Hat Amsterdam talk by Alexander Polyakov and Mathieu Geli.
    Read More
  • Nov 12, 2015 | Data Breach Today

    5 Secrets to Security Success

    If there was a self-help book for the information security community, the title might be: "What Got You Here Won't Get You There." Of course, that title has already been taken - it's the name of Marshall Goldsmith's 2007 business-focused, self-help bestseller - noted Haroon Meer, founder of South African applied research firm Thinkst, during his opening keynote at the Black Hat Europe 2015 briefings Nov. 12 in Amsterdam
    Read More
  • Nov 12, 2015 | InfoWorld

    Self-encrypting drives are hardly any better than software-based encryption

    Daniel Boteanu and Kevvie Fowler from KPMG Canada demonstrated three data recovery methods against laptops using SEDs at the Black Hat Europe security conference in Amsterdam Thursday.
    Read More
  • Nov 11, 2015 | BankInfoSecurity

    Black Hat Europe: Hot Sessions

    When temperatures plummet, the leaves turn to yellow and red, and a large number of hackers begin flocking to Amsterdam, you know it's time for the annual Black Hat Europe information security conference.
    Read More
  • Nov 10, 2015 | InformationWeek

    ORWL Aspires To Be A Secure PC

    Olivier Boireau, CEO of Design SHIFT, stopped by InformationWeek's San Francisco office last week to demonstrate ORWL (pronounced Orwell), a small, tamper-resistant computer scheduled to ship around May 2016. He visited in advance of a presentation at Black Hat Europe and a Kickstarter funding campaign planned for today.
    Read More
  • Nov 9, 2015 | Dark Reading

    Cybersecurity Skills Gap: Too Good To Be True For Job Seekers?

    New track at Black Hat Europe explores the special challenges of managing an information security career for both job hunters and job hirers.
    Read More
  • Nov 9, 2015 | Dark Reading

    New 4G LTE Hacks Punch Holes In Privacy

    Black Hat Europe researchers to demonstrate newly found flaws in 4G mobile that expose privacy and disrupt phone service.
    Read More
  • Nov 9, 2015 | Bloomberg

    It’s Way Too Easy to Hack the Hospital

    The Mayo Clinic had assembled an all-star team of about a dozen computer jocks, investigators from some of the biggest cybersecurity firms in the country, as well as the kind of hackers who draw crowds at conferences such as Black Hat and Def Con.
    Read More
  • Nov 4, 2015 | Dark Reading

    AndroBugs: A Framework For Android Vulnerability Scanning

    At Black Hat Europe next week, a researcher will present a framework he says is more systematic than the vulnerability scanners popping up on the market.
    Read More
  • Oct 28, 2015 | Dark Reading

    How Hackers Can Hack The Oil & Gas Industry Via ERP Systems

    Researchers at Black Hat Europe next month will demonstrate how SAP applications can be used as a stepping-stone to sabotage oil & gas processes.
    Read More
  • Oct 28, 2015 | VICE Motherboard

    This Next-Gen Stingray Uses Facebook and WhatsApp Messages to Track Users

    Researchers will demonstrate a Stingray capable of launching attacks on LTE networks at the t2 infosec conference in Helsinki on Friday, and later at Black Hat Europe.
    Read More
  • Oct 27, 2015 | The Register

    Europe seeks a few good geeks for hacking cars and homes

    More than a few of the presentations at this year's DEFCON and Black Hat security conferences focused on car hacking, which is this year's sexy topic for many.
    Read More
  • Oct 27, 2015 | WIRED

    Cars That Talk to Each Other Are Much Easier to Spy On

    Everyone around you can listen to that,” says Jonathan Petit, one of the authors of the study, which will be presented at the Black Hat Europe security conference next month and was first reported by IEEE Spectrum.
    Read More
  • Oct 21, 2015 | IEEE Spectrum

    Researchers Prove Connected Cars Can Be Tracked

    In a paper to be presented at the Black Hat Europe security conference in November, he describes being able to place a security vehicle within either the residential or the business zones of the campus with 78 percent accuracy, and even locate it on individual roads 40 percent of the time.
    Read More
  • Sep 10, 2015 | The Japan News

    Behind the Scenes / IoT devices vulnerable to cyber-attacks

    Every August, Las Vegas is home to two international conferences for hackers, Black Hat and DEF CON. This year, many warned of the vulnerability of the Internet of Things (IoT) (see below) and of potential exploitation of this system by cyberterrorists. By the Tokyo Olympics in 2020, it is estimated that there will be over 25 billion IoT devices worldwide. So what kind of threat does this present, and how are we to combat it?
    Read More
  • Sep 9, 2015 | ZDNet

    How to hack self-driving cars with a laser pointer

    In a paper due to be presented at Black Hat Europe in November, Petit says a simple $60 "off the shelf" setup including a laser pointer and pulse generator -- or Raspberry Pi, should you prefer -- is all that's needed to send self-driving car sensors haywire.
    Read More
  • Sep 7, 2015 | The Guardian

    Hackers can trick self-driving cars into taking evasive action

    In the paper, to be presented at November’s Black Hat Europe security conference, Petit describes a system built with off-the-shelf components including a Raspberry Pi or Arduino computer that can effectively spoof the car at a range of up to 100m.
    Read More
  • Sep 4, 2015 | IEEE Spectrum

    Researcher Hacks Self-driving Car Sensors

    In a paper written while he was a research fellow in the University of Cork’s Computer Security Group and due to be presented at the Black Hat Europe security conference in November, Petit describes a simple setup he designed using a low-power laser and a pulse generator.
    Read More
  • Sep 3, 2015 | CSO

    Black Hat survey reveals a disconnect between losses and security program focus

    The Black Hat study focused on the concerns of practitioners, including how they actually spent their times and the losses that they incurred.
    Read More
  • Aug 12, 2015 | Dark Reading

    FTC to Black Hat Attendees: Help Us Make Good Tech Policy

    Government needs the help of security, privacy, and technology communities to inform policymakers and politicians on technical topics, Ashkan Soltani, chief technologist at the Federal Trade Commission, told Black Hat attendees last week.
    Read More
  • Aug 12, 2015 | Gizmodo

    Paranoia made me a better computer user

    DEF CON is often regarded as the zany younger sibling of the Black Hat Briefings, an annual gathering of information security professionals. If Black Hat is the Super Bowl of hacker meet ups, however, DEF CON would be the scrappy, anything-goes tackle game without pads for the people who don’t want to buy the expensive tickets. Black Hat reminds you that hackers are out there; DEF CON insists that they’re coming to get you.
    Read More
  • Aug 12, 2015 | PC Magazine

    The 15 Scariest Things at Black Hat 2015

    During the first week of August, like-minded individuals converged on Las Vegas to celebrate their shared love of a future deeply imbued with technology and a society improved by science and rational thought. Those people were at the Star Trek convention. A few casinos away, a similar group of people gathered to talk about all the new and exciting ways to steal information and hack into systems. Those people were at Black Hat.
    Read More
  • Aug 12, 2015 | PCWorld

    Ten scary hacks I saw at Black Hat and DEF CON

    Security researchers and hackers gathered in Las Vegas over the past week to show off and learn about the latest vulnerabilities that affect devices and software that the world relies on every day. Black Hat and DEF CON, the world’s top security conferences, did not disappoint.
    Read More
  • Aug 12, 2015 | The Christian Science Monitor

    FTC: Bridging the divide between hackers and the ‘flip phone caucus’

    Ashkan Soltani, chief technologist of the Federal Trade Commission, and commissioner Terrell McSweeny spoke with Passcode while in Las Vegas for the Black Hat and DEF CON hacker conferences.
    Read More
  • Aug 11, 2015 | IT Business Edge

    Black Hat 2015: 5 Takeaways on Mobile App Security

    There was a wide spectrum of experts – from hackers to security communities – at the annual Black Hat conference in Las Vegas, concluding last week. The conference always provides a great perspective on the state of security today through technical briefings and hacking workshops, led by the premier minds in the field.
    Read More
  • Aug 11, 2015 | SC Magazine

    Black Hat 2015: Zero-Day found in old Intel Chips

    A researcher discovered a zero-day vulnerability inside Intel processors released between 1997 and 2010 that allows attackers to install deeply persistent rootkits, hardware modifications and system destruction, according to a release.
    Read More
  • Aug 11, 2015 | Federal Times

    Lesson from Black Hat: Cyber pros far from trusting feds

    "I'm from the government and I'm here to help," Alejandro Mayorkas, deputy secretary at the Department of Homeland Security, told hackers and cybersecurity professionals half ironically during a keynote at this year's Black Hat conference.
    Read More
  • Aug 11, 2015 | CRN

    10-Plus Hot New Security Products Launched At Black Hat 2015

    Security vendors took advantage of one of the biggest security conferences of the year to launch some of their hottest new security products. At Black Hat 2015, companies launched new mobile, cloud and endpoint security offerings and formed partnerships with their peers for joint solutions to address some of security's biggest challenges.
    Read More
  • Aug 11, 2015 | Slate

    When Fear of Being Hacked Takes Hold

    By the time I arrived at Defcon—Black Hat’s less mainstream sister conference, attended by die-hard hackers—I was keeping my devices completely off. The two conferences are known for being digitally dangerous. After all, the attendees are all cybersecurity professionals who thrive on the intellectual challenge of hacking. I had taken all of the usual precautions like withdrawing cash before I got to Vegas (so I wouldn't fall prey to compromised ATMs or credit card skimmers), avoiding Wi-Fi, and bringing a laptop that didn't have any personal data on it. I even remembered to put a Ninja Turtles band-aid over the webcam.
    Read More
  • Aug 11, 2015 | Network World

    Black Hat Boogie

    I spent all of last week in Las Vegas at Black Hat 2015. I used to pass on Black Hat but no longer – it is a great opportunity for getting into the cybersecurity weeds with the right people who can talk about evasion techniques, malware, threat actors, and vulnerabilities. Alternatively, RSA Security conference conversations tend to center on things like IPOs, market trends, and PowerPoint presentations.
    Read More
  • Aug 11, 2015 | The Register

    Ten years after the sellout, Black Hat is solidly corporate and that’s fine

    Each day's briefings include nine sessions every hour, from 0900 to 1800, so prior planning is essential. Jeff Moss still has the most influence on the keynote speaker however, and this year he picked a doozy – Jennifer Granick, director of civil liberties at the Stanford Center for Internet and Society.
    Read More
  • Aug 10, 2015 | ComputerWeekly.com

    BlackHat 2015: Industrial hacking - the untold story

    Hackers have been penetrating industrial control systems of utility companies on a large scale for extortion since at least 2006, she told visitors to BlackHat USA 2015 security conference in Las Vegas.
    Read More
  • Aug 10, 2015 | E&T

    Zigbee's wireless security flaws threatens IoT devices

    Speaking at the Black Hat USA conference in Las Vegas recently, Cognosec senior IS auditor Tobias Zillner named the principle security risks in ZigBee implementations, revealed which devices are affected by them and demonstrated practical exploitations of actual product vulnerabilities.
    Read More
  • Aug 10, 2015 | eWeek

    Black Hat Reveals Expanding Threat Landscape, Code Analytics Potential

    Black Hat 2015 showed that security technology is better, smarter and faster than ever before, but still one step or more behind the bad guys.
    Read More
  • Aug 10, 2015 | Computer Business Review

    Black Hat USA: Security response defines IoT survival or demise

    Security surrounding the IoT spectrum became the major keynote at this year's Black Hat conference in Las Vegas, US, last week.
    Read More
  • Aug 10, 2015 | Federal Times

    7 Quotes that Sum up Black Hat 2015

    Quotable lines from this year's cybersecurity conference.
    Read More
  • Aug 9, 2015 | Decrypted Tech

    With the trend of hacking Encryption,Certs and Keys; how do you really know who to trust?

    Have you ever lost your keys and had that moment of panic where you are not sure who might have them? This is not a good feeling. You do not know if someone has them and might use them to gain access to your things. This is the same feeling that should be running through the minds of every IT security professional right now when they think about their certificates and keys, but sadly this is just not happening. The reason that there is not more concern is that far too many even realize just how vulnerable they are.
    Read More
  • Aug 9, 2015 | Decrypted Tech

    Trustwave shows off an impressive copromise of RIG's admin servers at Black Hat 2015

    n addition to seeing more than a few products and ideas during Black Hat and DEF CON we also had the chance to see something really cool from the team at Trustwave. This was not a product, but a chance to see the back end of the command and control servers for a new and improved version of the RIG exploit kit. To say that what they showed was impressive is an understatement.
    Read More
  • Aug 8, 2015 | CBS News

    A look inside the hostile, helpful world of hacking conventions

    Shortly after lunch on Tuesday, James Cabe and Derek Manky, of cybersecurity company Fortinet, got a call from CenturyLink, an Internet service provider. Amazon had reported an attempted hack, and CenturyLink traced an unusual amount of web traffic aimed at the site back to the Mandalay Bay hotel in Las Vegas, which was hosting the Black Hat conference, an annual congregation of security professionals and professional hackers.
    Read More
  • Aug 7, 2015 | FOX News

    Top Internet lawyer warns Black Hat crowd that the free Internet is dying

    The annual Black Hat computer security conference in Las Vegas kicked off Wednesday with a keynote address from Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society.
    Read More
  • Aug 7, 2015 | Golem.de

    BGP attack risk TLS certificate system

    At the Black Hat security researchers have indicate a problem with TLS certification bodies: The test of who owns a domain, will take place over an unsecured network. This path is vulnerable - for example by means of the routing protocol BGP.
    Read More
  • Aug 7, 2015 | Golem.de

    miscalculation with large numbers

    In January OpenSSL released a security update , in which an error has been fixed in a mathematical function. In very rare cases, OpenSSL netted when trying to square a large number. This error in the function BN_sqr () was the occasion for Ralph-Philipp Weinmann to investigate potential vulnerabilities due to incorrect calculations in so-called Bignum functions. At the Black Hat conference in Las Vegas , he presented his results .
    Read More
  • Aug 7, 2015 | SC Magazine

    Black Hat 2015: USA Freedom Act sparks debate

    Mark Jaycox, legislative analyst at the Electronic Frontier Foundation (EFF) and Jamil Jafger, former Republican Chief Counsel and Senior Advisor, U.S. Senate Committee on Foreign Relations, squared off at Black Hat USA 2015 in a friendly, but sometime lively, debate on the recently passed USA Freedom Act.
    Read More
  • Aug 7, 2015 | Slate

    The Hip Trend of 2015 Is Designer Government Malware

    At the Black Hat conference this week, cybersecurity experts are owning the trend. They’re often the people who discover and publically disclose the malware, and once it’s out in the open, they’re the ones reverse-engineering it, picking it apart, and trying to figure out where it came from.
    Read More
  • Aug 7, 2015 | eWeek

    Black Hat, DefCon Put Car Hacking, Web Privacy on Center Stage

    For more than a decade at the Black Hat USA and DefCon security conferences, researchers have studied and hacked computing technology. At the 2015 events held here from Aug. 3 to 9, a key theme was the growing world of the Internet of things, particularly the connected car. A highlight of the Black Hat USA 2015 event was a session detailing how two researchers found flaws that led to the recall of 1.4 million Chrysler vehicles. DefCon housed a whole car hacking village, including real cars like the Tesla that attendees could touch and attempt to hack.
    Read More
  • Aug 7, 2015 | CRN

    15 Wackiest Sights And Signs From Black Hat USA 2015

    With massive marketing budgets and an often quirky sense of humor, security conferences are frequently full of weird and wacky sights and signs. Black Hat USA 2015 was no exception. From celebrity impersonators to magic tricks, video games and more, security vendors were pulling out all the stops to stand out from the rest.
    Read More
  • Aug 7, 2015 | The Christian Science Monitor

    OPM breach a shadow over Homeland Security's appeals to security pros

    The Deputy Homeland Security Secretary urged attendees of the Black Hat conference not to let the massive government breach foil plans for improving information sharing about cybersecurity threats between the private sector and the government.
    Read More
  • Aug 7, 2015 | BuzzFeed

    Abandon All Hope, Ye Who Log On Here

    It is easy to grow depressed at Black Hat, the annual gathering of security researchers, corporate information security officers, cybersecurity lawyers, government prosecutors, spooks, weirdos, and hackers in the hellish heat of Las Vegas in August.
    Read More
  • Aug 6, 2015 | Zeit Online

    Back to hacker origins

    Who dismantled modern technology in order to be able to understand the world and so is liable to prosecution. This hacking belongs promoted, says lawyer Jennifer Granick.
    Read More
  • Aug 6, 2015 | Golem.de

    Back to the hacker origins

    At the Black Hat sit this information elites in the audience, sometimes they are even on the stage. The conference is not exclusively but primarily to security companies and authorities, certainly also on law enforcement, intelligence agencies and their subcontractors. The Keynote two years ago about the then NSA director Keith Alexander was allowed to hold. Jennifer Granick belongs rather to the opposite side: As a lawyer, she has hackers as Aaron Swartz and Kevin Poulsen defended. Today, she is Director of Civil Liberties at the Stanford Center for Internet and Society .
    Read More
  • Aug 6, 2015 | Golem.de

    Eleven ways to take on an Android system

    At the Black Hat conference Joshua Drake explains the background to the Stagefright vulnerabilities. At least eleven different ways can an Android system attack According to his lecture. Progress is in the Android updates.
    Read More
  • Aug 6, 2015 | eWeek

    OPM Wins Pwnie for Most Epic Fail at Black Hat Awards Show

    The annual Pwnie Awards at the Black Hat USA conference here celebrate the best security vulnerabilities found by researchers and also ridicule the worst security responses. The Pwnies are a somewhat satirical event that doesn't take itself all that seriously, but it does represent a snapshot of the year that was in security.
    Read More
  • Aug 6, 2015 | The Washington Post

    OPM won a cybersecurity award. For ‘most epic FAIL.’

    The government agency was "honored" at The Pwnies, a comedic awards show held at the Black Hat USA cybersecurity conference, for breaches that exposed the personal information of tens of millions of current and former federal workers, including the fingerprints of more than a million people who applied for government background checks.
    Read More
  • Aug 6, 2015 | The Huffington Post

    Black Hat USA 2015: Hackers Explain How They Can Take Control Of Vehicles

    Ethical hackers Charlie Miller, a security researcher at Twitter, and Chris Valasek, director of vehicle security research at IOActive made news in 2013 after they took control of a Toyota Prius and a Ford Escape. While in control, the duo demonstrated how they could honk the horn, disable the brakes and control the steering wheel. But there was a catch: they needed to physically connect their computers to the vehicles.
    Read More
  • Aug 6, 2015 | ZDNet

    OPM wins Pwnie, Google on Android security, DoJ on CFAA: Black Hat 2015 roundup

    Black Hat USA is finishing up in Las Vegas. News from its 18th year includes nuclear nightmares, Department of Justice on computer crime and research, Google on the state of Android security and much more.
    Read More
  • Aug 6, 2015 | The Christian Science Monitor

    Jeep hackers: Only a dramatic stunt could force a Chrysler recall ( video)

    At this week’s Black Hat security conference, researchers Charlie Miller and Chris Valasek said hacking a reporter’s car on a highway – which some called needlessly reckless – was the only real way to effect change.
    Read More
  • Aug 6, 2015 | BBC News

    Apple Mac attacks 'trivial', claims security researcher

    Creating malicious software that can attack Apple Mac computers is "trivial", a leading security researcher has claimed.
    Read More
  • Aug 6, 2015 | Tom's Guide

    Mideast Hackers May Be Attacking US Gas Stations

    Fuel-level monitors of the sort used by many U.S. gas stations may be under attack by hackers in Iran and Syria, two researchers told attendees of the Black Hat security conference here yesterday (Aug. 5).
    Read More
  • Aug 6, 2015 | SC Magazine

    Black Hat 2015: Honeypots gather data on gas pump monitoring system attacks

    The researchers, Kyle Wilhoit and Stephen Hilt, presented their findings at a Wednesday session at Black Hat USA 2015 in Las Vegas. The duo said they were spurred to investigate after identifying an attack against the Guardian AST Monitoring System, which is deployed at gas stations to monitor the volume, temperature, water content and more of underground tanks at gas stations.
    Read More
  • Aug 6, 2015 | PCMag

    Hacker Turns Secure Computers Into Secret-Spewing Radios

    Modern technology relies on electricity for everything. But a researcher at Black Hat 2015 demonstrated how to turn electronic devices into secret radio transmitters, thanks to physics.
    Read More
  • Aug 6, 2015 | Ars Technica

    “Funtenna” software hack turns a laser printer into a covert radio

    The result of the work of his research team is Funtenna, a software exploit he demonstrated at Black Hat today that can turn a device with embedded computing power into a radio-based backchannel to broadcast data to an attacker without using Wi-Fi, Bluetooth, or other known (and monitored) wireless communications channels.
    Read More
  • Aug 6, 2015 | Motherboard

    Malware Hunter Finds Spyware Used Against Dead Argentine Prosecutor

    At the Black Hat security conference in Las Vegas on Wednesday, Marquis-Boire revealed he had personally analyzed a sample of the malware used to spy on Nisman, in a talk he gave alongside fellow malware hunter Marion Marschalek, who recently helped uncover the French malware Babar.
    Read More
  • Aug 6, 2015 | Motherboard

    Why Researchers Tricked Hackers into Attacking Fake Gas Pumps

    But a fake gas pump set up in DC received a denial of service attack lasting two days. Wilhoit and Hilt saw that the attack traced back to Syrian IP addresses previously associated with the Syrian Electronic Army, the researchers said during their talk at the Black Hat security conference in Las Vegas on Thursday.
    Read More
  • Aug 6, 2015 | Network World

    Black Hat 2015: IoT devices can become transmitters to steal data

    It’s possible to get a printer and other inexpensive network and Internet of Things devices to transmit radio signals that are detectable far enough away that they could be used to steal data from compromised networks, a researcher tells the Black Hat 2015 conference.
    Read More
  • Aug 6, 2015 | Dark Reading

    Jeep Hack 0Day: An Exposed Port

    Researchers at Black Hat USA gave details on how they were able to remotely hack and control a Jeep Cherokee.
    Read More
  • Aug 6, 2015 | eWeek

    Researchers Demo How They Hacked a Jeep Remotely: Black Hat

    Every year, there is always one marquee session at the Black Hat USA conference that captures the imagination of the public like no other. At this year's conference here, it was the remote car hacking attack, which led Fiat Chrysler Automobiles (FCA) to recall 1.4 million autos.
    Read More
  • Aug 6, 2015 | Network World

    Black Hat 2015: Hacker shows how to alter messages on satellite network

    Globalstar satellite transmissions used for tracking truck fleets and wilderness hikers can be hacked to alter messages being sent with possibly dire consequences for pilots, shipping lines, war correspondents and businesses that use the system to keep an eye on their remote assets.
    Read More
  • Aug 6, 2015 | Wall Street Journal

    Hackers Demonstrate How to Take Control of Cars

    Security experts demonstrated how they took over a Jeep Cherokee using just a laptop at the 2015 Black Hat security conference in Las Vegas.
    Read More
  • Aug 6, 2015 | BBC News

    Are hackers helping or harming us?

    Every week, almost every day, hackers are poking holes in the devices we carry, drive and use. Over the past couple of weeks the numbers and severity of the flaws these technical wizards have found have hit fever pitch.
    Read More
  • Aug 6, 2015 | ZDNet

    Dream of Internet freedom dying, Black Hat keynoter says

    Today the dream of Internet freedom is dying as the global network becomes more centralized, regulated and globalized, according to Jennifer Granick, who delivered the opening keynote Wednesday at the annual Black Hat USA Conference in Las Vegas.
    Read More
  • Aug 6, 2015 | USA Today

    The Internet could end up like TV

    Far from being a place of freedom, innovation and information, the Internet as we know it is dying, Stanford University's Jennifer Granick told a packed house at the Black Hat computer security conference.
    Read More
  • Aug 6, 2015 | Associated Press

    Black Hat Keynote Speaker Says Dream of Internet Freedom Is Dying

    The annual Black Hat computer security conference in Las Vegas kicked off Wednesday with a keynote address from Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society. Granick said that while the Internet needs to be reasonably safe in order to be functional, it's no longer the revolutionary place it was 20 years ago.
    Read More
  • Aug 6, 2015 | ABC News

    Reporter's Notebook: In Cyber Security, All Eyes on Car Hacking

    A few hundred people crowded into an expansive ballroom in Las Vegas are laughing and clapping at a joke I don't get. That happens a lot here.
    Read More
  • Aug 6, 2015 | Network World

    Black Hat: Hackers urged to protect Internet freedom

    Security researchers need to fight for the rights to study, modify and reverse engineer Internet hardware and software or the general population risks losing Internet freedom, the Black Hat 2015 conference was told.
    Read More
  • Aug 6, 2015 | The Christian Science Monitor

    Jeep hackers: Only a dramatic stunt could force a Chrysler recall

    But the researchers say the shock value of their demonstration – and added publicity of the Black Hat and DEF CON hacker conferences taking place this week in Las Vegas – was the reason they raised enough awareness of the security weaknesses to spur Fiat Chrysler Automobiles and Sprint Corp. to fix the problem affecting potentially 1.4 million cars and trucks.
    Read More
  • Aug 5, 2015 | News3LV

    Hackers gather in Las Vegas for 2015 Black Hat USA

    It’s Black Hat 2015, a collection of thousands of the smartest people in computing, security and the internet.
    Read More
  • Aug 5, 2015 | CRN

    Black Hat 2015: 10 Security Threats To Watch

    In presentations at the Black Hat 2015 conference, demonstrations showed how the rise of the Internet of Things, connected devices, new mobile technologies and other developments have opened up the door to more threats than ever before.
    Read More
  • Aug 5, 2015 | PCMag

    Hacked Cars, Rifles, and More: What to Expect at Black Hat 2015

    With data breaches part of the typical news cycle and Edward Snowden now a household name, the general public has a deep interest in digital security. And the biggest show for offensive security is Black Hat, the conference that sees hackers rubbing elbows with industry and government figures to show off the latest hacks, attacks, and vulnerabilities.
    Read More
  • Aug 5, 2015 | Las Vegas Review-Journal

    Security experts detail Jeep hacking at Black Hat conference

    With both Wi-Fi and cellular access vulnerabilities in the 2014 Jeep Cherokee's internal computer system, hacking the car and changing everything from its radio volume to speed could be done in a matter of seconds, speakers at this week's Black Hat conference in Las Vegas said.
    Read More
  • Aug 5, 2015 | Slate

    A Printer That Sings Your Data for Hackers to Hear

    At the Black Hat cybersecurity conference Wednesday, researcher Ang Cui is presenting this “Funtenna” project, which is a proof of concept that an attacker who has compromised an embedded device like a printer can manipulate its hardware through software alone to transmit data over audible sound waves or even the radio spectrum.
    Read More
  • Aug 5, 2015 | Slate

    Is Internet Freedom Dying?

    At the Black Hat cybersecurity conference on Wednesday, keynote speaker Jennifer Granick had a depressing refrain: “This dream of Internet freedom is dying.” Granick is the director of civil liberties at the Stanford Center for Internet and Society and a defense lawyer often referred to as “the first person that hackers call” when they’re in trouble. And at Black Hat, she was trying to share a reality check with a room full of cybersecurity professionals.
    Read More
  • Aug 5, 2015 | Decrypted Tech

    Alien Vault is bringing threat intel to the masses with their latest version of Open Threat Exchange

    One of the truths in security is that while an attacker can stay hidden they can continue to operate. In short, if you do not know about something, there is nothing you can do. Now you would think that this fact would encourage firms to talk about breaches and hacks more openly, but this is still not the case. One of the things I have seen over the years is that every company operates as an island. They do not share threat information (they might share your private data, but not threat information). This has created an environment where threat actors can continue to maintain attacks even after discovery at a different It is also why we tend to see the same threat vectors used over and over again.
    Read More
  • Aug 5, 2015 | CSO

    Black Hat 2015: Salted Hash live blog (Day 1)

    Black Hat 2015 is underway, and the corporate side of hacking has taken center stage. There are plenty of hot topics this year, but the mess at the OPM is something that is still generating buzz months after the fact.
    Read More
  • Aug 5, 2015 | Infosecurity Magazine

    #BlackHat: Smartwatches Present Varying Security Risks

    Consumers are purchasing smartwatches to pair with their mobile devices to track health information, but also to access corporate email, calendar, contacts and corporate apps. This can present a risk to enterprise data leading to possible data loss, but to what extent?
    Read More
  • Aug 5, 2015 | Dark Reading

    Iranian, Syrian Hackers Hit 'Gas Gauges'

    Researchers who planted honeypots posing as gas gauge monitoring systems in the US, Brazil, United Kingdom, Germany, Jordan, Russia, and the United Arab Emirates, say their phony systems were DDoS'ed, defaced, and queried for information by infamous hacktivist groups from Iran and Syria.
    Read More
  • Aug 5, 2015 | SC Magazine

    Black Hat 2015: Mac OS X malware is mediocre, but could be better

    In a jam-packed Wednesday session at Black Hat USA 2015 in Las Vegas, Patrick Wardle, director of research with Synack, explained that the current state of OS X malware is pretty mediocre, but has the potential to be a whole lot better.
    Read More
  • Aug 5, 2015 | Motherboard

    How To Turn a Cheap Printer Into A Stealthy Bugging Device

    Ang Cui, the chief scientist at Red Balloon Security and a recent PhD graduate from Columbia University, showed me how Funtenna works during a demo at his office in Manhattan a couple of weeks ago. He’s going to present his research at the Black Hat security conference in Las Vegas on Wednesday.
    Read More
  • Aug 5, 2015 | Reuters

    U.S. researchers show computers can be hijacked to send data as sound waves

    A team of security researchers has demonstrated the ability to hijack standard equipment inside computers, printers and millions of other devices in order to send information out of an office through sound waves.
    Read More
  • Aug 5, 2015 | CNN Money

    How your washing machine can steal computer files

    Imagine hackers stealing top secret files from a military base. Except they don't need the Internet to pull data out of the facility's computers. Instead, they can just infect an office printer and -- with software alone -- turn it into a radio.
    Read More
  • Aug 5, 2015 | Slate

    A Printer That Sings Your Data for Hackers to Hear

    At the Black Hat cybersecurity conference Wednesday, researcher Ang Cui is presenting this “Funtenna” project, which is a proof of concept that an attacker who has compromised an embedded device like a printer can manipulate its hardware through software alone to transmit data over audible sound waves or even the radio spectrum.
    Read More
  • Aug 5, 2015 | RT

    'Funtenna' uses sound waves, radio to hack internet of things

    A new hacking technique that uses sound and radio waves can siphon data from devices even without internet access. Showcased at the Black Hat security summit in Las Vegas, the ‘Funtenna’ hack has the potential to unravel the Internet of Things.
    Read More
  • Aug 5, 2015 | Las Vegas Review Journal

    Security experts detail Jeep hacking at Black Hat conference

    With both Wi-Fi and cellular access vulnerabilities in the 2014 Jeep Cherokee's internal computer system, hacking the car and changing everything from its radio volume to speed could be done in a matter of seconds, speakers at this week's Black Hat conference in Las Vegas said.
    Read More
  • Aug 5, 2015 | CNBC

    The $400 billion threat to global business

    Tuesday, at the annual Black Hat conference in Las Vegas, 10,000 security professionals including hackers, security analysts and government agents gathered to discuss the latest cybersecurity vulnerabilities. When it comes to modern American corporations, those working in the industry say the threat from cybercrime is a real and growing risk.
    Read More
  • Aug 5, 2015 | The Register

    IT security staff have a job for life – possibly a grim, frustrating life

    Speaking at the opening of the 18th Black Hat security conference, its founder Jeff Moss warned the assembled throng that while they might have job security, they weren't going to have fun in the next decade.
    Read More
  • Aug 5, 2015 | Las Vegas Sun

    Hacker summer camps crash Las Vegas this week

    It’s summer camp for hackers in Las Vegas this week. That’s how event organizers describe three tech conferences — Black Hat USA, DEF CON and B-Sides LV — that are scheduled concurrently each summer. When the hackers are in town, mischief is often close behind.
    Read More
  • Aug 5, 2015 | TechCrunch

    “The Dream Of Internet Freedom Is Dying”

    So says Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and Society, who gave the keynote address at the (somewhat infamous) Black Hat security conference today.
    Read More
  • Aug 5, 2015 | Threatpost

    Granick: Dream of Internet Freedom ‘Dying’

    That’s the fear that today Black Hat keynoter Jennifer Granick drilled into an overflowing room, exposing the current landscape of surveillance, censorship and centralized control of content, and the complacency in which society has allowed this to happen.
    Read More
  • Aug 5, 2015 | eWeek

    Keep Dream of a Free and Open Internet Alive, Black Hat Keynoter Urges

    Black Hat keynoter Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society, discusses the need for legal and policy change to defend Internet freedom.
    Read More
  • Aug 5, 2015 | CRN

    Black Hat 2015 Keynote: Security Professionals Need To Stand Up For Open Internet

    The Internet was founded on the dream of an open platform with freedom of speech and global communication, but recent changes around regulation, centralization and globalization are threatening that opportunity, Jennifer Granick said in the Wednesday opening keynote at Black Hat 2015 in Las Vegas.
    Read More
  • Aug 5, 2015 | Dark Reading

    From The Black Hat Keynote Stage: Jennifer Granick

    Jennifer Granick, renowned defender of Internet privacy and civil liberties, took to the Black Hat USA keynote stage this morning and told a packed audience to resounding applause that "we have secret laws in this country and that is an abomination in a democratic society."
    Read More
  • Aug 5, 2015 | CNBC

    How secure is your cell phone?

    CNBC's Josh Lipton reports on security concerns for people using mobile payment apps.
    Read More
  • Aug 5, 2015 | U.S. News & World Report

    Top Internet lawyer warns Black Hat crowd that the free Internet is dying

    The annual Black Hat computer security conference in Las Vegas kicked off Wednesday with a keynote address from Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society.
    Read More
  • Aug 5, 2015 | The Register

    Biggest security update in history coming up: Google patches Android hijack bug Stagefright

    Black Hat 2015 For those of you worried about the Stagefright flaw in Android, be reassured, a patch will be coming down the line in the next few days.
    Read More
  • Aug 4, 2015 | Dark Reading

    Black Hat USA: Empowering Women In Security

    A panel of influential women in the security industry will share their insights and identify resources for fostering professional development (and recruiting) of women in the field.
    Read More
  • Aug 4, 2015 | Engadget

    A chat with Black Hat's unconventional keynote speaker

    The most interesting thing about Black Hat 2015 keynote speaker Jennifer Granick isn't her gender -- though she appears against a backdrop of historically male keynotes. It's that Granick is director of civil liberties at the Stanford Center for Internet and Society.
    Read More
  • Aug 4, 2015 | USA Today

    Hacking cars, power plants and rifles at Black Hat

    More than 10,000 computer security professionals, researchers and government workers are expected to attend the conference, which features 290 sessions describing network security flaws, attacks past, present and future, and how to guard against them.
    Read More
  • Aug 4, 2015 | Yahoo! Tech

    Why This Is the Best Week of the Year for Hackers — and the Scariest for Everyone Else

    It can only mean one thing: Las Vegas is about to be taken over by some of the world’s craftiest hackers, in town for the wildest and most terrifying security conference of the year.
    Read More
  • Aug 3, 2015 | eWeek

    Black Hat, DEF CON Founder Offers Insight Into Security Shows, Trends

    The Black Hat professional security conference is under way in Las Vegas through Aug. 6, and several thousand software developers, security administrators, vendors, government operatives, analysts and military officials are communing in Sin City to exchange ideas and sip a brew -- or a few.
    Read More
  • Aug 3, 2015 | USA Today

    How experts stay safe at the Black Hat security conference

    en and paper instead of a laptop. Cash instead of credit cards. Face-to-face chats instead of cell phones. That's the drill for the most cautious at two big computer security conferences taking place this week in Las Vegas.
    Read More
  • Aug 3, 2015 | Dark Reading

    Dark Reading Preps Week Of Show Coverage At Black Hat USA

    f you want to know what's happening in Las Vegas this week at Black Hat, Dark Reading's got the scoop.
    Read More
  • Aug 3, 2015 | Motherboard

    Researchers Turn Square Reader Into Credit Card Skimmer in Under 10 Minutes

    The three researchers found a way to physically tamper with the device and disable the encryption that normally protects the credit card data being transmitted to the smartphone. (The researchers will show exactly how they did during a talk on Wednesday at the Black Hat security conference in Las Vegas.)
    Read More
  • Aug 1, 2015 | AFP

    Black Hat: Hackers set sights beyond smart gadgets, targeting sniper rifles, home appliances

    Hackers are no longer just breaking into computers; connected devices including cars, home security systems and even sniper rifles are now targets for those looking to steal or cause mischief.
    Read More
  • Aug 1, 2015 | Motherboard

    This $1,000 Device Lets Hackers Hijack Satellite Communications

    Taking advantage of this flaw, criminal hackers could track and hijack valuable cargo, such as military supplies or cash and gold stored in an armored car, according to Colby Moore, a researcher at security firm Synack, who plans to show off his findings at the upcoming Black Hat security conference.
    Read More
  • Aug 1, 2015 | BBC News

    Globalstar tracking system 'open to attack'

    Mr Moore is planning to release more details about his work at the Black Hat hacker conference in Las Vegas next week. This month has seen the early release of other investigations into the security of cars and Android phones that will also feature at Black Hat.
    Read More
  • Aug 1, 2015 | eWeek

    Satellite Hacking Can Wreak Havoc, Black Hat Talk to Demonstrate

    Satellite tracking systems are used for myriad activities, including monitoring the progress of semi-trailers and armored car bank deliveries. In a session at the Black Hat USA conference on Aug. 5 in Las Vegas, Colby Moore, manager of special activities at Synack, will detail security risks in the GlobalStar simplex satcom protocol that could potentially enable attackers to do all manner of malicious things.
    Read More
  • Aug 1, 2015 | BBC News

    Click here to hack the network

    This week is hacker week in Las Vegas. The desert playground is hosting three conferences dedicated to computer security - Black Hat USA, Def Con and BSides LV.
    Read More
  • Jul 31, 2015 | SlashGear

    Globalstar GPS network (allegedly) vulnerable to hackers

    Researcher Colby Moore will be presenting findings related to a security issue with the Globalstar satellite network at Black Hat in Las Vegas next week. The researcher found that devices using the Globalstar network reportedly can be fed false data or have their data transmissions intercepted.
    Read More
  • Jul 31, 2015 | Clapway

    Married Couple Plans to Hack Smart Rifles at Black Hat Conference

    At this years Black Hat hacker conference, security researchers, Runa Sandvik and Michael Auger, will demonstrate how they are able to exploit the vulnerabilities of a self-targeting sniper rifle to change the scope’s variables when planning out a shot, and even bricking the rifle altogether.
    Read More
  • Jul 31, 2015 | Network World

    Black Hat 2015: Cracking just about anything

    Researchers at the Black Hat 2015 conference next week will show how to crack Internet routing protocols, malware-detecting honeypots, radio-frequency ID gear that gates building access, and more, but also offer tips on how to avoid becoming victims to their new attacks.
    Read More
  • Jul 31, 2015 | TechCrunch

    9 Basic Tips For Not Getting Pwned At Blackhat 2015

    Honestly, does anyone even say ‘pwned’ anymore? Am I exposing myself even more by putting it into the headline? What I want to provide are some basic tips for anyone heading to Blackhat/Defcon next week in Vegas. Now, most of the actual security folks there will already do this basic stuff and be onto more sophisticated levels of protection. But, it’s important for all of us in the industry (I’m looking at you sales and marketing) that might not have the same technical chops to get prepped before landing in Sin City.
    Read More
  • Jul 31, 2015 | CBS News

    The hackers are coming... to Las Vegas

    There was the Jeep hack that demonstrated Chrysler cars could be taken over via their infotainment systems, a revelation that led to the recall of 1.4 million vehicles. And another vulnerability exposed in General Motors cars with OnStar. And the scary Stagefright bug that puts 95 percent of all Android smartphones at risk.
    Read More
  • Jul 31, 2015 | eWeek

    Seven Highly Anticipated Talks at Black Hat, DefCon Events

    The Black Hat USA 2015 and DefCon 23 security conferences in Las Vegas from Aug. 4 to Aug. 9 will tackle an unmatched range of topics and some excitement—and concern—over the technologies shown to be at risk from hackers. While there are nine concurrent sessions at any given time at the Black Hat USA conference, in any given year, a few key sessions always receive more attention than others.
    Read More
  • Jul 31, 2015 | Motherboard

    This $1,000 Device Lets Hackers Hijack Satellite Communications

    Taking advantage of this flaw, criminal hackers could track and hijack valuable cargo, such as military supplies or cash and gold stored in an armored car, according to Colby Moore, a researcher at security firm Synack, who plans to show off his findings at the upcoming Black Hat security conference.
    Read More
  • Jul 30, 2015 | Reuters

    Globalstar location-tracking network vulnerable to hacking: researcher

    The problem is that unlike Globalstar's satellite phone services, data from the devices is not encrypted in transit, said Synack Inc researcher Colby Moore, who will present his findings at next week's Black Hat security conference in Las Vegas.
    Read More
  • Jul 30, 2015 | Motherboard

    Hackers Identify Weak Link in Thousands of Industrial Control Systems

    As it turns out, popular network switches made by Siemens, GE, Garrettcom and Opengear, have flaws that make them easy to hack, according to new research by Colin Cassidy, Eireann Leverett, and Lee himself. The three plan to show their findings at the security and hacking conferences Black Hat and Def Con in Las Vegas next week.
    Read More
  • Jul 29, 2015 | Federal Times

    5 tips to avoid being victim of 'spot the fed' at Black Hat

    Federal employees planning to attend Black Hat 2015 — the annual cybersecurity event bringing together hackers and industry — should be prepared to have their devices tested.
    Read More
  • Jul 29, 2015 | ZDNet

    Black Hat 2015: Cool talks, hot threat intel

    With Black Hat USA 2015 starting in just a few days, we've got a shortlist of the hottest talks slated for this year's largest domestic professional infosec conference.
    Read More
  • Jul 29, 2015 | TNW News

    1,000 self-targeting sniper rifles can be hacked: Nice work, dummies

    At the forthcoming Black Hat hacking conference, Runa Sandvik and her husband Michael Auger plan to present the results of a year’s work on exploiting two of the $13,000 self-aiming rifles.
    Read More
  • Jul 29, 2015 | Fortune

    Hackers can change this sniper rifle's target

    The researchers, married couple Run Sandvik and Michael Auger, plan to present the results at the Black Hat hacker conference in two weeks, but gave Wired magazine a demonstration ahead of time. In the video, you can see the two dial in changes to the scope’s targeting system that sends a bullet straight to their own bullseye instead of the original target.
    Read More
  • Jul 29, 2015 | Silicon Republic

    Hacking a smart sniper rifle can make it fire at the wrong target

    According to Wired, the user of the rifle is able to use a smart scope which users laser precision to tell the person firing the gun when they are in line for a perfect shot, but is also Wi-Fi enabled so as to be socially connected and stream footage from the scope to a nearby device.
    Read More
  • Jul 29, 2015 | The Blaze

    Scary: Hackers Infiltrate High-Tech Rifle System, Causing Shooters to Miss Targets or Disable It All Together

    The hackers, who plan to present some of their findings at the Black Hat security conference in Las Vegas next week, demonstrated to Wired how they were able to “change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing.”
    Read More
  • Jul 29, 2015 | SC Magazine

    Researchers hack into self-aiming rifle through Wi-Fi

    The couple was able to exploit vulnerabilities in the Linux-powered gun's software through its Wi-Fi connection, used to allow users to stream video of a shot to a nearby device.
    Read More
  • Jul 29, 2015 | CNN Money

    You can hack this high-tech rifle

    Auger and Sandvik will reveal more details about their research at the Black Hat cybersecurity convention next week in Las Vegas.
    Read More
  • Jul 29, 2015 | WIRED

    Hackers Can Disable a Sniper Rifle—Or Change Its Target

    At the Black Hat hacker conference in two weeks, security researchers Runa Sandvik and Michael Auger plan to present the results of a year of work hacking a pair of $13,000 TrackingPoint self-aiming rifles.
    Read More
  • Jul 28, 2015 | Phys.org

    Researcher to talk at Black Hat on 'scary' area in Android

    Drake, co-author of Android Hacker's Handbook, plans to present his research at the Black Hat security conference next month. His talk is titled "Stagefright: Scary Code in the Heart of Android."
    Read More
  • Jul 28, 2015 | Tech Xplore

    Researcher to talk at Black Hat on 'scary' area in Android

    Drake, co-author of Android Hacker's Handbook, plans to present his research at the Black Hat security conference next month. His talk is titled "Stagefright: Scary Code in the Heart of Android."
    Read More
  • Jul 28, 2015 | The Blaze

    The ‘Extremely Dangerous’ Smartphone Flaw That Can Be ‘Triggered While You Sleep’

    Joshua Drake with the mobile security firm Zimperium zLabs discovered the vulnerability he calls “Stagefright,” which he will be presenting at the Black Hat security conference next week. He said if the “Heartbleed” flaw (remember Heartbleed, which exposed bank data, emails and other private info through a flaw in Internet server coding) “sends chill down your spine, this is much worse.”
    Read More
  • Jul 28, 2015 | Motherboard

    This $10 Device Lets You Easily Clone Office Access Cards

    The two researchers who created BLEkey are Mark Baseggio, from security firm Accuvant, and Eric Evenchick, who works at Faraday Future. They are going to release the device’s designs online after their talk at the Black Hat security conference in Las Vegas next week, where they will also distribute 200 BLEkeys, each worth just $10.
    Read More
  • Jul 28, 2015 | Yahoo! Tech

    Android flaw lets hackers break in with a text message

    More about Drake's research was to be disclosed at a Black Hat computer security conference taking place in Las Vegas early in August.
    Read More
  • Jul 27, 2015 | Threatpost

    Android Stagefright Flaws Put 950 Million Devices at Risk

    Drake estimates that 950 million Android devices could be exposed by the half-dozen bugs and implementation issues he’s expected to detail in a presentation next week during the Black Hat conference in Las Vegas.
    Read More
  • Jul 27, 2015 | Consumerist

    Bad News: Security Hole Can Let An Attacker Take Over Your Android Phone With A Single Text

    Drake will be speaking about his process for discovering vulnerabilities in Android at the Black Hat InfoSec conference in Las Vegas next week.
    Read More
  • Jul 27, 2015 | BetaNews

    Vulnerability in Stagefright could expose 95 percent of Android devices to risk

    Zimperium zLabs VP of Platform Research and Exploitation, Joshua J Drake, carried out the research which will be presented at Black Hat USA on August 5.
    Read More
  • Jul 27, 2015 | Motherboard

    These Bugs Could Leave 950 Million Android Devices Vulnerable to Hackers

    Drake found the bugs in an Android media playback engine called Stagefright, which makes the operating system play popular multimedia files. Drake will reveal all the details of his research at the upcoming Black Hat and Def Con security and hacking conferences in Las Vegas.
    Read More
  • Jul 27, 2015 | CIO

    Most Android phones can be hacked with a simple MMS message or multimedia file

    Drake plans to present more details about the vulnerabilities along with proof-of-concept exploit code at the Black Hat Security conference on Aug. 5.
    Read More
  • Jul 27, 2015 | Ars Technica

    950 million Android phones can be hijacked by malicious text messages

    The vulnerability can be exploited using other attack techniques, including luring targets to malicious websites. Drake will outline six or so additional techniques at next month's Black Hat security conference in Las Vegas, where he's scheduled to deliver a talk titled Stagefright: Scary Code in the Heart of Android.
    Read More
  • Jul 27, 2015 | Techaeris

    A Simple MMS Could Be Used To Exploit Android Devices

    Drake also shared the patches with other parties including Silent Circle and Mozilla with Mozilla fixing it in Firefox 38. He plans on presenting more details regarding the vulnerabilities and exploits with a proof-of-concept exploit code at the Black Hat Security conference on Aug. 5.
    Read More
  • Jul 27, 2015 | CNET

    Most Android phones at risk from simple text hack, researcher says

    According to Zimperium's blog, it will show exactly how Stagefright works and can be exploited at the Black Hat hacker conference in Las Vegas, which starts August 1.
    Read More
  • Jul 27, 2015 | The Verge

    Researchers have found a new texting vulnerability in Android

    Zimperium hasn't released all the details of the attack, pending a more detailed presentation at the Black Hat conference next month, but it appears to target how Android processes video, specifically in the phone's MMS messaging capability. Attackers could exploit that vulnerability sending out malicious code disguised as a video message. Once the exploit takes hold, an attacker would gain the power to execute code remotely, compromising the phone's microphone, cameras, or any number of other core functions. In the most vulnerable cases, a user would not even have to interact with the message in order for the code to execute.
    Read More
  • Jul 27, 2015 | ExtremeTech

    950M phones at risk for ‘Stagefright’ text exploit thanks to Android fragmentation

    Well, this isn’t exactly what we expected to wake up to: Joshua Drake of Zimperium zLabs says a simple text message hack could put 950 million Android phones at risk, he said to Forbes, in what could be one of the most serious exploits ever to hit the mobile OS — with only devices running Android 2.2 or older not affected by it.
    Read More
  • Jul 27, 2015 | NPR

    Major Flaw In Android Phones Would Let Hackers In With Just A Text

    "This happens even before the sound that you've received a message has even occurred," says Joshua Drake, security researcher with Zimperium and co-author of Android Hacker's Handbook. "That's what makes it so dangerous. [It] could be absolutely silent. You may not even see anything."
    Read More
  • Jul 27, 2015 | Executive Biz

    Report: Black Hat Survey Notes Disconnect in IT Spending, Current Threats

    A Black Hat survey of information technology security professionals found that IT spending priorities and security tasks at enterprises do not match or keep pace with current threats in the cybersecurity environment, GCN reported Thursday.
    Read More
  • Jul 27, 2015 | Fortune

    Stagefright: It Only Takes One Text To Hack 950 Million Android Phones

    Even more information will be made available by Drake, who deserves much credit for his work in finding and fixing the issues from his extraordinary phone lab containing a “Droid Army”, when he explains his findings in full at the Black Hat and Defcon security events taking place in Las Vegas next week.
    Read More
  • Jul 27, 2015 | TIME

    Nearly 1 Billion Phones Can Be Hacked With 1 Text

    Drake plans to present his research at the Black Hat and Def Con security conferences in Las Vegas next month.
    Read More
  • Jul 27, 2015 | Federal Times

    Black Hat 2015: Event agenda for feds

    Hackers and cybersecurity professionals are getting ready for the annual Black Hat convention in Las Vegas next week, which will have plenty for feds to learn and see about the latest intrusion techniques and how to defend against them.
    Read More
  • Jul 27, 2015 | Dark Reading

    Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch

    The vulnerability was discovered by Joshua J. Drake, vice-president of platform research and exploitation at Zimperium zLabs, who will be presenting his findings at Black Hat Las Vegas next week. Drake actually discovered a variety of implementation issues in Stagefright that could be used to commit of variety of attacks, including denials of service and remote code execution.
    Read More
  • Jul 27, 2015 | Re/Code

    ‘Heartbleed for Mobile': Researcher Finds Massive Security Flaw in Android (Updated)

    Drake plans to unveil his full research on Stagefright at the Black Hat USA conference in August.
    Read More
  • Jul 27, 2015 | Business Insider

    Android flaw lets hackers break in with a text message

    More about Drake's research was to be disclosed at a Black Hat computer security conference taking place in Las Vegas early in August.
    Read More
  • Jul 27, 2015 | iDigital Times

    New Android MMS Text Message Vulnerabilities Allow Attackers To Silently Hack Devices Without User Interaction Or Knowledge

    The complete details of Drake’s research will be revealed at Black Hat Aug. 1-6 and Defcon August 6-9 in Las Vegas, Nevada.
    Read More
  • Jul 26, 2015 | PhoneArena.com

    When cars are the hackable mobile device: Fiat issues recall on 1.4 million Dodge, Jeep, and Chrysler vehicles

    The two hackers plan on publishing their findings and sharing the most of the methodology at the Black Hat conference next month. They have also shared their findings with Fiat so the company could issue a security patch recall to Chrysler vehicles equipped with U-Connect. While Fiat is not a fan of the idea of Miller and Valasek sharing this knowledge with the hacker community, the two defend the action as necessary for peer review, proof of concept, and to bring the issue into the limelight.
    Read More
  • Jul 26, 2015 | Tech Times

    Fiat Chrysler Recalls 1.4 Million Vehicles To Make Them Hack-Proof: Is Your Car Safe?

    It makes sense that FCA, or Fiat Chrysler Automobiles, would want to quickly patch the issue. Those responsible for the hack have said that they would publish "a portion of their exploit" on the Web, essentially meaning that anyone can access it. This publishing would coincide with a Black Hat security conference, scheduled to take place in August.
    Read More
  • Jul 26, 2015 | Boston Herald

    Editorial: Hackers on the highway

    They kept the manufacturer, Fiat Chrysler, informed of their project. The somewhat miffed company is offering a software update it says will repel electronic intruders. The hackers, who will describe their project at the Black Hat computer security conference next month, have kept some key details secret.
    Read More
  • Jul 25, 2015 | The Ottawa Herald

    Cyber Drivers Fancy high-tech vehicles attracting hackers' attention

    That wasn’t just hypothetical scenario for a "Wired" magazine journalist two hackers took on a journey that was anything but a joy ride. Though the researchers' work has focused on three brands of vehicles, they are expected to demonstrate at next Saturday’s Black Hat security conference in Las Vegas how they hacked the vehicles via the UConnect infotainment system and, certainly, some other surprises too.
    Read More
  • Jul 25, 2015 | PBS NewsHour

    Fiat Chrysler announces recall after hackers gain control of moving car

    Still, Fiat Chrysler condemned the duo’s plans to share data about the security flaw in conjunction with their upcoming talk at the Black Hat security conference in Las Vegas next month. The company told Wired that it “appreciates” the hackers’ work, but also said, “Under no circumstances does [Fiat Chrysler] condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.”
    Read More
  • Jul 25, 2015 | TechWorm

    Hacking fears make Fiat Chrysler recall 1.4 Million cars

    In the meantime, Miller and Valasek are gearing up to disclose findings of their exploit during the Black Hat security conference in Las Vegas on the Internet next month. On the other hand, FCA is requesting its customers to get the software update to avoid hackers from taking over their vehicles.
    Read More
  • Jul 24, 2015 | The Register

    Now car hackers can bust in through your motor's DAB RADIO

    NCC is not saying what infotainment system it hacked or giving details of its attack, which it plans to outline at greater length at the upcoming Black Hat conference in Las Vegas next month. Valasek and Miller also plan to outline their work at Black Hat in a presentation billed as Remote Exploitation of an Unaltered Passenger Vehicle, which is likely to be the hottest ticket in Vegas in a couple of weeks' time
    Read More
  • Jul 24, 2015 | PC Magazine

    Remote Car Hacking Is Now a Reality

    If reading this frightens you, that's precisely the point of the pair's exploits. More specifically, they hope to scare the public and in turn jolt automakers into action on cybersecurity. Their latest publicity stunt is a prelude to presenting their remote hacking research at the Black Hat security conference in Las Vegas next month, without revealing the details to malicious hackers. Miller and Valasek also notified Fiat Chrysler Automobiles months ago so that the automaker could issue a patch for all affected Uconnect systems—as many as 471,000 Chrysler, Dodge, Jeep, and Ram vehicles equipped with the 8.4-inch U-Connect touch-screen system.
    Read More
  • Jul 24, 2015 | CNN

    Chrysler recalls 1.4 million hackable cars

    A flaw in several Chrysler models lets hackers remotely control them, posing an unprecedented danger for American drivers. Hackers can cut the brakes, shut down the engine, drive it off the road, or make all the electronics go haywire.
    Read More
  • Jul 24, 2015 | eWeek

    Fiat Chrysler Recalling 1.4 Million Autos Over Remote Hacking Fears

    Chris Valasek, director of vehicle security research at IOactive, and Charlie Miller, security researcher at Twitter, are the two researchers who were able to hack the Jeep remotely. They are scheduled to provide full details of their exploit at a Black Hat USA session on Aug. 5.
    Read More
  • Jul 24, 2015 | TechTarget

    Alleged car hack prompts call for vehicle security act, DMCA exemption

    Miller and Valasek, who will not disclose the vulnerable entry point of Uconnect until their scheduled appearance at Black Hat next month, said once their code was written onto the car's entertainment system hardware chip, they could send commands through the car's internal network to physical components. The hack reportedly works on all Chrysler vehicles with Uconnect, including late 2013, all 2014 and early 2015 models. The researchers have not tried the hack on other makes or models, but believe that with some tweaks, the hacks would likely be successful.
    Read More
  • Jul 24, 2015 | Engadget

    Fiat Chrysler recalls 1.4 million vehicles after remote hack

    FCA is obviously acting fast to patch the problem, and it's clear why. As Wired details, the hack makes it possible to "kill" the engine, remotely activate or disable the brakes, and keep tabs on a vehicle's Full steering control is currently being worked on. The party responsible for the hack revealed it would "publish a portion of their exploit" openly on the web, timed to coincide with the Black Hat security conference in August.
    Read More
  • Jul 24, 2015 | Popular Science

    How Worried Should You Be About Your Car Getting Hacked?

    Miller and Valasek plan to release a paper on their work and present it at the Black Hat conference, which focuses on digital security issues, in August. The vulnerability, according to the Wired article where the hack was revealed, is in the Uconnect system used by Fiat Chrysler in several models. The company has released a patch for the vulnerability.
    Read More
  • Jul 24, 2015 | iDigital Times

    Fiat Pushing For A Software Update After Hackers Take Over Cherokee Jeep

    The European automobile manufacturer has responded a day after Wired Magazine published the write-up by Andy Greensberg about his experience when cyber experts Charlie Miller and Chris Valasek were able to infiltrate the car's flawed internet connection and halt its functions from 10 miles away. The two promised to present part of the codes used to compromise the system during this year's Black Hat conference. While Fiat has ensured that the company has not received any reports of the same incidents happening in the real circumstances, this update ought to protect consumers from the possibility.
    Read More
  • Jul 23, 2015 | Dark Reading

    Car Hacking Shifts Into High Gear

    Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
    Read More
  • Jul 23, 2015 | Maximum PC

    Hack Causes Chrysler to Recall 1.4M Cars

    Wired reports that Miller and Valasek plan to reveal a portion of their exploit on the Internet next month during the Black Hat security conference in Las Vegas. That said, FCA is urging customers to get the software update to prevent hackers from taking over their vehicles.
    Read More
  • Jul 23, 2015 | CSO

    A primer on dealing with the media as a hacker, and dealing with hackers as the media

    Next month, thousands of hackers will travel to Las Vegas, and hundreds of journalists are going follow them. The adversarial relationship between hackers and the press has existed for years, but there are ways to navigate the playing field and strike a balance.
    Read More
  • Jul 23, 2015 | CBS 5

    Car hacking just got real

    It's extremely important that everyone at risk protect his vehicles immediately because the researchers plan to unveil the technical details of how they did it at the upcoming Black Hat hacker conference in early August.
    Read More
  • Jul 23, 2015 | Dark Reading

    Emerging Web Infrastructure Threats

    At the Black Hat USA conference in Las Vegas next month, researchers will bring to light even more threats lurking in Web infrastructure. Here's a glimpse at what's to come.
    Read More
  • Jul 23, 2015 | TechNewsWorld

    Hackers Take Hijacked Jeep Cherokee for Joyride

    Miller and Valasek will present their research at Black Hat U.S.A. 2015, to be held in Las Vegas August 1-4, although they will leave out details of how their attack rewrites the chip's firmware.
    Read More
  • Jul 23, 2015 | Fortune

    More disturbing details about the Jeep hack

    Next week at the Black Hat cyber security conference in Las Vegas, Miller and Valasek plan to release the code that gained them access to Greenberg’s Jeep – a move that FCA opposes as dangerous. In the hackers’ view, the release will help automakers gain awareness and skill at blocking intrusions.
    Read More
  • Jul 23, 2015 | Threatpost

    Chris Valasek on Car Hacking

    Dennis Fisher talks with Chris Valasek of IOActive about the new research he did with Charlie Miller on remotely hacking a Jeep, how the disclosure process worked, what auto makers can do to secure their vehicles’ on-board systems, and how much of a threat these attacks pose to drivers.
    Read More
  • Jul 22, 2015 | ConsumerAffairs

    Almost half a million late-model Fiat/Chrysler owners are at risk of a remote hacker attack

    Or, as Greenberg put it for Wired: “Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect … controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country.”
    Read More
  • Jul 21, 2015 | Engadget

    Hurry up and patch your Chrysler against this wireless hack

    Last week Chrysler quietly released a software update for its optional Uconnect in-car entertainment system. And while the official purpose was "to improve vehicle electronic security", Wired reports that the patch is really aimed at fixing a terrifying flaw in the system's security. One that could allow hackers to remotely shut down your vehicle at slow speeds or hijack its steering, brakes, and transmission.
    Read More
  • Jul 21, 2015 | Mashable

    Hackers could take control of your Chrysler without this critical patch

    A recent Wired report has highlighted how two hackers were able to wirelessly control a new, unmodified Jeep Cherokee via Uconnect. Charlie Miller and Chris Valasek spent a year writing a software which exploited a vulnerability in the web-connected system, which works with Sprint's cellular network. Miller and Valasek were able to determine the IP address of a car and control all its functions via a remote computer.
    Read More
  • Jul 21, 2015 | Reuters

    Security experts hack into moving car and seize control

    Former National Security Agency hacker Charlie Miller, now at Twitter, and IOActive researcher Chris Valasek used a feature in the Fiat Chrysler telematics system Uconnect to break into a car being driven on the highway by a reporter for technology news site Wired.com.
    Read More
  • Jul 21, 2015 | Fortune

    Your car isn’t safe from hackers. Here’s why

    Miller and Valasek plan to reveal more information about how they pulled off the Jeep stunt at the Black Hat conference next month. In the meantime, all they’ve said is that the trick involves using a cellular connection to break into the car’s entertainment system through a feature called UConnect.
    Read More
  • Jul 21, 2015 | The New York Times

    Security Researchers Find a Way to Hack Cars

    At the annual Black Hat and Def Con hacking conferences in Las Vegas in August, Mr. Miller and Mr. Valasek plan to demonstrate how, after two years of research, they have discovered a way to control hundreds of thousands of vehicles remotely.
    Read More
  • Jul 21, 2015 | FOX News

    Patch your Chrysler vehicle before hackers kill you

    It took hackers Charlie Miller and Chris Valasek nearly a year to discover and exploit the Uconnect flaw, of which they plan to provide more details at next month's Black Hat security conference in Las Vegas. The flaw let them remotely install a malicious firmware update that gave them control of the vehicle.
    Read More
  • Jul 21, 2015 | Gizmodo

    Hackers Have the Power to Remotely Hijack Half a Million Chrysler Cars

    Longtime car hackers Charlie Miller and Chris Valasek recently demonstrated the dangerous possibilities of the Chrysler exploit to Wired’s Andy Greenberg.
    Read More
  • Jul 21, 2015 | NY Daily News

    Hackers hijack Jeep’s computer system, crash it from miles away

    Unimpressed by the sluggish response, they plan to release their code at the Black Hat hackers convention in August so it can be peer-reviewed.
    Read More
  • Jul 21, 2015 | NPR

    The Ghost In The Car May Be A Hacker

    Chris Valasek (left) and Charlie Miller talk about hacking into vehicle computer systems during the Black Hat USA 2014 hacker conference in Las Vegas last August.
    Read More
  • Jul 21, 2015 | USA Today

    Hack of connected car raises alarm over driver safety

    Miller and Valasek, who have been exploring the automobile's growing digital vulnerabilities for a number of years, plan to report most of the details of the hack at Black Hat, the security conference that begins in Las Vegas Aug. 1. They'll leave out enough key elements so other hackers won't be able to replicate their mischief, the magazine reports.
    Read More
  • Jul 21, 2015 | Naked Security

    Baby, you can hack my car: researchers take over a Jeep from 10 miles away

    The duo previewed their Black Hat talk in a just-published Wired article, in which journalist Andy Greenberg recounts how the hackers wirelessly took control of a Jeep he was driving - from a location 10 miles away.
    Read More
  • Jul 21, 2015 | SC Magazine

    Survey: Black Hat 2015 attendees most concerned about targeted attacks

    In a survey of 460 management and staff security professionals attending the upcoming Black Hat 2015 conference, 57 percent indicated that sophisticated attacks targeted directly at the organization is their greatest concern.
    Read More
  • Jul 21, 2015 | The Guardian

    Jeep owners urged to update their cars after hackers take remote control

    The hack was demonstrated by Charlie Miller and Chris Valasek, two security researchers who previous demonstrated attacks on a Toyota Prius and a Ford Escape. Using a laptop and a mobile phone on the Sprint network, they took control of a Jeep Cherokee while Wired reporter Andy Greenberg was driving, demonstrating their ability to control it and eventually forcing it into a ditch.
    Read More
  • Jul 21, 2015 | Graham Cluley

    Car-hacking expert urges Jeep owners to install security update

    Well, what do you know... no sooner do I publish my article, than Andy Greenberg reveals he has been on another car journey with Charlie Miller and Chris Valasek - this time in a Jeep Cherokee.
    Read More
  • Jul 21, 2015 | SlashGear

    Jeep hacking done on willing participant

    The team plans on speaking about their exploit at Black Hat 2015, an event dedicated to software hacks, exploits, and most important of all SECURITY.
    Read More
  • Jul 21, 2015 | The Wall Street Journal

    From a Remote Laptop, Hackers Hijack a Jeep

    Miller and Valasek have kept some of the flaws they uncovered under wraps to prevent copy cats from wreaking havoc on the highway. But they do show in a video that they can effectively zap a car’s transmission or, when it’s moving at slower speeds, its brakes. The two researchers say they will show more details during their talk at the Black Hat hacker conference next month.
    Read More
  • Jul 21, 2015 | The Telegraph

    Hacker remotely crashes Jeep from 10 miles away

    Hackers took control of a car and crashed it into a ditch by remotely breaking into its dashboard computer from 10 miles away, while sitting on their sofa.
    Read More
  • Jul 21, 2015 | Breitbart

    Hackers have the power to remotely hijack half a million Chrysler cars

    Longtime car hackers Charlie Miller and Chris Valasek recently demonstrated the dangerous possibilities of the Chrysler exploit to Wired’s Andy Greenberg. The journalist actually took a Jeep Cherokee onto the highway outside St. Louis, while the hackers took over control of the car.
    Read More
  • Jul 21, 2015 | Business Insider

    Hackers were able to remotely control a Jeep Cherokee's radio and even turn off the transmission

    Miller and Valasek will be presenting their findings at Black Hat conference next month.
    Read More
  • Jul 21, 2015 | ZDNet

    Hackers can take over your Jeep, literally driving you off the road

    Fiat Chrysler issued a patch last week, just shy of a month before the security duo's talk at Black Hat.
    Read More
  • Jul 21, 2015 | CSO

    InfoSec pros spend most time, money on self-inflicted problems

    According to a new survey of Black Hat attendees released last week, InfoSec professionals are spending the biggest amount of their time and budgets on security problems created within the organization itself.
    Read More
  • Jul 21, 2015 | mybroadband

    Hackers can remotely hijack the Jeep Cherokee

    From the entry point – which the researchers will reveal during the Black Hat conference in Las Vegas in August – they move to another chip in the car’s head unit.
    Read More
  • Jul 21, 2015 | The Blaze

    Hackers Demonstrate Frightening Ability to Control a Jeep: ‘This Is Reality’

    Systems like OnStar have already demonstrated the remote ability to shut down cars. Miller and Valasek’s experiment with Greenberg builds on their car hacking expertise from the last couple of years and shows how they could hijack the vehicle wirelessly. Greenberg noted that they plan to report their latest findings at the Black Hat security conference in August.
    Read More
  • Jul 21, 2015 | Network World

    Watch hackers immobilize a car while it's traveling on a highway

    Miller and Valasek are planning to release more information on the exploit they used to perform the hack in accordance with their presentation at the Black Hat security conference in Las Vegas next month. The video shows Greenberg go through this process.
    Read More
  • Jul 21, 2015 | Network World

    Car hackers urge you to patch your Chrysler, Ram, Durango, or Jeep

    A hacker duo pretty much just made the case for going old school and steering clear of "smart" and "connected" vehicles as they remotely attacked one. Charlie Miller and Chris Valasek revealed 20 of the "most hackable" vehicles last year, but this year at Black Hat they will blow people's mind when they present "Remote Exploitation of an Unaltered Passenger Vehicle."
    Read More
  • Jul 21, 2015 | Consumerist

    What It’s Like To Be Inside A Car When Hackers Take Control From Miles Away

    Miller and Valasek are planning to publish some of their work on the Internet pegged to a talk they’re giving at the upcoming Black Hat security conference. Wired.com says their work on wireless hacking has inspired new legislation from senators Ed Markey and Richard Blumenthal, who are planning to introduce an automotive security bill on Tuesday to set new digital security standards for cars and trucks.
    Read More
  • Jul 21, 2015 | The Register

    Jeep drivers can be HACKED to DEATH: All you need is the car's IP address

    At next month's Black Hat hacking conference in Las Vegas, Charlie Miller and Chris Valasek – a duo who have hacked more cars than Mad Max – will show off an attack on a Jeep Cherokee that enables the remote control of the car's engine, brakes, and minor systems from miles away simply by knowing the car's public IP address.
    Read More
  • Jul 21, 2015 | WIRED

    Patch Your Chrysler Vehicle Now Against a Wireless Hacking Technique

    At the Black Hat security conference next month, they plan to publish a portion of that exploit to allow for peer review of their work. They’re also sending a message: “Cars should be secure,” says Miller. “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers.”
    Read More
  • Jul 21, 2015 | Forbes

    Jeep Owners Urged To Update Cars To Stop Hackers Taking Them Off The Road

    Thus far they’ve only tested on a Jeep Cherokee, but they believe any Chrysler vehicle with Uconnect manufactured from late 2013, all of 2014, and early 2015 is affected. The long-time car hacking buddies plan to detail their full exploits at the Blackhat security conference in two weeks’ time in Las Vegas.
    Read More
  • Jul 21, 2015 | WIRED

    Hackers Remotely Kill a Jeep on the Highway—With Me in It

    A mere two years later, that carjacking has gone wireless. Miller and Valasek plan to publish a portion of their exploit on the Internet, timed to a talk they’re giving at the Black Hat security conference in Las Vegas next month.
    Read More
  • Jul 21, 2015 | The Register

    Black Hat 2015: 32 SCADA, mobile zero-day vulns will drop

    Gird your loins, admins; researchers are set to drop 32 zero-day vulnerabilities at the Black Hat hacking fest in Las Vegas in August.
    Read More
  • Jul 16, 2015 | Dark Reading

    10 Trends In Infosec Careers And Staffing

    This week the folks of Black Hat released the results of a survey of previous conference attendees to get the pulse of the security community on a number of fronts. Particularly illuminating were several of the answers to career-related questions.
    Read More
  • Jul 16, 2015 | The Economist

    Their own devices

    Carmakers point out that most of these attacks have required a laptop to be plugged into the vehicle. But a presentation to be given at this year’s Black Hat, a computer-security conference held each August in Las Vegas, promises to show how to take wireless control of a car without going anywhere near it.
    Read More
  • Jul 16, 2015 | Computer Business Review

    Significant gap found between security concerns & IT spend

    A new survey has revealed that the majority of organisations are not spending their time, budget, and staffing resources on issues that most security professionals consider to be the greatest threats.
    Read More
  • Jul 16, 2015 | eWeek

    Black Hat Set to Expose More Than 30 Zero-Day Flaws

    Over the years, the Black Hat USA security conference has built a reputation around being the place where new security vulnerabilities are disclosed, and 2015 will be no exception. Defensive approaches to security will also be a key theme at the upcoming Black Hat USA 2015 briefings event, which starts Aug. 4.
    Read More
  • Jul 15, 2015 | ZDNet

    Black Hat attendee report highlights the mess we're in

    Black Hat has released its first-ever attendee research report, highlighting infosec's ongoing hiring crisis and a sector that feels poorly prepared to face current threats.
    Read More
  • Jul 15, 2015 | Info Security

    Black Hat Attendees Fear a Major Breach But Few are Prepared

    Almost three quarters of security pros interviewed by Black Hat USA said they think their organization will suffer a breach in the next 12 months, yet just a quarter (27%) feel they’re able to deal with it.
    Read More
  • Jul 15, 2015 | Dark Reading

    Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say

    According to the 2015 Black Hat Attendee Survey, nearly three quarters (73 percent) of top security professionals think it likely that their organizations will be hit with a major data breach in the next 12 months -- but they won't have enough time, money, or skilled staff to handle the crisis.
    Read More
  • Jul 15, 2015 | IoT Evolution

    Black Hat Survey Reveals Future Worry

    This survey asked almost 500 top-tier past attendees of the event what threats they see as most dangerous, both now and in a few years, and broadly returned the result that most sophisticated security professionals say enterprise security priorities don’t address those threats appropriately.
    Read More
  • Jul 15, 2015 | IoT Evolution

    Black Hat Survey Reveals Future Worry

    This year’s edition of the world-famous Black Hat USA conference for IT security experts (both the good and sort-of-bad guys) will kick off in about a month, but for the first time ever, the organizers have given us a preview of what’s concerning its attendees with its 2015 Black Hat Attendee Survey: Time to Rethink Enterprise IT Security.
    Read More
  • Jul 15, 2015 | PCMag

    Security-Wise, You Are the Weakest Link

    The annual Black Hat information security conference is just a few short weeks away. Security professionals, executives, vendors, and hackers will converge on Las Vegas to learn and share the very latest vulnerabilities, defenses, security holes, and hacking techniques.
    Read More
  • Jul 13, 2015 | Dark Reading

    Internet Of Things Hacking Village Debuts At DEF CON

    Sandvik and security expert Michael Auger next month at Black Hat USA in Las Vegas will reveal their findings of security and privacy vulnerabilities in an interesting and unusual IoT thing: a long-range, precision-guided rifle from TrackingPoint.
    Read More
  • Jul 10, 2015 | Dark Reading

    Black Hat For Beginners: 4 Tips

    What happens in Vegas stays in Vegas. But for newbies, these helpful hints will make sure you get the most out of the Black Hat USA experience.
    Read More
  • Jul 6, 2015 | Dark Reading

    IoT Flaw Discoveries Not Impactful--Yet

    Vulnerabilities in the Internet of Things (IoT) once again will be in the spotlight next month at Black Hat USA.
    Read More
  • Jun 29, 2015 | Dark Reading

    Social Engineering & Black Hat: Do As I Do Not As I Say

    One of the distinctive new features at Black Hat this year is the Career Zone. Last year I noticed that there were many CISOs in the house whose sole purpose of attending was recruiting.
    Read More
  • May 15, 2015 | ZDNet

    Zero Day Weekly: Venom, Black Hat 2015, hyped reports, FTC cyber-extortion controversy

    Thursday Black Hat announced the first set of talks selected for this year's Black Hat USA.
    Read More
  • Apr 7, 2015 | Digital News Asia

    Security researchers identify malware threat to virtual currencies

    The research was unveiled at the Black Hat Asia 2015 event in Singapore, just weeks before the official inauguration of the IGCI.
    Read More
  • Apr 6, 2015 | DNA India

    Should security providers be held liable for data breaches?

    Black Hat Asia ended with a discussion started by Black Hat founder Jeff Moss on if security providers, should be held liable for data breaches, because of the critical data they claim to "secure".
    Read More
  • Apr 6, 2015 | DNA India

    Chris Thomas of RSA shares his views on hacking incidents in the corporate world

    In an exclusive interview at Black Hat Asia 2015, Chris Thomas, Security Analytics and Advanced Security Operations Specialist, Asia Pacific & Japan, RSA speaks to Krishna Bahirwani and shares his thoughts on where organizations are going wrong.
    Read More
  • Apr 1, 2015 | The Straits Times

    Free Wi-Fi Can Prove Costly for Users

    That was what cyber security analyst and penetration tester Daniel Cuthbert did while sitting in at the keynote address at the information security conference Black Hat Asia held in Singapore recently.
    Read More
  • Mar 30, 2015 | PYMNTS

    Researchers Find Blockchain Threat

    According to an INTERPOL cybersecurity leader and a Kaspersky Lab specialist that came from the Research and Innovation unit at INTERPOL’s Global Complex for Innovation, the open space on the blockchain that enabled to public ledge of transactions is the aspect that could be hacked by malware threats. The research was unveiled at the Black Hat Asia 2015 event in Singapore.
    Read More
  • Mar 30, 2015 | SC Magazine UK

    Interpol 'agents' detail virtual currency malware threat

    The research was unveiled at the Black Hat Asia 2015 event in Singapore, just weeks before the official inauguration of the IGCI.
    Read More
  • Mar 30, 2015 | International Business Times

    Cryptocurrency round-up: Blockchain offers 'safe haven' for child porn and Secret Service scepticism

    Christian Karam, a cyberthreat researcher at Interpol's Research and Innovation Sub-Directorate (R&I), told the audience at the Black Hat Asia conference that the blockchain could be used to store malware or illegal content such as child abuse images.
    Read More
  • Mar 30, 2015 | Computerworld

    $60 DIY car hacking device is an inexpensive and easy way to hack cars

    At the Black Hat Asia security conference, former Tesla intern and embedded systems developer Eric Evenchick released open source Python-based CANard software and CANtact hardware designs that will allow anyone to hack their connected cars.
    Read More
  • Mar 27, 2015 | Digital News Asia

    Mobile banking apps more vulnerable than you think: Researcher

    Speaking to Digital News Asia (DNA) on the sidelines of the Black Hat Asia security conference in Singapore, Paul Irolla, an IT engineer working at the ESIEA (C V)^O Lab in France, pointed out that a lot of trust and personal information gets fed into these banking apps.
    Read More
  • Mar 27, 2015 | The Register

    'Bar Mitzvah attack' should see off ancient and crocked RC4 algo

    In a paper Attacking SSL when using RC4 (pdf) written for a presentation given at Black Hat Asia yesterday Mantin describes how attackers can passively sniff SSL connections to pinch data.
    Read More
  • Mar 27, 2015 | Forbes

    Bitcoin's Blockchain Offers Safe Haven For Malware And Child Abuse, Warns Interpol

    According to Interpol’s Christian Karam, speaking from the Black Hat Asia conference, it could be abused to store malware control mechanisms or provide access to illicit content such as child abuse images that would be extremely difficult to take down.
    Read More
  • Mar 27, 2015 | Malaysian Digest

    A $60 Gadget That Makes Car Hacking Far Easier

    Tomorrow at the Black Hat Asia security conference in Singapore, 24-year-old Eric Evenchick plans to present a new device he calls the CANtact.
    Read More
  • Mar 27, 2015 | HelpNetSecurity

    Car hacking made cheaper and easier

    Evenchick, a freelance embedded systems developer, presented the CANtact device on Thursday at the Black Hat Asia security conference in Singapore, and demonstrated its effectiveness to the audience.
    Read More
  • Mar 27, 2015 | CBS News Local

    How is your car vulnerable to a cyber attack while driving ?

    According to the Black Hat Asia Conference, on Thursday , March 26th, former Telsa software engineer Eric Evenchick planned to showcase an open source tool that makes communication with the Controller Area Network (CAN), which is the protocol used in automobiles.
    Read More
  • Mar 26, 2015 | Dark Reading

    SSL/TLS Suffers 'Bar Mitzvah Attack'

    Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
    Read More
  • Mar 26, 2015 | Networkworld

    For $60, you can hack a connected car

    At the Black Hat Asia conference in Singapore this week, Eric Evenchick, a hacker and former intern at Tesla, presented an open source toolkit designed to interact with the Controller Area Network (CAN) bus that controls most of the functions in many connected cars.
    Read More
  • Mar 25, 2015 | Popular Mechanics

    Hack Your Own Car With This $60 Device

    It's about the size of a credit card and costs about $60, but the humble CANtact can hack into your car.
    Read More
  • Mar 25, 2015 | WIRED

    A $60 Gadget That Makes Car Hacking Far Easier

    Tomorrow at the Black Hat Asia security conference in Singapore, 24-year-old Eric Evenchick plans to present a new device he calls the CANtact.
    Read More
  • Mar 25, 2015 | Forbes

    Former Tesla Intern Releases $60 Full Open Source Car Hacking Kit For The Masses

    When we speak over encrypted call app RedPhone, he’s stuck in Hong Kong airport waiting for a delayed flight to Singapore, where he’ll announce the open sourcing of the CANard tool during the BlackHat Asia conference.
    Read More

Sustaining Partners