Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Black Hat
Page 1 / 2   >   >>
Security Pros and 'Black Hats' Agree on Most Tempting Targets
Quick Hits  |  9/5/2019  | 
Malicious actors look for accounts that are springboards to other systems, according to nearly 300 attendees of Black Hat USA.
Splunk Buys SignalFx for $1.05 Billion
Quick Hits  |  8/21/2019  | 
Deal will yield 'one platform that can monitor the entire enterprise application lifecycle,' Splunk CEO says.
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
News  |  8/16/2019  | 
At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
Researchers Show How SQLite Can Be Modified to Attack Apps
News  |  8/12/2019  | 
New technique involves query hijacking to trigger a wide range of memory safety issues within the widely used database engine, Check Point says.
Significant Vulnerabilities Found in 6 Common Printer Brands
News  |  8/9/2019  | 
In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution.
How Behavioral Data Shaped a Security Training Makeover
News  |  8/8/2019  | 
A new program leveraged behavioral data of employees to determine when they excelled at security and where they needed improvement.
Equifax CISO: 'Trust Starts and Ends with You'
News  |  8/8/2019  | 
Organizational culture is key to good enterprise security posture, Jamil Farshchi told Black Hat attendees.
Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find
News  |  8/8/2019  | 
Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC.
Dark Reading News Desk Live at Black Hat USA 2019
News  |  8/8/2019  | 
Watch right here for 40 video interviews with speakers and sponsors. Streaming live from Black Hat USA Wednesday and Thursday 2 p.m. to 6 p.m. Eastern.
WhatsApp Messages Can Be Intercepted, Manipulated
News  |  8/8/2019  | 
Check Point security researchers demonstrate how a dangerous security weakness in the messaging application can be abused to spread fake news and carry out online scams.
Black Hat 2019: Security Culture Is Everyone's Culture
News  |  8/7/2019  | 
In his Black Hat USA keynote, Square's Dino Dai Zovi discussed lessons learned throughout his cybersecurity career and why culture trumps strategy.
Researchers Show Vulnerabilities in Facial Recognition
News  |  8/7/2019  | 
The algorithms that check for a user's 'liveness' have blind spots that can lead to vulnerabilities.
Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says
News  |  8/7/2019  | 
Boeing disputes IOActive findings ahead of security firm's Black Hat USA presentation.
Mimecast Rejected Over 67 Billion Emails. Here's What It Learned
News  |  8/6/2019  | 
New research warns that security pros must guard against updates to older malware and more manipulative social-engineering techniques.
Ransomware Used in Multimillion-Dollar Attacks Gets More Automated
News  |  8/5/2019  | 
The authors of MegaCortex appear to have traded security for convenience and speed, say researchers at Accenture iDefense.
Microsoft Opens Azure Security Lab, Raises Top Azure Bounty to $40K
News  |  8/5/2019  | 
Microsoft has invited security experts to 'come and do their worst' to mimic cybercriminals in the Azure Security Lab.
Black Hat: A Summer Break from the Mundane and Controllable
Commentary  |  8/2/2019  | 
Enjoy the respite from the security tasks that await you back at home. Then prepare yourself for the uphill battles to come. Here's how.
8 Free Tools to Be Showcased at Black Hat and DEF CON
Slideshows  |  7/31/2019  | 
Expect a full slate of enterprise-class open source tools to take the spotlight when security researchers share their bounties with the community at large.
Black Hat Q&A: Cracking Apple's T2 Security Chip
News  |  7/30/2019  | 
Duo Labs Mikhail Davidow and Jeremy Erickson speak about their research on the Apples T2 security chip, and why theyre sharing it at Black Hat USA.
Black Hat Q&A: Inside the Black Hat NOC
News  |  7/26/2019  | 
Cybersecurity expert Bart Stump explains what its like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.
Security Training That Keeps Up with Modern Development
News  |  7/25/2019  | 
Black Hat USA speakers to discuss what it will take to 'shift knowledge left' to build up a corps of security-savvy software engineers.
How Cybercriminals Break into the Microsoft Cloud
News  |  7/22/2019  | 
Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.
Open Source Hacking Tool Grows Up
News  |  7/18/2019  | 
Koadic toolkit gets upgrades and a little love from nation-state hackers.
RDP Bug Takes New Approach to Host Compromise
News  |  7/18/2019  | 
Researchers show how simply connecting to a rogue machine can silently compromise the host.
DevOps' Inevitable Disruption of Security Strategy
News  |  7/9/2019  | 
Black Hat USA programming will dive into the ways DevOps-driven shifts in practices and tools are introducing both new vulnerabilities and new ways of securing enterprises.
Researchers Poke Holes in Siemens Simatic S7 PLCs
News  |  7/8/2019  | 
Black Hat USA session will reveal how they reverse-engineered the proprietary cryptographic protocol to attack the popular programmable logic controller.
7 Hot Cybersecurity Trends to Be Highlighted at Black Hat
Slideshows  |  7/8/2019  | 
Just some of the research and ideas worth checking out at this year's 'security summer camp.'
Black Hat Q&A: Understanding NSAs Quest to Open Source Ghidra
News  |  7/3/2019  | 
National Security Agency researcher Brian Knighton offers a preview of his August Black Hat USA talk on the evolution of Ghidra.
'Human Side-Channels': Behavioral Traces We Leave Behind
News  |  7/2/2019  | 
How writing patterns, online activities, and other unintentional identifiers can be used in cyber offense and defense.
Inside MLS, the New Protocol for Secure Enterprise Messaging
News  |  6/27/2019  | 
As personal messaging platforms see the rise of end-to-end encryption, businesses struggle to provide strong levels of security.
A Socio-Technical Approach to Cybersecurity's Problems
News  |  6/24/2019  | 
Researchers explore how modern security problems can be solved with an examination of society, technology, and security.
With GDPR's 'Right of Access,' Who Really Has Access?
News  |  6/19/2019  | 
How a security researcher learned organizations willingly hand over sensitive data with little to no identity verification.
Black Hat Q&A: Defending Against Cheaper, Accessible Deepfake Tech
News  |  6/13/2019  | 
ZeroFoxs Matt Price and Mike Price discuss their work researching cybersecurity responses to the rising tide of deepfake videos.
Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists
News  |  5/20/2019  | 
Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why its so important for tech experts to be actively involved in setting public policy.
Inside Cyber Battlefields, the Newest Domain of War
News  |  3/28/2019  | 
In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.
Security Firm to Offer Free Hacking Toolkit
News  |  2/27/2019  | 
CQTools suite includes both exploit kits and information-extraction functions, its developers say.
Whose Line Is It? When Voice Phishing Attacks Get Sneaky
News  |  2/27/2019  | 
Researchers investigate malicious apps designed to intercept calls to legitimate numbers, making voice phishing attacks harder to detect.
Toyota Prepping 'PASTA' for its GitHub Debut
News  |  2/14/2019  | 
Carmaker's open source car-hacking tool platform soon will be available to the research community.
Researchers Dig into Microsoft Office Functionality Flaws
News  |  2/13/2019  | 
An ongoing study investigating security bugs in Microsoft Office has so far led to two security patches.
New Zombie 'POODLE' Attack Bred from TLS Flaw
News  |  2/8/2019  | 
Citrix issues update for encryption weakness dogging the popular security protocol.
Security Matters When It Comes to Mergers & Acquisitions
Commentary  |  1/8/2019  | 
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.
The Coolest Hacks of 2018
News  |  12/28/2018  | 
In-flight airplanes, social engineers, and robotic vacuums were among the targets of resourceful white-hat hackers this year.
2018 In the Rearview Mirror
Commentary  |  12/20/2018  | 
Among this year's biggest news stories: epic hardware vulnerabilities, a more lethal form of DDoS attack, Olympic 'false flags,' hijacked home routers, fileless malware and a new world's record for data breaches.
'PowerSnitch' Hacks Androids via Power Banks
News  |  12/8/2018  | 
Researcher demonstrates how attackers could steal data from smartphones while they're charging.
Toyota Builds Open-Source Car-Hacking Tool
News  |  12/5/2018  | 
PASTA testing platform specs will be shared via open-source.
Windows 10 Security Questions Prove Easy for Attackers to Exploit
News  |  12/5/2018  | 
New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.
Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy
News  |  12/5/2018  | 
Nations must band together to face nation-state cyberattack threats, said Marina Kaljurand.
London Blue BEC Cybercrime Gang Unmasked
News  |  12/4/2018  | 
Security firm turned the tables on attackers targeting its chief financial officer in an email-borne financial scam.
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues
News  |  11/14/2018  | 
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data and are fearful of a near-term breach of critical infrastructure.
7 Cool New Security Tools to be Revealed at Black Hat Europe
Slideshows  |  11/12/2018  | 
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.