Articles about black hat

Hackers demo persistent, quiet attacks through Windows DSC

AUDIO from Black Hat Asia Forensics men Matt Hastings and Ryan Kazanciyan have flipped the Windows Desired State Configuration (DSC) into a covert persistence mechanism and weapon in a new attack vector to own Windows boxes. The Tanium security duo released the DSCompromised framework of Powershell scripts and modules that help attackers use DSC, while …
Darren Pauli, 5 Apr 2016

Spies rejoice! Gmail, Facebook Messenger BREACHed once again

Black Hat Asia Research pair Dimitris Karakostas and Dionysis Zindros have upgraded their attack (codenamed BREACH) that pierces the web's most common ciphers, and released a framework to help well-heeled hackers and state-sponsored spies spy on the likes of Facebook and Gmail. At Black Hat Asia, the pair demonstrated once again how secure …
Darren Pauli, 4 Apr 2016

Top Firefox extensions can hide silent malware using easy pre-fab tool

Black Hat Asia The most popular Firefox extensions with millions of active users are open to attacks that can quietly compromise machines and pass Mozilla's automated and human security tests. The extension reuse attacks exploit weaknesses in the structure of Firefox extensions such that malicious activity can be hidden behind legitimate …
Darren Pauli, 4 Apr 2016

Hacker reveals $40 attack that steals police drones from 2km away

Black Hat Asia IBM security guy Nils Rodday says thieves can hijack expensive professional drones used widely across the law enforcement, emergency, and private sectors thanks to absent encryption in on-board chips. Rodday says the €25,000 (US$28,463, £19,816, AU$37,048) quadcopters can be hijacked with less than $40 of hardware, and some …
Darren Pauli, 1 Apr 2016

Android's unpatched dead device jungle is good for security

Black Hat Asia Android's diverse and oft un-patched ecosystem is a strength, not a weakness. So says says Dino Dai Zovi, security lead at mobile payments outfit Square, because he feels diversity makes criminal hackers work harder. Android variants are a dime a dozen, thanks to customisations used to get the OS running on myriad phones and …
Darren Pauli, 31 Mar 2016
botnet

Alleged Ukrainian botnet herder faces 43 years after Italian job snafu

A Ukrainian man extradited from Italy has gone on trial in New Jersey accused of running a botnet and dealing in stolen credit cards. "Vovnenko commandeered thousands of computers to create a virtual army of hacked computers that he and his conspirators used to break into other networks and steal valuable information," US …
Iain Thomson, 13 Oct 2015
White Hat for Hackers by Zeevveez, Flickr under CC2.0

Ten years after the sellout, Black Hat is solidly corporate and that’s fine

Analysis When Jeff Moss sold the Black Hat security conference to CMP a decade ago for around $13m (£8.3m), he faced a barrage of abuse from some members of the hacker community as a sellout. They were a little bit right, and a lot wrong, as this year's cons have shown. Black Hat was always supposed to be a little bit corporate anyway …
Iain Thomson, 11 Aug 2015

Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it

Black Hat In-Depth A design flaw in Intel's processors can be exploited to install malware beneath operating systems and antivirus – making it tough to detect and remove. "It's a forgotten patch to a forgotten problem, but opens up an incredible vulnerability," said Christopher Domas, a security researcher with the Battelle Memorial Institute, …
Iain Thomson, 11 Aug 2015
Bookshelf in the British Library basement

Borg blacklist assimilates Cryptolocker domain name generators

Cisco has developed a means to accurately identify the fleeting pop-up domains used by some of the world's worst malware. The platform builds a reputation score that is in part based on word sources including more than 60 dictionaries, Census data and Alexa top 1000 domains. Using multiple sources helps to identify the …
Darren Pauli, 10 Aug 2015
Android icon desktop toys

HTC caught storing fingerprints AS WORLD-READABLE CLEARTEXT

Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max. The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open "world readable" folder. "Any …
Darren Pauli, 10 Aug 2015
Katherine Archuleta

Ransacked US OPM wins Pwnie Award for 'Most EPIC Fail'

Black Hat 2015 For the past nine years Black Hat has staged its Pwnie Awards, devoted to recognizing the best and worst aspects of computer security, and this year's winner of the least welcome award is the US government's Office of Personnel Management. The OPM won in the "Most EPIC Fail" category after hackers, possibly from the Chinese …
Iain Thomson, 6 Aug 2015

How the Arab Spring blew the lid off the commercial spyware

Black Hat 2015 When Middle Eastern governments fell in the Arab Spring uprisings, one of the side effects was that hard evidence of dodgy practices by commercial spyware vendors was made public. Unfortunately, the result is putting us all at risk. Documents uncovered when the Mubarak regime fell showed that the Egyptians had bought …
Iain Thomson, 6 Aug 2015

Hacker-friendly Chrysler hauled into court for class-action showdown

Black Hat 2015 Fiat Chrysler is facing a class-action lawsuit in the US after researchers proved they could wirelessly snatch control of the engine management systems in some of its vehicles. The lawsuit, filed in the southern district of Illinois, claims Chrysler knew the networking systems in its cars were insecure. The motoring giant …
Iain Thomson, 6 Aug 2015
Sim card

Researchers look sideways to crack SIM card AES-128 encryption

Black Hat 2015 In February, whistleblower Edward Snowden revealed that the NSA and GCHQ hacked one of the world’s biggest SIM card manufacturers to clone cards and crack encryption, but research revealed at Black Hat shows they needn’t have bothered. Yu Yu (yes, that is my real name, he joked) is a research professor with Shanghai Jiao Tong …
Iain Thomson, 6 Aug 2015
Jeff Moss

IT security staff have a job for life – possibly a grim, frustrating life

Black Hat 2015 Speaking at the opening of the 18th Black Hat security conference, its founder Jeff Moss warned the assembled throng that while they might have job security, they weren't going to have fun in the next decade. "We are all employed for life," Moss said. "It's interesting, I see problems and challenges and on one hand am really …
Iain Thomson, 5 Aug 2015
Sad Android

Got an Android phone? SMASH IT with a hammer – and do it NOW

Android smartphones can be secretly infected by malware smuggled in via video text messages, allowing criminals to sneak inside as many as 950 million devices. You just need to know a victim's cellphone number to silently inject malicious software in their vulnerable gizmo. Once infected, your mobe's camera and mic can be used …
Iain Thomson, 27 Jul 2015

Black Hat 2015: 32 SCADA, mobile zero-day vulns will drop

Gird your loins, admins; researchers are set to drop 32 zero-day vulnerabilities at the Black Hat hacking fest in Las Vegas in August. The vulnerabilities have not been disclosed but they will affect mobile devices and Supervisory Control and Data Acquisition (SCADA) systems among other platforms. "We have 32 different zero- …
Darren Pauli, 21 Jul 2015
USB tampon

FLASH drive ... Ah-aaaaaah! BadUSB no saviour to plug and play Universe

The seriousness of a USB security weakness, which could potentially allow hackers to reprogram USB drives, has been ratcheted up a notch, with the release of prototype code. Researchers Karsten Nohl and Jakob Lell, from German security skunkworks SR Labs, demonstrated how it might be possible to reprogram the firmware within …
John Leyden, 3 Oct 2014

Create a news alert about black hat, or find more stories about black hat.

Biting the hand that feeds IT © 1998–2018