Articles about black hat

Switch

Homebrew crypto SNAFU on electrical grid sees GE rush patches

Updated General Electric is pushing patches for protection relay bugs that, if exploited, could open up transmission systems to a grid-scale attack. The company hasn't published much by way of detail, but spoke to Reuters after this Black Hat abstract was published (the talk will be delivered to the July conference in Les Vegas). The …
Samsung Pay

Samsung: Hackers can't pwn our NFC payment kit. No way, nuh-uh, not true (Well, OK, maybe)

A war of words has broken out after a security researcher claimed last week that Samsung's contactless mobile payment system is vulnerable to skimming and spoofing attacks. In talks at both the Black Hat and DEF CON security conferences, held last week in Las Vegas, Salvador Mendoza claimed that he was able to intercept a …
Iain Thomson, 10 Aug 2016
Image by Maksim Kabakouhttp://www.shutterstock.com/pic-362745248/stock-photo-privacy-concept-broken-shield-on-wall-background.html

Stealthy malware infects digitally-signed files without altering hashes

Black Hat Deep Instinct researcher Tom Nipravsky has undermined the ubiquitous security technique of digitally-signed files by baking malicious code into headers without tripping popular security tools. Nipravsky inserted malicious code into the small header attribute certification table field which contains information about digital …
Darren Pauli, 8 Aug 2016

Kazakhstan accused of hacking journos, activists by EFF

Black Hat The Electronic Frontier Foundation (EFF) has accused the Kazakhstan Government of sending malware-laced phishing emails to two investigative journalists in the country, along with activists, and family members to help spy, locate and extradite targets. The group revealed their detailed technical findings at the Black Hat …
Darren Pauli, 5 Aug 2016
image by Leonardo Gonzalez http://www.shutterstock.com/gallery-650461p1.html

Hackers unleash smart Twitter phishing tool that snags two in three users

Black Hat Twitter scammers have a new weapon with the release of an effective spear phishing tool that lands a victim almost two thirds of the time, dwarfing the usual five-to-fifteen-per-cent-open-rate for spam tweets. The SNAP_R machine learning spear phishing Twitter bot is a data-driven menace unleashed at the Black Hat security …
Darren Pauli, 5 Aug 2016

How the HTTPS-snooping, email addy and SSN-raiding HEIST JavaScript code works

Black Hat Malicious ads can potentially masquerade as people online and grab their personal information from HTTPS-protected websites, two boffins have shown. The technique is dubbed HEIST – HTTP Encrypted Information can be Stolen through TCP-Windows – and it was devised by Tom Van Goethem and Mathy Vanhoef, both PhD researchers at the …
Iain Thomson, 5 Aug 2016
Ivan Krstić

Apple joins the bug bounty party with $200,000 top prize

Black Hat Security researchers can win up to US$200,000 in Apple's new bug bounty program, announced by the company on Thursday at the Black Hat security convention in Las Vegas. “We’ve had great help from researchers like you and the security mechanisms we build have gotten stronger,” said Apple’s head of security engineering and …
Iain Thomson, 5 Aug 2016
Miller and Valasek

Jeep hackers: How we swerved past Chrysler's car security patches

Black Hat Last year, the Black Hat presentation by Charlie Miller and Chris Valasek caused Chrysler to recall 1.4 million vehicles to install a software update after they proved they could remotely hack Jeeps. This year, in Las Vegas, the pair showed us how to defeat that update. The dynamic duo praised Chrysler's efforts to secure …
Iain Thomson, 4 Aug 2016
pwnie

Top infosec top bods praise and damn in Pwnie Awards

Black Hat It’s Black Hat time and that means the Pwnie Awards ceremony, honoring the highlights and bottom feeders of the IT security industry. The ceremony - which hands out gold and technicolored toy ponies that would make a brony salivate - was held on Wednesday night at the Black Hat convention in Las Vegas. The judges that included …
Iain Thomson, 4 Aug 2016

Hackers detail the blood and guts of the 2016 Pwn2Own exploit expo

Black Hat Zero Day Initiative researchers have detailed the winning hacks of this year's Pwn2Own competition, painting a picture of broken browsers and owned systems. The quartet of Matt Molinyawe, Abdul-aziz Hariri, Jasiel Spelman, and Jason Smith of Trend Micro's Zero Day Initiative vulnerability clearing house detailed and …
Darren Pauli, 4 Aug 2016
spy_eye_648

Users of secure chat app Telegram popped after possible nation-state attack

Black Hat An attack group known for rudimentary phishing scams and having operational security so bad their servers were popped by Check Point has compromised a dozen Telegram accounts and gained phone numbers for a further 15 million, possibly with state assistance. Telegram is a well-regarded end-to-end encrypted chat client used by …
Darren Pauli, 4 Aug 2016

Forget security training, it's never going to solve Layer 8 (aka people)

Black Hat Research by German academics has shown there's very little that can be done to prevent people spreading malware by clicking on dodgy links in messages, particularly where Facebook is involved. In a presentation at Black Hat 2016 in Las Vegas today, Zinaida Benenson, leader of the Human Factors in Security and Privacy Group at …
Iain Thomson, 3 Aug 2016

Black Hats control Jeep's steering, kill brakes

Black Hat video Car hackers Charlie Miller and Chris Valasek have again hacked a 2014 Jeep Cherokee, this time by physically linking a laptop to commandeer its steering and kill the brakes. The duo have captured the hack to be presented at Black Hat Las Vegas this week in video proof-of-concept demonstrations. The compromise requires …
Darren Pauli, 2 Aug 2016

Google, Facebook's CAPTCHAs vanquished by security researchers

Black Hat Asia Google's and Facebook's CAPTCHA services have been defeated in research that successfully designed an automated system to solve the "are-you-human?" verification challenges. CAPTCHAS are designed to make life easier for trusted users and painful for bots, by presenting challenges that are difficult for software to crack. …
Darren Pauli, 7 Apr 2016

Hackers demo persistent, quiet attacks through Windows DSC

AUDIO from Black Hat Asia Forensics men Matt Hastings and Ryan Kazanciyan have flipped the Windows Desired State Configuration (DSC) into a covert persistence mechanism and weapon in a new attack vector to own Windows boxes. The Tanium security duo released the DSCompromised framework of Powershell scripts and modules that help attackers use DSC, while …
Darren Pauli, 5 Apr 2016

Spies rejoice! Gmail, Facebook Messenger BREACHed once again

Black Hat Asia Research pair Dimitris Karakostas and Dionysis Zindros have upgraded their attack (codenamed BREACH) that pierces the web's most common ciphers, and released a framework to help well-heeled hackers and state-sponsored spies spy on the likes of Facebook and Gmail. At Black Hat Asia, the pair demonstrated once again how secure …
Darren Pauli, 4 Apr 2016

Top Firefox extensions can hide silent malware using easy pre-fab tool

Black Hat Asia The most popular Firefox extensions with millions of active users are open to attacks that can quietly compromise machines and pass Mozilla's automated and human security tests. The extension reuse attacks exploit weaknesses in the structure of Firefox extensions such that malicious activity can be hidden behind legitimate …
Darren Pauli, 4 Apr 2016

Hacker reveals $40 attack that steals police drones from 2km away

Black Hat Asia IBM security guy Nils Rodday says thieves can hijack expensive professional drones used widely across the law enforcement, emergency, and private sectors thanks to absent encryption in on-board chips. Rodday says the €25,000 (US$28,463, £19,816, AU$37,048) quadcopters can be hijacked with less than $40 of hardware, and some …
Darren Pauli, 1 Apr 2016

Create a news alert about black hat, or find more stories about black hat.

Biting the hand that feeds IT © 1998–2018