Articles about blackhat

Image: Blackhat

Meet the chaps who run the Black Hat NoC and let malware roam free

Black Hat Neil Wyler and Bart Stump are responsible for managing what is probably the world’s most-attacked wireless network. The two friends, veterans among a team of two dozen, are at the time of writing knee deep in the task of running the network at Black Hat, the security event where the world reveals the latest security messes. …
Darren Pauli, 1 Aug 2016

Medical data, staff creds exposed as scores of apps bork the backend

Blackhat Europe And still we fail to learn: a quintet of researchers has found that the bad practice of writing keys into code persists among some of the world's most popular Android and iOS applications. The researchers say the hard-coded credentials can be easily extracted to gain access and manipulate millions of sensitive individual and …
Darren Pauli, 17 Nov 2015

BitLocker popper uses Windows authentication to attack itself

Blackhat Europe Synopsys security boffin Ian Haken says un-patched PCs in enterprises are at risk of having user accounts popped and Bitlocker bypassed, in an attack he describes as "trivial" to perform. The attack vector, sealed off in the latest round of Redmond patches (MS15-122), affect those Windows machines that are part of network …
Darren Pauli, 17 Nov 2015
Scatter plot of random numbers

Random numbers aren't, says infosec boffin

The randomness (or rather, lack thereof) of pseudo-random number generators (PRNGs) is a persistent pain for those who work at the low layers of cryptography. Security researcher Bruce Potter, whose activity in the field stretches back more than a decade, when he demonstrated war-driving using Bluetooth, says problems both in …

Hack like HammerToss: Students spin social media into data siphons

A sextet of security students have released a tool that spins social media networks into stealthy data siphons, a technique already in use by an elite Russian hacking group. The tool released at BSides Las Vegas this week helps hackers emulate the data pillaging tactics of the HammerToss crime group. FireEye last week …
Darren Pauli, 7 Aug 2015

Crackpot hackpots pop top of GasPots

Blackhat 2015: Trend Micro researchers Kyle Wilhoit and Stephen Hilt believe they've found attackers actively seeking to hack and shut down petrol stations. The duo from the forward-looking research team find the attacks by establishing simulated petrol station monitoring systems around the world as honeypots. Wilhoit and Hilt had earlier …
Darren Pauli, 7 Aug 2015

Slippery Windows Updates' SOAP bubbles up SYSTEM priveleges

Blackhat 2015: Microsoft has bungled Windows Server Update Services (WSUS), according to hackers Paul Stone and Alex Chapman, with insecure defaults that let them hijack OS updates. Attackers that have previously gained admin privilege on a target system can elevate themselves to system-level access by skipping the normal signed update …
Darren Pauli, 7 Aug 2015
Imperva switcher attack illustration

Imperva demos cloudy man-in-the-middle attack

Dropbox, OneDrive, Google Drive, and Box can be raided via a man-in-the-middle attack, without an attacker needing access to users' plaintext credentials, according to security bods at Imperva. Instead, in this paper [PDF] presented to BlackHat, the company's Application Defense Center says users' local sync folders serve just …
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

Global cybercrime fraud boss ran secret pro-Moscow intel sorties

Black Hat 2015 The elusive head of one of the world's most successful online criminal gangs wanted by the FBI was quietly using the Gameover Zeus banking trojan for political espionage inline with Russian interests and may have the protection of Moscow, researchers contend. Evgeniy Mikhailovich Bogachev, better known online as Slavik, has …
Darren Pauli, 6 Aug 2015

Chinese gang shoots down aerospace security with MSFT flaws

Black Hat 2015 An alleged Chinese advanced hacking group has been found cherry-picking data from high-profile governments and corporations, p0wning many within six hours according to Dell researchers. The group, codenamed TG-3390 or Panda Emissary, is thought to operate from China and have an appetite for defence-related aerospace projects …
Darren Pauli, 6 Aug 2015

White hat finds vulnerability in white box switches

Black Hat 2015 The Open Networking Install Environment (ONIE) provides a gateway for black hats to compromise software-defined network (SDN) environments, says a white hat presenter at this week's BlackHat USA 2015. The problem, according to Hellfire Security's Gregory Pickett, is that it's too easy for an attacker with root access to the …
Adrian Ludwig

Biggest security update in history coming up: Google patches Android hijack bug Stagefright

Black Hat 2015 For those of you worried about the Stagefright flaw in Android, be reassured, a patch will be coming down the line in the next few days. "My guess is that this is the single largest software update the world has ever seen," said Adrian Ludwig, lead engineer for Android security at Google. "Hundreds of millions of devices are …
Iain Thomson, 5 Aug 2015

Terracotta: The Chinese VPN that hides Beijing's hackers with pwned biz

BlackHat A China-based virtual private network (VPN) provider is powering some of the world's most capable hacking crews by selling infrastructure access stolen from at least 30 hacked businesses, RSA says. The company, which RSA codenamed 'Terracotta VPN', claims to have 1500 mostly-Windows nodes from 300 organisations distributed …
Darren Pauli, 5 Aug 2015

OS X remote malware strikes Thunderbolt, hops hard drive swaps

BlackHat video Researchers Trammel Hudson and Xeno Kovah have built a self-replicating Apple firmware malware that can infect peripherals to spread to new computers. The ThunderStrike 2 malware is the second iteration of the attack forged earlier this year and liberates the requirement for attackers to have physical access to machines. …
Darren Pauli, 4 Aug 2015
Blackhat

Blackhat: Michael Mann brings an informed cybercrime yarn to the silver screen

Film review You don’t expect much from a storyline that reads like a cyber remake of the cheesy classic The Rock – crime happens and only dastardly criminal taken out of lock-up by the Feds can stop it. But director Michael Mann has turned out a pretty decent thriller in Blackhat, even if it does take itself a little too seriously. For a …
Hemsworth in Blackhat

Hollywood vs hackers: Vulture cracks Tinseltown keyboard cornballs

A lot of exciting things are happening online right now. Eye-boggling blocks of code are presently being distilled into art, pornography and weapons of war, and making that distillation look exciting on film would be a challenge for film-makers who thoroughly understood the world of IT. And, if we’ve learned anything from the …
Michael Moran, 15 Jan 2015
Tor

Black Hat anti-Tor talk smashed by lawyers' wrecking ball

Boring Carnegie-Mellon University lawyers have scuppered one of the most hotly anticipated talks at the Black Hat conference – which would have explained how $3,000 of kit could unmask Tor hidden services and user IP addresses. The university did not say why it torpedoed the accepted talk, triggering speculation that it feared …
Darren Pauli, 22 Jul 2014
The Register breaking news

Security bods boycott DEF CON over closed door for feds

At least one group of researchers is pulling out of DEF CON in protest at the decision to tell federal agents to stay away from the annual hacking convention. Jeff Moss, the US government security advisor who founded the DEF CON and BlackHat, urged federal agents to stay away from DEF CON in Vegas next month. G-Men were …
John Leyden, 15 Jul 2013

Create a news alert about blackhat, or find more stories about blackhat.

Biting the hand that feeds IT © 1998–2017