A recent study found that the number of attacks during the two conferences increased to about 130 times the usual amount.
The Cybersecurity Act of 2012 was defeated in the Senate, FinFisher spyware analyzed, nation-state-created espionage malware Gauss, and other breaking security news
To get a better understanding of how the show is shaping up, we caught up with Trey Ford, the newly appointed general manager of Black Hat, who discussed his transformation from booth babe to conference organizer, how the numbers stack up this year, which sessions are on his can't-miss list and why the parties are just as important to attend as daytime talks.
The chairs of the five conference tracks taking place later this month at the Black Hat show in Las Vegas took some time Thursday to discuss some of the more riveting sessions that are planned.
Man, myth and the media in the internet age.
Security researcher Dillon Beresford speaks to the press at the Black Hat conference in Las Vegas following his presentation which demonstrated how to hack into Siemens industrial control systems. Beresford specifically uncovered "replay attack" vulnerabilities in programmable logic controllers, or PLCs, which are used in organizations such as power plants to automate processes. He told the media that part of his motivation for the research was to debunk conventional thinking that SCADA attacks require deep pockets. This week, ICS-CERT issued an advisory warning of the bugs in the Berlin-based Siemens products.
A Type 1 diabetic said Thursday that hackers can remotely change his insulin pump to levels that could kill him.
Couldn't make it to Black Hat? Don't worry -- we've got you covered with what's making news.
The DoD's Cyber Fast Track initiative will fund small hacker groups and independent researchers in the development of cutting-edge solutions that can be created in short intervals for a low cost.
Two researchers have found a way to take traditional cross-site scripting attacks to a whole new level by attacking vulnerable Google Chrome extensions.
Two researchers demonstrated Wednesday how they were able to send commands via a laptop to unlock the doors of a Subaru Outback and actually start the car.
Former CIA counter-terror official Cofer Black negotiated a pulled fire alarm to warn conference attendees of the risk posted by cyber.
Microsoft is breaking out the piggy bank to incentivize researchers to develop advanced technologies to defend Windows and the applications that run on top of the world's most popular operating system.
With the highly anticipated Black Hat and DEFCON hacker conferences set to hit Las Vegas, founder Jeff Moss took some time from his busy schedule to explain why this year's events have a particular buzz to them. He discussed which presentations are on his itinerary, why public vulnerability disclosures are a dying breed, what you need to do to keep your computer secure at the shows and why one particular Wednesday night party has him ready to rock. If you're heading to the desert, you won't want to miss this podcast.
Jeff Moss, a hacker and the founder of the Black Hat and DEFCON conferences, on Thursday was named chief security officer of the Internet Corp. for Assigned Names and Numbers (ICANN), an internet governance organization that oversees the domain name system and ensure domain names map to the correct IP addresses. Known in hacker circles as "Dark Tangent," Moss was hired for his "insider's knowledge that can only come from fighting in the trenches in the ongoing war against cyberthreats," said Rod Beckstrom, ICANN's president and CEO. Moss will continue his involvement with Black Hat in the new role of conference chairman.
There's an old adage in sports that defense wins championships. The information security industry may need to become more familiar with it.
Anti-virus companies and active malware research: a conflict of interest?
Mozilla has patched two vulnerabilities relating to the way browsers interact with SSL certificates. The flaws, which potentially could permit man-in-the-middle attacks, were disclosed by two researchers, Dan Kaminsky and Moxie Marlinspike, in separate presentations at last week's Black Hat conference in Las Vegas. Marlinspike showed how a heap overflow bug could be exploited to present a specially crafted SSL certificate to the user, while Kaminsky revealed a way to obtain a certificate that would work on a victim site. Users are encouraged to download the latest version of Firefox 3.5. — DK
A much hyped SMS vulnerability in the Apple iPhone has been fixed -- one day after details of the bug were presented at the Black Hat conference in Las Vegas.
By making a simple change, a fake SSL certificate can be created and used to persuade users that it is safe to enter their credit card information on a merchant site.
Parking meters -- long thought of as being only susceptible to physical vandalism -- are starting to face the same digital threats as any hardware, a trio of researchers said Thursday.
One single malicious text message can knock an iPhone offline, a pair of researchers disclosed Thursday.
A newly revealed banking trojan is considered one of the biggest threats on the internet because of the way it can quickly spread.
The widely anticipated federal cybersecurity coordinator will provide some help, but is unlikely to be a silver bullet for what digitally ails the nation, a Black Hat panel said Wednesday.
Efforts to reduce security vulnerabilities seem to be paying off, but IT administrators are not paying enough attention to application bugs, a CTO said Wednesday at the Black Hat conference in Las Vegas.
Accountability for IT security shortfalls must extend beyond the security team, a panel of CSOs said Wednesday at the Black Hat conference in Las Vegas.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- The Internet of Things (IoT) will fail if security has no context
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards