Event News, Articles and Updates

Report: Defcon 2017 to feature election hacking exhibition

The 2017 DEFCON conference will feature an exhibition area decided to hacking voting machines, according to a report Tuesday by Politico.

Survey: Hackers believe strongly in privacy... unless they're paid to crack passwords

Four out of five surveyed hackers agreed that Apple was right to refuse the FBI's request for a backdoor into the San Bernardino shooter's iPhone. Yet 52 percent said they would help the FBI crack an iPhone's password for a fee.

Advanced persistent threats are APT to be deceptive, devious

Brian Laing, VP of business development and products at APT defense firm Lastline, spoke to SCMagazine.com at Black Hat about the evolution of advanced persistent threats and some of their more devious tactics.

Cisco shedding 7% of its workforce

The world's biggest networking equipment company, Cisco Systems, will layoff about 5.5K employees.

Researcher warns of flaws in Samsung Pay tokenization and mag stripe features

A researcher claims to have found vulnerabilities in Samsung Pay's tokenization mechanism and its magnetic secure transmission (MST) technology that could allow hackers to steal users' tokens and make fraudulent purchases.

NATO cyber defense ambassador reflects on cyberwarfare's ethics

NATO's recent proclamation that cyberspace is an official domain of warfare, along with Russia's reported cyberaggressions against the U.S. and Ukraine, raises interesting questions about how one can responsibly manage cyberwarfare.

VIDEO: Web servers running on HTTP/2 found with multiple denial-of-service vulnerabilities

In an analysis of five separate manufacturers' web servers running on the new HTTP/2 protocol, cybersecurity firm Imperva found that all five were vulnerable to at least one of four high-profile denial-of-service vulnerabilities.

Making it rain in the desert: 'Shimming' demo makes next-generation ATM spit out cash

There would be a lot more happy-go-lucky gamblers in Vegas if ATMs would spit out hundreds of dollars the way Rapid7 made one do in a demo at Black Hat that showed new EMV chip technology is not hack-proof.

EFF: Kazakhstan targeting journalists and dissidents with Operational Manul spyware campaign

Kazakhstan is alleged to be targeting journalists and political dissidents and their families and associates through a cyberespionage campaign.

Automatic updates have greatest value proposition vs. attackers, says researcher

Of all the security technologies and initiatives introduced to defend against cyberattacks, automatic updates have the best value proposition - creating the most positive and widespread impact at the least cost to practitioners, according to Columbia University researchers.

VIDEO: Designer ransomware threats are in fashion with cybercriminals

Cybersecurity firm Sophos recently issued a warning that cyberthreats are becoming more localized in nature. At Black Hat, SCMagazine.com caught up with Sophos's John Shier to discuss these "designer" attacks.

Kaminsky: Infosec must innovate, or we may lose the Internet as we know it

Cybersecurity expert Dan Kaminsky called upon members of the information security community to more openly share innovations, ideas and code to preserve the Internet and its freedoms before they are "regulated into destruction."

Point-of-sale experts bypass security measures in popular PIN pad, including EMV protections

After physically demonstrating how to hijack retail point-of-sale transactions - including those using EMV-standard chip cards - two security experts from NCR Corporation offered attendees at Black Hat critical tips on preventing such incidents in real life.

Report: Majority of BEC scams reported to FBI had funds wired to China and Hong Kong

Eighty-three percent of fraudulent money transfers reported to the FBI as the result of business email compromise scams are wired to banks in China and Hong Kong, CNN reported, following an FBI presentation at the International Conference on Cyber Security.

TSA master key hackers expose dangers of physical and digital key escrow policies

The hackers responsible for reproducing seven master keys used by the TSA to open locks commonly placed on luggage have now duplicated an eighth key in an effort to demonstrate the dangers of digital key escrow policies.

ISA presents 12-step cybersecurity program at RNC cyber forum

ISA President Larry Clinton urged lawmakers to treat cybersecurity "with a greater sense of urgency," saying in a release that the economics of cybersecurity need to be better integrated into policies.

Cyber needs to speak language of the C-suite

Communicating with the C-suite depends in part of creating a language they understand and identifying company assets that are most important, panelists told an SC Congress Toronto audience.

SC Congress Amsterdam 2016 is TODAY!

SC Congress Amsterdam 2016 opens it's doors today to some of Europe's finest information security practitioners. Check the sessions below and make sure to tweet @scmagazineuk using the #SCAMST hashtag if you have any questions for the speakers!

Vulnerability scanners plagued with false positives, but still have value

Automated vulnerability scanners generate large quantities of false positives, resulting in a drain on resources as security engineers chase down bad leads.

Cybersecurity laws needed, FTC exercises authority, AALS panel notes

A panel of experts at the Association of American Law School conference, that included the FTC's Lesley Fair, discussed how the law can and should respond to data breaches.

SC Boston: Security needs to be part of risk model

When security is built into an organization's risk model it can shift the relationship between the board and information security pros from adversarial to advisory, members of a panel at SC Congress Boston said Thursday.

SC Congress Boston: Impact of Massachusetts privacy law

Companies are struggling with privacy regulations, perhaps no more so than in Massachusetts.

SC Video: Encryption complicated, misunderstood but necessary

Encryption is complicated and "pretty misunderstood," Miller Newton, president and CEO at PKWare, told SCMagazine.com Monday at a National Cyber Security Association conference held at Nasdaq.

IoT security forcing business model changes, panel says

To secure the Internet of Things and to build trust with customers, the way that vendors approach manufacturing, distributing and supporting devices and solutions must change.

SCNY: IoT data exhaust creates security challenge, not too late to address

The information and knowledge generated by the millions of devices on the Internet of Things are creating a kind of data exhaust that could give rise to security challenges, a panel told attendees Tuesday during an SC Congress New York keynote address.

IoT exploding, industry has opportunity to secure

The number of Internet of Things (IoT) devices is poised to be catapulted into the stratosphere over the next couple of years and the security industry has great opportunity to secure them, according to Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA).

DEF CON 23: Aerial Assault shows airborne network invader

Aerial Assault displayed a drone at DEF CON 23 equipped to fly to and then hack into a corporate network.

Stephen Scharf named DTCC's first CSO

As Stephen Scharf moves into newly created CSO position at DTCC, global CISO Mark Clancy assumes helm as CEO at Soltra.

EFF to host DefCon 23 badge hacking contest

The Electronic Frontier Foundation (EFF) has announced its first DEF CON 23 Badge Hack Contest.

FTC launches 'Start With Security' initiative

The Federal Trade Commission will share lessons learned from the 54 data security cases it has brought as part of its "Start With Security" program.