Evil PLC” is what the researchers believe is a novel attack scenerio: infecting whichever engineer communicates with a PLC with malicious code. As a proof of viability, Claroty published a set of 11 new vendor-specific vulnerabilities that would allow for the attack.

Researchers at Eclypsium presented three new vulnerabilities in SecureBoot certified bootloaders affecting multiple processors up and down the supply chain, including ARM and x86 processors

Two months ago, this was supposed to be the back-to-normal Black Hat and DefCon. Then a COVID outbreak at RSAC happened. Would Vegas be worth it? SC Media's Joe Uchill did go, and spoke to attendees about their own decision to attend and whether the fear (again) of the hacker conference becoming (another) spreader event impacted the experience.

At the Black Hat conference on Wednesday, the chair of the Cyber Safety Review Board said its initial review of the Log4j vulnerability “proved the concept” behind the board’s work and promised more action in the coming months.

Society at large is getting more vulnerable and less capable of safely navigating the complex cybersecurity landscape, said former CISA Director Chris Krebs at the Black Hat hacker conference in Las Vegas.

SC Media caught up with the chief research officer at Finnish cybersecurity firm WithSecure to hear what risk might look like as rapid increases in computing power usher in an era of building "with no restrictions."

An analysis released by CyCognito found a stark difference between companies that rushed to identify and close off assets that were exposed to the corrupted Apache code early, and those that did not.

The company’s pen testing group jammed the new research and reconnaissance tools into SCMKit, an attack simulation toolkit unveiled at Black Hat.