Security News

Black Hat USA 2023 returned to the Mandalay Bay Convention Center in Las Vegas and Help Net Security was on-site. The conference featured over 100 selected Briefings, open-source tool demos in the...

As attackers focus on political ends, big payouts, threat hunters need to focus on identity intrusions, access merchants and tactics enabling fast lateral movement. Adversary breakout time - the time it takes a threat actor to zipline from the initial point of entry into a network - hit an average all-time low of 79 minutes, down from 84 minutes last year, with the fastest breakout of the year coming in at a record of seven minutes.

Discover the challenges that AI will bring to the cybersecurity industry and the opportunities and future implications of cybersecurity in an AI-dominated world.

Multiple high-severity firmware bugs in HP enterprise computers remain unpatched, some more than a year after Binarly security researchers disclosed the vulnerabilities to HP and then discussed them at the Black Hat security conference last month. HP is "Aware of potential SMM vulnerabilities reported by Binarly," according to a spokesperson, who directed The Register to a security alert from March that addressed one of the bugs.

The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents. Of course, not all of the malware detected at Black Hat is intended to infect devices and perform nefarious acts - some of it stems from simulated attacks in classrooms and on the show floor.

There was nothing typical this year at BSides LV, Black Hat USA and DEF CON - also known collectively as Hacker Summer Camp. Video conferencing darling Zoom was highlighted at DEF CON by Patrick Wardle, founder of the Objective-See Foundation, for a hacking technique that allowed him, using the macOS version of Zoom, to elevated privileges and gain access to the entire macOS operating system.

As last week's hacker summer camps would down it's clear that attendee numbers are still well down on the pre-COVID days, although things are recovering. Risk management is a key tenet of security and there was much discussion in the weeks and months before the shows about whether flying into Las Vegas and spending a week in crowded hotels was worth the risk.

Kali Linux 2022.3 released: Packages for test labs, new tools, and a community Discord serverOffensive Security has released Kali Linux 2022.3, the latest version of its popular penetration testing and digital forensics platform. Cisco has been hacked by a ransomware gangU.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site.

Online attacks against Ukraine were a common tactic in the leadup to Russia's invasion of the country in late February he said. James Kettle, director of research at PortSwigger, demonstrated a new method of HTTP request smuggling at Black Hat that allowed him to compromise Apache servers, break into Akamai and Amazon, and compromise multiple web VPNs. The trick lies in browser-powered desync attacks, which get around limitations of traditional methods that only allow them to work on websites that use a front-end/back-end architecture.

A security researcher has shown how to, with physical access at least, fully take over a Starlink satellite terminal using a homemade modchip. Lennert Wouters, a researcher at the KU Leuven University in Belgium, walked through his methodology during a talk at Black Hat in Las Vegas this week.