Security News

Photos: Black Hat USA 2023
2023-08-11 04:40

Black Hat USA 2023 returned to the Mandalay Bay Convention Center in Las Vegas and Help Net Security was on-site. The conference featured over 100 selected Briefings, open-source tool demos in the...

CrowdStrike at BlackHat: Speed, Interaction, Sophistication of Threat Actors Rising in 2023
2023-08-10 22:57

As attackers focus on political ends, big payouts, threat hunters need to focus on identity intrusions, access merchants and tactics enabling fast lateral movement. Adversary breakout time - the time it takes a threat actor to zipline from the initial point of entry into a network - hit an average all-time low of 79 minutes, down from 84 minutes last year, with the fastest breakout of the year coming in at a record of seven minutes.

Black Hat 2023 Keynote: Navigating Generative AI in Today’s Cybersecurity Landscape
2023-08-10 20:31

Discover the challenges that AI will bring to the cybersecurity industry and the opportunities and future implications of cybersecurity in an AI-dominated world.

One month after Black Hat disclosure, HP's enterprise kit still unpatched
2022-09-13 08:30

Multiple high-severity firmware bugs in HP enterprise computers remain unpatched, some more than a year after Binarly security researchers disclosed the vulnerabilities to HP and then discussed them at the Black Hat security conference last month. HP is "Aware of potential SMM vulnerabilities reported by Binarly," according to a spokesperson, who directed The Register to a security alert from March that addressed one of the bugs.

Shout-out to whoever went to Black Hat and had North Korean malware on their PC
2022-08-25 09:24

The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents. Of course, not all of the malware detected at Black Hat is intended to infect devices and perform nefarious acts - some of it stems from simulated attacks in classrooms and on the show floor.

Black Hat and DEF CON Roundup
2022-08-15 13:56

There was nothing typical this year at BSides LV, Black Hat USA and DEF CON - also known collectively as Hacker Summer Camp. Video conferencing darling Zoom was highlighted at DEF CON by Patrick Wardle, founder of the Objective-See Foundation, for a hacking technique that allowed him, using the macOS version of Zoom, to elevated privileges and gain access to the entire macOS operating system.

Black Hat and DEF CON visitors differ on physical risk management
2022-08-15 04:58

As last week's hacker summer camps would down it's clear that attendee numbers are still well down on the pre-COVID days, although things are recovering. Risk management is a key tenet of security and there was much discussion in the weeks and months before the shows about whether flying into Las Vegas and spending a week in crowded hotels was worth the risk.

Week in review: Cisco hacked, Kali Linux 2022.3 released, Black Hat USA 2022
2022-08-14 08:00

Kali Linux 2022.3 released: Packages for test labs, new tools, and a community Discord serverOffensive Security has released Kali Linux 2022.3, the latest version of its popular penetration testing and digital forensics platform. Cisco has been hacked by a ransomware gangU.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site.

Ukraine's cyber chief comes to Black Hat in surprise visit
2022-08-13 10:00

Online attacks against Ukraine were a common tactic in the leadup to Russia's invasion of the country in late February he said. James Kettle, director of research at PortSwigger, demonstrated a new method of HTTP request smuggling at Black Hat that allowed him to compromise Apache servers, break into Akamai and Amazon, and compromise multiple web VPNs. The trick lies in browser-powered desync attacks, which get around limitations of traditional methods that only allow them to work on websites that use a front-end/back-end architecture.

Starlink satellite dish cracked on stage at Black Hat
2022-08-12 22:40

A security researcher has shown how to, with physical access at least, fully take over a Starlink satellite terminal using a homemade modchip. Lennert Wouters, a researcher at the KU Leuven University in Belgium, walked through his methodology during a talk at Black Hat in Las Vegas this week.