Security News

Hackers use black hat SEO to push ransomware, trojans via Google
2021-03-01 18:10

The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results. Malware campaigns relying on Gootloader's mechanism have been spotted last year delivering REvil ransomware to targets in Germany.

Virtual Black Hat 2020  - The Latest in Security, From the Comfort of Your Armchair
2020-09-01 09:30

With the 2020 election looming, security is a hot topic. In the business hall, we saw vendors with new offerings to extend the corporate network and security into a user's home.

Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight
2020-08-10 13:24

The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year. The Kr00k vulnerability, which allows attackers to decrypt wireless communications, only affects Wi-Fi chips from Broadcom and Cypress, but ESET researchers discovered recently that similar vulnerabilities also exist in chips made by MedaTek and Qualcomm.

Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem
2020-08-07 00:48

Social media used as a cudgel for nation-states to sway opinion is a cybersecurity threat CISOs can't ignore - and need to understand better and mitigate against. During a keynote address at Black Hat on Thursday entitled "Hacking Public Opinion," she said threat actors are fine-tuning these attacks.

Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs
2020-08-06 21:29

Researchers say the flaws, detailed at Black Hat USA on Thursday, potentially impacted over 2 million Mercedes-Benz connected cars before they were fixed. "We reported the flaws to Mercedez-Benz, we found about 19 vulnerabilities," said Minrui Yan, head of the Sky-Go Team with 360 Group, presenting with Jiahao Li, researcher with 360 Group, at Black Hat.

Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack
2020-08-06 19:49

Satellite internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. When a satellite ISP makes an internet connection for a customer, it beams that customer's signals up to a satellite in geostationary orbit within a narrow communications channel; that signal is then sent back down to a terrestrial receiving hub and routed to the internet.

Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros
2020-08-06 13:02

A new "Zero-click" MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at Black Hat USA 2020, runs macros without an alert or prompt from the Microsoft Office application that prompts explicit user approval - meaning that when a user opens the document, the macro is automatically executed.

Black Hat 2020: Using Botnets to Manipulate Energy Markets for Big Profits
2020-08-06 12:37

Researchers are warning that a new class of botnets could be marshaled and used to manipulate energy markets via zombie armies of power-hungry connected devices such as air conditioners, heaters, dryers and digital thermostats. Researchers with the Georgia Institute of Technology laid out the scenario in a Black Hat 2020 virtual session Wednesday.

Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTs
2020-08-05 22:32

A stack of Linux backdoor malware used for espionage, compiled dynamically and customizable to specific targets, is being used as a shared resource by five different Chinese-language APT groups, according to researchers. Finally, the sixth item is the Linux XOR DDoS botnet, which is the largest known Linux botnet, first coming to notice in 2015.

Black Hat 2020: In a Turnaround, Voting Machine Vendor Embraces Ethical Hackers
2020-08-05 22:27

Voting machine-maker Election Systems & Software has formally announced a vulnerability disclosure policy, Wednesday, during a Black Hat USA 2020 session. The adoption of safe-harbor language marks a drastic turnaround from how the voting-machine vendor has interacted with the research community in previous years.