Black Hat USA 2016 – Page 3

Why VoIP security is crucial for organizations

Posted on August 4, 2016 by Help Net Security

With more organizations turning to VoIP (Voice over Internet Protocol) and cloud-based Unified Communications (UC) systems to underpin their commercial services and corporate communications, IT response and security testing teams are struggling to keep pace with the VoIP attack surface and growing number of threats in the wild, according to Fatih Ozavci from Context Information Security, speaking at the Black Hat USA 2016 on Thursday. “A lack of understanding of modern VoIP and UC security, … More → Continue reading Why VoIP security is crucial for organizations→

Miller, Valasek Deliver Final Car Hacking Talk

Posted on August 4, 2016 by Michael Mimoso

Charlie Miller and Chris Valasek explained at Black Hat today how they were able to control steering and the parking brake on a Jeep Cherokee at speed. The two said the talk would be their last on car hacking. Continue reading Miller, Valasek Deliver Final Car Hacking Talk→

Security awareness training or not, users will keep clicking on dodgy links

Posted on August 4, 2016 by Zeljka Zorz

There is no way to make humans never click on potentially dangerous links they receive, as the right combination of curiosity, context, and emotions will always beat security awareness training, says Zinaida Benenson, researcher and associate professor at the University of Erlangen-Nuremberg. In fact, security awareness training that includes the sending of fake spear phishing emails can negatively influence user effectiveness, as well as social relationships within the organization (if the emails are sent from … More → Continue reading Security awareness training or not, users will keep clicking on dodgy links→

Researchers Go Inside a Business Email Compromise Scam

Posted on August 4, 2016 by Michael Mimoso

Dell SecureWorks today published a report at Black Hat USA 2016 on a Nigerian Business Email Compromise scam called “wire-wire”, or “waya-waya.” Continue reading Researchers Go Inside a Business Email Compromise Scam→

Utilizing hardware to stop attackers earlier and without disruption

Posted on August 4, 2016 by Help Net Security

Too often the defense community makes the mistake of focusing on the “what,” without considering and truly understanding the “why.” This mindset often leads to the development of technologies based on known exploitation techniques, which are ineffective and easily circumvented shortly after their release. Instead of focusing on those known exploit techniques, our research introduces a new method for early detection and prevention of exploits without prior knowledge of the vulnerability or technique. Our hardware-assisted … More → Continue reading Utilizing hardware to stop attackers earlier and without disruption→

Android Tamer: Virtual platform for Android security professionals

Posted on August 4, 2016 by Mirko Zorz

Android Tamer is a free and open source Swiss army knife type of tool for Android security. The recently released version 4 moves towards Debian package compatibility. Users are able to obtain or use Android Tamer in multiple formats: 1. Download the OVA directly and use it. 2. Configure Debian 8 machines to use tools from Android Tamer repositories. 3. A Vagrant Image can be used to build Android Tamer and see the process transparently. … More → Continue reading Android Tamer: Virtual platform for Android security professionals→

Oracle EBusiness Suite ‘Massive’ Attack Surface Assessed

Posted on August 4, 2016 by Michael Mimoso

Oracle bug hunter David Litchfield scoured Oracle EBusiness Suite looking for vulnerabilities and shared what he found during a Black Hat talk. Continue reading Oracle EBusiness Suite ‘Massive’ Attack Surface Assessed→

ThreatMarket: The world’s first security search engine

Posted on August 3, 2016 by Zeljka Zorz

SecurityScorecard is previewing the world’s first security search engine, ThreatMarket, at Black Hat USA 2016. Comprised of patented and proprietary technology, ThreatMarket is a cloud-based platform that collects and correlates terabytes of security-risk indicators from around the world. Through continuous, non-intrusive monitoring of security data, ThreatMarket offers real-time global security intelligence to support incident and breach response, organizational security monitoring, device and software misconfiguration or exposure, and the enhancement of security audits. Simple restful APIs … More → Continue reading ThreatMarket: The world’s first security search engine→

Four high-profile vulnerabilities in HTTP/2 revealed

Posted on August 3, 2016 by Help Net Security

Imperva released a new report at Black Hat USA 2016, which documents four high-profile vulnerabilities researchers at the Imperva Defense Center found in HTTP/2, the new version of the HTTP protocol that serves as one of the main building blocks of the Worldwide Web. HTTP/2 introduces new mechanisms that effectively increase the attack surface of business critical web infrastructure which then becomes vulnerable to new types of attacks. Imperva researchers took an in-depth look at … More → Continue reading Four high-profile vulnerabilities in HTTP/2 revealed→

Researchers continue hacking cars, and start on heavy vehicles

Posted on August 3, 2016 by Zeljka Zorz

When Charlie Miller and Chris Valasek demonstrated a year ago how they can remotely exploit vulnerabilities in Chrysler’s 2014 Jeep Cherokee, and fiddle with its wipers, radio, motor and brakes (at low speeds), it forced the company to confront and address the issues. But their research into automotive security didn’t end there, and the pair is scheduled to present new techniques for injecting CAN messages onto the vehicle’s network at Black Hat USA 2016 on … More → Continue reading Researchers continue hacking cars, and start on heavy vehicles→