July 2012
-
July 31, 2012
31
Jul'12
Black Hat 2012: Pepper Flash sandbox bolsters Google Chrome security
Researchers from IBM's X-Force Advanced Research Team demonstrated how an attacker could escape a Flash sandbox implementation at Black Hat. Continue Reading
-
July 31, 2012
31
Jul'12
Surviving cyberwar: Preparing for APTs, Stuxnet malware-style attacks
Surviving cyberwar is now a priority for enterprises, with more Stuxnet malware-style attacks sure to come. Expert Nick Lewis has a defensive primer. Continue Reading
-
July 30, 2012
30
Jul'12
Security researcher wins Microsoft Blue Hat prize for kBouncer
A new defensive technique that can be used in Intel-based processors could thwart memory-based return oriented programming attacks. Continue Reading
-
July 30, 2012
30
Jul'12
Using the network to prevent an Oracle TNS Listener poison attack
Expert Michael Cobb details the Oracle TNS Listener poison attack and tells how enterprises can use the network to defend vulnerable applications. Continue Reading
-
July 30, 2012
30
Jul'12
IPS/IDS technologies: Innovations and changes
Haven’t shopped for an IDS/IPS in a while? Karen Scarfone details important recent innovations to IDS/IPS technologies. Continue Reading
-
July 30, 2012
30
Jul'12
Black Hat 2012: SSL handling weakness leads to remote wipe hack
Researcher Peter Hannay's man-in-the-middle attack exploited an SSL handing flaw to remotely wipe Android and iOS mobile devices via Exchange server. Continue Reading
-
July 27, 2012
27
Jul'12
Apple's AuthenTec purchase may pave way for iOS biometrics
In addition to fingerprint technology, AuthenTec provides mobile security software licenses. One of its customers is Samsung, a main rival of Apple's. Continue Reading
-
July 27, 2012
27
Jul'12
Black Hat 2012: Security visibility and the hidden message
SearchSecurity.com Black Hat 2012 contributor Jennifer Minella says security visibility was the underlying theme of this year's event. Continue Reading
-
July 27, 2012
27
Jul'12
Black Hat 2012: Rodrigo Branco on new malware research database
Video: Qualys vulnerability researcher Rodrigo Branco discusses his new malware analysis system that will serve as a malware research database. Continue Reading
-
July 26, 2012
26
Jul'12
Black Hat 2012: David Litchfield slams Oracle database indexing
At Black Hat 2012, longtime Oracle thorn David Litchfield presents working exploits targeting Oracle database indexing vulnerabilities. Continue Reading
-
July 26, 2012
26
Jul'12
Black Hat 2012: Apple tech talk a missed opportunity, researchers say
Thursday's Apple tech talk marked its first public discussion about iOS security, but only covered what security researchers already know. Continue Reading
-
July 26, 2012
26
Jul'12
Black Hat 2012: Poor mobile app security drains enterprise data
Mobile apps collect a myriad of data sources from contacts to location information and could also be accessing sensitive enterprise data. Continue Reading
-
July 26, 2012
26
Jul'12
FFIEC cloud computing risks document: Where's the beef?
It seems the Federal Financial Institutions Examination Council could have done a little better with its cloud computing advisory. Earlier this month, the FFIEC issued a statement on outsourced ... Continue Reading
-
July 26, 2012
26
Jul'12
Black Hat 2012: On-stage NFC hack highlights NFC security issues
Researcher Charlie Miller says Near Field Communication or NFC security issues open a huge attack surface on smartphones. Continue Reading
-
July 26, 2012
26
Jul'12
Black Hat 2012: New Zeus variants are more dangerous
Video: Brett Stone-Gross of Dell SecureWorks explains how Gameover, a sophisticated version of the Zeus Trojan, steals banking credentials. Continue Reading
-
July 26, 2012
26
Jul'12
Black Hat 2012: Phishing and social engineering penetration testing
Video: Anti-spear phishing training is controversial, but can be effective if it is done right, says Rohyt Belani, CEO and co-founder of PhishMe Inc. Continue Reading
-
July 26, 2012
26
Jul'12
FFIEC statement on cloud risk misses the mark
Bank regulators provide few details on managing cloud risks. Continue Reading
-
July 26, 2012
26
Jul'12
Video: Expert makes case for end-user phishing tests
Anti-spear phishing training is controversial, but can be effective if it is done right, says Rohyt Belani, CEO and co-founder of PhishMe Inc. Continue Reading
-
July 25, 2012
25
Jul'12
Black Hat 2012: Dan Kaminsky tackles secure software development
Security researcher Dan Kaminsky’s annual "black ops" talk at Black Hat 2012 focused improving secure software development with better code. Continue Reading
-
July 25, 2012
25
Jul'12
Black Hat 2012: Limited release for tool allowing smart meter hacks
Don Weber of InGuardians is releasing his smart meter hacking tool, but only to utilities, vendors and vendor-vetted researchers. Continue Reading