July 2012

• July 31, 2012 31 Jul'12

  Black Hat 2012: Pepper Flash sandbox bolsters Google Chrome security

  Researchers from IBM's X-Force Advanced Research Team demonstrated how an attacker could escape a Flash sandbox implementation at Black Hat.  Continue Reading

• July 31, 2012 31 Jul'12

  Surviving cyberwar: Preparing for APTs, Stuxnet malware-style attacks

  Surviving cyberwar is now a priority for enterprises, with more Stuxnet malware-style attacks sure to come. Expert Nick Lewis has a defensive primer.  Continue Reading

• July 30, 2012 30 Jul'12

  Security researcher wins Microsoft Blue Hat prize for kBouncer

  A new defensive technique that can be used in Intel-based processors could thwart memory-based return oriented programming attacks.  Continue Reading

• July 30, 2012 30 Jul'12

  Using the network to prevent an Oracle TNS Listener poison attack

  Expert Michael Cobb details the Oracle TNS Listener poison attack and tells how enterprises can use the network to defend vulnerable applications.  Continue Reading

• July 30, 2012 30 Jul'12

  IPS/IDS technologies: Innovations and changes

  Haven’t shopped for an IDS/IPS in a while? Karen Scarfone details important recent innovations to IDS/IPS technologies.  Continue Reading

• July 30, 2012 30 Jul'12

  Black Hat 2012: SSL handling weakness leads to remote wipe hack

  Researcher Peter Hannay's man-in-the-middle attack exploited an SSL handing flaw to remotely wipe Android and iOS mobile devices via Exchange server.  Continue Reading

• July 27, 2012 27 Jul'12

  Apple's AuthenTec purchase may pave way for iOS biometrics

  In addition to fingerprint technology, AuthenTec provides mobile security software licenses. One of its customers is Samsung, a main rival of Apple's.  Continue Reading

• July 27, 2012 27 Jul'12

  Black Hat 2012: Security visibility and the hidden message

  SearchSecurity.com Black Hat 2012 contributor Jennifer Minella says security visibility was the underlying theme of this year's event.  Continue Reading

• July 27, 2012 27 Jul'12

  Black Hat 2012: Rodrigo Branco on new malware research database

  Video: Qualys vulnerability researcher Rodrigo Branco discusses his new malware analysis system that will serve as a malware research database.  Continue Reading

• July 26, 2012 26 Jul'12

  Black Hat 2012: David Litchfield slams Oracle database indexing

  At Black Hat 2012, longtime Oracle thorn David Litchfield presents working exploits targeting Oracle database indexing vulnerabilities.  Continue Reading

• July 26, 2012 26 Jul'12

  Black Hat 2012: Apple tech talk a missed opportunity, researchers say

  Thursday's Apple tech talk marked its first public discussion about iOS security, but only covered what security researchers already know.  Continue Reading

• July 26, 2012 26 Jul'12

  Black Hat 2012: Poor mobile app security drains enterprise data

  Mobile apps collect a myriad of data sources from contacts to location information and could also be accessing sensitive enterprise data.  Continue Reading

• July 26, 2012 26 Jul'12

  FFIEC cloud computing risks document: Where's the beef?

  It seems the Federal Financial Institutions Examination Council could have done a little better with its cloud computing advisory. Earlier this month, the FFIEC issued a statement on outsourced ...  Continue Reading

• July 26, 2012 26 Jul'12

  Black Hat 2012: On-stage NFC hack highlights NFC security issues

  Researcher Charlie Miller says Near Field Communication or NFC security issues open a huge attack surface on smartphones.  Continue Reading

• July 26, 2012 26 Jul'12

  Black Hat 2012: New Zeus variants are more dangerous

  Video: Brett Stone-Gross of Dell SecureWorks explains how Gameover, a sophisticated version of the Zeus Trojan, steals banking credentials.  Continue Reading

• July 26, 2012 26 Jul'12

  Black Hat 2012: Phishing and social engineering penetration testing

  Video: Anti-spear phishing training is controversial, but can be effective if it is done right, says Rohyt Belani, CEO and co-founder of PhishMe Inc.  Continue Reading

• July 26, 2012 26 Jul'12

  FFIEC statement on cloud risk misses the mark

  Bank regulators provide few details on managing cloud risks.  Continue Reading

• July 26, 2012 26 Jul'12

  Video: Expert makes case for end-user phishing tests

  Anti-spear phishing training is controversial, but can be effective if it is done right, says Rohyt Belani, CEO and co-founder of PhishMe Inc.  Continue Reading

• July 25, 2012 25 Jul'12

  Black Hat 2012: Dan Kaminsky tackles secure software development

  Security researcher Dan Kaminsky’s annual "black ops" talk at Black Hat 2012 focused improving secure software development with better code.  Continue Reading

• July 25, 2012 25 Jul'12

  Black Hat 2012: Limited release for tool allowing smart meter hacks

  Don Weber of InGuardians is releasing his smart meter hacking tool, but only to utilities, vendors and vendor-vetted researchers.  Continue Reading