August 2018

• August 17, 2018 17 Aug'18

  DHS cybersecurity rhetoric offers contradictions at DEF CON

  The Vote Hacking Village at Defcon 26 in Las Vegas was an overwhelming jumble of activity -- a mock vote manipulated, children hacking election results websites, machines being disassembled -- and ...  Continue Reading

• August 17, 2018 17 Aug'18

  Intel disclosed Spectre-like L1TF vulnerabilities

  News roundup: Intel disclosed L1TF vulnerabilities with similarities to Spectre, but with a focus on data. Plus, the NIST Small Business Cybersecurity Act is now a law, and more.  Continue Reading

• August 17, 2018 17 Aug'18

  ICS security fails the Black Hat test

  Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren't really trying.  Continue Reading

• August 17, 2018 17 Aug'18

  How is Oracle Micros POS affected by CVE 2018-2636?

  A security researcher found a security flaw dubbed CVE-2018-2636 that enables the installation of malware on Oracle Micros POS systems. Learn more about the vulnerability.  Continue Reading

• August 16, 2018 16 Aug'18

  OneLogin security chief delivers new security model

  How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus.  Continue Reading

• August 16, 2018 16 Aug'18

  Finalized TLS 1.3 update has been published at last

  The finalized TLS 1.3 update has been published after a four-year process. The new protocol promises to be faster and more secure than its predecessor, TLS 1.2.  Continue Reading

• August 16, 2018 16 Aug'18

  What is missing from the NIST/DHS botnet security report?

  The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis.  Continue Reading

• August 16, 2018 16 Aug'18

  How to mitigate the Efail flaws in OpenPGP and S/MIME

  Efail exploits vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext in encrypted emails. Learn more about the Efail vulnerabilities from expert Michael Cobb.  Continue Reading

• August 15, 2018 15 Aug'18

  Infosec mental health support and awareness hits Black Hat 2018

  While burnout, depression and PTSD can affect anyone, infosec mental health still doesn't often get the attention it deserves, but Black Hat 2018 attempted to change that.  Continue Reading

• August 15, 2018 15 Aug'18

  Skygofree Trojan: What makes this spyware unique?

  Android malware was discovered by Kaspersky Labs and named Skygofree. This Trojan targets smartphones and tablets using spyware and gathers user information and app data.  Continue Reading

• August 14, 2018 14 Aug'18

  Google location tracking continues even when turned off

  New research has discovered mobile apps may still store where users have been even after Google location-tracking services have been turned off.  Continue Reading

• August 14, 2018 14 Aug'18

  Amanda Rousseau on becoming a cybersecurity researcher

  Cybersecurity researcher Amanda Rousseau discusses the relationship between the infosec community and law enforcement and how to create the next generation of white hat hackers.  Continue Reading

• August 14, 2018 14 Aug'18

  Amanda Rousseau talks about computer forensics investigations

  Amanda Rousseau, aka Malware Unicorn, discusses her time in computer forensics investigations with the DoD, as well as the joys of reverse engineering malware encryption by hand.  Continue Reading

• August 14, 2018 14 Aug'18

  Incident response frameworks for enterprise security teams

  After a security breach, incident response practices become crucial to minimize and contain the damage. Learn about incident response frameworks with guest David Geer.  Continue Reading

• August 14, 2018 14 Aug'18

  Ransomware recovery: How can enterprises operate post-attack?

  A report detailed how Maersk recovered its infrastructure from a NotPetya ransomware attack along with its chosen recovery option. Expert Nick Lewis explains how it worked.  Continue Reading

• August 13, 2018 13 Aug'18

  Lessons learned from Meltdown and Spectre disclosure process

  During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre.  Continue Reading

• August 13, 2018 13 Aug'18

  10 unified access management questions for OneLogin CSO Justin Calmus

  Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job?  Continue Reading

• August 13, 2018 13 Aug'18

  Okiru malware: How does this Mirai malware variant work?

  A Mirai variant has the ability to put billions of devices at risk of becoming part of a botnet. Discover how this works and what devices are at risk with expert Nick Lewis.  Continue Reading

• August 10, 2018 10 Aug'18

  2018 Pwnie Awards cast light and shade on infosec winners

  The Meltdown and Spectre research teams won big at the Pwnie Awards this year at Black Hat, while the late-entry Bitfi Wallet team overwhelmingly won for Lamest Vendor Response.  Continue Reading

• August 10, 2018 10 Aug'18

  Web cache poisoning attacks demonstrated on major websites, platforms

  PortSwigger's James Kettle doesn't believe web cache poisoning is theoretical and to prove it, he demonstrated several attacks on major websites and platforms at Black Hat 2018.  Continue Reading