Here Are Some Interesting Headlines I Found During Black Hat



Stu_at_BlackHatBlack Hat 2019 - The Craziest, Most Terrifying Things We Saw:

I ran into Neil Rubenking when I went to the Qualys party which was in the Foundation Room all the way on top of the Mandalay. Neil wrote: "The Las Vegas sun has set on another Black Hat, and the myriad of hacks, attacks, and vulnerabilities it brings. We had high expectations this year, and were not disappointed. We were even occasionally surprised. Here's all the great and terrifying things we saw."
 

Black Hat 2019: Deepfakes Require a Rethink of Incident Response.  ITPro Today The growth of AI-based fake videos have security managers looking at how they might impact their organization.

I was interviewed at Dark Reading News Desk Live at Black Hat USA 2019. The Dark Reading video News Desk has returned to Black Hat, bringing you more than 30 live video interviews with conference speakers and sponsors as they streamed live from the expo floor Wednesday and Thursday.

Destructive malware attacks double as attackers pair ransomware with disk wipers. IBM Security’s X-Force Incident Response and Intelligence Services (IRIS) team reported this week that it witnessed a 200 percent increase in destructive malware attacks over the first half of 2019, compared to the second half of 2018. "One of the cases that their team responded to involved an energy and manufacturing company with about 20,000 users. In this instance, the attackers had established administrative access to the company’s network in less than a week, but then waited a full 120 days before enabling the malware’s destructive capabilities.Think about what that means for your backups. 

Anatomy of an attack: How Coinbase was targeted with emails booby-trapped with Firefox zero-days.  Coinbase chief information security officer Philip Martin this week published an incident report covering the recent attack on the cryptocurrency exchange, revealing a phishing campaign of surprising sophistication.  There are at least two social engineering tactics that took place here:

  1. the extended back and forth between attacker and select employees (as many as 200 to start out with?)
  2. Tricking several employees who didn't use Firefox into downloading and using Firefox

Hackers Could Decrypt Your GSM Phone Calls. MOST MOBILE CALLS around the world are made over the Global System for Mobile Communications standard; in the US, GSM underpins any call made over AT&T or T-Mobile's network. But at the DefCon security conference in Las Vegas on Saturday, researchers from the BlackBerry are presenting an attack that can intercept GSM calls as they're transmitted over the air and decrypt them to listen back to what was said. And the vulnerability has been around for decades.

Researcher: GDPR’s Right of Access policy can be abused to steal others’ personal info. An Oxford University scholar says he was able to trick dozens of European companies into sending him sensitive data about his fiancée, simply by impersonating her while invoking GDPR’s “Right of Access” policy.

This Tesla Mod Turns a Model S Into a Mobile 'Surveillance Station.  Security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras—the same dash and rearview cameras providing a 360-degree view used for Tesla's Autopilot and Sentry features—into a system that spots, tracks, and stores license plates and faces over time.

Double Dragon APT41, a dual espionage and cyber crime operation. FireEye Threat Intelligence assesses with high confidence that APT41 is a Chinese state-sponsored espionage group that is also conducting financially motivated activity for personal gain. APT41 espionage operations against the healthcare, high-tech, and telecommunications sectors include....

Security researchers find that DSLR cameras are vulnerable to ransomware attack. Check Point Software Technologies issued a report today that detailed how its security researchers were able to remotely install malware on a digital DSLR camera. In it, researcher Eyal Itkin found that a hacker can easily plant malware on a digital camera.

IBM's Warshipping Attacks Wi-Fi Networks From Afar. You've heard about wardriving, but what about warshipping? Researchers at IBM X-Force Red have detailed a new tactic that they say can break into victims' Wi-Fi networks from far. The company calls the technique warshipping, and it is a more efficient evolution of wardriving, a popular technique among hackers seeking access to any wireless network they can find. Whereas wardrivers drive around a

Email fraud hits B.C. lawyers for $2 million. Two law firms were targets of so-called social engineering frauds causing almost $2 million in real estate and investment funds to be wired to people other ...

World's Dumbest Bitcoin Scammer Tries to Scam Bitcoin Educator, Gets Scammed in The Process. Ben Perrin is a Canadian cryptocurrency enthusiast and educator who hosts a bitcoin show on YouTube. This is immediately apparent after a quick a look at all his social media. Ten seconds of viewing on of his videos will show that he is knowledgeable about digital assets, and 30 seconds of perusing his channel will… Read more...

Security researcher cracks high-security lock used for ATMs, Air Force One, military bases. At this year's Defcon Lock Picking Village, Ioactive's Mike Davis will present a method for cracking high-security locks made by Dormakaba Holding, a Swiss company. The locks are used in very high-stake applications, from security ATMs to Air Force One, as well as guarding classified and sensitive materials on US military bases. Davis discovered a side-channel vulnerability that uses a $5,000 osc

How malware steals autofill data from browsers. Most browsers kindly offer to save your data: account credentials, bank card details for online stores, billing address, name, and passport number for travel sites, and so on. It’s convenient and saves having to fill out the same forms all over again or worry about forgotten passwords.

Banking start-up exposes PINs for 500,000 customers on the verge of US launch. Banking start-up Monzo has sent out emails to half a million customers after its engineers caught a glimpse of the PIN numbers associated with their cards. The British banking service, which serves 2.5 million customers, recently secured a new round of funding and is about to launch in the United States. It was going fine […] The post appeared first on Security Boulevard .

Is it critical for CFOs to understand cybersecurity? - Security Boulevard. Is it critical for CFOs to understand cybersecurity? Is it critical for CFOs to understand cybersecurity? Looking at the impact a data breach can have in terms of regulatory fees, customer trust as well as loyalty and as a consequence, shareholder value, cybersecurity is no longer just an IT issue. It has become a board-level concern.

AT&T workers took $1 million in bribes to unlock 2 million phones, DOJ says. A Pakistani man bribed AT&T call-center employees to install malware and unauthorized hardware as part of a scheme to fraudulently unlock cell phones, according to the US Department of Justice. Muhammad Fahd, 34, was extradited from Hong Kong to the US on Friday and is being detained pending trial. An indictment alleges that "Fahd recruited and paid."

MegaCortex variant redesigned a self-executing, incorporates features of previous version. Threat actors released version 2.0 of MegaCortex ransomware and have equipped their threat with anti-analysis features, among other new ...

Microsoft Alert Blows Whistle on Russian IoT Device Attacks - MeriTalk. An August 5 alert issued by Microsoft’s Security Response Center is blowing the whistle on hacking efforts focused on three classes of internet of things (IoT) devices that Microsoft asserts are being attacked by the hacking group it identifies as “Strontium,” better known as the Russia-based cyber espionage group Fancy Bear.

This Deepfake Video of Bill Hader Transforming Into Tom Cruise and Seth Rogen Will Make You Believe in Shapeshifting Demons. Check out the latest video from deepfake creator Ctrl Shift Face, in which Hader goes on David Letterman’s show to talk about Tropic Thunder and transforms himself into Tom Cruise and Seth Rogen, as the very bones beneath his flesh run like water.


Find out how affordable new-school security awareness training is for your organization. Get a quote now.

 
Get A Quote
Request A Demo
 

Subscribe To Our Blog


New call-to-action




Get the latest about social engineering

Subscribe to CyberheistNews