Symantec Spots State-Sponsored ‘Strider’ Attacks

Symantec Spots State-Sponsored ‘Strider’ Attacks Security experts have discovered a highly targeted cyber espionage campaign aimed at just seven organizations over the past five years. The Strider group has targeted a mere 36 machines in these organizations since 2011 with the Remsec backdoor malware, according to Symantec. The malware itself has a Lua modular design which delivers various capabilities including keylogging, …

#DefCon: Thermostat Control Hacked to Host Ransomware

#DefCon: Thermostat Control Hacked to Host Ransomware Thermostat security has been proved to be particularly vulnerable, with ransomware able to infect and run on it. Presenting at Def Con in Las Vegas on thermostat ransomware, Pen Test Partners’ Andrew Tierney described the discovery as the “first proof of concept of ransomware for a thermostat”. Although the company was not able …

#DefCon FTC Stresses IoT Concerns

#DefCon FTC Stresses IoT Concerns The Federal Trade Commission (FTC) has called for better development of connected devices for consumer privacy. Speaking at Def Con in Las Vegas, Lorrie Cranor and attorney Terrell McSweeney said that the Internet of Things (IoT) connects in “new and exciting ways”, but as machines are getting smarter, the FTC is concerned about protecting consumers …

#DefCon US Government Only Holds Dozens of Zero-Days

#DefCon US Government Only Holds Dozens of Zero-Days The US Government only holds “dozens” of vulnerabilities at any one time. Speaking at Def Con in Las Vegas, Jason Healey from Columbia University conducted a research project on how many vulnerabilities that the government decides to retain or disclose. Asking the audience how many felt it was hundreds or thousands (to …

#BUSA: Iran’s Soft War Gets Harder

#BUSA: Iran’s Soft War Gets Harder Iranian hardliners are becoming more sophisticated and aggressive in how they use the internet, social media tools and applications to promote their agenda, and target activists and others who opposed them, according to two prominent international security researchers. Presenting before an audience at the Black Hat USA conference in Las Vegas on “Iran and …

Researchers Hack Tesla S’s Autopilot System

Researchers Hack Tesla S's Autopilot System Elon Musk’s Tesla S has a very cool feature known as autopilot mode, designed for autonomous driving using radar and an array of sensors. Unfortunately, researchers have been able to sabotage the system, showing the potential to make surrounding objects “disappear” from the autopilot’s view. Tesla’s autopilot detects the car’s surroundings using radar, ultrasonic …

Mayhem the Hacker-Bot Wins $2M DARPA Challenge

Mayhem the Hacker-Bot Wins $2M DARPA Challenge Hacker-bots are real—as demonstrated by Mayhem, a completely automated platform that made off with the first-place prize in the US military’s auto-hacking contest, the Cyber Grand Challenge (CGC). Mayhem was created by a Pittsburgh-based team known as ForAllSecure—one of seven teams that competed for nearly $4 million in prizes in the DARPA-sponsored competition, …

#BHUSA: Apple To Pay Bug Bounties

#BHUSA: Apple To Pay Bug Bounties In the wake of its legal battle with the FBI over security vulnerabilities and access, Apple is launching its first-ever bug bounty program with potential payouts as large as USD$200,000. Speaking at the Black Hat conference in Las Vegas, Ivan Krstic, Apple’s head of security engineering and architecture, outlined the new security program, which …

#BHUSA Researchers Present Deep Sea Phishing Exercise

#BHUSA Researchers Present Deep Sea Phishing Exercise Using data science, cybersecurity researchers have released a new approach that makes automated phishing exploits almost as fruitful as typically more time-consuming spear-phishing methods. Presenting at the Black Hat conference in Las Vegas, John Seymour, data scientist, and Philip Tully, senior data scientist, both with ZeroFOX, discussed how they used a combination of …

HTTP/2 Bugs Could Deny Service for Millions

HTTP/2 Bugs Could Deny Service for Millions Security experts have discovered four major vulnerabilities in the new HTTP/2 protocol, potentially exposing as many as 90 million websites to denial of service and other attacks. Imperva released the findings at Black Hat this week, claiming to have tested them on HTTP/2 server implementations from Apache, Microsoft, NGINX, Jetty, and nghttp2. The flaws, which …