Researchers Find Significant Vulnerabilities in macOS Privacy ProtectionsAttacks require executing code on a system but foil Apple's approach to protecting private data and systems files.
A New Approach to Securing Authentication Systems' Core SecretsResearchers at Black Hat USA explain issues around defending "Golden Secrets" and present an approach to solving the problem.
MacOS Flaw in Telegram Retrieves Deleted MessagesTelegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead.
Organizations Still Struggle to Hire & Retain Infosec Employees: ReportSecurity leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows.
Is your personal information being abused?
Drowning in spam? A study presented at Black Hat USA 2021 examines if sharing your personal information with major companies contributes to the deluge of nuisance emails, texts and phone calls.
The post Is your personal information being abused? appeared first on WeLiveSecurity
Black Hat: Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers SayResearchers show how to circumvent Microsoft’s Windows Hello biometric authentication using a spoofed USB camera.
Black Hat: Charming Kitten Leaves More Paw PrintsIBM X-Force detailed the custom-made "LittleLooter" data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof.
The Importance of Properly Scoping Cloud Environments
PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) recently released a joint industry threat bulletin highlighting the importance of properly scoping cloud environments. In this blog, the PCI SSC and CSA share guidance and best practices for properly scoping cloud environments.
Why Supply Chain Attacks Are Destined to EscalateIn his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.
Ransomware Gangs and the Name Game DistractionIt's nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don't go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years. Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one's demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere. Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members -- such as which types of victims aren't allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network.
There's been a rise in stalkerware. And the tech abuse problem goes beyond smartphonesNo matter how stalkerware is marketed, it is part of a wider problem: the use of technology in coercive control.
Why cloud security is the key to unlocking value from hybrid working
How can companies and employees who start to adapt to hybrid working practices protect themselves against cloud security threats?
The post Why cloud security is the key to unlocking value from hybrid working appeared first on WeLiveSecurity
‘I’m Calling About Your Car Warranty’, aka PII HijinxBlack Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.
Black Hat: Security Bugs Allow Takeover of Capsule Hotel RoomsA researcher was able to remotely control the lights, bed and ventilation in "smart" hotel rooms via Nasnos vulnerabilities.
Black Hat: This is how a naive NSA staffer helped build an offensive UAE security branchIf that job offer looks too good to be true, something else may be afoot.
Black Hat: Let’s All Help Cyber-Immunize Each OtherWe're selfish if we're only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let's be like doctors battling COVID and work for herd immunity.
Bob had a bad night: IoT mischief takes neighbourly revenge to the next level in a capsule hotelWhen you hand over control of capsule bedrooms to guests, you also offer them the means to troll others.
The Graph Foundation launches bug bounty programBugs in scope include RCE and those leading to the loss of user funds.
Black Hat 2021 – non‑virtual edition
How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year?
The post Black Hat 2021 – non‑virtual edition appeared first on WeLiveSecurity