Tag Archive for: hat.

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms

/in



A researcher was able to remotely control the lights, bed and ventilation in “smart” hotel rooms via Nasnos vulnerabilities.

Source…

Supply chain attacks, IoT threats on tap for Black Hat 2021

/in


With the 2021 edition of the Black Hat conference set to kick off in an unprecedented hybrid setup, industry analysts said the security market is also facing challenges it has never seen before.

The annual infosec conference, long billed as a meeting point of enterprise security professionals and researchers who operate at the cutting edge of intrusion and data theft tactics, begins its public sessions on Wednesday. The conference kicks off with a keynote address from Matt Tait, COO of mobile security startup Corellium and a former infosec analyst with the U.K.’s Government Communications Headquarters.

Among the topics Tait is expected to address are supply chain infections, something that has come to the fore in recent months. The 2020 SolarWinds attack, in which software updates for the Orion IT management platform were poisoned, brought the idea of supply chain infections into the public light.

The idea was reinforced months later when Kaseya’s VSA platform was compromised and seeded with ransomware that would eventually infect more than a thousand managed service providers’ clients.

Given these two major attacks, the ideas around supply chains and preventing downstream service providers from falling victim to malware are likely going to be first and forefront on the minds of everyone attending this year’s conference, both in-person and via streaming video.

When combined with the rise in sophisticated ransomware gangs, supply chain attacks could well become the most dangerous threat facing enterprises. “The top two themes have to be supply chain risk and ransomware,” said Eric Parizo, principal analyst of cybersecurity operations at analyst firm Omdia.

“In the wake of the SolarWinds incident and the many high-profile ransomware compromises, both issues have clearly reached the point where new and more comprehensive approaches need to be discussed, including at the highest levels of government.”

Also on the mind of industry analysts are attacks that make the jump from conventional data-based IT networks to machine-controlling operational technology (OT) networks. With the threat of attacks on IoT gear being higher than ever, analysts are worried that cyber attacks could…

Source…

Security Innovation Experts Bring Exploit Expertise to Black Hat 2021 and DEF CON 29 for Fifth …

/in


Press release content from Globe Newswire. The AP news staff was not involved in its creation.

Click to copy

WILMINGTON, Mass., Aug. 04, 2021 (GLOBE NEWSWIRE) — Security Innovation, an authority in software security assessments and training, is delivering advanced training workshops and hands-on hacking at the Black Hat USA and DEF CON 29 conferences. Among the premier cybersecurity events in the world, these annual conferences convene the most innovative and creative researchers to explore new exploits, discuss trends and findings, and collaborate on pressing cyber security issues.

Offensive Mobile Reversing & Exploitation
The company’s Mobile Center-of-Excellence lead, Dinesh Shetty, returned to Black Hat USA 2021 and Black Hat Asia 2021 with an updated version of this popular course that includes expanded coverage of ARM64, mobile browser security, and more in-depth coverage of Mobile apps and operating system security.

House of Heap Workshop
The sold out House of Heap Workworkshop at DEF CON 29 is the results of over a year’s worth of research. This hands-on introduction to GLibC Malloc heap exploitation will help attendees learn how the allocator functions, understand heap specific vulnerability classes, and gain root access with a variety of techniques.

“Heap exploitation is a subject that has evaded many people for years for one primary reason – they focus on the techniques instead of the allocator, said Maxwell Dulin, Security Consultant at Security Innovation. “By learning with an allocator-first style, the techniques are easily understood and practical to use. I look forward to presenting this novel approach.”

Three Security Innovation engineers with deep expertise in Heap exploitation will join Maxwell to ensure students get the most tailored training possible:

  • James Dolan, Security Engineer
  • Nathan Kirkland, Security Researcher & Engineer
  • Zachary Minneker, Security Researcher & Engineer

DevOps CTF
Security Innovation is running one of the DEF CON CTF events again this year. InfiniCrate is the company’s latest cyber range, an ultra-realistic cloud storage repository…

Source…

Farsight Security to Preview Real-Time Protective DNS Tools at Black Hat USA 2021

/in


SAN MATEO, Calif., July 27, 2021 (GLOBE NEWSWIRE) — Building on the success of its proven Newly Observed Domains (NOD), Newly Observed Hostnames (NOH) and other real-time Protective DNS (PDNS) solutions, Farsight Security, Inc., the leading cybersecurity provider of DNS Intelligence, today announced that the company will preview new Protective DNS data-sets based on real-time technologies that enable enterprises to defend against external threats at its virtual booth at the Black Hat USA 2021 hybrid event, taking place virtually and in-person in Las Vegas July 31-August 5, 2021, at the Mandalay Bay Convention Center in Las Vegas, Nevada.

To counter fast-evolving threats, enterprises need effective, easy-to-use Protective DNS solutions based on real-time intelligence. The new data-sets leverage the observational power of Farsight’s extensive real-time sensor network to unlock new defensive layers. As the largest and most successful source for PDNS intelligence, Farsight will offer new data-sets that will contain novel observations or new activity related to Internet identifiers. Customers will select a set of feeds that best align with their security posture.

“Contrary to recent headlines, DNS works too well,” said Paul Vixie, Farsight CEO and also co-inventor with Vernon Schryver of the Response Policy Zone (RPZ) implementation of DNS Firewalls. “As defense improves, offense inevitably also improves, and the only way we’re going to get sustainably ahead of the bad guys is if we can invalidate and crush their DNS content as fast as they can create it. Takedown at the far-end doesn’t work, and takedown at the near-end doesn’t scale. This is takedown-in-the-middle, and we at Farsight are very proud of our continuing leadership role in DNS-related digital defense.”

About Protective DNS

Protective DNS is a set of security services, including DNS Firewalls, developed to protect enterprises against the abuse of Domain Name System (DNS) assets, including domain names and IP addresses. Response Policy Zones (RPZ) is a distributed DNS Firewall solution first created by current members of the Farsight team in 2010. RPZs have become a go-to security tool. Enterprises can select their…

Source…