At DEF CON, Hacking Humans Takes Center Stage
LAS VEGAS–The man sits on the edge of a chair in a tiny, soundproof plexiglass booth. Overhead lights give his face a harsh white-yellow cast and illuminate the sweat popping out on his close-shaved head. The walls of the booth press in as he glances down at a small notebook and nods to a man on the […]
Trickbot Adds New Worm Capability
Malware authors and cybercrime gangs, like professionals in legitimate fields, watch their competition closely and take what works and add it to their own arsenals. The latest evidence of this comes in the form of a new function added to the Trickbot banking trojan that allows it to spread in worm-like fashion using SMB. That […]
New Report Shows Depth of Data Breaches Is Worse Than Before
More than six billion consumer records have been compromised in data breaches in just the first six months of this year. That number is higher than the mark for all of 2016, more evidence that attackers are continuing to ramp up their efforts to steal sensitive data. A new report out this week from Risk […]
On the Wire Podcast: Black Hat
Black Hat 2017 was an adventure, as it always is, and to help make sense of it all, Dennis Fisher sat down with friends from across the security community for a long conversation. The discussion with Robert Hansen, Jessy Irwin, Jennifer Leggio of Flashpoint, Mike Mimoso of Threatpost, Patrick Gray of Risky Business, and Fahmida […]
To Disclose or Not to Disclose
LAS VEGAS–The people in the security community are good at many things, but reaching consensus is not one of them. That is never more clear than when the topic is vulnerabilities and how to handle them. The last year has seen the publication of a couple of studies on vulnerability discovery and disclosure and how […]
On the Wire Podcast: Ronnie Tokazowski
The takedown of the AlphaBay and Hansa dark web marketplaces by law enforcement last week marked a shift in the way that the authorities approach these operations. Dennis Fisher sat down with Ronnie Tokazowski of Flashpoint to talk about the new tactics law enforcement is using to go after these markets and how the security community is […]
Broadpwn Bug Allows Phone Takeover With One WiFi Probe Request
LAS VEGAS–The vulnerability in Broadcom WiFi chips running in many iPhones and Android devices that both Apple and Google patched recently could be triggered with a simple probe request from a mobile access point, giving the attacker full control of the victim’s device. The bug, known as Broadpwn, is about as powerful as they come for […]
Attackers Can Take Over Your Local Car Wash From the Internet
LAS VEGAS–Researchers are continuing to find new and interesting ways to demonstrate the fragility and poor security of IoT devices, and the latest test bed is your local car wash. A weakness in the design of the software that runs a large number of automated car washes in the U.S can allow a remote attacker […]
Facebook CSO: It’s Time to Focus on Real Problems
LAS VEGAS–The security community needs to get back to solving real problems facing real users in the real world, Facebook’s CSO said, and the company is putting up a million dollars to help do that. Alex Stamos, the top security official at Facebook, said security professionals are spending too much time focusing on elaborate hacks […]