Black Hat

IBM reveals ways to use native source-code management functionality in attacks

Joe UchillAugust 9, 2022

The company’s pen testing group jammed the new research and reconnaissance tools into SCMKit, an attack simulation toolkit unveiled at Black Hat.

Co-founder and CEO at Cloudflare Matthew Prince shares the stage with venture capital leaders at TechCrunch Disrupt Berlin 2019. Cloud is among the factors influencing massive investments in the cybersecurity space during 2020. (Photo by Noam Galai/Getty Images for TechCrunch)

Security Strategy, Plan, Budget

As cyber funds continue to surge, founders must contemplate where to grab their millions

Jill AitoroAugust 11, 2021

As funding divvied to cyber startups continues to explode, founders face a new dilemma: When and from whom do they accept the millions of dollars?

NDR

Watch: A deep dive on the cyber industry’s existential crisis

SC StaffAugust 10, 2021

Are supply chain attacks and software interdependence creating an existential crisis for the cybersecurity industry?

Leaders from the FDA, providers and manufactures discussed medical device security last week at Defcon in Las Vegas. (“AMD medical devices & Cisco telehealth collaboration” by CiscoANZ is licensed under CC BY 2.0)

Risk Assessments/Management

‘Nothing is a standalone device’: How a complex ecosystem leaves medical security in flux

Jessica DavisAugust 10, 2021

Though the FDA, device manufacturers, and health care providers all play a role in securing vulnerable devices, it’s providers and patients facing the brunt of the risk, according to a recent DEFCON Biohacking Village Talk.

“A bewildering array of Internet-connected consumer devices at KnewOne” by Nagarjun is licensed under CC BY 2.0

IoT

Don’t count on IoT random number generation

Joe UchillAugust 7, 2021

Many IoT devices falter on random number generation, a key part of cryptography.

A customer uses a Kindle tablet device at the newly opened Amazon Books store on Nov. 4, 2015, in Seattle. (Stephen Brashear/Getty Images)

Vulnerability Management

‘Read any good malware lately?’ Researchers find root access vulnerabilities in Kindle e-books

Derek B. JohnsonAugust 6, 2021

A bug in Amazon’s Kindle e-books, since patched, can allow an attacker to smuggle malware and gain root access to a victim’s device, steal tokens, steal or delete other sensitive data and even turn your internet-connected Kindle against your own network.

A computer screen is filled with code during a hackathon event on Feb. 1, 2014, in Miami. (Joe Raedle/Getty Images)

Threat Intelligence

Automate zero-day discovery by looking to the past

Joe UchillAugust 6, 2021

A research team from SafeBreach believe they, and any researchers who choose to adopt their method, can dramatically speed up the vulnerability disclosure process — faster than modern reversing methods and fuzzers currently allow.