An anonymous reader quotes a report from ZDNet: A suspected Chinese hacking group has been attacking the airline industry for the past few years with the goal of obtaining passenger data in order to track the movement of persons of interest. The intrusions have been linked to a threat actor that the cyber-security has been tracking under the name of Chimera….
Tag: black hat
Did A Chinese State-Sponsored Group Breach Taiwan’s Semiconductor Industry?
At the Black Hat security conference, researchers from the Taiwanese cybersecurity firm CyCraft revealed at least seven Taiwanese chip firms have been breached over the past two years, reports Wired:
The series of deep intrusions — called Operation Skeleton Key due to the attackers’ use of a “skeleton key injector” technique — appeared aimed at stealing as much intellectual property as possible,…
Researcher Discovers New ‘HTTP Request Smuggling Attack’ Variants
Some scary new variants of “HTTP request smuggling” have been discovered by Amit Klein, VP of security research at SafeBreach, reports Security Week:
Specifically, an HTTP request smuggling attack, which can be launched remotely over the internet, can allow a hacker to bypass security controls, gain access to sensitive data, and compromise other users of the targeted app. While the attack method…
Hackers Could Use IoT Botnets To Manipulate Energy Markets
An anonymous reader quotes a report from Wired: At the Black Hat security conference on Wednesday, [researchers at the Georgia Institute of Technology] will present their findings, which suggest that high-wattage IoT botnets — made up of power-guzzling devices like air conditioners, car chargers, and smart thermostats — could be deployed strategically to increase demand at certain times in any of…
Decades-Old Email Flaws Could Let Attackers Mask Their Identities
At the Black Hat security conference on Thursday, researchers will present “darn subtle” flaws in industry-wide protections used to ensure that emails come from the address they claim to. From a report: The study looked at the big three protocols used in email sender authentication — Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and…
New ‘Spectra’ Attack Breaks the Separation Between Wi-Fi and Bluetooth
An anonymous reader quotes a report from ZDNet: Academics from Germany and Italy say they developed a new practical attack that breaks the separation between Wi-Fi and Bluetooth technologies running on the same device, such as laptops, smartphones, and tablets. Called Spectra, this attack works against “combo chips,” specialized chips that handle multiple types of radio wave-based wireless communications, such as…
In-Person DEF CON 28 Event Is Canceled
Annual Las Vegas hacker gathering DEF CON has officially called off its physical conference for this year due to the coronavirus pandemic. The Register reports: In what was pretty much a foregone conclusion, the organizing team today said the in-person event would not be held in 2020. It had been slated to take place in August. This comes after the more…
Apple Confirms $1 Million Reward For Anyone Who Can Hack An iPhone
Apple says it will offer up to $1 million for hackers who can find vulnerabilities in iPhones and Macs. “That’s up from $200,000, and in the fall the program will be open to all researchers,” reports Forbes. “Previously only those on the company’s invite-only bug bounty program were eligible to receive rewards.” From the report: As Forbes reported on Monday, Apple…
A Boeing Code Leak Exposes Security Flaws Deep In a 787’s Guts
An anonymous reader quotes a report from Wired: Late one night last September, security researcher Ruben Santamarta sat in his home office in Madrid and partook in some creative googling, searching for technical documents related to his years-long obsession: the cybersecurity of airplanes. He was surprised to discover a fully unprotected server on Boeing’s network, seemingly full of code designed to…
Microsoft Launches Azure Security Lab, Doubles Top Bug Bounty To $40,000
At Black Hat 2019 today, Microsoft announced the Azure Security Lab, a sandbox-like environment for security researchers to test its cloud security. The company also doubled the top Azure bug bounty to $40,000. From a report: Bug bounty programs are a great complement to existing internal security programs. They help motivate individuals and groups of hackers to not only find flaws…