Four vulnerabilities found in Qualcomm chips used in 900 million Android devices leave affected phones and tablets open to attacks that could give hackers complete system control. Researchers at Check Point who found the flaw are calling the vulnerability Quadrooter and say that a patch isn’t expected to be available to most users until September....

Apple last week patched a critical iOS memory corruption vulnerability that could allow attackers to execute code on compromised devices. The flaw was found by Team Pangu, a Chinese hacker group that specializes in building iOS jailbreak tools. The vulnerability is fixed in iOS 9.3.4. Related Posts Apple Launches Bug Bounty with Maximum $200,000 Reward...

LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search for and spread between networked programmable logic controllers (PLCs). PLC-Blaster was designed to target Siemens SIMATIC...

LAS VEGAS—Gunter Ollmann, CSO at Vectra networks, talks to Mike Mimoso at Black Hat about ransomware as a prototype for malware going forward, as well as the long-term future of exploit kits and whether IoT is something that can be secured sooner rather than later. Download: Gunter_Ollman_on_Ransomware_Exploit_Kits_and_IoT.mp3 Music by Chris Gonsalves

LAS VEGAS—Apple closed out Black Hat today with a long-awaited announcement that next month it will launch a bug bounty. The Apple Security Bounty will be an invitation-only program, open to two dozen researchers at the outset, said Ivan Krstic, head of security engineering and architecture. The maximum payout is $200,000 and five classes of...

LAS VEGAS—There’s been an abundance of attacks against crypto over the last few years but a much simpler, scarier threat, cookie hijacking, remains significantly overlooked in the eyes of researchers. Two academics, Suphannee Sivakorn, a PhD student at Columbia University, and Jason Polakis, an assistant professor at the University of Illinois discussed just how woefully inadequate...

Google is used to taking a beating over Android vulnerabilities, but it says too often its hard work fixing vulnerabilities and keeping the platform safe goes unnoticed. “Over the seven years working on Android security vulnerabilities I’ve seen a lot of bugs and a lot of fear uncertainty and doubt,” said Nick Kralevich, Android platform...

LAS VEGAS—Charlie Miller and Chris Valasek figuratively drove off into the sunset today at Black Hat, hanging up their car hacking exploits for good and leaving behind a pioneering legacy that elevated this type of research into the mainstream. “It’s time someone else pick it up,” Valasek said. “We did our part and it’s time...

Does dropping an infected USB drive in a parking work when it comes to a hacker luring its prey into a digital trap? The answer is a resounding yes. At Black Hat USA, security researcher Elie Bursztein shared the results of an experiment where he dropped 297 USB drives with phone-home capabilities on the University...

Joshua Drake of Zimperium Labs talks to Mike Mimoso about the last year post-Stagefright, the effectiveness of Google’s monthly patching cycle, and some of the security enhancements forthcoming in Android N. Download: Joshua_Drake_on_Post-Stagefright_Android.mp3 Music by Chris Gonsalves