LAS VEGAS—Gunter Ollmann, CSO at Vectra networks, talks to Mike Mimoso at Black Hat about ransomware as a prototype for malware going forward, as well as the long-term future of exploit kits and whether IoT is something that can be secured sooner rather than later. Download: Gunter_Ollman_on_Ransomware_Exploit_Kits_and_IoT.mp3 Music by Chris Gonsalves

LAS VEGAS—Apple closed out Black Hat today with a long-awaited announcement that next month it will launch a bug bounty. The Apple Security Bounty will be an invitation-only program, open to two dozen researchers at the outset, said Ivan Krstic, head of security engineering and architecture. The maximum payout is $200,000 and five classes of...

LAS VEGAS—There’s been an abundance of attacks against crypto over the last few years but a much simpler, scarier threat, cookie hijacking, remains significantly overlooked in the eyes of researchers. Two academics, Suphannee Sivakorn, a PhD student at Columbia University, and Jason Polakis, an assistant professor at the University of Illinois discussed just how woefully inadequate...

Google is used to taking a beating over Android vulnerabilities, but it says too often its hard work fixing vulnerabilities and keeping the platform safe goes unnoticed. “Over the seven years working on Android security vulnerabilities I’ve seen a lot of bugs and a lot of fear uncertainty and doubt,” said Nick Kralevich, Android platform...

LAS VEGAS—Charlie Miller and Chris Valasek figuratively drove off into the sunset today at Black Hat, hanging up their car hacking exploits for good and leaving behind a pioneering legacy that elevated this type of research into the mainstream. “It’s time someone else pick it up,” Valasek said. “We did our part and it’s time...

Does dropping an infected USB drive in a parking work when it comes to a hacker luring its prey into a digital trap? The answer is a resounding yes. At Black Hat USA, security researcher Elie Bursztein shared the results of an experiment where he dropped 297 USB drives with phone-home capabilities on the University...

Joshua Drake of Zimperium Labs talks to Mike Mimoso about the last year post-Stagefright, the effectiveness of Google’s monthly patching cycle, and some of the security enhancements forthcoming in Android N. Download: Joshua_Drake_on_Post-Stagefright_Android.mp3 Music by Chris Gonsalves

LAS VEGAS – Poor operational security on the part of Nigerian scammers running a Business Email Compromise (BEC) scheme has given researchers a window into their operations. Dell SecureWorks today published a report at Black Hat USA 2016 on what the criminals involved call wire-wire, or “waya-waya.” These attackers aren’t particularly sophisticated malware coders, for...

LAS VEGAS – Credit card companies for the most part have moved away from “swipe and signature” credit cards to chip and pin cards by this point; the technology known as EMV (Europay, MasterCard, and Visa) which is supposed to provide consumers with an added layer of security is beginning to see some wear, according to researchers....

LAS VEGAS—Buried in the pages of the secure configuration guide for Oracle EBusiness Suite 11i is a declaration that SQL injection just isn’t a thing for the ubiquitous enterprise software. “Of the many potential SQL injections we have seen reported, we have yet to find a single confirmed example,” the guide says. “That’s a like...