LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search for and spread between networked programmable logic controllers (PLCs). PLC-Blaster was designed to target Siemens SIMATIC...

LAS VEGAS—Gunter Ollmann, CSO at Vectra networks, talks to Mike Mimoso at Black Hat about ransomware as a prototype for malware going forward, as well as the long-term future of exploit kits and whether IoT is something that can be secured sooner rather than later. Download: Gunter_Ollman_on_Ransomware_Exploit_Kits_and_IoT.mp3 Music by Chris Gonsalves

LAS VEGAS—There’s been an abundance of attacks against crypto over the last few years but a much simpler, scarier threat, cookie hijacking, remains significantly overlooked in the eyes of researchers. Two academics, Suphannee Sivakorn, a PhD student at Columbia University, and Jason Polakis, an assistant professor at the University of Illinois discussed just how woefully inadequate...

LAS VEGAS—Charlie Miller and Chris Valasek figuratively drove off into the sunset today at Black Hat, hanging up their car hacking exploits for good and leaving behind a pioneering legacy that elevated this type of research into the mainstream. “It’s time someone else pick it up,” Valasek said. “We did our part and it’s time...

Joshua Drake of Zimperium Labs talks to Mike Mimoso about the last year post-Stagefright, the effectiveness of Google’s monthly patching cycle, and some of the security enhancements forthcoming in Android N. Download: Joshua_Drake_on_Post-Stagefright_Android.mp3 Music by Chris Gonsalves

LAS VEGAS—Buried in the pages of the secure configuration guide for Oracle EBusiness Suite 11i is a declaration that SQL injection just isn’t a thing for the ubiquitous enterprise software. “Of the many potential SQL injections we have seen reported, we have yet to find a single confirmed example,” the guide says. “That’s a like...

LAS VEGAS – There is no guarantee that the internet will succeed. And if we aren’t careful we can really screw it up. It has happened before and we can do it again. The warning comes from technologist Dan Kaminsky who says there is a need to treat the internet similarly to the way the...

LAS VEGAS – The FREAK, LOGJAM and DROWN attacks of the last 17 months weren’t just the work of academics and security researchers who found a cool way to unmask encrypted traffic. They were ugly reminders of the Crypto Wars of the 1990s and why export-grade cryptography and intentional encryption backdoors are fraught with potential...

LAS VEGAS — Black market machine trading of PC and server resources is maturing at alarming speeds. Underground networks such as xDedic have fine-tuned their compute platform to the point where they are almost indistinguishable to legitimate networks such as Amazon Web Services and Rackspace. Those observations come from Israel Barak, head of incident response...

LAS VEGAS — A government project in the works since 2013 is set to conclude Thursday at DEF CON when DARPA’s Cyber Grand Challenge culminates with a competition it’s calling the CGC Final Event. The challenge will mirror Capture the Flag competitions usually held at the hacking conference. CTF contests pit groups of hackers against each other to explore code, identify weaknesses...