41 matches found
All the places you can see and hear Talos at Black Hat 2019
It is once again time for Security Summer Camp – the annual week when security experts descend upon Las Vegas for Black Hat and DEFCON. Talos will be around all week, but we want to start off with a Black Hat preview — the Defcon one will be here later today. Throughout the conference, Talos...
Practical advice for earning higher Microsoft bounty awards
This year at the Nullcon International Security Conference I shared practical advice for how security researchers can maximize the impact of their security vulnerability submissions and earn higher bounty awards under the Microsoft Bounty Program. For those who couldn’t be there, I had two core...
Beers with Talos EP44: Fun with 2018’s Worst and Talks We Want to Hear
Beers with Talos BWT Podcast Ep. 44 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 44 show notes: Recorded Jan. 7, 2019 Most of the episode after an extended roundtable — we all had a lot to get out after tim...
Click Here to Kill Everybody News
My latest book is doing well. And I've been giving lots of talks and interviews about it. I can recommend three interviews: the Cyberlaw podcast with Stewart Baker, the Lawfare podcast with Ben Wittes, and Le Show with Henry Shearer. My book talk at Google is also available. The Audible version w...
Beers with Talos EP 39: VB 2018 Rundown and Prevalent Problems with PDF
Beers with Talos BWT Podcast Ep. 39 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 39 show notes: Recorded Oct. 5, 2018 - We start out with a quick chat to get to know this week’s special guests from the Talo...
BruCON Primer: 10 Years and Cisco Talos Talks
Cisco Talos will have a significant presence at the 10th edition of BruCON, which kicks off this week. Below, you will find the presentations that Talos researchers will give, along with a brief overview of the topics they will discuss. We are fortunate to have multiple speakers presenting this...
WordPress WordCamp Talks plugin <= 1.0.0-beta2 - Formula injection via CSV exports
The WordCamp Talks plugin does not sanitize CSV exports properly, which can lead to spreadsheet formula injection via malicious user input. Solution Update the plugin...
WordCamp Talks <= 1.0.0-beta2 - Formula injection via CSV exports
Fixed in version 1.0.0-beta3...
July 20, 2017 – Morning Cyber Coffee Headlines – “British Open” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 20, 2017 - Headlines Carbon Black in the News: The dark web goes corporate...
Ian Dunn: HTML injection-WordCamp Talks plugin
This report was about the possibility to inject malicious HTML into wp-admin via comments on the talks post type. Examples of malicious input were: The report suggested that those input could be used in phishing attacks, since the images would be displayed in wp-admin, where an administrator migh...
The Money Talks Slot - Dynamic Code Loading, External URLs, Possible privilege escalation vulnerabilities
HackApp vulnerability scanner discovered that application The Money Talks Slot published at the 'play' market has multiple vulnerabilities...
Photo talks - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Photo talks published at the 'play' market has multiple vulnerabilities...
Duqu Resurfaces With New Round of Victims, Including Kaspersky Lab
The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims,...
How to Fail at Black Hat
Every summer, the hacker intelligentsia descends on Las Vegas like a swarm of thirsty locusts that spends seven days chasing free drinks and avoiding sunlight at all costs. Black Hat and DEF CON week can be an overwhelming and confusing experience, especially for the uninitiated or agoraphobic. B...
Ryan Naraine on the Security Analyst Summit 2013
Dennis Fisher talks with Ryan Naraine, the founding editor of Threatpost, about the Security Analyst Summit in San Juan, the reason why so many talks at security conferences sound the same and why surprise talks are so valuable. Download: digitalunderground111 Podcast audio courtesy of sykboy65...
ClubHack 2012 Hacking and Security Conference
Carrying reputation of being India's choicest and oldest hacker's conference, Team ClubHack proudly brings the 6th edition of ClubHack Hacking and Security Conference with more exciting activities. ClubHack 2012 hacker's convention will be held from Nov. 30th to Dec 3rd, 2012 in Pune, India...
Feds Show Up at DEF CON and Black Hat, But This Time to Talk, Not Snoop
LAS VEGAS–The Black Hat conference is now officially an adolescent, and like most in that age group, it has gone through some growing pains in its life. Once criticized for giving too much of a platform for offensive research, and then, after its sale a few years ago to a media conglomerate, ding...
Getting down to business
An exclusive gathering, the conference takes place in a single meeting room at Florida International University. Talks are short – most limited to around 30 minutes, with quite a few clocking in at around 15 minutes. The organizers also leave room for so-called unsolicited response sessions, wher...
DerbyCon Security Conference 2011
We are happy to announce that Offensive Security will be sponsoring DerbyCon. DerbyCon is a new hacker conference located in Louisville Kentucky. Our goal is to bring back an old style, community driven hacker con chocked full of amazing talks, live events and all around fun. The idea for DerbyCo...
Yahoo India R&D to Host 'HACK U' for IIT Kharagpur Students !
Yahoo! India R&D will be hosting 'HACK U'– the University Hack Day event for IIT Kharagpur students on campus between 17 and 20 March. Close to 250 students are expected to participate in this four day event of learning, hacking and fun, which is part of Yahoo!'s on-going commitment to nurture...