Dark Reading News Desk Live at Black Hat USA 2018
8/9/2018Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
Post a Comment
Author
Profile of Sara Peters
Senior Editor at Dark Reading Member Since: 3/12/2014Author
News & Commentary Posts: 472
Comments: 647
Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.
Articles by Sara Peters
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
Post a Comment
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
5/25/2018The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
Post a Comment
Dark Reading Conference Call for Speakers Closes Friday
5/21/2018Don't be shy, security practitioners. Share your best practices at our 2nd annual INsecurity Conference, to be held Oct. 23-25 in Chicago.
Post a Comment
12 Trends Shaping Identity Management
4/26/2018As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
Post a Comment
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
4/19/2018Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable.
Post a Comment
First Public Demo of Data Breach via IoT Hack Comes to RSAC
4/19/2018At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
Post a Comment
Cyber War Game Shows How Federal Agencies Disagree on Incident Response
4/18/2018Former officials at DHS, DOJ, and DOD diverge on issues of attribution and defining what constitutes an act of cyber war.
Post a Comment
2018 RSA Conference: Execs Push Cooperation, Culture & Civilian Safety
4/17/2018On the keynote stage, execs from Microsoft and McAfee introduced a new Cybersecurity Tech Accord.
Post a Comment
Verizon DBIR: Ransomware Attacks Double for Second Year in a Row
4/10/2018Outside attackers still the biggest problem - except in healthcare.
Post a Comment
One-Third of Internal User Accounts Are 'Ghost Users'
4/4/2018Attackers and malware can easily move laterally through an organization, thanks to inadequate access controls on file systems and a proliferation of inactive but enabled users.
Post a Comment
UVA Defeats UMBC, in Stunning Upset
3/27/2018In first trip to Mid-Atlantic Collegiate Cyber Defense Competition, University of Virginia's Cyber Defense Team defeats reigning national champs from University of Maryland, Baltimore County.
Post a Comment
Cybercrime Costs for Financial Sector up 40% Since 2014
2/14/2018A 9.6% increase just in the past year, and denial-of-service attacks are partly to blame.
Post a Comment
17 Things We Should Have Learned in 2017 But Probably Didn't
12/29/2017The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn't already have known?
Post a Comment
We're Still Not Ready for GDPR? What is Wrong With Us?
11/17/2017The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
Post a Comment
GDPR Compliance: 5 Early Steps to Get Laggards Going
10/16/2017If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
Post a Comment
How Security Metrics Fail Us & How We Fail Them
9/26/2017Joseph Carson of Thycotic discusses how infosec professionals buy security products they don't need and make other bad decisions, because of poor use of metrics.
Post a Comment
Attacking Developers Using 'Shadow Containers'
9/15/2017Sagie Dulce describes why developers are such attractive targets and how the Docker API can be exploited to use one of developers' favorite tools against them in sneaky, obfuscated attacks.
Post a Comment
Tesla Hacks: The Good, The Bad, & The Ugly
9/12/2017Keen Security Lab found multiple holes in the isolation layer Tesla uses to protect drive systems from infotainment systems, but were impressed by the auto company's security in other ways.
Post a Comment
Attacking Data Integrity & Hacking Radiation Monitoring Devices
9/8/2017Ruben Santamarta shows radio-based vulnerabilities and investigates how the integrity of critical data can be manipulated to simulate, complicate or exacerbate emergency situations.
Post a Comment
How to Use Purple Teaming for Smarter SOCs
9/7/2017Justin Harvey explains why the standard blue team vs. red team can be improved upon, and provides tips on doing purple teaming right.
Post a Comment
How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced
9/6/2017Assistant US Attorney Norman Barbosa visits the Dark Reading News Desk to discuss details of the credit card hacking case that led to an unprecedented 27-year prison sentence.
Post a Comment
Activists Beware: The Latest In 3G & 4G Spying
9/5/2017Ravi Borgaonkar describes new 3G & 4G vulnerabilities that enable IMSI catchers to be smarter, stealthier snoopers.
Post a Comment
To Improve Diversity, 'Have the Uncomfortable Conversations'
9/5/2017Jules Okafor of Fortress Information Security explains that diversity efforts cannot shy away from discussions of racism and sexism.
Post a Comment
Mikko Hypponen's Vision of the Cybersecurity Future
9/4/2017Twenty years from now, will everything be in the Internet of Things, and if so, how does the security industry need to prepare? F-Secure's chief research officer weighs in on this and what else the future promises (and threatens).
Post a Comment
Automated Lateral Movement: Targeted Attack Tools for the Masses
9/1/2017Tal Be'ery and Tal Maor explain that the most pervasive, worst defended tactic of sophisticated attackers will soon be ready for script kiddies, and release GoFetch: a new lateral movement automation tool.
Post a Comment
Using Market Pressures to Improve Cybersecurity
8/31/2017Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
Post a Comment
St. Jude Pacemaker Gets Firmware Update 'Intended as a Recall'
8/30/2017The devices that were the subject of a vulnerability disclosure debate last summer now have an FDA-approved fix.
Post a Comment
The Active Directory Botnet
8/30/2017It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.
Post a Comment
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
8/29/2017Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.
Post a Comment
IoTCandyJar: A HoneyPot for any IoT Device
8/29/2017Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
Post a Comment
New York's Historic FinSec Regulation Covers DDoS, Not Just Data
8/28/2017Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.
Post a Comment
Turning Sound Into Keystrokes: Skype & Type
8/25/2017Don't let your fingers do the talking in a Skype session. The callers on the other end could know what you're writing, researcher Daniele Lain explains.
Post a Comment
Insecure IoT Devices Pose Physical Threat to General Public
8/24/2017At the car wash, look out for attack robots. Billy Rios discusses how IoT devices could be hacked to physically attack people -- not just on factory floors, but in everyday public settings.
Post a Comment
Dino Dai Zovi Dives Into Container Security, SecDevOps
8/23/2017Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Post a Comment
ShieldFS Hits 'Rewind' on Ransomware
8/18/2017Federico Maggi and Andrea Continella discuss a new tool to protect filesystems by disrupting and undoing ransomware's encryption activities.
Post a Comment
How Bad Teachers Ruin Good Machine Learning
8/18/2017Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
Post a Comment
The Shadow Brokers: How They Changed 'Cyber Fear'
8/17/2017At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.
Post a Comment
Behind the Briefings: How Black Hat Sessions Get Chosen
8/17/2017Daniel Cuthbert and Stefano Zanero explain what the Black Hat review board is looking for in an abstract submission for the Briefings.
Post a Comment
Look, But Don't Touch: One Key to Better ICS Security
6/26/2017Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.
Post a Comment
You Have One Year to Make GDPR Your Biggest Security Victory Ever
5/25/2017The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.
Post a Comment
US-CERT Warns That HTTPS Inspection Tools Weaken TLS
3/16/2017Turns out that man-in-the-middling your own traffic isn't the safest way to look for man-in-the-middle attacks.
Post a Comment
Women Still Only 11% Of Global InfoSec Workforce
3/15/2017Career development and mentorship programs make women in cybersecurity feel more valued, increase women's success.
Post a Comment
After Election Interference, RSA Conference Speakers Ask What Comes Next
2/17/2017Election-tampering called 'a red line we should not allow anyone to cross.'
Post a Comment
Microsoft President Says Tech Industry Should Be 'Neutral Digital Switzerland'
2/14/2017RSA Conference: Brad Smith also says the world needs a "Digital Geneva Convention" to establish the international rules for nation-state cyber conflict.
Post a Comment
Darkness & Hope On Display At RSA Conference Keynotes
2/14/2017Attendees start morning with John Lithgow telling them 'Look at how your light shines together.'
Post a Comment
National Security, Regulation, Identity Top Themes At Cloud Security Summit
2/13/2017Gen. Keith Alexander gives Trump a thumbs-up and Cloud Security Alliance releases a new application.
Post a Comment
White House Announces Retaliatory Measures For Russian Election-Related Hacking
12/29/201635 Russian intelligence operatives ejected from the US, and two of the "Cyber Most Wanted" are frozen out by Treasury Department.
Post a Comment
10 Things InfoSec Pros Can Celebrate About 2016
12/29/2016There were a few items that passed for good news this year.
Post a Comment
Amit Yoran Leaves Dell RSA To Join Tenable As New CEO
12/15/2016Yoran says recent Dell acquisition of RSA parent company EMC did 'not really' impact his decision to leave.
Post a Comment
Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation
12/1/2016800,000 domains seized, sinkholed, or blocked, and five individuals arrested, in international effort to bring down botnet linked to 17 major malware families.
Post a Comment
2016's 7 Worst DDoS Attacks So Far
11/28/2016Rise of booter and stresser services, mostly run on IoT botnets, is fueling DDoS excitement (but the pros aren't impressed).
Post a Comment
Security Experts Call For Regulation On IoT Cybersecurity
11/16/2016During a House Committee hearing today, Bruce Schneier also asks for the establishment of a new government agency devoted to cybersecurity.
Post a Comment
Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'
11/15/2016Join us, HackerOne's Alex Rice, and Veracode's Chris Wysopal for the next episode of Dark Reading Radio, today, Wednesday Nov. 16, at 1pmET.
Post a Comment
75,000 Data Protection Officers Needed By 2018 To Handle EU Law
11/9/2016US alone will need 9,000 DPOs to meet GDPR mandates, says International Association of Privacy Professionals - but don't expect that many new job listings.
Post a Comment
Google Adwords Malvertising Campaign Targets Apple Macs
11/1/2016Cheeky attackers make their lure an ad for Google Chrome.
Post a Comment
US Should Help Private Sector 'Active Defense,' But Outlaw Hacking Back, Says Task Force
10/31/2016Task Force at George Washington University suggests ways for government to clear up legal quagmires, improve tools, keep us all out of trouble.
Post a Comment
New Free Tool Stops Petya Ransomware & Rootkits
10/20/2016Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
Post a Comment
California Victims Of Yahoo Breach Pursue Claims In State, Not Federal Court
10/17/2016Plaintiffs hope to benefit from California's history of stricter cybersecurity and data privacy law.
Post a Comment
Happy 30th Birthday CFAA!
10/14/2016Six things we still don’t know about the Computer Fraud and Abuse Act after all this time.
Post a Comment
Online Gaming Currency Funds Cybercrime In Real Life
10/11/2016You really needed Cristiano Ronaldo or that Doomhammer. Cybercriminals will help you get it for a price, and it's not even entirely illegal.
Post a Comment
Incident Response A Challenge For 98% Of InfoSec Pros
10/6/2016Too many alerts and too little staff leave security pros swimming in threat intel and begging for automation.
Post a Comment
Researcher Roots Out Security Flaws In Insulin Pumps
10/4/2016Jay Radcliffe, researcher and diabetic who found the flaws in Johnson & Johnson Animas OneTouch Ping insulin pump, 'would not hesitate' to allow his own children be treated by the device if they were diabetic and advised to do so by physicians.
Post a Comment
Cybercriminals' Superior Business Savvy Keeps Them Ahead
9/30/2016Rick Holland of Digital Shadows explains how the attackers' superior business agility, faster change management, specialized job force, lower barriers to entry and bulletproof hosting keeps them ahead of the good guys.
Post a Comment
EMV: The Anniversary Of One Deadline, The Eve of Another
9/29/2016How merchants and criminals responded since the EMV liability shift for point-of-sale devices one year ago. And what changes can we expect after the liability shift for ATMs, which is just days away?
Post a Comment
Improving Security Savvy Of Execs And Board Room
9/28/2016Jeff Welgan describes how best to improve cybersecurity literacy throughout the C-suite.
Post a Comment
Spam Levels Spike, Thanks In Part To Ransomware
9/23/2016By shipping banking Trojans and ransomware that turn big profits fast, spammers can now afford the high overhead of high-volume spam campaigns.
Post a Comment
An Open-Source Security Maturity Model
9/23/2016Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.
Post a Comment
National Health ISAC Calls For Collaborative Vuln Disclosure
9/21/2016St. Jude Medical to host upcoming workshop on medical device info sharing, convened by NH-ISAC and medical device security consortium.
Post a Comment
How Windows 10 Stops Script-Based Attacks On The Fly
9/21/2016Move over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.
Post a Comment
How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have
9/20/2016Jamesha Fisher, Security Operations Engineer of GitHub, visits the Dark Reading News Desk at Black Hat to discuss her work making security more accessible to the uninitiated, and how a predominately white and male information security field can better support women and people of color.
Post a Comment
Stop Blaming Users. Make Security User-Friendly.
9/15/2016Jelle Niemantsverdriet of Deloitte explains how security improves if security tools and error messages educate users and 'put a smile on someone's face.'
Post a Comment
France's Online Criminal Underground Built On Foundation Of Distrust
9/14/2016French criminals seeking black market goods and services -- cyber and otherwise -- have to look in darker shadows and work harder to prove their felonious credibility.
Post a Comment
Don't Trust That Trust Mechanism: Vulnerabilities In Digital Certificates
9/14/2016Tom Nipravsky, security researcher at Deep Instinct, explains how to tell the difference between a digital certificate that's worth your trust and one that isn't.
Post a Comment
Yes, Your Database Can Be Breached Through A Coffee Pot
9/13/2016Aditya Gupta, CEO of Attify, talks about how to improve Internet of Things security and the very worst scenarios he's encountered in an IoT penetration test.
Post a Comment
Snowden May Help Explain Your Job To Your Family
9/12/2016Hacking Oliver Stone's new film about whistleblower Edward Snowden.
Post a Comment
Dan Kaminsky On How Not To Lose The Internet As We Know It
9/12/2016Dan Kaminsky discusses how to improve the security and privacy of the Internet without destroying the openness and freedom to innovate that it has always provided.
Post a Comment
MedSec/Muddy Waters & The Future Of IoT Security
9/2/2016St. Jude vulnerability report could be test case for vulnerability disclosure.
Post a Comment
Meet Some Of The Emerging Israeli Cybersecurity Firms
8/30/2016Many are borne out of the entrepreneurial spirit of the Israel Defense Force's Cyber Intelligence Unit 8200. Could any other nation keep up?
Post a Comment
Attacker's Playbook Top 5 Is High On Passwords, Low On Malware
8/18/2016Report: Penetration testers' five most reliable methods of compromising targets include four different ways to use stolen credentials, but zero ways to exploit software.
Post a Comment
The Future Of ATM Hacking
8/11/2016Research released at Black Hat USA last week shows that one of our best defenses for the future of payment card and ATM security isn't infallible. Here's why.
Post a Comment
Symantec Discovers Strider, A New CyberEspionage Group
8/8/2016In action five years, highly selective threat actor has only been known to compromise seven organizations.
Post a Comment
Dark Reading News Desk Coming Back To Black Hat, Live
8/4/2016Live from Las Vegas: over 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, starting at 2 p.m. ET.
Post a Comment
SentinelOne Offers $1 Million Guarantee To Stop Ransomware
7/26/2016Jeremiah Grossman continues his crusade to make security vendors take responsibility for their own gear.
Post a Comment
Improving Attribution & Malware Identification With Machine Learning
7/20/2016New technique may be able to predict not only whether unfamiliar, unknown code is malicious, but also what family it is and who it came from.
Post a Comment
72% of Black Hat Attendees Expect To Be Hit By 'Major' Data Breach Within A Year
7/14/2016End users are the biggest weakness, and we're not doing enough to address the problem.
Post a Comment
Purple Teaming: Red & Blue Living Together, Mass Hysteria
7/13/2016When you set focused objectives for the red team, you get your blue team to work the weak muscles they need trained most.
Post a Comment
NATO Ambassador: How The Ukraine Crisis Fits Cyber War Narrative
7/7/2016Kenneth Geers previews his Black Hat talk and discusses the strategic military maneuvers governments can make within cyberspace.
Post a Comment
The Attribution Question: Does It Matter Who Attacked You?
6/29/2016Everyone will ask whodunnit, but how can an organization put that information to practical use during disaster recovery and planning for the future?
Post a Comment
Google Accounts Of US Military, Journalists Targeted By Russian Attack Group
6/27/2016The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks.
Post a Comment
'Smart' Building Industry Mulls Cybersecurity Challenges
6/23/2016New 'attraction and curiosity' for infosec at the Intelligent Buildings Conference this week.
Post a Comment
Cloud Apps Just As Secure As On-Premise Apps, Say InfoSec Pros
6/9/2016Unfortunately, 75% of cloud apps will still fall afoul of the new EU General Data Protection Regulation, according to new studies.
Post a Comment
Top Security To-Dos For The Entertainment Industry
6/6/2016'The biz' has unique security needs. And it isn't only about preventing 'the next Sony.'
Post a Comment
Ransomware Domains Up By 3,500% In Q1
6/1/2016Cybercriminals know a good thing when they see it.
Post a Comment
Unsung (And Under-Sung) Heroes Of Security
5/25/2016You've heard of the cybersecurity rock stars, but there are plenty of other major contributors to the industry who deserve kudos. In celebration of Dark Reading's 10th anniversary, meet a few of these folks.
Post a Comment
Dark Reading Not Actually A Sign Of The Apocalypse
5/11/2016My initial threat assessment of Dark Reading was entirely inaccurate.
Post a Comment
Pro-ISIS Hacking Groups Growing, Unifying, But Still Unskilled
4/28/2016Flashpoint report outlines the patchwork of hacking groups and the validity of their claims to fame.
Post a Comment
Malware At Root Of Bangladesh Bank Heist Lies To SWIFT Financial Platform
4/25/2016Customized malware hid $81 million of wire transfers until the money had been safely laundered.
Post a Comment
SpyEye Creators Sentenced To Long Prison Terms
4/21/2016FBI found that arrest halted the release of nasty SpyEye 2.0.
Post a Comment
Android Year In Review: No Successful Stagefright, Certifigate Exploits
4/19/2016Plus, Android users who install apps outside of Google Play are 10 times more likely to have installed a potentially harmful application, according to new Google Android Security Year in Review report.
Post a Comment
9 Years Prison, $1.7 Million Fine For Malicious Insider
4/18/2016Former IT engineer stung for destructive attack on law firm.
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This