Profile of Sara Peters

Senior Editor at Dark Reading

Member Since: 3/12/2014
Author
News & Commentary Posts: 471
Comments: 647

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.

Articles by Sara Peters

View Content By Month

GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?

5/25/2018
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
Post a Comment

Dark Reading Conference Call for Speakers Closes Friday

5/21/2018
Don't be shy, security practitioners. Share your best practices at our 2nd annual INsecurity Conference, to be held Oct. 23-25 in Chicago.
Post a Comment

12 Trends Shaping Identity Management

4/26/2018
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
Post a Comment

Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training

4/19/2018
Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable.
Post a Comment

First Public Demo of Data Breach via IoT Hack Comes to RSAC

4/19/2018
At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
Post a Comment

Cyber War Game Shows How Federal Agencies Disagree on Incident Response

4/18/2018
Former officials at DHS, DOJ, and DOD diverge on issues of attribution and defining what constitutes an act of cyber war.
Post a Comment

2018 RSA Conference: Execs Push Cooperation, Culture & Civilian Safety

4/17/2018
On the keynote stage, execs from Microsoft and McAfee introduced a new Cybersecurity Tech Accord.
Post a Comment

Verizon DBIR: Ransomware Attacks Double for Second Year in a Row

4/10/2018
Outside attackers still the biggest problem - except in healthcare.
Post a Comment

One-Third of Internal User Accounts Are 'Ghost Users'

4/4/2018
Attackers and malware can easily move laterally through an organization, thanks to inadequate access controls on file systems and a proliferation of inactive but enabled users.
Post a Comment

UVA Defeats UMBC, in Stunning Upset

3/27/2018
In first trip to Mid-Atlantic Collegiate Cyber Defense Competition, University of Virginia's Cyber Defense Team defeats reigning national champs from University of Maryland, Baltimore County.
Post a Comment

Cybercrime Costs for Financial Sector up 40% Since 2014

2/14/2018
A 9.6% increase just in the past year, and denial-of-service attacks are partly to blame.
Post a Comment

17 Things We Should Have Learned in 2017 But Probably Didn't

12/29/2017
The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn't already have known?
Post a Comment

We're Still Not Ready for GDPR? What is Wrong With Us?

11/17/2017
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
Post a Comment

GDPR Compliance: 5 Early Steps to Get Laggards Going

10/16/2017
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
Post a Comment

How Security Metrics Fail Us & How We Fail Them

9/26/2017
Joseph Carson of Thycotic discusses how infosec professionals buy security products they don't need and make other bad decisions, because of poor use of metrics.
Post a Comment

Attacking Developers Using 'Shadow Containers'

9/15/2017
Sagie Dulce describes why developers are such attractive targets and how the Docker API can be exploited to use one of developers' favorite tools against them in sneaky, obfuscated attacks.
Post a Comment

Tesla Hacks: The Good, The Bad, & The Ugly

9/12/2017
Keen Security Lab found multiple holes in the isolation layer Tesla uses to protect drive systems from infotainment systems, but were impressed by the auto company's security in other ways.
Post a Comment

Attacking Data Integrity & Hacking Radiation Monitoring Devices

9/8/2017
Ruben Santamarta shows radio-based vulnerabilities and investigates how the integrity of critical data can be manipulated to simulate, complicate or exacerbate emergency situations.
Post a Comment

How to Use Purple Teaming for Smarter SOCs

9/7/2017
Justin Harvey explains why the standard blue team vs. red team can be improved upon, and provides tips on doing purple teaming right.
Post a Comment

How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced

9/6/2017
Assistant US Attorney Norman Barbosa visits the Dark Reading News Desk to discuss details of the credit card hacking case that led to an unprecedented 27-year prison sentence.
Post a Comment

Activists Beware: The Latest In 3G & 4G Spying

9/5/2017
Ravi Borgaonkar describes new 3G & 4G vulnerabilities that enable IMSI catchers to be smarter, stealthier snoopers.
Post a Comment

To Improve Diversity, 'Have the Uncomfortable Conversations'

9/5/2017
Jules Okafor of Fortress Information Security explains that diversity efforts cannot shy away from discussions of racism and sexism.
Post a Comment

Mikko Hypponen's Vision of the Cybersecurity Future

9/4/2017
Twenty years from now, will everything be in the Internet of Things, and if so, how does the security industry need to prepare? F-Secure's chief research officer weighs in on this and what else the future promises (and threatens).
Post a Comment

Automated Lateral Movement: Targeted Attack Tools for the Masses

9/1/2017
Tal Be'ery and Tal Maor explain that the most pervasive, worst defended tactic of sophisticated attackers will soon be ready for script kiddies, and release GoFetch: a new lateral movement automation tool.
Post a Comment

Using Market Pressures to Improve Cybersecurity

8/31/2017
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
Post a Comment

St. Jude Pacemaker Gets Firmware Update 'Intended as a Recall'

8/30/2017
The devices that were the subject of a vulnerability disclosure debate last summer now have an FDA-approved fix.
Post a Comment

The Active Directory Botnet

8/30/2017
It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.
Post a Comment

Training Courses for Aspiring Cybercriminals Put Security Education To Shame

8/29/2017
Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.
Post a Comment

IoTCandyJar: A HoneyPot for any IoT Device

8/29/2017
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
Post a Comment

New York's Historic FinSec Regulation Covers DDoS, Not Just Data

8/28/2017
Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.
Post a Comment

Turning Sound Into Keystrokes: Skype & Type

8/25/2017
Don't let your fingers do the talking in a Skype session. The callers on the other end could know what you're writing, researcher Daniele Lain explains.
Post a Comment

Insecure IoT Devices Pose Physical Threat to General Public

8/24/2017
At the car wash, look out for attack robots. Billy Rios discusses how IoT devices could be hacked to physically attack people -- not just on factory floors, but in everyday public settings.
Post a Comment

Dino Dai Zovi Dives Into Container Security, SecDevOps

8/23/2017
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Post a Comment

ShieldFS Hits 'Rewind' on Ransomware

8/18/2017
Federico Maggi and Andrea Continella discuss a new tool to protect filesystems by disrupting and undoing ransomware's encryption activities.
Post a Comment

How Bad Teachers Ruin Good Machine Learning

8/18/2017
Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
Post a Comment

The Shadow Brokers: How They Changed 'Cyber Fear'

8/17/2017
At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.
Post a Comment

Behind the Briefings: How Black Hat Sessions Get Chosen

8/17/2017
Daniel Cuthbert and Stefano Zanero explain what the Black Hat review board is looking for in an abstract submission for the Briefings.
Post a Comment

Look, But Don't Touch: One Key to Better ICS Security

6/26/2017
Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.
Post a Comment

You Have One Year to Make GDPR Your Biggest Security Victory Ever

5/25/2017
The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.
Post a Comment

US-CERT Warns That HTTPS Inspection Tools Weaken TLS

3/16/2017
Turns out that man-in-the-middling your own traffic isn't the safest way to look for man-in-the-middle attacks.
Post a Comment

Women Still Only 11% Of Global InfoSec Workforce

3/15/2017
Career development and mentorship programs make women in cybersecurity feel more valued, increase women's success.
Post a Comment

After Election Interference, RSA Conference Speakers Ask What Comes Next

2/17/2017
Election-tampering called 'a red line we should not allow anyone to cross.'
Post a Comment

Microsoft President Says Tech Industry Should Be 'Neutral Digital Switzerland'

2/14/2017
RSA Conference: Brad Smith also says the world needs a "Digital Geneva Convention" to establish the international rules for nation-state cyber conflict.
Post a Comment

Darkness & Hope On Display At RSA Conference Keynotes

2/14/2017
Attendees start morning with John Lithgow telling them 'Look at how your light shines together.'
Post a Comment

National Security, Regulation, Identity Top Themes At Cloud Security Summit

2/13/2017
Gen. Keith Alexander gives Trump a thumbs-up and Cloud Security Alliance releases a new application.
Post a Comment

White House Announces Retaliatory Measures For Russian Election-Related Hacking

12/29/2016
35 Russian intelligence operatives ejected from the US, and two of the "Cyber Most Wanted" are frozen out by Treasury Department.
Post a Comment

10 Things InfoSec Pros Can Celebrate About 2016

12/29/2016
There were a few items that passed for good news this year.
Post a Comment

Amit Yoran Leaves Dell RSA To Join Tenable As New CEO

12/15/2016
Yoran says recent Dell acquisition of RSA parent company EMC did 'not really' impact his decision to leave.
Post a Comment

Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation

12/1/2016
800,000 domains seized, sinkholed, or blocked, and five individuals arrested, in international effort to bring down botnet linked to 17 major malware families.
Post a Comment

2016's 7 Worst DDoS Attacks So Far

11/28/2016
Rise of booter and stresser services, mostly run on IoT botnets, is fueling DDoS excitement (but the pros aren't impressed).
Post a Comment

Security Experts Call For Regulation On IoT Cybersecurity

11/16/2016
During a House Committee hearing today, Bruce Schneier also asks for the establishment of a new government agency devoted to cybersecurity.
Post a Comment

Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'

11/15/2016
Join us, HackerOne's Alex Rice, and Veracode's Chris Wysopal for the next episode of Dark Reading Radio, today, Wednesday Nov. 16, at 1pmET.
Post a Comment

75,000 Data Protection Officers Needed By 2018 To Handle EU Law

11/9/2016
US alone will need 9,000 DPOs to meet GDPR mandates, says International Association of Privacy Professionals - but don't expect that many new job listings.
Post a Comment

Google Adwords Malvertising Campaign Targets Apple Macs

11/1/2016
Cheeky attackers make their lure an ad for Google Chrome.
Post a Comment

US Should Help Private Sector 'Active Defense,' But Outlaw Hacking Back, Says Task Force

10/31/2016
Task Force at George Washington University suggests ways for government to clear up legal quagmires, improve tools, keep us all out of trouble.
Post a Comment

New Free Tool Stops Petya Ransomware & Rootkits

10/20/2016
Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
Post a Comment

California Victims Of Yahoo Breach Pursue Claims In State, Not Federal Court

10/17/2016
Plaintiffs hope to benefit from California's history of stricter cybersecurity and data privacy law.
Post a Comment

Happy 30th Birthday CFAA!

10/14/2016
Six things we still don’t know about the Computer Fraud and Abuse Act after all this time.
Post a Comment

Online Gaming Currency Funds Cybercrime In Real Life

10/11/2016
You really needed Cristiano Ronaldo or that Doomhammer. Cybercriminals will help you get it for a price, and it's not even entirely illegal.
Post a Comment

Incident Response A Challenge For 98% Of InfoSec Pros

10/6/2016
Too many alerts and too little staff leave security pros swimming in threat intel and begging for automation.
Post a Comment

Researcher Roots Out Security Flaws In Insulin Pumps

10/4/2016
Jay Radcliffe, researcher and diabetic who found the flaws in Johnson & Johnson Animas OneTouch Ping insulin pump, 'would not hesitate' to allow his own children be treated by the device if they were diabetic and advised to do so by physicians.
Post a Comment

Cybercriminals' Superior Business Savvy Keeps Them Ahead

9/30/2016
Rick Holland of Digital Shadows explains how the attackers' superior business agility, faster change management, specialized job force, lower barriers to entry and bulletproof hosting keeps them ahead of the good guys.
Post a Comment

EMV: The Anniversary Of One Deadline, The Eve of Another

9/29/2016
How merchants and criminals responded since the EMV liability shift for point-of-sale devices one year ago. And what changes can we expect after the liability shift for ATMs, which is just days away?
Post a Comment

Improving Security Savvy Of Execs And Board Room

9/28/2016
Jeff Welgan describes how best to improve cybersecurity literacy throughout the C-suite.
Post a Comment

Spam Levels Spike, Thanks In Part To Ransomware

9/23/2016
By shipping banking Trojans and ransomware that turn big profits fast, spammers can now afford the high overhead of high-volume spam campaigns.
Post a Comment

An Open-Source Security Maturity Model

9/23/2016
Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.
Post a Comment

National Health ISAC Calls For Collaborative Vuln Disclosure

9/21/2016
St. Jude Medical to host upcoming workshop on medical device info sharing, convened by NH-ISAC and medical device security consortium.
Post a Comment

How Windows 10 Stops Script-Based Attacks On The Fly

9/21/2016
Move over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.
Post a Comment

How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have

9/20/2016
Jamesha Fisher, Security Operations Engineer of GitHub, visits the Dark Reading News Desk at Black Hat to discuss her work making security more accessible to the uninitiated, and how a predominately white and male information security field can better support women and people of color.
Post a Comment

Stop Blaming Users. Make Security User-Friendly.

9/15/2016
Jelle Niemantsverdriet of Deloitte explains how security improves if security tools and error messages educate users and 'put a smile on someone's face.'
Post a Comment

France's Online Criminal Underground Built On Foundation Of Distrust

9/14/2016
French criminals seeking black market goods and services -- cyber and otherwise -- have to look in darker shadows and work harder to prove their felonious credibility.
Post a Comment

Don't Trust That Trust Mechanism: Vulnerabilities In Digital Certificates

9/14/2016
Tom Nipravsky, security researcher at Deep Instinct, explains how to tell the difference between a digital certificate that's worth your trust and one that isn't.
Post a Comment

Yes, Your Database Can Be Breached Through A Coffee Pot

9/13/2016
Aditya Gupta, CEO of Attify, talks about how to improve Internet of Things security and the very worst scenarios he's encountered in an IoT penetration test.
Post a Comment

Snowden May Help Explain Your Job To Your Family

9/12/2016
Hacking Oliver Stone's new film about whistleblower Edward Snowden.
Post a Comment

Dan Kaminsky On How Not To Lose The Internet As We Know It

9/12/2016
Dan Kaminsky discusses how to improve the security and privacy of the Internet without destroying the openness and freedom to innovate that it has always provided.
Post a Comment

MedSec/Muddy Waters & The Future Of IoT Security

9/2/2016
St. Jude vulnerability report could be test case for vulnerability disclosure.
Post a Comment

Meet Some Of The Emerging Israeli Cybersecurity Firms

8/30/2016
Many are borne out of the entrepreneurial spirit of the Israel Defense Force's Cyber Intelligence Unit 8200. Could any other nation keep up?
Post a Comment

Attacker's Playbook Top 5 Is High On Passwords, Low On Malware

8/18/2016
Report: Penetration testers' five most reliable methods of compromising targets include four different ways to use stolen credentials, but zero ways to exploit software.
Post a Comment

The Future Of ATM Hacking

8/11/2016
Research released at Black Hat USA last week shows that one of our best defenses for the future of payment card and ATM security isn't infallible. Here's why.
Post a Comment

Symantec Discovers Strider, A New CyberEspionage Group

8/8/2016
In action five years, highly selective threat actor has only been known to compromise seven organizations.
Post a Comment

Dark Reading News Desk Coming Back To Black Hat, Live

8/4/2016
Live from Las Vegas: over 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, starting at 2 p.m. ET.
Post a Comment

SentinelOne Offers $1 Million Guarantee To Stop Ransomware

7/26/2016
Jeremiah Grossman continues his crusade to make security vendors take responsibility for their own gear.
Post a Comment

Improving Attribution & Malware Identification With Machine Learning

7/20/2016
New technique may be able to predict not only whether unfamiliar, unknown code is malicious, but also what family it is and who it came from.
Post a Comment

72% of Black Hat Attendees Expect To Be Hit By 'Major' Data Breach Within A Year

7/14/2016
End users are the biggest weakness, and we're not doing enough to address the problem.
Post a Comment

Purple Teaming: Red & Blue Living Together, Mass Hysteria

7/13/2016
When you set focused objectives for the red team, you get your blue team to work the weak muscles they need trained most.
Post a Comment

NATO Ambassador: How The Ukraine Crisis Fits Cyber War Narrative

7/7/2016
Kenneth Geers previews his Black Hat talk and discusses the strategic military maneuvers governments can make within cyberspace.
Post a Comment

The Attribution Question: Does It Matter Who Attacked You?

6/29/2016
Everyone will ask whodunnit, but how can an organization put that information to practical use during disaster recovery and planning for the future?
Post a Comment

Google Accounts Of US Military, Journalists Targeted By Russian Attack Group

6/27/2016
The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks.
Post a Comment

'Smart' Building Industry Mulls Cybersecurity Challenges

6/23/2016
New 'attraction and curiosity' for infosec at the Intelligent Buildings Conference this week.
Post a Comment

Cloud Apps Just As Secure As On-Premise Apps, Say InfoSec Pros

6/9/2016
Unfortunately, 75% of cloud apps will still fall afoul of the new EU General Data Protection Regulation, according to new studies.
Post a Comment

Top Security To-Dos For The Entertainment Industry

6/6/2016
'The biz' has unique security needs. And it isn't only about preventing 'the next Sony.'
Post a Comment

Ransomware Domains Up By 3,500% In Q1

6/1/2016
Cybercriminals know a good thing when they see it.
Post a Comment

Unsung (And Under-Sung) Heroes Of Security

5/25/2016
You've heard of the cybersecurity rock stars, but there are plenty of other major contributors to the industry who deserve kudos. In celebration of Dark Reading's 10th anniversary, meet a few of these folks.
Post a Comment

Dark Reading Not Actually A Sign Of The Apocalypse

5/11/2016
My initial threat assessment of Dark Reading was entirely inaccurate.
Post a Comment

Pro-ISIS Hacking Groups Growing, Unifying, But Still Unskilled

4/28/2016
Flashpoint report outlines the patchwork of hacking groups and the validity of their claims to fame.
Post a Comment

Malware At Root Of Bangladesh Bank Heist Lies To SWIFT Financial Platform

4/25/2016
Customized malware hid $81 million of wire transfers until the money had been safely laundered.
Post a Comment

SpyEye Creators Sentenced To Long Prison Terms

4/21/2016
FBI found that arrest halted the release of nasty SpyEye 2.0.
Post a Comment

Android Year In Review: No Successful Stagefright, Certifigate Exploits

4/19/2016
Plus, Android users who install apps outside of Google Play are 10 times more likely to have installed a potentially harmful application, according to new Google Android Security Year in Review report.
Post a Comment

9 Years Prison, $1.7 Million Fine For Malicious Insider

4/18/2016
Former IT engineer stung for destructive attack on law firm.
Post a Comment

EU Privacy Officials Push Back On Privacy Shield

4/13/2016
Better than Safe Harbor, but not good enough. Should we care what they think?
Post a Comment