Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates

Black Hat Europe Returns to The Excel in London December 3-6

Get expert insight into stopping 'deep fakes', blockchain attacks, and Windows 10 vulnerabilities.

Black Hat returns to London in early December and it promises to be the place to be if you’re after the very latest in information security research, development, training, and trends.

To give you a sense of what’s in store for you at the show, take a moment to check out the cutting-edge briefings described below. From blockchain security to "deep fake" detection, these briefings are designed to equip you with the tools and techniques you need to deal with today’s top threats.

In AI Gone Rogue: Exterminating Deep Fakes Before They Cause Menace, Symantic’s Niranjan Agnihotri and Vijay Thaware will walk you through some of the many aspects of the AI-driven "deep fake" tech that’s been used to blend human appearances in images and video.

This technology poses a real threat to anyone who values their image, and in their talk Agnihotri and Thaware will demonstrate how to identify "deep fake" videos using deep learning. They’ll show you how this can be achieved using a pre-trained FaceNet model, and how that model can be trained on image data of people of importance or concern. After training, the output of the final layer is stored in a database. A set of sampled images from a video will be passed through the neural network and the output of the final layer from the neural network will be compared to values stored in the database to confirm their authenticity. Don’t miss it!

MIT security researcher Takuya Watanabe’s Black Hat Europe 2018 briefing - I Block You Because I Love You: Social Account Identification Attack Against a Website Visitor - is an exciting presentation of a practical side-channel attack that identifies the social web service account of a visitor to an attacker's website. As user pages and profiles in social web services generally include his/her name and activities, the anonymity of a website visitor can be easily destroyed by identifying the social account.

This is a big deal for the privacy-minded, and Watanabe plans to show you how the attack achieves 100 percent accuracy - and finishes within a sufficiently short time in a practical setting. He claims the team behind it has verified it works against at least 12 major sites (including Facebook, Instagram, Tumblr, Google+, Twitter, eBay, PornHub, and Xbox Live), though at least some have been able to safeguard against the attack and after they were provided with details and potential counter-measures. See for yourself by coming to the briefing!

If you have any interest in Windows vulnerabilities, make sure to make time for When Everyone's Dog is Named Fluffy: Abusing the Brand New Security Questions in Windows 10 to Gain Domain-Wide Persistence. Presented by Illusive Networks security researcher Magal Baz, this session will reveal an effective approach attackers can use to hold on to ill-gotten domains, exploiting new opportunities offered by the Windows 10 security questions feature.

You’ll want to attend this briefing because the new feature, introduced this April, is a good example of how a well-intended idea can become a security nightmare. It allows a user to provide security questions and answers which he can later use to regain access to a local account. Baz and her team dug into the implementation of this feature and discovered that it can be abused to create a very durable, low-profile backdoor. Once an attacker compromises a network, this backdoor can be remotely distributed to any Win 10 machine in the network - without even executing code on the targeted machine. Be sure to make time and see Baz present this method, and the challenges faced while implementing it!

Last but not least, Kudelski Security vice president of of technology Jean-Philippe Aumasson will  deliver an intriguing talk on Attacking and Defending Blockchains: From Horror Stories to Secure Wallets. He’ll review some of the most spectacular security failures in blockchain systems, describe how millions of dollars’ worth of tokens could have been stolen (but weren’t), and present examples of bugs found in popular Bitcoin software utilities.

He’ll also review the different types of wallets and discuss the pros, cons, risks and benefits of hardware-based wallets for individuals, organizations, and trading platforms. Aumasson is an experienced blockchain systems auditor and security professional, and in this talk he plans to demonstrate how you can mitigate your blockchain risks.

Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This gives a new meaning to blind leading the blind.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-16
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
PUBLISHED: 2021-06-16
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link vers...
PUBLISHED: 2021-06-16
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. ...
PUBLISHED: 2021-06-16
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-5...
PUBLISHED: 2021-06-16
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using...