Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
May 10-13, 2022
Hybrid/Marina Bay Sands, Singapore
Black Hat USA
August 6-11, 2022
Las Vegas, NV, USA
Black Hat Europe
December 5-8, 2022
London
End of Bibblio RCM includes -->
9/25/2018
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates

Black Hat Europe Returns to The Excel in London December 3-6

Get expert insight into stopping 'deep fakes', blockchain attacks, and Windows 10 vulnerabilities.

Black Hat returns to London in early December and it promises to be the place to be if you’re after the very latest in information security research, development, training, and trends.

To give you a sense of what’s in store for you at the show, take a moment to check out the cutting-edge briefings described below. From blockchain security to "deep fake" detection, these briefings are designed to equip you with the tools and techniques you need to deal with today’s top threats.

In AI Gone Rogue: Exterminating Deep Fakes Before They Cause Menace, Symantic’s Niranjan Agnihotri and Vijay Thaware will walk you through some of the many aspects of the AI-driven "deep fake" tech that’s been used to blend human appearances in images and video.

This technology poses a real threat to anyone who values their image, and in their talk Agnihotri and Thaware will demonstrate how to identify "deep fake" videos using deep learning. They’ll show you how this can be achieved using a pre-trained FaceNet model, and how that model can be trained on image data of people of importance or concern. After training, the output of the final layer is stored in a database. A set of sampled images from a video will be passed through the neural network and the output of the final layer from the neural network will be compared to values stored in the database to confirm their authenticity. Don’t miss it!

MIT security researcher Takuya Watanabe’s Black Hat Europe 2018 briefing - I Block You Because I Love You: Social Account Identification Attack Against a Website Visitor - is an exciting presentation of a practical side-channel attack that identifies the social web service account of a visitor to an attacker's website. As user pages and profiles in social web services generally include his/her name and activities, the anonymity of a website visitor can be easily destroyed by identifying the social account.

This is a big deal for the privacy-minded, and Watanabe plans to show you how the attack achieves 100 percent accuracy - and finishes within a sufficiently short time in a practical setting. He claims the team behind it has verified it works against at least 12 major sites (including Facebook, Instagram, Tumblr, Google+, Twitter, eBay, PornHub, and Xbox Live), though at least some have been able to safeguard against the attack and after they were provided with details and potential counter-measures. See for yourself by coming to the briefing!

If you have any interest in Windows vulnerabilities, make sure to make time for When Everyone's Dog is Named Fluffy: Abusing the Brand New Security Questions in Windows 10 to Gain Domain-Wide Persistence. Presented by Illusive Networks security researcher Magal Baz, this session will reveal an effective approach attackers can use to hold on to ill-gotten domains, exploiting new opportunities offered by the Windows 10 security questions feature.

You’ll want to attend this briefing because the new feature, introduced this April, is a good example of how a well-intended idea can become a security nightmare. It allows a user to provide security questions and answers which he can later use to regain access to a local account. Baz and her team dug into the implementation of this feature and discovered that it can be abused to create a very durable, low-profile backdoor. Once an attacker compromises a network, this backdoor can be remotely distributed to any Win 10 machine in the network - without even executing code on the targeted machine. Be sure to make time and see Baz present this method, and the challenges faced while implementing it!

Last but not least, Kudelski Security vice president of of technology Jean-Philippe Aumasson will  deliver an intriguing talk on Attacking and Defending Blockchains: From Horror Stories to Secure Wallets. He’ll review some of the most spectacular security failures in blockchain systems, describe how millions of dollars’ worth of tokens could have been stolen (but weren’t), and present examples of bugs found in popular Bitcoin software utilities.

He’ll also review the different types of wallets and discuss the pros, cons, risks and benefits of hardware-based wallets for individuals, organizations, and trading platforms. Aumasson is an experienced blockchain systems auditor and security professional, and in this talk he plans to demonstrate how you can mitigate your blockchain risks.

Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
//Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42247
PUBLISHED: 2022-10-03
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
CVE-2022-41443
PUBLISHED: 2022-10-03
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
CVE-2022-33882
PUBLISHED: 2022-10-03
Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.
CVE-2022-42306
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
CVE-2022-42307
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.