Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
May 10-13, 2022
Hybrid/Marina Bay Sands, Singapore
Black Hat USA
August 6-11, 2022
Las Vegas, NV, USA
Black Hat Europe
December 5-8, 2022
London
End of Bibblio RCM includes -->
9/25/2018
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates

Black Hat Europe Returns to The Excel in London December 3-6

Get expert insight into stopping 'deep fakes', blockchain attacks, and Windows 10 vulnerabilities.

Black Hat returns to London in early December and it promises to be the place to be if you’re after the very latest in information security research, development, training, and trends.

To give you a sense of what’s in store for you at the show, take a moment to check out the cutting-edge briefings described below. From blockchain security to "deep fake" detection, these briefings are designed to equip you with the tools and techniques you need to deal with today’s top threats.

In AI Gone Rogue: Exterminating Deep Fakes Before They Cause Menace, Symantic’s Niranjan Agnihotri and Vijay Thaware will walk you through some of the many aspects of the AI-driven "deep fake" tech that’s been used to blend human appearances in images and video.

This technology poses a real threat to anyone who values their image, and in their talk Agnihotri and Thaware will demonstrate how to identify "deep fake" videos using deep learning. They’ll show you how this can be achieved using a pre-trained FaceNet model, and how that model can be trained on image data of people of importance or concern. After training, the output of the final layer is stored in a database. A set of sampled images from a video will be passed through the neural network and the output of the final layer from the neural network will be compared to values stored in the database to confirm their authenticity. Don’t miss it!

MIT security researcher Takuya Watanabe’s Black Hat Europe 2018 briefing - I Block You Because I Love You: Social Account Identification Attack Against a Website Visitor - is an exciting presentation of a practical side-channel attack that identifies the social web service account of a visitor to an attacker's website. As user pages and profiles in social web services generally include his/her name and activities, the anonymity of a website visitor can be easily destroyed by identifying the social account.

This is a big deal for the privacy-minded, and Watanabe plans to show you how the attack achieves 100 percent accuracy - and finishes within a sufficiently short time in a practical setting. He claims the team behind it has verified it works against at least 12 major sites (including Facebook, Instagram, Tumblr, Google+, Twitter, eBay, PornHub, and Xbox Live), though at least some have been able to safeguard against the attack and after they were provided with details and potential counter-measures. See for yourself by coming to the briefing!

If you have any interest in Windows vulnerabilities, make sure to make time for When Everyone's Dog is Named Fluffy: Abusing the Brand New Security Questions in Windows 10 to Gain Domain-Wide Persistence. Presented by Illusive Networks security researcher Magal Baz, this session will reveal an effective approach attackers can use to hold on to ill-gotten domains, exploiting new opportunities offered by the Windows 10 security questions feature.

You’ll want to attend this briefing because the new feature, introduced this April, is a good example of how a well-intended idea can become a security nightmare. It allows a user to provide security questions and answers which he can later use to regain access to a local account. Baz and her team dug into the implementation of this feature and discovered that it can be abused to create a very durable, low-profile backdoor. Once an attacker compromises a network, this backdoor can be remotely distributed to any Win 10 machine in the network - without even executing code on the targeted machine. Be sure to make time and see Baz present this method, and the challenges faced while implementing it!

Last but not least, Kudelski Security vice president of of technology Jean-Philippe Aumasson will  deliver an intriguing talk on Attacking and Defending Blockchains: From Horror Stories to Secure Wallets. He’ll review some of the most spectacular security failures in blockchain systems, describe how millions of dollars’ worth of tokens could have been stolen (but weren’t), and present examples of bugs found in popular Bitcoin software utilities.

He’ll also review the different types of wallets and discuss the pros, cons, risks and benefits of hardware-based wallets for individuals, organizations, and trading platforms. Aumasson is an experienced blockchain systems auditor and security professional, and in this talk he plans to demonstrate how you can mitigate your blockchain risks.

Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
//Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45909
PUBLISHED: 2022-11-26
drachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request.
CVE-2022-45907
PUBLISHED: 2022-11-26
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
CVE-2022-45908
PUBLISHED: 2022-11-26
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.
CVE-2022-44843
PUBLISHED: 2022-11-25
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.
CVE-2022-44844
PUBLISHED: 2022-11-25
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.