informa
/
Vulnerabilities/Threats
News

Dark Reading Virtual News Desk Returns to Black Hat

Coming to you prerecorded from home offices around the world!

Aug. 4, 2021 – The Dark Reading News Desk has, in previous years, come to you live from Las Vegas with a lineup of live video interviews with top security researchers about what they're presenting at Black Hat USA. Last year and this year, things have looked a little different.

In 2020, Black Hat USA and the Dark Reading News Desk had their first-ever virtual conference, moving out of Vegas and onto the Internet. This year, some attendees will be at Mandalay Bay, and some will be tuning in remotely as the show takes a hybrid approach for 2021. The Dark Reading News Desk remains virtual, bringing you prerecorded interviews with security experts from around the world.

Interviews will begin going live at Black Hat Virtual and on Dark Reading on Wednesday, Aug. 4, at 2 p.m. ET/11 a.m. PT. Attendees tuning in virtually can find the interviews by visiting the show's "Dark Reading News Desk" tab. No conference pass? No worries. Keep your eyes on this page, where we will update with links to new videos as they become available.

Below is the programming schedule for the 2021 Dark Reading News Desk:

DAY 1: Wednesday, Aug. 4

How Threat Analysts Learned from Attackers' OpSec Mistakes: In their investigation of state-sponsored threat group ITG18, or "Charming Kitten," IBM X-Force researchers found attackers' operational security errors revealed intimate details about their entire operation. Here, they discuss what they learned and how their findings can aid enterprise security teams. (For further reading, see Kelly Sheridan's piece on Dark Reading.)

Watch now: 

(Sponsored): Dark Reading News Desk Talks to Cisco Secure: Eyes, facial recognition, and fingerprints are all biometric approaches to identity and authentication. But bad actors have already begun hatching plans that copy or subvert these techniques, so Cisco Secure's advisory CISO Wolf Goerlich says users can still protect themselves with biometrics — if they're deployed properly.

Watch now:

You Gotta Fight for Your Right to Repair Your Robots: Good luck fixing the security vulnerability in that $100,000 piece of industrial robotics equipment. The industry’s practices of planned obsolescence and closed systems make repairs unlikely to happen (and security problems likely to remain). Federico Maggi and Victor Mayoral-Vilches discuss their session "Small Wonder: Uncovering Planned Obsolescence Practices in Robotics and What This Means for Cybersecurity."

Watch now:

(Sponsored) Dark Reading News Desk Talks to Cisco Talos: Ransomware (the other pandemic) is showing no signs of slowing down and in fact seems to be gaining momentum, notes Craig Williams, director of outreach for Cisco Talos. He describes conversations conducted with the LockBit ransomware operator and the insights gleaned from that, as well as ransomware's increasing commercialization.

Watch now: 

Exploiting the Industry 4.0 Supply Chain: The OPC unified architecture is growing in popularity as a platform-independent industrial communications architecture for connecting industrial systems to IT and the cloud. However, a chain of customizations and complexities in OPC-UA implementations has generated vulnerabilities in the software supply chain. Eran Jacob from Otorio describes the research that will be outlined in the Black Hat session "A Broken Chain: Discovering OPC UA Attack Surface and Exploiting the Supply Chain."

Watch now: 

(Sponsored) Dark Reading News Desk Talks to Fortinet: Spurred in large part by a global cybercrime ecosystem, individuals and organizations are up against unrelenting attacks, notes Derek Manky, chief of security insights and global threat alliances at Fortinet’s FortiGuard Labs. Manky describes how the ecosystem evolved in the last year as well as what customers can do to protect themselves better.

Watch now:

Which Organizations Use & Abuse Personal Data Most, and How? Researchers at the Virginia Tech Hume Center investigate the ripple effects of sharing personal data just one time with just one organization. What interactions cause the widest ripples (and the most destructive waves)?

Watch now:

(Sponsored) Dark Reading News Desk Talks to Intel 471: Mark Arena, CEO of Intel 471, the vendor's threat intelligence unit, discusses how smarter use of threat intel can keep organizations and users safe from attacks that are sponsored by nation-states. Arena also makes the case for having an intelligence requirement framework, which he believes can empower organizations to fight cybercrime attacks.

Watch now:

New Framework Aims to Detect & Address Synthetic Media Social Engineering: Cybercriminals have adopted synthetic media to launch increasingly complex and realistic social engineering attacks in recent years, and FBI officials warn the threat is poised to grow. Beyond Layer 7 CEO Matthew Canham proposes a Synthetic Media Social Engineering framework to describe these attacks and offer countermeasures to help businesses prepare. (For further reading, see Kelly Sheridan's piece on Dark Reading)

Watch now:

(Sponsored) Dark Reading News Desk Talks to Qualys: Sumedh Thakar talks about his first six months as CEO and president of the company, and outlines the elements of his leadership vision that will foster greater innovation internally and better protection for customers. Thakar also addresses what the security industry can do to disrupt the waves of attacks and breaches, and why inventory is important to security pros.

Watch now:

Action Bias: The Danger of Thinking Too Quickly: Security pros are advised to act quickly in crises, but hastily made decisions may do more harm than good. Experts from the National Security Agency and Johns Hopkins discuss how quick reactions can put cybersecurity leaders, practitioners, and users at risk, and how security teams can mitigate the dangers of action bias. (For further reading, see Kelly Sheridan's piece on Dark Reading)

Watch now:

(Sponsored) Dark Reading News Desk Talks to Orange Cyberdefense at RSA21: Charl van der Walt, head of security research, breaks down the data on how the new world of remote work has increased vulnerabilities, and his latest research shows where you are weakest and how to address these vital security issues.

Watch now:

DAY 2: Thursday, Aug. 5

Researchers Discover Major Vulnerability in DNS-as-a-Service Provider Platforms: An attacker could obtain sensitive internal network information from thousands of organizations merely by taking the simple step of registering as their DNS service provider's nameserver: And yes, a security hole lets you do that unchecked in some cloud services. (See Kelly Jackson Higgins' piece on Dark Reading)

Watch now: 


(Sponsored) Dark Reading News Desk Talks to Endace: With a broad array of online challenges to address, infosec pros should add network recording to their arsenal, according to Cary Wright, VP of product management for Endace. Instead of guesswork from logs, rewinding to see what happened can resolve the incident faster. Network recording is also more affordable than it was 20 years ago, he adds.

Watch now:


AI for the Masses: Disinformation's New, Unneeded Superpower? Georgetown researchers experiment with smarter AI applications that can automatically, convincingly write a wide variety of content types – including news stories. They investigate how this tech could be manipulated in their session, "Disinformation at Scale: Using GPT-3 Maliciously for Information Operations."

Watch now:


(Sponsored) Dark Reading News Desk Talks to Axis Security: Last year's broad shift to working from home had the unintended impact of raising the profile of zero trust as a way to authenticate users, and Axis Security's CTO Gil Azrielant talks about what distinguishes his company's zero-trust approach from others. He also unpacks additional benefits of zero trust, the types of organization that benefit most from it, and how zero trust and SASE play together.

Watch now:


Researchers Train Siamese Neural Networks to Detect Brand Impersonation: Brand impersonation is a common attack strategy in which attackers craft content to look like a known brand to deceive victims. A team of Microsoft researchers developed and trained a Siamese Neural Network, based on a dataset of more than 50,000 screenshots of known malicious login pages encompassing more than 1,000 impersonations, to better detect these attacks.

Watch now:


(Sponsored) Dark Reading News Desk Talks to Intel Corporation: Bug bounty programs for years have encouraged malware discovery (and reporting), but how do smart vendors set up such programs for success? Katie Trimble Noble, director of Intel's bug bounty program, explains how to engage with external researchers and prioritize their findings, as well as best practices for reporting zero-day vulnerabilities.

Watch now:


Active Directory Certificate Services Misconfigs Get Used & Abused: SpecterOps technical architects Lee Christensen and Will Schroeder look inside Active Directory Certificate Services and show how misconfigurations can cause mayhem with enterprise authentication infrastructure.

Watch now:


Finally, a Much-Needed Guide to Microsoft IIS Security: Your installation of Infrastructure Internet Services (IIS), Microsoft’s Web server software, is probably ignored and lazily defended. ESET malware researcher Zuzana Hromcova explains why IIS malware deserves your attention and provides a new resource to help.

Watch now:


(Sponsored) Dark Reading News Desk Talks to Menlo Security: Ransomware, the biggest scourge since COVID-19, has exploded into security pros' consciousness as the year's biggest and most widespread threat in 2021. Nick Edwards, VP of product for Menlo Security, talks about what's fostered that growth, what new threats ransomware may bring, and what organizations can do to protect themselves.

Watch now:


(Sponsored) Dark Reading News Desk Talks to Sophos: Organizations have recently expended plenty of effort protecting themselves against ransomware infections and nation-state attacks. As the company's principal research scientist, Andrew Brandt explains what users can do to keep from losing either all their data or all the bitcoin ransom they may have paid, hoping to get their data back.

Watch now:


Reverse-Engineering a New Generation of Mac Malware: The much-anticipated arrival of Apple's new system-on-a-chip, the M1, brings more built-in security, but it also brings a new generation of malware for threat hunters and researchers to detect. (For further reading, see Kelly Jackson Higgins' piece on Dark Reading).

Watch now:

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5