Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
August 1-6, 2020
Las Vegas, NV, USA
Black Hat Asia
September 29 - October 2, 2020
Singapore
Black Hat Europe
November 9-12, 2020
London UK
11/29/2018
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat Europe: Get the Nation-State Perspective on Cybersecurity

Attendees of Black Hat Europe in London next week will hear about worldwide cybersecurity developments and challenges from the Global Commission on the Stability of Cyberspace's Marina Kaljurand.

Are you ready for Black Hat Europe in London next week? It promises to be jam-packed with valuable learning opportunities! So as you’re planning out your schedule be sure to leave time between seeing old friends and making new ones to attend some of this year’s most intriguing Briefings, Trainings, and Arsenal demos.

Most notably, check out this year’s keynote, Developments and Challenges in Cybersecurity from the Nation-State Perspective. Presented by Global Commission on the Stability of Cyberspace chair and former Estonian Foreign Minister Marina Kaljurand, this premier talk will address the lessons learned from the politically-motivated cyberattacks Estonia weathered in 2007.

It’s a unique opportunity to learn from firsthand accounts of nation-state cyberwarfare. Kaljurand intends to shed light on the challenges we face in 2018/2019, the role of states and other stakeholders in global cybersecurity, and what the future holds. She’ll also introduce you to the work of the Global Commission on Stability in Cyberspace, which is a multi-stakeholder model that contributes to international discussion and policy-making. Don’t miss it!

If you’re after more in-depth learning, know that there’s still time to register for many of the 2-Day Trainings next week, including Mandiant’s Windows Enterprise Incident Response. This intensive course is designed to teach fundamental investigative techniques needed to respond to today's landscape of threat actors and intrusion scenarios. Completely redeveloped with all new material in 2016, the class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and forensic analysis know-how.

Stop by the Black Hat Europe Arsenal to enjoy demos of some potential new tools, including VirusTotal Graph: Investigation, which is a  free visualization tool built on top of the VirusTotal data set. The tool helps you study the relationship between files, urls, domains and IP addresses through an easy navigation interface. By exploring and expanding each of the nodes in your graph, you can build the network and quickly see the connections across the samples you are studying.

You might also want to check out Kurukshetra, a web framework to host reasonably complex secure coding challenges. Developed with the aim of being the first open-source secure coding framework, it’s composed of two components:

  • A backend framework written in PHP, which manages and leverages the underlying docker system to provide a secure sandbox for the challenge execution;
  • Tthe frontend, which is a user-facing web app providing necessary controls, for the admin to host and modify the challenges, and the user to execute and view the result of each of his input.

To close out this year's conference, join Black Hat founder Jeff Moss and members of the esteemed Black Hat Review Board for an insightful conversation on the most pressing issues facing the InfoSec community. This special Locknote: Conclusions and Key Takeaways from Black Hat Europe 2018 Briefing, held at the end of the final day (Thursday, December 6) will review key takeaways coming out of Black Hat Europe and how these trends will impact future security strategies.

Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on what’s happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: It's a technique known as breaking out of the sandbox kids.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24330
PUBLISHED: 2020-08-13
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.
CVE-2020-24331
PUBLISHED: 2020-08-13
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon).
CVE-2020-24332
PUBLISHED: 2020-08-13
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.
CVE-2020-0261
PUBLISHED: 2020-08-13
In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-14605...
CVE-2020-17498
PUBLISHED: 2020-08-13
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.