Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2022
US National Cyber Director: Toward a New Cybersecurity Social Contract
News  |  5/16/2022  | 
In a Black Hat Asia keynote Fireside Chat, US National Cyber Director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.
CISO Shares Top Strategies to Communicate Security's Value to the Biz
News  |  5/13/2022  | 
In a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness and getting others in the organization to listen.
Black Hat Asia: Democracy's Survival Depends on Taming Technology
News  |  5/13/2022  | 
The conference opens with stark outlook on the future of global democracy -- currently squeezed between Silicon Valley and China.
Transforming SQL Queries Bypasses WAF Security
News  |  5/12/2022  | 
A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.
Known macOS Vulnerabilities Led Researcher to Root Out New Flaws
News  |  5/12/2022  | 
Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.
1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin
News  |  5/5/2022  | 
Researcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31600
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and informat...
CVE-2022-31601
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
CVE-2022-31602
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.
CVE-2022-31603
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosu...
CVE-2022-31599
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other ...