Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in October 2015
Security Analytics Still Greenfield Opportunity
News  |  10/29/2015  | 
Surveys out this week show improvement in the use of analytics and threat intelligence but room for better execution.
With $325 Million In Extorted Payments CryptoWall 3 Highlights Ransomware Threat
News  |  10/29/2015  | 
Study by Cyber Threat Alliance reveals sophisticated nature of the latest version of CryptoWall
Machine Learning Is Cybersecuritys Latest Pipe Dream
Commentary  |  10/29/2015  | 
Rather than waste money on the unproven promises of ML and AI, invest in your experts, and in tools that enhance their ability to search for and identify components of a new attack.
5 Things To Know About CISA
News  |  10/28/2015  | 
Despite criticism from privacy advocates, the Cybersecurity Information Sharing Act passed through the Senate yesterday.
Undermining Security By Attacking Computer Clocks
News  |  10/22/2015  | 
A team of researchers at Boston University has developed several attacks against the Network Time Protocol that is used to synchronize internal computer clocks on the Internet
First Cyberterror Charges: DOJ Accuses Hacker Of Giving Military PII To ISIS
Quick Hits  |  10/16/2015  | 
The data was first stolen from an online retailer, and the suspect is awaiting extradition hearing in Malaysia.
Adobe Patches Pawn Storm Zero-Day Ahead Of Schedule
Quick Hits  |  10/16/2015  | 
Critical bug wasn't expected to be fixed until next week.
Pawn Storm Flashes A New Flash Zero-Day
News  |  10/15/2015  | 
Cyberespionage group shows off another piece of kit in attacks on foreign ministries.
Researchers Warn Against Continuing Use Of SHA-1 Crypto Standard
News  |  10/8/2015  | 
New attack methods have made it economically feasible to crack SHA-1 much sooner than expected.
Intro To Machine Learning & Cybersecurity: 5 Key Steps
Commentary  |  10/7/2015  | 
Software-based machine learning attempts to emulate the same process that the brain uses. Heres how.
Dont Be Fooled: In Cybersecurity Big Data Is Not The Goal
Commentary  |  10/6/2015  | 
In other words, the skills to be a security expert do not translate to being able to understand and extract meaning from security data.
Nuclear Plants' Cybersecurity Is Bad -- And Hard To Fix
News  |  10/5/2015  | 
Report: 'Very few' nuclear plants worldwide patch software, and operations engineers 'dislike' security pros.
A Wassenaar Arrangement Primer, With Katie Moussouris
A Wassenaar Arrangement Primer, With Katie Moussouris
Dark Reading Videos  |  10/5/2015  | 
The chief policy officer for HackerOne joins the Dark Reading News Desk at Black Hat to explain how the security community is working to prevent a policy 'dragnet' that would injure American infosec companies and researchers.
Amazon Downplays New Hack For Stealing Crypto Keys In Cloud
News  |  10/2/2015  | 
Attack works only under extremely rare conditions, cloud giant says of the latest research.
What Security Pros Really Worry About
What Security Pros Really Worry About
Dark Reading Videos  |  10/2/2015  | 
Editor-in-Chief Tim Wilson visits the Dark Reading News Desk to report what security pros have told us in latest Black Hat and Dark Reading surveys about their priorities and what keeps them from them.
The Evolution Of Malware
Commentary  |  10/2/2015  | 
Like the poor in the famous Biblical verse, malware will always be with us. Heres a 33-year history from Elk Cloner to Cryptolocker. What will be next?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40865
PUBLISHED: 2021-10-25
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x use...
CVE-2021-25977
PUBLISHED: 2021-10-25
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
CVE-2021-35231
PUBLISHED: 2021-10-25
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHIN...
CVE-2021-38294
PUBLISHED: 2021-10-25
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
CVE-2021-40526
PUBLISHED: 2021-10-25
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead t...