Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in November 2017
Lawsuits Pile Up on Uber
News  |  11/30/2017  | 
Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
Why Security Depends on Usability -- and How to Achieve Both
Commentary  |  11/29/2017  | 
Any initiative that reduces usability will have consequences that make security less effective.
Git Some Security: Locking Down GitHub Hygiene
News  |  11/28/2017  | 
In the age of DevOps and agile development practices that lean heavily on GitHub and other cloud resources, strong controls are more important than ever.
8 Low or No-Cost Sources of Threat Intelligence
Slideshows  |  11/27/2017  | 
Heres a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.
Tips to Protect the DNS from Data Exfiltration
Commentary  |  11/17/2017  | 
If hackers break in via the Domain Name System, most business wouldn't know until it's too late. These tips can help you prepare.
Forget APTs: Let's Talk about Advanced Persistent Infrastructure
Commentary  |  11/16/2017  | 
Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.
Deception Technology: Prevention Reimagined
Commentary  |  11/15/2017  | 
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
What the NFL Teaches Us about Fostering a Champion Security Team
Commentary  |  11/14/2017  | 
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
How to Leverage the Rosetta Stone of Information Sharing
Commentary  |  11/13/2017  | 
A common framework will help in the development of cyber-risk management efforts.
6 Steps for Sharing Threat Intelligence
Slideshows  |  11/10/2017  | 
Industry experts offer specific reasons to share threat information, why it's important - and how to get started.
Hypervisors: Now a Tool to Protect against Security Blind Spots
Commentary  |  11/9/2017  | 
By facilitating live introspection of virtual machine memory, the Xen Project is striving to eliminate stealthy attack techniques like EternalBlue.
4 Proactive Steps to Avoid Being the Next Data Breach Victim
Commentary  |  11/7/2017  | 
Despite highly publicized data breaches, most companies are not taking the necessary actions to prevent them.
When Ransomware Strikes: 7 Steps You Can Take Now to Prepare
Commentary  |  11/6/2017  | 
Ransomware is still on the rise. These operational tips can help lessen the blow if you're hit.
How AI Can Help Prevent Data Breaches in 2018 and Beyond
Commentary  |  11/1/2017  | 
Artificial intelligence startups are tackling four key areas that will help companies avoid becoming the next Equifax.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34570
PUBLISHED: 2021-09-27
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.
CVE-2021-41580
PUBLISHED: 2021-09-27
** DISPUTED ** The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application...
CVE-2021-40981
PUBLISHED: 2021-09-27
ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory.
CVE-2021-41329
PUBLISHED: 2021-09-27
Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user's view filter includes an array or IN clause, and when anot...
CVE-2021-41385
PUBLISHED: 2021-09-27
The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF.