Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in December 2014
Dear Cyber Criminals: Were Not Letting Our Guard Down in 2015
Commentary  |  12/31/2014  | 
Next year, youll keep exploiting vulnerabilities, and well make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
Backoff Malware Validates Targets Through Infected IP Cameras
News  |  12/23/2014  | 
RSA report on Backoff dives deeper into clues about the POS software and hints at attackers potentially located in India.
Time To Rethink Patching Strategies
Commentary  |  12/19/2014  | 
In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset.
5 Pitfalls to Avoid When Running Your SOC
Commentary  |  12/18/2014  | 
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?
News  |  12/17/2014  | 
After the Sony hackers issue threats of physical violence and 9/11-style attacks, The Interview is being killed before it even premieres. But would the attackers have really blown up theaters?
The New Target for State-Sponsored Cyber Attacks: Applications
Commentary  |  12/17/2014  | 
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
Sony Warns Media About Disclosure, Staff About Fraud, 'Bond' Fans About Spoilers
Quick Hits  |  12/16/2014  | 
A wrapup of the latest Sony attack fallout.
2014: The Year of Privilege Vulnerabilities
Commentary  |  12/16/2014  | 
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
Ekoparty Isnt The Next Defcon (& It Doesnt Want To Be)
Commentary  |  12/15/2014  | 
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
Hiring Hackers To Secure The Internet Of Things
News  |  12/11/2014  | 
How some white hat hackers are changing career paths to help fix security weaknesses in consumer devices and business systems.
'Inception' Cyber Espionage Campaign Targets PCs, Smartphones
News  |  12/10/2014  | 
Blue Coat report details sophisticated attacks mainly against Russian targets, and Kaspersky Lab calls new campaign next-generation of Red October cyber spying operation.
Sony Hackers Knew Details Of Sony's Entire IT Infrastructure
News  |  12/4/2014  | 
While trying to simultaneously recover from a data breach and a wiper attack, Sony watches attackers publish maps and credentials for everything from production servers to iTunes accounts.
Why Regin Malware Changes Threatscape Economics
Commentary  |  12/4/2014  | 
Never before have attackers been able to deploy a common malware platform and configure it as necessary with low-cost, quick-turnaround business logic apps.
With Operation Cleaver, Iran Emerges As A Cyberthreat
News  |  12/3/2014  | 
A hacker group's actions suggest that it is laying the groundwork for a future attack on critical infrastructure targets.
FBI Warning Shows Targeted Attacks Don't Just Steal Anymore
News  |  12/2/2014  | 
An FBI advisory points to an increasing trend of destructive malware for activist, anti-forensics purposes.
Breaking the Code: The Role of Visualization in Security Research
Commentary  |  12/1/2014  | 
In todays interconnected, data rich IT environments, passive inspection of information is not enough.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37457
PUBLISHED: 2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).
CVE-2021-37458
PUBLISHED: 2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).
CVE-2021-37459
PUBLISHED: 2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).
CVE-2021-37460
PUBLISHED: 2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).
CVE-2021-37461
PUBLISHED: 2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).