Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in December 2015
The Industrial Cyber Myth: Its No Fantasy
Commentary  |  12/22/2015  | 
As threats become more sophisticated, the industry is still playing catch-up.
Juniper Discovers Unauthorized Code In Its Firewall OS
News  |  12/18/2015  | 
'Troubling' incident exposes code designed to decrypt VPN communication and enable remote administrative control of devices.
When RATs Become a Social Engineers Best Friend
Commentary  |  12/18/2015  | 
Hacking humans in the banking industry through rogue help desks is becoming a significant problem.
SQL Injection, XSS Flaws Found In Network Management System Products
News  |  12/16/2015  | 
Patches available for two flaws, pending for four others.
To Better Defend Yourself, Think Like A Hacker
Commentary  |  12/15/2015  | 
As attacks become more sophisticated and attackers more determined, organizations need to adopt an offensive approach to security that gets inside the head of the hacker.
Latentbot: A Ghost in the Internet
News  |  12/11/2015  | 
Malwares multiple layers of obfuscation make it almost invisible FireEye says,
FBI Tweaks Stance On Encryption BackDoors, Admits To Using 0-Day Exploits
Quick Hits  |  12/10/2015  | 
FBI retreats a step, but makes stand on end-to-end encryption. Meanwhile, European Union gets ready with a rougher, tougher replacement for Safe Harbor.
Sea Craft Voyage Data Systems Vulnerable To Tampering, Spying
News  |  12/9/2015  | 
Remote attackers could snoop on or corrupt the systems that collect and store radar images, vessels' position and speed, and audio recorded in the ships' bridge or engine room.
Iranian Groups Conducting Sophisticated Surveillance On Middle Eastern Targets
News  |  12/8/2015  | 
Two groups have been using backdoor threats to spy on targeted individuals, Symantec says.
Report: Hackers Arrested By Chinese Government Suspected Of OPM Breach
Quick Hits  |  12/2/2015  | 
Washington Post: Arrests made in late September were Chinese officials' way of easing tensions with U.S.
4 Conversation- Starters & Stoppers For US-China Cybersecurity Talks
News  |  12/1/2015  | 
As meetings begin in Washington, will 'are you still hacking us' be on the list of questions?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31600
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and informat...
CVE-2022-31601
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
CVE-2022-31602
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.
CVE-2022-31603
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosu...
CVE-2022-31599
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other ...