Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in February 2018
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018  | 
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018  | 
Expect more as the year goes on: more breaches, more IoT attacks, more fines
SWIFT Network Used in $2 Million Heist at Indian Bank
Quick Hits  |  2/20/2018  | 
The theft at India's City Union Bank comes on the heels of news that attackers stole $6 million from a Russian bank via SWIFT network last year.
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Commentary  |  2/20/2018  | 
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
13 Russians Indicted for Massive Operation to Sway US Election
News  |  2/16/2018  | 
Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
Air Force Awards $12,500 for One Bug
Quick Hits  |  2/15/2018  | 
The highest single bounty of any federal bug bounty program yet is awarded through Hack the Air Force 2.0.
Fileless Malware: Not Just a Threat, but a Super-Threat
Commentary  |  2/14/2018  | 
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
As Primaries Loom, Election Security Efforts Behind Schedule
Quick Hits  |  2/13/2018  | 
While federal agencies lag on vulnerability assessments and security clearance requests, the bipartisan Defending Digital Democracy Project releases three new resources to help state and local election agencies with cybersecurity, incident response.
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Commentary  |  2/13/2018  | 
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
Better Security Analytics? Clean Up the Data First!
Commentary  |  2/12/2018  | 
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
Tracking Bitcoin Wallets as IOCs for Ransomware
Commentary  |  2/12/2018  | 
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
Ukraine Power Distro Plans $20 Million Cyber Defense System
Quick Hits  |  2/6/2018  | 
After NotPetya and severe blackouts, Ukrenergo responds with an investment in cybersecurity.
Securing Cloud-Native Apps
Commentary  |  2/1/2018  | 
A useful approach for securing cloud-native platforms can be adapted for securing apps running on top of the platform as well.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37625
PUBLISHED: 2021-08-05
Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, e...
CVE-2020-22732
PUBLISHED: 2021-08-05
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
CVE-2021-37604
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.
CVE-2021-37605
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication.
CVE-2021-38138
PUBLISHED: 2021-08-05
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.