Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in March 2016
In Brief: The Unusual Suspects -- DeMystifying Attack Groups
In Brief: The Unusual Suspects -- DeMystifying Attack Groups
Dark Reading Videos  |  3/31/2016  | 
Your adversary is an imperfect human being. Use that knowledge to fight back.
Apples Workflow For Enterprise iOS App Distribution Vulnerable To Attack
News  |  3/31/2016  | 
Millions of iPhones and iPads running iOS 9 can be exploited if enrolled in mobile device management, Check Point Software says.
Business Disruption A Big Focus In 2015 Cyberattacks
News  |  3/30/2016  | 
In a shift from the low and slow attacks of recent years, many incidents last year were attention seeking and were motivated not just by money, according to Mandiant's annual report.
Dangerous New USB Trojan Discovered
News  |  3/25/2016  | 
'USB Thief' could be used for targeted purposes, researchers at ESET say.
How 4 Startups Are Harnessing AI In The Invisible Cyberwar
Commentary  |  3/25/2016  | 
Cybersecurity startups are setting their scopes on a potential goldmine of automated systems they hope will be more effective than hiring human enterprise security teams.
Apple Zero-Day Flaw Leaves OS X Systems Vulnerable to Attack
News  |  3/24/2016  | 
All versions of OS X including El Capitan affected by bug, SentinelOne says
Multiple Hospitals Hit In Ransomware Attack Wave
News  |  3/23/2016  | 
In the past week alone, three hospitals have reported being victimized by cyber-extortionists.
New Apple iPhone Malware Exploits DRM Mechanism To Spread
News  |  3/17/2016  | 
But threat limited mainly to users looking to jailbreak phone or install pirated apps.
Ransomware Will Spike As More Cybercrime Groups Move In
News  |  3/16/2016  | 
The lure of easy money attracting organized groups is a trend that spells more trouble for enterprises, researchers say.
Ransomware: Putting Companies Between A Rock And A Hard Place
News  |  3/15/2016  | 
Paying a ransom encourages more attacks, but sometimes not paying could end up being a lot costlier
When Encryption Becomes The Enemys Best Friend
News  |  3/5/2016  | 
The growth in SSL/TLS traffic has made it a lot easier for threat actors to slip attacks and malware past enterprise defenses.
Using Offensive Security Mindset To Create Best Defense
Using Offensive Security Mindset To Create Best Defense
Dark Reading Videos  |  3/2/2016  | 
Carbon Black's CTO and chief security strategist talk about how their background in offensive security helps them think like attackers, and better defend against them.
The Unusual Suspects: Demystifying Attack Groups Through Threat Intelligence
The Unusual Suspects: Demystifying Attack Groups Through Threat Intelligence
Dark Reading Videos  |  3/1/2016  | 
Colin McKinty, vice president of cybersecurity strategy, Americas, for BAE Systems talks about the importance of knowing your adversary.
Chinese Threat Intel Start-up Finds DarkHotel Exploiting Chinese Telecom
News  |  3/1/2016  | 
New China-based threat intelligence company ThreatBook wants to be the 'trusted contact in China.'


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3663
PUBLISHED: 2021-07-25
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts
CVE-2021-23413
PUBLISHED: 2021-07-25
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.
CVE-2021-37436
PUBLISHED: 2021-07-24
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing pers...
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...