Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in March 2016
In Brief: The Unusual Suspects -- DeMystifying Attack Groups
In Brief: The Unusual Suspects -- DeMystifying Attack Groups
Dark Reading Videos  |  3/31/2016  | 
Your adversary is an imperfect human being. Use that knowledge to fight back.
Apples Workflow For Enterprise iOS App Distribution Vulnerable To Attack
News  |  3/31/2016  | 
Millions of iPhones and iPads running iOS 9 can be exploited if enrolled in mobile device management, Check Point Software says.
Business Disruption A Big Focus In 2015 Cyberattacks
News  |  3/30/2016  | 
In a shift from the low and slow attacks of recent years, many incidents last year were attention seeking and were motivated not just by money, according to Mandiant's annual report.
Dangerous New USB Trojan Discovered
News  |  3/25/2016  | 
'USB Thief' could be used for targeted purposes, researchers at ESET say.
How 4 Startups Are Harnessing AI In The Invisible Cyberwar
Commentary  |  3/25/2016  | 
Cybersecurity startups are setting their scopes on a potential goldmine of automated systems they hope will be more effective than hiring human enterprise security teams.
Apple Zero-Day Flaw Leaves OS X Systems Vulnerable to Attack
News  |  3/24/2016  | 
All versions of OS X including El Capitan affected by bug, SentinelOne says
Multiple Hospitals Hit In Ransomware Attack Wave
News  |  3/23/2016  | 
In the past week alone, three hospitals have reported being victimized by cyber-extortionists.
New Apple iPhone Malware Exploits DRM Mechanism To Spread
News  |  3/17/2016  | 
But threat limited mainly to users looking to jailbreak phone or install pirated apps.
Ransomware Will Spike As More Cybercrime Groups Move In
News  |  3/16/2016  | 
The lure of easy money attracting organized groups is a trend that spells more trouble for enterprises, researchers say.
Ransomware: Putting Companies Between A Rock And A Hard Place
News  |  3/15/2016  | 
Paying a ransom encourages more attacks, but sometimes not paying could end up being a lot costlier
When Encryption Becomes The Enemys Best Friend
News  |  3/5/2016  | 
The growth in SSL/TLS traffic has made it a lot easier for threat actors to slip attacks and malware past enterprise defenses.
Using Offensive Security Mindset To Create Best Defense
Using Offensive Security Mindset To Create Best Defense
Dark Reading Videos  |  3/2/2016  | 
Carbon Black's CTO and chief security strategist talk about how their background in offensive security helps them think like attackers, and better defend against them.
The Unusual Suspects: Demystifying Attack Groups Through Threat Intelligence
The Unusual Suspects: Demystifying Attack Groups Through Threat Intelligence
Dark Reading Videos  |  3/1/2016  | 
Colin McKinty, vice president of cybersecurity strategy, Americas, for BAE Systems talks about the importance of knowing your adversary.
Chinese Threat Intel Start-up Finds DarkHotel Exploiting Chinese Telecom
News  |  3/1/2016  | 
New China-based threat intelligence company ThreatBook wants to be the 'trusted contact in China.'


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40526
PUBLISHED: 2021-10-25
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead t...
CVE-2021-40527
PUBLISHED: 2021-10-25
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile applic...
CVE-2021-40371
PUBLISHED: 2021-10-25
Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.
CVE-2021-21703
PUBLISHED: 2021-10-25
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the ma...
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...