Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in May 2016
Wekby 'Pisloader' Abuses DNS
News  |  5/31/2016  | 
New malware family 'pisloader' uses DNS requests for command and control.
SWIFT Proposes New Measures For Bolstering Its Security
News  |  5/27/2016  | 
Measures come amid news that up to 12 banks may have fallen victim to attacks attempting to steal millions via the SWIFT network.
DNS Management Provider Hit With Sophisticated, 'Precise' DDoS Attacks
News  |  5/27/2016  | 
NS1 CEO says other DNS providers also have been attacked over the past few months.
Bangladesh Reopens 2013 Cold Case Of Bank Theft Via SWIFT
Quick Hits  |  5/26/2016  | 
Authorities cite similarities in Sonali Bank hack with February's $81 million central bank theft.
TeslaCrypt Ransomware Group Pulls Plug, Releases Decrypt Key
News  |  5/20/2016  | 
But dont be surprised if group revives campaign or launches another one, security researchers say.
Bangladesh Officials Computer Hacked To Carry Out $81 Million Theft
Quick Hits  |  5/20/2016  | 
Bangladeshi diplomat shares FBI report with Philippine inquiry panel on Bangladesh Bank theft.
OPM Breach: Cyber Sprint Response More Like A Marathon
News  |  5/19/2016  | 
Sixty-five percent of federal security execs surveyed in new (ISC)2 report say that government still cant detect ongoing cyber attacks.
'Skimer' Stealing Money, Card Data From ATMs Around Globe
News  |  5/18/2016  | 
Windows-based ATMs are vulnerable to this new variant of ATM malware, Kaspersky Lab says.
Tennessee Man Found Guilty Of Mitt Romney Tax Return Hack Scheme
Quick Hits  |  5/16/2016  | 
Convicted for attempt to blackmail PwC accounting firm with release of former U.S. Presidential candidate's pre-2010 tax returns.
CISO Playbook: Games Of War & Cyber Defenses
Commentary  |  5/16/2016  | 
Limiting incident response planning to hypothetical table-top scenarios is far too risky in todays threat environment. But with cyberwar gaming, you can simulate the experience of a real attack.
Bangladesh Bank Theft: New York Fed Stands By Transfer Procedures
Quick Hits  |  5/16/2016  | 
Bank replies to US lawmaker query whether transfer of funds should have been blocked.
SWIFT Confirms Cyber Heist At Second Bank; Researchers Tie Malware Code to Sony Hack
News  |  5/13/2016  | 
Operator of global secure messaging system for banks warns of highly adaptive campaign
'Pawn Storm' APT Campaign Rolls On With Attacks in Germany, Turkey
News  |  5/13/2016  | 
Offices of German chancellor Angela Merkel among those targeted in recent attacks, Trend Micro says.
US, China Hold Cyber Talks For First Time After September Deal
Quick Hits  |  5/13/2016  | 
Meeting was part of pledge between heads of both nations for joint action on growing cyberspace concerns.
Bangladesh Bank Theft: SWIFT CEO Rejects Theory Of Loopholes In Network
Quick Hits  |  5/13/2016  | 
Leibbrandt says customer fraud is the likely explanation for the $81 Million bank heist.
6 Shocking Intellectual Property Breaches
Slideshows  |  5/12/2016  | 
Not all breaches involve lost customer data. Sometimes the most damaging losses come when intellectual property is pilfered.
What Makes Next-Gen Endpoint Protection Unique?
Slideshows  |  5/10/2016  | 
Here are five critical factors you need to know about today's new breed of endpoint protection technology.
The 10 Worst Vulnerabilities of The Last 10 Years
Slideshows  |  5/6/2016  | 
From the thousands of vulns that software vendors disclosed over the past 10 years, a few stand out for being a lot scarier than the rest.
Stupid Locky Network Breached
News  |  5/5/2016  | 
For the second time in recent months, a white hat hacker appears to have broken into a C&C server for a major malware threat.
Ransomware Spikes, Tries New Tricks
News  |  5/2/2016  | 
Ransomware authors constantly upping their game, techniques, to stay ahead of security researchers.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.
CVE-2020-24119
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
CVE-2020-27833
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...