Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in May 2017
Rethinking Vulnerabilities: Network Infrastructure as a Software System
Commentary  |  5/31/2017  | 
Increasing complexity is putting networks at risk. It's time to shift our security approach and take some lessons from software development.
Securing IoT Devices Requires a Change in Thinking
Commentary  |  5/30/2017  | 
There's no magic bullet for IoT security, but there are ways to help detect and mitigate problems.
Elections, Deceptions & Political Breaches
Commentary  |  5/26/2017  | 
Political hacks have many lessons for the business world.
Staying a Step Ahead of Internet Attacks
Commentary  |  5/23/2017  | 
There's no getting around the fact that targeted attacks, such as spearphishing, will happen. But you can figure out the type of attack to expect next.
All Generations, All Risks, All Contained: A How-To Guide
Commentary  |  5/18/2017  | 
Organizations must have a security plan that considers all of their employees.
WannaCry: Ransomware Catastrophe or Failure?
Commentary  |  5/18/2017  | 
Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
Why We Need a Data-Driven Cybersecurity Market
Commentary  |  5/17/2017  | 
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
New Threat Research Shows Vietnam a Rising Force in Cyberespionage
News  |  5/16/2017  | 
FireEye report on APT32 puts evidence together of a group attacking private and public targets for the sake of Vietnamese state interests.
The Wide-Ranging Impact of New York's Cybersecurity Regulations
Commentary  |  5/16/2017  | 
New York's toughest regulations yet are now in effect. Here's what that means for your company.
8 Notorious Russian Hackers Arrested in the Past 8 Years
Slideshows  |  5/12/2017  | 
Lesson learned by Russian cybercriminals: Don't go on vacation, it's bad for your freedom to scam.
What Developers Don't Know About Security Can Hurt You
Commentary  |  5/11/2017  | 
Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset.
Your IoT Baby Isn't as Beautiful as You Think It Is
Commentary  |  5/10/2017  | 
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
Why Cyber Attacks Will Continue until Prevention Becomes a Priority
Commentary  |  5/8/2017  | 
Organizations must rethink their security measures. Focus on training, getting rid of old tech, and overcoming apathy.
How to Integrate Threat Intel & DevOps
Commentary  |  5/4/2017  | 
Automating intelligence can help your organization in myriad ways.
7 Steps to Fight Ransomware
Commentary  |  5/3/2017  | 
Perpetrators are shifting to more specific targets. This means companies must strengthen their defenses, and these strategies can help.
What's in a Name? Breaking Down Attribution
Commentary  |  5/2/2017  | 
Here's what you really need to know about adversaries.
The Cyber-Committed CEO & Board
Commentary  |  5/1/2017  | 
Here is what CISOs need to communicate to upper management about the business risks of mismanaging cybersecurity.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1809
PUBLISHED: 2022-05-21
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
CVE-2022-31267
PUBLISHED: 2022-05-21
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "#admin"' value.
CVE-2022-31268
PUBLISHED: 2022-05-21
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
CVE-2022-31264
PUBLISHED: 2022-05-21
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.
CVE-2022-31259
PUBLISHED: 2022-05-21
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).