Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in May 2017
Rethinking Vulnerabilities: Network Infrastructure as a Software System
Commentary  |  5/31/2017  | 
Increasing complexity is putting networks at risk. It's time to shift our security approach and take some lessons from software development.
Securing IoT Devices Requires a Change in Thinking
Commentary  |  5/30/2017  | 
There's no magic bullet for IoT security, but there are ways to help detect and mitigate problems.
Elections, Deceptions & Political Breaches
Commentary  |  5/26/2017  | 
Political hacks have many lessons for the business world.
Staying a Step Ahead of Internet Attacks
Commentary  |  5/23/2017  | 
There's no getting around the fact that targeted attacks, such as spearphishing, will happen. But you can figure out the type of attack to expect next.
All Generations, All Risks, All Contained: A How-To Guide
Commentary  |  5/18/2017  | 
Organizations must have a security plan that considers all of their employees.
WannaCry: Ransomware Catastrophe or Failure?
Commentary  |  5/18/2017  | 
Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
Why We Need a Data-Driven Cybersecurity Market
Commentary  |  5/17/2017  | 
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
New Threat Research Shows Vietnam a Rising Force in Cyberespionage
News  |  5/16/2017  | 
FireEye report on APT32 puts evidence together of a group attacking private and public targets for the sake of Vietnamese state interests.
The Wide-Ranging Impact of New York's Cybersecurity Regulations
Commentary  |  5/16/2017  | 
New York's toughest regulations yet are now in effect. Here's what that means for your company.
8 Notorious Russian Hackers Arrested in the Past 8 Years
Slideshows  |  5/12/2017  | 
Lesson learned by Russian cybercriminals: Don't go on vacation, it's bad for your freedom to scam.
What Developers Don't Know About Security Can Hurt You
Commentary  |  5/11/2017  | 
Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset.
Your IoT Baby Isn't as Beautiful as You Think It Is
Commentary  |  5/10/2017  | 
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
Why Cyber Attacks Will Continue until Prevention Becomes a Priority
Commentary  |  5/8/2017  | 
Organizations must rethink their security measures. Focus on training, getting rid of old tech, and overcoming apathy.
How to Integrate Threat Intel & DevOps
Commentary  |  5/4/2017  | 
Automating intelligence can help your organization in myriad ways.
7 Steps to Fight Ransomware
Commentary  |  5/3/2017  | 
Perpetrators are shifting to more specific targets. This means companies must strengthen their defenses, and these strategies can help.
What's in a Name? Breaking Down Attribution
Commentary  |  5/2/2017  | 
Here's what you really need to know about adversaries.
The Cyber-Committed CEO & Board
Commentary  |  5/1/2017  | 
Here is what CISOs need to communicate to upper management about the business risks of mismanaging cybersecurity.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40526
PUBLISHED: 2021-10-25
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead t...
CVE-2021-40527
PUBLISHED: 2021-10-25
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile applic...
CVE-2021-40371
PUBLISHED: 2021-10-25
Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.
CVE-2021-21703
PUBLISHED: 2021-10-25
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the ma...
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...