Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in May 2021
BazaLoader Attackers Create Fake Movie Streaming Site to Trick Victims
Quick Hits  |  5/27/2021  | 
The BazaLoader infection chain includes a live call center and "customer service" from criminals, researchers report.
ExtraHop Explains How Advanced Threats Dominate Threat Landscape
Commentary  |  5/27/2021  | 
SPONSORED: WATCH NOW -- How do SOC professionals build a strategy when they lack basic information about how such threats operate? Advanced threats by their very nature create plenty of uncertainty, according to Matt Cauthorn, VP of cloud security for ExtraHop.
Russia Profiting from Massive Hydra Cybercrime Marketplace
News  |  5/25/2021  | 
An analysis of Bitcoin transactions from the Hydra marketplace show that the operators are locking sellers into Russian exchanges, likely fueling profits for local actors.
Sophos Research Uncovers Widespread Use of TLS By Cybercriminals
Commentary  |  5/24/2021  | 
SPONSORED CONTENT: Nearly half of all malware is being disseminated via the Transport Layer Security cryptographic protocol, says Dan Schiappa, executive VP and chief product officer for Sophos.
Latest Security News From RSAC 2021
News  |  5/21/2021  | 
Check out Dark Reading's updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2021.
Lack of Skills, Maturity Hamper Threat Hunting at Many Organizations
News  |  5/20/2021  | 
When implemented correctly, threat hunting can help organizations stay head of threats, researcher says at RSA Conference.
Security Providers Describe New Solutions (& Growing Threats) at RSAC
Commentary  |  5/20/2021  | 
SPONSORED CONTENT: Watch now -- Leading security companies meet Dark Reading in the RSA Conference Broadcast Alley to talk about tackling insider threat, SOC complexity, cyber resilience, mobile security, attacker evasion, supply chain threats, ransomware, and more.
Automation & Pervasive, Connected Technology to Pose Cyber Threats in 2030
News  |  5/19/2021  | 
A project to look at potential cybersecurity threats in a decade sees hackers and marketers sending spam directly to our vision, while attackers' automated systems adapt faster than defenses.
How Ransomware Encourages Opportunists to Become Criminals
Commentary  |  5/19/2021  | 
And what's needed to stop it: Better information sharing among private organizations and with law enforcement agencies.
How to Mitigate Against Domain Credential Theft
Commentary  |  5/18/2021  | 
Attackers routinely reuse stolen domain credentials. Here are some ways to thwart their access.
Wi-Fi Design, Implementation Flaws Allow a Range of Frag Attacks
News  |  5/14/2021  | 
Every Wi-Fi product is affected by at least one fragmentation and aggregation vulnerability, which could lead to a machine-in-the-middle attack, researcher says.
Adobe Issues Patch for Acrobat Zero-Day
Quick Hits  |  5/11/2021  | 
The vulnerability is being exploited in limited attacks against Adobe Reader users on Windows.
Cartoon Caption Winner: Greetings, Earthlings
Commentary  |  5/11/2021  | 
And the winner of Dark Reading's April cartoon caption contest is ...
Critical Infrastructure Under Attack
Commentary  |  5/11/2021  | 
Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
Exchange Exploitation: Not Dead Yet
Commentary  |  5/10/2021  | 
The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover.
Securing the Internet of Things in the Age of Quantum Computing
Commentary  |  5/6/2021  | 
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
Stopping the Next SolarWinds Requires Doing Something Different
Commentary  |  5/3/2021  | 
Will the SolarWinds breach finally prompt the right legislative and regulatory actions on a broader, more effective scale?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-3298
PUBLISHED: 2022-09-26
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.
CVE-2022-40098
PUBLISHED: 2022-09-26
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php.
CVE-2022-40099
PUBLISHED: 2022-09-26
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php.
CVE-2022-40097
PUBLISHED: 2022-09-26
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php.
CVE-2022-40050
PUBLISHED: 2022-09-26
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.