Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in June 2017
Recovering from Bad Decisions in the Cloud
Commentary  |  6/26/2017  | 
The cloud makes it much easier to make changes to security controls than in traditional networks.
The Folly of Vulnerability & Patch Management for ICS Networks
Commentary  |  6/21/2017  | 
Yes, such efforts matter. But depending on them can give a false sense of security.
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
Commentary  |  6/20/2017  | 
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
Cybersecurity Fact vs. Fiction
Commentary  |  6/20/2017  | 
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
Rise of Nation State Threats: How Can Businesses Respond?
News  |  6/19/2017  | 
Cybersecurity experts discuss nation-state threats of greatest concerns, different types of attacks, and how organization can prepare.
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Commentary  |  6/19/2017  | 
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
Why Your AppSec Program Is Doomed to Fail & How to Save It
Commentary  |  6/16/2017  | 
With these measures in place, organizations can avoid common pitfalls.
Trumps Executive Order: What It Means for US Cybersecurity
Commentary  |  6/15/2017  | 
The provisions are all well and good, but its hardly the first time theyve been ordered by the White House.
How Smart Cities Can Minimize the Threat of Cyberattacks
Commentary  |  6/14/2017  | 
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
Commentary  |  6/12/2017  | 
Intruders often understand the networks they target better than their defenders do.
Your Information Isn't Being Hacked, It's Being Neglected
Commentary  |  6/9/2017  | 
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
Balancing the Risks of the Internet of Things
Commentary  |  6/7/2017  | 
Do the benefits of an Internet-connected coffee maker really outweigh its security issues?


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.
CVE-2020-24119
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
CVE-2020-27833
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...