Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in August 2016
New 'Fantom' Ransomware Poses As Windows Update
News  |  8/30/2016  | 
Fantom malware comes disguised as a legitimate Microsoft Windows update to trick consumers and business users into downloading it.
Malware Markets: Exposing The Hype & Filtering The Noise
Commentary  |  8/30/2016  | 
Theres a lot of useful infosec information out there, but cutting through clutter is harder than it should be.
Malware Found In Iran Petro Plants
Quick Hits  |  8/30/2016  | 
Virus not linked to recent fires in oil and gas facilities across the country, says official.
US Think Tanks Involved In Russia Research Allegedly Hacked
Quick Hits  |  8/30/2016  | 
Russia-backed DNC hacker COZY BEAR behind these spearphish attacks on individuals and organizations, says CrowdStrike.
Report: Hackers Breach Two State Election Databases, FBI Warns
Quick Hits  |  8/29/2016  | 
FBI's need-to-know-only advisory doesn't specify, but Yahoo News' sources say it refers to 'suspected foreign hackers' targeting voter registration databases in Arizona and Illinois.
Multiple Apple iOS Zero-Days Enabled Firm To Spy On Targeted iPhone Users For Years
News  |  8/26/2016  | 
Victims of lawful intercepts include human rights activists and journalist, researchers from Citizen Lab and Lookout say.
Apple Releases Patch For 'Trident,' A Trio Of iOS 0-Days
Quick Hits  |  8/25/2016  | 
Already rolled into the Pegasus spyware product and used to target social activists, the vulnerabilities are fixed in iOS 9.3.5.
French Submarine Firm Claims Economic Warfare After Massive Data Leak
News  |  8/24/2016  | 
The Australian publishes over 22,000 documents on six DCNS Scorpene subs that are being built in India
Hit-And-Run Tactics Fuel Growth In DDoS Attacks
News  |  8/23/2016  | 
A majority of organizations in Imperva DDoS study suffer multiple consecutive attacks.
Eddie Bauer Reports Intrusion Into Point Of Sale Network
News  |  8/19/2016  | 
Data belonging to customers who used payment cards at all 370 Eddie Bauer locations in the US, Canada compromised.
3 Takeaways From The HEI Hotels And Oracle MICROS Breaches
News  |  8/18/2016  | 
Attacks another reminder of the fragility of the US payment system.
Operation Ghoul Targets Industrial, Engineering Companies In 30 Countries
News  |  8/17/2016  | 
Attack campaign appears to be more about financial gain than industrial theft or sabotage, however.
Cerber Ransomware Could Net $2 Million Its First Year
News  |  8/16/2016  | 
A study of the Cerber operation's ransomware-as-a-service model highlights just how lucrative this cybercrime can be.
Iran Probes Cyber Role In Fires Across Gas Facilities
Quick Hits  |  8/15/2016  | 
Country rocked by a string of explosions in petroleum facilities causing millions of dollars in damage.
30 More Victims Pinned On Highly Selective Cyberespionage Group
News  |  8/9/2016  | 
Kaspersky Lab says newly discovered threat actor ProjectSauron -- called Strider by Symantec -- has hit organizations in Russia, Rwanda, Iran, and Italian-speaking nations.
Symantec Discovers Strider, A New CyberEspionage Group
News  |  8/8/2016  | 
In action five years, highly selective threat actor has only been known to compromise seven organizations.
Apple Finally Launches Bug Bounty Program
News  |  8/4/2016  | 
Security researchers will be eligible for bounties of up to $200,000. But for the moment the program is invite-only
Dark Reading News Desk Coming Back To Black Hat, Live
News  |  8/4/2016  | 
Live from Las Vegas: over 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, starting at 2 p.m. ET.
Best Of Black Hat Innovation Awards: And The Winners Are
Commentary  |  8/3/2016  | 
Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging company; Paul Vixie, most innovative thought leader.
Researchers Show How To Steal Payment Card Data From PIN Pads
News  |  8/3/2016  | 
Attack works even against chip-enabled EMV smartcards.
Dark Reading Radio at Black Hat 2016: 2 Shows, 4 #BHUSA Presenters
Commentary  |  8/2/2016  | 
Even if you can't physically be at Black Hat USA 2016, Dark Reading offers a virtual alternative to engage with presenters about hot show topics and trends.
3 Steps Towards Building Cyber Resilience Into Critical Infrastructure
Commentary  |  8/2/2016  | 
The integration of asset management, incident response processes and education is critical to improving the industrial control system cybersecurity landscape.


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21331
PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
CVE-2021-27940
PUBLISHED: 2021-03-03
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
CVE-2021-21312
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...
CVE-2021-21313
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper...
CVE-2021-21314
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.