Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in September 2016
Cybercriminals' Superior Business Savvy Keeps Them Ahead
Cybercriminals' Superior Business Savvy Keeps Them Ahead
Dark Reading Videos  |  9/30/2016  | 
Rick Holland of Digital Shadows explains how the attackers' superior business agility, faster change management, specialized job force, lower barriers to entry and bulletproof hosting keeps them ahead of the good guys.
Cybercrime-as-a-Service Offered To Militants, Terrorists, Says Europol
Quick Hits  |  9/30/2016  | 
The Darknet could provide ample resources and services for terrorists to carry out attacks, claims report.
Russian Hackers Target Citizen Journalists Reporting On Malaysian Airlines Crash
News  |  9/28/2016  | 
Bellingcats reporters have been hit with spear phishing attacks and account takeover attempts for over a year, ThreatConnect says.
Top Democrats Tell Putin To Halt Hacking Of US Political Parties
Quick Hits  |  9/23/2016  | 
Russia trying to influence November presidential elections, say Senator Dianne Feinstein and Rep. Adam Schiff.
Biometric Skimmers Pose Emerging Threat To ATMs
News  |  9/22/2016  | 
Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.
Majority Of Major Corporations Have User Credentials Stolen And Exposed
News  |  9/21/2016  | 
Companies in the entertainment and technology sectors are far more exposed than others, Digital Shadows analysis shows.
Zscaler Warns Of New iSpy Commercial Keylogger
News  |  9/20/2016  | 
Malware steals user data, license keys to popular applications.
The Future Of AI-Based Cybersecurity: It's Here Now
The Future Of AI-Based Cybersecurity: It's Here Now
Dark Reading Videos  |  9/19/2016  | 
Stuart McClure, president and CEO of Cylance, stops by the Dark Reading News Desk at Black Hat.
Whats The Risk? 3 Things To Know About Chatbots & Cybersecurity
Commentary  |  9/19/2016  | 
Interactive message bots are useful and becoming more popular, but they raise serious security issues.
Republican Lawmaker Withdraws Hack Allegations Saying He Misspoke
Quick Hits  |  9/16/2016  | 
Michael McCaul had earlier alleged that like DNC, the Republican National Committee computers were also breached by Russian hackers.
Microsoft Patches Zero Day Flaw Used In Two Massive Malvertising Campaigns
News  |  9/14/2016  | 
Bug gave attackers a way to identify and avoid systems belonging to security researchers and vendors, Proofpoint says.
France's Online Criminal Underground Built On Foundation Of Distrust
News  |  9/14/2016  | 
French criminals seeking black market goods and services -- cyber and otherwise -- have to look in darker shadows and work harder to prove their felonious credibility.
Cybersecurity In The Obama Era
Slideshows  |  9/13/2016  | 
Our roundup of the Obama administrations major initiatives, executive orders and actions over the past seven and a half years. How would you grade the president's cybersecurity achievements?
Israeli Teenagers Held For Allegedly Running Hacking Service
Quick Hits  |  9/13/2016  | 
The two 18-year-olds were responsible for more than 150,000 DDoS attacks which earned them around $600,000 in two years, say reports.
PCI Security Update Targets PIN System Vendors
News  |  9/12/2016  | 
New requirements cover physical and logical security controls.
Obama Calls For Norms To Prevent 'Cyber Wild Wild West'
Quick Hits  |  9/8/2016  | 
At G-20 summit, US President warns of a free-for-all if urgent measures are not taken by countries with cyber weapons capabilities.
The Shifting Mindset Of Financial Services CSOs
Commentary  |  9/8/2016  | 
Theyre getting more realistic and developing strategies to close security gaps.
Network Management Systems Vulnerable To SNMP Attacks
News  |  9/7/2016  | 
Products from many vendors vulnerable to XSS attacks because of basic input validation errors, Rapid7 says in report.
Look The Other Way: DDoS Attacks As Diversions
Look The Other Way: DDoS Attacks As Diversions
Dark Reading Videos  |  9/7/2016  | 
Black Hat News Desk talks to Joe Loveless of Neustar.
Bad Boys, Whatcha Gonna Do When They Come For You?
Bad Boys, Whatcha Gonna Do When They Come For You?
Dark Reading Videos  |  9/7/2016  | 
A Black Hat News Desk discussion with Shehzad Merchant of Gigamon.
Cryptographic Key Reuse Remains Widespread In Embedded Products
News  |  9/6/2016  | 
Nine months after SEC Consult warned about the reuse of private keys and certificates in routers, modems, other products, problem has grown worse.
Apple Issues Patches To Fix Trident Flaws In OS X El Capitan, Yosemite
News  |  9/2/2016  | 
Same zero-day flaws had been patched earlier in iOS as well
Air-Gapped Systems Foiled Again, Via USB Drive
News  |  9/1/2016  | 
Researchers at Israels Ben-Gurion University have come up with another novel way to extract data from air-gapped systems, at least theoretically.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.
CVE-2020-24119
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
CVE-2020-27833
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...