Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Advanced Threats posted in September 2017
Why Your Business Must Care about Privacy
Commentary  |  9/26/2017  | 
It might not have something to hide, but it definitely has something to protect.
FBI's Freese Shares Risk Management Tips
News  |  9/26/2017  | 
Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.
After DHS Notice, 21 States Reveal They Were Targeted During Election
Quick Hits  |  9/25/2017  | 
Election officials in swing states Florida, Ohio, and Pennsylvania among those who report Russian state-sponsored attackers targeted their systems.
Security's #1 Problem: Economic Incentives
Commentary  |  9/25/2017  | 
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
Why Size Doesn't Matter in DDoS Attacks
Commentary  |  9/21/2017  | 
Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."
Get Serious about IoT Security
Commentary  |  9/20/2017  | 
These four best practices will help safeguard your organization in the Internet of Things.
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Commentary  |  9/19/2017  | 
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
To Be Ready for the Security Future, Pay Attention to the Security Past
Commentary  |  9/18/2017  | 
It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.
5 Problems That Keep CISOs Awake at Night
Commentary  |  9/13/2017  | 
The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.
The 'Team of Teams' Model for Cybersecurity
Commentary  |  9/12/2017  | 
Security leaders can learn some valuable lessons from a real-life military model.
Deception: A Convincing New Approach to Cyber Defense
Commentary  |  9/12/2017  | 
How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Dark Reading Videos  |  9/8/2017  | 
Ruben Santamarta shows radio-based vulnerabilities and investigates how the integrity of critical data can be manipulated to simulate, complicate or exacerbate emergency situations.
Is Public Sector Cybersecurity Adequate?
Commentary  |  9/7/2017  | 
Many governmental organizations are unstaffed, underfunded, and unprepared to fight common attacks, and they could learn a thing or two from the private sector.
Is Your Organization Merely PCI-Compliant or Is It Actually Secure?
Commentary  |  9/6/2017  | 
The Host Identity Protocol might be the answer to inadequate check-the-box security standards.
Activists Beware: The Latest In 3G & 4G Spying
Activists Beware: The Latest In 3G & 4G Spying
Dark Reading Videos  |  9/5/2017  | 
Ravi Borgaonkar describes new 3G & 4G vulnerabilities that enable IMSI catchers to be smarter, stealthier snoopers.
3 Ways AI Could Help Resolve the Cybersecurity Talent Crisis
Commentary  |  9/5/2017  | 
There's no escaping the fact that there's a skills shortage, and companies aren't doing enough to cultivate talent. AI could relieve some of the pressure.
Automated Lateral Movement: Targeted Attack Tools for the Masses
Automated Lateral Movement: Targeted Attack Tools for the Masses
Dark Reading Videos  |  9/1/2017  | 
Tal Be'ery and Tal Maor explain that the most pervasive, worst defended tactic of sophisticated attackers will soon be ready for script kiddies, and release GoFetch: a new lateral movement automation tool.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37457
PUBLISHED: 2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).
CVE-2021-37458
PUBLISHED: 2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).
CVE-2021-37459
PUBLISHED: 2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).
CVE-2021-37460
PUBLISHED: 2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).
CVE-2021-37461
PUBLISHED: 2021-07-25
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).