Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Latest Content
Page 1 / 2   >   >>
Cisco: Privacy Efforts Pay Off Directly
Larry Loeb  |  1/31/2020  | 
Cisco's research has proven that beyond meeting compliance requirements, good privacy is good for business and individuals.
All Your Intel L1 Cache Belongs to CacheOut
Larry Loeb  |  1/30/2020  | 
Once again, a novel 'speculative execution side-channel' attack has been discovered by researchers.
RDG Gets Fooled by UDP
Larry Loeb  |  1/28/2020  | 
Security researchers have found that the implementation in Remote Desktop Gateway of string segmentation lays it open to memory corruption vulnerabilities.
Ransomware Costs More in Q4
Larry Loeb  |  1/27/2020  | 
In Q4 of 2019, the average ransom payment increased by 104% to $84,116, finds Coveware report.
GE Medical Instrumentation on the Critical List
Larry Loeb  |  1/24/2020  | 
DHS-CISA has issued a security advisory about GE Carescape medical instrumentation that enumerates many vulnerabilities present in them.
EFS Ransomware Slips by AV Products
Larry Loeb  |  1/23/2020  | 
Inside of Windows is a methodology called Encrypting File System. It works on individual files or folders, rather than at the whole disk level like BitLocker does.
Reusing Code? Inspect It First
Larry Loeb  |  1/21/2020  | 
Microsoft is doing something concrete about container security with the release of the Microsoft Application Inspector, a cross-platform tool whose primary objective is to identify source code features in a systematic and scalable way.
FireEye Finds Mitigation of CVE-2019-19781 Comes With a Price
Larry Loeb  |  1/20/2020  | 
One threat actor is taking advantage of the current problems with Citrix ADC/Netscaler for their own advantage.
NSA Schools Microsoft About Crypto
Larry Loeb  |  1/16/2020  | 
In an unprecedented move, the National Security Agency advised Microsoft about a bug in one of the CryptoAPI libraries used since NT 4.0 days.
Donors to Australia Fire Site Treated as Suckers by Magecart
Larry Loeb  |  1/15/2020  | 
E-commerce fraud has no morals.
Things Get Intense for Citrix ADC/Gateway
Larry Loeb  |  1/14/2020  | 
Scans have found that there are almost 10,000 vulnerable Internet-facing hosts in the US, with 2500 in Germany and 2000 in the UK.
Despite Google's Efforts, Bread Isn't Toast
Larry Loeb  |  1/13/2020  | 
The authors of the Bread malware have proven themselves to be unrelenting in their efforts to avoid being first discovered by and then dumped from Google's Play Store.
Cheap Phone Has Cheap Security
Larry Loeb  |  1/9/2020  | 
Phone looks a steal a $35 but it comes with free, pre-installed malware!
Researcher Proven Right, but It Took 10 Years
Larry Loeb  |  1/7/2020  | 
After a decade of trying, security researcher Thierry Zoller has finally seen the generalized vulnerability he found in some AV products patched.
Why Cisco's DCNM Is in a World of Trouble
Larry Loeb  |  1/6/2020  | 
Vendor's Data Center Network Manager (DCNM) has racked up three critical authentication bypass vulnerabilities at the top of the list of 12 separate problems that were announced on January 2.
FPGAs Do It Faster Than CPUs
Larry Loeb  |  1/3/2020  | 
Researchers' use of a 'Jackhammer' exploit has shown again how one problem can be exploited in many ways, with each iteration of an attack becoming faster and more efficient.
Fortinet Finds Loader Uses Updated Version of Backdoor
Larry Loeb  |  1/2/2020  | 
Security firm Fortinet has found traces of how the financially motivated FIN7 group manages to keep on delivering the Carbanak backdoor malware.
Mac Malware Breaks Into Top 5 Threats of 2019 – Malwarebytes Labs
Larry Loeb  |  12/30/2019  | 
Of the top 25 detections across all platforms, six were Mac threats, the researchers discovered.
New Botnet Uses DHT as Its Foundation
Larry Loeb  |  12/24/2019  | 
Security researchers at 360 Netlab have been watching a new botnet they call Mozi for the last four months. It's a new P2P botnet with implementation that is based on the Distributed Hash Table protocol.
5G Security Rests on an Unstable Base
Larry Loeb  |  12/23/2019  | 
Positive Technologies has issued a report on the emerging security problems of 5G signaling networks.
Happier Holidays as Ad Threat Declines
Larry Loeb  |  12/20/2019  | 
DEVCON report finds that the number of ad-threat JavaScript attacks in the US diminished year-over-year, but what attacks there were increased in sophistication.
RST Gets Fixed
Larry Loeb  |  12/18/2019  | 
Peleg Hadar of SaveBreach Labs has posted about the vulnerability he found in Intel's Rapid Storage Technology Service.
TrickBot Drops an Anchor
Larry Loeb  |  12/17/2019  | 
New threat has been used in campaigns against financial, manufacturing, and retail businesses across the US and Europe.
With Plundervolt, an Intel Processor's Secure Enclave Is No Longer Secure
Larry Loeb  |  12/16/2019  | 
Major hardware vulnerability can allow the changing of information that is supposedly stored as secure in the chips Secure Enclave.
Hardware Is the New Attack Surface – Forrester
Larry Loeb  |  12/12/2019  | 
Attackers have already begun to breach security at the BIOS level, according to a new report on BIOS security from Forrester Consulting.
Snatch Is Both Novel & Evil
Larry Loeb  |  12/11/2019  | 
The Sophos Managed Threat Response team found out that, where the Snatch ransomware is concerned, things just more ugly.
FBI's Portland Office Spies IoT Education Opportunity
Larry Loeb  |  12/10/2019  | 
The Federal Bureau of Investigation's office in Portland, Ore., uses 'Tech Tuesday' to offer IoT security advice.
CISA Alerts the Financial Sector About Dridex
Larry Loeb  |  12/9/2019  | 
One of the most prevalent threats to the financial sector, the Dridex Trojan, was the subject of a recent alert.
Zero-Day Vulnerabilities Discovered in Enterprise-Grade VPN
Larry Loeb  |  12/6/2019  | 
Aviatrix, an enterprise VPN company with customers that include NASA, Shell and BT, has recently dealt with a vulnerability that was uncovered by Immersive Labs researcher and content engineer Alex Seymour.
Azure OAuth 2.0 Vulnerability Grabs Tokens
Larry Loeb  |  12/5/2019  | 
Security firm CyberArk is now finally able to discuss a major OAuth 2.0 vulnerability that affects Microsoft Azure web services.
Spear Phishing: Don't Rise to the Bait, Says Microsoft
Larry Loeb  |  12/4/2019  | 
Be alert, be aware, and be careful about what you reveal of your company's internal processes on social media.
ATP Rises to the Polymorphic Malware Challenge
Larry Loeb  |  12/3/2019  | 
The Microsoft Defender ATP Research Team has begun to discuss a polymorphic threat, Dexphot, that it has been tracking for over a year.
The Top 25 Most Dangerous Software Errors
Larry Loeb  |  11/29/2019  | 
'Improper Restriction of Operations within the Bounds of a Memory Buffer' tops this year's list.
Solr Search Tool Can Allow Remote Code Execution (RCE) by Default
Larry Loeb  |  11/28/2019  | 
A security vulnerability affecting the Linux enterprise search tool Apache Solr has been reclassified by Tenable as 'high severity status.'
False Training Information Can Dupe Machine Learning Models
Larry Loeb  |  11/27/2019  | 
Researchers from Boston University have shown how really small amounts of disinformation can taint the learning process used by many AI programs.
Dangerous 'RIPlace' Exploit Able to Bypass AV & EDR Protections
Larry Loeb  |  11/26/2019  | 
Researchers discover way that ransomware can bypass the protections which operating system vendors have built into their products.
DePriMon: A New & Unique Way to Download Malware
Larry Loeb  |  11/25/2019  | 
ESET calls it 'a powerful, flexible and persistent tool.'
Artisans & Commercials Gang Up on Third Parties
Larry Loeb  |  11/22/2019  | 
Cybersecurity and intelligence firm AdvIntel has reported about a trend it has seen happening in the ransomware arena.
Phoenix Keylogger Rises & Steals Information
Larry Loeb  |  11/21/2019  | 
Keylogger first emerged in July 2019, and is packed with myriad information-stealing features.
MSFT Jumps on DoH
Larry Loeb  |  11/20/2019  | 
Microsoft has announced that an upcoming version of Windows 10 will have support for DNS over HTTPS.
Iran Rustles Up Its Own VPN to Hide Itself
Larry Loeb  |  11/18/2019  | 
Trend Micro has found recent traces of APT33 operations, with about a dozen Command and Control servers being used for extremely narrow targeting.
Keeping It Real Can Pay Off for Old-School Attacks
Larry Loeb  |  11/14/2019  | 
Even a previously known attack can fool the security team if it is well crafted.
How PureLocker Ransomware Bypasses AV Checks
Larry Loeb  |  11/13/2019  | 
Intezer and IBM X-Force have found a new ransomware targeted at production servers. And it's sneaky...
TCP DDoS Reflection Attacks on the Rise
Larry Loeb  |  11/12/2019  | 
Radware report picks up on a change in attacker strategy.
'Quantum Dawn' Raid as Financial Industry Simulates Global Ransomware Attack
Larry Loeb  |  11/8/2019  | 
Financial institutions in Asia, the US and the UK are put through their paces.
Study Finds Customer Data to Be Most at Risk From Insiders
Larry Loeb  |  11/6/2019  | 
Companies say that they are somewhat more worried about inadvertent insider breaches and negligent data breaches than they are about malicious intent by bad actors.
Complex Q3 DDoS Can Have 11 Attack Vectors
Larry Loeb  |  11/5/2019  | 
Link 11 has issued a summary of what they have found out about characteristics of DDoS attacks that occurred in Q3 2019.
75% of Enterprises Will Adopt a Zero Trust Solution Within a Year – Zscaler
Larry Loeb  |  11/5/2019  | 
Zero Trust Network Access (ZTNA) services are built to ensure that only authorized users can access specific applications on a network based on business policies.
Chinese-Linked APT41 Can Read Your Texts
Larry Loeb  |  10/31/2019  | 
New malware family is designed to have the ability to monitor as well as save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft.
Xhelper Will Be Back Whether You Want It or Not
Larry Loeb  |  10/30/2019  | 
Researcher says that this Trojan dropper variant of the original Android malware has infected more than 45,000 Android devices over the last six months.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11583
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-11584
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-5770
PUBLISHED: 2020-08-03
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5771
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.
CVE-2020-5772
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.