Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Content posted in January 2018
Ransomware Shows There's no Honor Among Cyberthieves
Larry Loeb  |  1/31/2018  | 
Proofpoint has found that one group of cybercrooks is stealing from other gangs of cybercriminals by using a proxy Tor browser to steal Bitcoins used to pay off ransomware threats.
OilRig's Use of RGDoor Shows Sophistication of Nation-State Attacks
Larry Loeb  |  1/29/2018  | 
OilRig, a group linked to Iran, has been installing RGDoor, a secondary backdoor that can reopen a system even if it's been fixed. Its use shows how sophisticated nation-state attacks are becoming.
Security Spending Increasing, Along With Data Breaches
Larry Loeb  |  1/29/2018  | 
In one of those good news/bad news reports on the state of security, the amount of money being spent on security is expected to increase this year, but the number of data breaches is also rising.\r\n\r\n
Linus Torvalds: Intel's Spectre Patch Is 'Complete & Utter Garbage'
Larry Loeb  |  1/24/2018  | 
In a scathing assessment of Intel's efforts to patch the Spectre flaw, Linux inventor Linus Torvalds offers no quarter for the chipmaker.
SamSam Ransomware Continues Making Hospitals Sick
Larry Loeb  |  1/22/2018  | 
SamSam or Samas continues to surface in hospitals and other healthcare facilities. The way the ransomware works shows how vulnerable healthcare is to these particular types of attacks.
Spectre Can Obfuscate Tracking Tools, Too
Larry Loeb  |  1/19/2018  | 
As the security community learns more about the Spectre vulnerability, clever coders are already finding other exploits. Here's looking at the first of many.
Google Chrome Extensions Hide Malice
Larry Loeb  |  1/17/2018  | 
Researchers from ICEBEG found malicious code hiding in four popular Google Chrome extensions. The search giant is working to fix the problem.
After Spectre & Meltdown, Intel Faces an 'Evil Maid' Problem
Larry Loeb  |  1/16/2018  | 
In a rough start to 2018, Intel is dealing with the Spectre and Meltdown vulnerabilities in its CPUs, and now the chip maker is confronting reports of a flaw that leaves chips open to an 'Evil Maid' attack.
Security Warning: Intel Inside
Larry Loeb  |  1/12/2018  | 
At CES, Intel CEO Brian Krzanich looked to reassure the whole industry that the chip maker would ensure that its processors were secure following the Meltdown and Spectre disclosures.
WPA3 Standard Teased at CES Following KRACK Attack
Larry Loeb  |  1/10/2018  | 
A few months after the KRACK attack, the Wi-Fi Alliance unveiled a few details about the upcoming WPA3 standards, with an emphasis on security and encryption.
Dell EMC, VMware Race to Plug Virtual Appliance Security Hole
Larry Loeb  |  1/9/2018  | 
Dell EMC, along with VMware, are hard at work plugging a zero-day exploit that targets the companies' virtual appliance gear.
Meltdown & Spectre News Gets Worse – & Better
Larry Loeb  |  1/4/2018  | 
Intel CPU vulnerabilities grow in scope but patches to address the problem are beginning to be deployed.
Autofill Brings Automatic Vulnerability
Larry Loeb  |  1/2/2018  | 
A vulnerability in browser-based autofill may mean that your users are spilling the beans on much more than they know.
Chain of Flaws Threatens Win 10
Larry Loeb  |  1/1/2018  | 
Chaining multiple vulnerabilities can create attacks that threaten millions of Windows 10 computers.


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27660
PUBLISHED: 2020-11-30
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVE-2020-27659
PUBLISHED: 2020-11-30
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
CVE-2020-29127
PUBLISHED: 2020-11-30
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=&csppage=cgi_PgOverview&csplang=en is visit...
CVE-2020-25624
PUBLISHED: 2020-11-30
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...