Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Content posted in February 2018
OMG: Mirai Botnet Finds New Life, Again
Larry Loeb  |  2/28/2018  | 
The Mirai botnet refuses to die. This time, it has spawned a new bot called OMG, which Fortinet researchers have seen in the wild, and it's turning IoT devices into proxy servers.
US Government Leads World in Data Breaches
Larry Loeb  |  2/26/2018  | 
US government agencies are leading the world when it comes to data breaches, and the issue seems to be getting worse, according to a new report. However, a shift to cloud may help alleviate some problems.
Equifax, Intel Help Spur SEC to Update Cybersecurity Regulations
Larry Loeb  |  2/23/2018  | 
The Equifax data breach, along with problems at Intel, has spurred the Securities and Exchange Commission to update its rules about the disclosing of cybersecurity incidents that now puts greater responsibility on CEOs and other company officers.
Coldroot RAT Sends Mac Antivirus Down a Maze
Larry Loeb  |  2/21/2018  | 
A new blog by a Digita Security researchers finds that Coldroot RAT, which specifically targets Mac and macOS users, is still eluding detection from different antivirus engines, even though it's available on GitHub.
Microsoft Vulnerabilities More Than Doubled in 2017 Report
Larry Loeb  |  2/19/2018  | 
A comprehensive exam by security vendor Avecto found that the number of vulnerabilities in Microsoft's products increased from 234 to 685 between 2016 and 2017.
DoubleDoor IoT Botnet Is a Harbinger of Exploits to Come
Larry Loeb  |  2/16/2018  | 
NewSky researchers are looking into DoubleDoor, a new type of IoT botnet that combines two exploits together. It also shows what kind of security challenges lie ahead for the enterprise.
Mozilla Leads the Way to Safer Browser Development
Larry Loeb  |  2/14/2018  | 
Mozilla is looking to make web browsers safer by adding new developer features into Firefox that should make the HTTPS protocol a must-have way to transmit for websites.
Windows 10 Bypassing Passwords With Fujitu's PalmSecure Biometrics
Larry Loeb  |  2/12/2018  | 
Microsoft is looking to overcome the password dilemma by incorporating Fujitsu's PalmSecure biometric technology into Windows 10.
Forcepoint Finds New Malware Hiding in PoS Machines
Larry Loeb  |  2/9/2018  | 
The malware, which resembles a LogMeIn service pack, can capture data from credit cards and then reproduce the card or other information. However, Forcepoint believes this strain of malware is still under development.
Fidelis Researchers Demo Dangerous Covert Channel in Digital Certificates
Larry Loeb  |  2/7/2018  | 
Researchers at Fidelis have found a way to exploit a flaw in the X.509 certificate protocol to create a covert data exchange channel.
Trend Micro Finds 89 Malicious Chrome Extensions Dispensing 'Malvertising'
Larry Loeb  |  2/5/2018  | 
All 89 of these malicious Google Chrome Extensions come from one group calling itself Droidclub.
Strava Data Leaks Show Limit of What We Can Protect
Larry Loeb  |  2/2/2018  | 
When news spread this week that data leaking from Strava's fitness app could pinpoint where soldiers were training, it showed that sometimes even the best security practices have their limits.


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.