Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Content posted in February 2018
OMG: Mirai Botnet Finds New Life, Again
Larry Loeb  |  2/28/2018  | 
The Mirai botnet refuses to die. This time, it has spawned a new bot called OMG, which Fortinet researchers have seen in the wild, and it's turning IoT devices into proxy servers.
US Government Leads World in Data Breaches
Larry Loeb  |  2/26/2018  | 
US government agencies are leading the world when it comes to data breaches, and the issue seems to be getting worse, according to a new report. However, a shift to cloud may help alleviate some problems.
Equifax, Intel Help Spur SEC to Update Cybersecurity Regulations
Larry Loeb  |  2/23/2018  | 
The Equifax data breach, along with problems at Intel, has spurred the Securities and Exchange Commission to update its rules about the disclosing of cybersecurity incidents that now puts greater responsibility on CEOs and other company officers.
Coldroot RAT Sends Mac Antivirus Down a Maze
Larry Loeb  |  2/21/2018  | 
A new blog by a Digita Security researchers finds that Coldroot RAT, which specifically targets Mac and macOS users, is still eluding detection from different antivirus engines, even though it's available on GitHub.
Microsoft Vulnerabilities More Than Doubled in 2017 Report
Larry Loeb  |  2/19/2018  | 
A comprehensive exam by security vendor Avecto found that the number of vulnerabilities in Microsoft's products increased from 234 to 685 between 2016 and 2017.
DoubleDoor IoT Botnet Is a Harbinger of Exploits to Come
Larry Loeb  |  2/16/2018  | 
NewSky researchers are looking into DoubleDoor, a new type of IoT botnet that combines two exploits together. It also shows what kind of security challenges lie ahead for the enterprise.
Mozilla Leads the Way to Safer Browser Development
Larry Loeb  |  2/14/2018  | 
Mozilla is looking to make web browsers safer by adding new developer features into Firefox that should make the HTTPS protocol a must-have way to transmit for websites.
Windows 10 Bypassing Passwords With Fujitu's PalmSecure Biometrics
Larry Loeb  |  2/12/2018  | 
Microsoft is looking to overcome the password dilemma by incorporating Fujitsu's PalmSecure biometric technology into Windows 10.
Forcepoint Finds New Malware Hiding in PoS Machines
Larry Loeb  |  2/9/2018  | 
The malware, which resembles a LogMeIn service pack, can capture data from credit cards and then reproduce the card or other information. However, Forcepoint believes this strain of malware is still under development.
Fidelis Researchers Demo Dangerous Covert Channel in Digital Certificates
Larry Loeb  |  2/7/2018  | 
Researchers at Fidelis have found a way to exploit a flaw in the X.509 certificate protocol to create a covert data exchange channel.
Trend Micro Finds 89 Malicious Chrome Extensions Dispensing 'Malvertising'
Larry Loeb  |  2/5/2018  | 
All 89 of these malicious Google Chrome Extensions come from one group calling itself Droidclub.
Strava Data Leaks Show Limit of What We Can Protect
Larry Loeb  |  2/2/2018  | 
When news spread this week that data leaking from Strava's fitness app could pinpoint where soldiers were training, it showed that sometimes even the best security practices have their limits.


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27660
PUBLISHED: 2020-11-30
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVE-2020-27659
PUBLISHED: 2020-11-30
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
CVE-2020-29127
PUBLISHED: 2020-11-30
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=&csppage=cgi_PgOverview&csplang=en is visit...
CVE-2020-25624
PUBLISHED: 2020-11-30
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...