Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Content posted in March 2019
Android Banking Trojan 'Gustuff' Becomes More Dangerous
Larry Loeb  |  3/29/2019  | 
New report puts Gustuff into the same threat tier as Anubis, Red Alert, Exobot, LokiBot and BankBot.
Worldwide Study Finds Limited Advances Against Evolving Threats
Larry Loeb  |  3/28/2019  | 
Security vendor SonicWall has issued its SonicWall Cyber Threat Report based on its experiences in 2018.
Investigation Into LockerGoga Ransomware Finds Flaws in the Code
Larry Loeb  |  3/27/2019  | 
Preliminary analysis of LockerGoga shows it has, in its current forms, limited ability to spread in a network.
WordPress Zero-Day Vulnerability Found in 'Social Warfare' Plugin
Larry Loeb  |  3/26/2019  | 
'Social Warfare' was open to attacks through use of a stored Cross-Site Scripting (XSS) vulnerability that was introduced with the latest change made to the plugin (3.5.2).
Norsk Hydro: This Is How You React to a Ransomware Breach
Larry Loeb  |  3/25/2019  | 
The company's response to a massive ransomware attack is an object lesson in how to do it right.
Facebook Exposes Millions of Unencrypted User Passwords
Larry Loeb  |  3/22/2019  | 
It's an internal matter – but it could affect millions of the social network's users.
FIN7 Resurfaces With New Malware Techniques
Larry Loeb  |  3/22/2019  | 
The FIN7 group of cyber criminals is still going strong.
Evidence Found of Malware Families Collaborating
Larry Loeb  |  3/20/2019  | 
IBM's X-Force has found that intertwined relationships exist between the Trickbot, Gozi, Ramnit and IcedID malware families – and that spells trouble.
Cyber Attacks Grow by 55% in 2018 & Data Theft Dominates – Report
Larry Loeb  |  3/19/2019  | 
The findings from Positive Technologies aren't that, erm, positive.
Study Shows Massive Attacks Bypassing MFA
Larry Loeb  |  3/18/2019  | 
Multi-factor authentication is no silver bullet for security problems.
New IoT Device Regulation Establishes Base Line for Security
Larry Loeb  |  3/15/2019  | 
Legislation seeks to use the spending power of the government, which, if the bill goes through, will only be able to acquire those IoT devices that meet the bill's requirements.
North Korea Circumvents Sanctions Through Cybercrime, Says Report
Larry Loeb  |  3/14/2019  | 
The UN report believes the DPRK has snaffled up half a billion dollars so far through nefarious means.
Enterprise Is the Target of 'Big Game Hunting'
Larry Loeb  |  3/11/2019  | 
GrandCrab has mutated, and enterprises should be worried.
Study Finds 77% of Mobile Users Compromised by Leak of PII Data
Larry Loeb  |  3/8/2019  | 
It doesn't help that 43% of companies have at least one mobile device with no lock screen active.
InfoSec Community Excited as NSA Releases Ghidra 9.0 to the Public
Larry Loeb  |  3/7/2019  | 
At the RSA Conference in San Francisco this week, the National Security Agency released to the public one of its internal tools, Ghidra 9.0, which is used for software reverse engineering. The NSA has been using it internally for a decade.
Qbot Mutation Poses Global Threat
Larry Loeb  |  3/5/2019  | 
Once again, we can see how malware change will defeat static signature analysis.
Boosted Rowhammer & Cache Attacks Spell Bad News for Intel
Larry Loeb  |  3/5/2019  | 
Researchers from Worcester Polytechnic Institute in Massachusetts and the University of Lbeck in Germany have published a paper that is really bad news for Intel.
Akamai's Stats Reveal Retail's Vulnerability
Larry Loeb  |  3/4/2019  | 
A single AIO bot can target more than 120 retailers at once.
Digital Signatures Can Be Forged in PDF Docs
Larry Loeb  |  3/1/2019  | 
Researchers in Germany have figured out three different ways to forge digital signatures in PDF documents.


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.