Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Content posted in March 2019
Android Banking Trojan 'Gustuff' Becomes More Dangerous
Larry Loeb  |  3/29/2019  | 
New report puts Gustuff into the same threat tier as Anubis, Red Alert, Exobot, LokiBot and BankBot.
Worldwide Study Finds Limited Advances Against Evolving Threats
Larry Loeb  |  3/28/2019  | 
Security vendor SonicWall has issued its SonicWall Cyber Threat Report based on its experiences in 2018.
Investigation Into LockerGoga Ransomware Finds Flaws in the Code
Larry Loeb  |  3/27/2019  | 
Preliminary analysis of LockerGoga shows it has, in its current forms, limited ability to spread in a network.
WordPress Zero-Day Vulnerability Found in 'Social Warfare' Plugin
Larry Loeb  |  3/26/2019  | 
'Social Warfare' was open to attacks through use of a stored Cross-Site Scripting (XSS) vulnerability that was introduced with the latest change made to the plugin (3.5.2).
Norsk Hydro: This Is How You React to a Ransomware Breach
Larry Loeb  |  3/25/2019  | 
The company's response to a massive ransomware attack is an object lesson in how to do it right.
Facebook Exposes Millions of Unencrypted User Passwords
Larry Loeb  |  3/22/2019  | 
It's an internal matter – but it could affect millions of the social network's users.
FIN7 Resurfaces With New Malware Techniques
Larry Loeb  |  3/22/2019  | 
The FIN7 group of cyber criminals is still going strong.
Evidence Found of Malware Families Collaborating
Larry Loeb  |  3/20/2019  | 
IBM's X-Force has found that intertwined relationships exist between the Trickbot, Gozi, Ramnit and IcedID malware families – and that spells trouble.
Cyber Attacks Grow by 55% in 2018 & Data Theft Dominates – Report
Larry Loeb  |  3/19/2019  | 
The findings from Positive Technologies aren't that, erm, positive.
Study Shows Massive Attacks Bypassing MFA
Larry Loeb  |  3/18/2019  | 
Multi-factor authentication is no silver bullet for security problems.
New IoT Device Regulation Establishes Base Line for Security
Larry Loeb  |  3/15/2019  | 
Legislation seeks to use the spending power of the government, which, if the bill goes through, will only be able to acquire those IoT devices that meet the bill's requirements.
North Korea Circumvents Sanctions Through Cybercrime, Says Report
Larry Loeb  |  3/14/2019  | 
The UN report believes the DPRK has snaffled up half a billion dollars so far through nefarious means.
Enterprise Is the Target of 'Big Game Hunting'
Larry Loeb  |  3/11/2019  | 
GrandCrab has mutated, and enterprises should be worried.
Study Finds 77% of Mobile Users Compromised by Leak of PII Data
Larry Loeb  |  3/8/2019  | 
It doesn't help that 43% of companies have at least one mobile device with no lock screen active.
InfoSec Community Excited as NSA Releases Ghidra 9.0 to the Public
Larry Loeb  |  3/7/2019  | 
At the RSA Conference in San Francisco this week, the National Security Agency released to the public one of its internal tools, Ghidra 9.0, which is used for software reverse engineering. The NSA has been using it internally for a decade.
Qbot Mutation Poses Global Threat
Larry Loeb  |  3/5/2019  | 
Once again, we can see how malware change will defeat static signature analysis.
Boosted Rowhammer & Cache Attacks Spell Bad News for Intel
Larry Loeb  |  3/5/2019  | 
Researchers from Worcester Polytechnic Institute in Massachusetts and the University of Lbeck in Germany have published a paper that is really bad news for Intel.
Akamai's Stats Reveal Retail's Vulnerability
Larry Loeb  |  3/4/2019  | 
A single AIO bot can target more than 120 retailers at once.
Digital Signatures Can Be Forged in PDF Docs
Larry Loeb  |  3/1/2019  | 
Researchers in Germany have figured out three different ways to forge digital signatures in PDF documents.


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27660
PUBLISHED: 2020-11-30
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVE-2020-27659
PUBLISHED: 2020-11-30
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
CVE-2020-29127
PUBLISHED: 2020-11-30
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=&csppage=cgi_PgOverview&csplang=en is visit...
CVE-2020-25624
PUBLISHED: 2020-11-30
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...