Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Content posted in June 2018
'Bad Bots' Invading Cellular Networks
Larry Loeb  |  6/29/2018  | 
A new research paper from Distil Networks finds that 'bad bots' are roaming cellular networks and are using these gateways as part of numerous attacks.
Wi-Fi Alliance: WPA3 Standard Will Improve WiFi Security, Encryption
Larry Loeb  |  6/27/2018  | 
After 20 years, the Wi-Fi Alliance has released a new WiFi standard WPA3 which looks to offer greater security and encryption to consumers in the home as well as enterprise networks.
Adware & Cryptomining Remain Top Enterprise Security Threats
Larry Loeb  |  6/25/2018  | 
New research from Morphisec Labs finds that adware remains a consistent if under-reported security problem for many enterprises. At the same time, cryptomining remains the go-to attack for many cybercriminals.
Google, Roku, Sonus Rush Out Patches for DNS Vulnerability
Larry Loeb  |  6/22/2018  | 
DNS rebinding might be ancient in security terms, but it's scary enough that Google, Roku and Sonos rushed through patches to address recent concerns.
Betabot Trojan Reborn in New Sophisticated Form
Larry Loeb  |  6/20/2018  | 
As far as malware goes, the Betabot Trojan has gone through several different incarnations. However, its latest form might be the most sophisticated and laying the groundwork for an even larger attack.
Decades-Old Vulnerability Allows Spoofing of Encryption Tools
Larry Loeb  |  6/18/2018  | 
While GnuPG, Enigmail, GPGTools and python-gnupg have all patched the SigSpoof vulnerability, this old flaw shows how encryption tools can be spoofed.
Intel Chips' 'Lazy FP' Vulnerability Could Leak Secure Data
Larry Loeb  |  6/15/2018  | 
A group of security researchers have found a new vulnerability with Intel's chips that can theoretically allow an attack to utilize the 'Lazy FP' state of the process and gain access to sensitive data.
Lazarus Suspected of Attacking South Korea Sites With Zero-Day Exploit
Larry Loeb  |  6/13/2018  | 
The North Korea-linked Lazarus Group is suspected of using a flaw in ActiveX to attack websites in South Korea, according to research from AlienVault.
Cryptomining Malware, Cryptojacking Remain Top Security Threats
Larry Loeb  |  6/11/2018  | 
Check Point's new global index report finds that cryptomining malware and cryptojacking schemes have surpassed ransomware as the number one threat to IT security.
ZipSlip Flaw Lets Attackers Inject Malware Into Open Source Projects
Larry Loeb  |  6/8/2018  | 
The newly discovered ZipSlip flaw opens a big hole for malware in many open source projects. Here's what developers need to know.
Microsoft's GitHub Deal: Following Developers & Security Into the Cloud
Larry Loeb  |  6/6/2018  | 
Microsoft's $7.5 billion deal for GitHub this week means different things to different people, but for Redmond, it's all about developers, cloud and securing all that data. And that's not a bad thing.
RIG Exploit Finds New Home in Cryptomining
Larry Loeb  |  6/4/2018  | 
The RIG exploit kit has found a new, more lucrative home in cryptomining.
BackSwap Banking Trojan Shows How Malware Evolves
Larry Loeb  |  6/1/2018  | 
The newly discovered BackSwap baking Trojan is designed to avoid the security protections that vendors and businesses have created to stop these types of malware attacks.


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27660
PUBLISHED: 2020-11-30
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVE-2020-27659
PUBLISHED: 2020-11-30
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
CVE-2020-29127
PUBLISHED: 2020-11-30
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=&csppage=cgi_PgOverview&csplang=en is visit...
CVE-2020-25624
PUBLISHED: 2020-11-30
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...