Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Content posted in August 2018
Exploitable Flaws Found in Trusted Platform Module 2.0
Larry Loeb  |  8/31/2018  | 
The US Department of Defense uses the TPM as a key element in dealing with security of device identification and authentication, encryption and similar tasks.
Data Leaks Via Smart Light Bulbs? Believe It
Larry Loeb  |  8/29/2018  | 
Researchers from the University of Texas at San Antonio have shown it's possible to exfiltrate data from a smart-bulb system. But there's no need to go back to candles just yet.
Microsoft Outlook Backdoor Amped Up by Russia-Linked Group
Larry Loeb  |  8/28/2018  | 
The Russia-linked Turla group uses PDF attachments to email messages to exfiltrate data, according to ESET.\r\n
Apache Struts Critical Weakness Found, Patched
Larry Loeb  |  8/24/2018  | 
The open source framework for Java-based web apps has a critical flaw the Apache Software Foundation is trying to counter.
Microsoft Yanks Suspected Russian-Intelligence Domains
Larry Loeb  |  8/22/2018  | 
Microsoft has pulled the plug on domains it suspected as fronts for Russian Intelligence. The company says the targets were US conservative groups.
Electrical Grid Attack via IoT Devices Successfully Simulated
Larry Loeb  |  8/21/2018  | 
Researchers have successfully simulated an attack on an electrical power grid that employs IoT devices to trigger a blackout.
Foreshadow-NG Vulnerability Sets Tech Giants Scrambling
Larry Loeb  |  8/20/2018  | 
Foreshadow vulnerabilities expose processors and even the cloud to penetration.
IETF Makes Transport Layer Security Version 1.3 Official
Larry Loeb  |  8/15/2018  | 
TLS 1.3 is now the industry standard for secure Internet connections via HTTPS.
Microsoft Cortana Vulnerability Can Unlock a Locked Windows PC
Larry Loeb  |  8/13/2018  | 
At Black Hat, researchers showed how a vulnerability in Cortana can unlock a locked Windows PC. Microsoft has patched the flaw, but questions remain.
Smart Cities Need to Get Smarter About Cybersecurity
Larry Loeb  |  8/10/2018  | 
At the 2018 Black Hat conference, IBM's X-Force Red and Threatcare found that smart cities are as vulnerable to attack as any enterprise network.
Employees Remain the Weak Link in Your Company's Cybersecurity Plans
Larry Loeb  |  8/8/2018  | 
Another report, this time from Finn Partners Research, shows that employees remain the weakest link in the cybersecurity chain.
Phishing Attacks Increase in Q1 as Cybercrooks Look for New Victims
Larry Loeb  |  8/6/2018  | 
An analysis by APWG saw a significant increase in the number of phishing attacks in the first quarter of this year, as cybercriminals looked for new victims.
Researcher Finds Way to Bypass SOP Within Microsoft Edge Browser
Larry Loeb  |  8/3/2018  | 
For years, SOP has made sure that browsing stays safe by isolating different websites. Now, a researcher found a way around the protocol within Microsoft's Edge browser.
Sophisticated Malvertising Campaign Involves 10,000 WordPress Sites
Larry Loeb  |  8/1/2018  | 
A CheckPoint study has uncovered a complex malvertising schemes that involves more than 10,000 WordPress-hosted sites, and an ecosystem of ad-networks and resellers.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14310
PUBLISHED: 2020-07-31
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a ma...
CVE-2020-14311
PUBLISHED: 2020-07-31
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-5413
PUBLISHED: 2020-07-31
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains mali...
CVE-2020-5414
PUBLISHED: 2020-07-31
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are a...
CVE-2019-11286
PUBLISHED: 2020-07-31
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the ...