Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Content posted in August 2018
Exploitable Flaws Found in Trusted Platform Module 2.0
Larry Loeb  |  8/31/2018  | 
The US Department of Defense uses the TPM as a key element in dealing with security of device identification and authentication, encryption and similar tasks.
Data Leaks Via Smart Light Bulbs? Believe It
Larry Loeb  |  8/29/2018  | 
Researchers from the University of Texas at San Antonio have shown it's possible to exfiltrate data from a smart-bulb system. But there's no need to go back to candles just yet.
Microsoft Outlook Backdoor Amped Up by Russia-Linked Group
Larry Loeb  |  8/28/2018  | 
The Russia-linked Turla group uses PDF attachments to email messages to exfiltrate data, according to ESET.\r\n
Apache Struts Critical Weakness Found, Patched
Larry Loeb  |  8/24/2018  | 
The open source framework for Java-based web apps has a critical flaw the Apache Software Foundation is trying to counter.
Microsoft Yanks Suspected Russian-Intelligence Domains
Larry Loeb  |  8/22/2018  | 
Microsoft has pulled the plug on domains it suspected as fronts for Russian Intelligence. The company says the targets were US conservative groups.
Electrical Grid Attack via IoT Devices Successfully Simulated
Larry Loeb  |  8/21/2018  | 
Researchers have successfully simulated an attack on an electrical power grid that employs IoT devices to trigger a blackout.
Foreshadow-NG Vulnerability Sets Tech Giants Scrambling
Larry Loeb  |  8/20/2018  | 
Foreshadow vulnerabilities expose processors and even the cloud to penetration.
IETF Makes Transport Layer Security Version 1.3 Official
Larry Loeb  |  8/15/2018  | 
TLS 1.3 is now the industry standard for secure Internet connections via HTTPS.
Microsoft Cortana Vulnerability Can Unlock a Locked Windows PC
Larry Loeb  |  8/13/2018  | 
At Black Hat, researchers showed how a vulnerability in Cortana can unlock a locked Windows PC. Microsoft has patched the flaw, but questions remain.
Smart Cities Need to Get Smarter About Cybersecurity
Larry Loeb  |  8/10/2018  | 
At the 2018 Black Hat conference, IBM's X-Force Red and Threatcare found that smart cities are as vulnerable to attack as any enterprise network.
Employees Remain the Weak Link in Your Company's Cybersecurity Plans
Larry Loeb  |  8/8/2018  | 
Another report, this time from Finn Partners Research, shows that employees remain the weakest link in the cybersecurity chain.
Phishing Attacks Increase in Q1 as Cybercrooks Look for New Victims
Larry Loeb  |  8/6/2018  | 
An analysis by APWG saw a significant increase in the number of phishing attacks in the first quarter of this year, as cybercriminals looked for new victims.
Researcher Finds Way to Bypass SOP Within Microsoft Edge Browser
Larry Loeb  |  8/3/2018  | 
For years, SOP has made sure that browsing stays safe by isolating different websites. Now, a researcher found a way around the protocol within Microsoft's Edge browser.
Sophisticated Malvertising Campaign Involves 10,000 WordPress Sites
Larry Loeb  |  8/1/2018  | 
A CheckPoint study has uncovered a complex malvertising schemes that involves more than 10,000 WordPress-hosted sites, and an ecosystem of ad-networks and resellers.


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27660
PUBLISHED: 2020-11-30
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVE-2020-27659
PUBLISHED: 2020-11-30
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
CVE-2020-29127
PUBLISHED: 2020-11-30
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=&csppage=cgi_PgOverview&csplang=en is visit...
CVE-2020-25624
PUBLISHED: 2020-11-30
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...