Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Content posted in September 2018
Magecart Group Likely Behind Increase in Formjacking Attacks
Larry Loeb  |  9/28/2018  | 
A recent analysis by Symantec researchers has found a significant increase in formjacking attacks. The reason, according to some, is an increase in activity from the Magecart group.
Adwind RAT Squeaks Past Linux, Windows, macOS Defenses
Larry Loeb  |  9/26/2018  | 
A newer version of the Adwind 3.0 Trojan can elude the AV defenses of Linux, Windows and macOS systems, according to Talos and ReversingLabs.
Malicious Bot-Enabled, Credential-Stuffing Jamming Networks
Larry Loeb  |  9/24/2018  | 
A research report from Akamai finds the number of bot-enabled, credential-stuffing incidents has spiked in recent months, jamming networks with malicious traffic.
Cloudflare Looks to Take the Pain Out of DNSSEC Protocol Adoption
Larry Loeb  |  9/21/2018  | 
Uptake of the newer DNSSEC protocol has been slow, but a new tool from Cloudflare looks to make it easier to ensure secure websites and more control over DNS.
Data Breach Can Affect Company's Long-Term Stock Price
Larry Loeb  |  9/19/2018  | 
A recent study by CompariTech finds that data breaches can have some long-term effects when it comes to a company's stock price, but most of the financial damage diminishes over time.
Fuji's Electric V-Server Susceptible to Numerous Vulnerabilities
Larry Loeb  |  9/17/2018  | 
Another industrial control system is shown to have a series of serious flaws. This time, it's Fuji's Electric V-Server, according to warnings from ICS-CERT.
OpenSSL 1.1.1 Released With TLS 1.3 Support
Larry Loeb  |  9/14/2018  | 
The 1.1.1 version of OpenSSL, the popular cryptography library for encrypted communications, has been released with support for TLS 1.3, as well as other improvements.
NordVPN & ProtonVPN Offerings Vulnerable to Code Execution Attack
Larry Loeb  |  9/12/2018  | 
A report from Cisco Talos found that VPNs developed by NordVPN and ProtonVPN were each vulnerable to the same code execution attack.
Cryptominers Rush to Exploit Apache Struts 2 Vulnerability
Larry Loeb  |  9/10/2018  | 
The Apache Struts 2 vulnerability was revealed about two weeks ago. Now F5 Labs has found that it's being used in a Monero cryptomining exploit.
US Is No. 1 in Malicious Web Addresses
Larry Loeb  |  9/7/2018  | 
Palo Alto Network's Unit 42 has found that from April to June 2018 the US was numero uno in hosting malicious domains and exploit kits.
Attackers Snoop on MikroTik Router Traffic
Larry Loeb  |  9/6/2018  | 
Researchers at Qihoo 360 Netlab report that unknown attackers have eavesdropped on the traffic of thousands of MikroTik routers.
Leaders & Employees Confess Cybersecurity Mistakes – Switchfast Report
Larry Loeb  |  9/5/2018  | 
Leaders of small and midsized business are making common cybersecurity goofs and failing to model the right behaviors.


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27660
PUBLISHED: 2020-11-30
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVE-2020-27659
PUBLISHED: 2020-11-30
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
CVE-2020-29127
PUBLISHED: 2020-11-30
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=&csppage=cgi_PgOverview&csplang=en is visit...
CVE-2020-25624
PUBLISHED: 2020-11-30
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...