Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
Threaded  |  Newest First  |  Oldest First
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
10/18/2018 | 10:12:20 AM
Silver lining to morphing threat actor challenges
Yes, the quieter, more stealthy successor versions of an organization can be more dangerous - but careful reexamination of the originating entity should provide valuable clues, which will help identify and anticipate the new threats.  Digital leopards can change their spots, but not their mitochondrial DNA. 

Just as legitimate businesses will always have vulnerabilities due to continuity, bad actor organizations will drag personnel, structure, style, habits and other legacy elements into their new integuments. 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/24/2018 | 2:56:36 PM
Re: Silver lining to morphing threat actor challenges
Think - bad actors don't even have to breach a system,just provide a bona-fide threat to the system and it is considered breached or in question.  That alone assures their work has the desired effect.   Disrupt an election just by the threat of doing so.  And then done and move on.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-43790
PUBLISHED: 2021-11-30
Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduce...
CVE-2021-44428
PUBLISHED: 2021-11-29
Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1.
CVE-2021-44429
PUBLISHED: 2021-11-29
Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145.
CVE-2021-44427
PUBLISHED: 2021-11-29
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
CVE-2021-43783
PUBLISHED: 2021-11-29
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend ho...