Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
4 Habits of Highly Effective Security Operators
Ricardo Villadiego, Founder and CEO of LumuCommentary
These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small.
By Ricardo Villadiego Founder and CEO of Lumu, 6/18/2021
Comment0 comments  |  Read  |  Post a Comment
Trickbot Investigation Shows Details of Massive Cybercrime Effort
Robert Lemos, Contributing WriterNews
Nearly a score of cybercriminals allegedly worked together to create the Trickbot malware and deploy it against more than a million users, an unsealed indictment claims.
By Robert Lemos Contributing Writer, 6/11/2021
Comment0 comments  |  Read  |  Post a Comment
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
Jai Vijayan, Contributing WriterNews
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
By Jai Vijayan Contributing Writer, 6/11/2021
Comment0 comments  |  Read  |  Post a Comment
Deepfakes Are on the Rise, but Don't Panic Just Yet
John Donegan, Enterprise analyst at ManageEngineCommentary
Deepfakes will likely give way to deep suspicion, as users try to sort legitimate media from malicious.
By John Donegan Enterprise analyst at ManageEngine, 6/10/2021
Comment0 comments  |  Read  |  Post a Comment
First Known Malware Surfaces Targeting Windows Containers
Jai Vijayan, Contributing WriterNews
Siloscape is designed to create a backdoor in Kubernetes clusters to run malicious containers.
By Jai Vijayan Contributing Writer, 6/7/2021
Comment0 comments  |  Read  |  Post a Comment
Is Your Adversary James Bond or Mr. Bean?
Jonathan Couch, Senior VP of Strategy, ThreatQuotientCommentary
Especially with nation-state attacks, its critical to assess whether you're up against jet fighter strength or a bumbler who tries to pick locks.
By Jonathan Couch Senior VP of Strategy, ThreatQuotient, 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
CISO Confidence Is Rising, but Issues Remain
Marc Wilczek, Digital Strategist & COO of Link11Commentary
New research reveals how global CISOs dealt with COVID-19 and their plans for 20222023.
By Marc Wilczek Digital Strategist & COO of Link11, 6/1/2021
Comment0 comments  |  Read  |  Post a Comment
BazaLoader Attackers Create Fake Movie Streaming Site to Trick Victims
Dark Reading Staff, Quick Hits
The BazaLoader infection chain includes a live call center and "customer service" from criminals, researchers report.
By Dark Reading Staff , 5/27/2021
Comment0 comments  |  Read  |  Post a Comment
ExtraHop Explains How Advanced Threats Dominate Threat Landscape
Terry Sweeney, Contributing EditorCommentary
SPONSORED: WATCH NOW -- How do SOC professionals build a strategy when they lack basic information about how such threats operate? Advanced threats by their very nature create plenty of uncertainty, according to Matt Cauthorn, VP of cloud security for ExtraHop.
By Terry Sweeney Contributing Editor, 5/27/2021
Comment0 comments  |  Read  |  Post a Comment
Russia Profiting from Massive Hydra Cybercrime Marketplace
Robert Lemos, Contributing WriterNews
An analysis of Bitcoin transactions from the Hydra marketplace show that the operators are locking sellers into Russian exchanges, likely fueling profits for local actors.
By Robert Lemos Contributing Writer, 5/25/2021
Comment0 comments  |  Read  |  Post a Comment
Sophos Research Uncovers Widespread Use of TLS By Cybercriminals
Terry Sweeney, Contributing EditorCommentary
SPONSORED CONTENT: Nearly half of all malware is being disseminated via the Transport Layer Security cryptographic protocol, says Dan Schiappa, executive VP and chief product officer for Sophos.
By Terry Sweeney Contributing Editor, 5/24/2021
Comment0 comments  |  Read  |  Post a Comment
Latest Security News From RSAC 2021
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2021.
By Dark Reading Staff , 5/21/2021
Comment0 comments  |  Read  |  Post a Comment
Lack of Skills, Maturity Hamper Threat Hunting at Many Organizations
Jai Vijayan, Contributing WriterNews
When implemented correctly, threat hunting can help organizations stay head of threats, researcher says at RSA Conference.
By Jai Vijayan Contributing Writer, 5/20/2021
Comment0 comments  |  Read  |  Post a Comment
Security Providers Describe New Solutions (& Growing Threats) at RSAC
Terry Sweeney, Contributing EditorCommentary
SPONSORED CONTENT: Watch now -- Leading security companies meet Dark Reading in the RSA Conference Broadcast Alley to talk about tackling insider threat, SOC complexity, cyber resilience, mobile security, attacker evasion, supply chain threats, ransomware, and more.
By Terry Sweeney Contributing Editor, 5/20/2021
Comment1 Comment  |  Read  |  Post a Comment
Automation & Pervasive, Connected Technology to Pose Cyber Threats in 2030
Robert Lemos, Contributing WriterNews
A project to look at potential cybersecurity threats in a decade sees hackers and marketers sending spam directly to our vision, while attackers' automated systems adapt faster than defenses.
By Robert Lemos Contributing Writer, 5/19/2021
Comment0 comments  |  Read  |  Post a Comment
How Ransomware Encourages Opportunists to Become Criminals
Charles Herring, CTO and Co-Founder, WitFooCommentary
And what's needed to stop it: Better information sharing among private organizations and with law enforcement agencies.
By Charles Herring CTO and Co-Founder, WitFoo, 5/19/2021
Comment0 comments  |  Read  |  Post a Comment
How to Mitigate Against Domain Credential Theft
Zur Ulianitzky & Yaron Shani, Head of Security Research , XM Cyber / Senior Cybersecurity Researcher, XM CyberCommentary
Attackers routinely reuse stolen domain credentials. Here are some ways to thwart their access.
By Zur Ulianitzky & Yaron Shani Head of Security Research , XM Cyber / Senior Cybersecurity Researcher, XM Cyber, 5/18/2021
Comment0 comments  |  Read  |  Post a Comment
Wi-Fi Design, Implementation Flaws Allow a Range of Frag Attacks
Robert Lemos, Contributing WriterNews
Every Wi-Fi product is affected by at least one fragmentation and aggregation vulnerability, which could lead to a machine-in-the-middle attack, researcher says.
By Robert Lemos Contributing Writer, 5/14/2021
Comment0 comments  |  Read  |  Post a Comment
Adobe Issues Patch for Acrobat Zero-Day
Dark Reading Staff, Quick Hits
The vulnerability is being exploited in limited attacks against Adobe Reader users on Windows.
By Dark Reading Staff , 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Greetings, Earthlings
John Klossner, CartoonistCommentary
And the winner of Dark Reading's April cartoon caption contest is ...
By John Klossner Cartoonist, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33818
PUBLISHED: 2021-06-18
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVE-2021-33820
PUBLISHED: 2021-06-18
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.
CVE-2021-33822
PUBLISHED: 2021-06-18
An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVE-2020-18442
PUBLISHED: 2021-06-18
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
CVE-2021-3604
PUBLISHED: 2021-06-18
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.