Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Page 1 / 3   >   >>
Boosting Security Effectiveness with 'Adjuvants'
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 5/17/2018
Comment4 comments  |  Read  |  Post a Comment
Electroneum Cryptomining Targets Microsoft IIS 6.0 Vulnerability
Andrey Shalnev, F5 Security ResearcherCommentary
New campaign shows that there are still systems exposed to the year-old CVE20177269 vuln on an operating system that was declared end-of-life three years ago.
By Andrey Shalnev F5 Security Researcher, 5/10/2018
Comment0 comments  |  Read  |  Post a Comment
4 Critical Applications and How to Protect Them
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Since critical apps are, well, critical, security teams must take preventive measures to keep attackers from exploiting their vulnerabilities.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
Europe and Asia Take on More DDoS Attacks
Sara Boddy, Principal Threat Research EvangelistCommentary
While North American targets have historically been on the receiving end of the majority of DDoS attacks since their inception, that trend changed in 2017.
By Sara Boddy Principal Threat Research Evangelist, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Researchers Discover Second rTorrent Vulnerability Campaign
Andrey Shalnev, F5 Security ResearcherCommentary
This time attackers appears to have spoofed the Recording Industry Association of America (RIAA) and New York University (NYU) user-agents.
By Andrey Shalnev F5 Security Researcher, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
How Attackers Can Exploit rTorrent with Monero Cryptocurrency Miner
Andrey Shalnev, F5 Security ResearcherCommentary
As cryptomining campaigns become more profitable, cybercriminals are becoming more creative about finding new ways to extend their operations.
By Andrey Shalnev F5 Security Researcher, 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Cryptomining: Fast-Becoming the Web's Most Profitable Attack Method
Travis Kreikemeier, F5 Systems EngineerCommentary
The ROI of 'cryptojacking' has never been higher, making bitcoin and other cryptocurrencies a more attractive target for cybercriminals. Here's why.
By Travis Kreikemeier F5 Systems Engineer, 4/5/2018
Comment0 comments  |  Read  |  Post a Comment
Deconstructing a Business Email Compromise Attack
David Holmes, World-Wide Security Evangelist, F5Commentary
How a tech-savvy New Jersey couple outwitted a German hacker group and saved their home and life savings.
By David Holmes World-Wide Security Evangelist, F5, 3/29/2018
Comment0 comments  |  Read  |  Post a Comment
Applications & Identities Initial Targets in 86% of Breaches: Report
Sara Boddy, Principal Threat Research EvangelistCommentary
The startling numbers of breached data are sobering: 11.8 billion records compromised in 337 of 433 incidents examined by F5 researchers. They include 10.3 billion usernames, passwords, and email accounts.
By Sara Boddy Principal Threat Research Evangelist, 3/22/2018
Comment0 comments  |  Read  |  Post a Comment
Journey to the Cloud: Overcoming Security Risks
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Lessons learned from a global consultancy's 10-year transition from on-premises to 99% cloud-based infrastructure.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 3/1/2018
Comment0 comments  |  Read  |  Post a Comment
Security Liability in an 'Assume Breach' World
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
The Mirai Botnet Is Attacking Again
David Holmes, World-Wide Security Evangelist, F5Commentary
And the spinoff bots and all their command and control hostnames buried in the morass of digital data are hilarious.
By David Holmes World-Wide Security Evangelist, F5, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
BrickerBot: Internet Vigilantism Ends Don't Justify the Means
Justin Shattuck, Principal Threat Research EvangelistCommentary
However noble the intention, obtaining unauthorized access to devices and making them unusable is illegal and undermines the work of ethical researchers.
By Justin Shattuck Principal Threat Research Evangelist, 2/8/2018
Comment1 Comment  |  Read  |  Post a Comment
Ramnit's Holiday Shopping Spree: Retailers & E-commerce
Doron Voolf, Malware Analyst, F5 Security Operations Center (SOC)Commentary
This past season, the authors of a traditional banking Trojan focused on what people do between Thanksgiving and New Year's Day: shop, eat, check their bank account, and entertain.
By Doron Voolf Malware Analyst, F5 Security Operations Center (SOC), 2/1/2018
Comment0 comments  |  Read  |  Post a Comment
Avoiding the Epidemic of Hospital Hacks
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 1/25/2018
Comment0 comments  |  Read  |  Post a Comment
The Startup Challenge: Safe in the Cloud from Day One
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
How a Seattle travel company built a rock-solid mobile app without sacrificing performance or security.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 1/18/2018
Comment0 comments  |  Read  |  Post a Comment
Why Facebook Security Questions Are no Substitute for MFA
Lori MacVittie, Commentary
If identity is established based on one thing you know and one thing you have, the latter should not also be a thing you know because in the sharing economy, we share everything.
By Lori MacVittie , 1/11/2018
Comment1 Comment  |  Read  |  Post a Comment
Be a More Effective CISO by Aligning Security to the Business
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/21/2017
Comment6 comments  |  Read  |  Post a Comment
Is a Good Offense the Best Defense Against Hackers?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
A proposed new law could make it legal for companies to hack back against attacker. But will it work?
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/14/2017
Comment0 comments  |  Read  |  Post a Comment
Why Third-Party Security Is your Security
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Managing third-party risk isn't just a good idea, in many cases, it's the law. This security framework can help you minimize the threat.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
Page 1 / 3   >   >>
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
Ericka Chickowski, Contributing Writer,  12/2/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19647
PUBLISHED: 2019-12-09
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2019-19648
PUBLISHED: 2019-12-09
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.