Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Page 1 / 3   >   >>
Boosting Security Effectiveness with 'Adjuvants'
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 5/17/2018
Comment4 comments  |  Read  |  Post a Comment
Electroneum Cryptomining Targets Microsoft IIS 6.0 Vulnerability
Andrey Shalnev, F5 Security ResearcherCommentary
New campaign shows that there are still systems exposed to the year-old CVE20177269 vuln on an operating system that was declared end-of-life three years ago.
By Andrey Shalnev F5 Security Researcher, 5/10/2018
Comment0 comments  |  Read  |  Post a Comment
4 Critical Applications and How to Protect Them
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Since critical apps are, well, critical, security teams must take preventive measures to keep attackers from exploiting their vulnerabilities.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
Europe and Asia Take on More DDoS Attacks
Sara Boddy, Principal Threat Research EvangelistCommentary
While North American targets have historically been on the receiving end of the majority of DDoS attacks since their inception, that trend changed in 2017.
By Sara Boddy Principal Threat Research Evangelist, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Researchers Discover Second rTorrent Vulnerability Campaign
Andrey Shalnev, F5 Security ResearcherCommentary
This time attackers appears to have spoofed the Recording Industry Association of America (RIAA) and New York University (NYU) user-agents.
By Andrey Shalnev F5 Security Researcher, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
How Attackers Can Exploit rTorrent with Monero Cryptocurrency Miner
Andrey Shalnev, F5 Security ResearcherCommentary
As cryptomining campaigns become more profitable, cybercriminals are becoming more creative about finding new ways to extend their operations.
By Andrey Shalnev F5 Security Researcher, 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Cryptomining: Fast-Becoming the Web's Most Profitable Attack Method
Travis Kreikemeier, F5 Systems EngineerCommentary
The ROI of 'cryptojacking' has never been higher, making bitcoin and other cryptocurrencies a more attractive target for cybercriminals. Here's why.
By Travis Kreikemeier F5 Systems Engineer, 4/5/2018
Comment0 comments  |  Read  |  Post a Comment
Deconstructing a Business Email Compromise Attack
David Holmes, World-Wide Security Evangelist, F5Commentary
How a tech-savvy New Jersey couple outwitted a German hacker group and saved their home and life savings.
By David Holmes World-Wide Security Evangelist, F5, 3/29/2018
Comment0 comments  |  Read  |  Post a Comment
Applications & Identities Initial Targets in 86% of Breaches: Report
Sara Boddy, Principal Threat Research EvangelistCommentary
The startling numbers of breached data are sobering: 11.8 billion records compromised in 337 of 433 incidents examined by F5 researchers. They include 10.3 billion usernames, passwords, and email accounts.
By Sara Boddy Principal Threat Research Evangelist, 3/22/2018
Comment0 comments  |  Read  |  Post a Comment
Journey to the Cloud: Overcoming Security Risks
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Lessons learned from a global consultancy's 10-year transition from on-premises to 99% cloud-based infrastructure.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 3/1/2018
Comment0 comments  |  Read  |  Post a Comment
Security Liability in an 'Assume Breach' World
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
The Mirai Botnet Is Attacking Again
David Holmes, World-Wide Security Evangelist, F5Commentary
And the spinoff bots and all their command and control hostnames buried in the morass of digital data are hilarious.
By David Holmes World-Wide Security Evangelist, F5, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
BrickerBot: Internet Vigilantism Ends Don't Justify the Means
Justin Shattuck, Principal Threat Research EvangelistCommentary
However noble the intention, obtaining unauthorized access to devices and making them unusable is illegal and undermines the work of ethical researchers.
By Justin Shattuck Principal Threat Research Evangelist, 2/8/2018
Comment1 Comment  |  Read  |  Post a Comment
Ramnit's Holiday Shopping Spree: Retailers & E-commerce
Doron Voolf, Malware Analyst, F5 Security Operations Center (SOC)Commentary
This past season, the authors of a traditional banking Trojan focused on what people do between Thanksgiving and New Year's Day: shop, eat, check their bank account, and entertain.
By Doron Voolf Malware Analyst, F5 Security Operations Center (SOC), 2/1/2018
Comment0 comments  |  Read  |  Post a Comment
Avoiding the Epidemic of Hospital Hacks
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 1/25/2018
Comment0 comments  |  Read  |  Post a Comment
The Startup Challenge: Safe in the Cloud from Day One
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
How a Seattle travel company built a rock-solid mobile app without sacrificing performance or security.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 1/18/2018
Comment0 comments  |  Read  |  Post a Comment
Why Facebook Security Questions Are no Substitute for MFA
Lori MacVittie, Commentary
If identity is established based on one thing you know and one thing you have, the latter should not also be a thing you know because in the sharing economy, we share everything.
By Lori MacVittie , 1/11/2018
Comment1 Comment  |  Read  |  Post a Comment
Be a More Effective CISO by Aligning Security to the Business
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/21/2017
Comment6 comments  |  Read  |  Post a Comment
Is a Good Offense the Best Defense Against Hackers?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
A proposed new law could make it legal for companies to hack back against attacker. But will it work?
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/14/2017
Comment0 comments  |  Read  |  Post a Comment
Why Third-Party Security Is your Security
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Managing third-party risk isn't just a good idea, in many cases, it's the law. This security framework can help you minimize the threat.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
Page 1 / 3   >   >>
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...