Vulnerabilities / Threats //

Insider Threats

News & Commentary
Insider Threats & Insider Objections
Richard Ford, Chief Scientist, ForcepointCommentary
The tyranny of the urgent and three other reasons why its hard for CISOs to establish a robust insider threat prevention program.
By Richard Ford Chief Scientist, Forcepoint, 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
55% of Companies Don't Offer Mandatory Security Awareness Training
Dark Reading Staff, Quick Hits
Even those that provide employee training do so sparingly, a new study finds.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
The Case for a Human Security Officer
Ira Winkler, CISSP, President, Secure MentemCommentary
Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.
By Ira Winkler CISSP, President, Secure Mentem, 12/5/2018
Comment2 comments  |  Read  |  Post a Comment
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360Commentary
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
By Shay Colson CISSP, Senior Manager, CyberClarity360, 11/13/2018
Comment3 comments  |  Read  |  Post a Comment
7 Non-Computer Hacks That Should Never Happen
Steve Zurier, Freelance Writer
From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.
By Steve Zurier Freelance Writer, 11/5/2018
Comment3 comments  |  Read  |  Post a Comment
Chinese Intel Agents Indicted for 5-Year IP Theft Campaign
Sara Peters, Senior Editor at Dark ReadingNews
Intelligence agents aimed for aerospace manufacturing targets, with help of cyberattackers, corporate insiders, and one IT security manager.
By Sara Peters Senior Editor at Dark Reading, 10/31/2018
Comment1 Comment  |  Read  |  Post a Comment
Risky Business: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 10/19/2018
Comment2 comments  |  Read  |  Post a Comment
Audits: The Missing Layer in Cybersecurity
Brennan P. Baybeck, CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of DirectorsCommentary
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
By Brennan P. Baybeck CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of Directors, 10/18/2018
Comment2 comments  |  Read  |  Post a Comment
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/16/2018
Comment5 comments  |  Read  |  Post a Comment
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda NetworksCommentary
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
By Asaf Cidon Vice President, Content Security Services, at Barracuda Networks, 10/15/2018
Comment2 comments  |  Read  |  Post a Comment
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
By Steve Zurier Freelance Writer, 10/12/2018
Comment9 comments  |  Read  |  Post a Comment
How Data Security Improves When You Engage Employees in the Process
Robert E. Crossler, Assistant Professor of Information Systems, Washington State UniversityCommentary
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
By Robert E. Crossler Assistant Professor of Information Systems, Washington State University, 9/28/2018
Comment6 comments  |  Read  |  Post a Comment
IT Professionals Think They're Better Than Their Security
Dark Reading Staff, Quick Hits
More than half of professionals think they have a good shot at a successful insider attack.
By Dark Reading Staff , 8/29/2018
Comment2 comments  |  Read  |  Post a Comment
How One Companys Cybersecurity Problem Becomes Another's Fraud Problem
Curtis Jordan, Lead Security Engineer, TruSTARCommentary
The solution: When security teams see something in cyberspace, they need to say something.
By Curtis Jordan Lead Security Engineer, TruSTAR, 8/29/2018
Comment8 comments  |  Read  |  Post a Comment
A False Sense of Security
Steve Durbin, Managing Director of the Information Security ForumCommentary
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
By Steve Durbin Managing Director of the Information Security Forum, 8/24/2018
Comment1 Comment  |  Read  |  Post a Comment
Using Threat Deception on Malicious Insiders
Dark Reading Staff, CommentaryVideo
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Leveraging the Power of your End-Users Human Cognition
Dark Reading Staff, CommentaryVideo
Cofense CEO Rohyt Belani makes a case for more aggressively leveraging the unique ability of your most perceptive and well-trained end-users to help you more quickly spot and stop email threats.
By Dark Reading Staff , 8/17/2018
Comment1 Comment  |  Read  |  Post a Comment
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark ReadingNews
Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.
By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018
Comment1 Comment  |  Read  |  Post a Comment
10 Threats Lurking on the Dark Web
Steve Zurier, Freelance Writer
Despite some high-profile takedowns last year, the Dark Web remains alive and well. Here's a compilation of some of the more prolific threats that loom.
By Steve Zurier Freelance Writer, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
How GDPR Could Turn Privileged Insiders into Bribery Targets
Mark Coates, VP, EMEA, Dtex SystemsCommentary
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
By Mark Coates VP, EMEA, Dtex Systems, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20228
PUBLISHED: 2018-12-19
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
CVE-2018-20230
PUBLISHED: 2018-12-19
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-20231
PUBLISHED: 2018-12-19
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.
CVE-2018-20227
PUBLISHED: 2018-12-19
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...