Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Insider Threats
Page 1 / 2   >   >>
Gamifying Password Training Shows Security Benefits
News  |  8/10/2020  | 
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.
A Most Personal Threat: Implantable Medical Devices
News  |  8/5/2020  | 
Alan Michaels,director of the Electronic Systems Lab at the Virginia Tech Hume Center, explains why implanted medical devices could pose a threat to secure communication facilities.
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
News  |  8/5/2020  | 
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Commentary  |  7/27/2020  | 
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Commentary  |  7/10/2020  | 
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
10 Tips for Maintaining Information Security During Layoffs
Slideshows  |  6/2/2020  | 
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
Banking on Data Security in a Time of Insecurity
Commentary  |  6/2/2020  | 
How banks can maintain security and data integrity in the middle of a pandemic.
Data Loss Spikes Under COVID-19 Lockdowns
News  |  5/28/2020  | 
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
Standing Privilege: The Attacker's Advantage
Commentary  |  5/27/2020  | 
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
Long-Term Remote Work: Keeping Workers Productive & Secure
Commentary  |  5/19/2020  | 
The pandemic has changed how we get work done. Now, data security must catch up.
Compliance as a Way to Reduce the Risk of Insider Threats
Commentary  |  5/14/2020  | 
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
Rule of Thumb: USB Killers Pose Real Threat
Commentary  |  5/11/2020  | 
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
Industrial Networks' Newest Threat: Remote Users
Commentary  |  5/1/2020  | 
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
Cloud Services Are the New Critical Infrastructure. Can We Rely on Them?
Commentary  |  4/27/2020  | 
If cloud services vendors successfully asked themselves these three questions, we'd all be better off.
How the Dark Web Fuels Insider Threats
Commentary  |  4/23/2020  | 
New decentralized, criminal marketplaces and "as-a-service" offerings make it easy for employees to monetize their knowledge and access to enterprise networks and systems.
Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19
Commentary  |  4/20/2020  | 
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.
5 Things Ransomware Taught Me About Responding in a Crisis
Commentary  |  4/16/2020  | 
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
Commentary  |  4/2/2020  | 
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Commentary  |  3/30/2020  | 
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
Security Ratings Are a Dangerous Fantasy
Commentary  |  3/20/2020  | 
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
VPN Usage Surges as More Nations Shut Down Offices
News  |  3/19/2020  | 
As social distancing becomes the norm, interest in virtual private networks has rocketed, with some providers already seeing a doubling in users and traffic since the beginning of the year.
3 Tips to Stay Secure When You Lose an Employee
Commentary  |  3/10/2020  | 
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.
How Network Metadata Can Transform Compromise Assessment
Commentary  |  3/10/2020  | 
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
Former Acting Inspector General Charged in Federal Fraud Scheme
Quick Hits  |  3/6/2020  | 
A federal grand jury has indicted Charles K. Edwards on 16 counts related to a conspiracy to steal software from one department and sell an enhanced version to another.
Physical Flaws: Intel's Root-of-Trust Issue Mostly Mitigated
News  |  3/6/2020  | 
An insider, or security expert with physical access, can compromise the hardware protections of Intel chips sold in the past five years.
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
Commentary  |  1/22/2020  | 
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
Time for Insider-Threat Programs to Grow Up
News  |  1/2/2020  | 
Immature programs attempting to protect against damaging attacks by insiders run the risk of alienating employees.
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Commentary  |  12/18/2019  | 
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
A Security Strategy That Centers on Humans, Not Bugs
Commentary  |  11/19/2019  | 
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
A Realistic Threat Model for the Masses
Commentary  |  10/9/2019  | 
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
From Spyware to Ninja Cable
Commentary  |  9/9/2019  | 
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.
CISOs Must Evolve to a Data-First Security Program
Commentary  |  7/30/2019  | 
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
Insider Threats: An M&A Dealmaker's Nightmare
Commentary  |  7/9/2019  | 
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
Commentary  |  6/24/2019  | 
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
What 3 Powerful GoT Women Teach Us about Cybersecurity
Commentary  |  6/11/2019  | 
Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security.
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Commentary  |  5/22/2019  | 
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
World Password Day or Groundhog Day?
Commentary  |  5/2/2019  | 
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
1 in 4 Workers Are Aware Of Security Guidelines but Ignore Them
News  |  4/23/2019  | 
Even more are knowingly connecting to unsecure networks and sharing confidential information through collaboration platforms, according to Symphony Communication Services.
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Commentary  |  4/18/2019  | 
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
7 Tips for an Effective Employee Security Awareness Program
Slideshows  |  4/17/2019  | 
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Ignore the Insider Threat at Your Peril
Commentary  |  4/8/2019  | 
Attacks from insiders often go undiscovered for months or years, so the potential impact can be huge. These 11 countermeasures can mitigate the damage.
The Matrix at 20: A Metaphor for Today's Cybersecurity Challenges
Commentary  |  4/5/2019  | 
The Matrix ushered in a new generation of sci-fi movies and futuristic plotlines with a relentless, seemingly invulnerable set of villains. Twenty years later, that theme is all too familiar to security pros.
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
News  |  3/26/2019  | 
Ret. Admiral Michael Rogers who served as head of the NSA and the US Cyber Command from 2014 to 2018 on how to handle the risk of insiders exposing an organization's sensitive data.
IT Leaders, Employees Divided on Data Security
Quick Hits  |  3/25/2019  | 
Execs and employees have dramatically different ideas of how much information is being lost and why a gap that puts enterprise data in grave danger.
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats
News  |  3/21/2019  | 
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
The Insider Threat: It's More Common Than You Think
Commentary  |  3/20/2019  | 
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
The Case of the Missing Data
Commentary  |  3/19/2019  | 
The latest twist in the Equifax breach has serious implications for organizations.
Debunking 5 Myths About Zero Trust Security
Commentary  |  3/7/2019  | 
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
Why Cybersecurity Burnout Is Real (and What to Do About It)
Commentary  |  2/21/2019  | 
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
Identifying, Understanding & Combating Insider Threats
Commentary  |  2/12/2019  | 
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16275
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-16276
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16277
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16278
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-15139
PUBLISHED: 2020-08-10
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Mes...