Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Insider Threats
Page 1 / 2   >   >>
Let's Stop Blaming Employees for Our Data Breaches
Commentary  |  5/27/2021  | 
Assuming employees want to steal trade secrets pits them against your security teams, creates stress and reduces productivity.
Orange: Your Leaky Security is Coming from Inside the House!
Commentary  |  5/26/2021  | 
SPONSORED: Your home WiFi router may be screaming fast, but it's also a major point of vulnerability in this work-from-home era, says Charl van der Walt, head of security research at Orange Cyberdefense. And while Zero Trust offers some relief, he offers up some how-to advice to ensure it's properly deployed.
The Adversary Within: Preventing Disaster From Insider Threats
Commentary  |  5/25/2021  | 
Insiders are in a position of trust, and their elevated permissions provide opportunities to cause serious harm to critical business applications and processes.
Former FBI Employee Indicted for Taking Documents Home
Quick Hits  |  5/24/2021  | 
The long-time intelligence analyst was accused of inappropriately handling documents related to national security.
Security Providers Describe New Solutions (& Growing Threats) at RSAC
Commentary  |  5/20/2021  | 
SPONSORED CONTENT: Watch now -- Leading security companies meet Dark Reading in the RSA Conference Broadcast Alley to talk about tackling insider threat, SOC complexity, cyber resilience, mobile security, attacker evasion, supply chain threats, ransomware, and more.
Why Anti-Phishing Training Isn't Enough
Commentary  |  5/18/2021  | 
Not only is relying on employees' awareness insufficient to prevent sophisticated social engineering attacks, some training methods can create other problems.
Insider Data Leaks: A Growing Enterprise Threat
Quick Hits  |  4/23/2021  | 
Report finds 85% of employees are more likely to leak sensitive files now than before the COVID-19 pandemic.
Name That Toon: Greetings, Earthlings
Commentary  |  4/22/2021  | 
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
How to Attack Yourself Better in 2021
Commentary  |  4/21/2021  | 
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
Software Developer Arrested in Computer Sabotage Case
Quick Hits  |  4/15/2021  | 
Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.
US Tech Dominance Rides on Securing Intellectual Property
Commentary  |  4/2/2021  | 
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It
News  |  4/1/2021  | 
Attackers commonly focus on finding users with too much privileged access as their ticket to network compromise. What can companies do?
Russian Man Pleads Guilty in Thwarted Tesla Hack
Quick Hits  |  3/19/2021  | 
Egor Kriuchkov will be sentenced in May on conspiracy charge
Zero Trust in the Real World
Commentary  |  2/10/2021  | 
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.
Multivector Attacks Demand Security Controls at the Messaging Level
Commentary  |  2/10/2021  | 
As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.
How Neurodiversity Can Strengthen Cybersecurity Defense
Commentary  |  2/9/2021  | 
Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Commentary  |  1/12/2021  | 
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Commentary  |  12/29/2020  | 
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
Defending the COVID-19 Vaccine Supply Chain
Commentary  |  12/28/2020  | 
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
Researchers Scan for Supply-Side Threats in Open Source
News  |  11/17/2020  | 
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
Dealing With Insider Threats in the Age of COVID
Commentary  |  10/21/2020  | 
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Commentary  |  10/21/2020  | 
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
Building the Human Firewall
Commentary  |  10/20/2020  | 
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
Security Officers, Are Your Employees Practicing Good Habits from Home?
Commentary  |  10/12/2020  | 
Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Commentary  |  9/16/2020  | 
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests
News  |  9/4/2020  | 
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.
The Inside Threat from Psychological Manipulators
Commentary  |  8/27/2020  | 
How internal manipulators can actually degrade your organization's cyber defense, and how to defend against them.
Gamifying Password Training Shows Security Benefits
News  |  8/10/2020  | 
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.
A Most Personal Threat: Implantable Medical Devices
News  |  8/5/2020  | 
Alan Michaels,director of the Electronic Systems Lab at the Virginia Tech Hume Center, explains why implanted medical devices could pose a threat to secure communication facilities.
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
News  |  8/5/2020  | 
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Commentary  |  7/27/2020  | 
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Commentary  |  7/10/2020  | 
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Banking on Data Security in a Time of Insecurity
Commentary  |  6/2/2020  | 
How banks can maintain security and data integrity in the middle of a pandemic.
Data Loss Spikes Under COVID-19 Lockdowns
News  |  5/28/2020  | 
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
Standing Privilege: The Attacker's Advantage
Commentary  |  5/27/2020  | 
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
Long-Term Remote Work: Keeping Workers Productive & Secure
Commentary  |  5/19/2020  | 
The pandemic has changed how we get work done. Now, data security must catch up.
Compliance as a Way to Reduce the Risk of Insider Threats
Commentary  |  5/14/2020  | 
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
Rule of Thumb: USB Killers Pose Real Threat
Commentary  |  5/11/2020  | 
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
Industrial Networks' Newest Threat: Remote Users
Commentary  |  5/1/2020  | 
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
Cloud Services Are the New Critical Infrastructure. Can We Rely on Them?
Commentary  |  4/27/2020  | 
If cloud services vendors successfully asked themselves these three questions, we'd all be better off.
How the Dark Web Fuels Insider Threats
Commentary  |  4/23/2020  | 
New decentralized, criminal marketplaces and "as-a-service" offerings make it easy for employees to monetize their knowledge and access to enterprise networks and systems.
Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19
Commentary  |  4/20/2020  | 
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.
5 Things Ransomware Taught Me About Responding in a Crisis
Commentary  |  4/16/2020  | 
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
Commentary  |  4/2/2020  | 
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Commentary  |  3/30/2020  | 
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
Security Ratings Are a Dangerous Fantasy
Commentary  |  3/20/2020  | 
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
VPN Usage Surges as More Nations Shut Down Offices
News  |  3/19/2020  | 
As social distancing becomes the norm, interest in virtual private networks has rocketed, with some providers already seeing a doubling in users and traffic since the beginning of the year.
3 Tips to Stay Secure When You Lose an Employee
Commentary  |  3/10/2020  | 
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.
How Network Metadata Can Transform Compromise Assessment
Commentary  |  3/10/2020  | 
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
Former Acting Inspector General Charged in Federal Fraud Scheme
Quick Hits  |  3/6/2020  | 
A federal grand jury has indicted Charles K. Edwards on 16 counts related to a conspiracy to steal software from one department and sell an enhanced version to another.
Page 1 / 2   >   >>


Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.