Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

News & Commentary
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
David A. Sanders, Director of Insider Threat Operations at HaystaxCommentary
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
By David A. Sanders Director of Insider Threat Operations at Haystax, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Lance Spitzner, Director, SANS Institute Securing The Human Security Awareness ProgramCommentary
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
By Lance Spitzner Director, SANS Institute Securing The Human Security Awareness Program, 3/30/2020
Comment0 comments  |  Read  |  Post a Comment
Security Ratings Are a Dangerous Fantasy
Dr. Tim Junio, co-founder and CEO of ExpanseCommentary
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
By Dr. Tim Junio co-founder and CEO of Expanse, 3/20/2020
Comment1 Comment  |  Read  |  Post a Comment
VPN Usage Surges as More Nations Shut Down Offices
Robert Lemos, Contributing WriterNews
As social distancing becomes the norm, interest in virtual private networks has rocketed, with some providers already seeing a doubling in users and traffic since the beginning of the year.
By Robert Lemos Contributing Writer, 3/19/2020
Comment2 comments  |  Read  |  Post a Comment
3 Tips to Stay Secure When You Lose an Employee
Bil Harmer​, CISO & Chief Evangelist at SecureAuthCommentary
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.
By Bil Harmer​ CISO & Chief Evangelist at SecureAuth, 3/10/2020
Comment0 comments  |  Read  |  Post a Comment
How Network Metadata Can Transform Compromise Assessment
Ricardo Villadiego, Founder and CEO of LumuCommentary
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
By Ricardo Villadiego Founder and CEO of Lumu, 3/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Former Acting Inspector General Charged in Federal Fraud Scheme
Dark Reading Staff, Quick Hits
A federal grand jury has indicted Charles K. Edwards on 16 counts related to a conspiracy to steal software from one department and sell an enhanced version to another.
By Dark Reading Staff , 3/6/2020
Comment0 comments  |  Read  |  Post a Comment
Physical Flaws: Intel's Root-of-Trust Issue Mostly Mitigated
Robert Lemos, Contributing WriterNews
An insider, or security expert with physical access, can compromise the hardware protections of Intel chips sold in the past five years.
By Robert Lemos Contributing Writer, 3/6/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
Matt Davey, Chief Operations Optimist, 1PasswordCommentary
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
By Matt Davey Chief Operations Optimist, 1Password, 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
Time for Insider-Threat Programs to Grow Up
Robert Lemos, Contributing WriterNews
Immature programs attempting to protect against damaging attacks by insiders run the risk of alienating employees.
By Robert Lemos Contributing Writer, 1/2/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Shawn Taylor, Senior Systems Engineer at ForeScoutCommentary
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
By Shawn Taylor Senior Systems Engineer at ForeScout, 12/18/2019
Comment6 comments  |  Read  |  Post a Comment
A Security Strategy That Centers on Humans, Not Bugs
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
By Andrea Little Limbago Chief Social Scientist, Virtru, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
From Spyware to Ninja Cable
Iftah Bratspiess, CEO at Sepio SystemsCommentary
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.
By Iftah Bratspiess CEO at Sepio Systems, 9/9/2019
Comment0 comments  |  Read  |  Post a Comment
Modern Technology, Modern Mistakes
Kacy Zurkus, Contributing Writer
As employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk. And that leaves security teams having to defend an ever-expanding attack surface.
By Kacy Zurkus Contributing Writer, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
You Gotta Reach 'Em to Teach 'Em
Kacy Zurkus, Contributing Writer
As threats continue to evolve and cybercriminals become more sophisticated, organizations that lack a mature security awareness and training program place themselves at serious risk.
By Kacy Zurkus Contributing Writer, 8/14/2019
Comment2 comments  |  Read  |  Post a Comment
How Do I Monitor for Malicious Insiders?
Katie Burnell, Global Insider Threat Specialist, Dtex Systems
Big picture: Think holistic, with appropriate levels of visibility into each stage of the insider threat kill chain.
By Katie Burnell Global Insider Threat Specialist, Dtex Systems, 8/5/2019
Comment1 Comment  |  Read  |  Post a Comment
CISOs Must Evolve to a Data-First Security Program
Michael Coates, CEO & Co-Founder of Altitude NetworksCommentary
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
By Michael Coates CEO & Co-Founder of Altitude Networks, 7/30/2019
Comment2 comments  |  Read  |  Post a Comment
Insider Threats: An M&A Dealmaker's Nightmare
Joe Payne, President and CEO at Code42Commentary
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
By Joe Payne President and CEO at Code42, 7/9/2019
Comment0 comments  |  Read  |  Post a Comment
Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
John Kindervag, Field CTO at Palo Alto NetworksCommentary
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
By John Kindervag Field CTO at Palo Alto Networks, 6/24/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11509
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).
CVE-2020-6647
PUBLISHED: 2020-04-07
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
CVE-2020-9286
PUBLISHED: 2020-04-07
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
CVE-2020-11508
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.
CVE-2013-7488
PUBLISHED: 2020-04-07
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.