Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

News & Commentary
Insider Data Leaks: A Growing Enterprise Threat
Dark Reading Staff, Quick Hits
Report finds 85% of employees are more likely to leak sensitive files now than before the COVID-19 pandemic.
By Dark Reading Staff , 4/23/2021
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Greetings, Earthlings
John Klossner, CartoonistCommentary
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 4/22/2021
Comment17 comments  |  Read  |  Post a Comment
How to Attack Yourself Better in 2021
Pavel Suprunyuk, Technical lead of the audit and consulting team, Group-IBCommentary
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
By Pavel Suprunyuk Technical lead of the audit and consulting team, Group-IB, 4/21/2021
Comment0 comments  |  Read  |  Post a Comment
Software Developer Arrested in Computer Sabotage Case
Dark Reading Staff, Quick Hits
Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.
By Dark Reading Staff , 4/15/2021
Comment0 comments  |  Read  |  Post a Comment
US Tech Dominance Rides on Securing Intellectual Property
Joe Payne, President and CEO at Code42Commentary
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
By Joe Payne President and CEO at Code42, 4/2/2021
Comment0 comments  |  Read  |  Post a Comment
Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It
Robert Lemos, Contributing WriterNews
Attackers commonly focus on finding users with too much privileged access as their ticket to network compromise. What can companies do?
By Robert Lemos Contributing Writer, 4/1/2021
Comment1 Comment  |  Read  |  Post a Comment
Russian Man Pleads Guilty in Thwarted Tesla Hack
Dark Reading Staff, Quick Hits
Egor Kriuchkov will be sentenced in May on conspiracy charge
By Dark Reading Staff , 3/19/2021
Comment0 comments  |  Read  |  Post a Comment
Zero Trust in the Real World
Jerry W. Chapman, engineering fellow at Optiv SecurityCommentary
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.
By Jerry W. Chapman engineering fellow at Optiv Security, 2/10/2021
Comment0 comments  |  Read  |  Post a Comment
Multivector Attacks Demand Security Controls at the Messaging Level
Otavio Freire, CTO & President, SafeGuard CyberCommentary
As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.
By Otavio Freire CTO & President, SafeGuard Cyber, 2/10/2021
Comment0 comments  |  Read  |  Post a Comment
How Neurodiversity Can Strengthen Cybersecurity Defense
Liviu Arsene, Global Cybersecurity Researcher at BitdefenderCommentary
Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.
By Liviu Arsene Global Cybersecurity Researcher at Bitdefender, 2/9/2021
Comment0 comments  |  Read  |  Post a Comment
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Mark Wojtasiak, VP, Portfolio Marketing, Code42Commentary
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
By Mark Wojtasiak VP, Portfolio Marketing, Code42, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Dmitry Dontov, Chief Technology Officer, Spin TechnologyCommentary
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
By Dmitry Dontov Chief Technology Officer, Spin Technology, 12/29/2020
Comment0 comments  |  Read  |  Post a Comment
Defending the COVID-19 Vaccine Supply Chain
Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-ForceCommentary
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
By Nick Rossmann Global Threat Intelligence Lead, IBM Security X-Force, 12/28/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Scan for Supply-Side Threats in Open Source
Robert Lemos, Contributing WriterNews
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
By Robert Lemos Contributing Writer, 11/17/2020
Comment0 comments  |  Read  |  Post a Comment
Dealing With Insider Threats in the Age of COVID
Hitesh Sheth, CEO, VectraCommentary
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
By Hitesh Sheth CEO, Vectra, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat ResearcherCommentary
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
By David Pearson Principal Threat Researcher, 10/21/2020
Comment2 comments  |  Read  |  Post a Comment
Building the Human Firewall
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Security Officers, Are Your Employees Practicing Good Habits from Home?
Chip Witt, Vice President of Product Management at SpyCloudCommentary
Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.
By Chip Witt Vice President of Product Management at SpyCloud, 10/12/2020
Comment2 comments  |  Read  |  Post a Comment
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests
Robert Lemos, Contributing WriterNews
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.
By Robert Lemos Contributing Writer, 9/4/2020
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...