Content tagged with Insider Threats
Latest
Page 1 / 2   >   >>
Cartoon: E2c$y5tion
Cartoon Contest  |  4/18/2014  | 
Understanding Risk from Business Perspective Is Top Concern for Network Security Organizations
Products and Releases  |  4/17/2014  | 
Majority of AlgoSec survey respondents feel that business stakeholders need to ďown the riskĒ of their data center applications
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
News  |  4/17/2014  | 
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
Majority Of Users Have Not Received Security Awareness Training, Study Says
Quick Hits  |  4/10/2014  | 
Many users fail to follow policies on mobile, cloud security, EMA Research study says.
Social Engineering Grows Up
News  |  4/7/2014  | 
Fifth annual DEF CON Social Engineering Capture the Flag Contest kicks off today with new "tag team" rules to reflect realities of the threat.
NSAís Big Surprise: Govít Agency Is Actually Doing Its Job
Commentary  |  4/4/2014  | 
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
Windows XP
Flash Poll  |  4/2/2014  | 
'Thingularity' Triggers Security Warnings
News  |  3/28/2014  | 
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?
A Cyber History Of The Ukraine Conflict
Commentary  |  3/27/2014  | 
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
March Madness: Online Privacy Edition
Commentary  |  3/26/2014  | 
Say hello to the privacy revolution where an emerging backlash is being spurred by NSA spying, mass data collection and plain old common sense.
7 Behaviors That Could Indicate A Security Breach
News  |  3/14/2014  | 
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
Snowden: I'd Do It Again
News  |  3/10/2014  | 
NSA whistleblower fields questions via live video feed at South by Southwest, calls encryption "defense against the dark arts."
The Snowden Effect: Who Controls My Data?
Commentary  |  2/14/2014  | 
In todayís post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.
Data Security Dos & Doníts From The Target Breach
Commentary  |  2/13/2014  | 
The holidays brought attacks on the retail industry. If you arenít in retail, your industry could be next.
Behavior Analysis: New Weapon To Fight Hackers
News  |  2/12/2014  | 
Israeli startup Cybereason says it breaks new security ground by spotting deviations in employee behavior and telling companies what to do next.
Target Breach: HVAC Contractor Systems Investigated
News  |  2/6/2014  | 
Hackers may have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain remote access to Target's network.
Target Hackers Tapped Vendor Credentials
News  |  1/30/2014  | 
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach.
The Scariest End-User Security Question: What Changed?
Commentary  |  1/29/2014  | 
Hitting employees over the head with fear, uncertainty, and doubt does little to help protect them from security threats. Is multi-factor authentication "by force" a better approach?
Feds Arrest Bitcoin Celebrity In Money Laundering Case
News  |  1/28/2014  | 
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
Malware: More Hype Than Reality
Commentary  |  1/17/2014  | 
Sure, malware exists, but is it really as bad as the news suggests?
Name That Toon: Contest Winners Named
Commentary  |  1/6/2014  | 
We enjoyed all the laughs on the road to choosing the winner of our first cartoon caption contest. Check out the funniest entries.
RSA Denies Trading Security For NSA Payout
News  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
Target Breach: 10 Facts
News  |  12/21/2013  | 
Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.
Is Mob-Busting RICO Overkill For Combating Cybercrime?
Commentary  |  12/17/2013  | 
The milestone conviction of 22-year-old David Camez for his participation in a Russian-run "carder" forum raises legitimate questions about the role of RICO in taking down cybercrime.
Hackers Threaten Destruction Of Obamacare Website
News  |  11/8/2013  | 
DDoS tool targets the federal Affordable Care Act website. But will it work?
Malware Alert: Is 'BadBIOS' Rootkit Jumping Air Gaps?
News  |  11/4/2013  | 
Security researcher believes unusually advanced malware might be transmitting stolen data via ultrasonic sounds, but other experts remain skeptical.
LinkedIn Defends 'Intro' Email Security
News  |  10/28/2013  | 
LinkedIn responds to user and security expert concerns about new email feature, cites measures it took to make LinkedIn Intro safe.
Verizon Enhances Cloud-Based Identity Platform
News  |  10/15/2013  | 
Universal Identity Services 2.0 comes with an updated mobile app, QR code-enabled access, and a simplified end-user interface.
Microsoft Patches Two Internet Explorer Bugs
News  |  10/9/2013  | 
Microsoft and Adobe this week release a slew of fixes, including patches for zero-day vulnerabilities and remote code execution flaws.
NSA Data Center Damaged By Electrical 'Meltdowns'
News  |  10/8/2013  | 
Chronic electrical surges at the NSA's new Utah data center have destroyed $1 million worth of machinery.
5 Obamacare Health Site Security Warnings
News  |  10/7/2013  | 
Early shakedowns of the health insurance exchange websites show they are vulnerable to cross-site request forgery, clickjacking and cookie attacks, among other risks.
Online Health Exchanges: How Secure?
News  |  10/2/2013  | 
Is the data hub created by Obamacare a hacker's dream?
Medical Device Security: A Work In Progress
News  |  9/30/2013  | 
Healthcare organizations vary widely in how prepared they are to handle breaches of medical devices, says Deloitte report.
Apple iPhone 5s Fooled By Fake Finger
News  |  9/23/2013  | 
Chaos Computer Club hackers bypass the fingerprint sensor in Apple's iPhone 5s, may qualify for Touch ID hack bounty.
Android Facebook App Users: Patch Now
News  |  9/20/2013  | 
Facebook has fixed a bug in its Android app that left photos vulnerable to interception.
Feds Seek To Educate Patients On Info Sharing
News  |  9/17/2013  | 
U.S. Department of Health and Human Services offers guidelines and open-source software that healthcare institutions can use to help patients understand what they are agreeing to.
Mobile Bug Bounty: $300K For New Exploits
News  |  9/13/2013  | 
Mobile Pwn2Own contest's prize money may be too far below the zero-day vulnerability market rate to net meaningful submissions.
NSA Vs. Your Smartphone: 5 Facts
News  |  9/11/2013  | 
No, the NSA can't magically hack all iPhones and smartphones, but just like malware developers, it has more than a few tricks up its sleeve for retrieving data stored on mobile devices.
Secure Data, Not Devices
Commentary  |  8/29/2013  | 
As government goes mobile and makes greater use of cloud services, IT leaders must adopt a more data-centric, not device-centric, security approach.
Hack My Google Glass: Security's Next Big Worry?
Commentary  |  8/23/2013  | 
Wearable computing devices must strike a difficult balance between security and convenience. A recent episode involving Google Glass and malicious QR codes raises questions.
Natural Disasters Cause More Downtime Than Hackers
News  |  8/21/2013  | 
Study of 79 Internet and telephony outages in 18 European countries found that storms -- especially snowstorms -- caused significantly longer outages than cyberattacks.
Hacker Leaks 15,000 Twitter Access Credentials, Promises More
News  |  8/21/2013  | 
Twitter users should revoke and reassign access for all third-party Twitter apps to mitigate vulnerability, security expert urges.
How One SMB Manages Customer Identity Data
Commentary  |  8/14/2013  | 
Armed Forces Eyewear sells discounted gear to military personnel and their families. Here's why you won't hear customers grumble about their personal data and online privacy.
Android Malware Being Delivered Via Ad Networks
News  |  8/13/2013  | 
Attackers are using mobile ad network software installed on smartphones to push malicious JavaScript and take control of devices.
Spying Trash Cans Banned
News  |  8/12/2013  | 
Foot-traffic counting scheme spooks London city managers.
Lavabit, Silent Circle Shut Down: Crypto In Spotlight
News  |  8/9/2013  | 
Two encrypted email services shut the doors; gag order clouds details of apparent U.S. government interest related to Snowden case.
Twitter Overhauls Two Factor Authentication System
News  |  8/7/2013  | 
Take two: Twitter drops SMS for private keys stored on Android or iPhone smartphones, adds previously missing recovery capability.
5 Ways RRAM Could Change Mobile
News  |  8/6/2013  | 
Crossbar says its emerging Resistive RAM technology rewrites the rules for storage and power consumption on mobile devices.
Android Trojan Banking App Targets Master Key Vulnerability
News  |  8/6/2013  | 
Sluggish Android updates put users at risk. Could rising public awareness of the flaw lead carriers and device makers to patch more quickly?
University E-Mail Security Practices Criticized
News  |  8/5/2013  | 
One example: 25% of colleges surveyed by Halock Security Labs request applicants send personal data, including W2s, over unencrypted email to admissions and financial aid offices.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youíre still focused on securing endpoints, youíve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web