Content tagged with Insider Threats
Latest
Page 1 / 2   >   >>
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Commentary  |  7/9/2014  | 
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
P.F. Chang's Breach Went Undetected For Months
Commentary  |  6/23/2014  | 
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
Putter Panda: Tip Of The Iceberg
Commentary  |  6/10/2014  | 
What CrowdStrike's outing of Putter Panda -- the second hacking group linked to China's spying on US defense and European satellite and aerospace industries -- means for the security industry.
Greatest Threat
Flash Poll  |  6/4/2014  | 
Researchers: Mobile Applications Pose Rapidly Growing Threat To Enterprises
Quick Hits  |  6/3/2014  | 
The average user has about 200 apps running on his smartphone -- and they're not all safe, Mojave Networks study says.
Dissecting Dendroid: An In-Depth Look Inside An Android RAT Kit
Commentary  |  5/28/2014  | 
Dendroid is full of surprises to assist it in subverting traditional security tactics through company-issued Android phones or BYOD.
Privileged Use Also a State of Mind, Report Finds
Quick Hits  |  5/22/2014  | 
A new insider threat report from Raytheon and Ponemon reveals a "privileged" user mindset.
6 Tips For Securing Social Media In The Workplace
Commentary  |  5/20/2014  | 
Empower employees by training them to be aware and secure, and in how to avoid becoming a statistic.
Report: Nearly 200 Million Records Compromised In Q1
Quick Hits  |  5/1/2014  | 
More than 250 breaches were disclosed in Q1 2014, SafeNet report says.
Report: Financial Firms Voice Concerns About 3rd Party 'Privileged User' Creds
Products and Releases  |  4/29/2014  | 
55 percent of European financial organisations believe third party contractors pose the biggest risk; 52 percent find insider threats harder to detect than last year
Organized Crime Group Scams US Companies Out Of Millions
Quick Hits  |  4/28/2014  | 
Social engineering attack tricks companies into large wire transfers.
Cartoon: E2c$y5tion
Cartoon Contest  |  4/18/2014  | 
Understanding Risk from Business Perspective Is Top Concern for Network Security Organizations
Products and Releases  |  4/17/2014  | 
Majority of AlgoSec survey respondents feel that business stakeholders need to “own the risk” of their data center applications
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
News  |  4/17/2014  | 
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
Majority Of Users Have Not Received Security Awareness Training, Study Says
Quick Hits  |  4/10/2014  | 
Many users fail to follow policies on mobile, cloud security, EMA Research study says.
Social Engineering Grows Up
News  |  4/7/2014  | 
Fifth annual DEF CON Social Engineering Capture the Flag Contest kicks off today with new "tag team" rules to reflect realities of the threat.
NSA’s Big Surprise: Gov’t Agency Is Actually Doing Its Job
Commentary  |  4/4/2014  | 
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
Windows XP
Flash Poll  |  4/2/2014  | 
'Thingularity' Triggers Security Warnings
News  |  3/28/2014  | 
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?
A Cyber History Of The Ukraine Conflict
Commentary  |  3/27/2014  | 
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
March Madness: Online Privacy Edition
Commentary  |  3/26/2014  | 
Say hello to the privacy revolution where an emerging backlash is being spurred by NSA spying, mass data collection and plain old common sense.
7 Behaviors That Could Indicate A Security Breach
News  |  3/14/2014  | 
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
Snowden: I'd Do It Again
News  |  3/10/2014  | 
NSA whistleblower fields questions via live video feed at South by Southwest, calls encryption "defense against the dark arts."
The Snowden Effect: Who Controls My Data?
Commentary  |  2/14/2014  | 
In today’s post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.
Data Security Dos & Don’ts From The Target Breach
Commentary  |  2/13/2014  | 
The holidays brought attacks on the retail industry. If you aren’t in retail, your industry could be next.
Behavior Analysis: New Weapon To Fight Hackers
News  |  2/12/2014  | 
Israeli startup Cybereason says it breaks new security ground by spotting deviations in employee behavior and telling companies what to do next.
Target Breach: HVAC Contractor Systems Investigated
News  |  2/6/2014  | 
Hackers may have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain remote access to Target's network.
Target Hackers Tapped Vendor Credentials
News  |  1/30/2014  | 
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach.
The Scariest End-User Security Question: What Changed?
Commentary  |  1/29/2014  | 
Hitting employees over the head with fear, uncertainty, and doubt does little to help protect them from security threats. Is multi-factor authentication "by force" a better approach?
Feds Arrest Bitcoin Celebrity In Money Laundering Case
News  |  1/28/2014  | 
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
Malware: More Hype Than Reality
Commentary  |  1/17/2014  | 
Sure, malware exists, but is it really as bad as the news suggests?
Name That Toon: Contest Winners Named
Commentary  |  1/6/2014  | 
We enjoyed all the laughs on the road to choosing the winner of our first cartoon caption contest. Check out the funniest entries.
RSA Denies Trading Security For NSA Payout
News  |  12/23/2013  | 
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
Target Breach: 10 Facts
News  |  12/21/2013  | 
Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.
Is Mob-Busting RICO Overkill For Combating Cybercrime?
Commentary  |  12/17/2013  | 
The milestone conviction of 22-year-old David Camez for his participation in a Russian-run "carder" forum raises legitimate questions about the role of RICO in taking down cybercrime.
Hackers Threaten Destruction Of Obamacare Website
News  |  11/8/2013  | 
DDoS tool targets the federal Affordable Care Act website. But will it work?
Malware Alert: Is 'BadBIOS' Rootkit Jumping Air Gaps?
News  |  11/4/2013  | 
Security researcher believes unusually advanced malware might be transmitting stolen data via ultrasonic sounds, but other experts remain skeptical.
LinkedIn Defends 'Intro' Email Security
News  |  10/28/2013  | 
LinkedIn responds to user and security expert concerns about new email feature, cites measures it took to make LinkedIn Intro safe.
Verizon Enhances Cloud-Based Identity Platform
News  |  10/15/2013  | 
Universal Identity Services 2.0 comes with an updated mobile app, QR code-enabled access, and a simplified end-user interface.
Microsoft Patches Two Internet Explorer Bugs
News  |  10/9/2013  | 
Microsoft and Adobe this week release a slew of fixes, including patches for zero-day vulnerabilities and remote code execution flaws.
NSA Data Center Damaged By Electrical 'Meltdowns'
News  |  10/8/2013  | 
Chronic electrical surges at the NSA's new Utah data center have destroyed $1 million worth of machinery.
5 Obamacare Health Site Security Warnings
News  |  10/7/2013  | 
Early shakedowns of the health insurance exchange websites show they are vulnerable to cross-site request forgery, clickjacking and cookie attacks, among other risks.
Online Health Exchanges: How Secure?
News  |  10/2/2013  | 
Is the data hub created by Obamacare a hacker's dream?
Medical Device Security: A Work In Progress
News  |  9/30/2013  | 
Healthcare organizations vary widely in how prepared they are to handle breaches of medical devices, says Deloitte report.
Apple iPhone 5s Fooled By Fake Finger
News  |  9/23/2013  | 
Chaos Computer Club hackers bypass the fingerprint sensor in Apple's iPhone 5s, may qualify for Touch ID hack bounty.
Android Facebook App Users: Patch Now
News  |  9/20/2013  | 
Facebook has fixed a bug in its Android app that left photos vulnerable to interception.
Feds Seek To Educate Patients On Info Sharing
News  |  9/17/2013  | 
U.S. Department of Health and Human Services offers guidelines and open-source software that healthcare institutions can use to help patients understand what they are agreeing to.
Mobile Bug Bounty: $300K For New Exploits
News  |  9/13/2013  | 
Mobile Pwn2Own contest's prize money may be too far below the zero-day vulnerability market rate to net meaningful submissions.
NSA Vs. Your Smartphone: 5 Facts
News  |  9/11/2013  | 
No, the NSA can't magically hack all iPhones and smartphones, but just like malware developers, it has more than a few tricks up its sleeve for retrieving data stored on mobile devices.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.