Vulnerabilities / Threats // Insider Threats
News & Commentary
It’s A Dog’s Life: Caption Contest Winners Announced
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Packet sniffing, drones and cat memes. And the winning caption is….
By Marilyn Cohodas Community Editor, Dark Reading, 5/3/2016
Comment1 Comment  |  Read  |  Post a Comment
10 Biggest Mega Breaches Of The Past 10 Years
Ericka Chickowski, Contributing Writer, Dark Reading
These data breaches from Dark Reading's 10-year history boggle the mind in terms of scale and fallout.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/3/2016
Comment0 comments  |  Read  |  Post a Comment
Malware At Root Of Bangladesh Bank Heist Lies To SWIFT Financial Platform
Sara Peters, Senior Editor at Dark ReadingNews
Customized malware hid $81 million of wire transfers until the money had been safely laundered.
By Sara Peters Senior Editor at Dark Reading, 4/25/2016
Comment1 Comment  |  Read  |  Post a Comment
9 Years Prison, $1.7 Million Fine For Malicious Insider
Sara Peters, Senior Editor at Dark ReadingNews
Former IT engineer stung for destructive attack on law firm.
By Sara Peters Senior Editor at Dark Reading, 4/18/2016
Comment3 comments  |  Read  |  Post a Comment
Securing the Weakest Link: Insiders
Philip Casesa, CISSP, CSSLP, PMP, Product Development Strategist, (ISC)²Commentary
No longer is a hoodie-wearing malicious hacker the most obvious perpetrator of an inside cyber attack.
By Philip Casesa CISSP, CSSLP, PMP, Product Development Strategist, (ISC)², 4/13/2016
Comment1 Comment  |  Read  |  Post a Comment
7 Profiles Of Highly Risky Insiders
Bob Hansmann, Director, Security Technologies, ForcepointCommentary
To understand who these insiders are and why they pose a risk, start by looking at the root of the problem.
By Bob Hansmann Director, Security Technologies, Forcepoint, 4/8/2016
Comment1 Comment  |  Read  |  Post a Comment
7 Lessons From The Panama Papers Leak
Sara Peters, Senior Editor at Dark ReadingNews
Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.
By Sara Peters Senior Editor at Dark Reading, 4/5/2016
Comment2 comments  |  Read  |  Post a Comment
Panama Papers Leak Exposes Tax Evasion -- And Poor Data Security, Data Integrity Practices
Dark Reading Staff, Quick Hits
Whether an insider leak or an outsider hack, an exposure of 11.5 million documents definitely falls under the infosec umbrella.
By Dark Reading Staff , 4/4/2016
Comment4 comments  |  Read  |  Post a Comment
In Brief: Fidelis CSO Talks Insider Threats, Detection Vs. Prevention
Brian Gillooly, Vice President, Event Content & Strategy, UBM TechCommentaryVideo
Chief security officer of Fidelis Cybersecurity talks about the balancing act of both protecting the organization's insiders and protecting the organization from its insiders.
By Brian Gillooly Vice President, Event Content & Strategy, UBM Tech, 3/22/2016
Comment0 comments  |  Read  |  Post a Comment
Sextortion, Hacking, Gets Former State Dept. Employee 57 Months In Prison
Dark Reading Staff, Quick Hits
Embassy worker targeted young women and started campaign with phishing, social engineering.
By Dark Reading Staff , 3/22/2016
Comment3 comments  |  Read  |  Post a Comment
No Place For Tor In The Secured Workplace
Thomas Fischer, Principal Threat Researcher, Digital GuardianCommentary
When it comes to corporate security, anonymity does not necessarily ensure protection of one’s private information – nor that of your employer.
By Thomas Fischer Principal Threat Researcher, Digital Guardian, 3/18/2016
Comment3 comments  |  Read  |  Post a Comment
Fidelis CSO Talks Insiders, Data Science, Encryption Backdoors, Kill Chain
Brian Gillooly, Vice President, Event Content & Strategy, UBM TechCommentaryVideo
The chief security officer of Fidelis Cybersecurity talks about managing insider risks, harnessing the power of metadata, and fending off attackers throughout the entire kill chain.
By Brian Gillooly Vice President, Event Content & Strategy, UBM Tech, 3/2/2016
Comment0 comments  |  Read  |  Post a Comment
The Unusual Suspects: Demystifying Attack Groups Through Threat Intelligence
Brian Gillooly, Vice President, Event Content & Strategy, UBM TechCommentaryVideo
Colin McKinty, vice president of cybersecurity strategy, Americas, for BAE Systems talks about the importance of knowing your adversary.
By Brian Gillooly Vice President, Event Content & Strategy, UBM Tech, 3/1/2016
Comment0 comments  |  Read  |  Post a Comment
The Week In Justice: 3 Confessions, 2 Convictions & 2 Years For Two Hackers
Sara Peters, Senior Editor at Dark ReadingNews
Courts obtain convictions and guilty pleas from those involved with 'largest known' hacking and securities fraud scheme, online hacking forums, celebrity photo theft, and malicious insider destructive attacks.
By Sara Peters Senior Editor at Dark Reading, 2/24/2016
Comment2 comments  |  Read  |  Post a Comment
Encryption Has Its Place But It Isn’t Foolproof
Doug Clare, Vice President of Product Management, FICOCommentary
Most encrypted data is unencrypted at some point in its lifecycle -- and the bad guys are pretty good at finding the one window left open.
By Doug Clare Vice President of Product Management, FICO, 2/2/2016
Comment2 comments  |  Read  |  Post a Comment
As Good As They're Getting, Analytics Don't Inherently Protect Data
Scott Petry , Co-Founder & CEO of Authentic8Commentary
It is only a matter of time before your system is breached, and when your data is lost, analytics won't help you.
By Scott Petry Co-Founder & CEO of Authentic8, 2/2/2016
Comment0 comments  |  Read  |  Post a Comment
Data Privacy: Key Elements Of An Information Governance Plan
Heidi Maher, Executive Director, Compliance, Governance and Oversight Counsel (CGOC)Commentary
For Data Privacy Day! Do you have the policies in place to safeguard your company’s most strategic information? Here are nine best practices.
By Heidi Maher Executive Director, Compliance, Governance and Oversight Counsel (CGOC), 1/28/2016
Comment0 comments  |  Read  |  Post a Comment
When The Boss Is Your Biggest Security Risk
Mike Tierney, COO, SpectorSoftCommentary
No one possesses more sensitive information in an organization than upper management. So why do companies screen executives on the way in but not on the way out?
By Mike Tierney COO, SpectorSoft, 1/21/2016
Comment9 comments  |  Read  |  Post a Comment
Behavioral Analytics: The Future of Just-in-Time Awareness Training?
Tom Pendergast, Chief Strategist, Security, Privacy, & Compliance, MediaProCommentary
It’s high time we leveraged modern threat detection tools to keep users on the straight and narrow road of information security.
By Tom Pendergast Chief Strategist, Security, Privacy, & Compliance, MediaPro, 1/20/2016
Comment4 comments  |  Read  |  Post a Comment
Former St. Louis Cardinals Exec Pleads Guilty To Cyber Espionage Charges
Dark Reading Staff, Quick Hits
Cardinals' former director of baseball development confesses to accessing Houston Astros' computers without authorization.
By Dark Reading Staff , 1/8/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by [email protected]
Current Conversations Experts say this is the largest leak ever. As a security analyst it seemed there's more into it than simple hacking. Such a huge information can't be leaked without having the involvement of someone/some people who have...
In reply to: It's an insider job for sure, otherwise theseamount of data can't be frisked out of the vaults
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: It's A Dog's Life: Caption Contest Winners Announced
Current Issue
Understanding & Managing the Mobile Security Threat
Mobile devices are increasing IT security risk. Is your enterprise ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join us as Dark Reading editors speak with IT security hiring experts about improving IT career prospects.