Vulnerabilities / Threats // Insider Threats
News & Commentary
Man Admits Hacking into His Former Employer's Network
Dark Reading Staff, Quick Hits
Tennessee man pleads guilty in federal court, acknowledging he illegally accessed his former employer's networks to gain an edge over his rival.
By Dark Reading Staff , 4/17/2017
Comment0 comments  |  Read  |  Post a Comment
Engineer Arrested for Attempted Theft of Trade Secrets
Dark Reading Staff, Quick Hits
Software engineer Dmitry Sazonov has been arrested for trying to steal valuable code from his employer, a financial services firm.
By Dark Reading Staff , 4/14/2017
Comment1 Comment  |  Read  |  Post a Comment
10 Questions To Get Practical Answers At Interop ITX
Dark Reading Staff, Commentary
May 15-19 in Las Vegas: How to get solutions and advice from top speakers for the things that you really want to know.
By Dark Reading Staff , 4/14/2017
Comment0 comments  |  Read  |  Post a Comment
95% of Organizations Have Employees Seeking to Bypass Security Controls
Jai Vijayan, Freelance writerNews
Use of TOR, private VPNs on the rise in enterprises, Dtex report shows.
By Jai Vijayan Freelance writer, 4/13/2017
Comment3 comments  |  Read  |  Post a Comment
How Innovative Companies Lock Down Data
Justin Somaini, Chief Security Officer, SAPCommentary
A mix of back-to-basics security and a set of new, data-centric best practices is key to defending against a future of growing and sophisticated cyberattacks.
By Justin Somaini , 4/12/2017
Comment0 comments  |  Read  |  Post a Comment
Computer Engineer Charged with Theft of Proprietary Computer Code
Dark Reading Staff, Quick Hits
Zhengquan Zhang arrested for stealing over 3 million files containing company trade secrets from his employer, a global finance firm.
By Dark Reading Staff , 4/11/2017
Comment1 Comment  |  Read  |  Post a Comment
CIA-Linked Hacking Tools Tied to Longhorn Cyber Espionage Group
Kelly Sheridan, Associate Editor, Dark ReadingNews
Symantec matches tools exposed in Vault 7 documents leak reportedly from the CIA with those used by cyber espionage group that has been targeting governments and private businesses.
By Kelly Sheridan Associate Editor, Dark Reading, 4/10/2017
Comment2 comments  |  Read  |  Post a Comment
This Week On Dark Reading: Event Calendar
Dark Reading Staff, Commentary
Ransomware remediation and recovery this week, with clouds on the horizon.
By Dark Reading Staff , 3/27/2017
Comment0 comments  |  Read  |  Post a Comment
Sound Waves Used to Hack Common Data Sensors
Terry Sweeney, Contributing EditorNews
Though the immediate threat to your smartphone or Fitbit is slight, University of Michigan researchers show command-and-control capability with spoofed signaling on a variety of MEMS accelerometers.
By Terry Sweeney Contributing Editor, 3/16/2017
Comment0 comments  |  Read  |  Post a Comment
Insider Sabotage among Top 3 Threats CISOs Cant yet Handle
Luana Pascu, Security Specialist, Bitdefender
These five steps can help your organizations limit the risks from disgruntled employees and user errors.
By Luana Pascu Security Specialist, Bitdefender, 3/1/2017
Comment0 comments  |  Read  |  Post a Comment
4 Signs You, Your Users, Tech Peers & C-Suite All Have 'Security Fatigue'
Tom Pendergast, Chief Strategist, Security, Privacy, & Compliance, MediaProCommentary
If security fatigue is the disease we've all got, the question is how do we get over it?
By Tom Pendergast Chief Strategist, Security, Privacy, & Compliance, MediaPro, 2/9/2017
Comment5 comments  |  Read  |  Post a Comment
How Cybercriminals Turn Employees Into Rogue Insiders
Kelly Sheridan, Associate Editor, Dark ReadingNews
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
By Kelly Sheridan Associate Editor, Dark Reading, 1/31/2017
Comment2 comments  |  Read  |  Post a Comment
The Bug Bounty Model: 21 Years & Counting
Jason Haddix, Head of Trust & Security, BugcrowdCommentary
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
By Jason Haddix Head of Trust & Security, Bugcrowd, 12/29/2016
Comment1 Comment  |  Read  |  Post a Comment
Bangladesh Police Say Some Bank Officials Involved In Cyberheist
Dark Reading Staff, Quick Hits
Mid-ranking officials of Bangladesh Bank deliberately exposed banks network to allow theft of $81 million, says top investigator.
By Dark Reading Staff , 12/14/2016
Comment0 comments  |  Read  |  Post a Comment
Pay Ransom Or Infect Others!
Dark Reading Staff, Quick Hits
Still under development, new ransomware will ask victims to free their files by paying 1 bitcoin or by infecting two others.
By Dark Reading Staff , 12/12/2016
Comment3 comments  |  Read  |  Post a Comment
The Human Firewall: Why People Are Critical To Email Security
Roland Cloutier, Senior VP, Chief Security Officer, ADPCommentary
Technology is just the beginning; employees must be fully on board with security procedures.
By Roland Cloutier Senior VP, Chief Security Officer, ADP, 12/2/2016
Comment3 comments  |  Read  |  Post a Comment
Gaming Company Sues Ex-Employees Over Data Theft
Dark Reading Staff, Quick Hits
San Francisco-based Zynga alleges former workers took sensitive information with them when they joined rival company.
By Dark Reading Staff , 12/1/2016
Comment5 comments  |  Read  |  Post a Comment
Cybersecurity User Training That Sticks: 3 Steps
Lysa Myers, Security Researcher, ESETCommentary
People are eager for common-sense advice that gives them control over their environment and helps them stay safe online.
By Lysa Myers Security Researcher, ESET, 11/29/2016
Comment0 comments  |  Read  |  Post a Comment
Insider Threat: The Domestic Cyber Terrorist
John Moynihan, President, Minuteman GovernanceCommentary
It is dangerously naive for business and government leaders to dismiss the risk of radicalized privileged users inside our critical industries.
By John Moynihan President, Minuteman Governance, 11/17/2016
Comment0 comments  |  Read  |  Post a Comment
8 Public Sources Holding 'Private' Information
Sean Martin, CISSP | President, imsmartin
Personal information used for nefarious purposes can be found all over the web from genealogy sites to public records and social media.
By Sean Martin CISSP | President, imsmartin, 11/17/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.