News & Commentary

Latest Content tagged with Insider Threats
Page 1 / 2   >   >>
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Commentary  |  10/12/2017  | 
With social media, gathering information has never been easier, making Business Email Compromise the land of milk and honey for cybercriminals.
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Commentary  |  10/6/2017  | 
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
Automated Lateral Movement: Targeted Attack Tools for the Masses
Automated Lateral Movement: Targeted Attack Tools for the Masses
Dark Reading Videos  |  9/1/2017  | 
Tal Be'ery and Tal Maor explain that the most pervasive, worst defended tactic of sophisticated attackers will soon be ready for script kiddies, and release GoFetch: a new lateral movement automation tool.
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Commentary  |  8/24/2017  | 
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
The Changing Face & Reach of Bug Bounties
Commentary  |  8/23/2017  | 
HackerOne CEO Mrten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
Why Most Security Awareness Training Fails (And What To Do About It)
Why Most Security Awareness Training Fails (And What To Do About It)
Dark Reading Videos  |  8/22/2017  | 
Arun Vishwanath discusses why awareness training shouldn't apply the same cure to every ailment then blame the patient when the treatment doesn't work.
50% of Ex-Employees Can Still Access Corporate Apps
News  |  8/18/2017  | 
Businesses drive the risk for data breaches when they fail to terminate employees' access to corporate apps after they leave.
Critical Infrastructure, Cybersecurity & the 'Devils Rope'
Commentary  |  8/17/2017  | 
How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it.
The Shadow Brokers: How They Changed 'Cyber Fear'
The Shadow Brokers: How They Changed 'Cyber Fear'
Dark Reading Videos  |  8/17/2017  | 
At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.
Facebook Offers $1 Million for New Security Defenses
News  |  7/26/2017  | 
The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
Avoiding the Dark Side of AI-Driven Security Awareness
Commentary  |  7/5/2017  | 
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
Commentary  |  6/20/2017  | 
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
The Case for Disclosing Insider Breaches
Commentary  |  5/31/2017  | 
Too often organizations try to sweep intentional, accidental or negligent employee theft of data under the rug. Heres why they shouldnt.
Chinese Man Pleads Guilty to Espionage, Theft from US Firm
Quick Hits  |  5/22/2017  | 
Chinese national Xu Jiaqiang pleaded guilty to economic espionage and theft of trade secrets from his former employer in the US.
8 Notorious Russian Hackers Arrested in the Past 8 Years
Slideshows  |  5/12/2017  | 
Lesson learned by Russian cybercriminals: Don't go on vacation, it's bad for your freedom to scam.
Why OAuth Phishing Poses A New Threat to Users
Commentary  |  5/4/2017  | 
Credential phishing lets attackers gain back-end access to email accounts, and yesterday's Google Docs scam raises the risk to a new level.
10 Cybercrime Myths that Could Cost You Millions
Commentary  |  4/29/2017  | 
Dont let a cybersecurity fantasy stop you from building the effective countermeasures you need to protect your organization from attack.
Man Admits Hacking into His Former Employer's Network
Quick Hits  |  4/17/2017  | 
Tennessee man pleads guilty in federal court, acknowledging he illegally accessed his former employer's networks to gain an edge over his rival.
Engineer Arrested for Attempted Theft of Trade Secrets
Quick Hits  |  4/14/2017  | 
Software engineer Dmitry Sazonov has been arrested for trying to steal valuable code from his employer, a financial services firm.
10 Questions To Get Practical Answers At Interop ITX
Commentary  |  4/14/2017  | 
May 15-19 in Las Vegas: How to get solutions and advice from top speakers for the things that you really want to know.
95% of Organizations Have Employees Seeking to Bypass Security Controls
News  |  4/13/2017  | 
Use of TOR, private VPNs on the rise in enterprises, Dtex report shows.
How Innovative Companies Lock Down Data
Commentary  |  4/12/2017  | 
A mix of back-to-basics security and a set of new, data-centric best practices is key to defending against a future of growing and sophisticated cyberattacks.
Computer Engineer Charged with Theft of Proprietary Computer Code
Quick Hits  |  4/11/2017  | 
Zhengquan Zhang arrested for stealing over 3 million files containing company trade secrets from his employer, a global finance firm.
CIA-Linked Hacking Tools Tied to Longhorn Cyber Espionage Group
News  |  4/10/2017  | 
Symantec matches tools exposed in Vault 7 documents leak reportedly from the CIA with those used by cyber espionage group that has been targeting governments and private businesses.
This Week On Dark Reading: Event Calendar
Commentary  |  3/27/2017  | 
Ransomware remediation and recovery this week, with clouds on the horizon.
Sound Waves Used to Hack Common Data Sensors
News  |  3/16/2017  | 
Though the immediate threat to your smartphone or Fitbit is slight, University of Michigan researchers show command-and-control capability with spoofed signaling on a variety of MEMS accelerometers.
Insider Sabotage among Top 3 Threats CISOs Cant yet Handle
Partner Perspectives  |  3/1/2017  | 
These five steps can help your organizations limit the risks from disgruntled employees and user errors.
4 Signs You, Your Users, Tech Peers & C-Suite All Have 'Security Fatigue'
Commentary  |  2/9/2017  | 
If security fatigue is the disease we've all got, the question is how do we get over it?
How Cybercriminals Turn Employees Into Rogue Insiders
News  |  1/31/2017  | 
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
The Bug Bounty Model: 21 Years & Counting
Commentary  |  12/29/2016  | 
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
Bangladesh Police Say Some Bank Officials Involved In Cyberheist
Quick Hits  |  12/14/2016  | 
Mid-ranking officials of Bangladesh Bank deliberately exposed banks network to allow theft of $81 million, says top investigator.
Pay Ransom Or Infect Others!
Quick Hits  |  12/12/2016  | 
Still under development, new ransomware will ask victims to free their files by paying 1 bitcoin or by infecting two others.
The Human Firewall: Why People Are Critical To Email Security
Commentary  |  12/2/2016  | 
Technology is just the beginning; employees must be fully on board with security procedures.
Gaming Company Sues Ex-Employees Over Data Theft
Quick Hits  |  12/1/2016  | 
San Francisco-based Zynga alleges former workers took sensitive information with them when they joined rival company.
Cybersecurity User Training That Sticks: 3 Steps
Commentary  |  11/29/2016  | 
People are eager for common-sense advice that gives them control over their environment and helps them stay safe online.
Insider Threat: The Domestic Cyber Terrorist
Commentary  |  11/17/2016  | 
It is dangerously naive for business and government leaders to dismiss the risk of radicalized privileged users inside our critical industries.
8 Public Sources Holding 'Private' Information
Slideshows  |  11/17/2016  | 
Personal information used for nefarious purposes can be found all over the web from genealogy sites to public records and social media.
The 7 Most Significant Government Data Breaches
Slideshows  |  11/15/2016  | 
Mega compromises at federal and state agencies over the past three years has compromised everything from personal data on millions to national security secrets.
Dark Reading Virtual Event Seeks To Break Security Myths, Conventional Wisdom
Commentary  |  11/14/2016  | 
Three keynotes, two panel sessions offer new ways to think about enterprise information security.
Stay Vigilant To The Evolving Threat Of Social Engineering
Commentary  |  11/8/2016  | 
Even the most cyber-savvy individuals can easily get tripped up by a social engineering attack. But users can trip-up a threat simply by paying attention.
Ex-FBI Chief Reviews Security For Booz Allen After NSA Contractor Arrest
Quick Hits  |  11/1/2016  | 
Robert Mueller hired after Booz Allen staff arrested for allegedly stealing classified information at NSA.
7 Reasons Consumers Dont Take Action on Cybersecurity
Slideshows  |  11/1/2016  | 
Security awareness is high but its hard to turn personal knowledge into effective practices.
US Bank Regulator Reports Major Security Breach
Quick Hits  |  10/31/2016  | 
Former employee of the Office of the Comptroller of the Currency downloads 10,000 records and cannot replace them.
The 4 Biggest Mistakes Businesses Make Trying To Secure Endpoints
Commentary  |  10/31/2016  | 
Sure, it's tempting to chase whatever collaboration technology is hot at the moment, but this can cause serious data security risks.
Flipping Security Awareness Training
Commentary  |  10/21/2016  | 
Threats can be minimized when teams understand business goals and objectives. These four tips can help turn things around.
Malvertising Trends: Dont Talk Ad Standards Without Ad Security
Commentary  |  10/19/2016  | 
How malvertising marries the strengths and weaknesses of the complex digital advertising ecosystem perfectly and what online publishers and security leaders need to do about it.
Insider Threats To Data Have Gone Up In Past Year
Quick Hits  |  10/3/2016  | 
Bitglass study on data leak risks to organizations by users reveals careless, unauthorized uses of devices have increased breaches.
Snowden: Hollywood Highlights 2 Persistent Privacy Threats
Commentary  |  9/22/2016  | 
Oliver Stones movie shows us that while most of us have nothing to hide, we all have information worth protecting both technically and constitutionally.
Insider Incidents Cost Companies $4.3 Million Per Year On Average
News  |  9/13/2016  | 
Breaches caused by external attackers posing as insiders are the most financially damaging, Ponemon Institute survey finds.
Cybersecurity In The Obama Era
Slideshows  |  9/13/2016  | 
Our roundup of the Obama administrations major initiatives, executive orders and actions over the past seven and a half years. How would you grade the president's cybersecurity achievements?
Page 1 / 2   >   >>


Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
How Systematic Lying Can Improve Your Security
Lance Cottrell, Chief Scientist, Ntrepid,  10/11/2017
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.