Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

News & Commentary
Name That Toon: Sign of the Tides
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 6/5/2020
Comment7 comments  |  Read  |  Post a Comment
10 Tips for Maintaining Information Security During Layoffs
Joan Goodchild, Contributing Writer
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
By Joan Goodchild Contributing Writer, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Banking on Data Security in a Time of Insecurity
Dan DeMers, CEO of CinchyCommentary
How banks can maintain security and data integrity in the middle of a pandemic.
By Dan DeMers CEO of Cinchy, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing WriterNews
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
By Seth Rosenblatt Contributing Writer, 5/28/2020
Comment5 comments  |  Read  |  Post a Comment
Standing Privilege: The Attacker's Advantage
Tim Keeler, Founder and CEO, RemediantCommentary
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
By Tim Keeler Founder and CEO, Remediant, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
Long-Term Remote Work: Keeping Workers Productive & Secure
Joe Payne, President and CEO at Code42Commentary
The pandemic has changed how we get work done. Now, data security must catch up.
By Joe Payne President and CEO at Code42, 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
Compliance as a Way to Reduce the Risk of Insider Threats
Bob Swanson, Compliance Research Consultant, SwimlaneCommentary
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
By Bob Swanson Compliance Research Consultant, Swimlane, 5/14/2020
Comment0 comments  |  Read  |  Post a Comment
Rule of Thumb: USB Killers Pose Real Threat
VP Pai, Vice President, ProTek DevicesCommentary
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
By VP Pai Vice President, ProTek Devices, 5/11/2020
Comment0 comments  |  Read  |  Post a Comment
Industrial Networks' Newest Threat: Remote Users
Dave Weinstein, Chief Security Officer, ClarotyCommentary
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
By Dave Weinstein Chief Security Officer, Claroty, 5/1/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Services Are the New Critical Infrastructure. Can We Rely on Them?
Liran Tancman, CEO & Co-Founder of RezilionCommentary
If cloud services vendors successfully asked themselves these three questions, we'd all be better off.
By Liran Tancman CEO & Co-Founder of Rezilion, 4/27/2020
Comment0 comments  |  Read  |  Post a Comment
How the Dark Web Fuels Insider Threats
Kurtis Minder, co-Founder & CEO, GroupSenseCommentary
New decentralized, criminal marketplaces and "as-a-service" offerings make it easy for employees to monetize their knowledge and access to enterprise networks and systems.
By Kurtis Minder co-Founder & CEO, GroupSense, 4/23/2020
Comment1 Comment  |  Read  |  Post a Comment
Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19
Rob Smith, Research Director, Gartner Endpoint & Operations Security GroupCommentary
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.
By Rob Smith Research Director, Gartner Endpoint & Operations Security Group, 4/20/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Things Ransomware Taught Me About Responding in a Crisis
Shawn Taylor, Senior Systems Engineer at ForeScoutCommentary
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
By Shawn Taylor Senior Systems Engineer at ForeScout, 4/16/2020
Comment2 comments  |  Read  |  Post a Comment
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
David A. Sanders, Director of Insider Threat Operations at HaystaxCommentary
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
By David A. Sanders Director of Insider Threat Operations at Haystax, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Lance Spitzner, Director, SANS Institute Securing The Human Security Awareness ProgramCommentary
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
By Lance Spitzner Director, SANS Institute Securing The Human Security Awareness Program, 3/30/2020
Comment0 comments  |  Read  |  Post a Comment
Security Ratings Are a Dangerous Fantasy
Dr. Tim Junio, co-founder and CEO of ExpanseCommentary
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
By Dr. Tim Junio co-founder and CEO of Expanse, 3/20/2020
Comment1 Comment  |  Read  |  Post a Comment
VPN Usage Surges as More Nations Shut Down Offices
Robert Lemos, Contributing WriterNews
As social distancing becomes the norm, interest in virtual private networks has rocketed, with some providers already seeing a doubling in users and traffic since the beginning of the year.
By Robert Lemos Contributing Writer, 3/19/2020
Comment2 comments  |  Read  |  Post a Comment
3 Tips to Stay Secure When You Lose an Employee
Bil Harmer​, CISO & Chief Evangelist at SecureAuthCommentary
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.
By Bil Harmer​ CISO & Chief Evangelist at SecureAuth, 3/10/2020
Comment0 comments  |  Read  |  Post a Comment
How Network Metadata Can Transform Compromise Assessment
Ricardo Villadiego, Founder and CEO of LumuCommentary
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
By Ricardo Villadiego Founder and CEO of Lumu, 3/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Former Acting Inspector General Charged in Federal Fraud Scheme
Dark Reading Staff, Quick Hits
A federal grand jury has indicted Charles K. Edwards on 16 counts related to a conspiracy to steal software from one department and sell an enhanced version to another.
By Dark Reading Staff , 3/6/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/1/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Threat from the Internet--and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15478
PUBLISHED: 2020-07-01
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVE-2020-6261
PUBLISHED: 2020-07-01
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVE-2020-15471
PUBLISHED: 2020-07-01
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
CVE-2020-15472
PUBLISHED: 2020-07-01
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVE-2020-15473
PUBLISHED: 2020-07-01
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.