Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

News & Commentary
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
Matt Davey, Chief Operations Optimist, 1PasswordCommentary
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
By Matt Davey Chief Operations Optimist, 1Password, 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
Time for Insider-Threat Programs to Grow Up
Robert Lemos, Contributing WriterNews
Immature programs attempting to protect against damaging attacks by insiders run the risk of alienating employees.
By Robert Lemos Contributing Writer, 1/2/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Shawn Taylor, Senior Systems Engineer at ForeScoutCommentary
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
By Shawn Taylor Senior Systems Engineer at ForeScout, 12/18/2019
Comment6 comments  |  Read  |  Post a Comment
A Security Strategy That Centers on Humans, Not Bugs
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
By Andrea Little Limbago Chief Social Scientist, Virtru, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
From Spyware to Ninja Cable
Iftah Bratspiess, CEO at Sepio SystemsCommentary
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.
By Iftah Bratspiess CEO at Sepio Systems, 9/9/2019
Comment0 comments  |  Read  |  Post a Comment
Modern Technology, Modern Mistakes
Kacy Zurkus, Contributing Writer
As employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk. And that leaves security teams having to defend an ever-expanding attack surface.
By Kacy Zurkus Contributing Writer, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
You Gotta Reach 'Em to Teach 'Em
Kacy Zurkus, Contributing Writer
As threats continue to evolve and cybercriminals become more sophisticated, organizations that lack a mature security awareness and training program place themselves at serious risk.
By Kacy Zurkus Contributing Writer, 8/14/2019
Comment2 comments  |  Read  |  Post a Comment
How Do I Monitor for Malicious Insiders?
Katie Burnell, Global Insider Threat Specialist, Dtex Systems
Big picture: Think holistic, with appropriate levels of visibility into each stage of the insider threat kill chain.
By Katie Burnell Global Insider Threat Specialist, Dtex Systems, 8/5/2019
Comment1 Comment  |  Read  |  Post a Comment
CISOs Must Evolve to a Data-First Security Program
Michael Coates, CEO & Co-Founder of Altitude NetworksCommentary
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
By Michael Coates CEO & Co-Founder of Altitude Networks, 7/30/2019
Comment2 comments  |  Read  |  Post a Comment
Insider Threats: An M&A Dealmaker's Nightmare
Joe Payne, President and CEO at Code42Commentary
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
By Joe Payne President and CEO at Code42, 7/9/2019
Comment0 comments  |  Read  |  Post a Comment
Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
John Kindervag, Field CTO at Palo Alto NetworksCommentary
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
By John Kindervag Field CTO at Palo Alto Networks, 6/24/2019
Comment0 comments  |  Read  |  Post a Comment
What 3 Powerful GoT Women Teach Us about Cybersecurity
Orion Cassetto, Senior Product Maester, ExabeamCommentary
Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security.
By Orion Cassetto Senior Product Maester, Exabeam, 6/11/2019
Comment0 comments  |  Read  |  Post a Comment
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Ira Winkler, CISSP, President, Secure MentemCommentary
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
By Ira Winkler CISSP, President, Secure Mentem, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
World Password Day or Groundhog Day?
Stephen Cox, VP & CSA, SecureAuthCommentary
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
By Stephen Cox VP & CSA, SecureAuth, 5/2/2019
Comment3 comments  |  Read  |  Post a Comment
1 in 4 Workers Are Aware Of Security Guidelines but Ignore Them
Steve Zurier, Contributing WriterNews
Even more are knowingly connecting to unsecure networks and sharing confidential information through collaboration platforms, according to Symphony Communication Services.
By Steve Zurier Contributing Writer, 4/23/2019
Comment1 Comment  |  Read  |  Post a Comment
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Orion Cassetto, Senior Product Maester, ExabeamCommentary
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
By Orion Cassetto Senior Product Maester, Exabeam, 4/18/2019
Comment2 comments  |  Read  |  Post a Comment
7 Tips for an Effective Employee Security Awareness Program
Jai Vijayan, Contributing Writer
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
By Jai Vijayan Contributing Writer, 4/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Ignore the Insider Threat at Your Peril
Bryan Sartin, Executive Director, Global Security Services, at VerizonCommentary
Attacks from insiders often go undiscovered for months or years, so the potential impact can be huge. These 11 countermeasures can mitigate the damage.
By Bryan Sartin Executive Director, Global Security Services, at Verizon, 4/8/2019
Comment1 Comment  |  Read  |  Post a Comment
The Matrix at 20: A Metaphor for Today's Cybersecurity Challenges
Stephen Cox, VP & CSA, SecureAuthCommentary
The Matrix ushered in a new generation of sci-fi movies and futuristic plotlines with a relentless, seemingly invulnerable set of villains. Twenty years later, that theme is all too familiar to security pros.
By Stephen Cox VP & CSA, SecureAuth, 4/5/2019
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8818
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore...
CVE-2020-8819
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass ...
CVE-2020-9385
PUBLISHED: 2020-02-25
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
CVE-2020-9382
PUBLISHED: 2020-02-24
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's } parser function.
CVE-2020-1938
PUBLISHED: 2020-02-24
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that ...