Vulnerabilities / Threats //

Insider Threats

News & Commentary
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda NetworksCommentary
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
By Asaf Cidon Vice President, Content Security Services, at Barracuda Networks, 10/15/2018
Comment0 comments  |  Read  |  Post a Comment
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
By Steve Zurier Freelance Writer, 10/12/2018
Comment2 comments  |  Read  |  Post a Comment
How Data Security Improves When You Engage Employees in the Process
Robert E. Crossler, Assistant Professor of Information Systems, Washington State UniversityCommentary
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
By Robert E. Crossler Assistant Professor of Information Systems, Washington State University, 9/28/2018
Comment6 comments  |  Read  |  Post a Comment
IT Professionals Think They're Better Than Their Security
Dark Reading Staff, Quick Hits
More than half of professionals think they have a good shot at a successful insider attack.
By Dark Reading Staff , 8/29/2018
Comment2 comments  |  Read  |  Post a Comment
How One Companys Cybersecurity Problem Becomes Another's Fraud Problem
Curtis Jordan, Lead Security Engineer, TruSTARCommentary
The solution: When security teams see something in cyberspace, they need to say something.
By Curtis Jordan Lead Security Engineer, TruSTAR, 8/29/2018
Comment8 comments  |  Read  |  Post a Comment
A False Sense of Security
Steve Durbin, Managing Director of the Information Security ForumCommentary
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
By Steve Durbin Managing Director of the Information Security Forum, 8/24/2018
Comment1 Comment  |  Read  |  Post a Comment
Using Threat Deception on Malicious Insiders
Dark Reading Staff, CommentaryVideo
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Leveraging the Power of your End-Users Human Cognition
Dark Reading Staff, CommentaryVideo
Cofense CEO Rohyt Belani makes a case for more aggressively leveraging the unique ability of your most perceptive and well-trained end-users to help you more quickly spot and stop email threats.
By Dark Reading Staff , 8/17/2018
Comment1 Comment  |  Read  |  Post a Comment
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark ReadingNews
Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.
By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018
Comment1 Comment  |  Read  |  Post a Comment
10 Threats Lurking on the Dark Web
Steve Zurier, Freelance Writer
Despite some high-profile takedowns last year, the Dark Web remains alive and well. Here's a compilation of some of the more prolific threats that loom.
By Steve Zurier Freelance Writer, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
How GDPR Could Turn Privileged Insiders into Bribery Targets
Mark Coates, VP, EMEA, Dtex SystemsCommentary
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
By Mark Coates VP, EMEA, Dtex Systems, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways to Tell an Insider Has Gone Rogue
Jai Vijayan, Freelance writer
Malicious activity by trusted users can be very hard to catch, so look for these red flags.
By Jai Vijayan Freelance writer, 7/19/2018
Comment2 comments  |  Read  |  Post a Comment
Time to Yank Cybercrime into the Light
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Too many organizations are still operating blindfolded, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft July Security Updates Mostly Browser-Related
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/10/2018
Comment0 comments  |  Read  |  Post a Comment
Reactive or Proactive? Making the Case for New Kill Chains
Ryan Stolte, co-founder and CTO at Bay DynamicsCommentary
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
By Ryan Stolte co-founder and CTO at Bay Dynamics, 7/6/2018
Comment1 Comment  |  Read  |  Post a Comment
9 SMB Security Trends
Steve Zurier, Freelance Writer
SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most.
By Steve Zurier Freelance Writer, 7/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Today! 'Why Cybercriminals Attack,' A Dark Reading Virtual Event
Dark Reading Staff, Commentary
Wednesday, June 27, this all-day event starting at 11 a.m. ET, will help you decide who and what you really need to defend against, and how to do it more effectively.
By Dark Reading Staff , 6/27/2018
Comment3 comments  |  Read  |  Post a Comment
Insider Dangers Are Hiding in Collaboration Tools
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/26/2018
Comment14 comments  |  Read  |  Post a Comment
12 Trends Shaping Identity Management
Sara Peters, Senior Editor at Dark Reading
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
By Sara Peters Senior Editor at Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Verizon DBIR: Ransomware Attacks Double for Second Year in a Row
Sara Peters, Senior Editor at Dark ReadingNews
Outside attackers still the biggest problem - except in healthcare.
By Sara Peters Senior Editor at Dark Reading, 4/10/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by ronaldthomas
Current Conversations good post
In reply to: a
Post Your Own Reply
More Conversations
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
Most Malware Arrives Via Email
Dark Reading Staff 10/11/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17534
PUBLISHED: 2018-10-15
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.
CVE-2018-17980
PUBLISHED: 2018-10-15
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is execute...
CVE-2018-18259
PUBLISHED: 2018-10-15
Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page.
CVE-2018-18260
PUBLISHED: 2018-10-15
In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false.
CVE-2018-17532
PUBLISHED: 2018-10-15
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.