Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Privileged Use Also a State of Mind, Report Finds
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
5/28/2014 | 8:55:14 PM
Monitoring
Nice paper here from SANS on setting up database logging and monitoring:

http://www.sans.org/reading-room/whitepapers/application/setting-database-security-logging-monitoring-program-34222

Surprised that the percentage using tools to track insiders isn't close to 100 in this and every other study with all the products that are out there.

BP

 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/28/2014 | 12:43:02 PM
Re: Privileged means bad
Absolutely. Even if these privileged insiders had no intention of sharing the information or leaking it, if they get targeted, then their credentials can be abused by the bad guys, etc. 
SachinEE
50%
50%
SachinEE,
User Rank: Apprentice
5/28/2014 | 12:36:00 PM
Re: Privileged means bad
It can be misunderstood as curiosity but in real senses it poses a danger to an organization. Think of an external party getting advantage of the 'privileged few' curiosity escapades and they get to access important and sensitive information about the organization. Things concerning their clients' personal details, their financial dealings, plan for the organization. This can pose as a threat since competitors' will bank on the information and use it to their advantage.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20034
PUBLISHED: 2021-09-27
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
CVE-2021-20035
PUBLISHED: 2021-09-27
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
CVE-2021-41097
PUBLISHED: 2021-09-27
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses `aurelia-path` package to parse a string. The majority of this will be...
CVE-2021-23445
PUBLISHED: 2021-09-27
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
CVE-2021-36134
PUBLISHED: 2021-09-27
Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service (DoS).