Network Computing Dark Reading

Advertise

Vulnerabilities / Threats

4/9/2013
03:11 PM

Ericka Chickowski
Slideshows

Connect Directly

1 Comment
Comment Now

50%

Slide Show: 8 Egregious Examples Of Insider Threats

Real-world case studies from the CERT Insider Threat Center

1 of 9

Unlike large customer information data breach cases that are publicly announced due to disclosure laws, many of the most intriguing insider theft, sabotage, and fraud cases never see the light of public scrutiny because companies would rather not air their dirty laundry if they don't have to. But these cases can offer valuable lessons on how insiders can be a threat in future situations. That is why the folks at the CERT Insider Theft Center work with private sector firms and law enforcement authorities to discretely study insider cases for the benefit of the industry. Since 2001, CERT has studied more than 800 cases.

Here are eight illustrative examples of the kind of damage these insiders can do to an organization.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio

1 of 9

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

The 6 Must-Haves for Practical Cloud Security

Cloud Security Threats Enterprises Need to Watch

More Webcasts

White Papers

Let's Talk: Why Language Matters in Cybersecurity

6 Emerging Cyber Threats That Enterprises Face in 2020

More White Papers

Reports

2019 State of Privileged Access Management (PAM) Maturity Report

The Definitive Guide to Managed Detection and Response (MDR)

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

50%

hrutledge974,
User Rank: Apprentice
5/2/2013 | 6:16:06 PM

re: Slide Show: 8 Egregious Examples Of Insider Threats

The arrows on the slide show don't work. They are grayed out.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

Stop Defending Everything

Kevin Kurzawa, Senior Information Security Auditor, 2/12/2020

Small Business Security: 5 Tips on How and Where to Start

Mike Puglia, Chief Strategy Officer at Kaseya, 2/13/2020

Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems

Jai Vijayan, Contributing Writer, 2/13/2020

Live Events

Webinars

March 16-19, 2020: Data Center World Registration is open! Join Us

Data Center World: The leading conference & expo for Data Center and IT Infrastructure Professionals. Register Today!

Get Insights: Cisco vs Microsoft & More at EC20 Orlando

More Informa Tech Live Events

White Papers

Let's Talk: Why Language Matters in Cybersecurity

6 Emerging Cyber Threats That Enterprises Face in 2020

2019 Security Technology Sprawl Report

7 Critical Firewall Capabilities to Prevent Cyberattacks

KX III for High Performance Video Applications

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: The Boss says "if I am paying 4 million a year for the cloud I want to see it!" So Liz bought the largest ballon she could find and is ...

Cartoon Archive

Current Issue

6 Emerging Cyber Threats That Enterprises Face in 2020

This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing and Maintaining Secure Applications

The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.

Download Now!

How Enterprises are Attacking the Cybersecurity Problem

0 comments

How Data Breaches affect the Enterprise

0 comments

Rethinking Enterprise Data Defense

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-5531
PUBLISHED: 2020-02-17

Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethe...

CVE-2020-7252
PUBLISHED: 2020-02-17

Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.

CVE-2020-9024
PUBLISHED: 2020-02-17

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts.

CVE-2020-9025
PUBLISHED: 2020-02-17

Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script.

CVE-2020-9026
PUBLISHED: 2020-02-17

ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]