Network Computing Dark Reading

Advertise

Vulnerabilities / Threats

4/9/2013
03:11 PM

Ericka Chickowski
Slideshows

Connect Directly

1 Comment
Comment Now

50%

Slide Show: 8 Egregious Examples Of Insider Threats

Real-world case studies from the CERT Insider Threat Center

1 of 9

Unlike large customer information data breach cases that are publicly announced due to disclosure laws, many of the most intriguing insider theft, sabotage, and fraud cases never see the light of public scrutiny because companies would rather not air their dirty laundry if they don't have to. But these cases can offer valuable lessons on how insiders can be a threat in future situations. That is why the folks at the CERT Insider Theft Center work with private sector firms and law enforcement authorities to discretely study insider cases for the benefit of the industry. Since 2001, CERT has studied more than 800 cases.

Here are eight illustrative examples of the kind of damage these insiders can do to an organization.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio

1 of 9

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Enabling a Smooth DX Transformation in the Post-Pandemic New Tomorrow

Don't Miss this Dark Reading Virtual Event on Critical Data Breaches

More Webcasts

White Papers

Securing IT & OT in Industrial Environments

Ransomware Response Report: Trends & Outlook

More White Papers

Reports

Collective Offense Calls for Collective Defense

Cyber AI: An Immune System for Cloud Security

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

50%

hrutledge974,
User Rank: Apprentice
5/2/2013 | 6:16:06 PM

re: Slide Show: 8 Egregious Examples Of Insider Threats

The arrows on the slide show don't work. They are grayed out.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 6/1/2020

Cloud Security Architect Proves Hardest Infosec Role to Fill

Dark Reading Staff 5/27/2020

Stay-at-Home Orders Coincide With Massive DNS Surge

Robert Lemos, Contributing Writer, 5/27/2020

Webinars

Enabling a Smooth DX Transformation in the Post-Pandemic New Tomorrow

Don't Miss this Dark Reading Virtual Event on Critical Data Breaches

Thinking Like an Attacker: Strategies for Defense

Webinar Archives

White Papers

Securing IT & OT in Industrial Environments

Ransomware Response Report: Trends & Outlook

How Cybersecurity Incident Response Programs Work (and Why Some Don't)

APC Smart-UPS Lithium-Ion UPS Battery will Cut Your TCO

Stopping Phishing Attacks Technology Missed

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Just post your caption in the comment field. If you win, Dark Reading editors will contact you, then post the caption on the Dark Reading web ...

Cartoon Archive

Current Issue

How Cybersecurity Incident Response Programs Work (and Why Some Don't)

This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

Download this report to find out what organizations are doing to secure their endpoints and to protect themselves against malware, hackers, and social engineering attacks.

Download Now!

State of Cybersecurity Incident Response

0 comments

How Enterprises Are Developing and Maintaining Secure Applications

0 comments

How Enterprises are Attacking the Cybersecurity Problem

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-13757
PUBLISHED: 2020-06-01

Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing exces...

CVE-2020-13758
PUBLISHED: 2020-06-01

modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.

CVE-2020-9291
PUBLISHED: 2020-06-01

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.

CVE-2019-15709
PUBLISHED: 2020-06-01

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.

CVE-2020-13695
PUBLISHED: 2020-06-01

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]