Network Computing Dark Reading

Advertise

Vulnerabilities / Threats

1/11/2012
10:08 AM

Dark Reading
News

1 Comment
Comment Now

50%

When Someone Else's Insider Is Your Threat

As Symantec recently learned, your intellectual property could be at risk from third parties with whom you do business.

Protecting intellectual property against insiders is tough enough when the insiders are a company's own employees. The problem becomes even more difficult when a third party--whether a vendor or customer--has access to confidential information.

Just ask Symantec. Last week, the company confirmed that a group of hackers had stolen the source code to two of the firm's older products--Endpoint Protection 11.0 and Antivirus 10.2--from a third party. The group of allegedly Indian hackers, using the name "The Lords of Dharmaraja," claimed that the leak came from the Indian government and planned to release the code to the public.

"Symantec's own network was not breached, but rather that of a third party entity," Symantec spokesman Cris Paden said in an e-mailed statement. "We are still gathering information on the details and are not in a position to provide specifics on the third party involved."

The leak is an embarrassment to the company, but Symantec maintains that it does not represent a major threat. The source code from the two programs is four to five years old, Paden says.

"Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions," he said. "In 2010 alone, we distributed 10 million updates to our products in response to new cyber threats. If you extrapolate to four and five years, you can get an idea of how much our ... code has evolved over the following years."

Yet, a significant question for companies is why did the Indian government, if the code was indeed stolen from the government, keep the code so long, says Rob Rachwald, director of security strategy for Imperva.

Read the rest of this article on Dark Reading.

Heightened concern that users could inadvertently expose or leak--or purposely steal--an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. An Insider Threat Reality Check, a special retrospective of recent news coverage, takes a look at how organizations are handling the threat--and what users are really up to. (Free registration required.)

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Digital Transformation is Wreaking Havoc on Your Network!

Building a Better IT Security Architecture for Your Enterprise

More Webcasts

White Papers

IDC Workbook: Cloud Security Roadmap

7 Experts Discuss Evaluating MSSPs

More White Papers

Reports

2017 State of IT Report

Low Latency Data Center Interconnect Using Infinera & Arista

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Hot Topics

Editors' Choice

Sodinokibi Ransomware: Where Attackers' Money Goes

Kelly Sheridan, Staff Editor, Dark Reading, 10/15/2019

How to Think Like a Hacker

Dr. Giovanni Vigna, Chief Technology Officer at Lastline, 10/10/2019

7 SMB Security Tips That Will Keep Your Company Safe

Steve Zurier, Contributing Writer, 10/11/2019

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

More Informa Tech Live Events

White Papers

IDC Workbook: Cloud Security Roadmap

7 Experts Discuss Evaluating MSSPs

The Cybersecurity Skill Shortage Epidemic

Close Your Phishing Defense Gaps

Securing Containers in a Cloud Environment

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: The old using of sock puppets for Shoulder Surfing technique.

Cartoon Archive

Current Issue

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

2019 Online Malware and Threats

As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?

Download Now!

The State of IT Operations and Cybersecurity Operations

0 comments

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-17672
PUBLISHED: 2019-10-17

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.

CVE-2019-17673
PUBLISHED: 2019-10-17

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.

CVE-2019-17674
PUBLISHED: 2019-10-17

WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.

CVE-2019-17675
PUBLISHED: 2019-10-17

WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.

CVE-2019-17676
PUBLISHED: 2019-10-17

app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]