Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

News & Commentary
Gamifying Password Training Shows Security Benefits
Robert Lemos, Contributing WriterNews
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.
By Robert Lemos Contributing Writer, 8/10/2020
Comment0 comments  |  Read  |  Post a Comment
A Most Personal Threat: Implantable Medical Devices
Dark Reading Staff, News
Alan Michaels,director of the Electronic Systems Lab at the Virginia Tech Hume Center, explains why implanted medical devices could pose a threat to secure communication facilities.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
Dark Reading Staff, News
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Alex Artamonov, System Engineer & Cybersecurity Specialist, Infinitely VirtualCommentary
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
By Alex Artamonov System Engineer & Cybersecurity Specialist, Infinitely Virtual, 7/27/2020
Comment0 comments  |  Read  |  Post a Comment
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
By Shane Buckley President & Chief Operating Officer, Gigamon, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
Name That Toon: Sign of the Tides
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 6/5/2020
Comment7 comments  |  Read  |  Post a Comment
10 Tips for Maintaining Information Security During Layoffs
Joan Goodchild, Contributing Writer
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
By Joan Goodchild Contributing Writer, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Banking on Data Security in a Time of Insecurity
Dan DeMers, CEO of CinchyCommentary
How banks can maintain security and data integrity in the middle of a pandemic.
By Dan DeMers CEO of Cinchy, 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing WriterNews
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
By Seth Rosenblatt Contributing Writer, 5/28/2020
Comment5 comments  |  Read  |  Post a Comment
Standing Privilege: The Attacker's Advantage
Tim Keeler, Founder and CEO, RemediantCommentary
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
By Tim Keeler Founder and CEO, Remediant, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
Long-Term Remote Work: Keeping Workers Productive & Secure
Joe Payne, President and CEO at Code42Commentary
The pandemic has changed how we get work done. Now, data security must catch up.
By Joe Payne President and CEO at Code42, 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
Compliance as a Way to Reduce the Risk of Insider Threats
Bob Swanson, Compliance Research Consultant, SwimlaneCommentary
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
By Bob Swanson Compliance Research Consultant, Swimlane, 5/14/2020
Comment0 comments  |  Read  |  Post a Comment
Rule of Thumb: USB Killers Pose Real Threat
VP Pai, Vice President, ProTek DevicesCommentary
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
By VP Pai Vice President, ProTek Devices, 5/11/2020
Comment0 comments  |  Read  |  Post a Comment
Industrial Networks' Newest Threat: Remote Users
Dave Weinstein, Chief Security Officer, ClarotyCommentary
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
By Dave Weinstein Chief Security Officer, Claroty, 5/1/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Services Are the New Critical Infrastructure. Can We Rely on Them?
Liran Tancman, CEO & Co-Founder of RezilionCommentary
If cloud services vendors successfully asked themselves these three questions, we'd all be better off.
By Liran Tancman CEO & Co-Founder of Rezilion, 4/27/2020
Comment0 comments  |  Read  |  Post a Comment
How the Dark Web Fuels Insider Threats
Kurtis Minder, co-Founder & CEO, GroupSenseCommentary
New decentralized, criminal marketplaces and "as-a-service" offerings make it easy for employees to monetize their knowledge and access to enterprise networks and systems.
By Kurtis Minder co-Founder & CEO, GroupSense, 4/23/2020
Comment0 comments  |  Read  |  Post a Comment
Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19
Rob Smith, Research Director, Gartner Endpoint & Operations Security GroupCommentary
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.
By Rob Smith Research Director, Gartner Endpoint & Operations Security Group, 4/20/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Things Ransomware Taught Me About Responding in a Crisis
Shawn Taylor, Senior Systems Engineer at ForeScoutCommentary
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
By Shawn Taylor Senior Systems Engineer at ForeScout, 4/16/2020
Comment2 comments  |  Read  |  Post a Comment
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
David A. Sanders, Director of Insider Threat Operations at HaystaxCommentary
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
By David A. Sanders Director of Insider Threat Operations at Haystax, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Lance Spitzner, Director, SANS Institute Securing The Human Security Awareness ProgramCommentary
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
By Lance Spitzner Director, SANS Institute Securing The Human Security Awareness Program, 3/30/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by hellocleanerae
Current Conversations Thank you
In reply to: re: Hacking Higher Education
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.