Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

News & Commentary
Software Developer Arrested in Computer Sabotage Case
Dark Reading Staff, Quick Hits
Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.
By Dark Reading Staff , 4/15/2021
Comment0 comments  |  Read  |  Post a Comment
US Tech Dominance Rides on Securing Intellectual Property
Joe Payne, President and CEO at Code42Commentary
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
By Joe Payne President and CEO at Code42, 4/2/2021
Comment0 comments  |  Read  |  Post a Comment
Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It
Robert Lemos, Contributing WriterNews
Attackers commonly focus on finding users with too much privileged access as their ticket to network compromise. What can companies do?
By Robert Lemos Contributing Writer, 4/1/2021
Comment1 Comment  |  Read  |  Post a Comment
Russian Man Pleads Guilty in Thwarted Tesla Hack
Dark Reading Staff, Quick Hits
Egor Kriuchkov will be sentenced in May on conspiracy charge
By Dark Reading Staff , 3/19/2021
Comment0 comments  |  Read  |  Post a Comment
Zero Trust in the Real World
Jerry W. Chapman, engineering fellow at Optiv SecurityCommentary
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.
By Jerry W. Chapman engineering fellow at Optiv Security, 2/10/2021
Comment0 comments  |  Read  |  Post a Comment
Multivector Attacks Demand Security Controls at the Messaging Level
Otavio Freire, CTO & President, SafeGuard CyberCommentary
As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.
By Otavio Freire CTO & President, SafeGuard Cyber, 2/10/2021
Comment0 comments  |  Read  |  Post a Comment
How Neurodiversity Can Strengthen Cybersecurity Defense
Liviu Arsene, Global Cybersecurity Researcher at BitdefenderCommentary
Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.
By Liviu Arsene Global Cybersecurity Researcher at Bitdefender, 2/9/2021
Comment0 comments  |  Read  |  Post a Comment
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Mark Wojtasiak, VP, Portfolio Marketing, Code42Commentary
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
By Mark Wojtasiak VP, Portfolio Marketing, Code42, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Dmitry Dontov, Chief Technology Officer, Spin TechnologyCommentary
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
By Dmitry Dontov Chief Technology Officer, Spin Technology, 12/29/2020
Comment0 comments  |  Read  |  Post a Comment
Defending the COVID-19 Vaccine Supply Chain
Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-ForceCommentary
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
By Nick Rossmann Global Threat Intelligence Lead, IBM Security X-Force, 12/28/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Scan for Supply-Side Threats in Open Source
Robert Lemos, Contributing WriterNews
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
By Robert Lemos Contributing Writer, 11/17/2020
Comment0 comments  |  Read  |  Post a Comment
Dealing With Insider Threats in the Age of COVID
Hitesh Sheth, CEO, VectraCommentary
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
By Hitesh Sheth CEO, Vectra, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat ResearcherCommentary
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
By David Pearson Principal Threat Researcher, 10/21/2020
Comment2 comments  |  Read  |  Post a Comment
Building the Human Firewall
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Security Officers, Are Your Employees Practicing Good Habits from Home?
Chip Witt, Vice President of Product Management at SpyCloudCommentary
Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.
By Chip Witt Vice President of Product Management at SpyCloud, 10/12/2020
Comment2 comments  |  Read  |  Post a Comment
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests
Robert Lemos, Contributing WriterNews
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.
By Robert Lemos Contributing Writer, 9/4/2020
Comment2 comments  |  Read  |  Post a Comment
The Inside Threat from Psychological Manipulators
Joshua Goldfarb, Director of Product Management at F5Commentary
How internal manipulators can actually degrade your organization's cyber defense, and how to defend against them.
By Joshua Goldfarb Director of Product Management at F5, 8/27/2020
Comment2 comments  |  Read  |  Post a Comment
Gamifying Password Training Shows Security Benefits
Robert Lemos, Contributing WriterNews
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.
By Robert Lemos Contributing Writer, 8/10/2020
Comment2 comments  |  Read  |  Post a Comment
A Most Personal Threat: Implantable Medical Devices
Dark Reading Staff, News
Alan Michaels,director of the Electronic Systems Lab at the Virginia Tech Hume Center, explains why implanted medical devices could pose a threat to secure communication facilities.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by karthik.k16
Current Conversations Thanks. Very informative
In reply to: Great article
Post Your Own Reply
Posted by TimKorry
Current Conversations Great tips. Thanks
In reply to: Great tips
Post Your Own Reply
More Conversations
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20527
PUBLISHED: 2021-04-19
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.
CVE-2021-27028
PUBLISHED: 2021-04-19
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files.
CVE-2021-27029
PUBLISHED: 2021-04-19
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review causing the application to crash leading to a denial of service.
CVE-2021-27030
PUBLISHED: 2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.
CVE-2021-27031
PUBLISHED: 2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.