CSO Magazine

NOVEMBER 24, 2022

A group of attackers, likely based in Vietnam, that specializes in targeting employees with potential access to Facebook business and ads management accounts, has re-emerged with changes to its infrastructure, malware, and modus operandi after being initially outed a few months ago. To read this article in full, please click here

Accountability 125

Accountability Malware Phishing 125

CSO Magazine

MAY 27, 2021

Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts. These credentials fuel the underground economy and are used for everything from spam to phishing and account takeovers. Get the latest from CSO by signing up for our newsletters. ]

CSO 119

CSO Passwords Data breaches Accountability 119

CSO Magazine

MAY 25, 2023

Inactive and non-maintained accounts pose significant security risks to users and businesses, with cybercriminals adept at using information stolen from forgotten or otherwise non-upheld accounts to exploit active accounts. To read this article in full, please click here

Accountability 91

Accountability Risk Passwords 91

CSO Magazine

JANUARY 13, 2022

Credential stuffing is a cyberattack in which exposed usernames and passwords are used to gain fraudulent access to user accounts through large-scale, automated login requests. Attackers are asking: What does it look like to make a legitimate request? How can we emulate that?

CSO 130

CSO Data breaches Passwords Accountability 130

Security Boulevard

FEBRUARY 5, 2024

This essential CSO guide outlines the robust account monitoring, access notifications, multi-factor authentication, deception technology, and user controls crucial for implementing unmatched account security across your organization.

Account Security 58

Account Security Accountability CSO Authentication 58

CSO Magazine

JUNE 8, 2021

In December 2020, the US Government Accounting Office (GAO) made 145 recommendations to 23 federal agencies relating to supply chain risks. Get the latest from CSO by signing up for our newsletters. ]. Get the latest from CSO by signing up for our newsletters. ]. D’Souza, testified before Congress on supply chain risks.

Government 121

Government CSO Risk Accountability 121

CSO Magazine

MAY 3, 2022

When CISOs fail to maintain positive working relationships with their security vendors they will often see their vendor provide less of a priority on their needs and overall responsiveness can be delayed, and in worst cases they may be flagged as a toxic account that no sales representative wants to be assigned,” he says.

CISO 128

CISO CSO Accountability Cybersecurity 128

CSO Magazine

MARCH 24, 2023

"Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised," Dan McInerney, a senior security engineer with cybersecurity startup Protect AI, told CSO. It's pretty brutal." To read this article in full, please click here

CSO 111

CSO Authentication Engineering Internet 111

CSO Magazine

MAY 6, 2021

Over the next few days, over 30,000 organizations in the US were attacked as hackers used several Exchange vulnerabilities to gain access to email accounts and install web shell malware , giving the cybercriminals ongoing administrative access to the victims' servers.

Hacking 116

Hacking CSO Accountability Malware 116

The Security Ledger

APRIL 5, 2023

In this Spotlight episode of the Security Ledger podcast, I interview Richard Bird, the CSO of the firm Traceable AI about the challenge of securing application programming interfaces (APIs), which are increasingly being abused to steal sensitive data. The post Spotlight: Traceable CSO Richard Bird on Securing the API Economy appeared first.

CSO 52

CSO Digital transformation Cyber Attacks Financial Services 52

CSO Magazine

JUNE 21, 2021

Sign up for CSO newsletters. ]. Can you, the CISO, or your team in charge of the ITAD, describe how each device provisioned and issued within the company is tracked, the data on the device is accounted for, and when and how that device is removed from the company ecosystem in a way the company and its customers’ data is protected?

CISO 116

CISO Risk CSO Accountability 116

CSO Magazine

DECEMBER 19, 2022

The organizations with the best chance of minimizing threats are those that build and sustain a culture of awareness and accountability. Here are some ways to do that: To read this article in full, please click here

Accountability 111

Accountability Cybersecurity Phishing Technology 111

CSO Magazine

DECEMBER 14, 2022

Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. The driver certificates have been revoked and the drivers will be added to a blocklist that Windows users can optionally deploy. "In

Accountability 106

Accountability Ransomware Software 106

CSO Magazine

MAY 3, 2023

Google has begun rolling out support for passkeys across Google Accounts on all major platforms, adding a new sign-in option that can be used alongside passwords and two-step verification. The tech giant announced passkey availability on the eve of World Password Day as it looks to introduce more secure, reliable sign-in options.

Accountability 105

Accountability Passwords 105

CSO Magazine

MARCH 7, 2023

Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information."

Accountability 95

Accountability Manufacturing Government Malware 95

CSO Magazine

JULY 26, 2022

Helsinki-based cybersecurity vendor WithSecure (formerly F-Secure Business) says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts. Previous attacks targeting Facebook did not target Facebook Business accounts in particular.

Accountability 80

Accountability Malware Media Phishing 80

CSO Magazine

MAY 17, 2023

Researchers from security firm Proofpoint investigated how attackers could abuse access to a Teams account and found some interesting attack vectors that could allow hackers to move laterally by launching further phishing attacks or getting users to download malicious files.

Accountability 105

Accountability Phishing Risk 105

CSO Magazine

MAY 28, 2021

These efforts recently escalated with an attack launched from a hijacked email marketing account belonging to USAID and targeted around 3,000 people across over 150 organizations in 24 countries. Sign up for CSO newsletters. ].

CSO 105

CSO Government Marketing Hacking 105

The Last Watchdog

MAY 5, 2022

From there, it’s possible to find devices with privileged accounts and take the attack further. About the essayist: Den Jones, CSO at Banyan Security , which supplies s imple, least-privilege, multi-cloud application access technologies. This has gone unchecked for years and there’s no good reason to let it continue.

Ransomware 247

Ransomware Risk Internet Internet 247

CSO Magazine

APRIL 13, 2022

Sign up for CSO newsletters. ]. Murphy, manager of cybersecurity at Schneider Downs, a certified public accounting and business advisory firm, says he once investigated the root cause of a ransomware attack at a company and traced the incident back to a worker who had clicked on an invoice for pickles.

Penetration Testing 95

Penetration Testing CSO Phishing Passwords 95

SecureWorld News

MARCH 10, 2021

He also says that it is very important to note that this issue was not the result of compromised account passwords, SSH keys, or personal access tokens (PATs). For the very small population of accounts that we know to be affected by this issue, we've reached out with additional information and guidance.".

Authentication 98

Authentication CSO Accountability Engineering 98

CSO Magazine

NOVEMBER 28, 2022

Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. Marketers want to collect data about customers and their devices.

CSO 80

CSO Data collection Marketing Accountability 80

CSO Magazine

APRIL 7, 2021

If the KRBTGT account password hash is stolen or broken with an attack, the attackers can then grant themselves full access to your network with the necessary authentication. When an attacker wiggles into a network, they can use the golden ticket attack sequence. Active Directory (AD) uses the KRBTGT in the AD domain for Kerberos tickets.

Passwords 90

Passwords Accountability Authentication 90

SecureWorld News

MAY 2, 2024

They now face the risk of being implicated in criminal investigations or held accountable for security breaches, as evidenced by cases like that of Joe Sullivan, the former Chief Security Officer of Uber, who was sentenced to three years' probation for covering up a data breach involving millions of Uber user records.

CISO 100

CISO Government CSO Artificial Intelligence 100

CSO Magazine

JANUARY 5, 2023

The operation is highly automated using CI/CD processes and involves the creation of tens of thousands of fake accounts and the use of stolen or fake credit cards to activate time-limited trials. Researchers from Palo Alto Networks' Unit 42 have dubbed the group Automated Libra and believe it's based in South Africa.

Accountability 87

Accountability 87

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection 138

Threat Detection Authentication Accountability Data breaches 138

CSO Magazine

APRIL 14, 2023

There has been an increase in discussions and trades related to ChatGPT on the dark web since March, according to Check Point.

Accountability 117

Accountability 117

SC Magazine

JUNE 18, 2021

In a notice released to its customers, Wegmans said the type of customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers, and email addresses and passwords for access to Wegmans.com accounts. Tracy said companies really need to understand the shared security model of the cloud providers.

CSO 107

CSO Passwords Authentication Accountability 107

CSO Magazine

JUNE 7, 2021

The Amazon Web Services identity and access management ( IAM ) mechanism is complex, and not fully understanding its particularities often leads to misconfigurations and exposed cloud assets. Researchers from cloud security firm Lightspin identified quirks in S3 bucket permissions that appear to be a common source of confusion among administrators.

Accountability 97

Accountability 97

CSO Magazine

MAY 19, 2022

Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised. To read this article in full, please click here

Accountability 65

Accountability Phishing Passwords Cybersecurity 65

The Security Ledger

SEPTEMBER 25, 2018

SAP CSO Justin Somaini. For consumers, that means boning up on account security – maybe getting a password manager. Somaini has the distinction of being the first CSO at Yahoo and also at Symantec. October is Cybersecurity awareness month.

CSO 40

CSO Hacking Security Awareness Password Management 40

CSO Magazine

MARCH 2, 2023

Booking.com, one of the world's largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to customer accounts by simply tricking them into clicking a link.

Accountability 66

Accountability Risk 66

Security Affairs

FEBRUARY 22, 2021

In response to the malicious activity, the company permanently banned the account used by the attacker and deployed new “safeguards” to prevent similar attacks in the future, but ClubHouse was not able to ensure that it will not happen again. ” reported Bloomberg.

CSO 123

CSO Internet Internet Surveillance 123

Security Boulevard

DECEMBER 5, 2022

A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military. Leer más CSO Online. To read this article in full, please click here.

Media 74

Media CSO Accountability 74

Malwarebytes

APRIL 28, 2022

This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had compromised. Third, victims can’t protect themselves from such attacks unless they completely delete their accounts. This tactic has become prevalent in recent months.

CSO 100

CSO Accountability Authentication Cybersecurity 100

CyberSecurity Insiders

MAY 16, 2022

By Amanda Fennell, CSO and CIO, Relativity. Security programs must shoulder accountability for setting employees in different roles up for success. Effective learning management systems are available that take into account the human attention span. But tools and processes alone are two variables in an incomplete equation.

CSO 131

CSO Passwords Password Management Accountability 131

SecureWorld News

JUNE 26, 2023

While these Wells Notices are official investigations, they are a sign of a potential intent to investigate the CISO and CFO. Barton Kalsu and CISO Tim Brown have both been with Austin, Texas-based SolarWinds since before the breach that impacted at least nine federal agencies and approximately 100 organizations.

CISO 109

CISO CSO Data privacy Cyber Risk 109