Article and CSO - Cyber Security Informer

Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach

CSO Magazine

MAY 23, 2023

Like most CSOs, Joe Sullivan was drawn to the role to help prevent cybercrimes. His role as CSO of Uber was something of a shift from his previous job prosecuting cybercriminals as an assistant US attorney, but closer to the tip of the cybersecurity spear. To read this article in full, please click here

CSO

CSO CISO Cybercrime Cybersecurity

2022 CSO Hall of Fame honorees

CSO Magazine

MAY 31, 2022

The CSO Hall of Fame was created to spotlight outstanding leaders who have significantly contributed to the practice of information risk management and security. Selected by the editors of CSO, its advisors, and executives, the individuals bestowed with this award exemplify excellence in security leadership.

CSO

CSO CISO Risk

CSO Hall of Fame honorees

CSO Magazine

MAY 4, 2021

The CSO Hall of Fame was created to spotlight outstanding leaders who have significantly contributed to the practice of information risk management and security. Selected by the editors of CSO, its advisors, and executives, the individuals bestowed with this award exemplify excellence in security leadership.

CSO

CSO CISO Risk

The CSO role today: Responsibilities and requirements for the top security job

CSO Magazine

MAY 20, 2021

CSO definition. A CSO is a departmental leader responsible for information security, corporate security or both. That's the simplest answer to the question "What is a CSO?", At many companies, the term CSO is still used in this way. To read this article in full, please click here

CSO

CSO CISO Information Security Technology

The CSO guide to top security conferences, 2020

CSO Magazine

FEBRUARY 19, 2021

From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you. To read this article in full, please click here

CSO

CSO's guide to the worst and most notable ransomware

CSO Magazine

FEBRUARY 16, 2021

To read this article in full, please click here Sophos reports that the average cost of a ransomware attack in 2020 was nearly $1.5 million for victim organizations that paid ransoms and about $732,000 for those that didn’t.

CSO

CSO Ransomware

CSO Global Intelligence Report: The State of Cybersecurity in 2021

CSO Magazine

JULY 30, 2021

To read this article in full, please click here What stands out is the extent of the harm: Nearly half of those attacked reported seeing economic damage, a loss of productivity, and theft of PII (personally identifiable information). No less than 28% said intellectual property had been stolen.

CSO

CSO Cybersecurity Ransomware Software

Uber’s ex-CSO avoids prison after data breach cover up

Graham Cluley

MAY 7, 2023

Read more in my article on the Hot for Security blog. After covering up a data breach that impacted the personal records of 57 million Uber passengers and drivers, the company's former Chief Security Officer has been found guilty and sentenced by a US federal judge.

Data breaches

Data breaches CSO

I’m quoted in CSO Online article: 25 API Security Tips You’re Probably Not Considering

Architect Security

JUNE 8, 2020

I contributed to this article by David Spark of CISO/Security Vendor Relationship Series. These are some of the best API security tips right now: 25 API Security Tips You’re Probably Not Considering.

CSO

CSO CISO Media Software

Most interesting products to see at RSA Conference 2023

CSO Magazine

APRIL 21, 2023

That’s a lot of ground to cover, so CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye here. More announcements will be made throughout the event, and CSO will update this article as their embargoes break. To read this article in full, please click here

CSO

CSO Phishing Software

Proposed bill would create a new federal agency to protect consumer data

CSO Magazine

JULY 6, 2021

Check out CSO's ultimate guide to security and privacy laws, regulations, and compliance. | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here The DPA would "protect Americans' data, safeguard their privacy, and ensure data practices are fair and transparent.". [

CSO

CSO Government

What happened to the Lapsus$ hackers?

CSO Magazine

AUGUST 11, 2022

[Editor's note: This article originally appeared on the CSO Germany website on July 29.] To read this article in full, please click here Claire Tills, senior research engineer at Tenable, describes the methods of the hacking group Lapsus$ as bold, illogical and poorly thought out.

CSO

CSO Engineering Ransomware Hacking

Threat intelligence programs poised for growth

CSO Magazine

JUNE 12, 2023

In my last CSO article , I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. To read this article in full, please click here

CSO

CSO Cyber threats Technology Cybersecurity

How corporate data and secrets leak from GitHub repositories

CSO Magazine

OCTOBER 5, 2021

The biggest eye-opener for me was how quickly it was exploited," he tells CSO. Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here The first unauthorized login happened within 34 minutes. Check out this checklist for minimizing damage from a data breach. |

CSO

CSO Data breaches Passwords

TikTok resets the clock on security leadership

CSO Magazine

JULY 15, 2022

The news this morning that Roland Cloutier is stepping away from the TikTok Global CSO role may or may not be surprising. At the time, it wasn’t clear if Roland was going to be their CSO-for-life, or if his role was to guide TikTok through a transition and build an excellent foundation for its security future (I guess we know now).

CSO

The future of work: Coming sooner than you think

CSO Magazine

FEBRUARY 8, 2021

Today's work-from-home world has given us a glimpse of the future, as these five articles from CIO, Computerworld, CSO, InfoWorld, and Network World illustrate. What will your worklife be like years from now?

CSO

4 most dangerous emerging ransomware threat groups to watch

CSO Magazine

AUGUST 24, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here These are AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0. Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. |

Ransomware

Ransomware CSO Malware

What is an ISAC or ISAO? How these cyber threat information sharing organizations improve security

CSO Magazine

JULY 26, 2022

Editor's note: This article, originally published on July 3, 2019, has been updated with a directory of ISACs and ISAOs.] Get the latest from CSO by signing up for our newsletters. ]. Get the latest from CSO by signing up for our newsletters. ]. To read this article in full, please click here ISAC and ISAO definition.

Cyber threats

Cyber threats CSO

Mitre D3FEND explained: A new knowledge graph for cybersecurity defenders

CSO Magazine

JULY 28, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here While complementary, the two projects are very different. Review the best Mitre D3FEND advice to harden Windows networks. |

CSO

CSO Cybersecurity

How Marvel’s Avengers inspire Pinsent Masons CISO to adapt cybersecurity hiring

CSO Magazine

DECEMBER 22, 2022

In an industry crying out for diversity and innovation, this year’s number one UK CSO 30 Awards winner says he takes inspiration from the Marvel Comics universe to challenge traditional HR approaches and more effectively recruit and keep security talent. “We To read this article in full, please click here

CISO

CISO CSO Cybersecurity

What is Magecart? How this hacker group steals payment card data

CSO Magazine

OCTOBER 21, 2021

Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT. [

CSO

CSO Data breaches Software

Insider risk management: Where your program resides shapes its focus

CSO Magazine

MAY 29, 2023

In 2019, a CSO article raised the question “ Insider risk management — who’s the boss ?” To read this article in full, please click here Over the years I have hypothesized that where such IRM programs reside within an organization will have a material impact on its focus and possibly its overall effectiveness.

Risk

Risk CSO Government

How to prepare your Windows network for a ransomware attack

CSO Magazine

AUGUST 4, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here That preparation comes in two forms: planning how you would respond to a successful ransomware attack and overcoming barriers to hardening your network against them. Learn how to harden Windows 10 for maximum security. |

Ransomware

Ransomware CSO

Why today’s cybersecurity threats are more dangerous

CSO Magazine

OCTOBER 4, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here At the same time, corporate America and even the general public have awakened to the new array of digital dangers posed by nation-state actors and criminal organizations.

CSO

CSO Cybersecurity Government Ransomware

Ransomware recovery: 8 steps to successfully restore from backup

CSO Magazine

AUGUST 12, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here Part of the reason is the lack of backups—specifically, the lack of usable backups. Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. |

Backups

Backups Ransomware CSO Malware

REvil gang suddenly goes silent leaving victims unable to recover systems

CSO Magazine

JULY 13, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here Meanwhile, victims and the security companies working for them to recover data have been put in a more difficult situation.

CSO

CSO Ransomware Government Malware

IoT devices have serious security deficiencies due to bad random number generation

CSO Magazine

AUGUST 13, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here Learn the 10 identity management metrics that matter. |

CSO

CSO IoT Encryption Authentication

5 riskiest mobile apps

CSO Magazine

AUGUST 2, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here Learn the 8 mobile security threats you should take seriously. |

Mobile

Mobile CSO Software

Apple plan to scan users’ iCloud photos raises new fears of government-mandated data access

CSO Magazine

AUGUST 9, 2021

Learn what's next for encryption if the RSA algorithm is broken | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here

CSO

CSO Government Encryption

7 steps to protect against ransomware-related lawsuits

CSO Magazine

AUGUST 18, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. |

Ransomware

Ransomware CSO Malware

9 types of computer virus and how they do their dirty work

CSO Magazine

JUNE 10, 2022

We here at CSO have done our part: our malware explainer breaks down malware based on how it spreads (self-propagating worms , viruses piggybacking on other code, or sneakily disguised Trojans ) as well as by what it does to infected machines ( rootkits , adware , ransomware , cryptojacking , and malvertising , oh my).

Adware

Adware CSO Malware Ransomware

Critical flaw in AI testing framework MLflow can lead to server and data compromise

CSO Magazine

MARCH 24, 2023

"Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised," Dan McInerney, a senior security engineer with cybersecurity startup Protect AI, told CSO. To read this article in full, please click here It's pretty brutal."

CSO

CSO Authentication Engineering Internet

Uber CISO's trial underscores the importance of truth, transparency, and trust

CSO Magazine

MAY 19, 2022

Case in point: A federal judge recently ordered Uber Technologies to work with its former CSO, Joseph Sullivan (who held the position from April 2015 to November 2017), and review a plethora of Uber documents that Sullivan has requested in unredacted form for use in his defense in the upcoming criminal trial.

CISO

CISO CSO Data breaches Media

12 steps to building a top-notch vulnerability management program

CSO Magazine

MAY 16, 2022

Sign up for CSO newsletters. ]. To read this article in full, please click here And other executives in the C-suite have also come around to the criticality of this task, given the number of high-profile breaches that happened as a result of an unpatched system.

CSO

CSO Cybersecurity

Wave of native IIS malware hits Windows servers

CSO Magazine

AUGUST 11, 2021

Sign up for CSO newsletters ! ] To read this article in full, please click here Such malware was deployed this year by hackers exploiting Microsoft Exchange zero-day vulnerabilities , but a total of 14 groups have been observed using native IIS backdoors and information stealers in recent years. [

Malware

Malware CSO Internet Internet

Russia is fully capable of shutting down cybercrime

CSO Magazine

SEPTEMBER 14, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here Last week, Recorded Future’s Insikt Group published a report shedding more light on the connection between the Russian state and criminal actors, a connection that Insikt Group posits is “well established yet highly diffused.”.

Cybercrime

Cybercrime CSO Ransomware

How to mitigate the Microsoft Office zero-day attack

CSO Magazine

SEPTEMBER 22, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here For this exploit, an attacker crafts a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. Keep up with the best new Windows 10 security features. |

CSO

CSO Engineering

How attackers could exploit breached T-Mobile user data

CSO Magazine

AUGUST 23, 2021

Related: The T-Mobile data breach: A timeline | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here These include SMS/text-based phishing, SIM swapping and unauthorized number porting.

Mobile

Mobile CSO Data breaches Phishing

Java deserialization vulnerabilities explained and how to defend against them

CSO Magazine

AUGUST 26, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here Many times, the same bugs can be triggered by remote attackers to achieve arbitrary code execution capability on the vulnerable system. Learn the 7 most common ways to fail at DevSecOps. |

CSO

What is cryptojacking? How to prevent, detect, and recover from it

CSO Magazine

MARCH 11, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here How much does a cyber attack really cost? Take a look at the numbers. |

CSO

CSO Cryptocurrency Cyber Attacks

Strategic risk analysis is key to ensure customer trust in product, customer-facing app security

CSO Magazine

APRIL 5, 2023

Assessing risk requires identifying baseline security criteria around key elements such as customer contracts and regulatory requirements, Neil Lappage, partner at LeadingEdgeCyber and ISACA member, tells CSO. To read this article in full, please click here

Risk

Risk CSO CISO Cybersecurity

The 15 biggest data breaches of the 21st century

CSO Magazine

JULY 16, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here How large cyberattacks of the future might become remains speculation, but as this list of the biggest data breaches of the 21 st Century indicates, they have already reached enormous magnitudes.

Data breaches

Data breaches Digital transformation CSO

Why you need a SaaS governance plan, and what should be in it

CSO Magazine

AUGUST 17, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here That plan includes a combination of compliance frameworks, documentation/due diligence and technical measures for ongoing monitoring and risk reduction. Follow these 5 tips for better cloud security. |

Government

Government CSO Risk

Unique TTPs link Hades ransomware to new threat group

CSO Magazine

JUNE 15, 2021

Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here Hades ransomware first appeared in December 2020 following attacks on a number of organizations, but to date there has been limited information regarding the perpetrators.

Ransomware

Ransomware CSO Malware

Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach

2022 CSO Hall of Fame honorees

Trending Sources

CSO Hall of Fame honorees

The CSO role today: Responsibilities and requirements for the top security job

The CSO guide to top security conferences, 2020

CSO's guide to the worst and most notable ransomware

CSO Global Intelligence Report: The State of Cybersecurity in 2021

Uber’s ex-CSO avoids prison after data breach cover up

I’m quoted in CSO Online article: 25 API Security Tips You’re Probably Not Considering

Most interesting products to see at RSA Conference 2023

Proposed bill would create a new federal agency to protect consumer data

What happened to the Lapsus$ hackers?

Threat intelligence programs poised for growth

How corporate data and secrets leak from GitHub repositories

TikTok resets the clock on security leadership

The future of work: Coming sooner than you think

4 most dangerous emerging ransomware threat groups to watch

What is an ISAC or ISAO? How these cyber threat information sharing organizations improve security

Mitre D3FEND explained: A new knowledge graph for cybersecurity defenders

How Marvel’s Avengers inspire Pinsent Masons CISO to adapt cybersecurity hiring

What is Magecart? How this hacker group steals payment card data

Insider risk management: Where your program resides shapes its focus

How to prepare your Windows network for a ransomware attack

Why today’s cybersecurity threats are more dangerous

Ransomware recovery: 8 steps to successfully restore from backup

REvil gang suddenly goes silent leaving victims unable to recover systems

IoT devices have serious security deficiencies due to bad random number generation

5 riskiest mobile apps

Apple plan to scan users’ iCloud photos raises new fears of government-mandated data access

7 steps to protect against ransomware-related lawsuits

9 types of computer virus and how they do their dirty work

Critical flaw in AI testing framework MLflow can lead to server and data compromise

Uber CISO's trial underscores the importance of truth, transparency, and trust

12 steps to building a top-notch vulnerability management program

Wave of native IIS malware hits Windows servers

Russia is fully capable of shutting down cybercrime

How to mitigate the Microsoft Office zero-day attack

How attackers could exploit breached T-Mobile user data

Java deserialization vulnerabilities explained and how to defend against them

What is cryptojacking? How to prevent, detect, and recover from it

Strategic risk analysis is key to ensure customer trust in product, customer-facing app security

The 15 biggest data breaches of the 21st century

Why you need a SaaS governance plan, and what should be in it

Unique TTPs link Hades ransomware to new threat group

Stay Connected