Article and CSO - Cyber Security Informer

CVE Program Almost Unfunded

Schneier on Security

APRIL 16, 2025

” Ben Edwards, principal research scientist at Bitsight, told CSO, “My reaction is sadness and disappointment. ” More similar quotes in the article. We can’t score their severity or predict their exploitation. And we certainly wouldn’t be able to make the best decisions regarding patching them.”

CSO

CSO Government Software Cybersecurity

Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach

CSO Magazine

MAY 23, 2023

Like most CSOs, Joe Sullivan was drawn to the role to help prevent cybercrimes. His role as CSO of Uber was something of a shift from his previous job prosecuting cybercriminals as an assistant US attorney, but closer to the tip of the cybersecurity spear. To read this article in full, please click here

CSO

CSO CISO Cybercrime Cybersecurity

What is Magecart? How this hacker group steals payment card data

CSO Magazine

OCTOBER 21, 2021

Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT. [

CSO

CSO Data breaches Software

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

What is an ISAC or ISAO? How these cyber threat information sharing organizations improve security

CSO Magazine

JULY 26, 2022

Editor's note: This article, originally published on July 3, 2019, has been updated with a directory of ISACs and ISAOs.] Get the latest from CSO by signing up for our newsletters. ]. Get the latest from CSO by signing up for our newsletters. ]. To read this article in full, please click here ISAC and ISAO definition.

Cyber threats

Cyber threats CSO

11 cybersecurity buzzwords you should stop using right now

CSO Magazine

NOVEMBER 2, 2021

Sign up for CSO newsletters. ]. To read this article in full, please click here Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. Here are the 11 cybersecurity buzzwords and phrases that should be laid to rest in 2021.

Cybersecurity

Cybersecurity CSO Marketing Information Security

Insider risk management: Where your program resides shapes its focus

CSO Magazine

MAY 29, 2023

In 2019, a CSO article raised the question “ Insider risk management — who’s the boss ?” To read this article in full, please click here Over the years I have hypothesized that where such IRM programs reside within an organization will have a material impact on its focus and possibly its overall effectiveness.

Risk

Risk CSO Government

Why CISOs Are Stepping Away and What the Future Holds

SecureWorld News

DECEMBER 9, 2024

The article appeared originally on Medium here. By doing so, they not only improve retention but also strengthen their security posture, enabling their CISOs to thrive in an ever-changing threat landscape. Investing in the well-being, development, and empowerment of CISOs is not just a necessityit's a competitive advantage.

CISO

CISO Cyber threats Risk Cybersecurity

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection

Threat Detection Authentication Accountability Data breaches

11 penetration testing tools the pros use

CSO Magazine

DECEMBER 13, 2021

In this article, we're going to look at one specific aspect of the pen tester's trade: the tools they use to defeat their clients' defenses. To read this article in full, please click here For an in-depth look at what penetration testing entails, you'll want to read our explainer on the subject.

Penetration Testing

Lockheed’s Teresa Merklin: There’s no such thing as a quick fix

CSO Magazine

JANUARY 17, 2022

To read this article in full, please click here (Insider Story) Teresa Merklin specializes in cyber risk assessment and engineering for cyber resiliency.

Cyber Risk

Cyber Risk Engineering Risk

22 cybersecurity myths organizations need to stop believing in 2022

CSO Magazine

JANUARY 24, 2022

To read this article in full, please click here (Insider Story) The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.

CISO

CISO Cybersecurity Ransomware

ChatGPT creates mutating malware that evades detection by EDR

CSO Magazine

JUNE 6, 2023

To read this article in full, please click here A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.

Malware

Malware Cybersecurity

Cyberwar's global players—it's not always Russia or China

CSO Magazine

NOVEMBER 18, 2021

To read this article in full, please click here Consequently, the SolarWinds spyware infiltration , the Microsoft Exchange hack , and ransomware attacks launched by criminal gangs harbored by the Kremlin dominate headlines and drive nation-state cybersecurity responses.

Spyware

Spyware Ransomware Hacking Cybersecurity

BrandPost: The Future of Machine Learning in Cybersecurity

CSO Magazine

FEBRUARY 15, 2023

This article will share reasons why ML has risen to such importance in cybersecurity, share some of the challenges of this particular application of the technology and describe the future that machine learning enables. To read this article in full, please click here

Cybersecurity

Cybersecurity Big data IoT Internet

Ransomware, email compromise are top security threats, but deepfakes increase

CSO Magazine

AUGUST 8, 2022

To read this article in full, please click here VMware’s 2022 Global Incident Threat Response Report shows a steady rise in extortionary ransomware attacks and BEC, alongside fresh jumps in deepfakes and zero-day exploits.

Ransomware

Ransomware Cybersecurity

10 essential skills and traits of ethical hackers

CSO Magazine

OCTOBER 26, 2021

To read this article in full, please click here (Insider Story) Of course, that's every spy and cybercriminal's dream, but only ethical hackers, also known as white hat hackers or penetration testers, can feel sure that they'll get away with their break-ins.

Wells Notice Against SolarWinds CISO Could Be First of Its Kind

SecureWorld News

JUNE 26, 2023

According to a SolarWinds spokesperson quoted in the CNN article: "We are cooperating in a long investigative process that seems to be progressing to charges by the SEC against our company and officers. Any potential action will make the entire industry less secure by having a chilling effect on cyber incident disclosure."

CISO

CISO CSO Data privacy Cyber Risk

Social engineering explained: How criminals exploit human behavior

CSO Magazine

SEPTEMBER 16, 2021

To read this article in full, please click here Famous hacker Kevin Mitnick helped popularize the term 'social engineering' in the '90s, although the idea and many of the techniques have been around as long as there have been scam artists.

Social Engineering

Social Engineering Engineering Scams Passwords

Over 60,000 Android apps infected with adware-pushing malware

CSO Magazine

JUNE 7, 2023

To read this article in full, please click here “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware ,” Bitdefender said in a blog.

Adware

Adware Malware Banking Mobile

Top 8 cybersecurity predictions for 2022

CSO Magazine

JANUARY 6, 2022

Meanwhile, CSOs also must help ensure their organizations are in compliance with new regulations. To read this article in full, please click here Remote work, virtual meetings, hybrid cloud networks , and SaaS adoption have all brought about complex IT infrastructures that are opening up new threat avenues.

Digital transformation

Digital transformation Cybersecurity Technology

New vulnerabilities found in industrial control systems of major vendors

CSO Magazine

MARCH 23, 2023

To read this article in full, please click here The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight.

Cybersecurity

Remote bricking of Ukrainian tractors raises agriculture security concerns

CSO Magazine

MAY 26, 2022

To read this article in full, please click here The soldiers stole 27 pieces of farm machinery and shipped them primarily to Chechnya, 700 miles away, only to discover they had been rendered inoperable due to a "kill switch."

97% of enterprises say VPNs are prone to cyberattacks: Study

CSO Magazine

SEPTEMBER 26, 2022

To read this article in full, please click here Reliance on VPNs for remote access is putting enterprises at significant risk as social engineering , ransomware , and malware attacks continue to advance, exposing businesses to greater risk, according to a new report by cloud security company Zscaler.

Social Engineering

Social Engineering Engineering Risk Ransomware

Google launches entry-level cybersecurity certificate to teach threat detection skills

CSO Magazine

MAY 5, 2023

To read this article in full, please click here

Threat Detection

Threat Detection Cybersecurity Risk

Hottest new cybersecurity products at RSA 2022

CSO Magazine

JUNE 6, 2022

To read this article in full, please click here At RSAC 2022, starting June 6, new product showcases are dominated by identity and access security, SaaS services and security operations center ( SOC ) enhancements. Here are some of the most interesting new products set to be shown at the show.

Cybersecurity

FBI arrests social engineer who allegedly stole unpublished manuscripts from authors

CSO Magazine

JANUARY 13, 2022

To read this article in full, please click here

Social Engineering

Social Engineering Identity Theft Engineering

99% of cloud identities are overly permissive, opening door to attackers

CSO Magazine

APRIL 12, 2022

To read this article in full, please click here The findings indicate that when it comes to IAM in the cloud, organizations are struggling to put good governance in place. The report also identifies five attack groups that have been detected targeting cloud environments and reveals their attack methods.

Government

11 top cloud security threats

CSO Magazine

JULY 4, 2022

To read this article in full, please click here "They're getting away from worrying about end results—a data breach or loss is an end result—and looking at the causes of those results (data access, misconfigurations, insecure applications) and taking control of them."

Data breaches

9 tips to prevent phishing

CSO Magazine

JULY 25, 2022

To read this article in full, please click here Phishing is the first step for all kinds of attacks, from stealing passwords to downloading malware that can provide a backdoor into a corporate network. The fight against phishing is a frustrating one, and it falls squarely onto IT's shoulders.

Phishing

Phishing Passwords Malware

In-app browser security risks, and what to do about them

CSO Magazine

SEPTEMBER 6, 2022

To read this article in full, please click here Researcher Felix Krause detailed how popular in-app browsers inject JavaScript code into third-party websites, granting host apps the ability to track certain interactions, including form inputs like passwords and addresses along with image/link clicks.

Risk

Risk Data privacy Passwords

Nearly 70% of ServiceNow instances leaking data

CSO Magazine

MARCH 11, 2022

To read this article in full, please click here According to AppOmni, the misconfiguration resulted from a combination of customer-managed configurations and over-provisioning of permissions to guest users.

Internet

Internet Internet

5 ways threat actors can use ChatGPT to enhance attacks

CSO Magazine

APRIL 28, 2023

To read this article in full, please click here By examining these topics, the CSA said it aims to raise awareness of the potential threats and emphasize the need for robust security measures and responsible AI development.

Phishing

Phishing Cybersecurity

Linux malware is on the rise—6 types of attacks to look for

CSO Magazine

MAY 30, 2022

To read this article in full, please click here "Since most of the cloud hosts run Linux, being able to compromise Linux-based platforms allows the attacker to access an enormous amount of resources or to inflict substantial damage through ransomware and wipers."

Malware

Malware IoT Internet Internet

10 of the hottest new cybersecurity startups at RSA 2022

CSO Magazine

JUNE 2, 2022

To read this article in full, please click here

Cybersecurity

Cybersecurity Technology

What is a botnet? When infected devices attack

CSO Magazine

APRIL 4, 2022

To read this article in full, please click here "All of this is happening unbeknownst to the owner of the computer. The goal is to grow the size of the botnet, which collectively can automate and expedite large attacks."

DDOS

DDOS Internet Internet Malware

8 strange ways employees can (accidently) expose data

CSO Magazine

OCTOBER 4, 2022

To read this article in full, please click here Here are eight unusual, unexpected, and relatively strange ways employees can accidently expose data, along with advice for addressing and mitigating the risks associated with them.

Risk

Risk Phishing Passwords Cybersecurity

9 video chat apps compared: Which is best for security?

CSO Magazine

DECEMBER 16, 2021

To read this article in full, please click here At the same time, other factors like customer satisfaction and worker happiness surged. This has led many organizations to declare that teleworking in some form would continue, even after the pandemic is defeated.

Mobile

EU privacy regulators to create taskforce to investigate ChatGPT

CSO Magazine

APRIL 14, 2023

To read this article in full, please click here Europe's national privacy regulators said on Thursday that the decision came following discussions about recent enforcement action undertaken by the Italian data protection authority against OpenAI regarding its ChatGPT service.

Technology

14 lessons CISOs learned in 2022

CSO Magazine

DECEMBER 12, 2022

To read this article in full, please click here "With the shifts in the cybersecurity landscape, 2022 has been a milestone year we will look back on when studying the history of when and why cybersecurity and digital trust were fused together," says Kory Daniels, CISO at Trustwave.

CISO

CISO Data breaches Cybersecurity

Cybersecurity in wartime: how Ukraine's infosec community is coping

CSO Magazine

FEBRUARY 27, 2023

To read this article in full, please click here With Russia now controlling around 18% of Ukraine's territory including Donbas and Crimea, tech workers face formidable challenges. Air raid sirens blast all the time. Explosions are heard in the distance. Power and internet outages are common. Sometimes, code is written in a basement.

InfoSec

InfoSec Cybersecurity Internet Internet

Multi-factor authentication fatigue attacks are on the rise: How to defend against them

CSO Magazine

SEPTEMBER 22, 2022

To read this article in full, please click here One of the most popular ways is spamming an employee whose credentials have been compromised with MFA authorization requests until they become annoyed and approve the request through their authenticators app.

Authentication

Authentication Network Security Accountability

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

CSO Magazine

DECEMBER 10, 2021

To read this article in full, please click here Attacks started soon after, making the flaw a zero-day (unpatched) issue at the moment of exploitation. Apache has since released Log4j 2.15.0 which includes a fix.

Royal ransomware group actively exploiting Citrix vulnerability

CSO Magazine

JANUARY 13, 2023

To read this article in full, please click here Announced by Citrix on November 8, 2022, the vulnerability, identified as CVE-2022-27510 , allows for the potential bypass of authentication measures on two Citrix products: the Application Delivery Controller (ADC) and Gateway.

Cyber Insurance

Cyber Insurance Ransomware Insurance Authentication

Malware builder uses fresh tactics to hit victims with Agent Tesla RAT

CSO Magazine

SEPTEMBER 30, 2022

To read this article in full, please click here

Malware

Malware Cybersecurity

CVE Program Almost Unfunded

Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach

Webinars

Trending Sources

What is Magecart? How this hacker group steals payment card data

Webinars

What is an ISAC or ISAO? How these cyber threat information sharing organizations improve security

11 cybersecurity buzzwords you should stop using right now

Insider risk management: Where your program resides shapes its focus

Why CISOs Are Stepping Away and What the Future Holds

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

11 penetration testing tools the pros use

Lockheed’s Teresa Merklin: There’s no such thing as a quick fix

22 cybersecurity myths organizations need to stop believing in 2022

ChatGPT creates mutating malware that evades detection by EDR

Cyberwar's global players—it's not always Russia or China

BrandPost: The Future of Machine Learning in Cybersecurity

Ransomware, email compromise are top security threats, but deepfakes increase

10 essential skills and traits of ethical hackers

Wells Notice Against SolarWinds CISO Could Be First of Its Kind

Social engineering explained: How criminals exploit human behavior

Over 60,000 Android apps infected with adware-pushing malware

Top 8 cybersecurity predictions for 2022

New vulnerabilities found in industrial control systems of major vendors

Remote bricking of Ukrainian tractors raises agriculture security concerns

97% of enterprises say VPNs are prone to cyberattacks: Study

Google launches entry-level cybersecurity certificate to teach threat detection skills

Hottest new cybersecurity products at RSA 2022

FBI arrests social engineer who allegedly stole unpublished manuscripts from authors

99% of cloud identities are overly permissive, opening door to attackers

11 top cloud security threats

9 tips to prevent phishing

In-app browser security risks, and what to do about them

Nearly 70% of ServiceNow instances leaking data

5 ways threat actors can use ChatGPT to enhance attacks

Linux malware is on the rise—6 types of attacks to look for

10 of the hottest new cybersecurity startups at RSA 2022

What is a botnet? When infected devices attack

8 strange ways employees can (accidently) expose data

9 video chat apps compared: Which is best for security?

EU privacy regulators to create taskforce to investigate ChatGPT

14 lessons CISOs learned in 2022

Cybersecurity in wartime: how Ukraine's infosec community is coping

Multi-factor authentication fatigue attacks are on the rise: How to defend against them

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

Royal ransomware group actively exploiting Citrix vulnerability

Malware builder uses fresh tactics to hit victims with Agent Tesla RAT

Stay Connected