This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
Like most CSOs, Joe Sullivan was drawn to the role to help prevent cybercrimes. His role as CSO of Uber was something of a shift from his previous job prosecuting cybercriminals as an assistant US attorney, but closer to the tip of the cybersecurity spear. To read this article in full, please click here
Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT. [
Editor's note: This article, originally published on July 3, 2019, has been updated with a directory of ISACs and ISAOs.] Get the latest from CSO by signing up for our newsletters. ]. Get the latest from CSO by signing up for our newsletters. ]. To read this article in full, please click here ISAC and ISAO definition.
Sign up for CSO newsletters. ]. To read this article in full, please click here Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. Here are the 11 cybersecurity buzzwords and phrases that should be laid to rest in 2021.
In 2019, a CSOarticle raised the question “ Insider risk management — who’s the boss ?” To read this article in full, please click here Over the years I have hypothesized that where such IRM programs reside within an organization will have a material impact on its focus and possibly its overall effectiveness.
"Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised," Dan McInerney, a senior security engineer with cybersecurity startup Protect AI, told CSO. To read this article in full, please click here It's pretty brutal."
The article appeared originally on Medium here. By doing so, they not only improve retention but also strengthen their security posture, enabling their CISOs to thrive in an ever-changing threat landscape. Investing in the well-being, development, and empowerment of CISOs is not just a necessityit's a competitive advantage.
“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!
In this article, we're going to look at one specific aspect of the pen tester's trade: the tools they use to defeat their clients' defenses. To read this article in full, please click here For an in-depth look at what penetration testing entails, you'll want to read our explainer on the subject.
To read this article in full, please click here (Insider Story) Teresa Merklin specializes in cyber risk assessment and engineering for cyber resiliency.
To read this article in full, please click here (Insider Story) The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.
To read this article in full, please click here A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.
To read this article in full, please click here Consequently, the SolarWinds spyware infiltration , the Microsoft Exchange hack , and ransomware attacks launched by criminal gangs harbored by the Kremlin dominate headlines and drive nation-state cybersecurity responses.
This article will share reasons why ML has risen to such importance in cybersecurity, share some of the challenges of this particular application of the technology and describe the future that machine learning enables. To read this article in full, please click here
To read this article in full, please click here VMware’s 2022 Global Incident Threat Response Report shows a steady rise in extortionary ransomware attacks and BEC, alongside fresh jumps in deepfakes and zero-day exploits.
To read this article in full, please click here (Insider Story) Of course, that's every spy and cybercriminal's dream, but only ethical hackers, also known as white hat hackers or penetration testers, can feel sure that they'll get away with their break-ins.
To read this article in full, please click here “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware ,” Bitdefender said in a blog.
Meanwhile, CSOs also must help ensure their organizations are in compliance with new regulations. To read this article in full, please click here Remote work, virtual meetings, hybrid cloud networks , and SaaS adoption have all brought about complex IT infrastructures that are opening up new threat avenues.
To read this article in full, please click here The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight.
To read this article in full, please click here The soldiers stole 27 pieces of farm machinery and shipped them primarily to Chechnya, 700 miles away, only to discover they had been rendered inoperable due to a "kill switch."
To read this article in full, please click here Reliance on VPNs for remote access is putting enterprises at significant risk as social engineering , ransomware , and malware attacks continue to advance, exposing businesses to greater risk, according to a new report by cloud security company Zscaler.
To read this article in full, please click here At RSAC 2022, starting June 6, new product showcases are dominated by identity and access security, SaaS services and security operations center ( SOC ) enhancements. Here are some of the most interesting new products set to be shown at the show.
To read this article in full, please click here The findings indicate that when it comes to IAM in the cloud, organizations are struggling to put good governance in place. The report also identifies five attack groups that have been detected targeting cloud environments and reveals their attack methods.
To read this article in full, please click here "They're getting away from worrying about end results—a data breach or loss is an end result—and looking at the causes of those results (data access, misconfigurations, insecure applications) and taking control of them."
To read this article in full, please click here Phishing is the first step for all kinds of attacks, from stealing passwords to downloading malware that can provide a backdoor into a corporate network. The fight against phishing is a frustrating one, and it falls squarely onto IT's shoulders.
According to a SolarWinds spokesperson quoted in the CNN article: "We are cooperating in a long investigative process that seems to be progressing to charges by the SEC against our company and officers. Any potential action will make the entire industry less secure by having a chilling effect on cyber incident disclosure."
To read this article in full, please click here Researcher Felix Krause detailed how popular in-app browsers inject JavaScript code into third-party websites, granting host apps the ability to track certain interactions, including form inputs like passwords and addresses along with image/link clicks.
To read this article in full, please click here According to AppOmni, the misconfiguration resulted from a combination of customer-managed configurations and over-provisioning of permissions to guest users.
To read this article in full, please click here By examining these topics, the CSA said it aims to raise awareness of the potential threats and emphasize the need for robust security measures and responsible AI development.
To read this article in full, please click here "Since most of the cloud hosts run Linux, being able to compromise Linux-based platforms allows the attacker to access an enormous amount of resources or to inflict substantial damage through ransomware and wipers."
To read this article in full, please click here "All of this is happening unbeknownst to the owner of the computer. The goal is to grow the size of the botnet, which collectively can automate and expedite large attacks."
To read this article in full, please click here At the same time, other factors like customer satisfaction and worker happiness surged. This has led many organizations to declare that teleworking in some form would continue, even after the pandemic is defeated.
To read this article in full, please click here Here are eight unusual, unexpected, and relatively strange ways employees can accidently expose data, along with advice for addressing and mitigating the risks associated with them.
To read this article in full, please click here Europe's national privacy regulators said on Thursday that the decision came following discussions about recent enforcement action undertaken by the Italian data protection authority against OpenAI regarding its ChatGPT service.
To read this article in full, please click here "With the shifts in the cybersecurity landscape, 2022 has been a milestone year we will look back on when studying the history of when and why cybersecurity and digital trust were fused together," says Kory Daniels, CISO at Trustwave.
To read this article in full, please click here With Russia now controlling around 18% of Ukraine's territory including Donbas and Crimea, tech workers face formidable challenges. Air raid sirens blast all the time. Explosions are heard in the distance. Power and internet outages are common. Sometimes, code is written in a basement.
To read this article in full, please click here One of the most popular ways is spamming an employee whose credentials have been compromised with MFA authorization requests until they become annoyed and approve the request through their authenticators app.
To read this article in full, please click here Attacks started soon after, making the flaw a zero-day (unpatched) issue at the moment of exploitation. Apache has since released Log4j 2.15.0 which includes a fix.
To read this article in full, please click here Announced by Citrix on November 8, 2022, the vulnerability, identified as CVE-2022-27510 , allows for the potential bypass of authentication measures on two Citrix products: the Application Delivery Controller (ADC) and Gateway.
To read this article in full, please click here California already had a privacy law in place, the California Consumer Privacy Act (CCPA), adopted in 2018. It went into effect in January 2020, and enforcement officially began in July 2020.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content