Tag: CSO Online

This article has been indexed from CSO Online Cyberespionage groups are exploiting a critical vulnerability patched earlier this month in ManageEngine ADSelfService Plus, a self-service password management and single sign-on (SSO) solution for Active Directory environments. The FBI, CISA and…

Read more →

This article has been indexed from CSO Online Ransomware is one of the fastest-growing cybersecurity attacks. One of the factors that makes these threats especially intimidating is that the costs can be far-reaching. An August 2021 report from security consultancy NCC…

Read more →

This article has been indexed from CSO Online It’s safe to say that my esteemed colleague Dave Gruber and I were following XDR before the term XDR existed.  Yup, we were heads down studying the SOC and a security platform…

Read more →

This article has been indexed from CSO Online 2021 is shaping up to be an active year for mergers and acquisitions in the cybersecurity industry. March alone saw more than 40 firms being acquired. The level of activity is driven…

Read more →

This article has been indexed from CSO Online Social engineering definition Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data. For example, instead of trying to find…

Read more →

This article has been indexed from CSO Online Tensions between IT teams and employees working from home threaten the security of organizations, with attempts to increase or update security for remote working regularly rebuffed in the name of business continuity.…

Read more →

This article has been indexed from CSO Online In most organizations, it is common for both the CISO and CIO to have responsibilities around cybersecurity—an issue increasingly pivotal to the effective running of any modern business. Clear, defined cybersecurity ownership…

Read more →

This article has been indexed from CSO Online Detecting compromises by highly skilled attackers is no easy task, requiring advanced network traffic monitoring, behavioral analysis of endpoint logs, and even dedicated threat hunting teams that manually search for signs of…

Read more →

This article has been indexed from CSO Online Creating a cybersecurity plan is the first step in starting secure and staying secure. Consider this when planning a budget, getting support from staff, and creating company goals. Here are the five…

Read more →

This article has been indexed from CSO Online The U.S. Department of Justice (DoJ) announced on 14 September a deferred prosecution agreement with two U.S. citizens and one former U.S. citizen who, on behalf of the United Arab Emirates (UAE),…

Read more →

This article has been indexed from CSO Online Steganography definition Steganography is a millennia-old concept that means hiding a secret message within an ordinary-looking file that doesn’t raise any suspicions. The word has Greek roots, being a combination of steganos,…

Read more →

This article has been indexed from CSO Online The US Cybersecurity and Infrastructure Security Agency (CISA) released a document called Risk Considerations for Managed Service Provider Customers. CISA acknowledges the role of network administrators, among others, in selecting an MSP.…

Read more →

This article has been indexed from CSO Online Basic cyber hygiene is the foundation for any good cybersecurity program. Tony Sager, CIS VP and Chief Evangelist, recently defined basic cyber hygiene as Implementation Group 1 (IG1) of the CIS Critical Security Controls,…

Read more →

This article has been indexed from CSO Online After the pandemic sent many employees home, the concept of work from anywhere was top of mind for many organizations transitioning their infrastructure to support this new model. However, even before the…

Read more →

This article has been indexed from CSO Online As companies move more and more of their infrastructure to the cloud, they’re forced to shift their approach to security. The security controls you need to put in place for a cloud-based…

Read more →

This article has been indexed from CSO Online It is no secret the locus for a great deal of the world’s cybercriminal activity lays within the boundaries of The Russian Federation. The  onslaught of ransomware attacks directed at non-Russian entities…

Read more →

This article has been indexed from CSO Online While the recent transition to a work-from-anywhere (WFA) business model may have been sudden, it certainly shouldn’t have caught anyone off guard. Organizations have been moving in this direction for a long…

Read more →

This article has been indexed from CSO Online Some of the biggest breaches have come down to small mistakes. Hackers used a compromised password to access the company network via a virtual private network in the May 2021 Colonial Pipeline…

Read more →

This article has been indexed from CSO Online As part of the Biden administration’s wide-ranging cybersecurity executive order (EO) issued in May, the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) issued three documents…

Read more →

This article has been indexed from CSO Online If you want to know what’s new in cybersecurity, watch what the startup vendors are doing. They typically begin with an innovative idea and are unfettered by an installed base and its…

Read more →

This article has been indexed from CSO Online President Biden’s cybersecurity Executive Order on Improving the Nation’s Cybersecurity has triggered massive buzz regarding software bills of material (SBOMs). While we advocate for improving software supply chain security through greater transparency regarding…

Read more →

This article has been indexed from CSO Online In most enterprise stacks today, the database is where all our secrets wait. It’s part safe house, ready room, and staging ground for the bits that may be intensely personal or extremely…

Read more →

This article has been indexed from CSO Online Microsoft Active Directory (AD), which handles identity management, reportedly holds 90% to 95% market share among fortune 500 companies. Given such broad adoption, it is no surprise that it is so heavily…

Read more →

This article has been indexed from CSO Online Microsoft’s revised hardware specifications for the upcoming Windows 11 release on October 5 don’t change the fact that I’m stuck on Windows 10 for most of the machines in my network. Microsoft…

Read more →

This article has been indexed from CSO Online If you do business with the Department of Defense (DoD), then the Cybersecurity Maturity Model Certification (CMMC) is known to you. The Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) approved the first…

Read more →

This article has been indexed from CSO Online The ATT&CK framework, developed by MITRE Corp., has been around for five years and is a living, growing document of threat tactics and techniques that have been observed from millions of attacks…

Read more →

This article has been indexed from CSO Online COVID-19 has changed the face of security forever. The perimeter defense model, which had been slowly crumbling, has now been shattered. Employees are working from home, many of them permanently. Applications are…

Read more →

This article has been indexed from CSO Online Our professional journey takes us through many doors as we enter and exit engagements. The hiring entity often spends an inordinate amount of time on process and acclimation onboarding new employees. The…

Read more →

This article has been indexed from CSO Online You’re interviewing candidates for a security analyst position. One is a history major with no formal technical experience. The other has an advanced degree in computer science, with a focus on cybersecurity,…

Read more →

This article has been indexed from CSO Online Hackers have started exploiting a critical remote code execution vulnerability that was patched recently in Atlassian Confluence Server and Data Center. Some of the attacks deploy cryptocurrency mining malware, but Atlassian products…

Read more →

This article has been indexed from CSO Online There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of…

Read more →

This article has been indexed from CSO Online This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Each entry includes a link to the full text of the law or regulation as well…

Read more →

This article has been indexed from CSO Online Cybersecurity has steadily crept up the agenda of governments across the globe. This has led to initiatives designed to address cybersecurity issues that threaten individuals and organizations. “Government-led cybersecurity initiatives are critical…

Read more →

This article has been indexed from CSO Online What is the CDPSE certification? The Certified Data Privacy Solutions Engineer (CDPSE) certification focuses on the implementation of privacy solutions, from both a technical and governance perspective. It is offered by ISACA, a…

Read more →

This article has been indexed from CSO Online If you didn’t think the agriculture and food sector is of national security significance, then the issuance of the Insider Risk Mitigation Guide by the National Counterintelligence and Security Center (NCSC) in…

Read more →

This article has been indexed from CSO Online If you have bought a single sign-on (SSO) product, how do you know that is operating correctly? That seems like a simple question, but answering it isn’t so simple. Configuring the automated…

Read more →

This article has been indexed from CSO Online The US Cybersecurity and Infrastructure Security Agency (CISA) has started a list of what it deems to be bad security practices. The two on the list so far instruct any organization that…

Read more →

This article has been indexed from CSO Online Thousands of organizations using the Cosmos DB service on Microsoft Azure need to regenerate their primary read-write keys after researchers found a vulnerability that would have given external attackers access to copy,…

Read more →

This article has been indexed from CSO Online What is a security engineer? A security engineer is a cybersecurity professional who helps develop and implement strategies and systems to protect their organization’s infrastructure from cyberattacks. This is a role in…

Read more →

This article has been indexed from CSO Online The unwanted attention attracted by ransomware attacks recently have caused several of the top cybercrime forums to ban ransomware discussions and transactions on their platforms earlier this year. While some hoped this…

Read more →

This article has been indexed from CSO Online Streamlined communications are key to efficiency. But for one large business focused on feeding the world, connecting and operating a myriad of locations is a core IT challenge. The company produces and…

Read more →

This article has been indexed from CSO Online A new ransomware threat called LockFile has been victimizing enterprises worldwide since July. Key to its success are a few new tricks that make it harder for anti-ransomware solutions to detect it.…

Read more →

This article has been indexed from CSO Online As part of the country’s growing scrutiny over the tech sector, China enacted on August 21 a sprawling and comprehensive data privacy law, the Personal Information Protection Law (PIPL), which goes into…

Read more →

This article has been indexed from CSO Online Enterprise-class password managers have become one of the easiest and most cost-effective ways to help employees lock down their online accounts. Most of the options were originally designed for individual users. Your…

Read more →

This article has been indexed from CSO Online Telecommunications giant T-Mobile has warned that information including names, dates of birth, US Social Security numbers (SSNs), and driver’s license/ID of some 50 million individuals comprising current, former, or prospective customers has…

Read more →

This article has been indexed from CSO Online Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next chief information security officer (CISO) or…

Read more →

This article has been indexed from CSO Online Ransomware has a long history, dating back to the late 1980s. Today, it’s generating billions of dollars in revenue for the criminal groups behind it. Victims incur recovery costs even if they…

Read more →

This article has been indexed from CSO Online Industry leaders from the technology, financial, and education sectors have pledged a wide range of private-sector initiatives to tackle the nation’s cybersecurity problems. Those efforts include increasing the cybersecurity talent pool, boosting…

Read more →

This article has been indexed from CSO Online The Java programming language offers a seamless and elegant way to store and retrieve data. However, without proper input validation and safeguards in place, your application can be vulnerable to unsafe deserialization…

Read more →

This article has been indexed from CSO Online The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO)…

Read more →

This article has been indexed from CSO Online As devops matures into devsecops, cultural obstacles continue to exert drag. Read the original article: Security blind spots persist as companies cross-breed security with devops

Read more →

This article has been indexed from CSO Online The recent cybersecurity symposium that aimed to “prove” the 2020 US election was a fraud made headlines not because of evidence found, but rather the absence of evidence. As I watched the…

Read more →

This article has been indexed from CSO Online The FBI is warning companies that a ransomware group calling itself OnePercent or 1Percent is leveraging the IceID Trojan and the Cobalt Strike backdoor to gain a foothold inside networks. Like many…

Read more →

This article has been indexed from CSO Online Intellectual property (IP) is the lifeblood of every organization. It didn’t used to be. As a result, now more than ever, it’s a target, placed squarely in the cross-hairs by various forms of…

Read more →

This article has been indexed from CSO Online New research from Palo Alto Networks’ Unit 42 has identified four emerging ransomware groups that have the potential to become bigger problems in the future. These are AvosLocker, Hive Ransomware, HelloKitty, and…

Read more →

This article has been indexed from CSO Online Wi-Fi 6E is a technical extension of the Wi-Fi 6 standard to deliver improved Wi-Fi capacity, less interference, and higher throughput. Introduced in January 2021 by the Wi-Fi Alliance, Wi-Fi 6E allows…

Read more →

This article has been indexed from CSO Online The Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS) has a new director, Jen Easterly. The Senate confirmed Easterly in July, with swearing taking place on August…

Read more →

This article has been indexed from CSO Online A truism among security professionals is that it’s a matter of when, not if a cyberattack will impact your business. This reality has certainly been on display in recent months, as several…

Read more →

This article has been indexed from CSO Online Kubernetes has become the de facto choice for container orchestration. Some studies report that up to 88% of organizations are using Kubernetes for their container orchestration needs and 74% of that occurring…

Read more →

This article has been indexed from CSO Online Telecommunications giant T-Mobile has warned that information including names, dates of birth, US Social Security numbers (SSNs), and driver’s license/ID of almost 50 million individuals comprising current, former, or prospective customers has…

Read more →

This article has been indexed from CSO Online T-Mobile has confirmed a data breach that impacted nearly 50 million people, including current, former and prospective subscribers. The exposed details differed across different types of customers, so the level of risk…

Read more →

This article has been indexed from CSO Online 2021 is shaping up to be an active year for mergers and acquisitions in the cybersecurity industry. March alone saw more than 40 firms being acquired. The level of activity is driven…

Read more →

This article has been indexed from CSO Online Reading a list of cybersecurity compliance frameworks is like looking at alphabet soup: NIST CSF, PCI DSS, HIPAA, FISMA, GDPR…the list goes on. It’s easy to be overwhelmed, and not only because…

Read more →

This article has been indexed from CSO Online The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The first CIS Benchmark was released in 2000. Today, there are more than 100 CIS…

Read more →

This article has been indexed from CSO Online Anyone who has ever traveled knows that bedbugs are the kiss of death for a hotel, and possibly the franchise, as no one likes to get bit. BlackBerry is hoping the analogy…

Read more →

This article has been indexed from CSO Online What is the CCSP certification? CCSP is a cloud-focused security certification for experienced security pros offered by the International Information System Security Certification Consortium, or (ISC)2. CCSP stands for Certified Cloud Security…

Read more →

This article has been indexed from CSO Online I am proud to say that the annual Life and Times of Cybersecurity Professionals report from ESG and ISSA is now available for free download.  As part of the research for this…

Read more →

This article has been indexed from CSO Online International ransomware gangs aren’t the only people after your enterprise’s money. Long after a ransomware attack fades into gloomy history, your organization could face another potentially devastating financial threat: lawyers filing action…

Read more →

This article has been indexed from CSO Online Do you feel like you are gaining in your ability to protect your data and your network? If you are like 80% of respondents to the Trend Micro’s biannual Cyber Risk Index…

Read more →

This article has been indexed from CSO Online New research from security firm Cato Networks has highlighted potential security risks surrounding the use of Amazon sidewalk and other consumer-grade services that connect to corporate networks due to a lack of…

Read more →

This article has been indexed from CSO Online Your information is at the crux of the issue of data sovereignty. Where is your information? Who has access to the information? Do you have control of your information in each country,…

Read more →

This article has been indexed from CSO Online SaaS adoption is far outpacing IaaS consumption. Despite that, organizations are focusing almost exclusively on infrastructure security. They must also consider a SaaS governance plan that implements security measures to reduce risk…

Read more →

This article has been indexed from CSO Online Security’s all-too-frequent appearance as a front-page headline making topic has put CISOs in the hot seat as CEOs and boards worry that it could be their names next in news stories trying…

Read more →

This article has been indexed from CSO Online The cybersecurity mantra at Jefferson Health is “if we can’t do it well, we’re not going to do it” says Mark Odom, CISO of the Philadelphia-based healthcare organization. Such an approach has…

Read more →

This article has been indexed from CSO Online The confidentiality and integrity assurances of modern communication protocols rely on algorithms that generate secret tokens that attackers cannot guess. These are used for authentication, encryption, access control and many other aspects…

Read more →

This article has been indexed from CSO Online With enterprise adoption of managed security services gradually maturing, the rewards and risks of using these services have become a lot clearer for current and potential customers. A recent survey by Forrester…

Read more →

This article has been indexed from CSO Online Every day, most of us leave trails of online breadcrumbs behind us, disconnected pieces of data that a determined sleuth could connect to learn about our activities and perhaps break through our…

Read more →

This article has been indexed from CSO Online According to a ransomware survey report released in June by Keeper Security, 49% of companies hit by ransomware paid the ransom—and another 22% declined to say whether they paid or not. Part…

Read more →

This article has been indexed from CSO Online Mentioning the phrase “shadow IT” to CISOs often results in an eye-roll or a grimace. As one who spent most of his adult life within government dealing with home-based IT capabilities that…

Read more →

This article has been indexed from CSO Online Security researchers warn that multiple groups are compromising Windows web servers and are deploying malware programs that are designed to function as extensions for Internet Information Services (IIS). Such malware was deployed…

Read more →

This article has been indexed from CSO Online Veronica Schmitt started to wear an implantable cardiac device when she was 19. A few years ago, although the small defibrillator appeared to be working properly, she felt sick. “I kept passing…

Read more →

This article has been indexed from CSO Online You are fully patched. You are fully secure, right? Well, not so fast. Several Microsoft issues may or may not receive a patch. Some are configuration issues that cannot be patched. On…

Read more →

This article has been indexed from CSO Online Organizations are looking to realize the promise of cloud computing, including faster time to market, increased responsiveness, and cost reductions. As part of this, many organizations use two or more clouds to…

Read more →

This article has been indexed from CSO Online Every chief security executive knows that one of the most important—and perhaps challenging—aspects of the job is getting the funding needed to support the cybersecurity program. The person handing the decision making…

Read more →

This article has been indexed from CSO Online Certified Ethical Hacker (CEH) is an early-career certification for security pros who want to demonstrate that they can assess weaknesses in target systems, using techniques often associated with hackers to help identify…

Read more →

This article has been indexed from CSO Online A firestorm emerged on Friday and raged during the weekend over Apple’s new “Expanded Protections for Children,” a series of measures across Apple’s platforms aimed at cracking down on child sexual abuse…

Read more →

This article has been indexed from CSO Online It’s one thing to cook up a great new initiative, but making it happen requires powers of persuasion, solid partnerships, and access to genuine technical insight. Read the original article: Real IT…

Read more →

This article has been indexed from CSO Online Lena Smart makes the perfect pitch for being a CISO. She talks up the multitude of good opportunities in the field and points to the plethora of interesting challenges that come with…

Read more →

This article has been indexed from CSO Online Government-sponsored hackers, who carry out cyberespionage campaigns, invest more resources than ever to find new ways of attacking the cloud. One of their preferred targets is Microsoft 365, previously called Office 365,…

Read more →

This article has been indexed from CSO Online Secure configurations are a key best practice for limiting an organization’s cyber vulnerabilities. Since applications, hardware, and technology systems typically ship with default settings, it’s important to review and implement recommended guidance.…

Read more →

This article has been indexed from CSO Online Jen Easterly, the freshly installed head of the Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA), unveiled yesterday a new federal initiative called the Joint Cyber Defense Collaborative (JCDC)…

Read more →

This article has been indexed from CSO Online There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of…

Read more →

This article has been indexed from CSO Online If you want to know what’s new in cybersecurity, watch what the startup vendors are doing. They typically begin with an innovative idea and are unfettered by an installed base and its…

Read more →

This article has been indexed from CSO Online Earlier this week, the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA)  issued a joint document entitled Kubernetes Hardening Guidance. Kubernetes is an open-source orchestration system that…

Read more →

This article has been indexed from CSO Online Earlier this week, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA)  issued a joint document entitled Kubernetes Hardening Guidance. Kubernetes is an open-source orchestration system that relies…

Read more →

This article has been indexed from CSO Online In the guidance issued by the Cybersecurity and Infrastructure Security Agency (CISA) in April 2021 on securing one’s supply chain, a portion of the guidance was dedicated to the threat vector posed…

Read more →

This article has been indexed from CSO Online The 5th annual Life and Times of Cybersecurity Professionals report from ESG and the Information Systems Security Association (ISSA) provides valuable insight into the challenges cybersecurity pros  face, how they see themselves…

Read more →

This article has been indexed from CSO Online Hybrid IT environments — multiple clouds, edge, on-premises infrastructure, a distributed workforce — are putting the old approach to network security to the extreme test. The traditional centralized approach via MPLS and…

Read more →

This article has been indexed from CSO Online There is considerable interest in going passwordless and adopting biometric authentication for application access. According to a recent survey by Cisco: 52% of IT decision makers are actively considering passwordless solutions 79%…

Read more →

This article has been indexed from CSO Online Reading a list of cybersecurity compliance frameworks is like looking at alphabet soup: NIST CSF, PCI DSS, HIPAA, FISMA, GDPR…the list goes on. It’s easy to be overwhelmed, and not only because…

Read more →