Category: CSO Online

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable…

Read more →

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the…

Read more →

Ransomware group BianLian has shifted the main focus of its attacks away from encrypting the files of its victims to focusing more on extortion as a means to extract payments from victims, according to cybersecurity firm Redacted. The shift in…

Read more →

The emergence of effective natural language processing tools such as ChatGPT means it’s time to begin understanding how to harden against AI-enabled cyberattacks. The natural language generation capabilities of large language models (LLMs) are a natural fit for one of…

Read more →

The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an…

Read more →

Microsoft released its monthly security bulletin this week, covering patches for over 80 vulnerabilities across its products. However, two of them had already been used by attackers before patches were released. One vulnerability affects all supported versions of Outlook for…

Read more →

A Russian hacktivist group has claimed to have breached the health management information system of India, which could contain the health data of millions of Indian citizens. “On 15 March 2023, CloudSek’s contextual AI digital risk platform XVigil discovered a…

Read more →

AI and machine learning (ML) capabilities present a huge opportunity for digital transformation but open yet another threat surface that CISOs and risk professionals will have to keep tabs on. Accordingly, CISOs will need to direct their teams to conduct…

Read more →

New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security…

Read more →

Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability…

Read more →

Cybersecurity vendor Palo Alto has announced new software-defined wide area network (SD-WAN) features in its Prisma SASE solution for IoT device security and to help customers meet industry-specific security compliance requirements. It has also announced advanced URL filtering for the…

Read more →

Cybercriminals have started taking advantage of Silicon Valley Bank’s (SVB) downfall to carrying out scams that can steal money, and bank account information, or infect customers’ systems with malware. SVB was shut down on March 10 by the California Department…

Read more →

Dell Technologies has added a slew of in-house as well as partnered capabilities to its security portfolio in a bid to beef up its capabilities in areas including threat security, management, and incident response. “Through ongoing innovation and a powerful…

Read more →

Malware has a way of grabbing all the attention in the media and keeping companies on their toes. The world watched as wipers were deployed to Ukrainian organizations after the Russian invasion of Ukraine, which marked the beginning of a…

Read more →

Edge computing is fast becoming an essential part of our future technology capabilities. According to a recent report, the global edge computing market is expected to grow at a compound annual growth rate of 38.9% from 2022 to 2030, reaching nearly…

Read more →

100% prevention is a myth and will never truly be accomplished. As attackers become more sophisticated and the attack surface grows exponentially, the security industry must pivot from a pure prevention ideology to include a focus on early detection and…

Read more →

What is extended detection and response (XDR)? There is a lot of confusion as to what XDR is, and some people are asking whether we simply ran out of letters for acronyms. Many are even thinking that XDR is a…

Read more →

CISO Nicole Darden Ford has become accustomed to doing more with less since the COVID-19 pandemic suddenly upended her company’s workforce. “I got off a plane from India and saw all these people with masks at the airport in Washington,…

Read more →

The number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022. That’s according to GitGuardian’s State of Secrets Sprawl 2023 report. It found that hard-coded…

Read more →

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the…

Read more →

Iron Tiger, an advanced persistent threat (APT) group, has updated their SysUpdate malware to include new features and add malware infection support for the Linux platform, according to a report by Trend Micro. The earliest sample of this version was…

Read more →

Undoubtedly, our industry needs to create more initiatives to attract a more diverse group of professionals—including women—to STEM-focused careers like cybersecurity. While we’ve collectively made some progress on this front, a great deal of work still needs to be done…

Read more →

Hewlett Packard Enterprise has agreed to buy cloud security services provider Axis Security, its third acquistion since January, to deliver a unified secure access service edge (SASE) offering. The acquisition is aimed at incorporating the Axis security service edge (SSE)…

Read more →

Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Following on the heels of a drought in IT talent came mass layoffs at many of the…

Read more →

It’s common for operational technology (OT) teams to connect industrial control systems (ICS) to remote control and monitoring centers via wireless and cellular solutions that sometimes come with vendor-run, cloud-based management interfaces. These connectivity solutions, also referred to as industrial…

Read more →

Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement.…

Read more →

Enterprises that use endpoint security and management technologies face a problem of growing marketplace “sprawl,” as new tools proliferate and options multiply, according to a study released today by the Enterprise Services Group. Between the ongoing influence of remote work…

Read more →

Researchers warn that a new threat actor has been targeting over a thousand organizations since October with the goal of deploying credential-stealing malware. The attack chain also involves reconnaissance components including a Trojan that takes screenshots of the desktops of…

Read more →

Security teams are comprised primarily of operations, compliance, and policy-related roles. Security engineering teams, on the other hand, are builders. They build services, automate processes, and streamline deployments to support the core security team and its stakeholders. Security engineering teams…

Read more →

The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure. While some may…

Read more →

Microsoft’s Digital Threat Analysis Center (DTAC) has attributed a recent influence operation targeting the satirical French magazine Charlie Hebdo to an Iranian nation-state actor. Microsoft dubbed the threat group, which calls itself Holy Souls, NEPTUNIUM. It has also been identified…

Read more →

Infrastructure protection vendor OPSWAT has announced the availability of its new MetaDefender Kiosk K2100 hardware, designed to provide a mobile option for users who want the company’s media-scanning capabilities to work in the field. OPSWAT’s MetaDefender line of kiosks is…

Read more →

Cybersecurity insurance firm Coalition has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures (CVEs) in 2023, a 13% increase over 2022. The predictions are a part of the company’s Cyber Threat Index, which was compiled using…

Read more →

By Microsoft Security Each year, Microsoft uses intelligence gained from trillions of daily security signals to create the Microsoft Digital Defense Report. Organizations can use this tool to understand their most pressing cyber threats and strengthen their cyber defenses to…

Read more →

A global ransomware attack has hit thousands of servers running the VMware ESxi hypervisor, with many more servers expected to be affected, according to national cybersecurity agencies and security experts around the world. The Computer Emergency Response Team of France…

Read more →

State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea’s Lazarus group used…

Read more →

Most UK IT leaders believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations. That’s according to a new study from BlackBerry, which surveyed 500 UK IT decision makers revealing that, while 60% of…

Read more →

Using a managed services provider to deliver SASE can streamline deployment and free up enterprise resources. This article has been indexed from CSO Online Read the original article: NTT, Palo Alto partner for managed SASE with AIOps

Read more →

Cybercrime is a growing scourge that transcends borders, spreading across the boundaries of virtually all the world’s nearly 200 nation-states. From ransomware attacks to rampant cryptocurrency theft, criminal exploitation of borderless digital systems threatens global economic security and the political…

Read more →

Researchers from cybersecurity firm Proofpoint claim to have discovered a new threat campaign involving malicious third-party OAuth apps that are used to infiltrate organizations’ cloud environments. According to a blog on the company’s website, threat actors satisfied Microsoft’s requirements for…

Read more →

Identity verification firm Trulioo on Tuesday launched a new global identity platform for “person” and “business” verification. Trulioo so far sold multiple identity products, each operating in their own silos. Their products and services range from person and business verification, to…

Read more →

The integration of open-source based Privacera into Dremio’s data lakehouse is designed to allow joint customer enterprises to manage and organize secure data access. This article has been indexed from CSO Online Read the original article: Privacera connects to Dremio’s…

Read more →

Guardz, a Tel Aviv-based startup promising a broad range of out-of-the-box cybersecurity solutions for small and medium-size businesses (SMBs), has announced both a successful $10 million round of seed funding and the broad availability of its flagship product. The premise…

Read more →

A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack Reference (OSC&R) initiative, led by…

Read more →

To illuminate the evolving digital threat landscape and help the cyber community understand today’s most pressing threats, we released our annual Microsoft Digital Defense Report. This year’s report focuses on five key topics: cybercrime, nation-state threats, devices and infrastructure, cyber-influence…

Read more →

The growth of the internet of things (IoT) and connected devices are the biggest contributing factors to organizations’ expanding attack surfaces. That’s according to a new report from Cisco AppDynamics, which revealed that 89% of global IT professionals believe their…

Read more →

Security resilience is top of mind for the vast majority of executives; 96% say its highly important to their business, according to the Cisco Security Outcomes Report, Volume 3. And with good reason: data breaches, ransomware, and other cyberattacks continue…

Read more →

The January patching window for your firm has probably come and gone. But has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These…

Read more →

The US Department of Justice (DOJ) has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act (FCPA) in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney…

Read more →

The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig.  While zero trust is a top priority, data showed that least…

Read more →

Despite the hoodie-wearing bad guy image, most hackers are bona fide security researchers protecting users by probing and testing the security configurations of digital networks and assets. Yet the law has often failed to distinguish between malicious hackers and good-faith…

Read more →

Application programming interfaces (APIs) have become a critical part of networking, programs, applications, devices, and nearly everything else in the computing landscape. This is especially true for cloud and mobile computing, neither of which could probably exist in its current…

Read more →

Only 37% of organizations responding to a recent Cisco survey said they’re confident they can remain resilient in the event of a worst-case security incident. That’s not surprising, given the rapidly increasing volume of endpoints distributed across complex IT architectures.…

Read more →

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions…

Read more →

The US Department of Justice (DOJ) along with international partners has taken down the Hive ransomware group. The operation that began in July 2022 resulted in the FBI penetrating Hive’s computer networks, capturing its decryption keys, and offering them to…

Read more →

Security researchers warn that an increasing number of attackers are using legitimate remote monitoring and management (RMM) tools in their attacks to achieve remote access and control over systems. These tools are commonly used by managed service providers (MSPs) and…

Read more →

The Microsoft Digital Defense Report explores the most pressing cyber threats as they relate to cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. Based on intelligence from 43 trillion security signals daily, this report offers insight and…

Read more →