Tag: CSO Online

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable…

Read more →

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the…

Read more →

Ransomware group BianLian has shifted the main focus of its attacks away from encrypting the files of its victims to focusing more on extortion as a means to extract payments from victims, according to cybersecurity firm Redacted. The shift in…

Read more →

The emergence of effective natural language processing tools such as ChatGPT means it’s time to begin understanding how to harden against AI-enabled cyberattacks. The natural language generation capabilities of large language models (LLMs) are a natural fit for one of…

Read more →

The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an…

Read more →

Microsoft released its monthly security bulletin this week, covering patches for over 80 vulnerabilities across its products. However, two of them had already been used by attackers before patches were released. One vulnerability affects all supported versions of Outlook for…

Read more →

A Russian hacktivist group has claimed to have breached the health management information system of India, which could contain the health data of millions of Indian citizens. “On 15 March 2023, CloudSek’s contextual AI digital risk platform XVigil discovered a…

Read more →

AI and machine learning (ML) capabilities present a huge opportunity for digital transformation but open yet another threat surface that CISOs and risk professionals will have to keep tabs on. Accordingly, CISOs will need to direct their teams to conduct…

Read more →

New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security…

Read more →

Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability…

Read more →

Cybersecurity vendor Palo Alto has announced new software-defined wide area network (SD-WAN) features in its Prisma SASE solution for IoT device security and to help customers meet industry-specific security compliance requirements. It has also announced advanced URL filtering for the…

Read more →

Cybercriminals have started taking advantage of Silicon Valley Bank’s (SVB) downfall to carrying out scams that can steal money, and bank account information, or infect customers’ systems with malware. SVB was shut down on March 10 by the California Department…

Read more →

Dell Technologies has added a slew of in-house as well as partnered capabilities to its security portfolio in a bid to beef up its capabilities in areas including threat security, management, and incident response. “Through ongoing innovation and a powerful…

Read more →

Malware has a way of grabbing all the attention in the media and keeping companies on their toes. The world watched as wipers were deployed to Ukrainian organizations after the Russian invasion of Ukraine, which marked the beginning of a…

Read more →

Edge computing is fast becoming an essential part of our future technology capabilities. According to a recent report, the global edge computing market is expected to grow at a compound annual growth rate of 38.9% from 2022 to 2030, reaching nearly…

Read more →

100% prevention is a myth and will never truly be accomplished. As attackers become more sophisticated and the attack surface grows exponentially, the security industry must pivot from a pure prevention ideology to include a focus on early detection and…

Read more →

What is extended detection and response (XDR)? There is a lot of confusion as to what XDR is, and some people are asking whether we simply ran out of letters for acronyms. Many are even thinking that XDR is a…

Read more →

CISO Nicole Darden Ford has become accustomed to doing more with less since the COVID-19 pandemic suddenly upended her company’s workforce. “I got off a plane from India and saw all these people with masks at the airport in Washington,…

Read more →

The number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022. That’s according to GitGuardian’s State of Secrets Sprawl 2023 report. It found that hard-coded…

Read more →

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the…

Read more →

Iron Tiger, an advanced persistent threat (APT) group, has updated their SysUpdate malware to include new features and add malware infection support for the Linux platform, according to a report by Trend Micro. The earliest sample of this version was…

Read more →

Undoubtedly, our industry needs to create more initiatives to attract a more diverse group of professionals—including women—to STEM-focused careers like cybersecurity. While we’ve collectively made some progress on this front, a great deal of work still needs to be done…

Read more →

Hewlett Packard Enterprise has agreed to buy cloud security services provider Axis Security, its third acquistion since January, to deliver a unified secure access service edge (SASE) offering. The acquisition is aimed at incorporating the Axis security service edge (SSE)…

Read more →

Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Following on the heels of a drought in IT talent came mass layoffs at many of the…

Read more →

It’s common for operational technology (OT) teams to connect industrial control systems (ICS) to remote control and monitoring centers via wireless and cellular solutions that sometimes come with vendor-run, cloud-based management interfaces. These connectivity solutions, also referred to as industrial…

Read more →

Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement.…

Read more →

Enterprises that use endpoint security and management technologies face a problem of growing marketplace “sprawl,” as new tools proliferate and options multiply, according to a study released today by the Enterprise Services Group. Between the ongoing influence of remote work…

Read more →

Researchers warn that a new threat actor has been targeting over a thousand organizations since October with the goal of deploying credential-stealing malware. The attack chain also involves reconnaissance components including a Trojan that takes screenshots of the desktops of…

Read more →

Security teams are comprised primarily of operations, compliance, and policy-related roles. Security engineering teams, on the other hand, are builders. They build services, automate processes, and streamline deployments to support the core security team and its stakeholders. Security engineering teams…

Read more →

The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure. While some may…

Read more →

Microsoft’s Digital Threat Analysis Center (DTAC) has attributed a recent influence operation targeting the satirical French magazine Charlie Hebdo to an Iranian nation-state actor. Microsoft dubbed the threat group, which calls itself Holy Souls, NEPTUNIUM. It has also been identified…

Read more →

Infrastructure protection vendor OPSWAT has announced the availability of its new MetaDefender Kiosk K2100 hardware, designed to provide a mobile option for users who want the company’s media-scanning capabilities to work in the field. OPSWAT’s MetaDefender line of kiosks is…

Read more →

Cybersecurity insurance firm Coalition has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures (CVEs) in 2023, a 13% increase over 2022. The predictions are a part of the company’s Cyber Threat Index, which was compiled using…

Read more →

By Microsoft Security Each year, Microsoft uses intelligence gained from trillions of daily security signals to create the Microsoft Digital Defense Report. Organizations can use this tool to understand their most pressing cyber threats and strengthen their cyber defenses to…

Read more →

A global ransomware attack has hit thousands of servers running the VMware ESxi hypervisor, with many more servers expected to be affected, according to national cybersecurity agencies and security experts around the world. The Computer Emergency Response Team of France…

Read more →

State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea’s Lazarus group used…

Read more →

Most UK IT leaders believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations. That’s according to a new study from BlackBerry, which surveyed 500 UK IT decision makers revealing that, while 60% of…

Read more →

Using a managed services provider to deliver SASE can streamline deployment and free up enterprise resources. This article has been indexed from CSO Online Read the original article: NTT, Palo Alto partner for managed SASE with AIOps

Read more →

Cybercrime is a growing scourge that transcends borders, spreading across the boundaries of virtually all the world’s nearly 200 nation-states. From ransomware attacks to rampant cryptocurrency theft, criminal exploitation of borderless digital systems threatens global economic security and the political…

Read more →

Researchers from cybersecurity firm Proofpoint claim to have discovered a new threat campaign involving malicious third-party OAuth apps that are used to infiltrate organizations’ cloud environments. According to a blog on the company’s website, threat actors satisfied Microsoft’s requirements for…

Read more →

Identity verification firm Trulioo on Tuesday launched a new global identity platform for “person” and “business” verification. Trulioo so far sold multiple identity products, each operating in their own silos. Their products and services range from person and business verification, to…

Read more →

The integration of open-source based Privacera into Dremio’s data lakehouse is designed to allow joint customer enterprises to manage and organize secure data access. This article has been indexed from CSO Online Read the original article: Privacera connects to Dremio’s…

Read more →

Guardz, a Tel Aviv-based startup promising a broad range of out-of-the-box cybersecurity solutions for small and medium-size businesses (SMBs), has announced both a successful $10 million round of seed funding and the broad availability of its flagship product. The premise…

Read more →

A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack Reference (OSC&R) initiative, led by…

Read more →

To illuminate the evolving digital threat landscape and help the cyber community understand today’s most pressing threats, we released our annual Microsoft Digital Defense Report. This year’s report focuses on five key topics: cybercrime, nation-state threats, devices and infrastructure, cyber-influence…

Read more →

The growth of the internet of things (IoT) and connected devices are the biggest contributing factors to organizations’ expanding attack surfaces. That’s according to a new report from Cisco AppDynamics, which revealed that 89% of global IT professionals believe their…

Read more →

Security resilience is top of mind for the vast majority of executives; 96% say its highly important to their business, according to the Cisco Security Outcomes Report, Volume 3. And with good reason: data breaches, ransomware, and other cyberattacks continue…

Read more →

The January patching window for your firm has probably come and gone. But has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These…

Read more →

The US Department of Justice (DOJ) has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act (FCPA) in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney…

Read more →

The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig.  While zero trust is a top priority, data showed that least…

Read more →

Despite the hoodie-wearing bad guy image, most hackers are bona fide security researchers protecting users by probing and testing the security configurations of digital networks and assets. Yet the law has often failed to distinguish between malicious hackers and good-faith…

Read more →

Application programming interfaces (APIs) have become a critical part of networking, programs, applications, devices, and nearly everything else in the computing landscape. This is especially true for cloud and mobile computing, neither of which could probably exist in its current…

Read more →

Only 37% of organizations responding to a recent Cisco survey said they’re confident they can remain resilient in the event of a worst-case security incident. That’s not surprising, given the rapidly increasing volume of endpoints distributed across complex IT architectures.…

Read more →

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions…

Read more →

The US Department of Justice (DOJ) along with international partners has taken down the Hive ransomware group. The operation that began in July 2022 resulted in the FBI penetrating Hive’s computer networks, capturing its decryption keys, and offering them to…

Read more →

Security researchers warn that an increasing number of attackers are using legitimate remote monitoring and management (RMM) tools in their attacks to achieve remote access and control over systems. These tools are commonly used by managed service providers (MSPs) and…

Read more →

The Microsoft Digital Defense Report explores the most pressing cyber threats as they relate to cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. Based on intelligence from 43 trillion security signals daily, this report offers insight and…

Read more →

This article has been indexed from CSO Online In his book The Context Marketing Revolution: How to Motivate Buyers in the Age of Infinite Media, author Mathew Sweezey (who also heads up market strategy at Salesforce) argues that the key…

Read more →

This article has been indexed from CSO Online Software composition analysis definition Software composition analysis (SCA) refers to obtaining insight into what open-source components and dependencies are being used in your application, and how—all in an automated fashion. This process…

Read more →

This article has been indexed from CSO Online Lucky for cyber criminals, but not so lucky for enterprise security pros: There’s a quick and easy way to get started in cybercrime known as dropper-as-a-service (DaaS). Sophos researchers recently uncovered evidence…

Read more →

This article has been indexed from CSO Online The degree of damage an attack can generate isn’t limited to the initial channel of infection. Threats that take hold on a user’s device or via the core network tend to spread…

Read more →

This article has been indexed from CSO Online 5G, or 5th generation mobile networks, is among the most talked about technologies. At a high level, it promises to connect virtually any entity spanning devices, objects, and machines. 5G improves on…

Read more →

This article has been indexed from CSO Online It’s no secret that the global pandemic increased opportunities for threat actors and cybercriminals to target financial services. Throughout 2020, scammers used the economic tension caused by COVID-19 — the promise of…

Read more →

This article has been indexed from CSO Online There are many reasons for the ongoing success of the TV show Shark Tank. Among them: We love to hear big ideas and see them get the support that will bring them…

Read more →

This article has been indexed from CSO Online Why is now such a crucial period for businesses to innovate to meet higher levels of employee and customer expectations? That was the question we posed to the IDG Influencer Network, a…

Read more →

This article has been indexed from CSO Online What are the key characteristics of successful online experiences? And what features or capabilities are innovative companies using to deliver these digital interactions? We asked the IDG Influencer Network — a community…

Read more →

This article has been indexed from CSO Online You’ve got your computer science degree from a prestigious university, a couple of security certifications that you earned the summer after you graduated, and almost a year’s experience working with a set…

Read more →

This article has been indexed from CSO Online Protecting consumers and their data while providing a good shopping experience has always been a challenge for retailers. Security measures such as multifactor authentication or challenge questions create friction in the buying…

Read more →

This article has been indexed from CSO Online The risk of cybercrime is not spread equally across the globe. Cyberthreats differ widely, with internet users in some countries at much higher risk than those in nations that offer more security…

Read more →

This article has been indexed from CSO Online REvil is a ransomware-as-a-service (RaaS) operation that has extorted large amounts of money from organizations worldwide over the past year. Its name stands for Ransomware Evil and was inspired by the Resident…

Read more →

This article has been indexed from CSO Online 2021 is shaping up to be an active year for mergers and acquisitions in the cybersecurity industry. March alone saw more than 40 firms being acquired. The level of activity is driven…

Read more →

This article has been indexed from CSO Online From a cybersecurity standpoint, organizations are operating in a high-risk world. The ability to assess and manage risk has perhaps never been more important. “Having a risk management framework is essential, because…

Read more →

This article has been indexed from CSO Online Despite all the promises of secure access service edge (SASE), some challenges lie ahead for organizations looking to adopt and implement SASE technologies and practices in a hybrid cloud environment. These include…

Read more →

This article has been indexed from CSO Online Security researchers have uncovered serious vulnerabilities in the TCP/IP stack of a real-time operating system (RTOS) called Nucleus that’s used in safety-critical devices across many industry verticals. The flaws, discovered by researchers…

Read more →

This article has been indexed from CSO Online A friend recently traveled to Iceland and came back with the knowledge that the country is a key hub for Bitcoin mining due to its cheap thermal energy source. Your computer or…

Read more →

This article has been indexed from CSO Online Secrets stored in Git repositories have been a thorn in the side of developers and a go-to source for attackers for a long time. Ensuring that sensitive information is stored appropriately and…

Read more →

This article has been indexed from CSO Online Last week, the Pentagon announced version 2.0 of its controversial and complex Cybersecurity Maturity Model Certification (CMMC). The CMMC is a training, certification and third-party assessment framework for defense industrial base (DIB)…

Read more →

This article has been indexed from CSO Online Almost four decades have passed since the release of Brain, one of the first computer viruses that traveled the world. Since then, we’ve witnessed a wide range of attacks: Stuxnet destroyed almost…

Read more →

This article has been indexed from CSO Online It didn’t take long for the White House’s ransomware initiative to be fruitful, as evidenced by the successful international law enforcement efforts targeting members of the Sodinokibi/REvil criminal enterprise. The Department of…

Read more →

This article has been indexed from CSO Online Cyber criminals, always a clever lot, have found a new way to evade detection when deploying malware.  It’s known as “intermittent encryption” and researchers from Sophos recently discovered Lockfile encrypts alternate bundles…

Read more →

This article has been indexed from CSO Online Cybersecurity would be a lot easier if you had a magic crystal ball that could see what attackers were going to do in the future and the approaches they might take. Obviously,…

Read more →

This article has been indexed from CSO Online Mobility and remote work have transformed the modern business landscape, as well as the security risks organizations, users and devices are facing today. Threat actors are hard at work creating new threats…

Read more →

This article has been indexed from CSO Online The metaverse. It’s kind of a big deal. It’s even hit the point where major news outlets are writing about it. But what is it? And why should a CSO care about…

Read more →

This article has been indexed from CSO Online While the Democrats in the Senate wrestle to achieve enough votes to pass President Biden’s nearly 1,700-page social spending-oriented Build Back Better Bill, much funding earmarked for cybersecurity hangs in the balance.…

Read more →

This article has been indexed from CSO Online Security is part of the sales pitch for GitHub. To read this article in full, please click here (Insider Story) Read the original article: GitHub’s Mike Hanley: Today’s CISOs have to be…

Read more →

This article has been indexed from CSO Online Change isn’t coming—it’s rapidly underway for many government agencies and public sector organizations. Driving that change is the ever-present threat of ransomware and recent cybersecurity initiatives that have bubbled up in response.…

Read more →

This article has been indexed from CSO Online You asked. We delivered. You can now view Microsoft 365 detections and investigate threats directly in the Reveal(x) 360 console. Security tool sprawl introduces friction into your investigations, slows down your threat…

Read more →

This article has been indexed from CSO Online What is the ALPACA attack? The application layer protocol content confusion attack (ALPACA) was first disclosed in June and presented at Black Hat USA 2021. To understand ALPACA, it’s helpful to understand how TLS…

Read more →

This article has been indexed from CSO Online As NETSCOUT’s 1H 2021 Threat Intelligence Report shows, the long tail of cybercrime innovation swept through the lockdown days of the COVID-19 pandemic to infiltrate the bulk of 2021. The vulnerabilities introduced by the global…

Read more →

This article has been indexed from CSO Online It seems as if each day brings more harrowing stories about DDoS attacks that have been waged against enterprises, with each attack seemingly lasting longer and costing more than the ones before.…

Read more →

This article has been indexed from CSO Online There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of…

Read more →

This article has been indexed from CSO Online Security researchers demonstrated an attack chain against Nagios, a popular open-source IT management and monitoring solution, that combined multiple vulnerabilities to achieve remote code execution. The report highlights the privileged position that…

Read more →

This article has been indexed from CSO Online Graylog is extending its SIEM (security information and event management) software with anomaly detection and user entity behavior analytics (UEBA) to provide organizations with a software suite that combines and streamlines security…

Read more →

This article has been indexed from CSO Online The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a wide-ranging mandate, a Binding Operational Directive (BOD 22-01), for all civilian federal agencies “to drive urgent and prioritized…

Read more →

This article has been indexed from CSO Online The longest six hours in Facebook’s history took place on October 4, 2021, as Facebook and its sister properties went dark. The social network suffered a catastrophic outage. The only silver lining…

Read more →

This article has been indexed from CSO Online Late last year, a group believed to be Russia’s Cozy Bear (APT29) successfully compromised SolarWinds’ Orion update software, turning it into a delivery vehicle for malware. Nearly 100 customers of the popular…

Read more →

This article has been indexed from CSO Online The UK Cyber Security Council is the self-regulatory body for the UK’s cybersecurity profession. It develops, promotes and stewards standards for cybersecurity in support of the UK Government’s national cybersecurity strategy. A…

Read more →

This article has been indexed from CSO Online Attackers are now using more “interesting” platforms and methods to gain access to our networks, especially with cloud platforms. OneDrive, OneNote, SharePoint, and Sharefile can all host malicious files. Google and Amazon…

Read more →

This article has been indexed from CSO Online The Google Play store has become better in recent years at policing malware, raising the bar for attackers, but well-crafted stealthy Trojans continue to slip in from time to time. Such is…

Read more →

This article has been indexed from CSO Online Endpoints have become the preferred target for cybercriminals today, as more corporate users and devices operate at home and beyond the protection of traditional security controls. In fact, according to a 2020…

Read more →