Security Awareness

Security Awareness news, information, and how-to advice

dave northsec
cloud tools

othello iago

Social Engineering: Even Shakespeare understood security’s weakest link

What do Shakespearean tragedies and security issues have in common? Both are overwhelmingly the result of human error. Othello is one of Shakespeare's greatest plays, and Iago is one of literature’s first social engineers.

dugoni dental clinic horizontal

Hard-coded credentials placing dental offices at risk

One researcher says that customers using Henry Schein's Dentrix software have been unknowingly exposed to risk after the latest version shipped with a flaw that was supposed to have been patched two years ago. This was reported to...

starbucks sign

What every CSO should be doing now about the Starbucks potential hack

Don’t lose an opportunity to create a great teachable moment.

global network

Protecting our people from the risks of wanderlust

Let’s help give our people the tools they need to wander the world safely.

airplane interior

Security researcher's hack caused airplane to climb, FBI asserts

The FBI contends a cybersecurity researcher said he caused an airplane's engine to climb after hacking its software, according to a court document. The FBI interviewed him after he flew into Syracuse, New York, and seized his...

mobile payments

Five tips to comply with the new PCI requirements

At the end of June, merchants that accept payment cards have five new security requirements to comply with -- and significant fines and other costs if they don't

sony awareness

Awareness lessons from the Sony hack

As more information is disclosed from the Sony hack, it demonstrates that awareness concerns go well beyond phishing.

handing over keys
Q&A

Professional hackers talk social engineering threats and security awareness

With years of experience pen testing and human hacking, Chris Hadnagy and Dave Kennedy are experts at how social engineers work, and what techniques they use to successfully breach an organization. In this discussion with CSO Chief...

wordpress dot org

WordPress promises patch for zero-day "within hours"

In a statement on Monday, Matt Mullenweg, founder of Automattic and lead developer of WordPress, said that developers are working to address a recently disclosed XSS vulnerability in the popular CMS platform. A patch is expected in...

rsa conf 2015

RSAC 2015: RSA Conference (Day 4)

All this week, Salted Hash is in San Francisco for the annual RSA Conference (RSAC). Each day we'll update the blog with breaking news and other details from the show. Today we're going to talk about passwords.

rsa moscone south

RSAC 2015: RSA Conference (Day 3)

All this week, Salted Hash is in San Francisco for the annual RSA Conference (RSAC). Each day we'll update the blog with breaking news and other details from the show. For this post, we'll examine some recent news.

risk buzzwords

How CISOs can communicate risk to businesses

Veracode’s Chris Wysopal offers a tutorial at RSA on how to communicate risk managment at the C level.

rsa conf 2015

RSAC 2015: RSA Conference (Day 2)

All this week, Salted Hash is in San Francisco for the annual RSA Conference (RSAC). Each day we'll update the blog with breaking news and other details from the show. Today's post starts with a theme: Shadow IT.

rsa conf 2015

RSAC 2015: RSA Conference (Day 1)

All this week, Salted Hash is in San Francisco for the annual RSA Conference (RSAC). Each day we'll update the blog with breaking news and other details from the show. Today, we're examining the top hacking techniques of 2014 and...

isis fighter

ISIS online strategies and recruiting techniques

Ira Winkler and Araceli Treu Gomes investigate ISIS’ online activities and recruiting techniques.

Surveys: Employees at fault in majority of breaches

A company's own employees are a significant factor in the majority of data breaches, either through malicious activity or avoidable mistakes, say two new studies, but companies aren't doing enough to address this issue.

axis and allies

In a mock cyberattack, Deloitte teaches the whole business how to respond

While security and IT staffers typically are trained on dealing with breaches, staffers in other departments may not always be ready

shrugging woman

What’s next for your awareness program?

You’ve tried phishing simulations and Computer Based Training (CBT), and you still have incidents. You may think your program is successful, or useless. What are you going to do next?

Load More