Security Leadership

Security Leadership news, information, and how-to advice

Security certification
colored flags

drupal7

Advisory says to assume all Drupal 7 websites are compromised

If your organization uses Drupal, you might have a serious problem on your hands. On October 15, Drupal urged users to apply an update that fixed a SQL Injection flaw. However, unless that patch was installed within seven hours,...

bsides2014

BSides Toronto 2014

This year the conference is bigger, better, faster and...well, still one day in length but, we have an awesome line up.

stethoscope

The real problem with passwords? We only treat symptoms

The sustained chorus and friction over the problems with passwords only reveals symptoms, not the problem itself. Building a better solution starts with clearly defining the challenge.

boardroom

The evolution of the CISO role and organizational readiness

If we look at the headlines surrounding recent data breaches, we might conclude that the role of the chief information security officer (CISO) has never been more critical to the success and sustained well-being of an organization.

shellshock
In Depth

Report: Criminals use Shellshock against mail servers to build botnet

Targeting message transfer agents (MTAs), mail delivery agents (MDAs), and spam filters, criminals are using Shellshock as a means to create botnets. The process is slow, but working, thanks to a variety of server software that...

business piggy bank

For big raises in IT, look to mobile, security, big data

More women will enter the technology workforce in the coming years as they use IT jobs to land business positions, a report said

CSO seeks feedback for reader survey

CSO invites you to participate in our brief survey to find out more about our readers

Internet of Things

Industry can head off IoT privacy rules, former US official says

Connected devices raise new concerns about personal data

Microsoft sign closeup

Microsoft warns of new Zero-Day attack

On Tuesday, Microsoft issued an advisory warning of a new Zero-Day vulnerability that impacts all supported versions of their Windows operating system, except Windows Server 2003. The software giant also confirmed targeted attacks...

china icloud

China attacks lead Apple to alert users on iCloud threats

China has allegedly staged the attack, according to an anti-censorship group.

standing out

5 non-traditional hiring tips for InfoSec

The majority of companies surveyed – 70 percent – says their IT security departments were understaffed.

darts bullseye

If attackers only need to be lucky once, we need better guidance

Under the guise that attackers only need to be “lucky” one time, we offer too much guidance and get too few results. It is time to change.

os x yosemite spotlight

Apple's Yosemite OS shares Spotlight search terms by default

An engineer who's studied the new OS criticized its privacy settings

dropbox phishing

Dropbox used for Phishing expedition

Symantec says they've recently uncovered a Phishing scam targeting Dropbox users, where many of the elements needed to complete the scam are being hosted on Dropbox directly. Such a move helps lower resistance and bypass some network...

stem students

The Paradox of STEM Training

Recent statistics seem to point to an overabundance of STEM graduates, and yet there is negative unemployment in some tech careers. Why the discrepancy between supply and demand?

poodle at play

Dreaded SSLv3 bug no monster, only a POODLE

On Tuesday, Google's Bodo Möller, along with fellow researchers Thai Duong and Krzysztof Kotowicz, disclosed the existence of a vulnerability in SSLv3, which allows the plaintext of secure connections to be calculated by an attacker...

Cisco advises users to lock down WebEx to prevent snooping

A security researcher found potentially sensitive meetings open for anyone to join

symantec logo

Analysts react to Symantec split announcement

On Thursday, Symantec said that it would separate into two business units; one that focuses entirely on security, while the other sticks to information management. Symantec's announcement follows similar ones from Hewlett-Packard and...

Load More