CSO | Security news, features and analysis about prevention, protection and business innovation.

A stressed businessman with head in hand sits at a desk and computer in an office workspace.

The emotional stages of a data breach: How to deal with panic, anger, and guilt

Intense situations require both the security experts and stakeholders to be calm and focused, but that is easier said than done. This advice can help.

Andrada Fiscutean

Teresa Merklin, Fellow, Lockheed Martin Aeronautics

Lockheed’s Teresa Merklin: There’s no such thing as a quick fix

Forget the silver bullet; focus on cyber resiliency, advises the Lockheed Martin fellow.

Mary K. Pratt

A conceptual security grid of locks overlays a network / datacenter / server room.

Thousands of enterprise servers are running vulnerable BMCs, researchers find

According to analysis by firmware security firm Eclypsium, 7,799 HPE iLO (HPE's Integrated Lights-Out) server baseboard management controllers (BMCs) are exposed to the internet and most do not appear to be running the latest version...

Lucian Constantin

big data merger and acquisition big business smb

Top cybersecurity M&A deals for 2022

The hot cybersecurity mergers and acquisition market continues into 2022 as vendors look to solidify their positions and expand their offerings.

CSO staff

Conceptual image of a network of executives / silhouettes of executives in motion.

New US CISO appointments, January 2022

Keep up with news of CSO, CISO, and other senior security executive appointments.

CSO staff

A man and woman sit on opposite sides of an office desk, in discussion.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

CSO staff

The shadow of hand unsettlingly hovers over a keyboard.

FBI arrests social engineer who allegedly stole unpublished manuscripts from authors

The U.S. Department of Justice claims Filippo Bernardini leveraged knowledge gained by working at Simon & Schuster and other publishers to create fake identities and websites to steal intellectual property.

Christopher Burgess

Many keys, one lock > Brute-force credential stuffing.

4 ways cybercriminals hide credential stuffing attacks

Cybercriminals adopt tactics to disguise credential stuffing activity and avoid basic prevention schemes like CAPTHCAs.

Michael Hill

thinkstockphotos 499123970 laptop security

Microsoft touts first PCs to ship natively with secure Pluton chip

Along with thwarting malware, the Pluton chip handles BitLocker, Windows Hello, and System Guard and might help prevent physical insider attacks. The technology is also being used in Azure Sphere in the cloud.

Lucas Mearian

Machine as insider threat: Lessons from Kyoto University’s backup data deletion

Kyoto University lost terabytes of data in a machine-as-an-insider scenario triggered by human error. Here are questions CISOs should ask to avoid a similar situation.

Christopher Burgess

Popular Resources

View All

eBook
Sponsored

6 Ways SD-WAN Redefines Branch Office Networking

A 2022 checklist for protecting Microsoft 365 users and data

You have native options to better secure Microsoft 365. Use them effectively and you might save time and money spent on other solutions.

Susan Bradley

Cybercrime group Elephant Beetle lurks inside networks for months

Elephant Beetle specializes in stealing money from financial and commerce firms over an extended period of time while remaining undetected.

Lucian Constantin

Cybersecurity > abstract network of circuits data and lock

CISA sees no significant harm from Log4j flaws but worries about future attacks

The U.S. cybersecurity agency can't rule out that adversaries are using Log4j to gain persistent access to launch attacks later.

Cynthia Brumfield

hot and cold fire and ice clash temperature

7 hot cybersecurity trends (and 2 going cold)

Is that security trend hot or not? From tools and technologies to threats and tactics, the numbers don't lie.

Neal Weinberg

a hooded figure targets a coding vulnerability

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk.

Michael Hill

From Our Advertisers

cso online

Crisis management: Dealing with emotions during a data breach

Lockheed’s Teresa Merklin: There’s no such thing as a quick fix

7 hot cybersecurity trends (and 2 going cold)

The emotional stages of a data breach: How to deal with panic, anger, and guilt

Intense situations require both the security experts and stakeholders to be calm and focused, but that is easier said than done. This advice can help.

Lockheed’s Teresa Merklin: There’s no such thing as a quick fix

Forget the silver bullet; focus on cyber resiliency, advises the Lockheed Martin fellow.

Thousands of enterprise servers are running vulnerable BMCs, researchers find

According to analysis by firmware security firm Eclypsium, 7,799 HPE iLO (HPE's Integrated Lights-Out) server baseboard management controllers (BMCs) are exposed to the internet and most do not appear to be running the latest version...

Top cybersecurity M&A deals for 2022

The hot cybersecurity mergers and acquisition market continues into 2022 as vendors look to solidify their positions and expand their offerings.

New US CISO appointments, January 2022

Keep up with news of CSO, CISO, and other senior security executive appointments.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

FBI arrests social engineer who allegedly stole unpublished manuscripts from authors

The U.S. Department of Justice claims Filippo Bernardini leveraged knowledge gained by working at Simon & Schuster and other publishers to create fake identities and websites to steal intellectual property.

4 ways cybercriminals hide credential stuffing attacks

Cybercriminals adopt tactics to disguise credential stuffing activity and avoid basic prevention schemes like CAPTHCAs.

Microsoft touts first PCs to ship natively with secure Pluton chip

Along with thwarting malware, the Pluton chip handles BitLocker, Windows Hello, and System Guard and might help prevent physical insider attacks. The technology is also being used in Azure Sphere in the cloud.

Machine as insider threat: Lessons from Kyoto University’s backup data deletion

Kyoto University lost terabytes of data in a machine-as-an-insider scenario triggered by human error. Here are questions CISOs should ask to avoid a similar situation.

A 2022 checklist for protecting Microsoft 365 users and data

You have native options to better secure Microsoft 365. Use them effectively and you might save time and money spent on other solutions.

Cybercrime group Elephant Beetle lurks inside networks for months

Elephant Beetle specializes in stealing money from financial and commerce firms over an extended period of time while remaining undetected.

CISA sees no significant harm from Log4j flaws but worries about future attacks

The U.S. cybersecurity agency can't rule out that adversaries are using Log4j to gain persistent access to launch attacks later.

7 hot cybersecurity trends (and 2 going cold)

Is that security trend hot or not? From tools and technologies to threats and tactics, the numbers don't lie.

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk.