Advertisement
More top stories
Thousands of enterprise servers are running vulnerable BMCs, researchers find
According to analysis by firmware security firm Eclypsium, 7,799 HPE iLO (HPE's Integrated Lights-Out) server baseboard management controllers (BMCs) are exposed to the internet and most do not appear to be running the latest version...
Top cybersecurity M&A deals for 2022
The hot cybersecurity mergers and acquisition market continues into 2022 as vendors look to solidify their positions and expand their offerings.
New US CISO appointments, January 2022
Keep up with news of CSO, CISO, and other senior security executive appointments.
Advertisement
Security Recruiter Directory
To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.
FBI arrests social engineer who allegedly stole unpublished manuscripts from authors
The U.S. Department of Justice claims Filippo Bernardini leveraged knowledge gained by working at Simon & Schuster and other publishers to create fake identities and websites to steal intellectual property.
4 ways cybercriminals hide credential stuffing attacks
Cybercriminals adopt tactics to disguise credential stuffing activity and avoid basic prevention schemes like CAPTHCAs.
Microsoft touts first PCs to ship natively with secure Pluton chip
Along with thwarting malware, the Pluton chip handles BitLocker, Windows Hello, and System Guard and might help prevent physical insider attacks. The technology is also being used in Azure Sphere in the cloud.
Machine as insider threat: Lessons from Kyoto University’s backup data deletion
Kyoto University lost terabytes of data in a machine-as-an-insider scenario triggered by human error. Here are questions CISOs should ask to avoid a similar situation.
A 2022 checklist for protecting Microsoft 365 users and data
You have native options to better secure Microsoft 365. Use them effectively and you might save time and money spent on other solutions.
Cybercrime group Elephant Beetle lurks inside networks for months
Elephant Beetle specializes in stealing money from financial and commerce firms over an extended period of time while remaining undetected.
-
eBook
Sponsored -
eBook
Sponsored -
Video/Webcast
Sponsored -
White Paper
Advertisement
CISA sees no significant harm from Log4j flaws but worries about future attacks
The U.S. cybersecurity agency can't rule out that adversaries are using Log4j to gain persistent access to launch attacks later.
7 hot cybersecurity trends (and 2 going cold)
Is that security trend hot or not? From tools and technologies to threats and tactics, the numbers don't lie.
New Log4Shell-like vulnerability impacts H2 Java SQL database
Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk.
MITRE: To test and gain confidence in MSSPs, use ATT&CK framework
Companies have greater confidence in their own security teams than in MSSPs, according to a new survey. To better evaluate service provider capabilities, companies can apply techniques used by the ATT&CK (adversarial tactics,...
FTC, SEC raise legal risks surrounding the log4j flaw
The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities.
From Our Advertisers
-
![cso sponsored background]()
Featured Sponsor AkamaiFuture of Life Challenge: Compete for a slice of $1M to scale your big idea. -
![Game over]()
Sponsored by Akamai and AT&THow the Gaming Industry Can Play it Safe and Not Get Pwned -
![new year 2022 loading picture id1350426022]()
Sponsored by Fortinet5 Threats to Watch Out for in 2022 -
![fy22q3 idg post 9 new apache 4logj vulnerability 1200x800]()
Sponsored by NetscoutDetect and Remediate the Exploitation of the Log4j Vulnerability
