Advertisement
MITRE ATT&CK, VERIS frameworks integrate for better incident insights
The MITRE ATT&CK/VERIS collaboration aims to create a common dictionary for communicating information about security incidents.
Seven strategies for building a great security team
The dangers of a dysfunctional security team are easy to imagine, ranging from difficulty attracting and retaining talent to putting your organization at risk. These seven steps can make a world of difference.
Security Recruiter Directory
To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.
Advertisement
Breach reporting required for health apps and devices, FTC says
A new policy statement makes it clear that the US Federal Trade Commission will hold healthcare app and device makers accountable for reporting data breaches.
10 top API security testing tools
Application programming interfaces have become a favorite target for attackers. These tools and platforms (both commercial and open source) will help identify errors, vulnerabilities, and excessive permissions.
Exchange Autodiscover feature can cause Outlook to leak credentials
A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers. Here’s what companies can do now to...
Yes, the FBI held back REvil ransomware keys
The ransomware keys might have been acquired by an ally, which would invoke the third-party doctrine where the decision to release was not the FBI's alone.
US cryptocurrency exchange sanctions over ransomware likely not the last
The sanctions are aimed to cut ransomware gangs off from their revenue. Advisory on sanctions risks regarding ransomware payments also updated.
How to mitigate the Microsoft Office zero-day attack
Follow this advice to block malicious Office files from doing harm to your network even if you've implemented Microsoft's recommended actions.
Software cybersecurity labels face practical, cost challenges
The federal government wants consumer software to have cybersecurity labels; experts question the feasibility of the mandate.
-
eBook
Sponsored -
eBook
Sponsored -
eGuide
Sponsored -
eGuide
Sponsored
Advertisement
The Kaseya ransomware attack: A timeline
REvil's ransomware attack on software provider Kaseya underscored the threats to supply chains that ransomware groups pose. Here is an up-to-date timeline of the attack.
Biden sanctions Suex cryptocurrency exchange to stifle ransomware payments
In the wake of significant ransomware attacks, President Biden has sanctioned cryptocurrency exchange Suex in a clear attempt to prevent ransomware payments.
The new math of cybersecurity value
An increasing number of CISOs are devising a new set of metrics to show how they’re impacting risk at their organizations.
CRISC certification: Your ticket to the C-suite?
Certified in Risk and Information Systems Control (CRISC) is a certification that focuses on enterprise IT risk management. Learn about the exam, prerequisites, study guides, and potential salary.
APT actors exploit flaw in ManageEngine single sign-on solution
US government agencies urge immediate action to look for indicators of compromise and, if found, take recommended steps to mitigate.
From Our Advertisers
-
![HP Wolf Security]()
Featured Sponsor HP Wolf SecurityThe Need for Endpoint Security Rooted In Zero Trust -
![Ecommerce]()
Sponsored by AkamaiWhich Online Shopping Experience Should I Try Today? -
![zero trust security model secured network picture id1313494602 2]()
Sponsored by FortinetZero Trust Needs to Play Well with Others -
![istock 1274394138]()
Sponsored by OktaTrust Transformation – Creating a Robust Security Culture Built for Tomorrow’s
