Advertisement

ransomware breach hackers dark web

Conti ransomware explained: What you need to know about this aggressive criminal group

The Conti ransomware group is less likely to help victims restore encrypted files and more likely to leak exfiltrated data.


Insider threats  >  Employees suspiciously peering over cubicle walls

How disinformation creates insider threats

Employees who believe disinformation are more susceptible to social engineering and phishing campaigns, and attackers know it.


Russian hammer and sickle / binary code

Russian cyberspies target cloud services providers and resellers to abuse delegated access

A new Microsoft advisory claims Russia's Nobelium group is trying to gain long-term access to the technology supply chain and offers mitigation advice.


Advertisement

noops code developer devops html web developer by mazimusnd getty

NIST's new devsecops guidance to aid transition to cloud-native apps

The NIST guidance dives into technical and procedural nuances associated with implementing devsecops with cloud-native applications and microservices architectures.


cyber attack alert / data breach

5 steps to security incident response planning

Most firms will experience a breach or vulnerability that exposes sensitive data. Minimizing impact on business and reputation depends on having a strong response plan before an incident happens.


CSO > breakthrough / penetration testing / hammer breaking binary glass

10 essential skills and traits of ethical hackers

Learn just what it takes to snag this demanding and rewarding job.


certification education knowledge learning silhouette with graduation cap with abstract technology

Cheap and free cybersecurity training: 8 ways to build skills without breaking the bank

Whether you're finding bargains online or taking advantage of your own internal resources, you can keep your team up-to-date without writing a big check.


Allison Miller, CISO and vice president of trust, Reddit

Reddit’s Allison Miller builds trust through transparency

Miller joined the social media company in February 2021, assuming a range of responsibilities, from security and privacy to trust and safety, that reflect broadening of the CISO position itself—a role she summarizes as “keeping...


A binary mask.

How deepfakes enhance social engineering and authentication threats, and what to do about it

Cybercriminals are investing in deepfake technology to make social engineering and authentication bypass campaigns more effective. Here are strategies for defending against the most notable deepfake cyberthreats.


A man and woman sit on opposite sides of an office desk, in discussion.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.


Advertisement

Cyber insurance  >  Umbrella hub protecting connected devices + online activities in binary world.

Decline in ransomware claims could spark change for cyber insurance

New research indicates that ransomware attack and payment claims are in decline as resiliency takes priority for organizations.


API security alert / software development / application flow chart diagram

Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises

Researchers at Splunk outline a technique, pioneered by Salesforce, that could detect malicious activity in the software supply chain, but with some limitations.


ricardo lafosse Kraft Heinz

Kraft Heinz dishes up security transformation

For CISO Ricardo Lafosse, security modernization is the first order of business.


online shopping cart magecart hackers shopping online

What is Magecart? How this hacker group steals payment card data

Hacking groups that make up Magecart are effective and persistent at stealing customer and payment card data through skimmers. Here's how they work and what you can do to mitigate the risk.


browser security

New Windows browser security options and guidance: What you need to know

Microsoft has added new Edge update options and enhanced browser security modes, including a beta Super Duper Secure Mode.