Advertisement

hsm shredder

IT asset disposal is a security risk CISOs need to take seriously

Sensitive company and personal data often leaves organizations on disposed devices. An auditable chain of custody that shows data destruction is essential for any ITAD program.


A group discussion takes place in a glass conference room, in a busy office workspace.

Tabletop exercises explained: Definition, examples, and objectives

A tabletop exercise is an informal, discussion-based session in which a team or discusses their roles and responses during an emergency, walking through one or more example scenarios.


technology debt drowning in debt piggy bank by romolo tavani hudiem getty images

7 ways technical debt increases security risk

Shoddily developed and deployed projects can leave your enterprise vulnerable to attacks. Here's how to stop technical debt from sending your organization to the cyber-poorhouse.


Advertisement

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

10 old software bugs that took way too long to squash

As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time.


Cybersecurity awareness  >  A man with a binary blindfold finds his way through question marks.

Report: Active Directory Certificate Services a big security blindspot on enterprise networks

Microsoft's Active Directory PKI component commonly have configuration mistakes that allow attackers to gain account and domain-level privileges.


healthcare data breach / medical patient privacy security violation

5 biggest healthcare security threats for 2021

Healthcare organizations can expect ransomware, botnets, cloud misconfigurations, web application attacks, and phishing to be their top risks.


A hook is cast at laptop email with fishing lures amid abstract data.

4 steps to prevent spear phishing

Your users are in the crosshairs of the best attackers out there. Follow these steps to better protect them.


CSO  >  Searching for vulnerabilities  >  Magnifying lens in a virtual interface idnetifies weakness

Thousands of publicly accessible VMware vCenter Servers vulnerable to critical flaws

With proofs of concept public, attackers are likely exploiting this vulnerability weeks after patches were released.


ransomware breach hackers dark web

Unique TTPs link Hades ransomware to new threat group

New research exposes details of Gold Winter threat group that links it to the infamous Hades ransomware.


Insider threats  >  Employees suspiciously peering over cubicle walls

Security firm COO indicted for allegedly aiding hospital's attackers: What CSOs should know

A grand jury has indicted Securolytics COO Vikas Singla for allegedly helping attackers access Gwinnett Medical Center's phone system and printers. This breach of trust presents a dilemma for CISOs.


Advertisement

Microsoft Windows security  >  Windows laptop + logo with binary lock and key

Best new Windows 10 security features: Improvements to Intune, Windows Defender Application Guard

Here's what you need to know about each security update to Windows 10 as they roll out from Microsoft. Now updated for the 21H1 feature release.


Tech Spotlight   >   Cloud [IFW / Overview]   >   Clouds reflected in a towering modern skyscraper.

The great cloud computing surge

Driven in part by the pandemic, cloud computing adoption has reached new heights. These five articles take a close look at the implications.


United States Capitol building / United States Congress / abstract security concept

US Congress tees up ambitious cybersecurity agenda in the wake of supply chain, ransomware attacks

Roughly 115 cybersecurity-related bills are working their way through the legislative process, in many cases with bipartisan support.


Tech Spotlight   >   Cloud [CSO]   >   Conceptual image of laptop users with cloud security overlay.

AWS, Google Cloud, and Azure: How their security features compare

Each cloud platform differs in the security tools and features it offers customers to help them protect their cloud assets.


DDOS attack

New DDoS extortion attacks detected as Fancy Lazarus group returns

After operating under other names, Fancy Lazarus has fine-tuned its DDoS extortion campaigns, although with mixed results.