Advertisement

Digital Transformation [DX]  >  dandelion seeds blown by a virtual wind of change

The SolarWinds hack timeline: Who knew what, and when?

Impact, detection, response, and ongoing fallout from the attack on SolarWinds' Orion remote IT management software.


A man and woman sit on opposite sides of an office desk, in discussion.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.


Multifactor authentication  >  Mobile phone verification of a permission request for laptop login.

Hacking 2FA: 5 basic attack methods explained

As two-factor authentication becomes more widespread, criminals seek novel ways to subvert it. Here's what you need to know.


Advertisement

CSO  >  secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms

Top cybersecurity M&A deals for 2021

The cybersecurity market is hot, and vendors are buying competitors to solidify their position or acquiring other firms to expand their offerings.


CSO > Invalidated cyber insurance

17 cyber insurance application questions you'll need to answer

Recent high-profile security incidents have tightened requirements to qualify for cyber insurance. These are the tougher questions insurance carriers are now asking.


phishing threat

What are phishing kits? Web components of phishing attacks explained

A phishing kit is the back-end to a phishing attack. It's the final step in most cases, where the criminal has replicated a known brand or organization.


light string in a jar at sunset / lightbulbs / ideas / innovation / brainstorming

Defining linchpins: An industry perspective on remediating Sunburst

The concept of linchpin software can be useful in assessing risk and focusing security efforts, but it comes with challenges.


Social engineering / social media security / privacy breach / fraud

How cybercriminals turn ‘harmless’ stolen or leaked data into dollars

By merging data from multiple sources, cybercriminals can build profiles of hacked account owners to enable other attacks or increase the effectiveness of social engineering campaigns.


A virtual checkmark in digital system / standards / quality control / certification / certificates

HITRUST explained: One framework to rule them all

HITRUST is a cybersecurity framework that seeks to unify the rules for many other existing regulatory and industry frameworks, including HIPAA, GDPR, PCI-DSS, and more.


malware attack

6 most common types of software supply chain attacks explained

Not all software supply chain attacks are the same. Here are the methods attackers currently use to corrupt legitimate software through third parties.


Advertisement

binary cyberattack cybersecurity hacked protected

SolarWinds attacker Nobelium targets over 150 companies in new mass email campaign

The Russian state-sponsored group has shifted to targeted email attacks that exploit third-party services.


data pipeline primary

TSA’s pipeline cybersecurity directive is just a first step experts say

The new, hastily announced security directive requires US pipeline companies to appoint a cybersecurity coordinator and report possible breaches within 12 hours.


hands hold a string of lightbulbs hands at sunset / ideas / brainstorming / invention / innovation

CIO Think Tank Roadmap Report: Reinventing IT

As companies accelerate out of pandemic disruption, how can IT meet increasing demands — and reap unprecedented benefits? In a series of virtual roundtables, dozens of IT leaders offered key insights about the road ahead.


Conceptual image of a network of executives / silhouettes of executives in motion.

New US CISO appointments, May 2021

Keep up with news of CSO, CISO and other senior security executive appointments.


Many keys, one lock  >  Brute-force credential stuffing.

Credential stuffing explained: How to prevent, detect, and defend against it

Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts.