Advertisement

DDOS attack

New DDoS extortion attacks detected as Fancy Lazarus group returns

After operating under other names, Fancy Lazarus has fine-tuned its DDoS extortion campaigns, although with mixed results.


conference / convention / audience / applause / clapping

The CSO guide to top security conferences, 2021

Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.


keeping the cloud secure cloud security lock padlock private cloud

The shared responsibility model explained and what it means for cloud security

The shared responsibility model (SRM) delineates what you, the cloud customer is responsible for, and what your cloud service provider is responsible for.


Advertisement

Ransomware  >  A masked criminal ransoms data for payment.

CSO's guide to the worst and most notable ransomware

The ransomware gangs and their malware listed here have victimized millions of companies and caused billions of dollars in costs.


cubes - blocks - squares - containers - storage - repository

Siloscape malware escapes Windows containers to backdoor Kubernetes clusters

This newly discovered malware is the first to take advantage of an obscure Windows container escape technique to seek out and infect Kubernetes clusters.


Microsoft Windows security  >  Windows laptop + logo with binary lock and key

6 minimum security practices to implement before working on best practices

Every Windows network admin can improve their security posture by focusing on these six basic areas.


locked data / bitcoins

Feds seize $2.3 million in cryptocurrency wallet reportedly used in Colonial Pipeline ransomware attack

The successful seizure could encourage other victims to better cooperate with federal agencies and cause ransomware gangs to rethink their operations.


supply chain management controls - ERP - Enterprise Resource Planning

GAO calls out US government agencies: Get your supply chain security act together

The US Government Accounting Office tells Congress that federal agencies have largely ignored its supply chain risk management guidance for nearly ten years.


7 response plan be prepared are you ready typewriter

10 things to do now to reduce the cost of your next data breach

Taking these steps will save money, time, and reputation when that next breach hits.


cloud security expert casb binary cloud computing cloud security by metamorworks getty

CSPM explained: Filling the gaps in cloud security

Cloud security posture management (CSPM) provides threat intelligence, detection, and remediation for complex cloud environments.


Advertisement

bucket with holes breach security vulnerability

AWS access control confusion enables cross-account attacks

With flexibility comes confusion, misconfiguration, and exposure, researchers say.


USA / United States of America stars + stripes and binary code superimposed over The White House

Ransomware response: What CISOs really want from the federal government

What should the federal government's role and responsibility be regarding ransomware? Security leaders weigh in.


Money flows through a tunnel of binary code as a target hovers over a code bug.

5 questions to answer before jumping on the bug bounty bandwagon

Bug bounty programs can bolster your vulnerability management capabilities, but are you ready?


A Colonial Pipeline facility in Baltimore, Maryland, USA, 10 May 2021.

Colonial Pipeline take-away for CISOs: Embrace the mandates

The DarkSide attack on Colonial is yet another wake-up call for companies to harden their systems against ransomware. History suggests that might not happen despite new government guidance.


Digital Transformation [DX]  >  dandelion seeds blown by a virtual wind of change

The SolarWinds hack timeline: Who knew what, and when?

Impact, detection, response, and ongoing fallout from the attack on SolarWinds' Orion remote IT management software.