Advertisement

Election security / vulnerabilities

CISA’s Krebs seeks more measured approach to election security heading into 2020

The Cybersecurity and Infrastructure Security Agency director says overhyped concern is a problem, while election officials say they reap the benefits of improved communications.


Blurred silhouettes amid abstract technology.

What a security career will look like in five years

Get ready for ‘BISOs’ in the business, security positions on the customer experience team, and AI taking over cyber jobs – but in a good way.


network security / network traffic scanning

3 ways to improve PC security

Insider Pro columnist Jack Gold writes that organizations must focus on three key areas if they want to protect their PCs -- and ultimately the entire organization -- from security breaches.


Advertisement

programming code development split screen display
IDG Contributor Network

Lessons learned through 15 years of SDL at work

In short? Security Development Lifecycle is all about the developers...


CSO slideshow - Insider Security Breaches - Flag of China, binary code

Senator Warner seeks "grand alliance" to protect against surveillance threat from China’s tech dominance

The senator believes Chinese companies will be required to aid surveillance of the US, especially as 5G networks roll out.


Selecting the right people.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.


Admission tickets in an digital network / access / admittance / authorization / authentication

What is OAuth? How the open authorization framework works

OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets. It is widely accepted, but be aware of its vulnerabilities.


Fraud / deception / social engineering  >  A wolf in sheep's clothing in a binary environment.

10 signs you're being socially engineered

Scammers will try to trick you and your organization's users into giving up credentials or other sensitive date. Be skeptical if you see any of these signs.


DDOS attack

Misconfigured WS-Discovery in devices enable massive DDoS amplification

Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.


Botnet Trouble / Botnet army

Secrets of latest Smominru botnet variant revealed in new attack

Researchers gained access to a Smominru command-and-control server to get details on compromised devices and scope of the attack.


Advertisement

Credential theft  > A thief steals a password.

How to detect and halt credential theft via Windows WDigest

Attackers can steal user credentials by enabling credential caching in the Windows authentication protocol WDigest. Here's how to stop them.


Two business people shake hands with a third at a meeting, surrounded by question marks.

6 questions candidates should ask at every security job interview

The cybersecurity skills shortage means security pros can be picky about where they work. Here's how to suss out bad employers.


Blue Hexagon network security

Review: Blue Hexagon may make you rethink perimeter security

This fully functional, fully trained cybersecurity tool is ready on day 1 to spot threats on whatever network it’s charged with protecting.


Email encryption  >  A key + a three-dimensional 'at' symbol bearing a series of locks.

The top 5 email encryption tools: More capable, better integrated

Most of the email encryption solution vendors have broadened the scope of their products to include anti-phishing, anti-spam, and data loss prevention (DLP).


golden egg / nest / numbers / precious value / worth / growth

Three strategies to prove security's value

How CISOs can identify and quantify security’s value in real dollars