Advertisement

Tech Spotlight   >   Analytics [CSO]   >   An image of a bottle of poison emanating binary code.

SEO poisoning campaign directs search engine visitors from multiple industries to JavaScript malware

The sophisticated campaign sends victims looking for business forms and templates to sites containing malicious files.


A man and woman sit on opposite sides of an office desk, in discussion.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.


optus store provided by optus media centre

A third of Australian population likely affected in Optus cyberattack

Breached information includes names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver's licence or passport numbers.


Advertisement

ransomware attack

Ransomware operators might be dropping file encryption in favor of corrupting files

Corrupting files is faster, cheaper, and less likely to be stopped by endpoint protection tools than encrypting them.


A man with an umbrella appears waist-deep in water against a city skyline. [multiple-exposure]

D&O insurance not yet a priority despite criminal trial of Uber’s former CISO

The cost is too high and the risk too low to offer CISOs directors-and-officers insurance at many companies. Protective governance policies might make more sense.


Multifactor authentication  >  A mobile phone displays a digital key to a lock on a user's laptop.

Multi-factor authentication fatigue attacks are on the rise: How to defend against them

LAPSUS$ is just one cybercriminal group that has breached networks of large companies such as Uber and Microsoft by spamming employees with MFA authentication requests.


prisoner jail crime

Former Broadcom engineer gets eight months in prison for trade secrets theft

Peter Kisang Kim admitted to stealing Broadcom data related to its Trident family of network switching and cloud networking chipsets, while working for a Chinese startup.


cso security access granted breach hack identity theft gettyimages 1191670668 by reklamlar 2400x160

Report: The state of secure identity 2022

New research from Okta’s Auth0 access management platform found that credential stuffing and fraudulent registration attacks are on the rise.


A multitude of arrows pierce a target. [numerous attacks / quantity / severity]

Top 5 attack surface challenges related to security operations

The growing attack surface is extending the security/software developer gap, increasing vulnerabilities, and slowing security investigations.


ransomware attack

Ransomware is (slightly) on the decline, cyberinsurance company says

While ransomware attacks remain highly dangerous, data from a prominent insurer suggests that their frequency and severity is beginning to decline.


Advertisement

shutterstock 1459422656 padlock with keyhole icon in personal data security illustrates cyber data

CrowdStrike adds XDR, other capabilites across 4 key security products

CrowdStrike is adding XDR (extended detection and response) features to Falcon Insight, and a raft of enhancement to CrowdStrike Cloud Security, Humio and Falcon Discover.


Profile photo of a developer / programmer reviewing code on monitors in his workspace.

Palo Alto adds software composition analysis to Prisma Cloud to boost open-source security

Palo Alto Networks has added a new SCA solution to Prisma Cloud to help developers safely use open-source software components. The vendor has also introduced a software bill of materials.


A conceptual representation of accessing username and password credentials.

Uber links cyberattack to LAPSUS$, says sensitive user data remains protected

Attacker likely bought employee account credentials on the dark web and then escalated privileges to access internal tools.


SAP sign

Most common SAP vulnerabilities attackers try to exploit

Unpatched systems, misconfigurations and vulnerable custom code are making SAP environments a top target for cyberattacks.


Woman executive with security lock

A third of enterprises globally don’t prioritize digital trust: ISACA

There are significant gaps between what enterprises are doing and what they should do to earn customer trust in their digital ecosystems, according to information systems security group ISACA.