CSO | Security news, features and analysis about prevention, protection and business innovation.

Impersonation / disguise / fraud / false identity / identity theft

Mitek launches MiVIP platform to fight identity theft

The Mitek Verified Identity Platform can leverage multiple authentication technologies to provide security across the transaction lifecycle.

John P. Mello Jr.

Italian spyware firm is hacking into iOS and Android devices, Google says

RCS Lab spyware uses known exploits to install harmful payloads and steal private user data, according to a Google report.

Shweta Sharma

A hand controls a small marionette. [control / manipulation / social engineering]

5 social engineering assumptions that are wrong

Cybercriminals continue to launch creative social engineering attacks to trick users. Meanwhile, social engineering misconceptions are exacerbating the risks of falling victim.

Michael Hill

Security startups to watch for 2022

Security startups are often innovation leaders. These are some of the most interesting ones to watch as they tackle issues around cloud security, asset management and more.

CSO staff

CSO Australia roundtable: No more weekend war rooms - Shift from reactive to proactive security

21 July 2022

Hyde Hacienda, Sydney

Cyber attackers worldwide are displaying an increasing level of sophistication. This is a major issue for Australian CISOs and their teams who often lack the resources required to deal with more frequent and complex attacks by well-resourced cyber criminals. At the same time, legacy security operations centres (SOCs) are dealing with an unmanageable volume of alerts. This leads to ‘alert fatigue’ that slows key processes down and makes it easier to miss potentially significant issues that could be buried in the noise. Hiring an army of security engineers to deal with these challenges is also expensive and doesn’t scale. Join CSO Australia’s associate editor, Byron Connolly, and senior executives from Palo Alto Networks for this exclusive, invitation-only roundtable discussion, ‘No more weekend war rooms: Shift from reactive to proactive security.’

Kaseya closes $6.2 billion Datto deal, vows to cut prices

The IT services software provider promises lower costs for consumers, tight integration between the two companies’ products.

Jon Gold

Cisco reports vulnerabilities in products including email and web manager

New vulnerabilities found in Cisco internal testing allow remote access and scripting that could lead to the loss of sensitive user data.

Shweta Sharma

10 cloud security breach virtualization wireless

Palo Alto adds out-of-band web application security features to Prisma Cloud

Vendor says new updates will help organizations better monitor and secure web applications without impacting performance.

Michael Hill

Insider threats > Employees suspiciously peering over cubicle walls

MITRE's Inside-R Protect goes deep into the behavior side of insider threats

The new Inside-R program looks to collect historical insider threat data to more deeply analyze behaviors that signal risk.

Christopher Burgess

Industry 4.0 / Industrial IoT / Smart Factory / Tablet control of robotics automation.

Dozens of insecure-by-design flaws found in OT products

The OT:ICEFALL report shows that makers of operational technology manufacturers have to improve the security of their devices.

Lucian Constantin

Industry 4.0 / Industrial IoT / Smart Factory

Microsoft includes IoT devices under its Secured-core program

The Edge Secured-core, program is designed to validate IoT devices for specific security hardware technology, and ensure users that they are running an OS with built-in security technology.

Shweta Sharma

API security alert / software development / application flow chart diagram

How the Secure Software Factory Reference Architecture protects the software supply chain

This breakdown of the Cloud Native Computing Foundation's secure software factory guidance focuses on software provenance and build activities.

Chris Hughes

How Microsoft Purview can help with ransomware regulatory compliance

Microsoft's renamed compliance portal provides guidance and rule-setting capability to help comply with ransomware and other security and privacy requirements.

Susan Bradley

Defending quantum-based data with quantum-level security: a UK trial looks to the future

Telecommunications giant BT is testing secure quantum data transmission over a network in what could be a glimpse into the shape of things to come for cybersecurity in a quantum computing world

Linda Rosencrance

APT actor ToddyCat hits government and military targets in Europe and Asia

The previously undocumented APT group has been targeting high-profile organizations in Asia and Europe for over a year.

Lucian Constantin

From Our Advertisers

cso online

Dark web markets are hungry for Australian identity data

Sigma rules explained: When and how to use them to log events

Vulnerability management mistakes CISOs still make

Mitek launches MiVIP platform to fight identity theft

The Mitek Verified Identity Platform can leverage multiple authentication technologies to provide security across the transaction lifecycle.

Italian spyware firm is hacking into iOS and Android devices, Google says

RCS Lab spyware uses known exploits to install harmful payloads and steal private user data, according to a Google report.

5 social engineering assumptions that are wrong

Cybercriminals continue to launch creative social engineering attacks to trick users. Meanwhile, social engineering misconceptions are exacerbating the risks of falling victim.

Security startups to watch for 2022

Security startups are often innovation leaders. These are some of the most interesting ones to watch as they tackle issues around cloud security, asset management and more.

CSO Australia roundtable: No more weekend war rooms - Shift from reactive to proactive security

Kaseya closes $6.2 billion Datto deal, vows to cut prices

The IT services software provider promises lower costs for consumers, tight integration between the two companies’ products.

Cisco reports vulnerabilities in products including email and web manager

New vulnerabilities found in Cisco internal testing allow remote access and scripting that could lead to the loss of sensitive user data.

Palo Alto adds out-of-band web application security features to Prisma Cloud

Vendor says new updates will help organizations better monitor and secure web applications without impacting performance.

MITRE's Inside-R Protect goes deep into the behavior side of insider threats

The new Inside-R program looks to collect historical insider threat data to more deeply analyze behaviors that signal risk.

Dozens of insecure-by-design flaws found in OT products

The OT:ICEFALL report shows that makers of operational technology manufacturers have to improve the security of their devices.

Microsoft includes IoT devices under its Secured-core program

The Edge Secured-core, program is designed to validate IoT devices for specific security hardware technology, and ensure users that they are running an OS with built-in security technology.

How the Secure Software Factory Reference Architecture protects the software supply chain

This breakdown of the Cloud Native Computing Foundation's secure software factory guidance focuses on software provenance and build activities.

How Microsoft Purview can help with ransomware regulatory compliance

Microsoft's renamed compliance portal provides guidance and rule-setting capability to help comply with ransomware and other security and privacy requirements.

Defending quantum-based data with quantum-level security: a UK trial looks to the future

Telecommunications giant BT is testing secure quantum data transmission over a network in what could be a glimpse into the shape of things to come for cybersecurity in a quantum computing world

APT actor ToddyCat hits government and military targets in Europe and Asia

The previously undocumented APT group has been targeting high-profile organizations in Asia and Europe for over a year.