Advertisement
- Don't Miss:
- CSO50 2022 Award Winners
- CSO Hall of Fame honorees
Inactive, unmaintained Salesforce sites vulnerable to threat actors
Research highlights the risks posed by inactive Salesforce sites that continue to pull sensitive business data and can be easily exploited by malicious actors.
Trellix, Netskope announce new Amazon Security Lake support to enhance threat detection, remediation
Trellix expands XDR support for Amazon Security Lake while Netskope integrates its SSE platform with AWS’ centralized security data service.
Barracuda patches zero-day vulnerability exploited since October
The vulnerability stemmed from incomplete input validation of user-supplied .tar files as it pertains to the names of the files contained within the archive.
Advertisement
What is federated Identity? How it works and its importance to enterprise security
Federated identity can be hugely beneficial for creating a solid user experience and better security, but it can be more costly and complex to implement.
Phishing remained the top identity abuser in 2022: IDSA report
The survey revealed phishing as the most common identity-related incident in 2022, with “emails” as the most popular type.
AI-automated malware campaigns coming soon, says Mikko Hyppönen
The industry pioneer also expects cybersecurity to remain a growth business for years and sees Russian hacktivists as demoralizing European infosec teams.
Frontegg launches entitlements engine to streamline access authorization
Frontegg’s new entitlement engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls.
Screen recording Android app found to be spying on users
iRecorder was a legitimate app made available on Google Play Store in September 2021. A remote access trojan AhRat was most likely added to it a year later.
Upskilling the non-technical: finding cyber certification and training for internal hires
A shortage of cybersecurity talent in the market? The solution could be close to home — upskilling and re-skilling non-technical employees. Here are some programs to help make them job-ready.
Hackers hold city of Augusta hostage in a ransomware attack
The ransomware group has released 10GB of sample data from the cyberattack on the US city of Augusta and claimed they have a lot more data available.
Advertisement
New phishing technique poses as a browser-based file archiver
The new technique has a hacker simulate an archiving app in the web browser to trick victims as they try to access a .zip domain.
Insider risk management: Where your program resides shapes its focus
Choosing which department should be responsible for protecting an organization from threats from within isn’t always straightforward.
Researchers find new ICS malware toolkit designed to cause electric power outages
Mandiant recommends threat-hunting steps to detect COSMICENERGY despite no confirmed attacks in the wild.
New CISO appointments, February 2023
Keep up with news of CSO, CISO, and other senior security executive appointments.
How to check for new exploits in real time? VulnCheck has an answer
VulnCheck’s new database tracks exploits for fresh vulnerabilities in real time and allows for search using CVE IDs.
From Our Advertisers
-
![intel sponsored campaign]()
Featured Sponsor IntelCompetitive Advantage with a Modern Data Center that Delivers Boundless Agility -
![istock 1487429657]()
Sponsored by Microsoft SecurityStrategies for improving your hybrid and multicloud management -
![istock 935964300]()
Sponsored by FortinetThe state of operational technology and cybersecurity -
![istock 1430330223]()
Sponsored by TXOneAdding the operation focus to OT security
