J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

How New York City plans to become a cybersecurity hub

What is a side channel attack? How these end-runs around encryption put everyone at risk

What is a side channel attack? How these end-runs around encryption put everyone at risk

Side channel attacks on cryptography break confidentiality by exploiting information produced by the encryption — such as van Eck phreaking in a TEMPEST attack, courtesy the van across the street.

How and why deepfake videos work — and what is at risk

How and why deepfake videos work — and what is at risk

Once the bailiwick of Hollywood special effects studios with multi-million-dollar budgets, now anyone can download deepfake software and use machine learning to make believable fake videos. This makes a lot of people nervous.

Inside the 2014 hack of a Saudi embassy

Inside the 2014 hack of a Saudi embassy

According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.

9 top hacker movies and TV shows of all time

9 top hacker movies and TV shows of all time

Movies and TV shows have long influenced how lawmakers and society think about information security. We all have our personal favorite we're obsessed with. What's yours?

What is Metasploit? And how to use this popular hacking tool

What is Metasploit? And how to use this popular hacking tool

Metasploit is a widely used penetration testing tool that makes hacking way easier than it used to be. It has become an indispensable tool for both red team and blue team.

SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS Cloud users should upgrade immediately following a report by Digital Defense that the virtual cloud appliance is vulnerable to a session management security issue.

City of Raleigh implements ICS monitoring tool for water treatment plants

City of Raleigh implements ICS monitoring tool for water treatment plants

Securing operational technology systems is a different game than IT, but the City of Raleigh has deployed a CSO50 award-winning network monitoring solution that gives them greater visibility into its PLCs.

Preserving the privacy of large data sets: Lessons learned from the Australian census

Preserving the privacy of large data sets: Lessons learned from the Australian census

Preserving the privacy of large data sets is hard, as the Australian Bureau of Statistics found out. These are the big takeaways for the upcoming U.S. census and others dealing with large amounts of personal data.

What is Mimikatz? And how to defend against this password stealing tool

What is Mimikatz? And how to defend against this password stealing tool

Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.

Better, badder, bigger SIEM coming your way, folks, courtesy of Google

Better, badder, bigger SIEM coming your way, folks, courtesy of Google

Google/Alphabet's Chronicle cybersecurity moonshot has a doozy of a mega-gargantuan SIEM with huge pluses--and minuses. Take note.

Bruce Schneier takes his pitch for public-interest security to RSA Conference

Bruce Schneier takes his pitch for public-interest security to RSA Conference

Bruce Schneier's new all-day track at the RSA Conference explores idea that security pros, like lawyers, should be expected to engage in a certain amount of pro bono work.

Load More