J.M. Porup
Senior Writer
J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.
What is a side channel attack? How these end-runs around encryption put everyone at risk
Side channel attacks on cryptography break confidentiality by exploiting information produced by the encryption — such as van Eck phreaking in a TEMPEST attack, courtesy the van across the street.
How and why deepfake videos work — and what is at risk
Once the bailiwick of Hollywood special effects studios with multi-million-dollar budgets, now anyone can download deepfake software and use machine learning to make believable fake videos. This makes a lot of people nervous.
Inside the 2014 hack of a Saudi embassy
According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.
9 top hacker movies and TV shows of all time
Movies and TV shows have long influenced how lawmakers and society think about information security. We all have our personal favorite we're obsessed with. What's yours?
What is Metasploit? And how to use this popular hacking tool
Metasploit is a widely used penetration testing tool that makes hacking way easier than it used to be. It has become an indispensable tool for both red team and blue team.
SoftNAS Cloud 0day found: Upgrade ASAP
SoftNAS Cloud users should upgrade immediately following a report by Digital Defense that the virtual cloud appliance is vulnerable to a session management security issue.
City of Raleigh implements ICS monitoring tool for water treatment plants
Securing operational technology systems is a different game than IT, but the City of Raleigh has deployed a CSO50 award-winning network monitoring solution that gives them greater visibility into its PLCs.
Preserving the privacy of large data sets: Lessons learned from the Australian census
Preserving the privacy of large data sets is hard, as the Australian Bureau of Statistics found out. These are the big takeaways for the upcoming U.S. census and others dealing with large amounts of personal data.
What is Mimikatz? And how to defend against this password stealing tool
Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.
Better, badder, bigger SIEM coming your way, folks, courtesy of Google
Google/Alphabet's Chronicle cybersecurity moonshot has a doozy of a mega-gargantuan SIEM with huge pluses--and minuses. Take note.
