Maria Korolov

Contributing Writer

Maria Korolov has been covering emerging technology and emerging markets for the past twenty years. She has reported from Russia, India, and Afghanistan, and recently returned to the United States after running a news bureau in China for five years

Best antivirus software: 13 top tools

Best antivirus software: 13 top tools

These top-ranking Windows 10 client antivirus products were tested on three primary criteria: protection, performance and usability.

8 PCI DSS questions every CISO should be able to answer

8 PCI DSS questions every CISO should be able to answer

PCI DSS is a standard backed by all the major credit cards and payment processors that is designed to protect credit card numbers. It specifies a set of cybersecurity controls and business practices and requires either...

Complying with CCPA: Answers to common questions

Complying with CCPA: Answers to common questions

Enforcement of the California Consumer Privacy Act begins this summer, but lawsuits are already being filed. To help you comply and avoid being sued, CSO contributor Maria Korolov joins IDG TECH(talk) host Juliet Beauchamp to discuss...

9 CCPA questions every CISO should be prepared to answer

9 CCPA questions every CISO should be prepared to answer

Executive management anxiety over the California Consumer Privacy Act will rise as the enforcement deadline looms. Security managers will need to know the answers to these questions.

What you need to know about the new OWASP API Security Top 10 list

What you need to know about the new OWASP API Security Top 10 list

APIs now account for 40% of the attack surface for all web-enabled apps. OWASP has identified 10 areas where enterprises can lower that risk.

Directory traversal explained: Definition, examples and prevention

Directory traversal explained: Definition, examples and prevention

In a path traversal attack, also known as directory traversal, an attacker enters information in a web form, URL address line, or another input method that gives them access to a file or directory that they shouldn't have access to....

Business email compromise attacks cost millions, losses doubling each year

Business email compromise attacks cost millions, losses doubling each year

Cybercriminals follow the money, and you need look no further than Toyota Boshoku's recent $37 million loss to see why many are turning to BEC scams.

Rich PII enables sophisticated impersonation attacks

Rich PII enables sophisticated impersonation attacks

Hackers are now using rich personally identifying information, including device types and browser versions, cookies and web histories, and even voice recordings to gain account access or commit fraud.

6 ways cybercriminals use commercial infrastructure

6 ways cybercriminals use commercial infrastructure

Whether through fraud or legitimate purchase, cybercriminals increasingly depend on mainstream services to support their activities.

6 lessons from Venmo’s lax approach to API security

6 lessons from Venmo’s lax approach to API security

Cyber criminals are targeting application programming interfaces to steal sensitive data. Recent exposures and hacks at companies like Venmo, Facebook and Google present lessons to improve API security.

How to close SIEM visibility gaps created by legacy apps

How to close SIEM visibility gaps created by legacy apps

It's often difficult to make log files and other data from legacy applications accessible to security information and event management systems. Here are some options for improving visibility.

What is a botnet? When armies of infected IoT devices attack

What is a botnet? When armies of infected IoT devices attack

A botnet is a collection of internet-connected devices that an attacker has compromised. Commonly used in distributed denial of service (DDoS) attacks, botnets can also take advantage of their collective computing power to send large...

4 security concerns for low-code and no-code development

4 security concerns for low-code and no-code development

Low code does not mean low risk. By allowing more people in an enterprise to develop applications, low-code development creates new vulnerabilities and can hide problems from security.

6 ways malware can bypass endpoint protection

6 ways malware can bypass endpoint protection

Breaches from attacks that defeat or run around endpoint protection measures are on the rise. Here's how attackers do it.

How First Citrus Bank got rid of employee passwords

How First Citrus Bank got rid of employee passwords

The Florida bank rolled out passwordless authentication in February that relies on device biometrics of their smartphones.

What is GPS spoofing? And how you can defend against it

What is GPS spoofing? And how you can defend against it

The U.S. Global Positioning System, part of a network of global navigation satellite systems (GNSS), is vulnerable to attacks that could disrupt many industries. Here's how it works and what you can do to mitigate its risk.

Google expands cloud security capabilities, including simpler configuration

Google expands cloud security capabilities, including simpler configuration

New tools and services will help make it easier for enterprises to manage security with Google products as well as with Amazon and in their own private clouds and applications.

What is AI fuzzing? And why it may be the next big cybersecurity threat

What is AI fuzzing? And why it may be the next big cybersecurity threat

Pairing artificial intelligence or machine learning with traditional fuzzing techniques creates a powerful tool to find application or system vulnerabilities — for both researchers and cyber criminals.

What is quantum cryptography? It’s no silver bullet, but could improve security

What is quantum cryptography? It’s no silver bullet, but could improve security

In the arms race between white and black hats, the infosec industry looks to quantum cryptography and quantum key distribution (QKD). That may be just part of the answer, however.

What is biometrics? 10 physical and behavioral identifiers that can be used for authentication

What is biometrics? 10 physical and behavioral identifiers that can be used for authentication

Biometrics are physical or behavioral human characteristics to that can be used to digitally identify a person to grant access to systems, devices or data. It has the potential to make authentication dramatically faster, easier and...

Load More