Advertisement
- Don't Miss:
- CSO50 2022 Award Winners
- CSO Hall of Fame honorees
Screen recording Android app found to be spying on users
iRecorder was a legitimate app made available on Google Play Store in September 2021. A remote access trojan AhRat was most likely added to it a year later.
Upskilling the non-technical: finding cyber certification and training for internal hires
A shortage of cybersecurity talent in the market? The solution could be close to home — upskilling and re-skilling non-technical employees. Here are some programs to help make them job-ready.
Hackers hold city of Augusta hostage in a ransomware attack
The ransomware group has released 10GB of sample data from the cyberattack on the US city of Augusta and claimed they have a lot more data available.
Advertisement
New phishing technique poses as a browser-based file archiver
The new technique has a hacker simulate an archiving software in the web browser to trick the victim as he tries to access a .zip domain.
Insider risk management: Where your program resides shapes its focus
Choosing which department should be responsible for protecting an organization from threats from within isn’t always straightforward.
Researchers find new ICS malware toolkit designed to cause electric power outages
Mandiant recommends threat-hunting steps to detect COSMICENERGY despite no confirmed attacks in the wild.
New CISO appointments, February 2023
Keep up with news of CSO, CISO, and other senior security executive appointments.
How to check for new exploits in real time? VulnCheck has an answer
VulnCheck’s new database tracks exploits for fresh vulnerabilities in real time and allows for search using CVE IDs.
Inactive accounts pose significant account takeover security risks
Inactive accounts that haven’t been accessed for extended periods are more likely to be compromised due to password reuse and lack of multifactor authentication.
Microsoft links attacks on American critical infrastructure systems to China
The Chinese nation-state actor has been actively conducting espionage and information-gathering attacks on American systems since mid-2021.
Advertisement
Attributes of a mature cyber-threat intelligence program
Mature cyber-threat intelligence programs follow a lifecycle and provide tactical, operational, and strategic value. Many enterprise organizations aren't even close.
6 ways generative AI chatbots and LLMs can enhance cybersecurity
Generative AI chatbots and large language models can be a double-edged swords from a risk perspective, but with proper use they can also improve cybersecurity in key ways
SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups
Research shows a shift toward advanced persistent threat actors compromising smaller organization, in part to enable other attacks.
New hyperactive phishing campaign uses SuperMailer templates: Report
Network security firm Cofense was able to identify a code trace in phishing emails that revealed SuperMailer abuse in the attacks.
US sanctions four North Korean entities for global cyberattacks
North Korean hackers stole more virtual currency in 2022 than in any previous year, with estimates ranging from $630 million to over $1 billion — reportedly doubling Pyongyang’s total cybertheft proceeds in 2021.
From Our Advertisers
-
![intel sponsored campaign]()
Featured Sponsor IntelCompetitive Advantage with a Modern Data Center that Delivers Boundless Agility -
Sponsored by Microsoft SecurityNew report reveals tips for building a skilled cybersecurity workforce
-
![istock 935964300]()
Sponsored by FortinetThe state of operational technology and cybersecurity -
![istock 1430330223]()
Sponsored by TXOneAdding the operation focus to OT security
