Advertisement
- Don't Miss:
- CSO50 2022 Award Winners
- CSO Hall of Fame honorees
Russia points finger at US for iPhone exploit campaign that also hit Kaspersky Lab
The Operation Triangulation surveillance campaign infects Apple iPhones without the need for user action and is difficult to detect.
Attackers use Python compiled bytecode to evade detection
Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software.
MOVEit Transfer vulnerability appears to be exploited widely
A SQL injection vulnerability has been found in the MOVEit Transfer web application, allowing an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.
Advertisement
Top cybersecurity M&A deals for 2023
Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A...
Security Recruiter Directory
To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.
ISACA pledges to help grow cybersecurity workforce in Europe
ISACA will provide 20,000 free memberships to students across Europe and support the identification of qualified cybersecurity candidates for organizations.
BigID wants to let you tweak your data classifications manually
Sailing the seas of enterprise data may get easier, with BigID’s latest release. The company hopes to make discovery simpler by letting individual users tune its automated discovery engine to their own needs.
What is the Cybercrime Atlas? How it can help disrupt cybercrime
The Cybercrime Atlas aims to map the cybercriminal ecosystem worldwide and allow global law enforcement agencies to access that information when fighting cybercrime.
Gigabyte firmware component can be abused as a backdoor
Attackers can abuse the UEFI firmware to inject executable malware code into the Windows kernel, compromising systems.
Inactive, unmaintained Salesforce sites vulnerable to threat actors
Research highlights the risks posed by inactive Salesforce sites that continue to pull sensitive business data and can be easily exploited by malicious actors.
Advertisement
Trellix, Netskope announce new Amazon Security Lake support to enhance threat detection, remediation
Trellix expands XDR support for Amazon Security Lake while Netskope integrates its SSE platform with AWS’ centralized security data service.
Barracuda patches zero-day vulnerability exploited since October
The vulnerability stemmed from incomplete input validation of user-supplied .tar files.
What is federated Identity? How it works and its importance to enterprise security
Federated identity can be hugely beneficial for creating a solid user experience and better security, but it can be more costly and complex to implement.
Phishing remained the top identity abuser in 2022: IDSA report
The survey revealed phishing as the most common identity-related incident in 2022, with “emails” as the most popular type.
AI-automated malware campaigns coming soon, says Mikko Hyppönen
The industry pioneer also expects cybersecurity to remain a growth business for years and sees Russian hacktivists as demoralizing European infosec teams.
From Our Advertisers
-
![intel sponsored campaign]()
Featured Sponsor IntelCompetitive Advantage with a Modern Data Center that Delivers Boundless Agility -
![istock 875541992]()
Sponsored by Microsoft SecurityCybercriminals are abusing security tools—here’s how we’re stopping them -
![bussiness risk is critical 1200x800 photo1 1]()
Sponsored by CiscoBusiness risk is a critical component of cloud-native application protection -
![istock 935964300]()
Sponsored by FortinetThe state of operational technology and cybersecurity
